Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES with stronger (non-default) key size 256 generates a wrong sized byte initialization vector #43

Closed
GoogleCodeExporter opened this issue Mar 7, 2015 · 2 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 7, 2015

This is the same issue than the one observed with Java
(http://code.google.com/p/keyczar/issues/detail?id=30&colspec=ID Type
Status Priority Milestone Owner Implementation Summary) but for Python this
time.

Pycrypto only accepts AES IV of 16 bytes (when self.block_size is 24 or 32
bytes it fails)


Metada and key are created this way:

python keyczart.py create --location=/home/ookoi/kz --purpose=crypt
python keyczart.py addkey --location=/home/ookoi/kz --status=primary --size=256

Test code:
import keyczar

input = "ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt"
crypter = keyczar.Crypter.Read("/home/ookoi/kz")
ciphertext = crypter.Encrypt(input)
plaintext = crypter.Decrypt(ciphertext)
assert(input == plaintext)

Which gives:
Traceback (most recent call last):
  File "test.py", line 5, in <module>
    ciphertext = crypter.Encrypt(input)
  File
"/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/keyczar.py", line
314, in Encrypt
    return util.Encode(encrypting_key.Encrypt(data))
  File "/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/keys.py",
line 256, in Encrypt
    ciph_bytes = AES.new(self.key_bytes, AES.MODE_CBC, iv_bytes).encrypt(data)
ValueError: IV must be 16 bytes long

Original issue reported on code.google.com by sebastien.martini on 12 Jan 2009 at 1:52

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 7, 2015

Same fix. You were setting the block size equal to the length of the key, which 
could
be 16, 24, or 32 bytes. AES' block size is always 16. Patch attached.

Original comment by reikonmu...@gmail.com on 4 Jun 2009 at 11:05

Attachments:

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 7, 2015

Fixed in rev. 417

Original comment by sebastien.martini on 4 Jun 2009 at 12:04

  • Changed state: Fixed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.