Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cbc padding breaks our code #6

Closed
GoogleCodeExporter opened this issue Dec 22, 2015 · 6 comments
Closed

cbc padding breaks our code #6

GoogleCodeExporter opened this issue Dec 22, 2015 · 6 comments
Labels
auto-migrated Priority-Medium Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

We are trying to decrypt existing AES crypto that uses the CBC mode. The 
problem is that the upper layers always make sure that the plain text is of 
correct length, and thus no padding mechanism is needed from the encryption 
library. crypto-js however, assumes in CBC mode that the data has been padded 
in a specific way.

We are trying to write a library that is compatible with a piece of existing 
software, so we cannot change that software to add a crypto-js compatible 
padding. Also the other way around, while encrypting the data, the padding 
added by crypto-js CBC code might break the original application while it tries 
to decrypt items created by crypto-js.

We were able to work around this by making our own copy of the cbc mode and 
commenting out the padding related code. However we are hoping the library 
would gain an option for disabling the padding.

Original issue reported on code.google.com by toni.ruo...@gmail.com on 18 Jun 2010 at 9:06
@GoogleCodeExporter
Copy link
Author 

Whether padding is needed or not depends on which mode is used, and how much 
padding is needed depends on which cipher is used. It seems to me that the most 
appropriate place to handle message padding is within the encryption library.

That being said, I can move the code that adds and removes padding into 
addPadding and removePadding methods. That would give you the option to extend 
the CBC object and override the behavior of those methods.

In the mean time, I think you settled on the best option --  to create a new 
mode object that is compatible with your application.

Original comment by Jeff.Mott.OR on 18 Jun 2010 at 5:03

  • Added labels: Type-Enhancement
  • Removed labels: Type-Defect

@GoogleCodeExporter
Copy link
Author

Original comment by Jeff.Mott.OR on 18 Jun 2010 at 5:04

  • Changed state: Accepted

@GoogleCodeExporter
Copy link
Author 

Could we get a fix for this soon? We are trying to make our library available 
under CC0 (~ public domain), and explaining that the modified CBC mode is 
available under different terms is a bit boring. Never the less, rewriting the 
whole mode from scratch is boring as well.

Original comment by toni.ruo...@gmail.com on 16 Sep 2010 at 9:17

@GoogleCodeExporter
Copy link
Author 

Hi, Toni. I am truly very sorry that this issue is still outstanding. Lately, 
my 9-to-5 has kept me busier than usual, and I can only promise that I'll get 
to it as soon as I can.

Original comment by Jeff.Mott.OR on 18 Sep 2010 at 9:13

@GoogleCodeExporter
Copy link
Author 

I figure the problem here is designing a good way to support padding "plugins" 
in the block modes. For now, could you just add a separate cbc-nopad mode to 
crypto-js?

Original comment by toni.ruo...@gmail.com on 28 Mar 2011 at 7:59

@GoogleCodeExporter
Copy link
Author 

r327

Original comment by Jeff.Mott.OR on 13 Apr 2011 at 11:53

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter