CFB mode padding error #6
Comments
|
From Wikipedia, "CFB, OFB and CTR modes do not require any special measures to handle messages whose lengths are not multiples of the block size, since the modes work by XORing the plaintext with the output of the block cipher. The last partial block of plaintext is XORed with the first few bytes of the last keystream block, producing a final ciphertext block that is the same size as the final partial plaintext block. This characteristic of stream ciphers makes them suitable for applications that require the encrypted ciphertext data to be the same size as the original plaintext data, and for applications that transmit data in streaming form where it is inconvenient to add padding bytes." |
|
Hi @sbheinric - Spongy Castle is a repackage of the Bouncy Castle libraries intended specifically for Android, which ships with a crippled version of Bouncy Castle. This means it's best if you submit this issue to the upstream project, using the dev-crypto mailing list: http://www.bouncycastle.org/mailing_lists.html Once the issue's been resolved, I can release an updated version of Spongy Castle based on the fixed version of Bouncy Castle. |
In CFBBlockCipher.class, there is:
public int decryptBlock(
byte[] in,
int inOff,
byte[] out,
int outOff)
throws DataLengthException, IllegalStateException
{
if ((inOff + blockSize) > in.length)
{
throw new DataLengthException("input buffer too short");
}...
As a result, if you attempt to decrypt some data that is smaller than the block size, then you will get this exception. This implies that some padding must be used.
However, CFB mode is NOT supposed to use padding. This is crucial to interoperability. For example, in my case, the encryption is done with Crypto++,
http://www.cryptopp.com/wiki/CFB_Mode
Where it is plainly stated that: "CFB mode must not use padding. Specifying a scheme will result in an exception."
The text was updated successfully, but these errors were encountered: