3des fixes #377
3des fixes #377
Conversation
There was a problem hiding this comment.
Reviewed 2 of 2 files at r1, 2 of 2 files at r2.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @t184256)
a discussion (no related file):
could you rebase on top of master?
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @t184256)
tlslite/utils/openssl_tripledes.py, line 48 at r2 (raw file):
m2.cipher_ctx_free(context) if ciphertext: self.IV = ciphertext[-self.block_size:]
ok, so actually the issue is because m2crypto defaults to padding of the ciphertext (and with padding, it requires a call to m2.cipher_final(context) to give out the last block of data)
we need to do m2.cipher_set_padding(context, 0) after cipher_init then:
a). IV should get handled automatically by m2crypto
b). we won't need to re-init the context for every new block processed
that also means we will need def __del__ with a call to m2.cipher_ctx_free(context)
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work cortesy of @tomato42: tlsfuzzer#377 (review))
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review))
There was a problem hiding this comment.
Reviewable status: 1 of 3 files reviewed, 2 unresolved discussions (waiting on @tomato42)
a discussion (no related file):
Previously, tomato42 (Hubert Kario) wrote…
could you rebase on top of
master?
Done.
tlslite/utils/openssl_tripledes.py, line 48 at r2 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
ok, so actually the issue is because m2crypto defaults to padding of the ciphertext (and with padding, it requires a call to
m2.cipher_final(context)to give out the last block of data)we need to do
m2.cipher_set_padding(context, 0)aftercipher_initthen:
a). IV should get handled automatically by m2crypto
b). we won't need to re-init the context for every new block processedthat also means we will need
def __del__with a call tom2.cipher_ctx_free(context)
Done, thanks for solving that.
There was a problem hiding this comment.
Given that we are testing every commit in turn, the @settings needs to be added at the same time as we start using hypothesis...
Reviewed 2 of 2 files at r3, 2 of 2 files at r4, 1 of 1 files at r5.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @t184256)
tlslite/utils/openssl_tripledes.py, line 22 at r4 (raw file):
self.decrypt_context = m2.cipher_ctx_new() m2.cipher_init(self.encrypt_context, cipherType, key, IV, 1) m2.cipher_init(self.decrypt_context, cipherType, key, IV, 0)
that feels wasteful though, I wonder if it wouldn't be better to have a self._context that defaults to None and we initialise it on first encrypt or decrypt as necessary...
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review))
There was a problem hiding this comment.
Reviewable status: 1 of 3 files reviewed, 1 unresolved discussion (waiting on @tomato42)
tlslite/utils/openssl_tripledes.py, line 22 at r4 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
that feels wasteful though, I wonder if it wouldn't be better to have a
self._contextthat defaults to None and we initialise it on firstencryptordecryptas necessary...
Done.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review))
There was a problem hiding this comment.
Reviewed 2 of 2 files at r6, 2 of 2 files at r7, 1 of 1 files at r8.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @t184256)
tlslite/utils/openssl_tripledes.py, line 27 at r8 (raw file):
int(encrypt)) m2.cipher_set_padding(self._context, 0) self._encrypt = encrypt
all fields should be initialised in __init__
tlslite/utils/openssl_tripledes.py, line 43 at r8 (raw file):
else: assert not self._encrypt, \ '.decrypt() not allowed after .decrypt()'
typo: '.decrypt() not allowed after .encrypt()'
unit_tests/test_tlslite_utils_tripledes_split.py, line 69 at r7 (raw file):
@unittest.skipIf(not cryptomath.pycryptoLoaded, "requires pycrypto") @_given @settings(deadline=None)
shouldn't this be gated behind sys.version_info too? (just because we don't use pycrypto with py2.6 on Travis doesn't mean it's an unsupported configuration)
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review))
There was a problem hiding this comment.
Reviewable status: 1 of 3 files reviewed, 3 unresolved discussions (waiting on @tomato42)
tlslite/utils/openssl_tripledes.py, line 27 at r8 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
all fields should be initialised in
__init__
OK.
tlslite/utils/openssl_tripledes.py, line 43 at r8 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
typo:
'.decrypt() not allowed after .encrypt()'
Fixed.
unit_tests/test_tlslite_utils_tripledes_split.py, line 69 at r7 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
shouldn't this be gated behind
sys.version_infotoo? (just because we don't use pycrypto with py2.6 on Travis doesn't mean it's an unsupported configuration)
Thanks for spotting that! It was a simple omission, no need to search for hidden motives here =)
There was a problem hiding this comment.
Reviewed 2 of 2 files at r9, 2 of 2 files at r10, 1 of 1 files at r11.
Reviewable status:complete! all files reviewed, all discussions resolved
tomato42
added
bug
Correctly set IV for consecutive 3DES encrypt/decrypt invocations. Test that the results of three invocations yield the same result as a combined single one, cross-check this across three implementations.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review))
Make M2Crypto 3DES follow suit and require separate instances for encryption and decryption.
There was a problem hiding this comment.
Reviewed 2 of 2 files at r12, 2 of 2 files at r13, 1 of 1 files at r14.
Reviewable status:
|
Looks good, thanks! |
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
M2Crypto defaults to padding the ciphertext, and the previous implementation danced around that awkwardly by padding and unpadding ciphertext on decryption and updating the IV manually. `m2.cipher_set_padding(context, 0)` allows to shoulder the IV handling back to where it belongs and to get rid of unnecessary context reinitializations. (Investigative work courtesy of @tomato42: tlsfuzzer#377 (review)). This commit mirrors changes from tlsfuzzer#377, but for AES and adds the same unit test as well.
Two 3DES fixes - one for the Python implementation, one for the M2Crypto one - and a new test.
This change is