crixusshen / crypto-js

Automatically exported from code.google.com/p/crypto-js
1 stars 0 forks source link

cbc padding breaks our code #6

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
We are trying to decrypt existing AES crypto that uses the CBC mode. The 
problem is that the upper layers always make sure that the plain text is of 
correct length, and thus no padding mechanism is needed from the encryption 
library. crypto-js however, assumes in CBC mode that the data has been padded 
in a specific way.

We are trying to write a library that is compatible with a piece of existing 
software, so we cannot change that software to add a crypto-js compatible 
padding. Also the other way around, while encrypting the data, the padding 
added by crypto-js CBC code might break the original application while it tries 
to decrypt items created by crypto-js.

We were able to work around this by making our own copy of the cbc mode and 
commenting out the padding related code. However we are hoping the library 
would gain an option for disabling the padding.

Original issue reported on code.google.com by toni.ruo...@gmail.com on 18 Jun 2010 at 9:06

GoogleCodeExporter commented 8 years ago
Whether padding is needed or not depends on which mode is used, and how much 
padding is needed depends on which cipher is used. It seems to me that the most 
appropriate place to handle message padding is within the encryption library.

That being said, I can move the code that adds and removes padding into 
addPadding and removePadding methods. That would give you the option to extend 
the CBC object and override the behavior of those methods.

In the mean time, I think you settled on the best option --  to create a new 
mode object that is compatible with your application.

Original comment by Jeff.Mott.OR on 18 Jun 2010 at 5:03

GoogleCodeExporter commented 8 years ago

Original comment by Jeff.Mott.OR on 18 Jun 2010 at 5:04

GoogleCodeExporter commented 8 years ago
Could we get a fix for this soon? We are trying to make our library available 
under CC0 (~ public domain), and explaining that the modified CBC mode is 
available under different terms is a bit boring. Never the less, rewriting the 
whole mode from scratch is boring as well.

Original comment by toni.ruo...@gmail.com on 16 Sep 2010 at 9:17

GoogleCodeExporter commented 8 years ago
Hi, Toni. I am truly very sorry that this issue is still outstanding. Lately, 
my 9-to-5 has kept me busier than usual, and I can only promise that I'll get 
to it as soon as I can.

Original comment by Jeff.Mott.OR on 18 Sep 2010 at 9:13

GoogleCodeExporter commented 8 years ago
I figure the problem here is designing a good way to support padding "plugins" 
in the block modes. For now, could you just add a separate cbc-nopad mode to 
crypto-js?

Original comment by toni.ruo...@gmail.com on 28 Mar 2011 at 7:59

GoogleCodeExporter commented 8 years ago
r327

Original comment by Jeff.Mott.OR on 13 Apr 2011 at 11:53