`AES-ECB` encryption result length != input

[sify21]

The output result of AES-ECB should have the same length of the input. My test shows the output isn't correctly truncated. I have to truncate the result manually.

let key = Buffer.from(forge.random.getBytesSync(32),'binary');
let input = Buffer.from('sfafaf', 'utf8');
let cipher = forge.cipher.createCipher('AES-ECB', new forge.util.ByteBuffer(key));
cipher.start();
cipher.update(new forge.util.ByteBuffer(input));
cipher.finish();
let output = Buffer.from(cipher.output.getBytes(), 'binary');
let final_output = output.slice(0, input.length);

https://replit.com/@sify21/test

[mattcollier]

I suggest looking at the test suite for this: https://github.com/digitalbazaar/forge/blob/master/tests/unit/aes.js#L118

On Wed, Sep 1, 2021 at 8:52 PM sify21 @.***> wrote:

The output result of AES-ECB should have the same length of the input. My test shows the output isn't correctly truncated. I have to truncate the result manually.

let key = Buffer.from(forge.random.getBytesSync(32),'binary'); let input = Buffer.from('sfafaf', 'utf8'); let cipher = forge.cipher.createCipher('AES-ECB', new forge.util.ByteBuffer(key)); cipher.start(); cipher.update(new forge.util.ByteBuffer(input)); cipher.finish(); let output = Buffer.from(cipher.output.getBytes(), 'binary'); let final_output = output.slice(0, input.length);

@.***/test

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/digitalbazaar/forge/issues/904, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG4HGJBGQTDTME3P4HXI43T73DE5ANCNFSM5DHX4IFA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Matt Collier

[sify21]

I changed to toHex(), the output is still longer

[mattcollier]

Likely that there's some padding: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Padding

On Wed, Sep 1, 2021 at 9:13 PM sify21 @.***> wrote:

I changed to toHex(), the output is still longer

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/digitalbazaar/forge/issues/904#issuecomment-910987689, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG4HGI6M573YXF7V45RESDT73FSFANCNFSM5DHX4IFA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Matt Collier

[sify21]

It seems to me that the Buffer was preallocated with 2^n space, based on the result

[mattcollier]

Did you notice the line in the test suite: cipher.mode.pad = false;

If you reduce your input length to 16 bytes or less and set padding to false, then you get a single encrypted 128 bit (16 byte) block. 17 bytes per your example is going to produce two 128 bit blocks.

@./test-1#index.js @./test#index.js

On Wed, Sep 1, 2021 at 9:40 PM sify21 @.***> wrote:

It seems to me that the Buffer was preallocated with 2^n space

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/digitalbazaar/forge/issues/904#issuecomment-911013148, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG4HGI2LETQNPKXXBJ7VDLT73I2XANCNFSM5DHX4IFA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Matt Collier

[sify21]

setting to false seems to have no effect on result size. setting to true will report an error