houlin / crypto-js

Automatically exported from code.google.com/p/crypto-js
0 stars 0 forks source link

Unnecessary padding #131

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. prepare a CryptoJS.enc Object with exact 16 Bytes, eg.
var message = CryptoJS.enc.Hex.parse("151b901b61e843cfe3e470b032f61698");
or 
var message = CryptoJS.enc.Utf8.parse("foobarfoobarfoob");

2. Encrypt this message with aes:
var iv  = CryptoJS.enc.Hex.parse('00000000000000000000000000000000');
var key = CryptoJS.enc.Hex.parse('1df3d19c9f90d6b11df3d19c9f90d6b1');
var encrypted = CryptoJS.AES.encrypt(message, key, { iv: iv});

3. Print the encrypted object:
console.log(encrypted.ciphertext);
console.log(encrypted.ciphertext.toString(CryptoJS.enc.Hex));

What is the expected output? What do you see instead?
I expect an 16 Bytes (128 Bits) long encrypted string. For the above example: 
"f9b2b93d5d14b44ba25954fd45a9cbf6" in hex representation.
Instead I get 
"f9b2b93d5d14b44ba25954fd45a9cbf633d86f323e5106c08eb7a02b5e6866a9". 

What version of the product are you using? On what operating system?
Mac OS X, Chrome Version 35.0.1916.114; CryptoJS 3.1.2

Please provide any additional information below.
When using ECB Mode you can see the second block in encrypted data is just a 
zero block. Shorten the message by one character produces the correct encrypted 
data.
This let me assume that there is done unnecessary padding when input data has 
exact the block size.

Original issue reported on code.google.com by johannes...@gmail.com on 27 May 2014 at 10:15

GoogleCodeExporter commented 8 years ago
I found the problem in padding function at calculating the number of bytes to 
add:
var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;

To correct the problem with unnecessary padding when data.sigBytes = 
blockSizeBytes use this instead like in pad-zeropadding.js:
blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);

The attached patch correct this in cipher-core.js. But the same problem exists 
also in pad-ansix923.js and pad-iso10126.js.

Original comment by johannes...@gmail.com on 27 May 2014 at 11:15

Attachments:

GoogleCodeExporter commented 8 years ago
Most padding schemes -- including PKCS7, ANSI.X, and ISO -- require that at 
least one bit or byte be added, always. 
(http://en.wikipedia.org/wiki/Padding_(cryptography)#Byte_padding) This is so 
that the message can later be un-padded correctly. Otherwise, it wouldn't 
always be possible to distinguish between the padding and the message.

Original comment by Jeff.Mott.OR on 27 May 2014 at 11:26

GoogleCodeExporter commented 8 years ago
Thank you for the explanation!

Original comment by johannes...@gmail.com on 28 May 2014 at 7:54