search

rweather / arduinolibs

Arduino Cryptography Library
444 stars 212 forks source link

Adding Padding using Crypto library #26

Closed fralomb closed 7 years ago

fralomb commented 7 years ago

Looking through the Crypto Library i wasn't able to found an implementation of the different types of standard paddings to be added in the case the data size to be cipher/decipher is not a multiple of the base block. Why this feature is not present?

prochat commented 7 years ago

Because it’s already made … you can change the #define if you want to do it by yourself

… or I’m not sure I get your point.

Ph.R.

Le 26 nov. 2017 à 12:57, Francesco notifications@github.com a écrit :

Looking through the Crypto Library i wasn't able to found an implementation of the different types of standard paddings to be added in the case the data size to be cipher/decipher is not a multiple of the base block. Why this feature is not present?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rweather/arduinolibs/issues/26, or mute the thread https://github.com/notifications/unsubscribe-auth/AADyPdnisJBP5qsfhiiLnU_MUxES_eTnks5s6VIvgaJpZM4Qqv4_.

fralomb commented 7 years ago

@prochat probably i did not explain my doubt very well.. i cannot find a mechanism in the library which add a specified padding to a block of data that isn't a multiple of the block size of a specified algorithm. Is there a way in the library to accomplish this or i have to specify this by myself? In the first case, can explain me how i can do it? Thanks.

rweather commented 7 years ago

Hi there. The hash algorithms have in-built padding support compatible with their respective standards. Nothing special needs to be done for them.

I assume that you are referring to padding for block ciphers in CBC mode. There is no explicit support for padding in the Crypto library because there are many different padding schemes - pad with zeroes, pad with a byte set to N if there are N padding bytes, pad with a 1 bit followed by a zero bit and finally a 1 bit. Which one?

Also, dealing with the last block in CBC mode is a pain in the neck for both encryption and decryption, as an extra block needs to be added if the plaintext was block-aligned to begin with. So it was easier to say "the application pads the data itself and then passes the block-aligned data into the CBC mode".

In any case, CBC mode is not recommended for new designs as it is difficult to make the padding have constant-time behaviour. It is better to use CTR mode which doesn't require padding. Or better yet, EAX mode for encryption and authentication (AEAD).

If you do still want to use CBC mode, then you'll have to pad the block yourself before passing it to the library for encryption, and remove the padding yourself after decryption.