[Cryptography Team] Re: isProperlyPadded

Ron Teitelbaum Ron at USMedRec.com
Fri Jul 7 16:58:21 UTC 2006 

Chris,

I guess that makes sense if blocks were always padded.  Here is the code
that I'm trying to run.  

Rijndael new key: (ByteArray new: 16); decrypt: (ByteArray new: 16).

This is an official test of AES CBC called the monteCarlo test.  I'm trying
to add the official tests to AES to see if it's working properly.  (It
doesn't appear to be correct on first glance but I'm still investigating
it).

The problem here is that the decrypted value is not padded but is hitting
the code:

BlockCipher >> decrypt: aByteArray
	"Answer a copy of aByteArray which is decrypted with my key."
	| decryptedBlock |
	decryptedBlock _ 
		self 
			decrypt: aByteArray copy
			from: 1
			to: aByteArray size.
	^ self isStreamCipher 
		ifTrue: [ decryptedBlock ]
		ifFalse: 
			[ decryptedBlock
				copyFrom: 1 
				to: decryptedBlock unpaddedSize ]

Are AES blocks supposed to be padded and this one is not?  Maybe it's
missing your new padding code, I'll look into that.

Thanks,
Ron Teitelbaum


> From: Chris Muller
> Sent: Friday, July 07, 2006 11:16 AM
> 
> > Since isProperlyPadded assumes that that was some padding the error
> > seems
> > unnecessary.
> > ...
> > To make it more clear if a byte array is not padded then the
> > unpaddedSize is
> > self size.
> 
> Hi Ron, I believe the check in #unpaddedSize is proper, let me explain.
> 
> Any application must know if it is dealing with a block or stream
> cipher, therefore it knows if padding is necessary.  I think you agree
> with this because you said:
> 
>   > Since isProperlyPadded assumes that that was some padding..
> 
> In other words, isProperlyPadded knows nothing about whether a
> ByteArray *is* padded, you only call it if you KNOW it's supposed to be
> padded and then it will tell you if it is padded properly.
> 
> If padding is not necessary (stream cipher), the program should not be
> asking for the #unpaddedSize at all.
> 
> If padding is necessary then Nils and Bruce say any improper padding
> should be treated as an authentication error.  If the program asks for
> the #unpaddedSize for a message that was not properly padded, simply
> returning "self size" would be erroneous and the program would then be
> making improper assumptions about the message.
> 
> Regards,
>   Chris
> 
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20060707/d6cc4abc/attachment.htm

More information about the Cryptography mailing list