[Cryptography Team] Re: isProperlyPadded

Chris Muller chris at funkyobjects.org
Fri Jul 7 18:50:57 UTC 2006 

Hi Ron, padding is required for any of the block ciphers when using the
convenience method #encrypt: aByteArray.  This method encrypts an
arbitrary-sized ByteArray and, as you can see, does a #padToMultipleOf:
its blockSize.  Therefore, #encrypt: and #decrypt: are compatible
convenience methods for working with arbitrary-sized ByteArray's.  If
you want to only work with one block you need to use #encryptBlock: and
#decryptBlock:.

You mentioned CBC, to create AES (Rijndael) in CBC mode, you can do:

  CBC on: (Rijndael new: your256bitKey)

I'm not sure we have a plain Rijndael test; because its always
recommended to use one of the modes (BlockCipherMode).

Recall that the key-size for Rijndael has been increased to 256 bits,
so you need to pass in a 32-byte key, no longer a 16-byte key.  I will
be sure double-check that I've posted that change this weekend and post
it if I haven't.

This is complicated stuff, thanks for reviewing and the great
questions!

Regards,
  Chris


--- Ron Teitelbaum <Ron at USMedRec.com> wrote:

> Chris,
> 
> I guess that makes sense if blocks were always padded.  Here is the
> code
> that I'm trying to run.
> 
> Rijndael new key: (ByteArray new: 16); decrypt: (ByteArray new: 16).
> 
> This is an official test of AES CBC called the monteCarlo test.  I'm
> trying
> to add the official tests to AES to see if it's working properly. 
> (It
> doesn't appear to be correct on first glance but I'm still
> investigating
> it).
> 
> The problem here is that the decrypted value is not padded but is
> hitting
> the code:
> 
> BlockCipher >> decrypt: aByteArray
> 	"Answer a copy of aByteArray which is decrypted with my key."
> 	| decryptedBlock |
> 	decryptedBlock _
> 		self
> 			decrypt: aByteArray copy
> 			from: 1
> 			to: aByteArray size.
> 	^ self isStreamCipher
> 		ifTrue: [ decryptedBlock ]
> 		ifFalse:
> 			[ decryptedBlock
> 				copyFrom: 1
> 				to: decryptedBlock unpaddedSize ]
> 
> Are AES blocks supposed to be padded and this one is not?  Maybe it's
> missing your new padding code, I'll look into that.
> 
> Thanks,
> Ron Teitelbaum
> 
> 
> > From: Chris Muller
> > Sent: Friday, July 07, 2006 11:16 AM
> >
> > > Since isProperlyPadded assumes that that was some padding the
> error
> > > seems
> > > unnecessary.
> > > ...
> > > To make it more clear if a byte array is not padded then the
> > > unpaddedSize is
> > > self size.
> >
> > Hi Ron, I believe the check in #unpaddedSize is proper, let me
> explain.
> >
> > Any application must know if it is dealing with a block or stream
> > cipher, therefore it knows if padding is necessary.  I think you
> agree
> > with this because you said:
> >
> >   > Since isProperlyPadded assumes that that was some padding..
> >
> > In other words, isProperlyPadded knows nothing about whether a
> > ByteArray *is* padded, you only call it if you KNOW it's supposed
> to be
> > padded and then it will tell you if it is padded properly.
> >
> > If padding is not necessary (stream cipher), the program should not
> be
> > asking for the #unpaddedSize at all.
> >
> > If padding is necessary then Nils and Bruce say any improper
> padding
> > should be treated as an authentication error.  If the program asks
> for
> > the #unpaddedSize for a message that was not properly padded,
> simply
> > returning "self size" would be erroneous and the program would then
> be
> > making improper assumptions about the message.
> >
> > Regards,
> >   Chris
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> >
>
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>

More information about the Cryptography mailing list