Menu
▾
▴
[Pycrypto-checkins] [ pycrypto-Bugs-1054714 ] wishlist: variable length CTR mode
|
From: SourceForge.net <no...@so...> - 2005-07-16 17:59:13
|
Bugs item #1054714, was opened at 2004-10-26 17:13 Message generated for change (Comment added) made by zooko You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1054714&group_id=20937 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Zooko O'Whielacronx (zooko) Assigned to: Nobody/Anonymous (nobody) Summary: wishlist: variable length CTR mode Initial Comment: I'm using AES in CTR mode. It objects if I give it a plaintext whose length isn't an integer multiple of 16. So I'll have to check for that, pad, encrypt, then truncate. It would be nice if pycrypto would do this itself. ---------------------------------------------------------------------- >Comment By: Zooko O'Whielacronx (zooko) Date: 2005-07-16 17:59 Message: Logged In: YES user_id=52562 I've updated my patch to make CTR mode support variable length texts so that it applies against 2.0.1. (We need it for a product I'm working on.) I'll attach the current version of the patch to the thread about the OFB patch in the patch tracker. I would like to unify the CTR mode patch and the OFB patch, but not right now as I need to go work on the aforementioned product... ---------------------------------------------------------------------- Comment By: Zooko O'Whielacronx (zooko) Date: 2004-10-27 12:58 Message: Logged In: YES user_id=52562 details about CTR mode and not-using-padding: RFC 3711: http://www.faqs.org/rfcs/rfc3711.html the default encryption transform is AES-CTR mode. "None of the pre-defined encryption transforms uses any padding; for these, the RTP and SRTP payload sizes match exactly" Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption (2000), Helger Lipmaa, Phillip Rogaway, David Wagner: http://citeseer.ist.psu.edu/lipmaa00comments.html ---------------------------------------------------------------------- Comment By: Zooko O'Whielacronx (zooko) Date: 2004-10-26 19:51 Message: Logged In: YES user_id=52562 Man, the linewrapping of this HTML form thingie is irritating. I made symlinks so here are the slightly shorter URLs: list of my patches: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zp?c=patches The test patch: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zp/?c=diff&p=20041026183323-92b7f-c777a077c2f516680a548c486d4f3c2730b2b0e7.gz (If that URL is too long to deal with then just go to the list above and click on the name of the patch and then click "diff" to get a unified diff.) The variable-length-input-for-CTR-mode patch: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zp/?c=diff&p=20041026191834-92b7f-72995f81f2b92accfc02254869d2ea84ecdbc960.gz ---------------------------------------------------------------------- Comment By: Zooko O'Whielacronx (zooko) Date: 2004-10-26 19:24 Message: Logged In: YES user_id=52562 CTR mode as typically used doesn't add any padding. ---------------------------------------------------------------------- Comment By: Zooko O'Whielacronx (zooko) Date: 2004-10-26 19:23 Message: Logged In: YES user_id=52562 Okay I implemented it. Here is a list of my patches to pycrypto: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zookopatches?c=patches&t= The only interesting ones are this one: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zookopatches/?c=diff&p=20041026183323-92b7f-c777a077c2f516680a548c486d4f3c2730b2b0e7.gz which adds a unit test for non-multiple-of-blocksize inputs and this one: http://zooko.com/cgi-bin/darcs.cgi/pycrypto/zookopatches/?c=diff&p=20041026191834-92b7f-72995f81f2b92accfc02254869d2ea84ecdbc960.gz which makes CTR mode handle variable length inputs. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2004-10-26 17:24 Message: Logged In: NO I'm almost certian this will never happen. There are too many variations on how to pad the block. Also, truncating the block will make it undecipherable. If you want an easy way to pad your string: bs = 16 pad = '\x00' s = 'something that is not of length 16' s += (bs - (len(s) % bs)) * pad Alternatively, you can use a stream cipher like RC4, which doesn't have a block size. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=120937&aid=1054714&group_id=20937 |
