named-data-iot/ndn-lite

_pkcs7_padding incorrect logic

Closed this issue · 2 comments

yoursunny commented

According to PKCS Padding Method:

The rules for PKCS padding are very simple:

  • Padding bytes are always added to the clear text before it is encrypted.
  • Each padding byte has a value equal to the total number of padding bytes that are added. For example, if 6 padding bytes must be added, each of those bytes will have the value 0x06.
  • The total number of padding bytes is at least one, and is the number that is required in order to bring the data length up to a multiple of the cipher algorithm block size.

The currently implementation is incorrect: it does not fulfill the first rule.

ndn-lite/security/default-backend/ndn-lite-default-aes-impl.c

Lines 26 to 41 in d60a114

static int
_pkcs7_padding(const uint8_t* input_value, uint8_t input_size,
uint8_t* output_value, uint8_t output_size)
{
if (input_size % TC_AES_BLOCK_SIZE == 0) {
memcpy(output_value, input_value, input_size);
return input_size;
}
uint8_t num = TC_AES_BLOCK_SIZE - input_size % TC_AES_BLOCK_SIZE;
if (output_size < input_size + num)
return NDN_OVERSIZE;
memcpy(output_value, input_value, input_size);
for (uint8_t i = 0; i < num; i++)
output_value[input_size + i] = byte[num - 1];
return input_size + num;
}

tianyuan129 commented

I tested this piece of code with input array 04 04 04 04 04 04 and got 04 04 04 04 04 04 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A . It seems fulfill the requirement. Wonder what's wrong with it?

yoursunny commented

Try an input length that is a multiple of 16 octets.
Compare to the results at https://play.golang.org/p/hxyB-O8ARk-