Comments (8)
Thank you for the report. I will have a look.
from python-mbedtls.
I am using mbedtls_cipher_crypt
from the high-level API. That is at least one difference from your example in C. I have to investigate further.
from python-mbedtls.
Well, it really looks like a problem upstream. I have tried to translate your C program to the high-level API and obtain the 32 bytes cipher that you reported as well. This is with libmbedtls
2.16.8. Are you interested in reporting/fixing upstream? If not, I could have a look.
Below is the full program and its output:
#include <stdio.h>
#include <string.h>
#include "mbedtls/cipher.h"
int main() {
const unsigned char key[16] = "My 16-bytes key";
const unsigned char iv[16] = "My 16-bytes iv.";
size_t length = 16;
unsigned char in[length];
memset(in, 0, sizeof in);
mbedtls_cipher_context_t ctx;
mbedtls_cipher_init(&ctx);
mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_string("AES-128-CBC"));
mbedtls_cipher_setkey(&ctx, key, 8 * sizeof key, MBEDTLS_ENCRYPT);
puts(ctx.cipher_info->name);
printf("IV size: %i\n", ctx.cipher_info->iv_size);
printf("Block size: %i\n", ctx.cipher_info->block_size);
unsigned char out[length + ctx.cipher_info->block_size];
size_t olen;
mbedtls_cipher_crypt(&ctx, iv, sizeof iv, in, sizeof in, out, &olen);
printf("got: %zu bytes\n", olen);
for (size_t i = 0; i < olen; i++) {
printf("%d, ", (unsigned char)out[i]);
}
printf("\n");
mbedtls_cipher_free(&ctx);
return 0;
}
AES-128-CBC
IV size: 16
Block size: 16
got: 32 bytes
98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164, 204, 133, 178, 79, 207, 47, 52, 158, 254, 38, 43, 177, 175, 127, 252, 6,
from python-mbedtls.
Thanks, I understand C/C++ and Python but I think I am incompetent to make or improve C/C++ based Python library.
from python-mbedtls.
Sure, no problem. I'll keep you updated.
from python-mbedtls.
After some more investigation: The high-level API adds a PKCS7 padding block for CBC in mbedtls_cipher_finish()
. With mbedtls_aes_context
, it looks like you have the possibility to do it yourself.
Actually, libmbedtls
has the option to not pad with mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE )
but I have not bound this method yet so it is not directly available from Python.
I can add the option to set the padding, libmbedtls
has PKCS7, ISO/IEC 7816-4, ANSI X.923, zero-padding, and no padding. Is this interesting to you?
Otherwise, you could as well use ECB, which is simpler and has no padding.
from python-mbedtls.
Also, it looks like the padding functions are private in libmbedtls
(static in library/cipher.c
) so it does not seem like I can make the padding option as nice as pycrypto. I will have to double check but I can probably only make it an option to the ciphers or to the encryption/decryption functions.
from python-mbedtls.
Sᴇᴄᴜʀɪᴛʏ ᴅɪsᴄʟᴀɪᴍᴇʀ: I do not encourage you to go ECB, it all depends on your application: CFB, or another cipher/mode might as well give n bytes out for n bytes in with better security 😅
from python-mbedtls.
Related Issues (20)
- Possibility to change mbedtls_ssl_conf_read_timeout HOT 7
- Chunking while sending more than 1024B data during handshake HOT 5
- TLS error when running client.py and server.py HOT 2
- server.py and client.py still have bugs when running on the Ubuntu system. HOT 2
- DTLSConnection Id Support HOT 1
- Vulnerable shared libraries might make python-mbedtls vulnerable. Can you help upgrade to patch versions? HOT 3
- won't install/compile HOT 1
- fails to run HOT 2
- error control nb args HOT 1
- Executing server.py gives:
- server.py error HOT 2
- Tests fail if mbedtls built without ARIA support HOT 1
- Issue with loading private keys and trailing null bytes HOT 4
- AES GCM 128 and 256 fails TAG test vector HOT 2
- Provide an example of DTLS server and client with certificates instead of PSK HOT 14
- Possibility to change MTU (max_frag_len) fragmentation size. HOT 8
- TLSWrappedSocket.shutdown(int) does not send DTLS Alert Close Notify message (mbedtls_ssl_close_notify) HOT 4
- Python handle of "record from another epoch: expected 1, received 0" HOT 4
- test_version() test fails due to Mbed TLS spelling change HOT 2
- Random error in HelloVerifyRequest() HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-mbedtls.