mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Jan 2004
Posts: 2,127
maroon Offline OP
Hoopy frood
OP Offline
Hoopy frood
Joined: Jan 2004
Posts: 2,127
1. $encode is allowing multiple padding switches to be specified, and uses them in a hierarchy regardless of the order used.

2. $decode is ignoring the 'pnz' switches or the lack of a padding switch, and instead attempts to find all 4 padding types at the end of the decrypted string.

--
Depending on the padding switch used when encrypting the string, decryption can result in false positives which removes too many bytes. The default PKCS#5 padding or the 'p' padding cannot be confused with each other, but it's easy for 'z' and 'n' to have false positives, as shown by this example:

Code:
//bset -t &v 1 $chr(192) | echo -a original = $bvar(&v,1-) | noop $encode(&v,bmcz,key) $decode(&v,bmcz,key) | echo 4 -a decrypted = $bvar(&v,1-)


result:
original = 195 128
decrypted = 195

As I understand padding behavior, decode should only search for the default PKCS#5 padding if none of the 'pnz' switches are used, and should only search for 1 of the 4 methods specified by the p|n|z|$null padding switch.

This should make valid syntax have the pnz switches be mutually exclusive for both encryption and decryption. Instead, $encode allows all 3 padding switches to be used, and uses them in this order:

A. $encode pads with 'z' method if 'z' switch is present, regardless if it's the 1st or last of several padding switches.

B. Otherwise, $encode pads with the 'n' method if 'z' switch is present, regardless if 'n' switch is used and if 'n' precedes or follows 'p'.

C. Otherwise, $encode pads with the 'p' method only if it's the only padding switch used.

D. Otherwise, $encode pads with the standard PKCS#5 padding only if no padding switch is used.

Solution:

$encode and $decode should permit only 1 or zero of the 'pnz' switches to be used.
$decode should only remove the 1 of 4 padding methods defined by which of the 'pnz' padding switches is used or their lack of use. This means that, if a different padding method is specified during decryption than used during encryption, the decrypted message should retain the padding added by the default PKCS#5 method, or the spaces from the 'p' method, etc.

Joined: Dec 2002
Posts: 5,411
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,411
Quote:
1. $encode is allowing multiple padding switches to be specified, and uses them in a hierarchy regardless of the order used.

This is true of most commands/identifiers with switches. Few commands/identifiers check if invalid combinations of switches are specified or if non-valid switches are used. They depend on the scripter to know what they are doing. While I have made a few changes to these identifiers based on your feedback regarding invalid combinations of switches, I am not inclined to keep doing this just for these identifiers.

Quote:
2. $decode is ignoring the 'pnz' switches or the lack of a padding switch, and instead attempts to find all 4 padding types at the end of the decrypted string.

This is intentional. You only need to specify the padding method with $encode().

Joined: Jan 2004
Posts: 2,127
maroon Offline OP
Hoopy frood
OP Offline
Hoopy frood
Joined: Jan 2004
Posts: 2,127
OK. Just pointing out that my example showed that $decode isn't giving priority to the specified switch, which means the 'z' switch isn't safe to use for any string where the message length is other than a multiple of 8 and the final character is a codepoint 128+ that's a multiple of 64, or binary strings where the final byte value is 0x80.

Code:
//bset -t &v 8 0 | while ($bvar(&v,0) == 8) { bset -tc &v 1 $str(.,$rand(1,6)) $+ $chr($calc(64*$rand(2,700))) } | echo -a original: = $bvar(&v,1-) | noop $encode(&v,bmcz,key) $decode(&v,bmcz,key) | echo 4 -a decrypted = $bvar(&v,1-)


Joined: Dec 2002
Posts: 5,411
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,411
$decode() ignores the padding switches. $decode() assumes that padding of some kind is used and deduces what it is based on the trailing characters.

As you say, zero padding is not reliable but not only because of the contexts you mention - different implementations may or may not extend zero padding with an extra block. So it may not even be compatible across implementations.

Originally, only PKCS#5 padding was supported. This is the recommended method. Some users requested the other padding methods, so they were added. It is left up to the scripter to decide which padding method to use.

Joined: Dec 2002
Posts: 5,411
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,411
Quote:
1. $encode is allowing multiple padding switches to be specified

The latest beta now reports an error if more than one padding switch is specified.


Link Copied to Clipboard