use PKCS#7 padding for AES-CBC encryption
|Reported by:||Josh||Owned by:||alas|
It would be better to implement PKCS7 padding where the value of the pad byte is the number of bytes being added (https://en.wikipedia.org/wiki/Padding_%28cryptography%29#PKCS7).
enctest.py tests the current Xpra padding and PKCS7. If you copy the details into here https://jswebcrypto.azurewebsites.net/demo.html#/aes for example, every implementation gets the Xpra padded data wrong.
Attached is also a quick and dirty patch to implement this padding. It seems that it won't break compatibility with older version since the padding is the same length and stripped off anyway, but I have not tested this yet.
Change History (15)
comment:5 Changed 19 months ago by
|Owner:||changed from alas to Antoine Martin|
|Status:||new → assigned|
comment:6 Changed 19 months ago by
|Owner:||changed from Antoine Martin to Josh|
|Status:||assigned → new|