Hazmat Padding
[Hazmat Home][Home]
A symmetric key block cipher, such as AES and DES uses a size block size. These blocks are typically either 64-bits (8 bytes) or 128 bits (16 bytes). As we cannot fill all of the blocks, we must pad the last block. PKCS #7 (Cryptographic Message Synta) is a standard padding method which determines the number of padding bytes and then ads that as a value. For example, for a 128-bit block size, and if we have "testing", then there are sevn bytes (for ASCII coding) that represent the data, and we then have 11 (0x0b) padding values. The padding block becomes "74657374696e67090909090909090909", and "testing1" as "74657374696e67310808080808080808". For a 64-bit block, we only have one padding bytes, thus the padding value is "74657374696e6701". For "testing1", we will require another block, and with eight padding bytes: "74657374696e67310808080808080808". ANSI X.923 padding has N-1 bytes with a value of 0 and a last byte and the value of chr(N), N is then the number of bytes that are required to fill the block. For a value of "test" with a 64-bit block size, the padded value (in hexademical) will be "7465737400000004". For a 128-bit value, the padded value will be "7465737400000000000000000000000c".
|
Theory
A symmetric key block cipher, such as AES and DES, uses a defined block size -and which stores a given number of bytes. These blocks are typically either 64-bits (8 bytes) or 128 bits (16 bytes). As we cannot fill all of the blocks, we must pad the last block. PKCS #7 (Cryptographic Message Syntax) is a standard padding method that determines the number of padding bytes and then ads that as a value. For example, for a 128-bit block size, and if we have “testing”, then there are seven bytes (for ASCII coding) that represent the data, and we then have 9 (0x09) padding values. The padding block becomes:
74657374696e67090909090909090909
and “testing1” as:
74657374696e67310808080808080808
For a 64-bit block, we only have one padding bytes, thus the padding value is:
74657374696e6701
For “testing1”, we will require another block, and with eight padding bytes:
74657374696e67310808080808080808
Code
from cryptography.hazmat.primitives import padding import sys import binascii size=128 message="abc" if (len(sys.argv)>1): message=str(sys.argv[1]) if (len(sys.argv)>2): size=int(sys.argv[2]) print ("Message: ",message) print ("Block size: ",size) message=message.encode() padder = padding.PKCS7(size).padder() padded_data = padder.update(message) padded_data += padder.finalize() print ("Padded: ",binascii.hexlify(padded_data).decode()) unpadder = padding.PKCS7(size).unpadder() data = unpadder.update(padded_data) unpadded = data + unpadder.finalize() print ("Unpadded: ",unpadded.decode())
A sample run for a 64-bit block size is:
Message: test Block size: 64 Padded: 7465737404040404 Unpadded: test
and for a 128-bit block size:
Message: test Block size: 128 Padded: 746573740c0c0c0c0c0c0c0c0c0c0c0c Unpadded: test
For ANSIX923, with a 128-bit block size, and for "test" we get:
Message: test Block size: 128 Type: ANSIX923 Padded: 7465737400000000000000000000000c Unpadded: test
For ANSIX923, with a 64-bit block size, and for "test" we get:
Message: test Block size: 64 Type: ANSIX923 Padded: 7465737400000004 Unpadded: test