twofish 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e25f6d79c9cb7b9c02f0ea6d36596d1a2bdc2487
-  data.tar.gz: a7378fc5f9e8edce9a78a65a8cdd13ffecd18385
+  metadata.gz: a9160fa2fe6f0007b1e73557465ba662b23e3949
+  data.tar.gz: 7baca819819c90a0f0322966d56198fad0bc1cf5
 SHA512:
-  metadata.gz: 93088141b06171d957c18a1c0ba445c6c97c31dfeff9560c38d6def58ec7289a913b559cbdeffdccf92984704278d4391f1f8cd2fbeacb3de2253e7d4f4ffcdd
-  data.tar.gz: 42e5318a058a37cacc94f999e58570cc237d77ea7a4869a8290a25e4a6056cc684e431a2089987a4a30c40e4465bd38ef70ce7c1cd19efa4ab5550867545b146
+  metadata.gz: eec83be529fbc82970ec9d2c3ccbe19e156058d850f596237254c7dbefa18e5c478415c9d9351c6e0f8e0bc3bfa3f00f73bf617020c12e6fcc56f23f1bbb03ab
+  data.tar.gz: bd3f3529f3093bc3020a728775383dca129b5496f459b4d375aca6467959dd0654d6f4d375a4bd816ff0f04f7c6419942e8a4ef95252a8d778d59dc6458ec8c2

data/README.rdoc

@@ -112,11 +112,6 @@ Ruby >=1.9 introduces string encodings. The current workaround uses
 #ord and #chr but this is not very satisfactory: it would be preferable
 to move to byte arrays throughout.
 
-The only padding mechanisms implemented are "none", zero byte, and
-ISO 10126-2. PKCS#5/7 padding is not implemented.  Zero byte padding
-has a well-known failure mode: if the plaintext terminates in null bytes
-then these may be erroneously removed when un-padding is performed.
-
 Possible implementation-dependent timing attacks (Bignum promotion,
 #pack(), ...).
 

data/lib/twofish.rb

@@ -301,7 +301,7 @@ class Twofish
   # hash as follows:
   #   :mode => :ecb (default) or :cbc
   #   :iv => optional 16 byte initialization vector (randomly generated if not supplied)
-  #   :padding => :none (default), :zero_byte or :iso10126_2
+  #   :padding => :none (default), :zero_byte, :iso10126_2 or :pkcs7
   def initialize(key_string, opts={})
 
     self.mode = opts[:mode] # use setter for validation
@@ -456,7 +456,8 @@ class Twofish
 
   # Set the padding scheme for the (CBC mode) cipher
   # (Padding::NONE == :none, Padding::ZERO_BYTE ==
-  # :zero_byte, Padding::ISO10126_2 == :iso10126_2).
+  # :zero_byte, Padding::ISO10126_2 == :iso10126_2,
+  # Padding::PKCS7 == :pkcs7).
   def padding=(scheme)
     @padding = Padding.validate(scheme)
   end
@@ -1094,7 +1095,7 @@ private
 
     end
 
-    [ b >> 24, b >> 16 & 0xff, b >> 8 & 0xff, b & 0xff ]
+    [b >> 24, b >> 16 & 0xff, b >> 8 & 0xff, b & 0xff]
   end
 
   # Generates a random initialization vector of the given length.

data/lib/twofish/mode.rb

@@ -13,7 +13,7 @@ class Twofish
     CBC = :cbc
 
     # Array of all known modes.
-    ALL = [ CBC, ECB ]
+    ALL = [CBC, ECB]
 
     # Default mode (ECB).
     DEFAULT = ECB

data/lib/twofish/padding.rb

@@ -20,8 +20,11 @@ class Twofish
     # Use ISO 10126-2 padding.
     ISO10126_2 = :iso10126_2
 
+    # Use PKCS7 byte padding.
+    PKCS7 = :pkcs7
+
     # Array of all known paddings.
-    ALL = [ NONE, ZERO_BYTE, ISO10126_2 ]
+    ALL = [NONE, ZERO_BYTE, ISO10126_2, PKCS7]
 
     # Default padding (none).
     DEFAULT = NONE
@@ -60,6 +63,9 @@ class Twofish
           # The last byte specify the total pad byte size
           bytes << number_of_pad_bytes
           plaintext << bytes.pack("C*")
+      when PKCS7
+        padding_length = (block_size - remainder - 1) % block_size + 1
+        plaintext << [padding_length].pack('C*') * padding_length
       end
     end
 
@@ -79,6 +85,10 @@ class Twofish
       when ISO10126_2
         number_of_pad_bytes = plaintext.bytes.to_a[plaintext.length-1]
         plaintext[0, (plaintext.length - number_of_pad_bytes)]
+      when PKCS7
+        # the padding length equals to the codepoint of the last char
+        padding_length = plaintext[-1..-1].unpack('C*')[0]
+        plaintext[0..(-1 * (padding_length + 1))]
       end
     end
   end

data/test/test_twofish.rb

@@ -288,6 +288,17 @@ class TestPadding < TestBasics
     assert_equal(:iso10126_2, tf.padding)
   end
 
+  def test_cipher_pkcs7_padding
+    tf = Twofish.new(NULL_KEY_16_BYTES)
+    tf.padding = :pkcs7
+    assert_equal(:pkcs7, tf.padding)
+  end
+
+  def test_cipher_pkcs7_padding_constructor
+    tf = Twofish.new(NULL_KEY_16_BYTES, :padding => :pkcs7)
+    assert_equal(:pkcs7, tf.padding)
+  end
+
   def test_cipher_unknown_padding
     tf = Twofish.new(NULL_KEY_16_BYTES)
     assert_raise ArgumentError do
@@ -335,7 +346,7 @@ class TestPadding < TestBasics
   end
 
   def test_unpad_iso10126_2
-    bytes = Array.new(10 - 1) {rand(256)}
+    bytes = Array.new(10 - 1) { rand(256) }
     bytes << 10
     assert_equal(TO_PAD, Twofish::Padding::unpad(TO_PAD+bytes.pack("C*"), BLOCK_SIZE, :iso10126_2))
   end
@@ -348,4 +359,19 @@ class TestPadding < TestBasics
     assert_equal(to_pad, Twofish::Padding::unpad(padded_text, BLOCK_SIZE, :iso10126_2))
   end
 
+  def test_pad_unpad_pkcs7
+    # message containing BLOCK_SIZE bytes
+    m = 'abcdefghijklmnop'
+    (1..BLOCK_SIZE).each do |length|
+      # message containing length bytes (1 <= length <= BLOCK_SIZE)
+      to_pad = m[0..(length - 1)]
+      # pad
+      padded_text = Twofish::Padding::pad(to_pad, BLOCK_SIZE, :pkcs7)
+      padding_length = BLOCK_SIZE - (length % BLOCK_SIZE)
+      assert_equal(to_pad + (padding_length.chr * padding_length), padded_text)
+      # unpad
+      assert_equal(to_pad, Twofish::Padding::unpad(padded_text, BLOCK_SIZE, :pkcs7))
+    end
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: twofish
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Martin Carpenter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-28 00:00:00.000000000 Z
+date: 2014-05-22 00:00:00.000000000 Z
 dependencies: []
 description: Twofish symmetric cipher in pure Ruby with ECB and CBC cipher modes derived
   from an original Perl implementation by Guido Flohr