Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES-SIV does not accept empty plaintext. #10958

Open
bleichenbacher-daniel opened this issue May 7, 2024 · 2 comments
Open

AES-SIV does not accept empty plaintext. #10958

bleichenbacher-daniel opened this issue May 7, 2024 · 2 comments

Comments

@bleichenbacher-daniel
Copy link

This issue is possibly related to #10808, which observes a similar behavior for AES-GCM-SIV.

I'm using python version 3.12.3
and cryptography version 42.0.5

The following code

from cryptography.hazmat.primitives.ciphers import aead
import cryptography
import sys

def test_empty_pt():
    key = bytes(range(32))
    nonce = bytes(range(12))
    pt = b""
    aads = [b"row1", b"col2", b"timestamp"]
    crypter = aead.AESSIV(key)
    ct = crypter.encrypt(pt, aads)

if __name__ == "__main__":
    print(f"{sys.version=}")
    print(f"{cryptography.__version__=}")
    test_empty_pt()

gives the following result:

sys.version='3.12.3 (tags/v3.12.3:f6650f9, Apr 9 2024, 14:05:25) [MSC v.1938 64 bit (AMD64)]'
cryptography.version='42.0.5'
Traceback (most recent call last):
File ".../aes_siv_test.py", line 16, in
test_empty_pt()
File ".../aes_siv_test.py", line 11, in test_empty_pt
ct = crypter.encrypt(pt, aads)
ValueError: data must not be zero length

The only restriction I could find is RFC 5297, section 6, where there is a lower bound of 1 byte for the nonce, when AES-SIV is being used as AEAD. However, AES-SIV is useful in many contexts, e.g., deterministically encrypting cells in a database using row and column as AAD. For such uses it would be helpful if all fields can be empty.

@alex
Copy link
Member

alex commented May 7, 2024 via email

@alex
Copy link
Member

alex commented Jul 20, 2024

Note: Someone should file an upstream bug with OpenSSL for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants