use cbc encryption decryption - works nice with c#

Azaion.Inference/security.pyx

@@ -6,43 +6,46 @@ from credentials cimport Credentials
 from hardware_service cimport HardwareInfo
 
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import padding
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives import padding
 
 BUFFER_SIZE = 64 * 1024  # 64 KB
 
 cdef class Security:
     @staticmethod
-    cdef encrypt_to(input_stream, key):
+    cdef encrypt_to(input_bytes, key):
         cdef bytes aes_key = hashlib.sha256(key.encode('utf-8')).digest()
         iv = os.urandom(16)
 
-        cipher = Cipher(algorithms.AES(<bytes>aes_key), modes.CFB(iv), backend=default_backend())
+        cipher = Cipher(algorithms.AES(<bytes> aes_key), modes.CBC(iv), backend=default_backend())
         encryptor = cipher.encryptor()
+        padder = padding.PKCS7(128).padder()
 
-        cdef bytearray res = bytearray()
-        res.extend(iv)
-        while chunk := input_stream.read(BUFFER_SIZE):
-            encrypted_chunk = encryptor.update(chunk)
-            res.extend(encrypted_chunk)
-        res.extend(encryptor.finalize())
-        return bytes(res)
+        padded_plaintext = padder.update(input_bytes) + padder.finalize()
+        ciphertext = encryptor.update(padded_plaintext) + encryptor.finalize()
+
+        return iv + ciphertext
 
     @staticmethod
-    cdef decrypt_to(input_stream, key):
+    cdef decrypt_to(ciphertext_with_iv_bytes, key):
         cdef bytes aes_key = hashlib.sha256(key.encode('utf-8')).digest()
-        cdef bytes iv = input_stream.read(16)
+        iv = ciphertext_with_iv_bytes[:16]
+        ciphertext_bytes = ciphertext_with_iv_bytes[16:]
 
-        cdef cipher = Cipher(algorithms.AES(<bytes>aes_key), modes.CFB(<bytes>iv), backend=default_backend())
-        cdef decryptor = cipher.decryptor()
+        cipher = Cipher(algorithms.AES(<bytes>aes_key), modes.CBC(<bytes>iv), backend=default_backend())
+        decryptor = cipher.decryptor()
 
-        cdef bytearray res = bytearray()
-        while chunk := input_stream.read(BUFFER_SIZE):
-            decrypted_chunk = decryptor.update(chunk)
-            res.extend(decrypted_chunk)
-        res.extend(decryptor.finalize())
+        decrypted_padded_bytes = decryptor.update(ciphertext_bytes) + decryptor.finalize()
 
-        return bytes(res)
+        # Manual PKCS7 unpadding check and removal
+        padding_value = decrypted_padded_bytes[-1]  # Get the last byte, which indicates padding length
+        if 1 <= padding_value <= 16: # Valid PKCS7 padding value range for AES-128
+            padding_length = padding_value
+            plaintext_bytes = decrypted_padded_bytes[:-padding_length] # Remove padding bytes
+        else:
+            plaintext_bytes = decrypted_padded_bytes
+
+        return bytes(plaintext_bytes)
 
     @staticmethod
     cdef get_hw_hash(HardwareInfo hardware):