RE: How do I remove padding during AES encryption/ decryption
Hello, Thanks for the reply. I have my sample test case like this. #define KEYSIZE 256 #define AES_BLOCK_SIZE 32 AES block size for this implementation is 16 bytes (of course AES standard talks about block size 24 and 32 bytes - Nb variable - but this implementation use only 16 byte AES block) void test_main() { char key[KEYSIZE+1]; int I,keylen; char data[AES_BLOCK_SIZE] ; char cbuf[AES_BLOCK_SIZE]; char pbuf[AES_BLOCK_SIZE]; strcpy(key,2ea24d27bc6e40e70b0a2ab08b0831675cf1274834f98a58709edeeb56af f547); strcpy(data,000 0); I guess that this strings should be converted from hex form to binary for using (something like 0x41 = 'A') keylen = strlen(key); { AES_KEY ctx; unsigned char iv[AES_BLOCK_SIZE]; memset(cbuf, 0,AES_BLOCK_SIZE); AES_set_encrypt_key(key, KEYSIZE, ctx); AES_cbc_encrypt(data, cbuf, AES_BLOCK_SIZE, ctx, iv, AES_ENCRYPT); iv is not initialized here and you should check return code of AES_set_encrypt_key() - this function accept key length of 128,192,256. Here this works good but checking error code is good practise. for (i =0 ; i sizeof(data) ; i++) printf(%d...input = %d \n,data[i],i); printf(\n); for (i =0 ; i sizeof(cbuf); i++) printf(%d...encoded data =%d \n,cbuf[i],i); printf(\n); } { AES_KEY ctx; int len,pad,flag =0; unsigned char iv[AES_BLOCK_SIZE]; memset(pbuf, 0,AES_BLOCK_SIZE); memset(iv, 0, AES_BLOCK_SIZE); iv should have the same value as in encrypting. AES_set_decrypt_key(key, KEYSIZE, ctx); check error code AES_cbc_encrypt(cbuf,pbuf, AES_BLOCK_SIZE, ctx, iv, AES_DECRYPT); } } Please can any tell me what could be the problem with this code? There are many problems with using AES_cbc*(). If we are talking of padding - this functions do not support normal padding - i suggest add proper padding on encryption yourself and remove padding after decryption. This functions should take properly padded data rounded to 16 bytes. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How do I remove padding during AES encryption/ decryption
Hi, Thanks for the reply. I have my sample test case like this. #define KEYSIZE 256 #define AES_BLOCK_SIZE 32 void test_main() { char key[KEYSIZE+1]; int I,keylen; char data[AES_BLOCK_SIZE] ; char cbuf[AES_BLOCK_SIZE]; char pbuf[AES_BLOCK_SIZE]; strcpy(key,2ea24d27bc6e40e70b0a2ab08b0831675cf1274834f98a58709edeeb56af f547); strcpy(data,000 0); keylen = strlen(key); { AES_KEY ctx; unsigned char iv[AES_BLOCK_SIZE]; memset(cbuf, 0,AES_BLOCK_SIZE); AES_set_encrypt_key(key, KEYSIZE, ctx); AES_cbc_encrypt(data, cbuf, AES_BLOCK_SIZE, ctx, iv, AES_ENCRYPT); for (i =0 ; i sizeof(data) ; i++) printf(%d...input = %d \n,data[i],i); printf(\n); for (i =0 ; i sizeof(cbuf); i++) printf(%d...encoded data =%d \n,cbuf[i],i); printf(\n); } { AES_KEY ctx; int len,pad,flag =0; unsigned char iv[AES_BLOCK_SIZE]; memset(pbuf, 0,AES_BLOCK_SIZE); memset(iv, 0, AES_BLOCK_SIZE); AES_set_decrypt_key(key, KEYSIZE, ctx); AES_cbc_encrypt(cbuf,pbuf, AES_BLOCK_SIZE, ctx, iv, AES_DECRYPT); } } Please can any tell me what could be the problem with this code? Regards, Jaya. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Monday, September 18, 2006 3:39 PM To: openssl-users@openssl.org Subject: Re: How do I remove padding during AES decryption Hello, Please can any one tell me how do I remove the pad bytes during AES decyrption using AES_cbc_encryption. Provided that block_size is size of encryption algorithm block size and last block is in dst you may use something like that: . . pad = dst[block_size - 1]; if (pad block_size) { goto err; } for (i = 1; i pad; i++) { if (dst[block_size - 1 - i] != pad) { goto err; } } len = block_size - pad; . . Proper length is returned in len. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]