Debugging C++ AES Encryption Wrapper Class

Question

I need to add AES encryption functionality to my C++ project. So far I am trying to write a wrapper class for Code project: C++ Implementation of AES++ which is to have the following functions:

char* Encrypt(string& InputData); //takes plain text and returns encrypted data
char* Decrypt(string& InputData); //takes encrypted data and returns plain text

But when I test my code only the first 32 bytes of the data are encrypted and decrypted.

The final line of the output is:-

This is Encryption Test My name

What is making it miss the rest of the string? What am I missing?

#include "Rijndael.h"
#include <iostream>
#include <string>

using namespace std;

string LenMod(string Input);

char* Encrypt(string& InputData)
{
    try
    {
        InputData = LenMod(InputData);
        char* OutputData = (char*)malloc(InputData.size() + 1); 
        memset(OutputData, 0, sizeof(OutputData));

        CRijndael AESEncrypter;

        AESEncrypter.MakeKey("HiLCoE School of Computer Science and Technology",CRijndael::sm_chain0, 16 , 16);

        AESEncrypter.Encrypt(InputData.c_str(), OutputData, sizeof(InputData), CRijndael::ECB);

        return OutputData;
    }
    catch(exception e)
    {
        cout<<e.what();
        return NULL;
    }
}

char* Decrypt(string& Input)
{
    try
    {
        Input = LenMod(Input);
        char* Output = (char*)malloc(Input.size() + 1); 
        memset(Output, 0, sizeof(Output));

        CRijndael AESDecrypter;

        AESDecrypter.MakeKey("HiLCoE School of Computer Science and Technology",CRijndael::sm_chain0, 16, 16);

        AESDecrypter.Decrypt(Input.c_str(), Output, sizeof(Input), CRijndael::ECB); 

        return Output;
    }
    catch(exception e)
    {
        cout<<e.what();
        return NULL;
    }
}

string LenMod(string Input)
{
    while(Input.length() % 16 != 0)
        Input += '\0';

    return Input;
}

int main()
{

    string s = "This is Encryption Test My name is yohannes tamru i am a computer science student";

    //cout<<LengthMod(s)<<endl;
    string temp1(Encrypt(s));
    string temp2(Decrypt(temp1));

    cout<<temp1<<endl<<endl<<temp2<<endl;

    system("pause");
return 0;
}

`sizeof(InputData)` is not the length of `InputData`. For that, you need `InputData.size()`. Note also that you are leaking the `char[]` that you `malloc` (you never `free` it), though you should probably just use a `std::vector`, resized to the correct length. The correct declaration of `main` is [`int main()`](http://stackoverflow.com/questions/4207134/what-is-the-proper-declaration-of-main), not `void main()`. — James McNellis, Aug 28 '12 at 00:50
Ok i changed sizeof(InputData) to InputData.size() but i don't know how to return the char[] value and free it — yohannist, Aug 28 '12 at 00:55
Note that the `main()` function in standard C++ must return an `int`. C++ does not allow any alternative return types; C99 and C11 are more lenient (C89 was not). — Jonathan Leffler, Aug 28 '12 at 00:55
ECB (Electronic Code Book) mode is very [insecure](http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation). Don't use it in the production version of your code! — Jonathan Leffler, Aug 28 '12 at 00:58
@Jonathan I didn't know that thanks. But the elephant is yet to leave the room — yohannist, Aug 28 '12 at 01:00
What does the AESEncrypter class have to say about what the Encrypt and Decrypt functions do? AES uses a block size of 128 bits, which is 16 bytes. It is surprising that you have to manually pad the data to be encrypted to a multiple of 16 bytes. There are standards for how to do that (PKCS#5 IIRC, and simply adding null bytes isn't one of them). Also, the output data is binary; you could easily have a null in the encrypted data...could that be affecting your code? — Jonathan Leffler, Aug 28 '12 at 01:01
@JonathanLeffler, Forgive my noobnes, my goal is to encrypt decrypt arbitrary length of text using the same key but only 16 or 32 bytes of the data(which i think is the block size) is being processed. PS. The binary output may have null values but when decrypted back it will be the same as the plain text so i don't think null padding is the problem. — yohannist, Aug 28 '12 at 01:28
The interface you've defined is mostly broken. AES can produce zero-bytes in its result, which you'll then take as signifying the end of a C-style string. I'd consider returning something like an `std::string` or perhaps an `std::vector`. — Jerry Coffin, Aug 28 '12 at 03:23
Not trying to pop your bubble, but why the heck are you trying to create a wrapper class around some AES code found on the internet? Why not use a tried and tested crypto library such Botan or Crypto++? — Maarten Bodewes, Aug 28 '12 at 19:47
@owlstead, lol It seemed a bright idea at the time bc i thought i would save time by not learning a new library PS. The bubble got popped about 8 hours ago — yohannist, Aug 28 '12 at 19:55
@user1470033 sometimes it is easier to go in this direction, I did use a MD5 implementation like this. The trouble with crypto libraries is generally that they need to be secure against side channel attacks and such. So generally, for crypto, stick to sample code of true and tried libraries that are actively developed. — Maarten Bodewes, Aug 28 '12 at 20:00

Debugging C++ AES Encryption Wrapper Class

0 Answers0