0

I was searching for implementations of AES, and i read that the OPENSSL have the best implementations, so i took a code from openssl, aes 128 cbc, and use it in my project, because i don't want to link whole library for the sake of one method. However it seems there is no padding implementation in:

AES_cbc_encrypt

So is padding a basically a size that is added to make data the multiplicity of key size?

So if i have following, key size is 128 bit - 16 byte

char dataToEncrypt[73];

BOOL bResult = ReadFile(hDataFile, dataToEncrypt, 73, &bRead, 0);

I need to calculate how much zeros i need to add:

So if: 73 % 16 != 0 i need to calculate: 73 / 16 = 4, then add one block: 4 + 1 = 5, size in bytes would be 16 * 5 = 80, add 80 - 73 = 7, 7 zero bytes to the end of my buffer dataToEncrypt, and encrypt as

AES_cbc_encrypt(dataToEncrypt, encrypted, 80, &dk, iv, AES_DECRYPT);

Is this what evp version of aes is suppose to do?

Vlad
  • 369
  • 4
  • 16
  • 2
    You should *not* use `AES_encrypt` and friends. That's a software-only implementation, so you will not enjoy hardware support, like AES-NI. You should be using `EVP_*` functions. See [EVP Symmetric Encryption and Decryption](http://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption) on the OpenSSL wiki. In fact, you should probably be using authenticated encryption because it provides *both* confidentiality and authenticity. See [EVP Authenticated Encryption and Decryption](http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) on the OpenSSL wiki. – jww Aug 12 '16 at 21:49
  • 1
    Zero-Padding is irreversible (you can't tell how many bytes are data and how many bytes were added for padding). Have a look at different padding schemes (f.ex. on Wikipedia) – AlexR Aug 12 '16 at 21:50
  • @jww i could just do it, but i was looking for tiny implementation of only aes-128, but it seems only solution is to link whole openssl library – Vlad Aug 12 '16 at 21:53
  • 1
    *"... because i don't want to link whole library for the sake of one method ..."* - Most unused code is usually removed by the linker. You can compile with `-ffunction-sections -fdata-sections` and link with `-Wl,--gc-sections` to aggressively remove unused code and data. – jww Aug 12 '16 at 22:04

0 Answers0