iPHone - AES 256 encryption without padding

Question

I've seen some of the posts for AES 256 encryption on iphone usign cocoa. One of the post is http://pastie.org/426530 But all the posts are using some kind of padding. How can I use AES256 encryption without using any padding?

Because, I'm communicating with a server on which encryption/decryption is handled without padding. But on iphone, I can use kCCOptionPKCS7Padding or kCCOptionECBMode modes only. How can I code my iphone app so that encryption/decryption happens successfully?

Answer 1

Block ciphers will always be a multiple of their block size. When data does not fit exactly into the cipher stream it is padded. So, there's no need to disable padding.

Answer 2

The padding is kind of important.

http://www.vbdotnetheaven.com/UploadFile/gsparamasivam/cryp04112005063256AM/cryp.aspx

I'd ask why you wanted to get rid of it but I suspect you probably just need to understand why it's there.

Of course if you really wanted to get rid of the padding, just make your data size be a multiple of the cipher key length.

Answer 3

It seems you are using this piece of code

size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );

size_t numBytesEncrypted = 0;

CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                      tempkey, kCCKeySizeAES256,
                                      (void*)IV /* initialization vector (optional) */,
                                      input_raw_data, data_length, /* input */
                                      buffer, bufferSize, /* output */
                                      &numBytesEncrypted );

I've also gone through the same problem and I found the solution which is do not use the above function it will add extra bytes in encrypting. Just use the two functions instead of this one. Here is my solution

size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );

size_t numBytesEncrypted = 0;

CCCryptorRef ccRef;
CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, 0, tempkey, kCCKeySizeAES256, IV, &ccRef);
CCCryptorStatus cryptStatus = CCCryptorUpdate(ccRef, input_raw_data, data_length, buffer, bufferSize, &numBytesEncrypted);

CCCryptorRelease(ccRef);
if( cryptStatus == kCCSuccess )
{
  //the returned NSData takes ownership of the buffer and will free it on deallocation
  return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}

Answer 4

The option kCCOptionPKCS7Padding does this for you (I refer to the pastie code). If, say, you encrypt 17 bytes then then resulting ciphertext will be 32 bytes (the next multiple of 16): we need 16 bytes per block; if we have a text of 16 bytes then the ciphertext will also 32 bytes, because the padding has to be "uniquely removable" :we add x bytes with value x, for 1 <= x <= 16 in this case. This is done automatically (and checked for errors) with that option during decryption. If you encrypt/decrypt with CBC (it's unclear to me whether that is the case here, I suspect not) we add another random IV block at the beginning of the ciphertext, and this is to ensure that encrypting the same plaintext under the same key later will most likely result in different ciphertexts. So this is recommended practice. If you do not want padding, you can use the block cipher in a streaming mode, like counter mode or CFB-mode. You still get a little expansion because you have to add an IV or nonce as well, also 16 bytes.