RE: How do I remove padding during AES encryption/ decryption

Tue, 19 Sep 2006 12:41:01 -0700 

Hello,
> Thanks for the reply. I have my sample test case like this.
> 
> #define KEYSIZE 256
> #define AES_BLOCK_SIZE 32
AES block size for this implementation is 16 bytes
(of course AES standard talks about block size 24 and 32
bytes - Nb variable - but this implementation use
only 16 byte AES block)

> void  test_main()
> {
>     char key[KEYSIZE+1];
>     int I,keylen;
>     char data[AES_BLOCK_SIZE] ;
>     char cbuf[AES_BLOCK_SIZE];
>     char pbuf[AES_BLOCK_SIZE];
> 
>  
> strcpy(key,"2ea24d27bc6e40e70b0a2ab08b0831675cf1274834f98a58709edeeb56af
> f547");
>  
> strcpy(data,"00000000000000000000000000000000000000000000000000000000000
> 00000");
I guess that this strings should be converted from hex form to
binary for using (something like 0x41 = 'A')

>     keylen = strlen(key);
> 
>     {
>           AES_KEY ctx;
>           unsigned char iv[AES_BLOCK_SIZE];
>           memset(cbuf, 0,AES_BLOCK_SIZE);
>           AES_set_encrypt_key(key, KEYSIZE, &ctx);
>           AES_cbc_encrypt(data, cbuf, AES_BLOCK_SIZE, &ctx, iv,
> AES_ENCRYPT);
iv is not initialized here and you should check return code of
AES_set_encrypt_key() - this function accept key length of 128,192,256.
Here this works good but checking error code is good practise.
 
> 
>           for (i =0 ; i <sizeof(data) ; i++)
>                  printf("%d...input = %d \n",data[i],i);
>           printf("\n");
> 
>           for (i =0 ; i <sizeof(cbuf); i++)
>                 printf("%d...encoded data =%d \n",cbuf[i],i);
>           printf("\n");
>     }
> 
>     {
>           AES_KEY ctx;
>           int len,pad,flag =0;
>           unsigned char iv[AES_BLOCK_SIZE];
>           memset(pbuf, 0,AES_BLOCK_SIZE);
>           memset(iv, 0, AES_BLOCK_SIZE);
iv should have the same value as in encrypting.
>           AES_set_decrypt_key(key, KEYSIZE, &ctx);
check error code
>           AES_cbc_encrypt(cbuf,pbuf, AES_BLOCK_SIZE, &ctx, iv,
> AES_DECRYPT);
>     }
> 
> }
> 
> Please can any tell me what could be the problem with this code?
There are many problems with using AES_cbc*().
If we are talking of padding - this functions do not support
"normal" padding - i suggest add proper padding on encryption
yourself and remove padding after decryption.
This functions should take properly padded data rounded to
16 bytes.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to