CBC mode encryption

Go To Last Post
3 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Presently, I'm working with AES Encryption using CBC mode. I found that the example code allows 16-byte encryption. If I have to plain text more than 16-byte, how it will be encrypted?
Please help me with the below queries:
 

1. Whether I have to XOR the first ciphertext output with second plain text or will the AES engine do this operation automatically?

 

2. I was performing AES encryption in CBC mode using example project, I got the output ciphertext as follows :

 

AESEncode(unsigned char* block, unsigned char* masterKey)

when I give plain text as string or character array the output ciphertext doesn't match when I do the same procedure using an online tool.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Wikipedia is a good reference:

https://en.wikipedia.org/wiki/Bl...

 

AES uses blocks of 16. If your message length is not a multiple of 16, you need to 'Pad' to ensure that it is. The wikipedia article explains padding.

 

Usually, if you are using CBC to encrypt communications, you would go through a series of steps to ensure that the encrytion key is the same on both ends - ie you send a message with a random packet, encrypted with your key. The other end receives this, decrypts it and does some 'magic' to it and sends it back. You decrypt it, reverse the magic and compare it with what you sent. if all is good, then you can be sure the keys are identical. You then go through a send/receive sequence to establish the initial IV and a session key for both sides. From that point on you use CBC mode to encrypt/decrypt. 

 

Things to be aware of! If you are sending C strings - note these are terminated by 0. If the string length  is not a multiple of 16, it will need to be padded. So you will need to write a function that takes a pointer to uint8_t, pointer to the current IV and a length value. The function loops through taking 16 bytes at a time and encrypting it. If there are not 16 bytes, it will pad to 16 bytes. It will update the current IV along the way.

 

With the online AES tools, you will need to make sure your code pads and handles the data the same way. Otherwise you will get different results. Debugging encryption is tricky and laborious. Be sure to get the basics correct.

 

 

If you want to encrypt/decrypt a 'stream' (as in variable length data), look at the other AES modes in the wikipedia article.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

In answer to your question #1, you most likely have to do the plaintext Xor yourself as there is no mention of how to set/retrieve the IV.