I’m doing some work with AES CBC and openssl and for now, I’m stuck on a problem that i cannot guess what’s wrong (as always).
Given a message less than 16 bytes length the process of encryption and decryption works fine, but when the message is greater than 16 bytes the decryption works only on the 16th first bytes.
When i call aes.exe stackoverflow stackoverflow the output is:
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |6c65219594c0dae778f9b5e84f018db6|
Encrypting : stackoverflow
With Key : stackoverflow
Becomes : ??????¤le!òö++þx¨ÁÞO?ìÂ.
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77|
Decrypting : ??????¤le!òö++þx¨ÁÞO?ìÂ
With Key : stackoverflow
Becomes : stackoverflow
When i call aes.exe stackoverflowstackoverflow stackoverflow the output is:
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Encrypted = |46172e3f7fabdcfc6c8b3e65aef175cddf8164236faf706112c15f5e765e49a5|
Encrypting : stackoverflowstackoverflow
With Key : stackoverflow
Becomes : ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ.
Using:
IVector = |000102030405060708090a0b0c0d0e0f|
Key = |737461636b6f766572666c6f770d0e0f101112131415161718191a1b1c1d1e1f|
Decrypted = |737461636b6f766572666c6f77737461257d434a1edcbc970bf5346ea2fc7bc2|
Decrypting : ??????¤F?.?¦½_³lï>e«±u-¯üd#o»pa?-_^v^IÑ
With Key : stackoverflow
Becomes : stackoverflowsta%}CJ?_+ù?§4nó³{-.
I’m providing a random IV for each encryption/decryption call and normalizing the password at 32 bytes in both cases; what I’m missing? anyone knows?
The source code:
#include <vector>
#include <string>
#include <iostream>
// Make a Key of exactly 32 bytes, truncates or adds values if it's necessary
std::string AES_NormalizeKey(const void *const apBuffer, size_t aSize)
{
static const unsigned char key32[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
const char *const Buffer = reinterpret_cast<const char *>(apBuffer);
std::string Result(reinterpret_cast<const char *>(key32), 32);
std::copy(Buffer, Buffer + ((aSize < 32)? aSize: 32), Result.begin());
return Result;
}
// Encrypt using AES cbc
std::string AESEncrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
// Create IVector.
unsigned char AES_IVector[16] = {0};
std::srand(static_cast<int>(time(NULL)));
std::generate(std::begin(AES_IVector), std::end(AES_IVector), std::rand);
std::copy(std::begin(AES_IVector), std::end(AES_IVector), aIVector.begin());
// Create key.
const std::string Key(AES_NormalizeKey(apKey, aKeySize));
AES_KEY EncryptKey;
AES_set_encrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &EncryptKey);
// Encrypt.
unsigned char AES_Encrypted[1024] = {0};
AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Encrypted, aBufferSize, &EncryptKey, AES_IVector, AES_ENCRYPT);
const std::string Encrypted(reinterpret_cast<const char *>(AES_Encrypted), ((aBufferSize / 16) + 1) * 16);
// Finish.
return Encrypted;
};
// Decrypt using AES cbc
std::string AESDecrypt(const void *const apBuffer, size_t aBufferSize, const void *const apKey, size_t aKeySize, std::string &aIVector)
{
// Read IVector.
unsigned char AES_IVector[16] = {0};
std::copy(aIVector.begin(), aIVector.end(), std::begin(AES_IVector));
// Create Key.
const std::string Key(AES_NormalizeKey(apKey, aKeySize));
AES_KEY DecryptKey;
AES_set_decrypt_key(reinterpret_cast<const unsigned char *>(Key.c_str()), 256, &DecryptKey);
// Decrypt.
unsigned char AES_Decrypted[1024] = {0};
AES_cbc_encrypt(static_cast<const unsigned char *>(apBuffer), AES_Decrypted, aBufferSize, &DecryptKey, AES_IVector, AES_DECRYPT);
const std::string Decrypted(reinterpret_cast<const char *>(AES_Decrypted));
// Finish.
return Decrypted;
};
// Entry point
int main(unsigned int argc, char **argv)
{
typedef std::vector<const std::string> vs;
vs a;
for (vs::size_type Index = 0; Index < argc; ++Index)
{
a.push_back(argv[Index]);
}
if (a.size() == 3)
{
std::string IV("");
std::string e(AESEncrypt(a.at(1).c_str(), a.at(1).size(), a.at(2).c_str(), a.at(2).size()), IV);
std::cout << "Encrypting : " << a.at(1) << "\n"
<< "With Key : " << a.at(2) << "\n"
<< "Becomes : " << e << ".\n";
std::string d(AESDecrypt(e.c_str(), e.size(), a.at(2).c_str(), a.at(2).size()), IV);
std::cout << "Decrypting : " << e << "\n"
<< "With Key : " << a.at(2) << "\n"
<< "Becomes : " << d << ".\n";
}
return 0;
}
Your code is almost correct, except that the initialization vector is being overwritten due to memory corruption, the length of the ciphertext is rounded incorrectly, and std::string::data() should be used instead of std::string::c_str() when using std::string as a byte array. The Initialization Vector is copied into the empty string overwriting the stack. Then the Initialization Vector gets overwritten so different value is used by AESDecrypt. I’ve included source code that incorporates indiv’s suggestions and fixes these problems. When run with
it produces the following output: