tags:

views:

667

answers:

4
+1  Q: 

Best way to handle block ciphers in C++? (Crypto++)

Good day :)

I'm pretty new to both C++ and Block Cipher encryption, and I am currently in the process of writing a decryption function for AES (16 byte seed / 16 byte blocks). All is going well, but my total data size is not always a multiple of my block size. I'm wondering what the best way to handle left-over data at the end of my data.

I'm using Crypto++ for the AES library.

The ProcessBlock() function takes an Input and Output char array. I'm assuming it is expecting them to be at least big enough as the block size.

TL:DR;

What would be the best way to process all 16 byte blocks in a block cipher, and then also process the leftover data?

A: 

What you want is a padding system.

Check out this CodeProject article on Crypto++:

When a message is not a multiple of the cipher's block size, ECB or CBC mode messages must be padded. The method and values of padding are a source of problem with respect to interoperability between Cryptographic libraries and APIs. As Garth Lancaster points out, if you're not aware of the particulars of padding, use the StreamTransformationFilter. In this case, the Crypto++ filter will pad for you.

amdfan  2008-09-26 19:25:10
A: 

There's a PKCS standard for what's called "padding"

See the wikipedia page, but it amounts to padding with one of:

 01
 02 02
 03 03 03
 04 04 04 04
 05 05 05 05 05

This way you know during decryption where the original message ends...

Purfideas  2008-09-26 19:25:22
A: 

Thanks for you answers,

However, that documentation is referring to a member 'StreamTransformationFilter', which just does not seem to exist here. I do have a 'StreamTransformation' member, but it seems to be quite different.

My cryptopp version is the latest btw (5.5.2)

edit:

And yes, I have filters.h included.

 2008-09-26 19:35:27
+1  A: 

It's more than just padding - you need a Mode of Operation. The Good Math, Bad Math blog is writing up an excellent series on what they are and how to use them here. Also see the wikipedia entry. One thing that's really, really important: Never, ever use ECB (Electronic Code Book) mode - where you encrypt each block independently. It's the obvious way to do it, but it provides appallingly poor security.

Ideally, though, you shouldn't even have to do this yourself. Your crypto library should provide it. If it doesn't, I'd suggest changing to something else. like OpenSSL.

Nick Johnson  2008-09-26 21:15:09

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS