0

I am experimenting with AES encryption in C++ and I found an implementation of AES on GitHub, the problem is that the input byte array's size should be divisible by 16 and my data will not fullfill this requirement in the majority of time. I want to add padding (0-s to the end of the array) until the size is divisible by 16.

I have a function which calculates the nearest size but I don't know how to add padding to the array.

PBYTE AddPadding(PBYTE Array, int size)
{
    if (size % 16 != 0)
    {
        size += (16 - size % 16);
        size = ceil(size / 16) * 16;
    }

    BYTE* tmp = new BYTE[size];

    //the magic should happen here

    return tmp;
}

The inputs and the calling are:

BYTE in[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
        0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
        0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
        0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, 0x25 };

PBYTE tmp = AddPadding(in, sizeof(in));
Improve this question
2
  • You can't assume the bytes just following the array are free. So, if you go that way, you should pass a pointer to pointer to the array, allocate a new array of the appropriate size (+ error handling), copy the contents into the new array, add zeros, release the original array, and return the new array. Evidently, this is inefficient and might fail. It would be better to process the original array as is, and add virtual zeros in the last iteration. Commented Nov 19, 2016 at 13:03
  • Use a library that handles adding padding on encryption and removed it on decryption, that is very common. There is usually an option and many times it is the default. If the implementation does not support that find another library. Commented Nov 19, 2016 at 13:46

1 Answer 1

Reset to default
1

Most crypto libraries will add the padding for you. If you want to do it yourself, then:

  1. Calculate how much padding you will need.

  2. Since C arrays are not extensible you will need to make a new array to hold both the plaintext and the padding.

  3. PKCS#7 padding is common, so unless you have a reason not to, pick that.

  4. Copy the plaintext followed by the padding into your new array.

  5. Pass the new array to AES for encryption; it will now be evenly divisible into blocks.

  6. On decryption check that the padding is present and correctly formed. Malformed padding indicates a problem.

  7. Remove the padding and return the decrypted text.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.