Padding in AES CBC

c# cryptography encryption-symmetric rijndaelmanaged cbc-mode
Khurram Majeed picture Khurram Majeed · Dec 31, 2012 · Viewed 8.2k times · Source

I am trying to test CBC with Random IV using (128-bit AES) in C#.

In my question to solve, I have 12-byte input message. The condition is that if PlainText is less than block-size (16-bytes) the padding to be used starts with 0x01 and then upto 6 0x00.

Example:

in ASCII PT     = Pay Bob 100%

in hex PT       = 50 61 79 20 42 6f 62 20 31 30 30 24

PT with Padding = 50 61 79 20 42 6f 62 20 31 30 30 24 01 00 00 00

I don't seem to be able to find this PaddingMode in RijndaelManaged.

Can any one suggest me how to do the following?

  • Variable Length padding

EDIT:

public class CBC
{
    public CBC()
    {

    }

    private static readonly byte[] SALT = new byte[]
        {0x26, 0xdc, 0xff, 0x00, 0xad, 0xed, 0x7a, 0xee, 0xc5, 0xfe, 0x07, 0xaf, 0x4d, 0x08, 0x22, 0x3c};

    public static byte[] EncryptCBC(string plainText, string passPhrase, PaddingMode paddingMode )
    {
        byte[] result;
        using (RijndaelManaged cryptoProvider = new RijndaelManaged())
        {
            Rfc2898DeriveBytes derivedKey = new Rfc2898DeriveBytes(passPhrase, SALT);
            cryptoProvider.Mode = CipherMode.CBC;
            cryptoProvider.GenerateIV(); // generate random IV

            cryptoProvider.Padding = paddingMode;

            cryptoProvider.Key = derivedKey.GetBytes(cryptoProvider.KeySize / 8);

            using (MemoryStream msEncrypt = new MemoryStream())
            {
                using (ICryptoTransform encryptor = cryptoProvider.CreateEncryptor(cryptoProvider.Key, cryptoProvider.IV))
                {
                    using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                    {
                        using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                        {
                            swEncrypt.Write(plainText);
                        }
                    }
                }
                // concatenate iv to ciphertext
                result = cryptoProvider.IV.Concat(msEncrypt.ToArray()).ToArray();
            }
            cryptoProvider.Clear();
        }
        return result;
    }

    public static string DecryptCBC(byte[] cipherTextBytes, string passPhrase, PaddingMode paddingMode)
    {
        string result = null;
        using (RijndaelManaged cryptoProvider = new RijndaelManaged())
        {
            Rfc2898DeriveBytes derivedKey = new Rfc2898DeriveBytes(passPhrase, SALT);
            cryptoProvider.Mode = CipherMode.CBC;
            // take the iv off the beginning of the ciphertext message
            cryptoProvider.IV = cipherTextBytes.Take(cryptoProvider.BlockSize / 8).ToArray();


            cryptoProvider.Padding = paddingMode;//PaddingMode.ANSIX923;



            cryptoProvider.Key = derivedKey.GetBytes(cryptoProvider.KeySize / 8);

            using (MemoryStream msEncrypt = new MemoryStream(cipherTextBytes.Skip(cryptoProvider.BlockSize / 8).ToArray())) // skip the IV bytes
            {
                using (ICryptoTransform encryptor = cryptoProvider.CreateDecryptor(cryptoProvider.Key, cryptoProvider.IV))
                {
                    using (CryptoStream cryptoStream = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Read))
                    {
                        byte[] plainTextBytes = new byte[cipherTextBytes.Length - cryptoProvider.BlockSize / 8];
                        int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);

                        result = Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
                        cryptoStream.Close();
                    }
                }
            }

            cryptoProvider.Clear();
        }
        return result;
    }

}

My Padding function

        private byte[] PaddPlainTextBytes(byte[] plainTextBytes )
    {
        byte[] padding = utils.HexToBytes("01000000");
        MemoryStream s = new MemoryStream();

        s.Write(plainTextBytes, 0, plainTextBytes.Length);
        s.Write(padding, 0, padding.Length);

        byte[] paddedPt = s.ToArray();

        return paddedPt;
    }

Method to test my CBC

        private void btnTestCBC_Click(object sender, EventArgs e)
    {
        string plainText = "Pay Bob 100%";

        string passPhrase = "Thisismypassphrase";
        ShowMessage(@"Plain Text = " + plainText);

        byte[] pBytes = PaddPlainTextBytes(Encoding.ASCII.GetBytes(plainText));

        string message = Encoding.ASCII.GetString(pBytes);

        byte[] encryptedBytes = CBC.EncryptCBC(plainText: message, passPhrase: passPhrase, paddingMode: PaddingMode.None);

        ShowMessage("Encrypted String = " + Encoding.ASCII.GetString(encryptedBytes));
        ShowMessage("Encrypted HEX = " + utils.BytesToHex(encryptedBytes));


        string decryptedString = CBC.DecryptCBC(encryptedBytes, passPhrase, PaddingMode.None);
        ShowMessage("Deccrypted String = " + decryptedString);
    }

Answer

jbtule picture jbtule · Dec 31, 2012

I'm not familiar with your padding scheme, but it's not built in to .net for sure. You should be able to set the PaddingMode to None, and post pend your pad to your input message, should have the same result for whatever is decrypting it. If you are decrypting it you'll have to remove the pad yourself.

Related questions

Symmetric Encryption (AES): Is saving the IV and Salt alongside the encrypted data safe and proper?

I am trying to make sense of how to handle and manage an initilization vector and salt (when applicable) when encrypting and decrypting data using a symmetric encryption algorithm, in this case AES. I have deduced from different SO threads …

Read More
Encrypt and decrypt a string in C#?

How can I encrypt and decrypt a string in C#?

Read More
Using AES encryption in C#

I can't seem to find a nice clean example of using AES 128 bit encryption. Does anyone have some sample code?

Read More