All geek questions in one place

Calculating the maximum length of an encrypted AES message

I use this function to encrypt data using openssl AES 256 CBC:

int encryptAES(unsigned char *plaintext, int plaintext_len, unsigned char *key,
  unsigned char *iv, unsigned char *ciphertext)
{
  EVP_CIPHER_CTX *ctx;

  int len;

  int ciphertext_len;

  /* Create and initialise the context */
  if(!(ctx = EVP_CIPHER_CTX_new())) return handleErrors();

  /* Initialise the encryption operation. IMPORTANT - ensure you use a key
   * and IV size appropriate for your cipher
   * In this example we are using 256 bit AES (i.e. a 256 bit key). The
   * IV size for *most* modes is the same as the block size. For AES this
   * is 128 bits */
  if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
    return handleErrors();

  /* Provide the message to be encrypted, and obtain the encrypted output.
   * EVP_EncryptUpdate can be called multiple times if necessary
   */

  if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
    return handleErrors();
  ciphertext_len = len;

  /* Finalise the encryption. Further ciphertext bytes may be written at
   * this stage.
   */

  if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) return handleErrors();
  ciphertext_len += len;

  /* Clean up */
  EVP_CIPHER_CTX_free(ctx);

  return ciphertext_len;
}

I want to provide this function with a fixed size buffer ciphertext, how can I calculate the maximum possible length of an encrypted message ( ciphertext)

Thank.

+4
source share
1 answer

Assuming PKCS # 7 padding, which is used by default for OpenSSL ECB and CBC mode, the encrypted length will be:

plaintext_len + block_size - (plaintext_len % block_size)

Where

block_size = 16

for AES. The end result is always a multiple block_size.

+5
source

Source: https://habr.com/ru/post/1678503/

More articles:


All Articles