AES encryption doubts about array sizes

[jimgardener]

hi,
i was learning to do AES encryption using inlineIVs .I used an input
byte[] of 16X3 bytes, secretkey from a byte[] of 24 bytes and an iv
byte[] of 16 bytes.

<code snippet>

byte[]input = new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f,0x0f, 0x00, 0x03, 0x09, 0x0d, 0x04, 0x05, 0x02,
0x06,0x01, 0x07,0x08, 0x0a, 0x0b, 0x0c, 0x0e, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07 ,0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
0x0f};

byte[] ivBytes=new byte[]{
0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f };

byte[]keyBytes = new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };

SecretKeySpec key=new SecretKeySpec(keyBytes,"AES");
IvParameterSpec ivSpec=new IvParameterSpec(new byte[16]);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);
byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
+input.length)];
int ctLength=cipher.update(ivBytes,0,ivBytes.length,cipherText,0);
System.out.println("encryption::ctLength="+ctLength);
ctLength+=cipher.update(input,0,input.length,cipherText,ctLength);
debug("encryption::ctLength="+ctLength);
ctLength+=cipher.doFinal(cipherText,ctLength);
debug("encryption::ctLength="+ctLength);

<code snippet/>
when i ran this code ,i get these values for the number of bytes
stored in the input after each update() call

encryption::ctLength=0
encryption::ctLength=48
encryption::ctLength=80

Why is the number of bytes stored in the output 0 after the first
update call?shouldn't it be equal to the size of iv?

also,I tried the decryption ,

<code snippet>
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] decryptBuf=new byte[cipher.getOutputSize(ctLength)];
int bufLength=cipher.update(cipherText,0,cipherText.length,decryptBuf,
0);
debug("decryption:: bufLength="+bufLength);
bufLength+=cipher.doFinal(decryptBuf,bufLength);
debug("decryption:: bufLength="+bufLength);
//need to remove the iv from output plaintext
byte[] plainText=new byte[bufLength-ivBytes.length];
System.arraycopy
(decryptBuf, ivBytes.length,plainText,0,plainText.length);

<code snippet/>

here i get ,
decryption:: bufLength=64
decryption:: bufLength=64

shouldn't these be 48 instead?
If someone can explain how these numbers occur..it wd help me a lot.I
am a beginner in this topic.
thanks
jim

 

[Roedy Green]

hi,

Encryption seems to like padding your messages in subtle ways. A
brute force way to deal with the problem is to put the length of your
message on the front so it gets encrypted too and only use that many
bytes of the result.
--
Roedy Green Canadian Mind Products
http://mindprod.com
"Humanity is conducting an unintended, uncontrolled, globally pervasive experiment
whose ultimate consequences could be second only to global nuclear war."
~ Environment Canada (The Canadian equivalent of the EPA on global warming)

 

[Arne Vajhøj]

i was learning to do AES encryption using inlineIVs .I used an input
byte[] of 16X3 bytes, secretkey from a byte[] of 24 bytes and an iv
byte[] of 16 bytes.

<code snippet>

byte[]input = new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f,0x0f, 0x00, 0x03, 0x09, 0x0d, 0x04, 0x05, 0x02,
0x06,0x01, 0x07,0x08, 0x0a, 0x0b, 0x0c, 0x0e, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07 ,0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
0x0f};

byte[] ivBytes=new byte[]{
0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f };

byte[]keyBytes = new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };

SecretKeySpec key=new SecretKeySpec(keyBytes,"AES");
IvParameterSpec ivSpec=new IvParameterSpec(new byte[16]);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);
byte[] cipherText=new byte[cipher.getOutputSize(ivBytes.length
+input.length)];
int ctLength=cipher.update(ivBytes,0,ivBytes.length,cipherText,0);
System.out.println("encryption::ctLength="+ctLength);
ctLength+=cipher.update(input,0,input.length,cipherText,ctLength);
debug("encryption::ctLength="+ctLength);
ctLength+=cipher.doFinal(cipherText,ctLength);
debug("encryption::ctLength="+ctLength);

<code snippet/>
when i ran this code ,i get these values for the number of bytes
stored in the input after each update() call

encryption::ctLength=0
encryption::ctLength=48
encryption::ctLength=80

> Why is the number of bytes stored in the output 0 after the first
> update call?shouldn't it be equal to the size of iv?

It apparently does some buffering.

The API works according to specs - you should not worry
about the implementation.

also,I tried the decryption ,

<code snippet>
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] decryptBuf=new byte[cipher.getOutputSize(ctLength)];
int bufLength=cipher.update(cipherText,0,cipherText.length,decryptBuf,
0);
debug("decryption:: bufLength="+bufLength);
bufLength+=cipher.doFinal(decryptBuf,bufLength);
debug("decryption:: bufLength="+bufLength);
//need to remove the iv from output plaintext
byte[] plainText=new byte[bufLength-ivBytes.length];
System.arraycopy
(decryptBuf, ivBytes.length,plainText,0,plainText.length);

<code snippet/>

here i get ,
decryption:: bufLength=64
decryption:: bufLength=64

shouldn't these be 48 instead?

No. You encrypted 64 bytes (16 iv + 48 input) so it is
correct.

Arne

 

[Arne Vajhøj]

Encryption seems to like padding your messages in subtle ways. A
brute force way to deal with the problem is to put the length of your
message on the front so it gets encrypted too and only use that many
bytes of the result.

Nonsense.

The Java Cipher code is perfectly capable of adding and removing
padding.

Arne