Advanced Encryption Standard
From Crypto++ Wiki
The Advanced Encryption Standard, or AES is a NIST approved block cipher specified in FIPS 197, Advanced Encryption Standard (AES). When using AES, one typically specifies a mode of operation and optionally a padding scheme. AES provides confidentiality only using most modes of operation (such as ECB and CBC). When operating the cipher in CCM, GCM, or EAX mode, the mode provides both confidentiality and authenticity.
If your project is using encryption alone to secure your data, encryption alone is usually not enough. Please take a moment to read Authenticated Encryption and understand why you should prefer to use CCM, GCM, or EAX over other modes, such as CBC or CTR.
Contents |
Usage
Default Key Length
AES can use 16, 24, or 32 byte keys (128, 192, and 256 bits respectively). The default key length in Crypto++ is 16 bytes and specified by AES::DEFAULT_KEYLENGTH. essay2u help
Block Size
The block size is determined by AES::BLOCKSIZE. For AES, this is always 16 bytes.
Reference to block cipher object
You can also create a mode object that holds a reference to a block cipher object rather than an instance of it:
AES::Encryption aesEncryption(key, AES::DEFAULT_KEYLENGTH); CFB_Mode_ExternalCipher::Encryption cfbEncryption(aesEncryption, iv);
ECB and CBC mode remarks
For ECB and CBC mode, you must process data in multiples of the block size. Alternatively, you can wrap StreamTransformationFilter around the mode object and use it as a filter object. The StreamTransformationFilter will buffer data into blocks and pad as required.
Sample Programs
The first snippet dumps the minimum, maximum, and default key lengths used by AES.
cout << "key length: " << AES::DEFAULT_KEYLENGTH << endl; cout << "key length (min): " << AES::MIN_KEYLENGTH << endl; cout << "key length (max): " << AES::MAX_KEYLENGTH << endl; cout << "block size: " << AES::BLOCKSIZE << endl;
Output from the above snippet produces the following. Notice the default key size is 128 bits or 16 bytes.
key length: 16 key length (min): 16 key length (max): 32 block size: 16
Encrypting and Decrypting Using AES
The following example uses CFB mode and in-place encryption and decryption. Since the mode is not ECB or CBC, the data's length does not need to be a multiple of AES's block size.
AutoSeededRandomPool rnd; // Generate a random key SecByteBlock key(AES::DEFAULT_KEYLENGTH); rnd.GenerateBlock( key, key.size() ); // Generate a random IV byte iv[AES::BLOCKSIZE]; rnd.GenerateBlock(iv, AES::BLOCKSIZE); char plainText[] = "Hello! How are you."; int messageLen = (int)strlen(plainText) + 1; ////////////////////////////////////////////////////////////////////////// // Encrypt CFB_Mode<AES>::Encryption cfbEncryption(key, key.size(), iv); cfbEncryption.ProcessData((byte*)plainText, (byte*)plainText, messageLen); ////////////////////////////////////////////////////////////////////////// // Decrypt CFB_Mode<AES>::Decryption cfbDecryption(key, key.size(), iv); cfbDecryption.ProcessData((byte*)plainText, (byte*)plainText, messageLen);
Generating an AES Key from a Diffie-Hellman Session Key
See Using Diffie-Hellman to generate an AES key.
Encrypting a string using AES
byte key[AES::DEFAULT_KEYLENGTH], iv[AES::BLOCKSIZE]; string plainText; // ... populate key, iv, plainText here string cipher; StringSink* sink = new StringSink(cipher); Base64Encoder* base64_enc = new Base64Encoder(sink); CBC_Mode<AES>::Encryption aes(key, sizeof(key), iv); StreamTransformationFilter* aes_enc = new StreamTransformationFilter(aes, base64_enc); StringSource source(plainText, true, aes_enc);
Downloads
AES-GCM-Test.zip - Demonstrates encryption and decryption using AES in GCM mode (confidentiality and authentication)
AES-CCM-Test.zip - Demonstrates encryption and decryption using AES in CCM mode (confidentiality and authentication)
AES-EAX-Test.zip - Demonstrates encryption and decryption using AES in EAX mode (confidentiality and authentication)
AES-ECB-Filter.zip - Demonstrates encryption and decryption using AES in ECB mode with filters (confidentiality only)
AES-CBC-Filter.zip - Demonstrates encryption and decryption using AES in CBC mode with filters (confidentiality only)
AES-CFB-Filter.zip - Demonstrates encryption and decryption using AES in CFB mode with filters (confidentiality only)
AES-OFB-Filter.zip - Demonstrates encryption and decryption using AES in OFB mode with filters (confidentiality only)
AES-CTR-Filter.zip - Demonstrates encryption and decryption using AES in CTR mode with filters (confidentiality only)
