Advanced Encryption Standard

From Crypto++ Wiki

The Advanced Encryption Standard, or AES is a NIST approved block cipher specified in FIPS 197, Advanced Encryption Standard (AES). When using AES, one must specify a mode of operation and optionally a padding scheme. AES prvides confidentiality only using most modes of operation. When operating the cipher in CCM, GCM, or EAX mode,the mode provides both confidentiality and authenticity.

Note to begginers: if your project is using enryption alone to secure your data, encryption alone is usually not enough. Please take a moment to read Authenticated Encryption to understand why you should prefer to use CCM, GCM, or EAX over other modes, such as CBC or CTR (a more vebose version with citations can be found at Authenticated Encryption).

Contents 1 Usage 1.1 Default Key Length 1.2 Block Size 1.3 Reference to block cipher object 1.4 ECB and CBC mode remarks 2 Sample Programs 2.1 Encrypting and Decrypting Using AES 2.2 Generating an AES Key from a Diffie-Hellman Session Key 2.3 Encrypting a string using AES 3 Downloads

Usage

Default Key Length

AES can use 16, 24, or 32 byte keys (128, 192, and 256 bits respectively). The default key length in Crypto++ is 16 bytes and specified by AES::DEFAULT_KEYLENGTH.

Block Size

The block size is determined by AES::BLOCKSIZE. For AES, this is always 16 bytes.

Reference to block cipher object

You can also create a mode object that holds a reference to a block cipher object rather than an instance of it:

AES::Encryption aesEncryption(key, AES::DEFAULT_KEYLENGTH);
CFB_Mode_ExternalCipher::Encryption cfbEncryption(aesEncryption, iv);

ECB and CBC mode remarks

For ECB and CBC mode, you must process data in multiples of the block size. Alternatively, you can wrap StreamTransformationFilter around the mode object and use it as a Filter object. The StreamTransformationFilter will buffer data into blocks as required.

Sample Programs

Encrypting and Decrypting Using AES

This example uses in-place encryption and decryption where the input and output buffers are identical:

AutoSeededRandomPool rnd;

// Generate a random key
byte key[AES::DEFAULT_KEYLENGTH];
rnd.GenerateBlock(key, AES::DEFAULT_KEYLENGTH);

// Generate a random IV
byte iv[AES::BLOCKSIZE];
rnd.GenerateBlock(iv, AES::BLOCKSIZE);

char plainText[] = "Hello! How are you.";
int messageLen = (int)strlen(plainText) + 1;

//////////////////////////////////////////////////////////////////////////
// Encrypt

CFB_Mode<AES>::Encryption cfbEncryption(key, sizeof(key), iv);
cfbEncryption.ProcessData((byte*)plainText, (byte*)plainText, messageLen);

//////////////////////////////////////////////////////////////////////////
// Decrypt

CFB_Mode<AES>::Decryption cfbDecryption(key, sizeof(key), iv);
cfbDecryption.ProcessData((byte*)plainText, (byte*)plainText, messageLen);

Generating an AES Key from a Diffie-Hellman Session Key

See Using Diffie-Hellman to generate an AES key.

Encrypting a string using AES

byte key[AES::DEFAULT_KEYLENGTH], iv[AES::BLOCKSIZE];
string plainText;

// ... populate key, iv, plainText here

string cipher;
StringSink* sink = new StringSink(cipher);
Base64Encoder* base64_enc = new Base64Encoder(sink);
CBC_Mode<AES>::Encryption aes(key, sizeof(key), iv);
StreamTransformationFilter* aes_enc = new StreamTransformationFilter(aes, base64_enc);
StringSource source(plainText, true, aes_enc);

Downloads

AES-GCM-Test.zip - AES in GCM mode (confidentiality and authentication) - 7KB

AES-CCM-Test.zip - AES in CCM mode (confidentiality and authentication) - 8KB

AES-CBC-Test.zip - AES in CBC mode (confidentiality only) - 5KB