AES encryption algorithm crashes with data greater that the block size RRS feed

  • Question

  • Hello people, I'm new. I hope not commit any error. I should say that my native language is not English. Apologize me if I don't express myself very well.

    I have implemented an AES 128 bits encryption algorithm with the Microsoft's CryptoAPI. The goal of the program is to encrypt a plaintext with a key every time you want. With the same or diferents plaintext or key.

    When I encrypt data of less than 16 bytes I have no problem. But when I encrypt data greater than 16 bytes the CryptImportKey(hCryptProv, (BYTE *)&blob, sizeof(aes128keyBlob), NULL, 0, &hKey) function gives me an ERROR_INVALID_PARAMETER (when the app don't crash). With data with no more than 15 bytes I can encrypt the times I want, but with data of more than 16 bytes, the SECOND time that I want to encrypt the application crashes or the CryptImportKey() function fails.

    As I said, sometimes the application crash without any apparent reason. Always when I encrypt larger data. It must be any memory leak but I can't find it. I really don't know what is going wrong or what I am doing wrong.

    The algorithm is an AES 128 bits, with no IV (default zeroed) and PKCS#7 made by me. The key used is in plain text, for that reason I have done all that cr** with the Blob header before de CryptImportKey(). It should be done because microsoft don't give you an option to use the key wihtout hashing it.

    The cipher code is the next: http://pastebin.com/q36BVX6L . My PKCS#7 padding function is the next: http://pastebin.com/xt63Rk6X . I know that I still have to implement the case when the data is 16 bytes large (size block).

    The Blob structure is the next:
    typedef struct aes128keyBlob {
        BLOBHEADER hdr;
        DWORD keySize;
        BYTE bytes[16];
    } Blob;

    I should say that I only do the CryptAcquireContext() once on all the program lifecycle, but I must do one CryptImportKey for every encrypt event done because of the key can change.

    I don't know what to do! I don't know if it is a programming error or a cryptography concept error.

    I anybody can help me I would be so grateful!
    Tuesday, March 2, 2010 11:28 AM

All replies

  • Nobody have a little idea?

    By the way, do you know any program as Valgrind but for Windows?

    Thank you!
    Thursday, March 4, 2010 8:16 AM
  • 29.		 Blob blob;
    30.                blob.hdr.bType = PLAINTEXTKEYBLOB;
    31.                blob.hdr.bVersion = CUR_BLOB_VERSION;
    32.                blob.hdr.reserved = 0;
    33.                blob.hdr.aiKeyAlg = CALG_AES_128;
    34.                blob.keySize = 16;
    35.                memset(blob.bytes, NULL, 16);
    36.                memcpy(blob.bytes, myPrivateKey, 16);

    1) Try to change: "blob.keySize = 16;"  to "blob.keySize = 128"

    2) If CryptEncrypt is calling in loop you must use Final = TRUE in last call. It allows to encrypt last non-complete data block.

    CryptEncrypt(hKey, NULL, NULL, 0, (BYTE *)szCadenaIncompletaMultiByte, &dwCount, dwBufferLen)
    CryptEncrypt(hKey, NULL, fEOF, 0, (BYTE *)szCadenaIncompletaMultiByte, &dwCount, dwBufferLen)
    Tuesday, March 16, 2010 1:53 PM
  • Hello Migal,

    I'll try what you say and I'll give you feedback!

    About the second point, I don't change the flag value to TRUE because I have done my PKCS#7 padding. I just only want that the encryption goes on as ever.

    I'll try what you said about the keySize.

    Thank you very much.
    Tuesday, March 16, 2010 9:55 PM