Calculate maximum size for encrypted data
Asked Answered
B

3

8

Is there any way to calculate the largest outcome from an Rijndael encryption with a fixed array length?

Encryption method: RijndaelManaged

Padding: PKCS7

CipherMode: CBC

BlockSize 128

KeySize: 128

I need this as im converting a database where all string are going to be encrypted so i need to change the size of all string fields.

Bobker answered 17/6, 2009 at 12:55 Comment(0)
Z
3

Everything you need to try this out:


   public partial class Form1 : Form
   {
      private SymmetricAlgorithm mEncryptionType;

      public Form1()
      {
         mEncryptionType = new RijndaelManaged();
         mEncryptionType.Padding = PaddingMode.PKCS7; //PaddingMode.None;
         mEncryptionType.Mode = CipherMode.CBC;
         mEncryptionType.BlockSize = 128; // 192; // 256; // Update byte array to IV when changed
         mEncryptionType.KeySize = 128; // 192; // 256; // Update byte array to Key when changed
         mEncryptionType.IV = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                                           0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
         mEncryptionType.Key = new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };

         int encrypted_size = CalculateEncryptedSize(new byte[] { 0x22, 0x23, 0x44 });
         // Shows Theran's point about exact block size
         encrypted_size = CalculateEncryptedSize(new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF  });
      }

      /// <summary>
      /// Calculate the encrypted size of input buffer
      /// </summary>
      /// <param name="inputBuffer">The input buffer</param>
      /// <returns>Size of the encrypted buffer</returns>
      public int CalculateEncryptedSize(byte[] inputBuffer)
      {
         int extra_padding = 0;
         if (mEncryptionType.Padding != PaddingMode.None)
         {
            int padding_size = (mEncryptionType.BlockSize / 8);
            extra_padding = (padding_size - (inputBuffer.Length % padding_size));
         }
         return inputBuffer.Length + extra_padding;
      }
   }
Zosema answered 23/6, 2009 at 22:6 Comment(0)
S
3

Yes. Round up your input size to the nearest multiple of your block size (e.g. 128 / 8 = 16 bytes).

extraBytesNeeded = (16 - (inputSize % 16)) % 16;
maxSize = inputSize + extraBytesNeeded.
Splat answered 17/6, 2009 at 13:3 Comment(1)
Careful with the second equation, not every language handles the modulo of a negative number the way you are assuming. C/C++ for example, will give you the wrong answer as (-a % b) == -(a % b) in those languages.Octave
Z
3

Everything you need to try this out:


   public partial class Form1 : Form
   {
      private SymmetricAlgorithm mEncryptionType;

      public Form1()
      {
         mEncryptionType = new RijndaelManaged();
         mEncryptionType.Padding = PaddingMode.PKCS7; //PaddingMode.None;
         mEncryptionType.Mode = CipherMode.CBC;
         mEncryptionType.BlockSize = 128; // 192; // 256; // Update byte array to IV when changed
         mEncryptionType.KeySize = 128; // 192; // 256; // Update byte array to Key when changed
         mEncryptionType.IV = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                                           0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
         mEncryptionType.Key = new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };

         int encrypted_size = CalculateEncryptedSize(new byte[] { 0x22, 0x23, 0x44 });
         // Shows Theran's point about exact block size
         encrypted_size = CalculateEncryptedSize(new byte[] { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                                           0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF  });
      }

      /// <summary>
      /// Calculate the encrypted size of input buffer
      /// </summary>
      /// <param name="inputBuffer">The input buffer</param>
      /// <returns>Size of the encrypted buffer</returns>
      public int CalculateEncryptedSize(byte[] inputBuffer)
      {
         int extra_padding = 0;
         if (mEncryptionType.Padding != PaddingMode.None)
         {
            int padding_size = (mEncryptionType.BlockSize / 8);
            extra_padding = (padding_size - (inputBuffer.Length % padding_size));
         }
         return inputBuffer.Length + extra_padding;
      }
   }
Zosema answered 23/6, 2009 at 22:6 Comment(0)
H
2

Jeff's answer is almost correct, except that PKCS7 will always add padding to the message, even if the message exactly fits inside an integral number of blocks. Also, don't forget that if using a random IV that the IV has to be stored too. The corrected formula for the length of a PKCS7 padded message is:

extraBytesNeeded = (16 - (inputSize % 16)); // whole block of padding if input fits exactly
maxSize = inputSize + extraBytesNeeded + IVbytes;
Hyacinthhyacintha answered 19/6, 2009 at 2:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.