Determine size of decrypted data from gcry_cipher_decrypt?

Question

I am using AES/GCM, but the following is a general question for other modes, like AES/CBC. I have the following call into libgcrypt:

#define COUNTOF         


        

Answer 1

You need to apply a padding scheme to your input, and remove the padding after the decrypt. gcrypt doesn't handle it for you.

The most common choice is PKCS#7. A high level overview is that you fill the unused bytes in your final block with the number of padded bytes (block_size - used_bytes). If your input length is a multiple of the block size, you follow it with a block filled with block_size bytes.

For example, with 8-byte blocks and 4 bytes of input, your raw input would look like:

AB CD EF FF 04 04 04 04

When you do the decrypt, you take the value of the last byte of the last block, and remove that many bytes from the end.