Implementation of CBC mode of operation of AES

Question

I have an implementation of AES cipher for 128, 192 and 256 bit keys. I'm trying to implement block cipher mode of operations, currently implementing Cipher Block Chaining mode.

I have two questions regarding the implementation of CBC mode:

1. This is about feeding data to cipher routine, I am calling cipher routine in the cbc()\\this function implements cbc mode. My question is should I read the file(containing data for encryption) in the cbc() or I can read file outside cbc() and pass data blocks to cbc() as agruement. Which one is a secure implementation.

2. CBC mode requires a randomly generated initialization vector aka IV(I'm using a random bytes generator in c++11 for this), since user only enters key at the time of encryption/decryption how can I know what was the intialization vector used when the file was encrypted. Also if I need to give the IV to user, how?

I'm implementing these in C++11.

thanks.

Answer 1

Should I read the file(containing data for encryption) in the cbc() or I can read file outside cbc() and pass data blocks to cbc() as agruement?

You definitely want to pass the data as an argument so the CBC function can be used with other data sources. You see, you don't necessarily encrypt just a file, maybe you'll want to encrypt some socket transmission at some point.

Which one is a secure implementation?

Both of these options can be implemented securely as well as insecurely. None of the methods is more secure than the other, it really depends on the implementation itself. Now I am not going to dig deep down into the security issue here as I am sure you've already read many times that coding your own implementation of any cryptographic algorithm can be and most of the time is insecure, but one thing you should keep in mind and which is pretty easy to do is - wipe your buffers after you use them! When you, for example, read your file, you store the data in some vector or string which will get destroyed at the end of its lifetime, which is ok, but the data are still in memory, they didn't get wiped. So if you took a pointer at the data, destroyed the vector and looked at the data the pointer points to, the original data would still be there until this block of memory isn't used for storing something else. You want to use some custom allocators for this.

If you want some working example of the CBC implementation, you can take a look at my CBC implementation. Now I am not an expert so there are some possible issues which I could simply overlook while implementing this.

How can I know what was the initialization vector used when the file was encrypted. Also if I need to give the IV to user, how?

The initialization vector isn't private, you can simply store it in any way you like. For example, you can just store the IV in the encrypted file itself so the user doesn't need to worry about it.
Something like: [IV][HMAC][CIPHER]

Then while decrypting you can read the "header", authenticate the data using the HMAC (which tells you if the provided password is correct) and then decrypt the data.