I'm using Botan library now.
I would like to encrypt my files using AES/CBC mode using the PKCS7 padding mode.
The AES/CBC decryption provided by Botan will throw an exception when an error occurs and I'm not sure whether it is vulnerable to the padding oracle attack.
So how should I perform the decryption process to prevent the attack?
Updated:
Even if I don't return the padding error, the file will be left unchanged, which can be known by the attacker.
My codes are as follows: (The iv and key will be set appropriately)
void encrypt(std::istream &in, std::ostream &out)
{
try
{
Botan::SymmetricKey key_t(key);
Botan::InitializationVector iv_t(iv);
Botan::Pipe encryptor(Botan::get_cipher(cipher_mode, key_t, iv_t, Botan::ENCRYPTION), new Botan::DataSink_Stream(out));
encryptor.start_msg();
in >> encryptor;
encryptor.end_msg(); // flush buffers, complete computations
}
catch(...)
{
throw;
}
}
void decrypt(std::istream &in, std::ostream &out)
{
try
{
Botan::SymmetricKey key_t(key);
Botan::InitializationVector iv_t(iv);
Botan::Pipe decryptor(Botan::get_cipher(cipher_mode, key_t, iv_t, Botan::DECRYPTION), new Botan::DataSink_Stream(out));
decryptor.start_msg();
in >> decryptor;
decryptor.end_msg(); // flush buffers, complete computations
}
catch(...)
{
throw;
}
}
Use CBC mode with a random IV, just prefix the encrypted data with the IV for use in decryption, it does not need to be secret. No need to pass in an IV, let the encryption function Create a random IV.