计算AES加密消息的最大长度

Question

我使用这个功能用openssl AES CBC 256对数据进行加密：

int encryptAES(unsigned char *plaintext, int plaintext_len, unsigned char *key, 
    unsigned char *iv, unsigned char *ciphertext) 
{ 
    EVP_CIPHER_CTX *ctx; 

    int len; 

    int ciphertext_len; 

    /* Create and initialise the context */ 
    if(!(ctx = EVP_CIPHER_CTX_new())) return handleErrors(); 

    /* Initialise the encryption operation. IMPORTANT - ensure you use a key 
    * and IV size appropriate for your cipher 
    * In this example we are using 256 bit AES (i.e. a 256 bit key). The 
    * IV size for *most* modes is the same as the block size. For AES this 
    * is 128 bits */ 
    if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) 
    return handleErrors(); 

    /* Provide the message to be encrypted, and obtain the encrypted output. 
    * EVP_EncryptUpdate can be called multiple times if necessary 
    */ 

    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) 
    return handleErrors(); 
    ciphertext_len = len; 

    /* Finalise the encryption. Further ciphertext bytes may be written at 
    * this stage. 
    */ 

    if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) return handleErrors(); 
    ciphertext_len += len; 

    /* Clean up */ 
    EVP_CIPHER_CTX_free(ctx); 

    return ciphertext_len; 
} 

我想要提供给此功能的固定大小的缓冲器ciphertext，如何能够计算出加密消息的最大可能长度（ciphertext）

谢谢。

Answer 1

假设PKCS＃7填充，这是OpenSSL的ECB和CBC模式的默认情况下，加密的长度将是：

plaintext_len + block_size - (plaintext_len % block_size) 

其中

block_size = 16 

为AES。最终结果总是block_size的倍数。