BCryptEncrypt is failing when AES-128-GCM algorithm called with 16 byte IV

Subbiah Senguttuvan (XC-AN/EPA1) 0 Reputation points
2023-08-29T17:06:22.5166667+00:00

I am trying to use Microsoft Bcrypt libraries to encrypt using AES 128 bit GCM. The BCryptEncrypt function works well as long as IV size is <= 12 bytes. When I use 16 byte IV then BCryptEncrypt fails with INVALID PARAMETER(0xC000000D) Error. Are there any other ways to reconfigure Algorithm selection and encrypt data with 16 byte IV

Windows development | Windows API - Win32
Developer technologies | C++
{count} votes

1 answer

Sort by: Most helpful
  1. Tong Xu - MSFT 2,546 Reputation points Microsoft External Staff
    2023-08-30T05:51:43.0233333+00:00

    Hi, @Subbiah Senguttuvan (XC-AN/EPA1)
    Welcome to Microsoft Q&A!

    AES-GCM iv size is 12. Other IV lengths will require additional calculations.
    https://crypto.stackexchange.com/questions/41601/aes-gcm-recommended-iv-size-why-12-bytes.
    And see the discussion: https://github.com/v2ray/v2ray-core/issues/2130.
    If you want 16b IV, it's recommended to use CBC mode. Please refer to Encrypting Data with CNG.

    Thank you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.