Problem in Computing AES 256 CBC

chegewara
Posts: 2375
Joined: Wed Jun 14, 2017 9:00 pm

Re: Problem in Computing AES 256 CBC

Postby chegewara » Fri May 10, 2019 3:36 pm

Maybe the tool you are using to encrypt data is using different type on encoding, not CBC?

I did few quick tests with esp32 and this website and it is working, so maybe the other device/tool is broken, not esp32.
http://aes.online-domain-tools.com/

Ritu21
Posts: 123
Joined: Sat Aug 04, 2018 9:58 am

Re: Problem in Computing AES 256 CBC

Postby Ritu21 » Sat May 11, 2019 4:28 am

We used http://aes.online-domain-tools.com/ to encrypt string "true" and then used encrypted output to decrypt on esp32 but it gave some other output and not "true". We used AES CBC encryption.

chegewara
Posts: 2375
Joined: Wed Jun 14, 2017 9:00 pm

Re: Problem in Computing AES 256 CBC

Postby chegewara » Sat May 11, 2019 11:10 am

Here you have logs from my app:

Code: Select all

I (327) KEY: bf 9a d2 76 37 a9 48 33 02 de a5 9a 4d 00 f0 3f
I (327) KEY: ac b2 c5 9b a4 2e 4e 54 65 60 22 b1 b1 f7 88 a8
I (337) IV: f7 16 20 b1 79 6c 89 d7 82 1f 4b 06 54 e0 da 29
I (347) ENCRYPTED HEX: 51 9f 43 57 1f fb 7a c5 63 20 78 3f 47 2f c0 55
I (347) DECRYPTED HEX: 74 72 75 65 00 00 00 00 00 00 00 00 00 00 00 00
I (357) DECRYPTED ASCII: true
and here is screenshot from website tool:
cbc.PNG
cbc.PNG (40.53 KiB) Viewed 9401 times
Like i said, esp32 aes library works good. (technically its mbedtls library)

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Problem in Computing AES 256 CBC

Postby gb.123 » Tue Feb 01, 2022 6:23 am

Hi @chegewara,

I am also facing different results on encryption and decryption.
I have adapted your example and provided it with a set input :

Code: Select all

void testdecode()
{   

// only CBC requires that input length shall be multiple of 16
#define INPUT_LENGTH 16

mbedtls_aes_context aes;

// key length 32 bytes for 256 bit encrypting, it can be 16 or 24 bytes for 128 and 192 bits encrypting mode
uint8_t key[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
uint8_t iv[]  = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
uint8_t iv2[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};

uint8_t input[INPUT_LENGTH] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
uint8_t encrypt_output[INPUT_LENGTH] = {0};
uint8_t decrypt_output[INPUT_LENGTH] = {0};

    mbedtls_aes_init(&aes);
    mbedtls_aes_setkey_enc(&aes, key, 256);
    
    //sprintf((char*)input, "%s","Hello Testing");

    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, INPUT_LENGTH, iv, input, encrypt_output);
    Serial.println("Encrypted Array:");
    for (uint8_t i=0; i<INPUT_LENGTH; i++)
    {
        Serial.print(String(encrypt_output[i])+" ");
    }
    Serial.println();
    
 
    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, INPUT_LENGTH, iv2, encrypt_output, decrypt_output);
    Serial.println("Decrypted Array:");
    for (uint8_t i=0; i<INPUT_LENGTH; i++)
    {
        Serial.print(String(decrypt_output[i])+" ");
    }
    Serial.println();

    mbedtls_aes_free(&aes);

}
Output :

Code: Select all

Encrypted Array:
219 245 170 160 113 80 47 61 200 104 238 191 30 168 127 76
Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
Shouldn't decrypted array be same as input ?

chegewara
Posts: 2375
Joined: Wed Jun 14, 2017 9:00 pm

Re: Problem in Computing AES 256 CBC

Postby chegewara » Tue Feb 01, 2022 6:54 am

Hi,
from your "logs" i can tell it works as expected.
gb.123 wrote: Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
equal this
gb.123 wrote: uint8_t input[INPUT_LENGTH] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Problem in Computing AES 256 CBC

Postby gb.123 » Tue Feb 01, 2022 6:57 am

Can you please tell me how to convert

Code: Select all

Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
Back to

Code: Select all

11 12 13 14 15 16 17 18 19 20 11 12 13 14 15 16
Am a little confused...

My basic intent is to have a byte converted back to the original byte...

Thanks for your help !

chegewara
Posts: 2375
Joined: Wed Jun 14, 2017 9:00 pm

Re: Problem in Computing AES 256 CBC

Postby chegewara » Tue Feb 01, 2022 7:00 am

11 is not the same as 0x11, but
0x11 is the same as 17

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Problem in Computing AES 256 CBC

Postby gb.123 » Tue Feb 01, 2022 7:04 am

I know int (11) is not the same as hex (0x11) and definitely not the same as "11".

What I wanted to do was get a series of bytes is input to be encoded and decoded back to byte format.
i,e -> input = 0x11 -> encrypt -> decrypt -> back to 0x11

I realize that the Decrypt array is showing as decimal and what I need is hex.

So basically for byte to byte conversion, we need to convert the array back to hex.

Thanks once again for your help !

PS: Basically I realized that by default String() of Arduino/ESP32 converts the value to decimal by default. if String (value, HEX) is used, the correct output is shown.

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Problem in Computing AES 256 CBC

Postby gb.123 » Tue Feb 01, 2022 8:20 pm

Hi @chegewara,

I am trying to decrypt the file while writing OTA. The problem is that I get esp_image: invalid segment length 0xffc70fb10m if I use decryption. Direct non-encrypted OTA updates fine .

Code :

Code: Select all

if (true)
        {
            #define BUFFER_SIZE=2048
            mbedtls_aes_context aes;

            const uint8_t key[] = {0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
            uint8_t iv[]  = {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11};
            uint8_t decrypt_output[BUFFER_SIZE] = {0};

            mbedtls_aes_init(&aes);
            mbedtls_aes_setkey_enc(&aes, key, 256);

            // CODES REMOVED TO SHORTEN

            while (HTTP_Client.connected() && (remaining_len > 0 || remaining_len == -1))
            {
                // get available data size
                remaining_stream_size = stream->available();
                if (remaining_stream_size)
                {
                    // reset buffer to ensure padding
                    memset(buffer, 0, BUFFER_SIZE);
                    memset(decrypt_output, 0, BUFFER_SIZE);
                    // read up to array size
                    read_length = stream->readBytes(buffer, ((remaining_stream_size > sizeof(buffer)) ? sizeof(buffer) : remaining_stream_size));
                    
                    //decrypt the firmware
                    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT,read_length, iv, buffer, decrypt_output);
                    
                    // Write read buffer to Flash Mem
             Update.write(decrypt_output, read_length)
                    // Update.write(buffer, read_length);

                    //CODE REMOVED TO SHORTEN
                    
                    }
                    else
                    {
                        Update.end(true);
                        mbedtls_aes_free(&aes);
                        HTTP_Client.end();
                    }
                    
   
The encrypted firmware doesn't run, but if I flash without encryption. it runs. I am using openssl with same iv * key to encrypt the original firmware.bin. Can you please help me point out where I am wrong? I suppose it has to do with padding ?

You help would be highly appreciated.

chegewara
Posts: 2375
Joined: Wed Jun 14, 2017 9:00 pm

Re: Problem in Computing AES 256 CBC

Postby chegewara » Tue Feb 01, 2022 9:33 pm

Well, to be honest i am noob-ish in using AES, that s why i prepared this repo, to have some easy start when i need it (but i didnt need it yet).
Before you start flashing firmware with OTA, maybe just try with simple txt files and make sure you can decode it?
https://superuser.com/questions/1329658 ... th-openssl
https://security.stackexchange.com/ques ... 56-bits-iv

At least it is how i would start to do it. Also your openssl commands would help community to have better idea whats may be wrong (of course with fake key and IV, but exactly the same pattern).

Sorry i cant help you more

Who is online

Users browsing this forum: Bing [Bot] and 328 guests