Problem in Computing AES 256 CBC

[Ritu21]

Hi,

I am trying to compute AES-256-CBC. Below is the code I have written.

esp_aes_context aes;
char *plainText = "Hello testing";
unsigned char cipherTextOutput[48];
unsigned char decipheredTextOutput[48];
char str[3];
unsigned char iv[16] = {0x59,0x0c,0x8f,0x9b,0x2a,0x2f,0xbb,0x95,0x54,0xf6,0x32,0x81,0x2c,0xc5,0x68,0xc5};
unsigned char key[32] ={0xbf,0x9a,0xd2,0x76,0x37,0xa9,0x48,0x33,0x02,0xde,0xa5,0x9a,0x4d,0x00,0xf0,0x3f,0xac,0xb2,0xc5,0x9b,0xa4,0x2e,0x4e,0x54,0x65,0x60,0x22,0xb1,0xb1,0xf7,0x88,0xa8};
//memset(cipherTextOutput, 0, 48);
//size_t iv_offset = 0;
mbedtls_aes_init(&aes);
mbedtls_aes_setkey_enc(&aes, key, 256);
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, 16, iv, (const unsigned char *)plainText, cipherTextOutput);
for (int i = 0; i < 48; i++) {
sprintf(str, "%02x", (int)cipherTextOutput);
printf("STR = %s\n", str);
}
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, sizeof(cipherTextOutput), iv, (unsigned char *)cipherTextOutput, decipheredTextOutput);
for (int i = 0; i < 48; i++) {
printf("Decrypt Data = %c\n",(char)decipheredTextOutput);
}
mbedtls_aes_free(&aes);

It is calculating wrong data. Please suggest the correct method to achieve this.

Correct AES-256-CBC of "Hello Testing" is : '55ec62b8cc2d61b534149a6c8480bcb7'

Waiting for your early response.

Thanks
Ritu.

[esp_Hemal]

Your plaintext is 13 bytes which is less than block size (=16 bytes) and AES-CBC only works on input whose length is multiple of block size. If not multiple of block size it needs to be padded. So the encryption output would be different for different padding. In your case during encryption out of 3 bytes of padding one would be null character and rest 2 would be random bytes.

The problem is during decryption looks like you are passing length as 48 instead of 16. Also, you need to set the key through mbedtls_aes_set_key_dec() before calling mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT ....

you can refer to sample test code in https://github.com/espressif/mbedtls/bl ... rary/aes.c under the macro MBEDTLS_SELF_TEST

[chegewara]

Yes, thats all true.

I would like to add something to this, maybe this is bug in mbed library or maybe not. I have this testing code and it seems to work even if i dont set mbedtls_aes_setkey_dec, the only thing is that i have to use 2 IV keys, one for encode and one for decode (both are the same values):

iv Initialization vector (updated after use). It must be a readable and writeable buffer of 16 Bytes.

Code: Select all

unsigned char iv[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
unsigned char iv1[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
unsigned char key[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};

unsigned char input[16] = {0};
unsigned char encrypt_output[16];
unsigned char decrypt_output[16];

void task(void* p)
{
    sprintf((char*)input, "%s","Hello Testing");
    memset(encrypt_output, 0, 16);
    memset(decrypt_output, 0, 16);
    mbedtls_aes_init(&aes);

    mbedtls_aes_setkey_enc(&aes, key, 256);
    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, 16, iv, input, encrypt_output);
    mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, 16, iv1, (unsigned char*)encrypt_output, decrypt_output);
    mbedtls_aes_free(&aes);
    ESP_LOG_BUFFER_HEX("TAG", encrypt_output, 16);
    ESP_LOG_BUFFER_HEX("TAG", decrypt_output, 16);
    ESP_LOGI("TAG", "%s", decrypt_output);
}

As you can see i am initializing only enc key with mbedtls_aes_setkey_enc.

[esp_Hemal]

chegewara,

Thanks for your comment.

This is not a bug. As you have already noticed IV gets updated after AES-CBC operation. This is due to the nature of CBC algorithm. So you need to ensure same IV value is used for encryption and decryption

[chegewara]

Maybe this will help someone:

https://github.com/chegewara/esp32-mbedtls-aes-test

[Ritu21]

Hi Chegewara,

Thanks. Your suggestion helped a lot!!! Atleast, I am able to encrypt and decrypt the data and getting the desired result.

But, there is a discrepancy between Esp32 result and when done from other resource.

Like, with the below data the result is different from esp and other resources (The other end is using Java), so there could be conversion issue between hex and ascii. We are using Hex data and java uses ascii character.

Java Side Encryption data:
key bf9ad27637a9483302dea59a4d00f03facb2c59ba42e4e54656022b1b1f788a8

iv 590c8f9b2a2fbb9554f632812cc568c5

Result:
encryptedData: '55ec62b8cc2d61b534149a6c8480bcb7'

Esp Side Encryption Data:
unsigned char iv[16] = {0x59,0x0c,0x8f,0x9b,0x2a,0x2f,0xbb,0x95,0x54,0xf6,0x32,0x81,0x2c,0xc5,0x68,0xc5};
unsigned char iv1[16] = {0x59,0x0c,0x8f,0x9b,0x2a,0x2f,0xbb,0x95,0x54,0xf6,0x32,0x81,0x2c,0xc5,0x68,0xc5};
unsigned char key[32] = {0xbf,0x9a,0xd2,0x76,0x37,0xa9,0x48,0x33,0x02,0xde,0xa5,0x9a,0x4d,0x00,0xf0,0x3f,0xac,0xb2,0xc5,0x9b,0xa4,0x2e,0x4e,0x54,0x65,0x60,0x22,0xb1,0xb1,0xf7,0x88,0xa8};

Result:
TAG: 9c 8b 84 7b 17 64 0a e5 7b 67 a5 54 a3 22 54 5a
TAG: 48 65 6c 6c 6f 20 74 65 73 74 69 6e 67 00 00 00
TAG: Hello testing

What is your opinion on this??

Thanks
Ritu.

[chegewara]

You can try to verify with third app which result is correct. You can find many websites that provide tools to encode/decode with different aes encryption types.

[Ritu21]

Hi Chegewara,

How to do padding in aes encryption since it takes input in the multiple of 16 bytes.

Could you please illustrate with the help of an example.

Thanks
Ritu

[chegewara]

https://github.com/chegewara/esp32-mbedtls-aes-test

[Ritu21]

Hi Chegewara!!!

Thank you for your response!!!

I am stuck in decrypting a data. Could you please check the bug in my code below???:

void decrypt_data()
{
//Received:
{"data":"5e7d6e334a4665238524fd08e6cf6a94","hash":"269379345f048e9498eb86a969462b31fd6e1acbefb4cc121542ec40d9836962","iv":"f71620b1796c89d7821f4b0654e0da29"};
//char *data_to_decrypt = "5e7d6e334a4665238524fd08e6cf6a94";
char data_to_decrypt[] = "829a09c50e7c597864405a0fb36b5cf7";
printf(" DATA = %s\n", (char *)data_to_decrypt);
unsigned char key[32] = {0xbf, 0x9a, 0xd2, 0x76, 0x37, 0xa9, 0x48, 0x33, 0x02, 0xde, 0xa5, 0x9a, 0x4d, 0x00, 0xf0, 0x3f, 0xac,
0xb2, 0xc5, 0x9b, 0xa4, 0x2e, 0x4e, 0x54, 0x65, 0x60, 0x22, 0xb1, 0xb1, 0xf7, 0x88, 0xa8};
unsigned char iv1[16] = {0xf7,0x16,0x20,0xb1,0x79,0x6c,0x89,0xd7,0x82,0x1f,0x4b,0x06,0x54,0xe0,0xda,0x29};

int decrypt_data_size = 0;
decrypt_data_size = strlen((char *)data_to_decrypt);
unsigned char decipheredTextOutput[16];
memset(decipheredTextOutput, 0, 16);

esp_aes_context aes1;
mbedtls_aes_init(&aes1);
mbedtls_aes_setkey_enc(&aes1, (unsigned char*)key, 256);
printf("test point 1\n");
mbedtls_aes_crypt_cbc(&aes1, MBEDTLS_AES_DECRYPT, 16, (unsigned char*)iv1, ( unsigned char *)data_to_decrypt ,
decipheredTextOutput);
mbedtls_aes_free(&aes1);
ESP_LOG_BUFFER_HEX("DTAG", decipheredTextOutput, 16);
ESP_LOGI("DTAG", "%s", decipheredTextOutput);
ESP_LOG_BUFFER_HEXDUMP("DTAG", decipheredTextOutput,16, ESP_LOG_INFO);
}

When I was encrypting and decrypting the same data, it was giving correct result. But now when I am trying to decrypt a different data it is not happening. Please check.

Waiting for your response.

Thanks
Ritu.