Hello,
I am trying to implement encryption/Decryption in ESP 32 S3 using their IDF.The Sample code i referred to is
https://github.com/Mbed-TLS/mbedtls/blo ... les.c#L300, which works fine .
Basically my problem statement is ,i am getting a encrypted string in Base 64 format, which i need to decrypt, do some processing, encrypt it and send it back.
Currently , i am facing a problem that if a string other than ascii format is passed to encryption /decryption function its throws a error (-135) , i.e Invalid parameter.
i wanted some help to cope up with the above problem.
Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
-
- Posts: 1701
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
a) show us your code which reproduces the error
b) make sure you don't use strlen(...) on binary data
b) make sure you don't use strlen(...) on binary data
Re: Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
hello
This is the code i am using .i have modified reference code's function cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi a little to suit my need.Rest all functions i have used from reference code(https://github.com/Mbed-TLS/mbedtls/blo ... les.c#L300,) as it is.Here 'a' is a string i am receiving from a third party app light blue, and 'b' is the length of the string.
I am converting encrypted output to base 64 format, and passing that converted string to decrypt function.On hitting cipher operation in decrypt function i am getting error -135.
psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(unsigned char a[],size_t b)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 14,
};
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key ="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEF" ;
size_t output_len = 0;
uint8_t iv[block_size]= "ABCDEFGHIJKLMNOP",encrypt[input_size + block_size], decrypt[input_size + block_size];;
status = psa_crypto_init();
if (status != PSA_SUCCESS)
{
printf("Failed to initialize PSA Crypto\n");
return 1;
}
else
{
printf(" PSA Crypto encrypt init success\n");
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);
printf("Original Text: %s\n", a);
status = cipher_encrypt(key, alg, iv, sizeof(iv),
a, b, part_size,
encrypt, sizeof(encrypt), &output_len);
printf("Encrypted output=%s\n",encrypt);
//
unsigned char *base64_output = base64Encode((unsigned char*)encrypt, output_len);
printf("Encrypted and Base64 Encoded: %s\n", base64_output);
status = cipher_decrypt(key, alg, iv, sizeof(iv),
base64_output, b, part_size,
decrypt, sizeof(decrypt), &b);
ASSERT_STATUS(status, PSA_SUCCESS);
printf("Decrypted output=%s\n",decrypt);
printf("decrypt=%d\n",sizeof(decrypt));
exit:
psa_destroy_key(key);
return status;
}
unsigned char *base64Encode(unsigned char *input, size_t input_len) {
size_t output_len;
mbedtls_base64_encode(NULL, 0, &output_len, (const unsigned char *)input, input_len);
unsigned char *output = (unsigned char *)malloc(output_len + 1);
mbedtls_base64_encode((unsigned char *)output, output_len, &output_len, (const unsigned char *)input, input_len);
output[output_len] = '\0';
return output;
}
This is the code i am using .i have modified reference code's function cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi a little to suit my need.Rest all functions i have used from reference code(https://github.com/Mbed-TLS/mbedtls/blo ... les.c#L300,) as it is.Here 'a' is a string i am receiving from a third party app light blue, and 'b' is the length of the string.
I am converting encrypted output to base 64 format, and passing that converted string to decrypt function.On hitting cipher operation in decrypt function i am getting error -135.
psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(unsigned char a[],size_t b)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 14,
};
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key ="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEF" ;
size_t output_len = 0;
uint8_t iv[block_size]= "ABCDEFGHIJKLMNOP",encrypt[input_size + block_size], decrypt[input_size + block_size];;
status = psa_crypto_init();
if (status != PSA_SUCCESS)
{
printf("Failed to initialize PSA Crypto\n");
return 1;
}
else
{
printf(" PSA Crypto encrypt init success\n");
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);
printf("Original Text: %s\n", a);
status = cipher_encrypt(key, alg, iv, sizeof(iv),
a, b, part_size,
encrypt, sizeof(encrypt), &output_len);
printf("Encrypted output=%s\n",encrypt);
//
unsigned char *base64_output = base64Encode((unsigned char*)encrypt, output_len);
printf("Encrypted and Base64 Encoded: %s\n", base64_output);
status = cipher_decrypt(key, alg, iv, sizeof(iv),
base64_output, b, part_size,
decrypt, sizeof(decrypt), &b);
ASSERT_STATUS(status, PSA_SUCCESS);
printf("Decrypted output=%s\n",decrypt);
printf("decrypt=%d\n",sizeof(decrypt));
exit:
psa_destroy_key(key);
return status;
}
unsigned char *base64Encode(unsigned char *input, size_t input_len) {
size_t output_len;
mbedtls_base64_encode(NULL, 0, &output_len, (const unsigned char *)input, input_len);
unsigned char *output = (unsigned char *)malloc(output_len + 1);
mbedtls_base64_encode((unsigned char *)output, output_len, &output_len, (const unsigned char *)input, input_len);
output[output_len] = '\0';
return output;
}
-
- Posts: 1701
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
Not sure why one would do that. There are easier ways to generate pseudo-random numbers.I am converting encrypted output to base 64 format, and passing that converted string to decrypt function.
With that, I find it hard to see what in your code is intentional and what's not.
However,
Code: Select all
status = cipher_encrypt(key, alg, iv, sizeof(iv),
a, b, part_size,
encrypt, sizeof(encrypt), &output_len);
...
status = cipher_decrypt(key, alg, iv, sizeof(iv),
base64_output, b, part_size,
decrypt, sizeof(decrypt), &b);
Re: Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
Hello,
Thank you for your reply.
To answer your question , In my problem statement i am getting a base 64 encrypted string and i need to decrypt that string.
secondly , I get your point that i need to give length of encrypted string as input to decrypt function.
But i need clarity on following points.
1.does encrypt and decrypt function accept Only ASCII strings.
2.Can i call the Decrypt function directly if i have a encrypted string or its mandatory to follow first encrypt then decrypt sequence.
Thank you for your reply.
To answer your question , In my problem statement i am getting a base 64 encrypted string and i need to decrypt that string.
secondly , I get your point that i need to give length of encrypted string as input to decrypt function.
But i need clarity on following points.
1.does encrypt and decrypt function accept Only ASCII strings.
2.Can i call the Decrypt function directly if i have a encrypted string or its mandatory to follow first encrypt then decrypt sequence.
-
- Posts: 1701
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: Sample code for Implementing PSA_ALG_CBC_PKCS7 ESP 32-S3
Ok, I think I get that.
But, and to your question: Encryption yields non-ASCII, binary data. And cipher_decrypt expects the same binary data. If you have a Base64 string containing encrypted data, you'll want to first decode Base64 to binary and then perform decryption on the binary data.
Passing the Base64 string to cipher_decrypt will result in garbage data output, and, as you have noticed, may fail straight away because the Base64 is of a different length than the binary data encoded in it and expected by the decryption algorithm.
Alice:
message = Base64Encode(encrypt(plaintext));
Bob:
plaintext = decrypt(Base64Decode(message));
Who is online
Users browsing this forum: Bing [Bot] and 160 guests