ESP32 Forum

Hello,

I am trying to implement encryption/Decryption in ESP 32 S3 using their IDF.The Sample code i referred to is
https://github.com/Mbed-TLS/mbedtls/blo ... les.c#L300, which works fine .
Basically my problem statement is ,i am getting a encrypted string in Base 64 format, which i need to decrypt, do some processing, encrypt it and send it back.
Currently , i am facing a problem that if a string other than ascii format is passed to encryption /decryption function its throws a error (-135) , i.e Invalid parameter.

i wanted some help to cope up with the above problem.

a) show us your code which reproduces the error
b) make sure you don't use strlen(...) on binary data

hello

This is the code i am using .i have modified reference code's function cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi a little to suit my need.Rest all functions i have used from reference code(https://github.com/Mbed-TLS/mbedtls/blo ... les.c#L300,) as it is.Here 'a' is a string i am receiving from a third party app light blue, and 'b' is the length of the string.
I am converting encrypted output to base 64 format, and passing that converted string to decrypt function.On hitting cipher operation in decrypt function i am getting error -135.


psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(unsigned char a[],size_t b)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 14,

};

const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;




psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key ="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEF" ;

size_t output_len = 0;
uint8_t iv[block_size]= "ABCDEFGHIJKLMNOP",encrypt[input_size + block_size], decrypt[input_size + block_size];;

status = psa_crypto_init();
if (status != PSA_SUCCESS)
{
printf("Failed to initialize PSA Crypto\n");
return 1;
}
else
{

printf(" PSA Crypto encrypt init success\n");

}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);

status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);

printf("Original Text: %s\n", a);

status = cipher_encrypt(key, alg, iv, sizeof(iv),
a, b, part_size,
encrypt, sizeof(encrypt), &output_len);
printf("Encrypted output=%s\n",encrypt);
//
unsigned char *base64_output = base64Encode((unsigned char*)encrypt, output_len);

printf("Encrypted and Base64 Encoded: %s\n", base64_output);

status = cipher_decrypt(key, alg, iv, sizeof(iv),
base64_output, b, part_size,
decrypt, sizeof(decrypt), &b);
ASSERT_STATUS(status, PSA_SUCCESS);
printf("Decrypted output=%s\n",decrypt);

printf("decrypt=%d\n",sizeof(decrypt));



exit:
psa_destroy_key(key);
return status;
}

unsigned char *base64Encode(unsigned char *input, size_t input_len) {
size_t output_len;
mbedtls_base64_encode(NULL, 0, &output_len, (const unsigned char *)input, input_len);

unsigned char *output = (unsigned char *)malloc(output_len + 1);
mbedtls_base64_encode((unsigned char *)output, output_len, &output_len, (const unsigned char *)input, input_len);
output[output_len] = '\0';

return output;
}

I am converting encrypted output to base 64 format, and passing that converted string to decrypt function.

Not sure why one would do that. There are easier ways to generate pseudo-random numbers.
With that, I find it hard to see what in your code is intentional and what's not.
However, You'll want to use the length of the output generated by cipher_encrypt (output_len) as the length of the input to cipher_decrypt (i.e. some multiple of the block size).

Hello,

Thank you for your reply.

To answer your question , In my problem statement i am getting a base 64 encrypted string and i need to decrypt that string.

secondly , I get your point that i need to give length of encrypted string as input to decrypt function.

But i need clarity on following points.

1.does encrypt and decrypt function accept Only ASCII strings.

2.Can i call the Decrypt function directly if i have a encrypted string or its mandatory to follow first encrypt then decrypt sequence.

RiverS_16 wrote: ↑

Fri Dec 01, 2023 4:14 am

To answer your question , In my problem statement i am getting a base 64 encrypted string and i need to decrypt that string.

Ok, I think I get that.
But, and to your question: Encryption yields non-ASCII, binary data. And cipher_decrypt expects the same binary data. If you have a Base64 string containing encrypted data, you'll want to first decode Base64 to binary and then perform decryption on the binary data.
Passing the Base64 string to cipher_decrypt will result in garbage data output, and, as you have noticed, may fail straight away because the Base64 is of a different length than the binary data encoded in it and expected by the decryption algorithm.

Alice:
message = Base64Encode(encrypt(plaintext));

Bob:
plaintext = decrypt(Base64Decode(message));