Problem in Computing AES 256 CBC
Re: Problem in Computing AES 256 CBC
Maybe the tool you are using to encrypt data is using different type on encoding, not CBC?
I did few quick tests with esp32 and this website and it is working, so maybe the other device/tool is broken, not esp32.
http://aes.online-domain-tools.com/
I did few quick tests with esp32 and this website and it is working, so maybe the other device/tool is broken, not esp32.
http://aes.online-domain-tools.com/
Re: Problem in Computing AES 256 CBC
We used http://aes.online-domain-tools.com/ to encrypt string "true" and then used encrypted output to decrypt on esp32 but it gave some other output and not "true". We used AES CBC encryption.
Re: Problem in Computing AES 256 CBC
Here you have logs from my app:
and here is screenshot from website tool:
Like i said, esp32 aes library works good. (technically its mbedtls library)
Code: Select all
I (327) KEY: bf 9a d2 76 37 a9 48 33 02 de a5 9a 4d 00 f0 3f
I (327) KEY: ac b2 c5 9b a4 2e 4e 54 65 60 22 b1 b1 f7 88 a8
I (337) IV: f7 16 20 b1 79 6c 89 d7 82 1f 4b 06 54 e0 da 29
I (347) ENCRYPTED HEX: 51 9f 43 57 1f fb 7a c5 63 20 78 3f 47 2f c0 55
I (347) DECRYPTED HEX: 74 72 75 65 00 00 00 00 00 00 00 00 00 00 00 00
I (357) DECRYPTED ASCII: true
Re: Problem in Computing AES 256 CBC
Hi @chegewara,
I am also facing different results on encryption and decryption.
I have adapted your example and provided it with a set input :
Output :
Shouldn't decrypted array be same as input ?
I am also facing different results on encryption and decryption.
I have adapted your example and provided it with a set input :
Code: Select all
void testdecode()
{
// only CBC requires that input length shall be multiple of 16
#define INPUT_LENGTH 16
mbedtls_aes_context aes;
// key length 32 bytes for 256 bit encrypting, it can be 16 or 24 bytes for 128 and 192 bits encrypting mode
uint8_t key[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
uint8_t iv[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
uint8_t iv2[] = {0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
uint8_t input[INPUT_LENGTH] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
uint8_t encrypt_output[INPUT_LENGTH] = {0};
uint8_t decrypt_output[INPUT_LENGTH] = {0};
mbedtls_aes_init(&aes);
mbedtls_aes_setkey_enc(&aes, key, 256);
//sprintf((char*)input, "%s","Hello Testing");
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, INPUT_LENGTH, iv, input, encrypt_output);
Serial.println("Encrypted Array:");
for (uint8_t i=0; i<INPUT_LENGTH; i++)
{
Serial.print(String(encrypt_output[i])+" ");
}
Serial.println();
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, INPUT_LENGTH, iv2, encrypt_output, decrypt_output);
Serial.println("Decrypted Array:");
for (uint8_t i=0; i<INPUT_LENGTH; i++)
{
Serial.print(String(decrypt_output[i])+" ");
}
Serial.println();
mbedtls_aes_free(&aes);
}
Code: Select all
Encrypted Array:
219 245 170 160 113 80 47 61 200 104 238 191 30 168 127 76
Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
Re: Problem in Computing AES 256 CBC
Hi,
from your "logs" i can tell it works as expected.
from your "logs" i can tell it works as expected.
equal thisgb.123 wrote: Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
gb.123 wrote: uint8_t input[INPUT_LENGTH] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
Re: Problem in Computing AES 256 CBC
Can you please tell me how to convert
Back to
Am a little confused...
My basic intent is to have a byte converted back to the original byte...
Thanks for your help !
Code: Select all
Decrypted Array:
17 18 19 20 21 22 23 24 25 32 17 18 19 20 21 22
Code: Select all
11 12 13 14 15 16 17 18 19 20 11 12 13 14 15 16
My basic intent is to have a byte converted back to the original byte...
Thanks for your help !
Re: Problem in Computing AES 256 CBC
11 is not the same as 0x11, but
0x11 is the same as 17
0x11 is the same as 17
Re: Problem in Computing AES 256 CBC
I know int (11) is not the same as hex (0x11) and definitely not the same as "11".
What I wanted to do was get a series of bytes is input to be encoded and decoded back to byte format.
i,e -> input = 0x11 -> encrypt -> decrypt -> back to 0x11
I realize that the Decrypt array is showing as decimal and what I need is hex.
So basically for byte to byte conversion, we need to convert the array back to hex.
Thanks once again for your help !
PS: Basically I realized that by default String() of Arduino/ESP32 converts the value to decimal by default. if String (value, HEX) is used, the correct output is shown.
What I wanted to do was get a series of bytes is input to be encoded and decoded back to byte format.
i,e -> input = 0x11 -> encrypt -> decrypt -> back to 0x11
I realize that the Decrypt array is showing as decimal and what I need is hex.
So basically for byte to byte conversion, we need to convert the array back to hex.
Thanks once again for your help !
PS: Basically I realized that by default String() of Arduino/ESP32 converts the value to decimal by default. if String (value, HEX) is used, the correct output is shown.
Re: Problem in Computing AES 256 CBC
Hi @chegewara,
I am trying to decrypt the file while writing OTA. The problem is that I get esp_image: invalid segment length 0xffc70fb10m if I use decryption. Direct non-encrypted OTA updates fine .
Code :
The encrypted firmware doesn't run, but if I flash without encryption. it runs. I am using openssl with same iv * key to encrypt the original firmware.bin. Can you please help me point out where I am wrong? I suppose it has to do with padding ?
You help would be highly appreciated.
I am trying to decrypt the file while writing OTA. The problem is that I get esp_image: invalid segment length 0xffc70fb10m if I use decryption. Direct non-encrypted OTA updates fine .
Code :
Code: Select all
if (true)
{
#define BUFFER_SIZE=2048
mbedtls_aes_context aes;
const uint8_t key[] = {0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
uint8_t iv[] = {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11};
uint8_t decrypt_output[BUFFER_SIZE] = {0};
mbedtls_aes_init(&aes);
mbedtls_aes_setkey_enc(&aes, key, 256);
// CODES REMOVED TO SHORTEN
while (HTTP_Client.connected() && (remaining_len > 0 || remaining_len == -1))
{
// get available data size
remaining_stream_size = stream->available();
if (remaining_stream_size)
{
// reset buffer to ensure padding
memset(buffer, 0, BUFFER_SIZE);
memset(decrypt_output, 0, BUFFER_SIZE);
// read up to array size
read_length = stream->readBytes(buffer, ((remaining_stream_size > sizeof(buffer)) ? sizeof(buffer) : remaining_stream_size));
//decrypt the firmware
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT,read_length, iv, buffer, decrypt_output);
// Write read buffer to Flash Mem
Update.write(decrypt_output, read_length)
// Update.write(buffer, read_length);
//CODE REMOVED TO SHORTEN
}
else
{
Update.end(true);
mbedtls_aes_free(&aes);
HTTP_Client.end();
}
You help would be highly appreciated.
Re: Problem in Computing AES 256 CBC
Well, to be honest i am noob-ish in using AES, that s why i prepared this repo, to have some easy start when i need it (but i didnt need it yet).
Before you start flashing firmware with OTA, maybe just try with simple txt files and make sure you can decode it?
https://superuser.com/questions/1329658 ... th-openssl
https://security.stackexchange.com/ques ... 56-bits-iv
At least it is how i would start to do it. Also your openssl commands would help community to have better idea whats may be wrong (of course with fake key and IV, but exactly the same pattern).
Sorry i cant help you more
Before you start flashing firmware with OTA, maybe just try with simple txt files and make sure you can decode it?
https://superuser.com/questions/1329658 ... th-openssl
https://security.stackexchange.com/ques ... 56-bits-iv
At least it is how i would start to do it. Also your openssl commands would help community to have better idea whats may be wrong (of course with fake key and IV, but exactly the same pattern).
Sorry i cant help you more
Who is online
Users browsing this forum: Google [Bot] and 90 guests