1年前
AES CBC No Padding
Posted by托马斯Donhauser0 points 5 replies你好PM_DIALOG!
I use this code to encrypt data in my application:
hw_aes_hash_setup s;Memset(&s,0,sizeof(hw_aes_hash_setup));UINT8 AESKEY [32] = {1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,};char p [] =“SiC Transit Gloria Mundi-123456。”;char e [128];Memset(E,0,Sizeof(e));s.mode = hw_aes_cbc;s.aesdirection = hw_aes_encrypt;s.aeskeysize = hw_aes_256;s.aesKeyExpand = HW_AES_DO_NOT_PERFORM_KEY_EXPANSION; s.aesKeys = (uint32)&aesKey; s.aesIvCtrblk_0_31 = 0x01020304; s.aesIvCtrblk_32_63 = 0x05060708; s.aesIvCtrblk_64_95 = 0x090A0B0C; s.aesIvCtrblk_96_127 = 0x0D0E0FA1; s.aesWriteBackAll = true; s.moreDataToCome = false; s.sourceAddress = (uint32)&p; s.destinationAddress = (uint32)&e; s.dataSize = 32; s.enableInterrupt = false; s.callback = 0; hw_aes_hash_init(&s); hw_aes_hash_start(); while(hw_aes_hash_is_active()){}; hw_aes_hash_disable_clock();正如我在相关的文档中读取的那样,E [128]的长度应该是在这种情况下为48字节。由于纯文本长度为32 +基于AES CBC的填充。但实际上,E [128]中的加密结果仅在处理后长32字节。
此应用程序的对应物是IOS和Android应用程序。ECRYPTIONT显示了前32字节的结果相同的结果 - 作为预期。但iOS和Android正在向结果添加填充数据,如下所示:
26 9D F3 2B 94 E9 CD DE 7A D2 6F E8 7A 7E 8D A8 1F E1 CA B7 BF A7 4F C7 17 F3 D4 2F BB E6 C3 C739 7a 92 fe 54 98 c7 f8 2f 13 93 15 3a 43 b0 3eThe encryption on the da14683 results in:
26 9D F3 2B 94 E9 CD DE 7A D2 6F E8 7A 7E 8D A8 1F E1 CA B7 BF A7 4F C7 17 F3 D4 2F BB E6 C3 C7So can you please explaine how get the same results or what to else to do.
Thank you!
托马斯
1年前
Hello PM_Dialog!
I followed your advise and changed the snippet as you want me to do so. When I got it right, it should look like this:
hw_aes_hash_setup s;Memset(&s,0,sizeof(hw_aes_hash_setup));UINT8 AESKEY [32] = {1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,};char p [] =“SiC Transit Gloria Mundi-123456。”;char e [128];char d [128];Memset(E,0,Sizeof(e));Memset(D,0,Sizeof(e));s.mode = hw_aes_cbc;s.aesdirection = hw_aes_encrypt; s.aesKeySize = HW_AES_256; s.aesKeyExpand = HW_AES_PERFORM_KEY_EXPANSION; s.aesKeys = (uint32)&aesKey; s.aesIvCtrblk_0_31 = 0x01020304; s.aesIvCtrblk_32_63 = 0x05060708; s.aesIvCtrblk_64_95 = 0x090A0B0C; s.aesIvCtrblk_96_127 = 0x0D0E0FA1; s.aesWriteBackAll = true; s.moreDataToCome = true; //false; s.sourceAddress = (uint32)&p; s.destinationAddress = (uint32)&e; s.dataSize = sizeof(p); s.enableInterrupt = false; s.callback = 0; hw_aes_hash_init(&s); hw_aes_hash_start(); while(hw_aes_hash_is_active()){}; hw_aes_hash_disable_clock();This end up in a crash at hw_aes_hash_init(). So I have strong doubts that your advise is working on your side. Can you post the code you have testet?
I probably explained not clear enough what the problem ist. Usually AES-CBC encryption requires padding with 0x10 at the end. The calculation therefor is:
sizeof(p)+(16 - (sizeof(p)%16));如果是消息“SiC Transit Gloria Mundi-123456”。计算给出了48.甚至是消息的Lenght为32字符,计算的加密Lenght也是48. I'V培养了消息https://cryptii.com/pipes/aes-encryption以及IOS和Android以及所有三个平台,我会得到相同的加密结果。只有DA14683并没有使用正确的填充将加密结果扩展。据我所知,PKCS#7填充对于AES-CBC加密是强制性的。
So again I like to know how to parameterise hw_aes_hash_setup to get similar results as on other platforms.
Thank you an kind regards,
托马斯
1年前
Hi Thomas,
以下代码段用于SDK的FreertOS_Retarget示例。
导入以下库:
#include "hw_aes_hash.h"The following code is called in the main() before the for( ; ; ) loop. The input vector is doubled increased, so I got the output double increased.
hw_aes_hash_setup s;Memset(&s,0,sizeof(hw_aes_hash_setup));UINT8 AESKEY [32] = {1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,};char p [] =“SiC Transit Gloria Mundi-123456.SIC Transit Gloria Mundi-123456。”;char e [128];Memset(E,0,Sizeof(e));s.mode = hw_aes_cbc;s.aesdirection = hw_aes_encrypt;s.aeskeysize = hw_aes_256;s.aeskeyexpand = hw_aes_perform_key_expansion; s.aesKeys = (uint32)&aesKey; s.aesIvCtrblk_0_31 = 0x01020304; s.aesIvCtrblk_32_63 = 0x05060708; s.aesIvCtrblk_64_95 = 0x090A0B0C; s.aesIvCtrblk_96_127 = 0x0D0E0FA1; s.aesWriteBackAll = true; s.moreDataToCome = false; s.sourceAddress = (uint32)&p; s.destinationAddress = (uint32)&e; s.dataSize = sizeof(p); s.enableInterrupt = false; s.callback = 0; hw_aes_hash_init(&s); hw_aes_hash_start(); while(hw_aes_hash_is_active()){}; hw_aes_hash_disable_clock();Can you please test it in you side as well and share the results?
谢谢,PM_DIALOG.
1年前
你好,
It has taken some time, but now I'f done it and the result is:
B86FD2D7DE80D4E7CB626CA6E7534369506653445430C9FBBB8DCCCF8DF0E34
a33003f124e39ed42b53e200502c4a251e936b50bcb71261c1ad1e06735abe4f
03.
加密结果长为65字节,因为在输入数据中也是长度的65字节(String +终止0)。
So the conclusion ist that the AES-CBC encryption does not support PKCS#7 padding. Encryption in AES-CBC mode is done on any platform (iOS, Android..) with PKCS#7 padding. From my standpoint this is wrong implemented. Or maybe I just don't know how to configure it. Probably you guys even don't know it. :-)
regards,
托马斯
1年前
Hello
您是正确的PKCS7未在DA1468X平台上实现。如果您希望将AES-CBC数据符合OpenSSL,您将必须手动实施。
See my previous post about it:
https://support.dialog-semicondiondiondiondum/forums/post/dialog-smartbond-b...
Here is the implementation I wrote to have data decoded by openssl using AES-CBC-256
uint32_t * const size_out;
uint32_t size_in;
uint32_t padding_size;
uint8_t i;
// Add padding
*size_out = (((size_in - 1) / 16) + 1) * 16;
padding_size = * size_out - size_in;
for (i = 0; i < padding_size; i++) {
data_in [size_in + i] = padding_size;
}
size_in += padding_size;
您必须在加密之前实现这一目标。这就是为什么我正在input_data工作的原因。
I also discovered that openssl implies that the last byte of the block is always used by the padding. It means that you can not anymore use payload mathcing the size of the block or you need to add an extra block so you always have padding data transmitted. This is why openssl/android/iphone ciphered message are longer than DA one.
Hope it helps
Best Regards
西蒙
1年前
Hi Thomas,
I have ran your attached code in my side using SDK1.0.14 and DA14683. Please find below my comment:
1.输出矢量的大小(E [])将与输入向量的大小相等(P [])。为此,如果要在输出中有128个字节,则应相应地调整输入。
2. S.DataSize项目设置为32.应根据输入大小动态配置数据大小。我的建议将是如下更改它:
3.在您提供的代码段中,关键扩展由软件那
This is a wrong approach, as according to datasheet, the Key-Expansion is the process of generating the number of keys based on the initial key. More specific generates 11, 13 and 15 keys from an initial key of 128, 192 and 256 bits respectively. Each round of the algorithm uses each one of the above keys. For the encryption of each 128 bits input we need to use all generated, from this process, keys.
This means that if it is set to be performed by the engine, the software will read 15 AES keys of 32 bit each one. Please check the source code of hw_aes_hash_store_keys().
I’d strongly suggest you to change the key expansion performed by the engine, as follow:
关键扩展将由专用硬件引擎执行。否则应由软件执行密钥扩展,并将生成的密钥存储到CryPTO_KEYS存储器中。
4. s.moredatatocome = false;:根据表32:DA14683数据表的Crypto_len限制,当Crypto_len Crypto_More_in = 0时,在AES CBC模式下,没有限制,如果将其更改为“True”,则它应该是16的倍数。
谢谢,PM_DIALOG.