Anyone know how to decrypt with mbed aes CTR mode?

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

失落的汽水 · SSL error in Cordova ...· 2 周前 ·

面冷心慈的手套 · r:graphics [生物阁]· 2 小时前 ·

儒雅的豌豆 · 说说容器化技术与虚拟化技术的优缺点-开发者客 ...· 2 月前 ·

善良的花卷 · 深圳地铁安检招聘简章· 10 月前 ·

英勇无比的石榴 · The Last of Us Part ...· 1 年前 ·

欢快的匕首 · 卫星红外波段英文简称及范围_超长波红外英文缩 ...· 1 年前 ·

咆哮的馒头 · 习近平同美国副总统哈里斯简短交谈· 1 年前 ·

I'm trying to encrypt/decrypt data using mbed aes CTR mode. I can get the encryption to work, but I can't figure out how to make it decrypt. Below is my code:

Code: Select all

        mbedtls_aes_context aes;
	unsigned char key[16];
	unsigned char input[128] = {0x48, 0x45, 0x4c, 0x4c, 0x4f};
	unsigned char output[128];
	unsigned char decrypt[128];
	size_t input_len = 40;
	unsigned char nonce_counter[16] = {0};
	unsigned char stream_block[16];
	unsigned int nc_off = 0;
	memcpy(key, key_128, 16);
	printf("aes Key: \n");
	for(int i = 0; i < 16; i++)
		printf("%x",key[i]);
	printf("\n");
	mbedtls_aes_init(&aes);
	mbedtls_aes_setkey_enc(&aes, key, 128);
	mbedtls_aes_setkey_dec(&aes, key, 128);
	mbedtls_aes_crypt_ctr(&aes, input_len, &nc_off, nonce_counter, stream_block, input, output);
	printf("aes input: \n");
	for(int i = 0; i < 5; i++)
		printf("%x",input[i]);
	printf("\n");
	printf("aes encrypt: \n");
	for(int i = 0; i < 5; i++)
		printf("%x",output[i]);
	printf("\n");
	mbedtls_aes_crypt_ctr(&aes, input_len, &nc_off, nonce_counter, stream_block, output, decrypt);
	printf("aes decrypt: \n");
	for(int i = 0; i < 5; i++)
		printf("%x",decrypt[i]);
	printf("\n");

I get the following:
aes input: 48454c4c4f
aes encrypt: 3856ba1f36
aes decrypt: 3853a9924d
As you can see, aes input =/= aes decrypt. Any ideas?

When you use an mbedTLS CTR function it updates the nonce counter block and the stream block contents, in preparation for additional bytes. So the "decrypt" is not using the same nonce & counter block data as the initial "encrypt".
If you set the nonce block back to the same value used for the initial encryption (the initial nonce is all zeroes in your case, which not recommended), then you'll be able to decrypt.

https://github.com/chegewara/esp32-mbed ... ain/main.c
As Angus said, nonce value is changed by encrypt/decrypt function and you cant pass it to the next function. You can see i have 2 nonce, one for encrypt and one for decrypt function.

Code: Select all

static void ctr()
    size_t nc_off = 0;
    size_t nc_off1 = 0;
    unsigned char nonce_counter[16] = {0};
    unsigned char stream_block[16] = {0};
    unsigned char nonce_counter1[16] = {0};
    unsigned char stream_block1[16] = {0};
    unsigned char encrypt_output[INPUT_LENGTH] = {0};
    unsigned char decrypt_output[INPUT_LENGTH] = {0};
    size_t iv_offset = 0;
    size_t iv_offset1 = 0;
    mbedtls_aes_crypt_ctr(&aes, INPUT_LENGTH, &nc_off, nonce_counter, stream_block, input, encrypt_output);
    mbedtls_aes_crypt_ctr(&aes, INPUT_LENGTH, &nc_off1, nonce_counter1, stream_block1, encrypt_output, decrypt_output);
    ESP_LOG_BUFFER_HEX("ctr", encrypt_output, INPUT_LENGTH);
    ESP_LOG_BUFFER_HEX("ctr", decrypt_output, INPUT_LENGTH);
    ESP_LOGI("ctr", "%s", decrypt_output);
			Hi all,

I'm using BLE on ESP32 to run the provisioning. This uses AES CTR mode encrypt & decryption. I've got a related question. I noticed during the session establishment process that I had to increment the nonce to get the link to work. After exchanging the initial random IV (nonce). I used this to send the first message, and incremented it by 2 to account for the 32 bytes  I'd just sent. I was then able to decrypt the response from the subsequent read. So, it seems that both sides are keeping track of the nonce and using a single shared key and nonce. Am I right?

I've found 2 stumbling blocks. 

1. When I write repeatedly to the start scan or another scan endpoint, only the first works. I'm continuing the increase the nonce by what I believe to be the correct amount. But the second attempt always kills the connection due to this error: 
Code: Select all
E (165849) proto_wifi_scan: Unable to unpack scan message
E (165859) protocomm: Request handler for prov-scan failed
E (165859) protocomm_ble: Invalid content received, killing connection
2. When I read back from the scan status endpoint, weirdly the encrypted data doesn't seem to change. So, clearly the nonce is not being incremented on the device as part of the readback... It's all very confusing... 

I'm using CryptoJS on my end, and I haven't figured out how to let it handle the nonce for me, not that I'm sure it could do so given the odd things I've observed... N.B. The whole things works fine with the supplied ESP Provisioning app. So, I'm clearly not understanding something here. Or something very 'bespoke' is going on to make it more difficult to port.
			/* de-cryption to get the client random number */	
        mbedtls_aes_init(&aes);

	mbedtls_aes_setkey_enc(&aes, key_encrypt, 128); /* do not use  mbedtls_aes_setkey_dec(&aes, key_encrypt, 128); */

	offset = 0;

	input[0] = 0xbb;

	input[1] = 0x83;

	input[2] = 0xe0;

	input[3] =  0x37;

	input[4] =  0x8d;

	input[5] =  0x6d;

	input[6] =  0x96;

	input[7] =  0x13;

	input[8] =  0x1f;

	input[9] =  0x73;

	input[10] =  0xdb;

	input[11] =  0x95;

	input[12] =  0xb7;

	input[13] =  0xb1;

	input[14] =  0x8a;

	input[15] =  0x7f;

//	memset(stream_block, 0x0u, 16u);

	mbedtls_aes_crypt_ctr(&aes, 16u, &offset, nonce, stream_block, input, output);

    mbedtls_aes_free( &aes );
https://zh.wikipedia.org/wiki/%E5%88%86 ... R%EF%BC%89
				Display posts from previous: 
		Sort by