ESP32 Forum

ESP32 Official Forum
https://www.esp32.com/

Anyone know how to decrypt with mbed aes CTR mode?

https://www.esp32.com/viewtopic.php?f=13&t=11891

Page 1 of 1

Anyone know how to decrypt with mbed aes CTR mode?

Posted: Tue Aug 13, 2019 3:08 pm
by phantomBlurrr
I'm trying to encrypt/decrypt data using mbed aes CTR mode. I can get the encryption to work, but I can't figure out how to make it decrypt. Below is my code:

Code: Select all

        mbedtls_aes_context aes;
	unsigned char key[16];
	unsigned char input[128] = {0x48, 0x45, 0x4c, 0x4c, 0x4f};
	unsigned char output[128];
	unsigned char decrypt[128];
	size_t input_len = 40;
	unsigned char nonce_counter[16] = {0};
	unsigned char stream_block[16];
	unsigned int nc_off = 0;

	memcpy(key, key_128, 16);

	printf("aes Key: \n");
	for(int i = 0; i < 16; i++)
	{
		printf("%x",key[i]);
	}
	printf("\n");

	mbedtls_aes_init(&aes);
	mbedtls_aes_setkey_enc(&aes, key, 128);
	mbedtls_aes_setkey_dec(&aes, key, 128);
	mbedtls_aes_crypt_ctr(&aes, input_len, &nc_off, nonce_counter, stream_block, input, output);

	printf("aes input: \n");
	for(int i = 0; i < 5; i++)
	{
		printf("%x",input[i]);
	}
	printf("\n");

	printf("aes encrypt: \n");
	for(int i = 0; i < 5; i++)
	{
		printf("%x",output[i]);
	}
	printf("\n");

	mbedtls_aes_crypt_ctr(&aes, input_len, &nc_off, nonce_counter, stream_block, output, decrypt);

	printf("aes decrypt: \n");
	for(int i = 0; i < 5; i++)
	{
		printf("%x",decrypt[i]);
	}
	printf("\n");
I get the following:
aes input: 48454c4c4f
aes encrypt: 3856ba1f36
aes decrypt: 3853a9924d

As you can see, aes input =/= aes decrypt. Any ideas?

Re: Anyone know how to decrypt with mbed aes CTR mode?

Posted: Wed Aug 14, 2019 1:22 am
by ESP_Angus
When you use an mbedTLS CTR function it updates the nonce counter block and the stream block contents, in preparation for additional bytes. So the "decrypt" is not using the same nonce & counter block data as the initial "encrypt".

If you set the nonce block back to the same value used for the initial encryption (the initial nonce is all zeroes in your case, which not recommended), then you'll be able to decrypt.

Re: Anyone know how to decrypt with mbed aes CTR mode?

Posted: Wed Aug 14, 2019 8:32 pm
by chegewara
https://github.com/chegewara/esp32-mbed ... ain/main.c

As Angus said, nonce value is changed by encrypt/decrypt function and you cant pass it to the next function. You can see i have 2 nonce, one for encrypt and one for decrypt function.

Code: Select all

static void ctr()
{
    size_t nc_off = 0;
    size_t nc_off1 = 0;
    unsigned char nonce_counter[16] = {0};
    unsigned char stream_block[16] = {0};
    unsigned char nonce_counter1[16] = {0};
    unsigned char stream_block1[16] = {0};
    unsigned char encrypt_output[INPUT_LENGTH] = {0};
    unsigned char decrypt_output[INPUT_LENGTH] = {0};
    size_t iv_offset = 0;
    size_t iv_offset1 = 0;
    mbedtls_aes_crypt_ctr(&aes, INPUT_LENGTH, &nc_off, nonce_counter, stream_block, input, encrypt_output);
    mbedtls_aes_crypt_ctr(&aes, INPUT_LENGTH, &nc_off1, nonce_counter1, stream_block1, encrypt_output, decrypt_output);
    ESP_LOG_BUFFER_HEX("ctr", encrypt_output, INPUT_LENGTH);
    ESP_LOG_BUFFER_HEX("ctr", decrypt_output, INPUT_LENGTH);
    ESP_LOGI("ctr", "%s", decrypt_output);
}

Re: Anyone know how to decrypt with mbed aes CTR mode?

Posted: Tue Jan 07, 2020 3:44 am
by monkey
Hi all,

I'm using BLE on ESP32 to run the provisioning. This uses AES CTR mode encrypt & decryption. I've got a related question. I noticed during the session establishment process that I had to increment the nonce to get the link to work. After exchanging the initial random IV (nonce). I used this to send the first message, and incremented it by 2 to account for the 32 bytes I'd just sent. I was then able to decrypt the response from the subsequent read. So, it seems that both sides are keeping track of the nonce and using a single shared key and nonce. Am I right?

I've found 2 stumbling blocks.

1. When I write repeatedly to the start scan or another scan endpoint, only the first works. I'm continuing the increase the nonce by what I believe to be the correct amount. But the second attempt always kills the connection due to this error:

Code: Select all

E (165849) proto_wifi_scan: Unable to unpack scan message
E (165859) protocomm: Request handler for prov-scan failed
E (165859) protocomm_ble: Invalid content received, killing connection
2. When I read back from the scan status endpoint, weirdly the encrypted data doesn't seem to change. So, clearly the nonce is not being incremented on the device as part of the readback... It's all very confusing...

I'm using CryptoJS on my end, and I haven't figured out how to let it handle the nonce for me, not that I'm sure it could do so given the odd things I've observed... N.B. The whole things works fine with the supplied ESP Provisioning app. So, I'm clearly not understanding something here. Or something very 'bespoke' is going on to make it more difficult to port.

Re: Anyone know how to decrypt with mbed aes CTR mode?

Posted: Sun Oct 09, 2022 5:13 am
by praiseslow
/* de-cryption to get the client random number */ mbedtls_aes_init(&aes);
mbedtls_aes_setkey_enc(&aes, key_encrypt, 128); /* do not use mbedtls_aes_setkey_dec(&aes, key_encrypt, 128); */
offset = 0;

input[0] = 0xbb;
input[1] = 0x83;
input[2] = 0xe0;
input[3] = 0x37;
input[4] = 0x8d;
input[5] = 0x6d;
input[6] = 0x96;
input[7] = 0x13;
input[8] = 0x1f;
input[9] = 0x73;
input[10] = 0xdb;
input[11] = 0x95;
input[12] = 0xb7;
input[13] = 0xb1;
input[14] = 0x8a;
input[15] = 0x7f;
// memset(stream_block, 0x0u, 16u);
mbedtls_aes_crypt_ctr(&aes, 16u, &offset, nonce, stream_block, input, output);
mbedtls_aes_free( &aes ); https://zh.wikipedia.org/wiki/%E5%88%86 ... R%EF%BC%89
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/