Using AES-GCM encryption and the results of ciphertext and tag are incorrect.

Question

Hello, I am trying to use AES-GCM from the STM32 cryptographic library V4.2.0 to encrypt data.When running the example program, encryption and decryption work smoothly.However, when I integrate the library and function into my existing program, the encrypted ciphertext differs from expected_ciphertext.Additionally, using this incorrect ciphertext and incorrect tag still decrypts to the correct plaintext.Could you please advise where the error might be causing this result?  const uint8_t Key[] =
{
 0x46, 0x3b, 0x41, 0x29, 0x11, 0x76, 0x7d, 0x57, 0xa0, 0xb3, 0x39, 0x69, 0xe6, 0x74, 0xff, 0xe7,
 0x84, 0x5d, 0x31, 0x3b, 0x88, 0xc6, 0xfe, 0x31, 0x2f, 0x3d, 0x72, 0x4b, 0xe6, 0x8e, 0x1f, 0xca
};
const uint8_t IV[] =
{
 0x61, 0x1c, 0xe6, 0xf9, 0xa6, 0x88, 0x07, 0x50, 0xde, 0x7d, 0xa6, 0xcb
};
const uint8_t Plaintext[] =
{
 0xe7, 0xd1, 0xdc, 0xf6, 0x68, 0xe2, 0x87, 0x68, 0x61, 0x94, 0x0e, 0x01, 0x2f, 0xe5, 0x2a, 0x98,
 0xda, 0xcb, 0xd7, 0x8a, 0xb6, 0x3c, 0x08, 0x84, 0x2c, 0xc9, 0x80, 0x1e, 0xa5, 0x81, 0x68, 0x2a,
 0xd5, 0x4a, 0xf0, 0xc3, 0x4d, 0x0d, 0x7f, 0x6f, 0x59, 0xe8, 0xee, 0x0b, 0xf4, 0x90, 0x0e, 0x0f,
 0xd8, 0x50, 0x42
};
const uint8_t AddData[] =
{
 0x0a, 0x68, 0x2f, 0xbc, 0x61, 0x92, 0xe1, 0xb4, 0x7a, 0x5e, 0x08, 0x68, 0x78, 0x7f, 0xfd, 0xaf,
 0xe5, 0xa5, 0x0c, 0xea, 0xd3, 0x57, 0x58, 0x49, 0x99, 0x0c, 0xdd, 0x2e, 0xa9, 0xb3, 0x59, 0x77,
 0x49, 0x40, 0x3e, 0xfb, 0x4a, 0x56, 0x68, 0x4f, 0x0c, 0x6b, 0xde, 0x35, 0x2d, 0x4a, 0xee, 0xc5
};
const uint8_t Expected_Ciphertext[] =
{
 0x88, 0x86, 0xe1, 0x96, 0x01, 0x0c, 0xb3, 0x84, 0x9d, 0x9c, 0x1a, 0x18, 0x2a, 0xbe, 0x1e, 0xea,
 0xb0, 0xa5, 0xf3, 0xca, 0x42, 0x3c, 0x36, 0x69, 0xa4, 0xa8, 0x70, 0x3c, 0x0f, 0x14, 0x6e, 0x8e,
 0x95, 0x6f, 0xb1, 0x22, 0xe0, 0xd7, 0x21, 0xb8, 0x69, 0xd2, 0xb6, 0xfc, 0xd4, 0x21, 0x6d, 0x7d,
 0x4d, 0x37, 0x58,
};
const uint8_t Expected_Tag[] =
{
 0x24, 0x69, 0xce, 0xcd, 0x70, 0xfd, 0x98, 0xfe, 0xc9, 0x26, 0x4f, 0x71, 0xdf, 0x1a, 0xee, 0x9a
};incorrect_ciphertext:
{
	0xA3, 0x0A, 0x42, 0x8A, 0xCA, 0x35, 0x1C, 0x9A, 0x40, 0x45, 0x06, 0xF0, 0xA1, 0xB9, 0x29, 0x6C,
	0x20, 0xE8, 0x43, 0x35, 0x4D, 0xF2, 0xFD, 0x12, 0x98, 0x5E, 0xE3, 0x22, 0xC0, 0xF6, 0xD8, 0xEF,
	0x47, 0x17, 0x6C, 0x36, 0xC7, 0x09, 0x4D, 0x3B, 0xCE, 0xC0, 0xAD, 0xC0, 0xB9, 0xD2, 0x06, 0xC3,
	0x6D, 0x4F, 0x8C,
}

incorrect_tag:
{
	0x8D, 0xF4, 0x2D, 0x51, 0x9A, 0x60, 0x48, 0xD6, 0x9C, 0x93, 0xD7, 0xA3, 0xF1, 0x84, 0xAA, 0xB4,
}retval = cmox_aead_encrypt(CMOX_AES_GCM_ENC_ALGO, /* Use AES GCM algorithm */
 Plaintext, sizeof(Plaintext), /* Plaintext to encrypt */
 sizeof(Expected_Tag), /* Authentication tag size */
 Key, sizeof(Key), /* AES key to use */
 IV, sizeof(IV), /* Initialization vector */
 AddData, sizeof(AddData), /* Additional authenticated data */
 Computed_Ciphertext, &computed_size); /* Data buffer to receive generated ciphertext
 and authentication tag */ The model used in the example program is NUCLEO-L476RG.My development board model is STM32L431CBT6.Using KEIL5.

Tesla DeLorean · Accepted Answer

Make sure CRC Peripheral clock is enabled when using ST libraries

BarryWhit · Answer

This could be due to a difference in default padding scheme between the STM32 lib and whatever impl you're using as a reference. GCM padding is defined as part of the spec, so that's not it. Sorry.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded