Skip to main content
emil28
emil28
Associate III
October 6, 2020
Question

Why the STM32_AES_CBC_Encrypt function doesn't return multiple of 64 bytes encrypted message

  • October 6, 2020
  • 8 replies
  • 4585 views

Hi,

I am using the function STM32_AES_CBC_Encrypt from the ST library Crypto 3.1.0. I don't understand why this function doesn't give me an encrypted message which is a multiple of 64 bytes.

For example, I would like to encrypt "thisisatest12345". The function returns a tab which is the same size of the original tab:

0693W000004ImLsQAK.jpg

Thes encrypted message is "0x1E 0xDD 0x1B 0x2A 0x8B 0xA6 0xDC 0x5E 0xBE 0xD6 0x9D 0x78 0xA4 0xA9 0xCA 0x3B ". Following the website https://www.devglan.com/online-tools/aes-encryption-decryption, the encypted message should be "1EDD1B2A8BA6DC5EBED69D78A4A9CA3B813290DF65F7ABD59239929768C8603F", which is 64 bytes. But, when I transform the encrypted message into Base 64, I have the same result as the previsous website, but there is a missing part:

From website;

0693W000004ImRgQAK.jpg

From my code:

0693W000004ImRDQA0.jpg

The beginning is the same, but a part is missing, and I don't know why.

Can you help me, I don't know how to solve this problem.

Thanks.

This topic has been closed for replies.

8 replies

emil28
emil28Author
Associate III
October 7, 2020

I made some progress concerning this issue. Even the project for the Nucleo F401RE from the ST library doesn't work. I have this warning:

0693W000004Ivt5QAC.jpg

I am working on IAR 8.42.2. Does this problem come from my IAR version or from the ST library ?

Jocelyn RICARD
Jocelyn RICARD
ST Employee
October 12, 2020

Hello Emil,

I don't understand your issue on first post. AES constraint is 16 bytes alignment only.

Regarding this wchar_t size, you need to get a patch of the crypto library that includes the binaries compiled with IAR8.

Best regards

Jocelyn

emil28
emil28Author
Associate III
October 29, 2020

Hello Jocelyn,

Thanks for your answer. Yes, AES is 16 bytes alignment. I used the cyrptoLib patch V3.1.3 and I don't have the warning anymore.

But I still have a problem: the result of the function " STM32_AES_CBC_Encrypt" always gives me an array which is the same lenght of the entry array. For example, if I have an array of 20 bytes to encrypt, the encrypted result will be also 20 bytes... The result should a multiple of 16 bytes ?

I am working on the stm32l476ccu6.

0693W0000059lh5QAA.jpg 

 Does the buffer to be encrypted need to be a multiple of 16 bytes ?

emil28
emil28Author
Associate III
November 4, 2020

Hello,

I really need an answer because I don't understand how this function works.

Thanks.

Pavel A.
Pavel A.
Super User
November 5, 2020

@emil28​ If you encrypt multiples of 16 bytes, do you get correct results ?

-- pa

emil28
emil28Author
Associate III
November 5, 2020

Hello,

Yes, if I encrypt multiples of 16 bytes, I get the correct results. The function doesn't work if I encrypt an array which is not a multiple of 16 bytes.

emil28
emil28Author
Associate III
November 16, 2020

Hello,

Another question, is it possible to use PKCS5 padding with this library ? I don't find informations about this in the documentation.

I am a little bit disappointed by the lack of information from ST about this subject...

Jocelyn RICARD
Jocelyn RICARD
ST Employee
November 17, 2020

Hello Emil,

the documentation of the X-CUBE-CRYPTOLIB is UM1924

https://www.st.com/resource/en/user_manual/dm00215061-stm32-crypto-library-stmicroelectronics.pdf

The is no PKCS5 mentioned in this documentation meaning this is not supported.

What kind of information would you expect ?

Best regards

Jocelyn

RamaKrishna
RamaKrishna
Associate II
January 4, 2024

Hi,

Iam having same issue what emil28 is facing , In simple term issue is i'm encrypting  a message "0000000012345678", when i encrypt this message using AES 128 CBC the encrypted message should be 32 bytes long like this "5BE9894C93D9B6D72A7C83512076166AC615BCDCED48486723B6D845788DB15E"  but function "STM32_AES_CBC_Encrypt" is returning only 16 bytes  "5BE9894C93D9B6D72A7C83512076166A"  which is only half of 32 bytes, using this 16 bytes we cannot decrypt the message it gives error. am I missing something in setup?

Jocelyn RICARD
Jocelyn RICARD
ST Employee
January 4, 2024

Hello @RamaKrishna,

As stated earlier, AES is based on 16 bytes blocks. So, you should never get 32 bytes when encrypting less than 16 bytes.

Best regards

Jocelyn

RamaKrishna
RamaKrishna
Associate II
January 4, 2024

Hi,

Ok thanks got it, it looks like online tools using some padding mechanisms (pkcs7 and pkcs5 ) and so even if we are giving 16 bytes we are getting 32 bytes output. 

Terms & ConditionsAccessibility statement