How to handle padding with STM32 Cryptographic Library

Folmer Brem N�hr · ‎2016-12-07

Posted on December 07, 2016 at 15:40

I am writing an application in C# that AES-encrypts some data that is then decrypted inside an STM32 using STM32 Cryptographic Library. My C#-class (

https://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael(v=vs.110).aspx

) can encrypt using different types of padding (ANSIX923, ISO10126, PKCS7 and with zeros). I have not found a way to specify the padding for the function in the

STM32 Cryptographic Library.

Right now, my decryption fails because of padding-issues.

I use AES 128-bit, CBC-mode.

What padding is used in STM32 Cryptographic Library?

How to I change the padding mode?

Thanks

Imen.D · ‎2016-12-09

Posted on December 09, 2016 at 16:34

Hello

Brem_N_hr.Folmer

,

In fact the following note on the

http://www.st.com/content/ccc/resource/technical/document/user_manual/group0/f9/6e/f2/a2/b4/ec/49/c0/DM00215061/files/DM00215pdf/jcr:content/translations/en.DM00215pdf

specify this:

* In case of a call where P_inputSize is greater than 16 and not multiple of 16,

Cipher-text

Stealing will be activated.

Accordingly, we don't use padding, we use ciphertext stealing as the mode 'CBC-CS2' specified in NIST SP 800-38A.

This mode doesn't modify the plaintext if it's already a multiple of 16 bytes.

So, if the customer needs to implement its own padding, this can be done, provided the output of the customer's padding function gives an output multiple of 16 bytes.

Best Regards

-Imen-

If the response is useful, please mark it as correct. Thank you for yourcontribution

When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen

View solution in original post

Imen.D · ‎2016-12-07

Posted on December 07, 2016 at 16:55

Dear

folmerbrem

‌,

Why do you need use the padding ?Would you please specify the message size that you want to encrypt ?

Best Regards

-Imen-

When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen

Folmer Brem N�hr · ‎2016-12-07

Posted on December 07, 2016 at 17:00

I need it as the data from the C# application is padded. It can choose between

ANSIX923, ISO10126, PKCS7 and with zeros.

Is this something that I need to implement myself or is there some way to use padding inside the library?

The message size is anywhere from 16bytes to many megabytes

Tesla DeLorean · ‎2016-12-07

Posted on December 07, 2016 at 18:40

Are you using an STM32 with CRYPT hardware? A review of the hardware implementation should provide some insight.

Beyond simplistic implementation, you'd do a lot better compiling your own library from source you can understand and inspect.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

Imen.D · ‎2016-12-09

Posted on December 09, 2016 at 16:34

Hello

Brem_N_hr.Folmer

,

In fact the following note on the

http://www.st.com/content/ccc/resource/technical/document/user_manual/group0/f9/6e/f2/a2/b4/ec/49/c0/DM00215061/files/DM00215pdf/jcr:content/translations/en.DM00215pdf

specify this:

* In case of a call where P_inputSize is greater than 16 and not multiple of 16,

Cipher-text

Stealing will be activated.

Accordingly, we don't use padding, we use ciphertext stealing as the mode 'CBC-CS2' specified in NIST SP 800-38A.

This mode doesn't modify the plaintext if it's already a multiple of 16 bytes.

So, if the customer needs to implement its own padding, this can be done, provided the output of the customer's padding function gives an output multiple of 16 bytes.

Best Regards

-Imen-

If the response is useful, please mark it as correct. Thank you for yourcontribution

When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen

Tesla DeLorean · ‎2016-12-09

Posted on December 09, 2016 at 17:12

So realistically, you need to packetize/decompose larger transfers into manageable lengths divisible by 16, and special case the last 0..15 bytes of such a transfer.

:)

If a response is useful/helpful mark it as such, mark it as correct if it answers the original question accurately, correctly, satisfactorily and completely.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..