I am trying to get AES CBC decryption to produce the original input message as went into AES CBC encryption. I'm not getting it.

AWell.1 · ‎2020-04-28

I have created a simple function to encrypt a message using the AES CBC flow suggested in the documentation (AES_CBC_Encrypt_Init, AES_CBC_Encrypt_Append, AES_CBC_Encrypt_Finish), and then using the same flow to decrypt (AES_CBC_Decrypt_Init, AES_CBC_Decrypt_Append, AES_CBC_Decrypt_Finish). I am using a fixed Key vector (32 bytes) and a fixed InitializationVector (16 bytes) and I'm using these same arrays in decryption as in encryption. But I don't get the original input message back.

Here is the code:

uint32_t doSimpleEncrypt()

{

// AES context, error status and output length.

AESCBCctx_stt AESctx;

uint32_t errorStatus = AES_SUCCESS;

int32_t outputLength = 0;

const uint8_t Plaintext[PLAINTEXT_LENGTH] = {0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,

0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70};

uint32_t inputMessageLength = PLAINTEXT_LENGTH;

/* Key to be used for AES encryption/decryption */

uint8_t Key[CRL_AES256_KEY_SIZE] = {0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,

0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,

0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38};

/* Initialization Vector */

uint8_t IV[CRL_AES_BLOCK] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,

0x39, 0x38, 0x37, 0x36, 0x35, 0x34, 0x33, 0x32};

/* Buffer to store the output data */

uint8_t OutputMessage[PLAINTEXT_LENGTH];

/* Size of the output data */

uint32_t OutputMessageLength = 0;

/* Set flag field to default value */

AESctx.mFlags = E_SK_DEFAULT;

/* Set key size to 32 (corresponding to AES-256) */

AESctx.mKeySize = CRL_AES256_KEY_SIZE;

/* Set iv size field to IvLength*/

AESctx.mIvSize = CRL_AES_BLOCK;

errorStatus = AES_CBC_Encrypt_Init(&AESctx, &Key[0], &IV[0] );

/* check for initialization errors */

if (errorStatus == AES_SUCCESS)

{

/* Encrypt Data */

errorStatus = AES_CBC_Encrypt_Append(&AESctx,Plaintext,inputMessageLength,OutputMessage,&outputLength);

if (errorStatus == AES_SUCCESS){

/* Write the number of data written*/

OutputMessageLength = outputLength;

/* Do the Finalization */

errorStatus = AES_CBC_Encrypt_Finish(&AESctx, OutputMessage + OutputMessageLength, &outputLength);

OutputMessageLength += outputLength;

if(errorStatus == AES_SUCCESS){

// now decrypt the encrypted message

uint8_t decryptedMessage[PLAINTEXT_LENGTH];

AESCBCctx_stt AESctx2;

// Set flag field to default value.

AESctx2.mFlags = E_SK_DEFAULT;

// Set the key size in AES status.

AESctx2.mKeySize = CRL_AES256_KEY_SIZE;

// Set the initialization vector size in AES status.

AESctx2.mIvSize = CRL_AES_BLOCK;

// Initialize the operation, by passing key and initialization vector.

errorStatus = AES_CBC_Decrypt_Init(&AESctx2, &Key[0], &IV[0]);

printAESctx(&AESctx2);

// check for initialization errors.

if (errorStatus == AES_SUCCESS)

{

// Decrypt Data in CBC mode.

errorStatus = AES_CBC_Decrypt_Append(&AESctx2, OutputMessage, inputMessageLength, decryptedMessage, &outputLength);

// check for decryption errors in CBC mode.

if (errorStatus == AES_SUCCESS)

{

// Finalize data.

OutputMessageLength = outputLength;

errorStatus = AES_CBC_Decrypt_Finish(&AESctx2, (decryptedMessage + OutputMessageLength), &outputLength);

}

else {

errorStatus = AES_ERR_BAD_OPERATION;

}

else {

errorStatus = AES_ERR_BAD_OPERATION;

}

sprintf(tmpStr,"decryptStatus: %d\r\n",(int)errorStatus);

newDebugEvents->logEvent(tmpStr,EventPriorityEnum::devLevel);

sprintf(tmpStr,"Beginning decryptedMessage\r\n");

newDebugEvents->logEvent(tmpStr,EventPriorityEnum::devLevel);

for(unsigned i=0; i<inputMessageLength; ++i){

sprintf(tmpStr,"Decrypted[%d]: 0x%0x\r\n",i,(uint16_t)decryptedMessage[i]);

newDebugEvents->logEvent(tmpStr,EventPriorityEnum::devLevel);

}

sprintf(tmpStr,"End decryptedMessage\r\n");

newDebugEvents->logEvent(tmpStr,EventPriorityEnum::devLevel);

}

return errorStatus;

}

I have used the same input into some web-based AES CBC 256-bit key encryptor and decryptor, and it works there.