STM32 Cryptographic library (cmox)

exelsior87 · ‎2023-11-30

hi i'm new in stm32.

i'm using stm32 cryptographic library (cmox) for encrypt my data.

while using the library, i'm experiencing some strange.

I'm trying to encrypt data after initializing the library and generating the encryption key, but the encryption is getting weird on the very first call to the encrypt function.

After the initial call, both encryption/decryption are working fine.

What can I do to resolve it?

- mcu: STM32F401RDTx

struct crypto_ {
    uint8_t key[16];
    uint8_t iv[16];
} crypto;

void crypto_init(void) {
    cmox_init_arg_t cmox_arg;
    cmox_arg.target = CMOX_INIT_TARGET_F4;

    if (cmox_initialize(&cmox_arg) != CMOX_INIT_SUCCESS) {
        return;
    }

    crypto_generate_key();

    
    uint8_t data[16] = { 0x00, };
    for (uint8_t i = 0; i < sizeof(data); i++) {
        data[i] = 10 + i;
    }

    printf("data: ");
    for (uint8_t i = 0; i < sizeof(data); i++) {
        printf("0x%02x ", data[i]);
    }
    printf("\n");

    uint8_t enc_1[16] = { 0x00, };
    uint8_t enc_2[16] = { 0x00, };
    size_t enc_1_bytes = 0;
    size_t enc_2_bytes = 0;
    uint8_t dec_1[16] = { 0x00, };
    uint8_t dec_2[16] = { 0x00, };
    size_t dec_1_bytes = 0;
    size_t dec_2_bytes = 0;

    for (uint8_t i = 0; i < 3; i++) {
        memset(enc_1, 0x00, sizeof(enc_1));
        memset(dec_1, 0x00, sizeof(dec_1));

        cmox_cipher_encrypt(
            CMOX_AES_CBC_ENC_ALGO,
            data, sizeof(data),
            crypto.key, sizeof(crypto.key),
            crypto.iv, sizeof(crypto.iv),
            enc_1, &enc_1_bytes
        );

        cmox_cipher_decrypt(
            CMOX_AES_CBC_DEC_ALGO,
            enc_1, sizeof(enc_1),
            crypto.key, sizeof(crypto.key),
            crypto.iv, sizeof(crypto.iv),
            dec_1, &dec_1_bytes
        );

        printf("enc_1: ");
        for (uint8_t i = 0; i < enc_1_bytes; i++) {
            printf("0x%02x ", enc_1[i]);
        }
        printf("\n");

        printf("dec_1: ");
        for (uint8_t i = 0; i < dec_1_bytes; i++) {
            printf("0x%02x ", dec_1[i]);
        }
        printf("\n");
    }


    crypto_generate_key();

    for (uint8_t i = 0; i < 3; i++) {
        memset(enc_2, 0x00, sizeof(enc_2));
        memset(dec_2, 0x00, sizeof(dec_2));

        cmox_cipher_encrypt(
            CMOX_AES_CBC_ENC_ALGO,
            data, sizeof(data),
            crypto.key, sizeof(crypto.key),
            crypto.iv, sizeof(crypto.iv),
            enc_2, &enc_2_bytes
        );

        cmox_cipher_decrypt(
            CMOX_AES_CBC_DEC_ALGO,
            enc_2, sizeof(enc_2),
            crypto.key, sizeof(crypto.key),
            crypto.iv, sizeof(crypto.iv),
            dec_2, &dec_2_bytes
        );

        printf("enc_2: ");
        for (uint8_t i = 0; i < enc_2_bytes; i++) {
            printf("0x%02x ", enc_2[i]);
        }
        printf("\n");

        printf("dec_2: ");
        for (uint8_t i = 0; i < dec_2_bytes; i++) {
            printf("0x%02x ", dec_2[i]);
        }
        printf("\n");
    }
}

result

key: 0x9c 0x7d 0x28 0xc1 0x84 0x15 0x30 0xcc 0xe3 0x4a 0xe0 0xac 0xd1 0x71 0x28 0x01
iv: 0xa1 0x87 0x1e 0x54 0xa9 0xe2 0x66 0xba 0x87 0xd4 0xc0 0xc9 0x60 0xb4 0x93 0xb7

data: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19

enc_1: 0x75 0x36 0xf0 0xe0 0xa8 0x2b 0x7d 0xd9 0xd4 0x39 0x95 0xff 0x9d 0xdd 0x8b 0x4c
dec_1: 0x2c 0xa5 0xe2 0x94 0x7e 0x98 0x90 0xc2 0x88 0x4c 0xf4 0x5d 0x8d 0xac 0xb2 0x11
enc_1: 0x84 0x36 0x7c 0xe2 0x63 0xd9 0x61 0x36 0x9f 0xfb 0x57 0x14 0x41 0x02 0x62 0xb6
dec_1: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19
enc_1: 0x84 0x36 0x7c 0xe2 0x63 0xd9 0x61 0x36 0x9f 0xfb 0x57 0x14 0x41 0x02 0x62 0xb6
dec_1: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19

key: 0x31 0xf8 0xc7 0x3d 0x80 0xd7 0xb4 0xd5 0x3b 0x8b 0x40 0xc0 0x39 0xb8 0xdd 0xa6
iv: 0xb5 0x41 0x24 0xb3 0x68 0xd7 0x68 0xf2 0x68 0x0f 0x8a 0xf6 0x5a 0xd7 0xf6 0x4b

enc_2: 0x38 0xfa 0x13 0x60 0xd4 0xfe 0x7e 0xad 0x3e 0x7d 0xca 0x0d 0x8c 0xe2 0x08 0xdf
dec_2: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19
enc_2: 0x38 0xfa 0x13 0x60 0xd4 0xfe 0x7e 0xad 0x3e 0x7d 0xca 0x0d 0x8c 0xe2 0x08 0xdf
dec_2: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19
enc_2: 0x38 0xfa 0x13 0x60 0xd4 0xfe 0x7e 0xad 0x3e 0x7d 0xca 0x0d 0x8c 0xe2 0x08 0xdf
dec_2: 0x0a 0x0b 0x0c 0x0d 0x0e 0x0f 0x10 0x11 0x12 0x13 0x14 0x15 0x16 0x17 0x18 0x19

STea · ‎2023-12-05

Hello @exelsior87 and welcome to ST community,

You are using the CMOX library with single call usage i suggest you add cmox_cipher_retval_t retval and test on the returned value of the encryption and decryption operation as shown below :

retval = cmox_cipher_encrypt(CMOX_AES_CBC_ENC_ALGO, /* Use AES CBC algorithm */

Plaintext, sizeof(Plaintext), /* Plaintext to encrypt */

Key, sizeof(Key), /* AES key to use */

IV, sizeof(IV), /* Initialization vector */

Computed_Ciphertext, &computed_size); /* Data buffer to receive generated ciphertext */

/* Verify API returned value */

if (retval != CMOX_CIPHER_SUCCESS)

{

Error_Handler();

}

but for MULTIPLE CALLS USAGE like your case it is recommanded to construct a context as shown in here :

cipher_ctx = cmox_cbc_construct(&Cbc_Ctx, CMOX_AES_CBC_ENC);

if (cipher_ctx == NULL)

{

Error_Handler();

}

/* Initialize the cipher context */

retval = cmox_cipher_init(cipher_ctx);

if (retval != CMOX_CIPHER_SUCCESS)

{

Error_Handler();

}

/* Setup of the encryption key into the context */

retval = cmox_cipher_setKey(cipher_ctx, Key, sizeof(Key)); /* AES key to use */

if (retval != CMOX_CIPHER_SUCCESS)

{

Error_Handler();

}

/* Setup of the Initialization Vector (IV) into the context */

retval = cmox_cipher_setIV(cipher_ctx, IV, sizeof(IV)); /* Initialization vector */

if (retval != CMOX_CIPHER_SUCCESS)

{

Error_Handler();

}

you can also base your implementation on the x-cube-cryptolib STM32CubeExpansion_Crypto_V4.1.0\Projects\NUCLEOL476RG\Applications\Cipher\AES_CBC_EncrypDecrypt which can be easily ported to your MCU .

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

exelsior87 · ‎2023-12-05

Thank you for your reply,

I already tested in the way that you metioned (SINGLE CALL USAGE)

but it is not matched with first encryption result and expected data.

[ test code ]

const uint8_t Key[] =
{
  0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
const uint8_t IV[] =
{
  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
const uint8_t Plaintext[] =
{
  0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
  0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};
const uint8_t Expected_Ciphertext[] =
{
  0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
  0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
  0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
  0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7
};

uint8_t Computed_Ciphertext[sizeof(Expected_Ciphertext)];
uint8_t Computed_Plaintext[sizeof(Plaintext)];


void crypto_init(void) {
  /* Initialize cryptographic library */
  if (cmox_initialize(NULL) != CMOX_INIT_SUCCESS)
  {
    Error_Handler();
  }
}

void crypto_test(void)
{
    cmox_cipher_retval_t retval;
    size_t computed_size;
    /* General cipher context */
    cmox_cipher_handle_t *cipher_ctx;
    /* Index for piecemeal processing */
    uint32_t index;

    retval = cmox_cipher_encrypt(CMOX_AES_CBC_ENC_ALGO,                /* Use AES CBC algorithm */
                                 Plaintext, sizeof(Plaintext),         /* Plaintext to encrypt */
                                 Key, sizeof(Key),                     /* AES key to use */
                                 IV, sizeof(IV),                       /* Initialization vector */
                                 Computed_Ciphertext, &computed_size); /* Data buffer to receive generated ciphertext */

    printf("Computed_Ciphertext: ");
    for (uint8_t i = 0; i < computed_size; i++)
    {
        printf("0x%02x ", Computed_Ciphertext[i]);
    }
    printf("\n");

    /* Verify API returned value */
    if (retval != CMOX_CIPHER_SUCCESS)
    {
        // Error_Handler();
        printf("cmox_cipher_encrypt failed (retval: %d) \n", retval);
        return;
    }

    /* Verify generated data size is the expected one */
    if (computed_size != sizeof(Expected_Ciphertext))
    {
        // Error_Handler();
        printf("computed_size != sieof(Expected_Ciphertext)  (computed_size: %d) \n", computed_size);
        return;
    }

    /* Verify generated data are the expected ones */
    if (memcmp(Expected_Ciphertext, Computed_Ciphertext, computed_size) != 0)
    {
        // Error_Handler();
        printf("Expected_Ciphertext != Computed_Ciphertext \n");
        return;
    }

    retval = cmox_cipher_decrypt(CMOX_AES_CBC_DEC_ALGO,                            /* Use AES CBC algorithm */
                                 Expected_Ciphertext, sizeof(Expected_Ciphertext), /* Ciphertext to decrypt */
                                 Key, sizeof(Key),                                 /* AES key to use */
                                 IV, sizeof(IV),                                   /* Initialization vector */
                                 Computed_Plaintext, &computed_size);              /* Data buffer to receive generated plaintext */

    printf("Computed_Plaintext: ");
    for (uint8_t i = 0; i < computed_size; i++)
    {
        printf("0x%02x ", Computed_Plaintext[i]);
    }
    printf("\n");

    /* Verify API returned value */
    if (retval != CMOX_CIPHER_SUCCESS)
    {
        // Error_Handler();
        printf("cmox_cipher_decrypt failed (retval: %d) \n", retval);
        return;
    }

    /* Verify generated data size is the expected one */
    if (computed_size != sizeof(Plaintext))
    {
        // Error_Handler();
        printf("computed_size != sieof(Plaintext)  (computed_size: %d) \n", computed_size);
        return;
    }

    /* Verify generated data are the expected ones */
    if (memcmp(Plaintext, Computed_Plaintext, computed_size) != 0)
    {
        // Error_Handler();
        printf("Plaintext != Computed_Plaintext \n");
        return;
    }

    printf("Computed_Ciphertext: ");
    for (uint8_t i = 0; i < computed_size; i++)
    {
        printf("0x%02x ", Computed_Plaintext[i]);
    }
    printf("\n");
}


int main(void) {
...
    crypto_init();
    crypto_test();
    crypto_test();
    crypto_test();
...
}

[ test result ]

Computed_Ciphertext: 0xa0 0x8b 0x59 0x0d 0xc0 0xaf 0x1d 0xfe 0x62 0x0e 0x9f 0x07 0xc4 0x7c 0x70 0x99 0xdd 0x4c 0xd5 0x17 0x4d 0xb5 0x55 0xb3 0x3a 0xfe 0x47 0xc5 0xc1 0xbb 0x02 0x5a 0xa6 0x18 0x15 0x8f 0x1c 0xa9 0x39 0xd9 0xc2 0xa3 0xe9 0x87 0x46 0xab 0xd4 0xed 0xd3 0x32 0x47 0x28 0x96 0x40 0x5c 0x90 0x34 0xaf 0x09 0x1d 0xe2 0x6e 0x72 0x7c

Expected_Ciphertext != Computed_Ciphertext

Computed_Ciphertext: 0x76 0x49 0xab 0xac 0x81 0x19 0xb2 0x46 0xce 0xe9 0x8e 0x9b 0x12 0xe9 0x19 0x7d 0x50 0x86 0xcb 0x9b 0x50 0x72 0x19 0xee 0x95 0xdb 0x11 0x3a 0x91 0x76 0x78 0xb2 0x73 0xbe 0xd6 0xb8 0xe3 0xc1 0x74 0x3b 0x71 0x16 0xe6 0x9e 0x22 0x22 0x95 0x16 0x3f 0xf1 0xca 0xa1 0x68 0x1f 0xac 0x09 0x12 0x0e 0xca 0x30 0x75 0x86 0xe1 0xa7
Computed_Plaintext: 0x6b 0xc1 0xbe 0xe2 0x2e 0x40 0x9f 0x96 0xe9 0x3d 0x7e 0x11 0x73 0x93 0x17 0x2a 0xae 0x2d 0x8a 0x57 0x1e 0x03 0xac 0x9c 0x9e 0xb7 0x6f 0xac 0x45 0xaf 0x8e 0x51 0x30 0xc8 0x1c 0x46 0xa3 0x5c 0xe4 0x11 0xe5 0xfb 0xc1 0x19 0x1a 0x0a 0x52 0xef 0xf6 0x9f 0x24 0x45 0xdf 0x4f 0x9b 0x17 0xad 0x2b 0x41 0x7b 0xe6 0x6c 0x37 0x10

Is there any problem with my usage of library?

STea · ‎2023-12-06

Hello @exelsior87 ,

you need to activate the CRC and deactivate the FPU i suggest you follow this video to properly use the cryptolib .

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

FastAsFastCanBe · ‎2024-07-30

Not sure if you ever got to the bottom of this issue, but I had exactly the same problem.

Turned out my code had used the CRC hardware to compute a CRC prior to the first call to a cmox function. That CRC computation had left the CRC data register with a value other than 0xFFFFFFFF. That caused the first call to cmox to fail - cmox must be expecting the CRC register to be 0xFFFFFFFF. The first, failed call to cmox "restored" the CRC register to 0xFFFFFFFF which meant that the second and subsequent cmox calls worked as expected.

Seems kind of strange that the cmox function is dependent on the CRC register being 0xFFFFFFFF when that value could be changed at any time.

I just added this to my CRC function after it was done

// Must reset the CRC back to 0xFFFFFFFF or the next call to cmox encrypt/decrypt fails
__HAL_CRC_DR_RESET(&_crc_handle); // INITIAL: 0xFFFFFFFF

Hopefully that info helps someone...

Olivier ARNAUD · ‎2024-07-31

Hello @FastAsFastCanBe ,

You can rely on the cmox getting started Wiki page available here: https://wiki.st.com/stm32mcu/wiki/Security:Getting_started_with_the_Cryptographic_Library

In particular the paragraph "CRC peripheral usage", to see how to properly share CRC between your application and the cmox functions.

BR

FastAsFastCanBe · ‎2024-07-31

Thanks for sharing that link. Wish I had seen that sooner 🙂