1 (edited by telina 2018-01-16 08:12:01)

Topic: Problem with AES-CBC incorrect input size

Hello,

I was writing some tests for my project when I realized that the input size for AES-CBC is never checked to be a multiple of the AES_BLOCK_SIZE.
This has the consequence that if e.g. an byte array of the size 17 is used as the input plaintext, only the first 16 bytes are encrypted. If the input is empty, nothing is encrypted.
No error or warning is being returned so I felt like something has to be added there otherwise people might unintentionally leak unencrypted data.

I am using version 3.11. but I also tried it on the latest release (3.13) which seems to make no difference.

For AES-CTR this is the same case, though the "not fitting" Bytes are still encrypted and the message can also be decrypted.


Best Regards
telina

Share

Re: Problem with AES-CBC incorrect input size

Hi Telina,

AES CBC mode requires the input to be block aligned. Generally the caller will need to add some type of padding to make sure its 16 byte aligned. It would be okay to just pad with zeros. Some people will pad with the pad count value.

AES CTR mode has a feature where the leftover bytes remain in the `Aes` object and are used on the next call.

You do bring up a good point about the wc_AesCbcEncrypt not checking for block size, however the wc_AesCbcDecrypt does. I'll bring this up with the team this week and let you know the reason for this or get a fix for it.

Thanks,
David Garske, wolfSSL

Share

3 (edited by AdoraKalb 2018-09-05 12:43:43)

Re: Problem with AES-CBC incorrect input size

Hi...i am a new user here. Omitted a pretty big part of my project, which is I am using FreeRTOS. When putting my encryption and decryption code in a thread, including a copy of the code from the forum post you directed me to, it seems to not work. However as soon as I took it out of the thread and put it into the main function before the scheduler started it worked fine. The thread it was running on was the only one in the program, and had nothing preempting it.

pcb assembly firm

Share

Re: Problem with AES-CBC incorrect input size

Hi AdoraKalb,

That sounds like an issue with not providing enough stack space to the FreeRTOS thread on the xTaskCreate. Try increasing the stack size for that task and let us know if that helps.

Thanks,
David Garske, wolfSSL

Share