Topic: AES CBC Decryption issue in android

Hello,

I am using wolfcrypt aes cbc function. My usecase is I am sending 1316 bytes of mpeg-2 ts data encrypted using wc_AesCbcEncrypt() function, from udp server in linux and I am receiving the 1316 bytes in an android based receiver and decrypting it using wc_AesCbcDecrypt().

My receiver is an android app which uses c++ for receiving and decrypting data, so I have built wolfcrypt library using ndk-tool chain for arm7 devices.

My key size is 16 bytes.

My issue is some of the packets after decryption are not same as the packet sent by the sender before encryption.
I am sending 1000 packets out of which 10-20 packets are not decrypted properly.

I have tested wc_AesCbcDecrypt() function at the sender side itself and in that case decryption seems to be working properly. but issue is happening at android side.

How can I make sure all packets are decrypted properly at the android receiver side.

Please let me know if you need any more information.

Share

Re: AES CBC Decryption issue in android

Hi abdulwazeed1,

What version of wolfSSL are you using?  If you are not using the latest stable (5.2.0), please upgrade and let me know if it helps.
Are wc_AesCbcEncrypt and/or wc_AesCbcDecrypt returning an error code for the invalid packets?  If so, what error code are you seeing?
If neither of the above help, please enable debug logging by building with DEBUG_WOLFSSL or --enable-debug, and running wolfSSL_Debugging_ON().  Then attach your debug logs here.  Please also share your build settings.
Lastly, please clarify whether you are using a multi-threaded application on either side.  Note that for multi-threading we require separate Aes objects for each thread.

Thanks,
Kareem

Share

3 (edited by abdulwazeed1 2022-03-14 23:34:51)

Re: AES CBC Decryption issue in android

kareem_wolfssl wrote:

Hi abdulwazeed1,

What version of wolfSSL are you using?  If you are not using the latest stable (5.2.0), please upgrade and let me know if it helps.
Are wc_AesCbcEncrypt and/or wc_AesCbcDecrypt returning an error code for the invalid packets?  If so, what error code are you seeing?
If neither of the above help, please enable debug logging by building with DEBUG_WOLFSSL or --enable-debug, and running wolfSSL_Debugging_ON().  Then attach your debug logs here.  Please also share your build settings.
Lastly, please clarify whether you are using a multi-threaded application on either side.  Note that for multi-threading we require separate Aes objects for each thread.

Thanks,
Kareem

Hello kareem,
->  I am using version 5.1.1
-> wc_AesCbcDecrypt returns 0 for the invalid packets
-> I will try building with debug mode on, and let you know
-> I have used the following configuration,
    --enable-keygen --disable-crypttests --enable-fast-rsa --disable-aesgcm --disable-dh --disable-des3
    --enable-cryptonly --enable-keygen --disable-examples
-> Yes my android app is a multithreaded application. but i am working with a specific thread which does the task of pushing a packet into a queue. so before i push into the queue, I am calling my decryption function which runs the following

Aes aes_decrypt;
and
wc_AesSetKey()
wc_AesCbcDecrypt()
both of these functions have return value 0

Updates:--------------------------
->  I have build wolfcrypt library using version 5.2.0
-> I have enabled --enable-debug, but as i am not getting error return value after calling wc_AesCbcDecrypt, I dont know how to log.
-> I have tried a hack which is whenever i am getting invalid packet after decryption, i am running again the decryption function call on the same encrypted packet and in second time I am getting a correct decryption output, But this is not expected behavior and we want correct decryption output at the first time. Any idea why this is happening?

Share

Re: AES CBC Decryption issue in android

Hi abdulwazeed1,

It sounds like you are running into a threading issue, since it works after repeated tries.  Are you confident you are not sharing any context between threads?  Each thread needs its own Aes, WOLFSSL, etc objects.
If you still run into issues, please reach out to support [AT] wolfssl [DOT] com so we can prioritize this issue.

Thanks,
Kareem

Share