• State Not Answered
  • Replies 3 replies
  • Subscribers 87 subscribers
  • Views 765 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 265643
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nrf_aes_crypto output buffer size

Bloq

I am using NRF52840 with SDK15

I am using AES 128 Encryption and am confused on the documentation:

  • During the encryption operation with nrf_crypto_aes_crypt or nrf_crypto_aes_finalize, if padding mode is selected, the size of p_data_out buffer must contain extra space for padding.
    When text_size is a multiple of 16 bytes, p_data_out must be allocated with a size equal to text_size + an additional block (that means 16 bytes for padding).
    When text_size is not a multiple of 16 bytes, p_data_out must be allocated with a size aligned to the next full 16-byte block (that means 1 - 15 bytes for padding).
  • When no padding mode is selected, the text for encryption must be a multiple of 16 bytes.
  • Size of the message for decryption must be always a multiple of 16 bytes.
  • Key must be 128 bits, 192 bits, or 256 bits, depending on the selected backend.

I am unsure if on the decryption I need to pad the output buffer to the size of the encrypted value or the size of the expected value after decryption.

uint8_t value_to_encrypt = 23;

uint8_t encrypted_value[16]; //===> padded buffer for encrypted value

uint8_t output_buffer[16]; // ====> padded in regards to the expected value after decryption

or

uint8_t output_bnuffer[32];// ====> padded in regards to the encryped value

Thanks,

Bloq

Parents
  • 0

    Hi,

    For those and similar functions, the p_data_out buffer holds the outputted data from the function, and must be large enough to fit that output.

    When encrypting, it means big enough for holding the encrypted value.

    When decrypting, it means big enough for holding the decrypted value.

    For both, include padding if needed.

    Regards,
    Terje

Reply
  • 0

    Hi,

    For those and similar functions, the p_data_out buffer holds the outputted data from the function, and must be large enough to fit that output.

    When encrypting, it means big enough for holding the encrypted value.

    When decrypting, it means big enough for holding the decrypted value.

    For both, include padding if needed.

    Regards,
    Terje

Children
  • 0 in reply to tesc

    Here is the AES Encryption Documentation.  Can you confirm that I am incorrect in my assumption below.

    ECB output:

    • Encrypted or decrypted text.
    • When padding mode is selected, the last encrypted block is always padded, even if plain text is a multiple of 16 bytes.
    • Upon a finished decryption operation, when padding mode is selected, p_data_out_size is decreased by the number of padded bytes.

    I am using padding so I interpreted this as:


    During encryption of a uint8_t value, I must size my output buffer to to the nearest multiple of 16 bytes of my input value.  aka 16 bytes.

    During decryption, I must size my output buffer to the nearest 16 bytes on top of my input buffer.  aka 32 bytes

    I seemed to have an instance of corruption if I did not do this.  Does the aes encryption library allocate its own space to handle the cipher block operations.

    If this is incorrect I would propose to change the wording of the documentation to be slightly more specific during decryption.  To something like:

    ECB output:

    • Encrypted text
      • When padding mode is selected, the last encrypted block is always padded, even if plain text is a multiple of 16 bytes.
    • Decrypted text
      • Buffer size must be size of the expected decrypted value.
      • Upon a finished decryption operation, when padding mode is selected, p_data_out_size is decreased by the number of padded bytes.
  • 0 in reply to Bloq

    Hi, 

    has your problem been solved? 

    Best regards,
    Kaja

Related
Terms of service