AES 256 - Options?


#1

In order to be compliant with some client specifications on an RFP, they are asking for AES 256 for comms. Now, we know that we have AES 128 for comms (we are using an Electron, FWIW), but I need to provide assurance that we can use it.

There seems to have been some work done here:

But this is for a TCP client. Particle uses UDP on the Electron, and I sure don’t want to be doing any TCP comms if I can help it.

I was thinking that we could encrypt our messages using AES 256, then throwing it across the wire as a publish. Is it even possible? Is this something I can do in software, or am I going to need to specify a new hardware encryption part to do it for me?

Interested in people’s take on this.


#2

Hi @mblackler
Here is sample code for AES 256 bits tested on WebIDE&Photon.

#include "application.h"

#include "TlsTcpClient.h"
#include "mbedtls/aes.h"

void setup() {
    Serial.begin(9600);

    unsigned char key[32];
    unsigned char iv_enc[16] = {'i', 'n', 'i', 't', 'i', 'a', 'l', 'v', 'e', 'c', 't', 'o', 'r', ' ', ' ', ' '};
    unsigned char iv_dec[16] = {'i', 'n', 'i', 't', 'i', 'a', 'l', 'v', 'e', 'c', 't', 'o', 'r', ' ', ' ', ' '};
    unsigned char encbuff[128];
    unsigned char decbuff[128];
    unsigned char str[128];

    memset(str, 0, sizeof(str));
    memset(encbuff, 0, sizeof(encbuff));
    memset(decbuff, 0, sizeof(decbuff));
    
    for (int i = 0; i < 32; i++) key[i] = i;
    strcpy((char *)str, "Some text for AES 256 bytes :)");
    
    mbedtls_aes_context aes_ctx;
    
    mbedtls_aes_init(&aes_ctx);
    mbedtls_aes_setkey_enc(&aes_ctx, key, 256);
    mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_ENCRYPT, 128, iv_enc, str, encbuff);

    mbedtls_aes_setkey_dec(&aes_ctx, key, 256);
    mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, 128, iv_dec, encbuff, decbuff);
    mbedtls_aes_free(&aes_ctx);
    Serial.print("Dec:"); Serial.println((char *)decbuff);

}

void loop() {
    delay(1000);
}


#3

That’s excellent, thanks so much! Exactly what I was looking for.


#4

Hi @hirotakaster!
Do you have an example for mbedtls_aes_crypt_cfb128 function.
https://tls.mbed.org/api/aes_8h.html#a944946adabbc344f2c6cf6e6f51a21e3
Which parameter need for iv_off?


#5

hi @developer_bt,
sorry, I don’t have a mbedtls_aes_crypt_cfb128 example, but maybe you could find iv_off parameter requirements from AES source code.(0-15 int value)


#6

Thanks @hirotakaster!
I tried with standard value for v_off = 8 and work perfectly :slight_smile: