cancel
Showing results for 
Search instead for 
Did you mean: 

WICED Studio Wi-Fi Combo

JeGu_2199941
Contributor II

It seems that Cypress provides AES-CCM APIs in wiced_security.h, though without source code.

/**

* @brief               AES-CCM MAC calculation

*

* @param[in]  ctx          : AES context

* @param[in]  length       : Length of the input data

* @param[in]  aad_length   : Length of the additional associated data

* @param[in]  nonce        : The nonce to use

* @param[in]  nonce_length : Length of nonce.

* @param[in]  aad_input    : The buffer containing the additional associated data

* @param[in]  data_input   : Buffer holding the input data

* @param[out] mac_output   : Buffer which receives the output MAC

*/

int aes_ccm_mac( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce,int nonce_length, const unsigned char *aad_input, const unsigned char *data_input, unsigned char mac_output[8] );

/**

* @brief                   AES-CCM encryption

*

* @param[in]  ctx               : AES context

* @param[in]  length            : Length of the input data

* @param[in]  aad_length        : Length of the additional associated data

* @param[in]  nonce             : The nonce to use

* @param[in]  nonce_length      : Length of nonce.

* @param[in]  aad_input         : The buffer containing the additional associated data

* @param[in]  plaintext_input   : Buffer holding the input data

* @param[out] ciphertext_output : Buffer which receives the output ciphertext

* @param[out] mac_output        : Buffer which recieves the output MAC

*/

int aes_encrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *plaintext_input, unsigned char *ciphertext_output, unsigned char mac_output[8] );

/**

* @brief                   AES-CCM decryption

*

* @param[in]  ctx              : AES context

* @param[in]  length           : Length of the input data

* @param[in]  aad_length       : Length of the additional associated data

* @param[in]  nonce            : The nonce to use

* @param[in]  nonce_length     : Length of nonce.

* @param[in]  aad_input        : The buffer containing the additional associated data

* @param[in]  ciphertext_input : Buffer holding the input data

* @param[out] plaintext_output : Buffer which receives the output plaintext

*/

int aes_decrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length,  const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *ciphertext_input, unsigned char *plaintext_output );

I found sample code for aes_decrypt_ccm in wiced_cooee.c, but I can't find any sample for aes_encrypt_ccm.

I tried to follow snip.crypto as the following snippet, but I just can't do it right.

<snippet>

    int ret;

    aes_context_t context_aes_enc;

    aes_context_t context_aes_dec;

    uint8_t key[16] = {0};

    uint8_t nonce[13] = {0}; // 13 == strlen("used once !!!")

    uint8_t cipher_text[64] = {0};

    uint8_t plain_text[64] = {0};

    uint8_t plain_text_len = strlen("plain text SSID and PSWD");

    uint8_t aad_data[13] = {0}; // 1ˇ = strlen("wtf is this ?")

    uint8_t mac_enc[8] = {0};

    uint8_t mac_dec[8] = {0};

    uint8_t plain_text_dec[64] = {0};

    memcpy(key, "some secret key!", 16); // strlen("some secret key!") == 16 bytes == 128 bit

    memcpy(nonce, "used once !!!", sizeof(nonce));

    memcpy(plain_text, "plain text SSID and PSWD", plain_text_len);

    memcpy(aad_data, "wtf is this ?", 13);

    memset(&context_aes_enc, 0, sizeof(context_aes_enc));

    aes_setkey_enc(&context_aes_enc, key, 128);

    PRINT("done aes_setkey, key: %.*s\n", 16, (char*)key);

    ret = aes_encrypt_ccm(&context_aes_enc, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, cipher_text, mac_enc);

    PRINT("aes_encrypt_ccm() = %d\n", ret);

    PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text);

    hexdump(cipher_text, sizeof(cipher_text));

    hexdump(mac_enc, sizeof(mac_enc));

    memset(&context_aes_dec, 0, sizeof(context_aes_dec));

    aes_setkey_dec(&context_aes_dec, key, 128);

    ret = aes_decrypt_ccm(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, cipher_text, plain_text_dec);

    PRINT("aes_decrypt_ccm() = %d\n", ret);

    PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text_dec);

    hexdump(plain_text_dec, sizeof(plain_text_dec));

    ret = aes_ccm_mac(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, mac_dec);

    PRINT("aes_ccm_mac() = %d\n", ret);

    hexdump(mac_dec, sizeof(mac_dec));

<execution>

done aes_setkey, key: some secret key!

aes_encrypt_ccm() = 0

plain_text: plain text SSID and PSWD

C4BDF107C6C2991DBFEA4E4C6A21643633D653EF335825D300000000000000000000000000000000000000000000000000000000000000000000000000000000

31D845C85F2744F0

aes_decrypt_ccm() = -1

plain_text: ��,�j5��x��̴�ӒF�%s

FD8DF0A22CB96A35F7DC78EAF5CCB4ABD31692469625197300000000000000000000000000000000000000000000000000000000000000000000000000000000

aes_ccm_mac() = 0

9A28C7DAE36C0F2E

Does anyone know how to correctly use these APIs?

Edit:

Attached verification by Pycryptodome.

By comparing the execution results, I think encrypt is fine for both cipher_text and MAC.

But I still need to find out how to use "aes_decrypt_ccm" correctly...

0 Likes
1 Solution
RaktimR_11
Moderator
Moderator

Hello Xavier,

We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?

View solution in original post

1 Reply
RaktimR_11
Moderator
Moderator

Hello Xavier,

We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?

View solution in original post