3 Replies Latest reply on Dec 23, 2018 9:20 PM by GyanC_36

    What is CyBle_AesCcmEncrypt Decrypt additional data

    DaPi_1514011

      The function CyBle_AesCcmEncrypt has the following parameters:

       

      Page 82 of 553 Document Number: 002-25037 Rev. **

      CYBLE_API_RESULT_T CyBle_AesCcmEncrypt (uint8 *key, uint8 *nonce, uint8 *in_data, uint8 length, uint8 *out_data, uint8 *out_mic)

       

      When we use this and implement the equivalent AES CCM on a PC, we also need additional data (other than key, nonce and data) to be set for the MIC generation to generate the same output value as out_mic.  On the nRF website, this is said:

       

      I've determined that the nRF AES CCM hardware is not a generic AES CCM device, but instead is targeting the BLE way of using AES CCM. Specifically, the "formatting function" that is used to generate blocks b_0, b_1, ... for the MIC calculation is not part of the CCM specification, but instead specified by the BLE spec (Core v5.0: Vol 6: Part E: Section 2: "CCM"). To correctly compute the MIC using software crypto libraries, it is necessary to use one byte of "adata" or "additional data". The BLE spec says that byte is used as the third byte of the block b_1 (Table 2.3 in the section mentioned before), and must be equal to the "data channel PDU header's first octet with NESN, SN and MD bits masked to 0". Since I'm not using bluetooth, I was puzzled about how this byte is determined by the nRF AES CCM hardware and used in the MIC calculation. I've now determined that it is simply the first byte of the unencrypted packet you point to with NRF_CCM->INPTR, but masked with 0xE3 (to zero the NESN, SN, and MD bits).

       

      Our PC 'decrypt' for a sample output from CyBle_AesCcmEncrypt needs a byte[] = {1}; to work.  But I'm concerned that we don't know where this additional data value comes from (other than the possible related answer from nRF).  We need access to this to decode and validate the MIC.

       

      So, where can we set/read/access this additional MIC data to be able to reliably use data generated by CyBle_AesCcmEncrypt?

       

      Thanks, Dave

       

        • 1. Re: What is CyBle_AesCcmEncrypt Decrypt additional data
          GyanC_36

          Hello Dave,

           

              CyBle_AesCcmEncrypt/Decript APIs uses the Cypress BLE Stack Libraries and not any open source software Crypto libraries.

           

          The CyBle_AesCcmEncrypt() API generates the encrypted data and 4 byte MIC value for a particular key.

          The CyBle_AesCcmDecrypt() API uses that key and generated MIC value to decry-pt the encrypted data and checks for the MIC value authorization. If the MIC value is not same which is generated from the CyBle_AesCcmEncrypt() API , then the CyBle_AesCcmDecrypt() API will decry-pt the data but it will fail for MIC based authorization and will return an error code CYBLE_ERROR_MIC_AUTH_FAILED.If you will pass the same MIC value which is generated from CyBle_AesCcmEncrypt() API then the CyBle_AesCcmDecrypt() API will return CYBLE_ERROR_OK.

           

          The AES-CCM Encryption Algorithm description/sample examples can be found in the core Bluetooth specification (https://www.bluetooth.com/specifications/bluetooth-core-specification) core version 4.2 in the section Vol#6,Part-C.

           

          I have attached a sample PSoC Creator project for verifying the same.Please let me know if it answers your query correctly.

           

          -Gyan

          • 2. Re: What is CyBle_AesCcmEncrypt Decrypt additional data
            DaPi_1514011

            Hello Gyan,

             

            We know how to use the functions inside of PSoC creator, that is not the issue.  We are wanting to create a compatible function at a PC/Mobile end of a Bluetooth connection.

             

            I.e. inside the PRoC-BLE, use this to encrypt and then on a PC, receive and decrypt and validate the MIC to validate the data.

             

            We have the PC algorithm working.  However AES_CCM on a PC requires extra data outside of the KEY, NONCE and DATA.  Per the BLE spec referenced above, this can vary.  However we want to know if the PSoC implementation has a fixed additional data value of bytes[] = {1}, or if it varies.

             

            Thanks,

             

            Dave

            • 3. Re: What is CyBle_AesCcmEncrypt Decrypt additional data
              GyanC_36

              Hi Dave,

               

                The additional data field ('aad') you can put as '1' for PC AES-CCM Algorithm. The PSoC BLE APIs take care of it internally.

               

              -Gyan