- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems that Cypress provides AES-CCM APIs in wiced_security.h, though without source code.
/**
* @brief AES-CCM MAC calculation
*
* @param[in] ctx : AES context
* @param[in] length : Length of the input data
* @param[in] aad_length : Length of the additional associated data
* @param[in] nonce : The nonce to use
* @param[in] nonce_length : Length of nonce.
* @param[in] aad_input : The buffer containing the additional associated data
* @param[in] data_input : Buffer holding the input data
* @param[out] mac_output : Buffer which receives the output MAC
*/
int aes_ccm_mac( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce,int nonce_length, const unsigned char *aad_input, const unsigned char *data_input, unsigned char mac_output[8] );
/**
* @brief AES-CCM encryption
*
* @param[in] ctx : AES context
* @param[in] length : Length of the input data
* @param[in] aad_length : Length of the additional associated data
* @param[in] nonce : The nonce to use
* @param[in] nonce_length : Length of nonce.
* @param[in] aad_input : The buffer containing the additional associated data
* @param[in] plaintext_input : Buffer holding the input data
* @param[out] ciphertext_output : Buffer which receives the output ciphertext
* @param[out] mac_output : Buffer which recieves the output MAC
*/
int aes_encrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *plaintext_input, unsigned char *ciphertext_output, unsigned char mac_output[8] );
/**
* @brief AES-CCM decryption
*
* @param[in] ctx : AES context
* @param[in] length : Length of the input data
* @param[in] aad_length : Length of the additional associated data
* @param[in] nonce : The nonce to use
* @param[in] nonce_length : Length of nonce.
* @param[in] aad_input : The buffer containing the additional associated data
* @param[in] ciphertext_input : Buffer holding the input data
* @param[out] plaintext_output : Buffer which receives the output plaintext
*/
int aes_decrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *ciphertext_input, unsigned char *plaintext_output );
I found sample code for aes_decrypt_ccm in wiced_cooee.c, but I can't find any sample for aes_encrypt_ccm.
I tried to follow snip.crypto as the following snippet, but I just can't do it right.
<snippet>
int ret;
aes_context_t context_aes_enc;
aes_context_t context_aes_dec;
uint8_t key[16] = {0};
uint8_t nonce[13] = {0}; // 13 == strlen("used once !!!")
uint8_t cipher_text[64] = {0};
uint8_t plain_text[64] = {0};
uint8_t plain_text_len = strlen("plain text SSID and PSWD");
uint8_t aad_data[13] = {0}; // 1ˇ = strlen("wtf is this ?")
uint8_t mac_enc[8] = {0};
uint8_t mac_dec[8] = {0};
uint8_t plain_text_dec[64] = {0};
memcpy(key, "some secret key!", 16); // strlen("some secret key!") == 16 bytes == 128 bit
memcpy(nonce, "used once !!!", sizeof(nonce));
memcpy(plain_text, "plain text SSID and PSWD", plain_text_len);
memcpy(aad_data, "wtf is this ?", 13);
memset(&context_aes_enc, 0, sizeof(context_aes_enc));
aes_setkey_enc(&context_aes_enc, key, 128);
PRINT("done aes_setkey, key: %.*s\n", 16, (char*)key);
ret = aes_encrypt_ccm(&context_aes_enc, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, cipher_text, mac_enc);
PRINT("aes_encrypt_ccm() = %d\n", ret);
PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text);
hexdump(cipher_text, sizeof(cipher_text));
hexdump(mac_enc, sizeof(mac_enc));
memset(&context_aes_dec, 0, sizeof(context_aes_dec));
aes_setkey_dec(&context_aes_dec, key, 128);
ret = aes_decrypt_ccm(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, cipher_text, plain_text_dec);
PRINT("aes_decrypt_ccm() = %d\n", ret);
PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text_dec);
hexdump(plain_text_dec, sizeof(plain_text_dec));
ret = aes_ccm_mac(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, mac_dec);
PRINT("aes_ccm_mac() = %d\n", ret);
hexdump(mac_dec, sizeof(mac_dec));
<execution>
done aes_setkey, key: some secret key!
aes_encrypt_ccm() = 0
plain_text: plain text SSID and PSWD
C4BDF107C6C2991DBFEA4E4C6A21643633D653EF335825D300000000000000000000000000000000000000000000000000000000000000000000000000000000
31D845C85F2744F0
aes_decrypt_ccm() = -1
plain_text: ��,�j5��x��̴�ӒF�%s
FD8DF0A22CB96A35F7DC78EAF5CCB4ABD31692469625197300000000000000000000000000000000000000000000000000000000000000000000000000000000
aes_ccm_mac() = 0
9A28C7DAE36C0F2E
Does anyone know how to correctly use these APIs?
Edit:
Attached verification by Pycryptodome.
By comparing the execution results, I think encrypt is fine for both cipher_text and MAC.
But I still need to find out how to use "aes_decrypt_ccm" correctly...
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Xavier,
We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Xavier,
We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?