What is CyBle_AesCcmEncrypt Decrypt additional data

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
DaPi_1514011
Level 3
Level 3
First like received

The function CyBle_AesCcmEncrypt has the following parameters:

Page 82 of 553 Document Number: 002-25037 Rev. **

CYBLE_API_RESULT_T CyBle_AesCcmEncrypt (uint8 *key, uint8 *nonce, uint8 *in_data, uint8 length, uint8 *out_data, uint8 *out_mic)

When we use this and implement the equivalent AES CCM on a PC, we also need additional data (other than key, nonce and data) to be set for the MIC generation to generate the same output value as out_mic.  On the nRF website, this is said:

I've determined that the nRF AES CCM hardware is not a generic AES CCM device, but instead is targeting the BLE way of using AES CCM. Specifically, the "formatting function" that is used to generate blocks b_0, b_1, ... for the MIC calculation is not part of the CCM specification, but instead specified by the BLE spec (Core v5.0: Vol 6: Part E: Section 2: "CCM"). To correctly compute the MIC using software crypto libraries, it is necessary to use one byte of "adata" or "additional data". The BLE spec says that byte is used as the third byte of the block b_1 (Table 2.3 in the section mentioned before), and must be equal to the "data channel PDU header's first octet with NESN, SN and MD bits masked to 0". Since I'm not using bluetooth, I was puzzled about how this byte is determined by the nRF AES CCM hardware and used in the MIC calculation. I've now determined that it is simply the first byte of the unencrypted packet you point to with NRF_CCM->INPTR, but masked with 0xE3 (to zero the NESN, SN, and MD bits).

Our PC 'decrypt' for a sample output from CyBle_AesCcmEncrypt needs a byte[] = {1}; to work.  But I'm concerned that we don't know where this additional data value comes from (other than the possible related answer from nRF).  We need access to this to decode and validate the MIC.

So, where can we set/read/access this additional MIC data to be able to reliably use data generated by CyBle_AesCcmEncrypt?

Thanks, Dave

0 Likes
1 Solution

Hi Dave,

  The additional data field ('aad') you can put as '1' for PC AES-CCM Algorithm. The PSoC BLE APIs take care of it internally.

-Gyan

View solution in original post

0 Likes
3 Replies
lock attach
Attachments are accessible only for community members.
GyanC_36
Employee
Employee
250 replies posted 100 replies posted 50 replies posted

Hello Dave,

    CyBle_AesCcmEncrypt/Decript APIs uses the Cypress BLE Stack Libraries and not any open source software Crypto libraries.

The CyBle_AesCcmEncrypt() API generates the encrypted data and 4 byte MIC value for a particular key.

The CyBle_AesCcmDecrypt() API uses that key and generated MIC value to decry-pt the encrypted data and checks for the MIC value authorization. If the MIC value is not same which is generated from the CyBle_AesCcmEncrypt() API , then the CyBle_AesCcmDecrypt() API will decry-pt the data but it will fail for MIC based authorization and will return an error code CYBLE_ERROR_MIC_AUTH_FAILED.If you will pass the same MIC value which is generated from CyBle_AesCcmEncrypt() API then the CyBle_AesCcmDecrypt() API will return CYBLE_ERROR_OK.

The AES-CCM Encryption Algorithm description/sample examples can be found in the core Bluetooth specification (https://www.bluetooth.com/specifications/bluetooth-core-specification) core version 4.2 in the section Vol#6,Part-C.

I have attached a sample PSoC Creator project for verifying the same.Please let me know if it answers your query correctly.

-Gyan

0 Likes

Hello Gyan,

We know how to use the functions inside of PSoC creator, that is not the issue.  We are wanting to create a compatible function at a PC/Mobile end of a Bluetooth connection.

I.e. inside the PRoC-BLE, use this to encrypt and then on a PC, receive and decrypt and validate the MIC to validate the data.

We have the PC algorithm working.  However AES_CCM on a PC requires extra data outside of the KEY, NONCE and DATA.  Per the BLE spec referenced above, this can vary.  However we want to know if the PSoC implementation has a fixed additional data value of bytes[] = {1}, or if it varies.

Thanks,

Dave

0 Likes

Hi Dave,

  The additional data field ('aad') you can put as '1' for PC AES-CCM Algorithm. The PSoC BLE APIs take care of it internally.

-Gyan

0 Likes