Announcements

Help us improve the Power & Sensing Selection Guide. Share feedback

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
lock attach
Attachments are accessible only for community members.
JeGu_2199941
Level 5
Level 5
25 likes received 10 likes received 10 likes given

It seems that Cypress provides AES-CCM APIs in wiced_security.h, though without source code.

/**

* @brief               AES-CCM MAC calculation

*

* @param[in]  ctx          : AES context

* @param[in]  length       : Length of the input data

* @param[in]  aad_length   : Length of the additional associated data

* @param[in]  nonce        : The nonce to use

* @param[in]  nonce_length : Length of nonce.

* @param[in]  aad_input    : The buffer containing the additional associated data

* @param[in]  data_input   : Buffer holding the input data

* @param[out] mac_output   : Buffer which receives the output MAC

*/

int aes_ccm_mac( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce,int nonce_length, const unsigned char *aad_input, const unsigned char *data_input, unsigned char mac_output[8] );

/**

* @brief                   AES-CCM encryption

*

* @param[in]  ctx               : AES context

* @param[in]  length            : Length of the input data

* @param[in]  aad_length        : Length of the additional associated data

* @param[in]  nonce             : The nonce to use

* @param[in]  nonce_length      : Length of nonce.

* @param[in]  aad_input         : The buffer containing the additional associated data

* @param[in]  plaintext_input   : Buffer holding the input data

* @param[out] ciphertext_output : Buffer which receives the output ciphertext

* @param[out] mac_output        : Buffer which recieves the output MAC

*/

int aes_encrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length, const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *plaintext_input, unsigned char *ciphertext_output, unsigned char mac_output[8] );

/**

* @brief                   AES-CCM decryption

*

* @param[in]  ctx              : AES context

* @param[in]  length           : Length of the input data

* @param[in]  aad_length       : Length of the additional associated data

* @param[in]  nonce            : The nonce to use

* @param[in]  nonce_length     : Length of nonce.

* @param[in]  aad_input        : The buffer containing the additional associated data

* @param[in]  ciphertext_input : Buffer holding the input data

* @param[out] plaintext_output : Buffer which receives the output plaintext

*/

int aes_decrypt_ccm( aes_context_t *ctx, uint32_t length, uint32_t aad_length,  const unsigned char *nonce, uint8_t nonce_length, const unsigned char *aad_input, const unsigned char *ciphertext_input, unsigned char *plaintext_output );

I found sample code for aes_decrypt_ccm in wiced_cooee.c, but I can't find any sample for aes_encrypt_ccm.

I tried to follow snip.crypto as the following snippet, but I just can't do it right.

<snippet>

    int ret;

    aes_context_t context_aes_enc;

    aes_context_t context_aes_dec;

    uint8_t key[16] = {0};

    uint8_t nonce[13] = {0}; // 13 == strlen("used once !!!")

    uint8_t cipher_text[64] = {0};

    uint8_t plain_text[64] = {0};

    uint8_t plain_text_len = strlen("plain text SSID and PSWD");

    uint8_t aad_data[13] = {0}; // 1ˇ = strlen("wtf is this ?")

    uint8_t mac_enc[8] = {0};

    uint8_t mac_dec[8] = {0};

    uint8_t plain_text_dec[64] = {0};

    memcpy(key, "some secret key!", 16); // strlen("some secret key!") == 16 bytes == 128 bit

    memcpy(nonce, "used once !!!", sizeof(nonce));

    memcpy(plain_text, "plain text SSID and PSWD", plain_text_len);

    memcpy(aad_data, "wtf is this ?", 13);

    memset(&context_aes_enc, 0, sizeof(context_aes_enc));

    aes_setkey_enc(&context_aes_enc, key, 128);

    PRINT("done aes_setkey, key: %.*s\n", 16, (char*)key);

    ret = aes_encrypt_ccm(&context_aes_enc, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, cipher_text, mac_enc);

    PRINT("aes_encrypt_ccm() = %d\n", ret);

    PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text);

    hexdump(cipher_text, sizeof(cipher_text));

    hexdump(mac_enc, sizeof(mac_enc));

    memset(&context_aes_dec, 0, sizeof(context_aes_dec));

    aes_setkey_dec(&context_aes_dec, key, 128);

    ret = aes_decrypt_ccm(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, cipher_text, plain_text_dec);

    PRINT("aes_decrypt_ccm() = %d\n", ret);

    PRINT("plain_text: %.*s\n", plain_text_len, (char*)plain_text_dec);

    hexdump(plain_text_dec, sizeof(plain_text_dec));

    ret = aes_ccm_mac(&context_aes_dec, plain_text_len, sizeof(aad_data), nonce, sizeof(nonce), aad_data, plain_text, mac_dec);

    PRINT("aes_ccm_mac() = %d\n", ret);

    hexdump(mac_dec, sizeof(mac_dec));

<execution>

done aes_setkey, key: some secret key!

aes_encrypt_ccm() = 0

plain_text: plain text SSID and PSWD

C4BDF107C6C2991DBFEA4E4C6A21643633D653EF335825D300000000000000000000000000000000000000000000000000000000000000000000000000000000

31D845C85F2744F0

aes_decrypt_ccm() = -1

plain_text: ��,�j5��x��̴�ӒF�%s

FD8DF0A22CB96A35F7DC78EAF5CCB4ABD31692469625197300000000000000000000000000000000000000000000000000000000000000000000000000000000

aes_ccm_mac() = 0

9A28C7DAE36C0F2E

Does anyone know how to correctly use these APIs?

Edit:

Attached verification by Pycryptodome.

By comparing the execution results, I think encrypt is fine for both cipher_text and MAC.

But I still need to find out how to use "aes_decrypt_ccm" correctly...

0 Likes
1 Solution
RaktimR_11
Moderator
Moderator
Moderator
500 replies posted 250 replies posted 100 replies posted

Hello Xavier,

We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?

View solution in original post

1 Reply
RaktimR_11
Moderator
Moderator
Moderator
500 replies posted 250 replies posted 100 replies posted

Hello Xavier,

We were able to reproduce the issue you faced. We have already raised an internal ticket to fix the issue with aes_decrypt_ccm() API for the older SDKs. Did you try using the mbedTLS library to implement the same?