Unable to decrypt AES-CCM encrypted message from Central

RE: Unable to decrypt AES-CCM encrypted message from Central

Johan83 — Tue, 07 May 2024 11:49:11 GMT

Hi Amanda,

I tried the sample on AES-CCM and have finally zoned down the issue to the key generation part (or in my case key import function). I encrypted a message in flutter (android phone) and send it over to the controller through ble NUS and I declared the same nonce key and aad I used in flutter. It seem that only when I tried to use

status_key = psa_import_key(&key_attributes, aes_key, sizeof(aes_key), &key_id);

where aes_key is the key I declared in VScode for the controller:

uint8_t aes_key[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10 };

instead of

status = psa_generate_key(&key_attributes, &key_handle); (original code in the example)

that I ran into issue.

Also, I noticed that the data type for key identifier in the example you linked me to is

"psa_key_handle_t" while the data type used in the documentation you linked me to uses "

psa_key_id_t". While both seem to work (the key is either generated or imported successfully for the aes-ccm example), "psa_key_handle_t" does not work for psa_import_key function.

Regards,

Johan

RE: Unable to decrypt AES-CCM encrypted message from Central

Amanda Hsieh — Wed, 01 May 2024 15:58:54 GMT

Hi,

You can check out this sample https://github.com/nrfconnect/sdk-nrf/tree/v2.6.1/samples/crypto/aes_ccm

-Amanda H.

RE: Unable to decrypt AES-CCM encrypted message from Central

Johan83 — Wed, 01 May 2024 14:29:34 GMT

Hi Amanda,

I have validated that I my key is compatible and the nonce length is correct (12 bytes), I have also looked though various sources, but I still encounter the status -135 error.

Also, it seem strange that my ciphertext is only 18 bytes as I calculated that it should be 31 bytes:

Plaintext size: 2 bytes: [0x01, 0x0C]
Nonce size: 12 bytes: [0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B]
Additional authentication data (AAD) size: 1 byte: [0x00]
Authentication tag size: 16 bytes

Total: 2+12+1+16 = 31 bytes

However, my ciphertext after encryption with AES-CCM (in flutter) is 18 bytes or

[180, 164, 171, 198, 129, 128, 178, 33, 55, 252, 241, 150, 243, 128, 243, 116, 146, 219]

I tried decrypting this set of data using the PSA_ALG_CCM algorithm with the psa_aead_decrypt function and got the status -135 error. Could this be the problem?

I am sorry if the question is very basic as I am new to the topic of encryption.

Thanks,

Jinhhao

RE: Unable to decrypt AES-CCM encrypted message from Central

Amanda Hsieh — Fri, 26 Apr 2024 13:12:27 GMT

Hi Johan,

The error code -135 means PSA_ERROR_INVALID_ARGUMENT.

The following conditions can result in this error:

alg is not an AEAD algorithm.
key is not compatible with alg.
nonce_length is not valid for use with alg and key.
additional_data_length or ciphertext_length are too large for alg.

Please check out psa_aead_decrypt (function).

Regards,
Amanda H.