• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 15 replies
  • Subscribers 64 subscribers
  • Views 24831 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 113428
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

AES Encryption with SD

leehong

Hi there,

I'm using the softdevice sd_ecb_block_encrypt to encrypt my 16byte block data as follows:

When my data buffer is filled, it called aes_encrypt(),

void aes_encrypt(void) { int error = 0; uint8_t clear_text[16] = {Data[0], Data[1], Data[2], Data[3], Data[4], Data[5],Data[6], Data[7], Data[8], Data[9], Data[10], Data[11], Data[12], 0x00, 0x00, 0x00};

nrf_ecb_hal_data_t encryption_parm;
memset(&encryption_parm, 0, sizeof(encryption_parm));
memcpy(encryption_parm.key, key, 16);
memcpy(encryption_parm.cleartext, clear_text, 16);
memcpy(encryption_parm.ciphertext, cipher_text, 16);

error = sd_ecb_block_encrypt(&encryption_parm);
printf("%d", error);
printf("%s", cipher_text);

/* write to eddystone UID frame */
write_uid_frame_buffer();
eddystone_set_adv_data(EDDYSTONE_UID);

}

A snipplet of my write_uid_frame_buffer is as follows:

encoded_advdata[(*len_advdata)++] = cipher_text[0];
encoded_advdata[(*len_advdata)++] = cipher_text[1];
encoded_advdata[(*len_advdata)++] = cipher_text[2];
encoded_advdata[(*len_advdata)++] = cipher_text[3];
encoded_advdata[(*len_advdata)++] = cipher_text[4];
encoded_advdata[(*len_advdata)++] = cipher_text[5];
encoded_advdata[(*len_advdata)++] = cipher_text[6];

I'm basically encrypting a segment of my eddystone broadcasting frame to be deciphered by specific users only. I'm not getting any new values from cipher_text after sd_ecb_block_encrypt(&encryption_parm) is called, any idea?

Parents
  • 0

    The AES block is used to create a chippertext, this can be used to encrypt/decrypt data as shown below:

    nrf_ecb_hal_data_t aes_struct;

uint8_t aes_data[16];

uint8_t aes_data_decrypted[16];



//Initializing arrays

memset (&aes_struct, 0, sizeof(aes_struct));

memset (aes_data, 0, sizeof(aes_data));

memset (aes_data_decrypted, 0, sizeof(aes_data_decrypted));



//Initializing key

for (int i = 0; i < 16; i++)

{

    aes_struct.key [i] = i;

}



//Initializing nouncence

memset (aes_struct.cleartext, 0xaa, sizeof(aes_struct.cleartext)); //todo: use more random data and add counter



//Creating chipertext

sd_ecb_block_encrypt(&aes_struct);  



//Encrypt -> XOR chipertext with p_data:

for (int i = 0; i < length; i++)

{  

    aes_data[i] = p_data [i] ^ aes_struct.ciphertext[i];

}



//decrypt -> XOR chipertext with Encrypted data:

for (int i = 0; i < length; i++)

{  

    aes_data_decrypted[i] = aes_data [i] ^ aes_struct.ciphertext[i];

}
Reply
  • 0

    The AES block is used to create a chippertext, this can be used to encrypt/decrypt data as shown below:

    nrf_ecb_hal_data_t aes_struct;

uint8_t aes_data[16];

uint8_t aes_data_decrypted[16];



//Initializing arrays

memset (&aes_struct, 0, sizeof(aes_struct));

memset (aes_data, 0, sizeof(aes_data));

memset (aes_data_decrypted, 0, sizeof(aes_data_decrypted));



//Initializing key

for (int i = 0; i < 16; i++)

{

    aes_struct.key [i] = i;

}



//Initializing nouncence

memset (aes_struct.cleartext, 0xaa, sizeof(aes_struct.cleartext)); //todo: use more random data and add counter



//Creating chipertext

sd_ecb_block_encrypt(&aes_struct);  



//Encrypt -> XOR chipertext with p_data:

for (int i = 0; i < length; i++)

{  

    aes_data[i] = p_data [i] ^ aes_struct.ciphertext[i];

}



//decrypt -> XOR chipertext with Encrypted data:

for (int i = 0; i < length; i++)

{  

    aes_data_decrypted[i] = aes_data [i] ^ aes_struct.ciphertext[i];

}
Children
  • 0 in reply to run_ar

    Hi! Thanks for this example of AES XOR, but I was wondering if you could help me out a bit. I'm not a crypto pro but I got the following:

    • You init all variables and memset them to 0
    • you make a key, which is now just simply 0x00010203040506070809....
    • you set the whole plain text (clear text/text you want to encrypt) to 0xaa......
    • Enctypt it all
    • XOR p_data with the ciphertext. (1)
    • to decode to XOR the received enctypted aes_data with a ciphertext (2)

    What I dont get is for point (1) What is p_data and what is where does the ciphertext come from? Is p data the raw data (so p_data = cleartext). Wikipedia stated that " he key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input, called the plaintext, into the final output, called the ciphertext." If so, then (2) states that the ciphertext is known on the dec side

  • 0 in reply to run_ar

    Compared to the "block cipher mode of operation" article on wikipedia: p_data is the actuall data you want to encrypt (plaintext). aes_struct.ciphertext is the same as the "block chiper encryption" block output. So when aes_struct.ciphertext is xor'ed with p_data you get what is named ciphertext in the counter mode overview in the wikipedia article (encrypted data ready to send). Obviously it's a bit confusion since there are two chipertexts... But the AES block supports encryption, not decryption which is why it's done like this.

  • 0 in reply to run_ar

    hi @run_ar

    i need encrypt the advertising data like uuid,major&minor of my beacon so that it cannot be visible to other app or nrf connect it should be visible only to self designed app

    for this which code i should use

  • 0 in reply to Naralasetty Praneeth

    Hi, 

    Did you get what to do for this 

    Naralasetty Praneeth said:
    i need encrypt the advertising data like uuid,major&minor of my beacon so that it cannot be visible to other app or nrf connect it should be visible only to self designed app

    If so can you please share

  • 0 in reply to codebreaker176

    Hi,

    You can use the same procedure as described earlier to encrypt the data before placing it in the advertisement data as manufacturer specific data. However you also need a good (secure) way to exchange the secure key, if that is in place and you use counter mode it should be quite secure.

Related