This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

AES Encryption with SD

Hi there,

I'm using the softdevice sd_ecb_block_encrypt to encrypt my 16byte block data as follows:

When my data buffer is filled, it called aes_encrypt(),

void aes_encrypt(void) { int error = 0; uint8_t clear_text[16] = {Data[0], Data[1], Data[2], Data[3], Data[4], Data[5],Data[6], Data[7], Data[8], Data[9], Data[10], Data[11], Data[12], 0x00, 0x00, 0x00};

nrf_ecb_hal_data_t encryption_parm;
memset(&encryption_parm, 0, sizeof(encryption_parm));
memcpy(encryption_parm.key, key, 16);
memcpy(encryption_parm.cleartext, clear_text, 16);
memcpy(encryption_parm.ciphertext, cipher_text, 16);

error = sd_ecb_block_encrypt(&encryption_parm);
printf("%d", error);
printf("%s", cipher_text);

/* write to eddystone UID frame */
write_uid_frame_buffer();
eddystone_set_adv_data(EDDYSTONE_UID);

}

A snipplet of my write_uid_frame_buffer is as follows:

encoded_advdata[(*len_advdata)++] = cipher_text[0];
encoded_advdata[(*len_advdata)++] = cipher_text[1];
encoded_advdata[(*len_advdata)++] = cipher_text[2];
encoded_advdata[(*len_advdata)++] = cipher_text[3];
encoded_advdata[(*len_advdata)++] = cipher_text[4];
encoded_advdata[(*len_advdata)++] = cipher_text[5];
encoded_advdata[(*len_advdata)++] = cipher_text[6];

I'm basically encrypting a segment of my eddystone broadcasting frame to be deciphered by specific users only. I'm not getting any new values from cipher_text after sd_ecb_block_encrypt(&encryption_parm) is called, any idea?

Parents
  • The AES block is used to create a chippertext, this can be used to encrypt/decrypt data as shown below:

    nrf_ecb_hal_data_t aes_struct;
    
    uint8_t aes_data[16];
    
    uint8_t aes_data_decrypted[16];
    
    
    
    //Initializing arrays
    
    memset (&aes_struct, 0, sizeof(aes_struct));
    
    memset (aes_data, 0, sizeof(aes_data));
    
    memset (aes_data_decrypted, 0, sizeof(aes_data_decrypted));
    
    
    
    //Initializing key
    
    for (int i = 0; i < 16; i++)
    
    {
    
        aes_struct.key [i] = i;
    
    }
    
    
    
    //Initializing nouncence
    
    memset (aes_struct.cleartext, 0xaa, sizeof(aes_struct.cleartext)); //todo: use more random data and add counter
    
    
    
    //Creating chipertext
    
    sd_ecb_block_encrypt(&aes_struct);  
    
    
    
    //Encrypt -> XOR chipertext with p_data:
    
    for (int i = 0; i < length; i++)
    
    {  
    
        aes_data[i] = p_data [i] ^ aes_struct.ciphertext[i];
    
    }
    
    
    
    //decrypt -> XOR chipertext with Encrypted data:
    
    for (int i = 0; i < length; i++)
    
    {  
    
        aes_data_decrypted[i] = aes_data [i] ^ aes_struct.ciphertext[i];
    
    }
    
  • Compared to the "block cipher mode of operation" article on wikipedia: p_data is the actuall data you want to encrypt (plaintext). aes_struct.ciphertext is the same as the "block chiper encryption" block output. So when aes_struct.ciphertext is xor'ed with p_data you get what is named ciphertext in the counter mode overview in the wikipedia article (encrypted data ready to send). Obviously it's a bit confusion since there are two chipertexts... But the AES block supports encryption, not decryption which is why it's done like this.

Reply
  • Compared to the "block cipher mode of operation" article on wikipedia: p_data is the actuall data you want to encrypt (plaintext). aes_struct.ciphertext is the same as the "block chiper encryption" block output. So when aes_struct.ciphertext is xor'ed with p_data you get what is named ciphertext in the counter mode overview in the wikipedia article (encrypted data ready to send). Obviously it's a bit confusion since there are two chipertexts... But the AES block supports encryption, not decryption which is why it's done like this.

Children
Related