• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Subscribers 75 subscribers
  • Views 2014 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 119725
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

MICSTATUS is not set to 1 when decrypting packet

Kevin

Hello Nordic team,

I am developing a proprietary radio protocol and i am using aes ccm peripheral for encryption (i am a begginer). The packets seem to be correctly encrypted ( the error event is not trigged while the endskgen and endcrypt event are trigged). I clear all events before start key generation task.

When i try to decrypt the packet i am using the same initialization vector and the same aes key than for encryption and i reset counter values to 0 in memory area pointed by CNFPTR. I do the same thing for encryption : before each encryption i reset the aes key value, initialization vector value and counters.

The decryption operation seems to work correctly (the mic is removed from payload) length field is updated (by substracting 4 to its value) and the decrypted payload is exactely the same than the unencrypted payload given to encryption as an input.

The length field seems to be good (corresponding to payload length) and its size is 8 bits (so i set the length bit of mode register to 1) because i'm not using S1 field (i include it in RAM).

The encrypted Payload in input of decryption is exactely the same than payload at output of encryption and buffers are separated.

At the output of encryption length field is correctly updated (by adding 4 to its value) and 4 bytes (the MIC) are appended to encrypted payload.

I try also to set length field to 0 (empty payload) so the mic check should always pass, but it doesn't and i have no idea why.

I see also data is written to scratch pointer very far after the recommended scratchpointer size (My packet is 13 bytes long but data is written 258 bytes after scratchpointer start address) and to the CNFPOINTER very far after the Initialization vector field address (the documentation specifies the Initialization vector is 8 bytes long but the memory is written 143 bytes after cnfpointer start address). Do i make a mistake during configuration?

Can you help me? Kevin

ps: I am using softdevice S132 v2.0 and i use radio and ccm through timeslot API. I'm using ppi channels to trig SW interrupt in the order to catch and clear the CCM events (the softdevice seems to not forward ccm interrupts ... only radio and timer 0 are forwarded through the handler function given in session_open function).

Parents Reply Children
  • 0 in reply to Kevin

    Hello,

    i had the same problem.

    A failed MIC Check after decryption of radio packets 

    I tried to encrypt packets on the fly at the transmitter.

    So NRF_CCM->INPTR and NRF_CCM->OUTPTR both pointed to the same array-address as RADIO->PACKETPTR.

    At the receiver side i had the problem, that the decrypted data was ok, but the MICSTATUS was still zero.

    Following step solved the issue: 

    I removed the inplace operation, by letting NRF_CCM->INPTR and NRF_CCM->OUTPTR point to different arrays.

    The calculated MIC was different... and the MIC check at the receiver passed.

     

     

Related
Terms of service