• State Verified Answer
  • Replies 4 replies
  • Subscribers 73 subscribers
  • Views 2873 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 201703
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

CryptoCell CC310 AES CCM* arbitrary Nonce

chris-ho

Hello all, Nordic Team

i've a question regarding the format of the nonce used within CryptoCell Library v0.9.0.a

What i've learned so far is, that CRYS_AESCCMstar requires a nonce where the length of authentication tag can be derived. I don't find a standard describing that as mandatory. In ZigBee specification there is a sidenote about it but within IEEE802.15.4-2015 i can't find any relation.

I'm currently implementing some tests based on the test vectors given in the IEEE standard which are failing right now because of the above mention restriction.

As mention in this thread:

https://devzone.nordicsemi.com/f/nordic-q-a/27176/crys_ecdsa_verify-returns-0x00f00871-sdk14/107054#107054

there is a new version of the library in preparation. Are there any thoughts about this issue covered? Because if i'm using CRYS_AESCCM any nonce format is accepted. On the other hand encryption only is not support in CCM.

Are there other ways to access the cryptocell directly?

Best regards

Chris

  • 0

    Version 0.9.9 of the nrf_cc310 runtime library now supports all security levels described in the chapter 7.3.4.2 c data output in the IEEE Std 802.15.4Tm-2011 Low-Rate Wireless Personal Area Networks (LR-WPANs) standard. This version of the nrf_cc310 runtime library will be part of the upcoming nRF5 SDK 15.0.0 release.

     

    Please refer to table in the spec:  Table 56 c data for all security levels

     

     

    Previously the nrf_cc310 runtime library only supported security level 4-7, but with version  0.9.9 of the nrf_cc310 runtime library security levels 0-3 is also supported. This includes the security levels None, MIC-32, MIC-64 and MIC-128.

     

    Note that the nrf_cc310 runtime library and nrf_crypto_aead APIs still supports the deprecated security level 4 according to IEEE Std 802.15.4Tm-2015: IEEE Standard for Low-Rate Wireless Networks. This mode has been deprecated according to the standard

     

    Please refer to Table 9-4 – c data for all security levels where mode 4 is removed

     

     

    For reference (from the standard):

    In previous version of the standard, security level 4 was a level which provided only data confidentiality but without data authenticity. This security level is deprecated and shall not be used in implementation compliant with this standard.

     

    Security level 4 has NOT been explicitly removed from the nrf_cc310 runtime library or the nrf_crypto_aead APIs

     

     

    Examples and verification

    Examples of usage of the AES CCM* mode can be seen in the nrf_crypto_aead APIs which is added in the upcoming nRF5 SDK 15.0.0 release. These APIs use the nrf_cc310 runtime library as a portable cryptographic backend.

     

    We have also provide added AES CCM* mode verification using standardized test vectors from IEEE P802.15-4/0537r2: Formal Specification of the CCM* Mode of Operation  as well as custom vectors in an tailor made verification application that is using the  nrf_crypto_aead APIs.

  • 0 in reply to Rune Holmgren

    Hi

    I figured out that the updated SDK v 15.0 seems only support the nonce format described in Chapter 9.3.2.1 of 802.15.4 -2015 (see Attachements) can you confirm that? Are there any plans to support the TSCH mode also with a future release? or is there a chance to get a patch or quick fix for that?

    Best regards

    Chris

  • +1 in reply to chris-ho

    Hi,

    You are right that TSCH mode it not supported in the CryptoCell library in SDK 15 (0.9.9). We are looking into this so we may add support in a future SDK release.

  • 0 in reply to Einar Thorsrud

    Hi ,

    the test vectors mentioned from are working but if you modify the nonce in those vectors, especially last byte CRYS_AESCCMStar returns error code 0x00F0150C which resolves in CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR

Related
Terms of service