This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is it Possible to Use Aead CCM (on a NRF 52840 with CC310) to verify a message without an encrypted Message? (Just Adata)

Hi,

i use the Aead-Lib for CCM on the NRF52840. What is the best way to Check an Mac from a Message wich only has Adata (no acctual encryptet message)?

If i try to use a decrypt i get the error code for: "An internal error occurred when calling this function"

Top Replies

Vidar Berg over 6 years ago in reply to DrGanmon +1 verified

Suggest that you run nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_ENCRYPT,..) first, then run decrypt you dummy data. You can assume that the signature is invalid if you get internal error while all parameters…

Parents

0 DrGanmon over 6 years ago

the code i uses looks like:

uint8_t key[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
uint8_t nonce[13] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x00, 0x00};
uint8_t mac[4] = {0xFF,0xFF, 0xFF, 0xFF}; // DEMO
uint8_t ret_buffer[20];
uint8_t auth[4] = {0xAA, 0xBB,0xCC,0xDD};
uint8_t adata[9]  = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
ret_code_t ret;


nrf_crypto_aead_info_t const * p_ccm_info = &g_nrf_crypto_aes_ccm_128_info;

ret = nrf_crypto_aead_init(&ccm_ctx, p_ccm_info, key);
APP_ERROR_CHECK(ret);

ret = nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_DECRYPT, nonce, sizeof(nonce), adata, sizeof(adata), auth,0, ret_buffer, mac, sizeof(mac));

printf(nrf_crypto_error_string_get(ret));

Reply

0 DrGanmon over 6 years ago

the code i uses looks like:

uint8_t key[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
uint8_t nonce[13] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x00, 0x00};
uint8_t mac[4] = {0xFF,0xFF, 0xFF, 0xFF}; // DEMO
uint8_t ret_buffer[20];
uint8_t auth[4] = {0xAA, 0xBB,0xCC,0xDD};
uint8_t adata[9]  = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
ret_code_t ret;


nrf_crypto_aead_info_t const * p_ccm_info = &g_nrf_crypto_aes_ccm_128_info;

ret = nrf_crypto_aead_init(&ccm_ctx, p_ccm_info, key);
APP_ERROR_CHECK(ret);

ret = nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_DECRYPT, nonce, sizeof(nonce), adata, sizeof(adata), auth,0, ret_buffer, mac, sizeof(mac));

printf(nrf_crypto_error_string_get(ret));

Children

0 Vidar Berg over 6 years ago in reply to DrGanmon

Hi,

I noticed that you initialize mac to 0xFF,.., you should to use the MAC generated when you "encrypted" the data (signed in this case). Note that the cc310 backends returns internal error if the signature validation fails so it doesn't necessarily mean that you passed an invalid arguments, etc.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 DrGanmon over 6 years ago in reply to Vidar Berg

hi,

as writen in the comment ALL parameters are dummys. Even the MAC.

Does it mean i have no possibility to get if something with the input is wrong or the MAC was not correkt if i use the CC310?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Vidar Berg over 6 years ago in reply to DrGanmon

Suggest that you run nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_ENCRYPT,..) first, then run decrypt you dummy data.

You can assume that the signature is invalid if you get internal error while all parameters are otherwise correct.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel
0 DrGanmon over 6 years ago in reply to Vidar Berg

Thanks. That worked Out. i had an ADATA Offset form 1 Bit ...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel