Is it Possible to Use Aead CCM (on a NRF 52840 with CC310) to verify a message without an encrypted Message? (Just Adata)

the code i uses looks like: 

uint8_t key[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
uint8_t nonce[13] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x00, 0x00};
uint8_t mac[4] = {0xFF,0xFF, 0xFF, 0xFF}; // DEMO
uint8_t ret_buffer[20];
uint8_t auth[4] = {0xAA, 0xBB,0xCC,0xDD};
uint8_t adata[9]  = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
ret_code_t ret;


nrf_crypto_aead_info_t const * p_ccm_info = &g_nrf_crypto_aes_ccm_128_info;

ret = nrf_crypto_aead_init(&ccm_ctx, p_ccm_info, key);
APP_ERROR_CHECK(ret);

ret = nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_DECRYPT, nonce, sizeof(nonce), adata, sizeof(adata), auth,0, ret_buffer, mac, sizeof(mac));

printf(nrf_crypto_error_string_get(ret));

Hi, 

I noticed that you initialize mac to 0xFF,.., you should to use the MAC generated when you "encrypted" the data (signed in this case). Note that the cc310 backends returns internal error if the signature validation fails so it doesn't necessarily mean that you passed an invalid arguments, etc.  

hi, 

as writen in the comment ALL parameters are dummys. Even the MAC. 

Does it mean i have no possibility to get if something with the input is wrong or the MAC was not correkt if i use the CC310?  

Suggest that you run nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_ENCRYPT,..) first, then run decrypt you dummy data. 

You can assume that the signature is invalid if you get internal error while all parameters are otherwise correct.  

Suggest that you run nrf_crypto_aead_crypt(&ccm_ctx, NRF_CRYPTO_ENCRYPT,..) first, then run decrypt you dummy data. 

You can assume that the signature is invalid if you get internal error while all parameters are otherwise correct.  

Thanks. That worked Out. i had an ADATA Offset form 1 Bit ...