• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 91 subscribers
  • Views 802 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 284985
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Decryption on fly, corrupted plain data

Hiihtaja

Hello !

I have evaluated AES-CCM co-processor in on-fly and from memory-to-memory encryption/decryption operations and see it works in BLE 2Mbit  mode without visible problems.

But in case of 1Mbit, 500k and 125K on-fly modes, decryption is always failed ( MIC error ).

If after that I execute decryption operation from memory to memory, MIC is OK and data looks correct.

Encrypted data is received with valid CRC and I make conclusion that decryption on-fly have problem due HW problem or some miss-configuration.

Decrypted packets after on-fly and memory to memory operations are very close but some bytes are different ( 64 bytes are dumped, but packet length - 0x2E):

On-Fly : 002e00090101ff08010102baab6c87000ee8a43ffd010000000000000000000000003701f0cfce162ee91768656c6c6f7a000000000000000000000000000000
MtoM   : 002e00090101ff08010102baab6c87000ee8663ffd010000000000000000000000000001f0cfce162ee91768656c6c6f31000000000000000000000000000000

S1 =0

Does it possible if AES-CCM HW have some problem with decryption ?

With 2Mbit radio and 2 Mbit datarate everything work fine. In other modes - decrypted buffer is always corrupted, but encryption and receiving encryption package work fine.

Regards,

Eugene

Parents
  • 0

    Hi,

    Does it possible if AES-CCM HW have some problem with decryption ?

    No, there are no issues or errata's for this HW peripheral. Since it works in BLE 2Mbit, but not the other modes, I suspect it might be some configuration issue or timing issue in the application.

  • 0 in reply to Sigurd

    Hi !

    Basically this is the question what really can effect to so small corruption in on-fly mode if without it everything work fine and in 2M mode also  ?

    I have taken one more short sample

    EN : 001800b212a04669a1157656d383579ba70ee859b295166313079f00000000000000000000000000000000000000000000000000000000000000000000000000
    OnFly Mic error : 001400160100ff15010102baab7ef000fd01e8000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000
    M2M : 001400160100ff15010102baab7ef000fd0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    If beginning is OK, it means kestream ig generated in time

    If exactly the same encrypted data from buffer to buffer are decrypted without problems, radio TX/RX also works.

    For example, I have found undocumented feature when 2M encryption on fly dosn't  work if S1 fileld missing and I must to include it to frame even in PS it is not mandatory.

    Looks like LENGTH field can have any side and no any AES block size aligment.

    Regards,

    Eugene

  • 0 in reply to Hiihtaja

    Hi !

    For example here, clear visible as bytes from crypted text moved to plain test as it is,

    but output buffer is zeroed before rx operation.

    EN : 0065007077898898179ce19f4e88e1ab127f6846c310fc649f0f532238dfbdcf0446ace8c2ba523bfaadd1bd253213de65d9ef1679e438ac1dc992295a81837c
    InFlyDeccrypt MIC error: 006100d10900ffcf090201baab6af0000dc4ec3afd01000000000000000000000000ac018100ec2700030004492b1f620000ef00763b08000000000010111213
    M2M MIC OK: 006100d10900ffcf090201baab6af0000dc4843afd0100000000000000000000000000018100ec2700030004492b1f6200000000763b08000000000010111213

    Looks as series of zero bytes create some disturbance in decrypted test.

    Is any idea about it ?

    Regards,

    Eugene

Reply
  • 0 in reply to Hiihtaja

    Hi !

    For example here, clear visible as bytes from crypted text moved to plain test as it is,

    but output buffer is zeroed before rx operation.

    EN : 0065007077898898179ce19f4e88e1ab127f6846c310fc649f0f532238dfbdcf0446ace8c2ba523bfaadd1bd253213de65d9ef1679e438ac1dc992295a81837c
    InFlyDeccrypt MIC error: 006100d10900ffcf090201baab6af0000dc4ec3afd01000000000000000000000000ac018100ec2700030004492b1f620000ef00763b08000000000010111213
    M2M MIC OK: 006100d10900ffcf090201baab6af0000dc4843afd0100000000000000000000000000018100ec2700030004492b1f6200000000763b08000000000010111213

    Looks as series of zero bytes create some disturbance in decrypted test.

    Is any idea about it ?

    Regards,

    Eugene

Children
  • +1 in reply to Hiihtaja

    Hello !

    I have found dirty fix but can't explain it becouse no documentation about it.

    Error free decryption on fly depends from S1LEN configuration value.

    S1LEN have valid range value for each radio mode

    2Mbit   1-8

    1Mbit   1-6 bit

    500K  1-6

    125K  1 only

    So I have set it to 1 and it work in all radio modes.

    Can you explain what is role of S1 byte for triggering decryption on fly  ?

    Is any connection of it with preconfigured PPI channel 25 ?

    NRF_PPI->CHEN |= (1UL << NRF_PPI_CHANNEL25);

    what trigger decrypt process.

    Regards,

    Eugene

Related
Terms of service