cancel
Showing results for 
Search instead for 
Did you mean: 

Are AES-CCM encryption functions available to the BlueNRG-LP application developer?

alemv
Associate II

I noticed that the BlueNRG-LP BLE stack uses a special version of the cryptographic library "libcrypto.a" with only AES-CMAC cryptographic functions. But I do know that LE Legacy connections and LE Secure connections share AES in four different flavors: AES-ECB, AES-CBC, AES-CTR, and AES-CCM.

Since I need AES-CCM to encrypt(decrypt) traffic over UART, I have a question: is the AES-CCM encryption(decryption) used by the stack available to the application developer? If not, which of the plain AES encryption function is safe and better to use: AES_general_SW_enc (from cryptolib), AES_128_HW_enc (from aes_hw.c), hci_le_encrypt (from BLE stack) or AESMGR_Encrypt (from AESMGR)?

5 REPLIES 5
alemv
Associate II

I haven't found a way to use the AES-CCM feature of the BLE stack itself. So I had to write my own encryption and decryption functions for my special case (1 <= payload <= 255, no extra data, MAC length = 4, nonce = 13 zeros, ciphertext = payload + 4) using the function hci_le_encrypt. It works.

AndyR1
Senior

ok, i was using the BlueNRG-LP DK 1.0.0, I moved to the actual last BlueNRG-LP_LPS DK 1.2.0 to have the AES ECB.

you saved my day thanks

let me ask how to encrypt an extended packet (more than 16 bytes)

See encrypt_special_aes_ccm and decrypt_special_aes_ccm functions in the attachment.

JLEE.191
Associate

I haven't found a way to use the AES-CCM feature of the BLE stack itself. So I had to write my own encryption and decryption functions for my special case (1 <= payload <= 255, no extra data, MAC length = 4, nonce = 13 zeros, ciphertext = payload + 4) using the function hci_le_encrypt. It works.