FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AES CCM encryption with HW AES module

MSaez.1
Associate II

‎2022-07-04 03:17 AM

Hello,

I am trying yo implement the HW encryption acceleration on a STM32F423CH for AED CCM Mode.

I tried to implement on the first place the CTR encryption mode but it seems to me that the example provided in the NIST Special Publication 800-38A cannot be implemented since the STM32 Inicitialization Vector only accept 96 bits and not the 128bits from the NIST example:

F.5.5 CTR-AES256.Encrypt

Key 603deb1015ca71be2b73aef0857d7781

1f352c073b6108d72d9810a30914dff4

Init. Counter f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff

Block #1

Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff

Output Block 0bdf7df1591716335e9a8b15c860c502

Plaintext 6bc1bee22e409f96e93d7e117393172a

Ciphertext 601ec313775789a5b7a7f504bbf3d228

Is that right?

Second question, jumping the CCM implementation in the RM0430 Reference Manual of the STM32F423 there is a description on how to implement the CBC-MAC (CCM) encryption.

0693W00000QKNQVQA5.pngMy principal problem is how to configure the AES_IVR registers for this configuration to reproduce the examples on NIST Special Publication 800-38C.

In section 24.4.12 AES counter with CBC-MAC (CCM) the documentation says that the Generation of formatted input data blocks Bx (especially B0 and B1) must be managed by

the application.

0693W00000QKNVQQA5.pngThe AES Crypto module should be configure as CTR encryption for the first phase of the payload encryption. Nevertheless I come to the problem of the previous question. In that mode only 96 bits are allowed and the LSB should be the counter initialized to 0x0001:

0693W00000QKMq9QAH.png 

In order to reproduce the example vector C.2 Example 2 of the NIST Special Publication 800-38C.

K: 40414243 44454647 48494a4b 4c4d4e4f

N: 10111213 14151617

A: 00010203 04050607 08090a0b 0c0d0e0f

P: 20212223 24252627 28292a2b 2c2d2e2f

(B0: 56101112 13141516 17000000 00000010)

What do I have to introduce in the IVR registers? I tried different values without success:

uint8_t nonce1[] = {0x56, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
uint8_t nonce2[] = {0x56, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
uint8_t nonce3[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};

So my second question: Is the CCM encryption mode compatible with the AED module of STM32F423CH? How should I implement this? I am struggling with it and have no advance since days.

Thank you in advance.

Labels:
0 Kudos
1 REPLY 1
Bubbles
ST Employee

‎2022-10-03 06:27 AM

Hello @MSaez.1​ ,

sorry, I only noticed your question now.

Have you already overcome the problem in the meantime?

The IV must be full 128b on the STM32, otherwise it would not be AES. Or even any meaningful subset Rijndeael.

What prevents you from using existing crypto library like for example Mbed? there you would have all these problems solved.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top