Hi,
I am working on the STM32H533RE microcontroller and implementing AES-CCM encryption using a NIST test vector for validation. While the encrypted output matches the expected result, the authentication tag generated is incorrect. I have shared the relevant code and configuration above for reference.
CRYP_HandleTypeDef hcryp;
uint32_t pKeyAES[4] = {0x40414243,0x44454647,0x48494A4B,0x4C4D4E4F};
__ALIGN_BEGIN static const uint8_t HeaderAES[16] __ALIGN_END = {
0x00, 0x08, // Length = 8 bytes
0x00, 0x01, 0x02, 0x03, // AAD
0x04, 0x05, 0x06, 0x07,
0x00, 0x00, 0x00, 0x00, // Padding
0x00, 0x00
};
__ALIGN_BEGIN static const uint32_t B0AES[4] __ALIGN_END = {
0x4f101112,0x13141516,0x00000000,0x00000004};
uint8_t sampledata[4] = {0x20, 0x21, 0x22, 0x23};
uint8_t sampleoutputdata[8];
uint32_t sampletagdata[8]; // 4 bytes
static void MX_AES_Init(void)
{
/* USER CODE BEGIN AES_Init 0 */
/* USER CODE END AES_Init 0 */
/* USER CODE BEGIN AES_Init 1 */
/* USER CODE END AES_Init 1 */
hcryp.Instance = AES;
hcryp.Init.DataType = CRYP_BYTE_SWAP;
hcryp.Init.KeySize = CRYP_KEYSIZE_128B;
hcryp.Init.pKey = (uint32_t *)pKeyAES;
hcryp.Init.Algorithm = CRYP_AES_CCM;
hcryp.Init.Header = (uint32_t *)HeaderAES;
hcryp.Init.HeaderSize = 4;
hcryp.Init.B0 = (uint32_t *)B0AES;
hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL;
if (HAL_CRYP_Init(&hcryp) != HAL_OK)
{
Error_Handler();
}
/* USER CODE BEGIN AES_Init 2 */
/* USER CODE END AES_Init 2 */
}
main()
{
HAL_CRYP_Encrypt(&hcryp, sampledata, 4, sampleoutputdata, 1000);
HAL_CRYPEx_AESCCM_GenerateAuthTAG(&hcryp, sampletagdata, HAL_MAX_DELAY);
}
