FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use cmox_aead_decrypt function with addData pointer = null and tag size = 0

GSain.1
Associate II

‎2024-10-17 07:10 AM

Hi @Jocelyn RICARD,

 

My team developed Android app with following code to encrypt the message then send it to STM32WB55 device via BLE :

 

...
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "AES");
IvParameterSpec parameterSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameterSpec);
return cipher.doFinal(message);

 

This code has no tag/addData inputs.

 

First attempt:

I develop the following code to decrypt the encrypted message on STM32WB55 device  with AddData/Tag variables filled 0 because I dont use them:

 

const uint8_t AddData[] =
{
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

const uint8_t Expected_Tag[] =
{
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       sizeof(Expected_Tag),
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       AddData, sizeof(AddData),
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

After executed this cmox_aead_decrypt() function, I got the result = CMOX_CIPHER_AUTH_FAIL.

 

Second attempt:

I develop the following code on STM32WB55 device  with NULL to AddData/Tag variables  because I dont use them:

 

cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       0,
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       NULL, 0,
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

After executed this cmox_aead_decrypt() function, I got the result = CMOX_CIPHER_ERR_BAD_PARAMETER.

How to use this function without tag/addData inputs ?

Thanks

Gregory Saint-Jean

Labels:
0 Kudos
3 REPLIES 3
Jocelyn RICARD
ST Employee

‎2024-10-17 09:37 AM

Hello @GSain.1 ,

The TAG is normally added to the encrypted message

 

You should be able to find this information just by checking the size of the ciphered message on Android side.

I would guess tag size is 16.

The additional data is not mandatory so setting NULL pointer and size 0 is OK.

So, you should have an encrypted data that is "tagsize" bytes bigger than the message with the TAG at the end.

Providing the good tag size in your second attempt should work

Best regards

Jocelyn

0 Kudos
GSain.1
Associate II
In response to Jocelyn RICARD

‎2024-10-18 06:16 AM

Hello @Jocelyn RICARD ,

I tried to set tag size = 16 and addData = null without success because I always got CMOX_CIPHER_ERR_BAD_PARAMETER.

 

        cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       //sizeof(Expected_Tag),
                       16,
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       NULL, 0,
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

Thanks

Gregory

0 Kudos
Jocelyn RICARD
ST Employee

‎2024-10-18 07:02 AM

Hello @GSain.1 ,

Well I could reproduce your issue. For some reason the function is not checking size before checking buffer.

So, please create a dummy buffer like uint8_t p[]={0}; and provide p instead of NULL for the add data pointer.

Best regards

Jocelyn

0 Kudos
Top