cancel
Showing results for 
Search instead for 
Did you mean: 

How to use cmox_aead_decrypt function with addData pointer = null and tag size = 0

GSain.1
Associate II

Hi @Jocelyn RICARD,

 

My team developed Android app with following code to encrypt the message then send it to STM32WB55 device via BLE :

 

...
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "AES");
IvParameterSpec parameterSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameterSpec);
return cipher.doFinal(message);

 

This code has no tag/addData inputs.

 

First attempt:

I develop the following code to decrypt the encrypted message on STM32WB55 device  with AddData/Tag variables filled 0 because I dont use them:

 

const uint8_t AddData[] =
{
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

const uint8_t Expected_Tag[] =
{
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       sizeof(Expected_Tag),
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       AddData, sizeof(AddData),
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

After executed this cmox_aead_decrypt() function, I got the result = CMOX_CIPHER_AUTH_FAIL.

 

Second attempt:

I develop the following code on STM32WB55 device  with NULL to AddData/Tag variables  because I dont use them:

 

cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       0,
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       NULL, 0,
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

After executed this cmox_aead_decrypt() function, I got the result = CMOX_CIPHER_ERR_BAD_PARAMETER.

How to use this function without tag/addData inputs ?

Thanks

Gregory Saint-Jean

1 ACCEPTED SOLUTION

Accepted Solutions

Hello @Jocelyn RICARD ,

 

I finally fixed this issue by adding the following code in Android app :  

cipher.updateAAD(new byte[]{0x00});

 

Thank you

Gregory

View solution in original post

4 REPLIES 4
Jocelyn RICARD
ST Employee

Hello @GSain.1 ,

The TAG is normally added to the encrypted message

 

You should be able to find this information just by checking the size of the ciphered message on Android side.

I would guess tag size is 16.

The additional data is not mandatory so setting NULL pointer and size 0 is OK.

So, you should have an encrypted data that is "tagsize" bytes bigger than the message with the TAG at the end.

Providing the good tag size in your second attempt should work

Best regards

Jocelyn

Hello @Jocelyn RICARD ,

I tried to set tag size = 16 and addData = null without success because I always got CMOX_CIPHER_ERR_BAD_PARAMETER.

 

        cretval = cmox_aead_decrypt(CMOX_AES_CCM_DEC_ALGO,                         /* Use AES CBC algorithm */
                       blePkocEncryptedData, encryptedDataLen,                      /* Ciphertext to decrypt */
                       //sizeof(Expected_Tag),
                       16,
                       blePkocSharedKeyData, sizeof(blePkocSharedKeyData),          /* AES key to use */
                       IV, sizeof(IV),                                             /* Initialization vector */
                       NULL, 0,
                       blePkocDecryptedData, &computed_size);                      /* Data buffer to receive generated plaintext */

 

Thanks

Gregory

Jocelyn RICARD
ST Employee

Hello @GSain.1 ,

Well I could reproduce your issue. For some reason the function is not checking size before checking buffer.

So, please create a dummy buffer like uint8_t p[]={0}; and provide p instead of NULL for the add data pointer.

Best regards

Jocelyn

Hello @Jocelyn RICARD ,

 

I finally fixed this issue by adding the following code in Android app :  

cipher.updateAAD(new byte[]{0x00});

 

Thank you

Gregory