SE050 AEAD Decryption

Changhawn · ‎11-20-2025

Dear

In S32K314 Platform, developing TLS1.3 with using SE050E.

During the TLS1.3 handshake, need the AEAD(AES GCM) description(message authentication).

When AEADOneShot command (AES GCM calculation) Se05x_API_AeadOneShot() is executed.

I2C Access is failed in SE050. I don't know the reason.

I2C was working fine in another case.

Could you check what's problem?

Thank you.

Chang

< LOG >

$ app info

[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[INF][cli] Applet Major = 7

[INF][cli] Applet Minor = 2

[INF][cli] Applet patch = 0

[INF][cli] AppletConfig = 3F9F

[INF][cli] With ECDSA_ECDH_ECDHE

[INF][cli]

[INF][cli] With EDDSA

[INF][cli]

[INF][cli] With DH_MONT

[INF][cli]

[INF][cli] With HMAC

[INF][cli]

[INF][cli] WithOut RSA_PLAIN

[INF][cli]

[INF][cli] WithOut RSA_CRT

[INF][cli]

[INF][cli] With AES

[INF][cli]

[INF][cli] With DES

[INF][cli]

[INF][cli] With PBKDF

[INF][cli]

[INF][cli] With TLS

[INF][cli]

[INF][cli] With MIFARE

[INF][cli]

[INF][cli] With I2CM

[INF][cli]

$

$ app info aead

[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[SE_APDU] Write SymmKey keyid(0xef0002de)

[23007 ms] APDU TX len=zu:

80 03 11 37 00 00 48

41 04 EF 00 02 DE

42 01 B0

43 10 48 45 4C 4C 4F 48 45 4C 4C 4F 48 45 4C 4C 4F 31

44 19 45 78 74 72 61 20 61 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 64 61 74 61

45 10 00 00 00 00 00 00 00 00 FD 15 71 99 32 D3 56 90

00 00

[23063 ms] Transceive data ptr 0x0x20412c6c len:81

[23071 ms] phNxpEseProto7816_SendIframe len:86

[23079 ms] phNxpEseProto7816_SendRawFrame len:86

[23087 ms] phNxpEse_WriteFrame len:86

[23093 ms] phPalEse_i2c_write len:86

[23412 ms] phNxpEseProto7816_sendRframe len:5

[23418 ms] phNxpEseProto7816_SendRawFrame len:5

[23426 ms] phNxpEse_WriteFrame len:5

[23432 ms] phPalEse_i2c_write len:5

axI2CWrite Failed(0x9)

[23645 ms] Se05x_API_AeadOneShot failed 0

$

< Code >

void ex_sss_aead_decrypt(void)

{

sss_status_t status = kStatus_SSS_Success;

sss_algorithm_t algorithm;

sss_mode_t mode;

/* clang-format off */

uint8_t aead_srcData[16] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/

uint8_t aead_keystring[KEY_BIT_LEN / 8] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/

uint8_t destData[16] = {0,};

size_t destDataLen = sizeof(destData);

uint8_t aead_iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x15, 0x71, 0x99, 0x32, 0xd3, 0x56, 0x90};

size_t ivlen = 16;

uint32_t keyId = MAKE_TEST_ID(__LINE__);

sss_key_part_t keyPart;

sss_cipher_type_t cipherType;

size_t keyByteLenMax = KEY_BIT_LEN/8;

sss_object_t key = { 0 };

sss_se05x_aead_t ctx_aead_encrypt = { 0 };

size_t TAG_SIZE = 16;

uint8_t tag[TAG_SIZE];

uint8_t *aad =(uint8_t*)"Extra authentication data";

size_t aadSize = strlen((char*)aad);

pSe05xSession_t p_session_ctx = &se05x_session;

SE05x_CipherMode_t cipherMode = kSE05x_CipherMode_AES_GCM;

SE05x_Cipher_Oper_OneShot_t OperType = kSE05x_Cipher_Oper_OneShot_Encrypt; // : kSE05x_Cipher_Oper_OneShot_Decrypt;

algorithm = kAlgorithm_SSS_AES_GCM;

keyPart = kSSS_KeyPart_Default;

cipherType = kSSS_CipherType_AES;

mode = kMode_SSS_Encrypt;

p_session_ctx = se05x_get_session();

key.session = p_session_ctx;

if (key.session == NULL)

{

__printf("SESSION open failed\r\n");

return;

}

status = sss_key_object_allocate_handle(&key, keyId, keyPart, cipherType, keyByteLenMax, kKeyObject_Mode_Persistent);

if (status != true)

{

__printf("sss_key_object_allocate_handle failed %x\r\n", status);

return;

}

status = sss_se05x_key_store_set_key(&key, aead_keystring, sizeof(aead_keystring), sizeof(aead_keystring) * 8);

if (status != kStatus_SSS_Success)

{

__printf("sss_se05x_key_store_set_key failed 0x%x\r\n", status);

return;

}

//status = sss_aead_context_init(&ctx_aead_encrypt, &pCtx->session, &key, algorithm, mode);

ctx_aead_encrypt.keyObject = &key;

ctx_aead_encrypt.algorithm = algorithm;

ctx_aead_encrypt.mode = mode;

aeadoneshotlog = true;

status = Se05x_API_AeadOneShot(p_session_ctx, keyId, cipherMode, aead_srcData,

destDataLen, aad, aadSize, aead_iv, ivlen, tag, &TAG_SIZE, destData, &destDataLen, OperType);

aeadoneshotlog = false;

if (status != kStatus_SSS_Success)

{

sm_dbg_printf("Se05x_API_AeadOneShot failed %x\r\n", status);

return;

}

__printf("Encryption successful !!!");

cleanup:

return;

}

Kan_Li · ‎12-02-2025

Hi @Changhawn ,

per APDU spec for AEADOneShot command:

When the AEADMode equals AES_GCM, the length of AAD + length of data should
be limited to 888 bytes - the total C-APDU buffer length. Did you meet this requirement?

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

jesssaid

I need to develop the A1006 chip. If you have done it before, please contact me. Thank you very much!

Kan_Li · ‎11-21-2025

Hi @Changhawn ,

Is it possible to turn on the debug log printing? Are you building the application based on zephyr? If yes, please set the following configurations in prj.conf file.

CONFIG_LOG=y
CONFIG_PLUGANDTRUST_LOG_LEVEL_DBG=y
CONFIG_LOG_MODE_IMMEDIATE=y

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Changhawn · ‎11-22-2025

Dear Kan_Li

My paltform is NXP S32K314.

Log print has a lot of delay, which prevents i2c access from working properly in the first place.

I used the Plug-and-Trust Nano version, so it doesn't have a prj.conf file.

I don't know if i2c access fails in AEAD Deription.

Could you please tell me some other debugging points?

Thank you.

Chang

Kan_Li · ‎11-23-2025

Hi @Changhawn ,

The AEAD operation takes longer than AES CCM, but the I2C would keep polling the SE until there is a response. you may build the application with -DPLUGANDTRUST_DEBUG_LOGS=ON to have more debug info.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Changhawn · ‎11-26-2025

Dear Kan_Li

The i2c issue was somewhat resolved by fixing the i2c access issue. However, the AEAD Decryption still has issues. Please check the code and logs to determine what the issue is.

#define KEY_BIT_LEN 256

smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx,
uint32_t objectID,
SE05x_CipherMode_t cipherMode,
const uint8_t *pInputData,
size_t inputDataLen,
const uint8_t *pAad,
size_t aadLen,
uint8_t *pIV,
size_t IVLen,
uint8_t *pTagData,
size_t *pTagDataLen,
uint8_t *pOutputData,
size_t *pOutputDataLen,
const SE05x_Cipher_Oper_OneShot_t operation)
{
smStatus_t retStatus = SM_NOT_OK;
tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}};
size_t cmdbufLen = 0;
uint8_t *pCmdbuf = NULL;
int tlvRet = 0;
uint8_t *pRspbuf = NULL;
size_t rspbufLen = MAX_APDU_BUFFER;
SE05x_Result_t result;
uint16_t ivlen16 = 0;
size_t ivlen32 = IVLen;
size_t rspIndex = 0;

pCmdbuf = &session_ctx->apdu_buffer[0];
pRspbuf = &session_ctx->apdu_buffer[0];

if (IVLen > UINT16_MAX) {
goto cleanup;
}
ivlen16 = (uint16_t)IVLen;
tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID);
if (0 != tlvRet) {
goto cleanup;
}

tlvRet = TLVSET_CipherMode("cipherMode",
&pCmdbuf,
&cmdbufLen,
kSE05x_TAG_2,
((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) ? kSE05x_CipherMode_AES_GCM : cipherMode));

if (0 != tlvRet) {
goto cleanup;
}
tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen);
if (0 != tlvRet) {
goto cleanup;
}
tlvRet = TLVSET_u8bufOptional("AdditionalData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAad, aadLen);
if (0 != tlvRet) {
goto cleanup;
}

if ((cipherMode == kSE05x_CipherMode_AES_GCM) ||
((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_OneShot_Decrypt))) {
tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen);
if (0 != tlvRet) {
goto cleanup;
}
}
else {
tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16);
if (0 != tlvRet) {
goto cleanup;
}
}
if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) {
if (pTagDataLen != NULL) {
//__printf("%s tgaDataLen is selected\r\n", __func__);
//if (pTagDataLen > 0 ) {
tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTagData, *pTagDataLen);
if (0 != tlvRet) {
goto cleanup;
}
}
}

#if 0
{
uint8_t *temp = session_ctx->apdu_buffer;
__printf("APDU TX len=%zu:\n", cmdbufLen);
for (size_t i=0;i<cmdbufLen;i++) __printf("%02X ", temp[i]);
__printf("\n");
}
#endif
//retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, session_ctx->apdu_buffer, cmdbufLen, pRspbuf, &rspbufLen);
retStatus = DoAPDUTxRx(session_ctx, &hdr, session_ctx->apdu_buffer, cmdbufLen, session_ctx->apdu_buffer, &rspbufLen, 1);
if (retStatus == SM_OK) {
__printf("%s SE050 AEAD Decrypt Ok...\r\n", __func__);
{
__printf("APDU RSP len=%d:\n", rspbufLen);
for (size_t i=0 ; i < rspbufLen ; i++) __printf("%02X ", pRspbuf[i]);
__printf("\n");
}
retStatus = SM_NOT_OK;
if (inputDataLen != 0) {
tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen);
__printf("AEAD Decrypt RSP tag1=%d:\n", tlvRet);
if (0 != tlvRet) {
goto cleanup;
}
}
if (operation == kSE05x_Cipher_Oper_OneShot_Encrypt) {
tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTagData, pTagDataLen);
__printf("AEAD Decrypt RSP tag2=%d:\n", tlvRet);
if (0 != tlvRet) {
goto cleanup;
}
}
if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) {
tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result);
if (0 != tlvRet) {
__printf("AEAD Decrypt RSP tlvRet=%d:\n", tlvRet);
goto cleanup;
}
if (result != kSE05x_Result_SUCCESS) {
__printf("APDU Decrypt RSP result=%d:\n", result);
goto cleanup;
}
}
if ((operation == kSE05x_Cipher_Oper_OneShot_Encrypt) && (cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV)) {
tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, pIV, &ivlen32);
if (0 != tlvRet) {
goto cleanup;
}
}
if ((rspIndex + 2) == rspbufLen) {
retStatus = (smStatus_t)((pRspbuf[rspIndex] << | (pRspbuf[rspIndex + 1]));
}
}
cleanup:
return retStatus;
}

void ex_sss_aead_decrypt(void)
{
sss_status_t status = kStatus_SSS_Success;
sss_algorithm_t algorithm;
sss_mode_t mode;
/* clang-format off */
#ifdef ADED_DECRYPT_TEST
uint8_t aead_srcData[16] = { 0x8f, 0xd9, 0x64, 0xc, 0xa9, 0x95, 0xf1, 0x98, 0x86, 0xcf, 0xd6, 0xe9, 0xde, 0xd0, 0x37, 0x1f };

uint8_t aead_keystring[KEY_BIT_LEN / 8] = { 0xad, 0x4f , 0x6f , 0xaa , 0x5c , 0x67 , 0xf8 , 0x94 , 0xdc , 0x50 , 0xdd , 0x3e ,
0xf2 , 0x82 , 0xe3 , 0xf9 , 0x65 , 0x34 , 0xf8 , 0x0f , 0xdc , 0x46 , 0x65 , 0x1b , 0xb5 , 0x9a , 0x01 , 0x69 , 0xce , 0xfb , 0xa8 , 0xec};

#else
uint8_t aead_srcData[16] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/
uint8_t aead_keystring[KEY_BIT_LEN / 8] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/
#endif
uint8_t destData[16] = {0,};
size_t destDataLen = sizeof(destData);

#ifdef ADED_DECRYPT_TEST
uint8_t aead_iv[12] = {0x55, 0x6a , 0xe5 , 0xa9 , 0x17 , 0xce , 0xa , 0xd , 0x27 , 0x3f , 0x9f , 0xaa};
size_t ivlen = 12;
#else
uint8_t aead_iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x15, 0x71, 0x99, 0x32, 0xd3, 0x56, 0x90};

size_t ivlen = 16;
#endif
uint32_t keyId = MAKE_TEST_ID(__LINE__);
sss_key_part_t keyPart;
sss_cipher_type_t cipherType;
size_t keyByteLenMax = KEY_BIT_LEN/8;
sss_object_t key = { 0 };
sss_se05x_aead_t ctx_aead_encrypt = { 0 };

#ifdef ADED_DECRYPT_TEST
size_t TAG_SIZE = 16;
uint8_t tag[16] = {0x99 , 0xc5 , 0x3 , 0xaa , 0x7c , 0x6d ,
0x37 , 0x52 , 0x64 , 0x6e , 0x62 , 0x47 , 0xe0 , 0x3a , 0x80 , 0xc8};
uint8_t aad[5] = {0x17, 0x3, 0x3, 0x0, 0x20};
//uint8_t *aad =(uint8_t*)"Extra authentication data";
#else
size_t TAG_SIZE = 16;
uint8_t tag[TAG_SIZE];
uint8_t *aad =(uint8_t*)"Extra authentication data";
#endif
size_t aadSize = strlen((char*)aad);
//uint8_t *aad = NULL;
//size_t aadSize = 0;

pSe05xSession_t p_session_ctx = &se05x_session;
SE05x_CipherMode_t cipherMode = kSE05x_CipherMode_AES_GCM;
#ifdef ADED_DECRYPT_TEST
SE05x_Cipher_Oper_OneShot_t OperType = kSE05x_Cipher_Oper_OneShot_Decrypt;
#else
SE05x_Cipher_Oper_OneShot_t OperType = kSE05x_Cipher_Oper_OneShot_Encrypt; // : kSE05x_Cipher_Oper_OneShot_Decrypt;
#endif
algorithm = kAlgorithm_SSS_AES_GCM;
keyPart = kSSS_KeyPart_Default;
cipherType = kSSS_CipherType_AES;
#ifdef ADED_DECRYPT_TEST
mode = kMode_SSS_Decrypt;
#else
mode = kMode_SSS_Encrypt;
#endif
/* doc:start ex_sss_symmetric-allocate-key */
/* Pre-requisite for encryption Part*/

//status = Se05x_API_SessionOpen(p_session_ctx);

p_session_ctx = se05x_get_session();
key.session = p_session_ctx;

if (key.session == NULL)
{
__printf("SESSION open failed\r\n");
return;
}
//status = sss_key_object_allocate_handle(&key, keyId, keyPart, cipherType, keyByteLenMax, kKeyObject_Mode_Persistent);
status = sss_key_object_allocate_handle(&key, keyId, keyPart, cipherType, keyByteLenMax, kKeyObject_Mode_Persistent);
if (status != true)
{
__printf("sss_key_object_allocate_handle failed %x\r\n", status);
return;
}

//status = sss_key_store_set_key(&pCtx->ks, &key, keystring, sizeof(keystring), sizeof(keystring) * 8, NULL, 0);
status = sss_se05x_key_store_set_key(&key, aead_keystring, sizeof(aead_keystring), sizeof(aead_keystring) * 8);
if (status != kStatus_SSS_Success)
{
__printf("sss_se05x_key_store_set_key failed 0x%x\r\n", status);
return;
}

/*Do Encryption*/

#if 1
status = Se05x_API_AeadOneShot(p_session_ctx, keyId, cipherMode, aead_srcData,
destDataLen, aad, aadSize, aead_iv, ivlen, tag, &TAG_SIZE, destData, &destDataLen, OperType);
//aeadoneshotlog = false;
if (status != SM_OK)
{
sm_dbg_printf("Se05x_API_AeadOneShot failed %x\r\n", status);
return;
}

/* doc:end ex_sss_aead-encrypt */

__printf("AEAD En/Decryption successful !!!");
#else /* AEAD Multistep */
status = se05x_gcm_encrypt_multistep(p_session_ctx,
keyId, aead_srcData, destDataLen,
aad, aadSize, aead_iv, ivlen, destData, &destDataLen,
tag, &TAG_SIZE, OperType);

aeadoneshotlog = false;
if (status != SM_OK)
{
sm_dbg_printf("se05x_gcm_encrypt_multistep failed %x\r\n", status);
return;
}

/* doc:end ex_sss_aead-encrypt */

__printf("Encryption successful !!!");

#endif

cleanup:

return;
}

< LOG >
[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[SE_APDU] Update SymmKey keyid(0xef0003d1)
Se05x_API_AeadOneShot SE050 AEAD Decrypt Ok...
APDU RSP len=7:
42 82 00 01 02 90 00
AEAD Decrypt RSP tag1=1:
[409452 ms] Se05x_API_AeadOneShot failed ffff

Kan_Li · ‎11-27-2025

Hi @Changhawn ,

It should be due to the authentication tag, please kindly refer to the following for details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Changhawn · ‎12-01-2025

Dear Kan_Li.

AEAD Oneshot Decryption has been somewhat resolved.

However, for the second AEAD Decrypt cipher frame, with a size of 2256, memory issues prevent oneshot decryption.
Attempting to use a multi-step (init, update, final) approach results in excessive performance degradation.

Do you have any other solution? or recommandation?

Thank you.

< log >

mbedtls_cipher_aead_decrypt Cipher ctx(20427300) Mode 6, tag_len 16, ilen(16)
[INF][devtask] Cipher Aead OneGo Start:0x20427320 size:16 Cipher Mode:0xb0, OP Type:0x38
[INF][devtask] Key ID: 0xef00050e

[INF][devtask] aadLen: 5:
17 3 3 0 20
[INF][devtask] nonceLen: 12:
44 2 e5 9e 14 f8 bc d2 8f b6 7 b4
[INF][devtask] tagLen: 16:
32 ac 13 ca 2e 31 2a 1c 91 bf ea 79 16 bb b8 b0
[INF][devtask] srcData(ciphertext): 16:
[INF][devtask] dstData(plaintext): 16:
Se05x_API_AeadOneShot SE050 AEAD Decrypt Ok...
APDU RSP len=27:
41 82 00 10 08 00 00 02 00 00 16 00 00 00 00 00 00 00 00 00 42 82 00 01 01 90 00
AEAD Decrypt RSP tag1=0:
[INF][devtask] 0x9000

../mbedtls/mbedtls/library/ssl_msg.c:1520: => decrypt buf
mbedtls_ssl_decrypt_buf data_len(2256) TAG used(16)::
83 e6 fb 9c 7b 9 d7 6 92 c c5 83 91 a3 81 20
mbedtls_cipher_aead_decrypt Cipher ctx(20427300) Mode 6, tag_len 16, ilen(2256)
[INF][devtask] Cipher Aead OneGo Start:0x20427320 size:2256 Cipher Mode:0xb0, OP Type:0x38
[INF][devtask] Key ID: 0xef00050e

[INF][devtask] aadLen: 5:
17 3 3 8 e0
[INF][devtask] nonceLen: 12:
44 2 e5 9e 14 f8 bc d2 8f b6 7 b5
[INF][devtask] tagLen: 16:
83 e6 fb 9c 7b 9 d7 6 92 c c5 83 91 a3 81 20
[INF][devtask] srcData(ciphertext): 2256:
[INF][devtask] dstData(plaintext): 2256:
[31678 ms] se05x_gcm_decrypt_multistep keyId 0xef00050e, cipherMode 0xb0 cryptoObjectId 26, tagLen 541177908
[49212 ms] se05x_gcm_decrypt_multistep AEAD Update offset(400) (2256)
[65947 ms] se05x_gcm_decrypt_multistep AEAD Update offset(800) (2256)
[82784 ms] se05x_gcm_decrypt_multistep AEAD Update offset(1200) (2256)
[99558 ms] se05x_gcm_decrypt_multistep AEAD Update offset(1600) (2256)
[116379 ms] se05x_gcm_decrypt_multistep AEAD Update offset(2000) (2256)
[127157 ms] se05x_gcm_decrypt_multistep AEAD Update offset(2256) (2256)
[ERR][devtask] Not enough buffer

Changhawn · ‎12-01-2025

Dear Kan_Li.

If increase the APDU unit size as 2400 and test with Oneshot instead of Multistep AEAD Decrypt, as before, the SE050 chip responds with the following log:

SM_ERR_WRONG_LENGTH (0x6700)

Could you please also check this.

Thank you.

Chang

< 로그 >

../mbedtls/mbedtls/library/ssl_msg.c:1520: => decrypt buf
mbedtls_ssl_decrypt_buf data_len(16) TAG used(16)::
14 b0 cf 4b 29 2c c2 a0 1c 83 d9 e9 92 47 65 f1
mbedtls_cipher_aead_decrypt Cipher ctx(20428900) Mode 6, tag_len 16, ilen(16)
[INF][devtask] Cipher Aead OneGo Start:0x20428920 size:16 Cipher Mode:0xb0, OP Type:0x38
[INF][devtask]   Key ID: 0xef00050e

[INF][devtask]   aadLen: 5:
17 3 3 0 20
[INF][devtask]   nonceLen: 12:
a2 3c 82 54 67 a9 29 d2 aa 69 99 ef
[INF][devtask]   tagLen: 16:
14 b0 cf 4b 29 2c c2 a0 1c 83 d9 e9 92 47 65 f1
[INF][devtask]   srcData(ciphertext): 16:
[INF][devtask]   dstData(plaintext): 16:
[26093 ms] APDU TX len=75 :
[26099 ms] Transceive data ptr 0x0x204133cc len:75
Se05x_API_AeadOneShot SE050 AEAD Decrypt Ok...
APDU RSP len=27:
41 82 00 10 08 00 00 02 00 00 16 00 00 00 00 00 00 00 00 00 42 82 00 01 01 90 00
                                                                                 AEAD Decrypt RSP tag1=0:
[INF][devtask]  0x9000

../mbedtls/mbedtls/library/ssl_msg.c:2139: <= decrypt buf
../mbedtls/mbedtls/library/ssl_msg.c:4289: <= read record
../mbedtls/mbedtls/library/ssl_tls13_client.c:2306: <= parse encrypted extensions
../mbedtls/mbedtls/library/ssl_msg.c:2333: in_left: 5, nb_want: 2277
../mbedtls/mbedtls/library/ssl_msg.c:1520: => decrypt buf
mbedtls_ssl_decrypt_buf data_len(2256) TAG used(16)::
40 62 d7 27 8 70 88 f6 83 3b a5 93 44 bc 59 71
mbedtls_cipher_aead_decrypt Cipher ctx(20428900) Mode 6, tag_len 16, ilen(2256)
[INF][devtask] Cipher Aead OneGo Start:0x20428920 size:2256 Cipher Mode:0xb0, OP Type:0x38
[INF][devtask]   Key ID: 0xef00050e

[INF][devtask]   aadLen: 5:
17 3 3 8 e0
[INF][devtask]   nonceLen: 12:
a2 3c 82 54 67 a9 29 d2 aa 69 99 ee
[INF][devtask]   tagLen: 16:
40 62 d7 27 8 70 88 f6 83 3b a5 93 44 bc 59 71
[INF][devtask]   srcData(ciphertext): 2256:
[INF][devtask]   dstData(plaintext): 2256:
[28667 ms] APDU TX len=2317 :
[28676 ms] Transceive data ptr 0x0x204133cc len:2317
Se05x_API_AeadOneShot SE050 AEAD Decrypt Failed(0x6700)
[INF][devtask]  0x6700

Kan_Li · ‎12-02-2025

Hi @Changhawn ,

per APDU spec for AEADOneShot command:

When the AEADMode equals AES_GCM, the length of AAD + length of data should
be limited to 888 bytes - the total C-APDU buffer length. Did you meet this requirement?

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Changhawn · ‎12-02-2025

Dear Kan_Li.

By below SE050 specification, Oneshot input length is limited 256.

So I have developed with Multistep(AEADInit, AEADUpdate, AEADFinal). But still have problem.

That's low performance. It takes 95 secs. Could you recommand about this low performance.

Thank you.

Chang.

../mbedtls/mbedtls/library/ssl_msg.c:1520: => decrypt buf
mbedtls_ssl_decrypt_buf data_len(2256) TAG used(16)::
e8 c0 f9 3 a1 a6 87 9d e9 e3 91 fe 59 7a 45 62
mbedtls_cipher_aead_decrypt Cipher ctx(20427300) Mode 6, tag_len 16, ilen(2256)
[INF][devtask] Cipher Aead OneGo Start:0x20427320 size:2256 Cipher Mode:0xb0, OP Type:0x38
[INF][devtask] Key ID: 0xef00050e

[INF][devtask] aadLen: 5:
17 3 3 8 e0
[INF][devtask] nonceLen: 12:
7b 5e 1b 41 9d 19 b2 b8 94 62 c2 2e
[INF][devtask] tagLen: 16:
e8 c0 f9 3 a1 a6 87 9d e9 e3 91 fe 59 7a 45 62
[INF][devtask] srcData(ciphertext): 2256:
[INF][devtask] dstData(plaintext): 2256:
[27711 ms] APDU TX len=4 :
[27749 ms] se05x_gcm_decrypt_multistep keyId 0xef00050e, cipherMode 0xb0 cryptoObjectId 26, ctLen 2256, tagLen 16
[27814 ms] se05x_gcm_decrypt_multistep aadLen 5
[27852 ms] se05x_gcm_decrypt_multistep offset 0, ctLen 2256
[27864 ms] APDU TX len=497 :
[48615 ms] se05x_gcm_decrypt_multistep AEAD Update offset(480) (2256)
[48630 ms] APDU TX len=497 :
[68749 ms] se05x_gcm_decrypt_multistep AEAD Update offset(960) (2256)
[68764 ms] APDU TX len=497 :
[88833 ms] se05x_gcm_decrypt_multistep AEAD Update offset(1440) (2256)
[88848 ms] APDU TX len=497 :
[108979 ms] se05x_gcm_decrypt_multistep AEAD Update offset(1920) (2256)
[108994 ms] APDU TX len=353 :
[123113 ms] se05x_gcm_decrypt_multistep AEAD Update offset(2256) (2256)
[123128 ms] APDU TX len=31 :
[INF][devtask] 0x9000

Changhawn · ‎12-01-2025

AEAD Oneshot is debugging multistep with tag2 max length problem.