FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050E aead encryption

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

SE050E aead encryption

Jump to solution
‎07-24-2023 06:49 AM
1,112 Views
Zarein94
Contributor II

Hi,

I am trying to implement aead encryption using the SE050E. As I checked the AES-GCM algorithm is supported by this version of SE. I am using plug and trust middleware and examples to implement a simple firmware doing the following steps: 

1- Creating a key object of AES type

2- Storing it in the key-store

3- initializing the aead context

4. Doing aead encryption in one go. 

 

To do so, I am using sss api in the plug and trust middleware and I am using the se05x api methods to implement. 

 

I have the following qustions:

 

1. Is there an example for aead encryption and decryption for secure element? 

2. I am using the symmetric example in the plug and trust middleware and modify it to my use. I have changed the algorithm -> kAlgorithm_SSS_AES_GCM and used sss_aead_context_init and sss_aead_one_go instead of sss_symmetric_context_init and sss_cipher_one_go, respectively. I am getting an error in sss_se05x_aead_one_go outpu ( could be that  the symmetric initialization does not match aead functions?). I am confused on how to implement the aead encryption, could you please give me some hints and guidance. 

 

Looking forward to your support. Thanks a lot in advance! 

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎07-26-2023 02:15 AM
1,074 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Zarein94 ,

 

Thanks for the information! 

 

For AEAD encryption, the length of the authentication tag is always 16 bytes, as mentioned in the APDU spec:

Kan_Li_0-1690362831419.png

 so please adjust the tag length in your application code accordingly (12 ==> 16).

 

Please kindly let me know if the problem is still there.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎07-24-2023 11:26 PM
1,092 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Zarein94 ,

 

Is it possible to share your code for a review?

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎07-25-2023 10:51 AM
1,087 Views
Zarein94
Contributor II

Hi @Kan_Li, thanks for your response. Here's the modified code of symmetric example on plug and trust middleware to do aead encryption: 

 

 

sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx)
{
    sss_status_t status = kStatus_SSS_Success;
    sss_algorithm_t algorithm;
    sss_mode_t mode;
    /* clang-format off */
    uint8_t srcData[16] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/
    uint8_t keystring[KEY_BIT_LEN / 8] = { 0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x48 ,0x45 ,0x4c ,0x4c ,0x4f ,0x31 }; /*HELLOHELLOHELLO1*/
    uint8_t destData[16] = {0,};
    size_t destDataLen = sizeof(destData);
    uint8_t iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x15, 0x71, 0x99, 0x32, 0xd3, 0x56, 0x90};
    size_t ivlen = sizeof(iv);
    uint32_t keyId = MAKE_TEST_ID(__LINE__);
    sss_key_part_t keyPart;
    sss_cipher_type_t cipherType;
    size_t keyByteLenMax = KEY_BIT_LEN/8;
    sss_object_t key = { 0 };
    sss_aead_t ctx_aead_encrypt = { 0 };
    size_t TAG_SIZE = (96 / 8);
    uint8_t tag[TAG_SIZE];
    uint8_t  *aad =(uint8_t*)"Extra authentication data";
    size_t aadSize = strlen((char*)aad);

    algorithm =  kAlgorithm_SSS_AES_GCM; 
    keyPart    = kSSS_KeyPart_Default;
    cipherType = kSSS_CipherType_AES;
    mode       = kMode_SSS_Encrypt;

    /* doc:start ex_sss_symmetric-allocate-key */
    /* Pre-requisite for encryption Part*/ 
    ENSURE_OR_GO_CLEANUP(kType_SSS_SE_SE05x == pCtx->session.subsystem);
    status = sss_key_object_init(&key, &pCtx->ks);
    ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

    status = sss_key_object_allocate_handle(&key, keyId, keyPart, cipherType, keyByteLenMax, kKeyObject_Mode_Persistent);
    ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

    status = sss_key_store_set_key(&pCtx->ks, &key, keystring, sizeof(keystring), sizeof(keystring) * 8, NULL, 0);
    ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);
    /* doc:end ex_sss_symmetric-allocate-key */

    /* doc:start ex_sss_aead-encrypt */

    status = sss_aead_context_init(&ctx_aead_encrypt, &pCtx->session, &key, algorithm, mode);
    ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

    LOG_I("Do Encryption");
    LOG_MAU8_I("iv", iv, ivlen);
    LOG_MAU8_I("srcData", srcData, ivlen);
    /*Do Encryption*/

    status = sss_aead_one_go(&ctx_aead_encrypt,srcData,destData, destDataLen, iv, ivlen, aad, aadSize, tag, &TAG_SIZE);
    ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);
    /* doc:end ex_sss_aead-encrypt */

    LOG_MAU8_I("encrypted data", destData, destDataLen);
    LOG_I("Encryption successful !!!");

cleanup:
    if (ctx_aead_encrypt.session != NULL) {
        sss_aead_context_free(&ctx_aead_encrypt);
    }
    sss_key_object_free(&key);
    return status;
}

 

 

sss :WARN :nxEnsure:'status == SM_OK' failed. At Line:6082 Function:sss_se05x_aead_one_go
App :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:116 Function:ex_sss_entry

0 Kudos
Reply

Jump to solution
‎07-26-2023 02:15 AM
1,075 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Zarein94 ,

 

Thanks for the information! 

 

For AEAD encryption, the length of the authentication tag is always 16 bytes, as mentioned in the APDU spec:

Kan_Li_0-1690362831419.png

 so please adjust the tag length in your application code accordingly (12 ==> 16).

 

Please kindly let me know if the problem is still there.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

0 Kudos
Reply

Jump to solution
‎07-26-2023 06:51 AM
1,064 Views
Zarein94
Contributor II

Thanks @Kan_Li  for your support! That was the problem! It works fine now! 

0 Kudos
Reply