FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Setting AES-GCM Authentication Tag Length to 12 Bytes for DLMS with SE050E2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Setting AES-GCM Authentication Tag Length to 12 Bytes for DLMS with SE050E2

Jump to solution
3 weeks ago
264 Views
Faizy98
Contributor I

Hi,

I am currently using the SE050E2 secure element for AES-GCM encryption and decryption operations. The encryption and decryption APIs work well, specifically the following function:

sss_status_t sss_aead_one_go( sss_aead_t *context, const uint8_t *srcData, uint8_t *destData, size_t size, uint8_t *nonce, size_t nonceLen, const uint8_t *aad, size_t aadLen, uint8_t *tag, size_t *tagLen);

This API functions perfectly when the authentication tag length is 16 bytes. However, I am working with DLMS protocol payloads that require the authentication tag to be only 12 bytes in length.

When I use this API to encrypt DLMS plain data, it generates an authentication tag of 16 bytes, but the DLMS standard expects a 12-byte tag. Similarly, for decryption, when the encrypted DLMS payload arrives with a 12-byte authentication tag, passing this 12-byte tag to the API results in a decryption failure, because the API expects the tag to be 16 bytes.

My question is:

Is there any way to configure or set the authentication tag length in the SE050E2 or its middleware so it can use a 12-byte tag as required by the DLMS standard?

Currently, the API always returns a 16-byte tag after encryption, and requires a 16-byte tag for decryption. I want to ensure compatibility with DLMS devices that use 12-byte tags without causing decryption errors.

Any guidance on configuring AES-GCM tag length for SE050E2, or recommended approaches for handling this DLMS tag size mismatch, would be highly appreciated.

Thanks in advance!

BR,
Faizy

0 Kudos
Reply
1 Solution

Jump to solution
3 weeks ago
207 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Faizy98 ,

 

This is defined when you create the key for AEAD operation. please kindly refer to the following for details.

Kan_Li_1-1755162576795.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

View solution in original post

Reply
2 Replies

Jump to solution
3 weeks ago
208 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Faizy98 ,

 

This is defined when you create the key for AEAD operation. please kindly refer to the following for details.

Kan_Li_1-1755162576795.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

 

Reply

Jump to solution
3 weeks ago
188 Views
Faizy98
Contributor I

Thank you for your support.

BR,

Faizy

0 Kudos
Reply