I am currently trying to use the CAAM to encrypt/decrypt buffers with AES CCM algorithm. I can successfully encrypt and decrypt some buffers, but sometimes (about 1% of the samples), the TAG verification fails during decryption, despite the TAG being valid.
Here is an example of CAAM job I am using:
- AES key is 128 bits, all 0.
- Encrypted buffer is 4 bytes: 0x37, 0xee, 0xf4, 0xa3.
- Tag is 16 bytes: 0xa2, 0x18, 0x45, 0xe6, 0x93, 0x8b, 0x03, 0x0d, 0x67, 0xdc, 0xc6, 0xcc, 0xdc, 0xaa, 0x3e, 0x38.
- Corresponding decrypted buffer is: 0x0, 0x0, 0x0, 0x0.
b0800011 # Header
02800010 # Load class 1 key (AES 128, all 0)
8210080e # Operation: AES CCM, decrypt and check tag
12200038 # Load context from 4e08d220
22530000 # Fifo load 4 bytes of data from 4e08f5c0
60700000 # Fifo store 4 bytes of data to 4e08f580
223b0010 # Fifo load tag from 4e08f54
If I run the same job several times, the test will fail once in a while. CAAM error is 20000f1a: CCB error with AES ICV check, command 15 (fifo load tag).
Between each iterations:
- The job is not modified (I always use the same job).
- Referenced memory areas are not modified (caches are flushed before the first iteration).
- Only one core of the CPU is used to ensure no other core is modifying memory or interacting with the CAAM.
Only some CCM parameters seem to trigger the issue:
- TAG length of 14 or 16 bytes.
- Data length up to 16 bytes.
I have never had any issue regarding other tag lengths or with longer data buffers. There isn't any issue with AES CCM encryption.
Is there something I am doing wrong here ? Is there any external cause that may trigger this issue ?