EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using AES CCM encryption/decryption

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#35606
Posted: 01/19/2016 11:20:59
by Guillaume Leroi (Standard support level)
Joined: 01/19/2016
Posts: 3

Hello,

i'm trying to use TelAesSymmetricCrypto in CCM mode.
In the code sample attached to this post, i have a method to encrypt and one to decrypt.

Code
using DataAccess.PlcG3.Frames.Mac;
using DataAccess.PlcG3.Tools;
using SBSymmetricCrypto;

namespace DataAccess.PlcG3.Security
{
    public class SbbMacCcmCipher : MacCcmCipher {
        public SbbMacCcmCipher(byte[] gmk)
            : base(gmk)
        {
            SBBContext.InitializeSecureBlackbox();
        }

        private TElSymmetricCrypto CreateAesEngine(byte[] key)
        {
            const int SB_ALGORITHM_CNT_AES128 = 0x7005;
            var factory = new TElSymmetricCryptoFactory();
            var engine = factory.CreateInstance(SB_ALGORITHM_CNT_AES128, TSBSymmetricCryptoMode.cmCCM);

            engine.KeyMaterial = new TElSymmetricKeyMaterial()
            {
                Key = key
            };
            engine.Padding = TSBSymmetricCipherPadding.cpNone;
            return engine;
        }

        public override byte[] DecryptPayload(MacFrame frame, byte[] mhr, byte[] payload)
        {
            var engine = this.CreateAesEngine(this.Gmk);
            var a = this.CreateAData(frame, mhr);
            var nonce = this.CreateNonce(frame);

            engine.Nonce = nonce;
            engine.AssociatedData = true;
            engine.TagSize = 4;

            var output = new byte[payload.Length];
            var outputSize = payload.Length;

            engine.DecryptAEAD(a, 0, a.Length, payload, 0 , payload.Length, ref output, 0, ref outputSize);
            return output;
        }

        public override byte[] EncryptPayload(MacFrame frame, byte[] mhr, byte[] payload)
        {
            var a = this.CreateAData(frame, mhr);
            var nonce = this.CreateNonce(frame);

            var engine = this.CreateAesEngine(this.Gmk);
            engine.Nonce = nonce;
            engine.AssociatedData = true;
            engine.TagSize = 4;

            var output = new byte[payload.Length + engine.TagSize];
            var outputSize = payload.Length + engine.TagSize;

            engine.EncryptAEAD(a, 0, a.Length, payload, 0, payload.Length, ref output, 0, ref outputSize);
            return output;
        }
    }
}


My test is basically to encrypt some data, and then decrypt it to check if i get the same data and authentication tag.

Unfortunately, the DecryptAEAD method seems to not fill the output buffer with any result.

Does somebody have any suggestions or informations on how to configure calls to DecryptAEAD ?
#35607
Posted: 01/19/2016 11:26:56
by Eugene Mayevski (EldoS Corp.)

Please re-check that you have data in input and that you pass correct length of the input data. The code of DecryptAEAD method throws exception if there's some error, but if there's nothing in input, the method does nothing and returns silently.


Sincerely yours
Eugene Mayevski
#35608
Posted: 01/19/2016 11:50:15
by Guillaume Leroi (Standard support level)
Joined: 01/19/2016
Posts: 3

I'm sure to have input data.
Specifically:
- nonce is 13 bytes long
F0 C5 00 00 F0 C5 00 00 00 04 EB 09 05

- a is 18 bytes long
09 00 33 69 88 1A C5 F0 07 00 00 00 0D 09 EB 04 00 00

- input/payload is 51 bytes long
84 DB F0 A3 99 23 FE C6 87 3E 0B 26 A6 5E 0F DF
3C 74 E4 00 5D EB 4B F4 4B 4F 86 1C F6 32 2E 88
96 D7 2D B8 64 D4 22 4C 38 85 24 16 B8 B4 A8
E7 B7 D9 DD

The last four bytes are the tag.


- output buffer is 51 bytes long


I have set TagSize to 4.
#35609
Posted: 01/19/2016 11:53:01
by Eugene Mayevski (EldoS Corp.)

Ok. May I ask you to compose the small test case (a complete project please, together with the data and anything else that is relevant), which we can run and see ourselves what's going on? You are welcome to post it to our HelpDesk. I shall convert your initial post into the support request in the HelpDesk and you can pass the project by replying in that request.


Sincerely yours
Eugene Mayevski
#35610
Posted: 01/19/2016 12:12:02
by Guillaume Leroi (Standard support level)
Joined: 01/19/2016
Posts: 3

Sure,

i have send a small Visual Studio project to helpdesk for reproducing the problem.


thank you.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2064 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!