This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AES Encryption through HCI interface in CC2650 not working

I am facing issue in encrypting the data. I have used HCI_LE_EncryptCmd(uint8 *key, uint8 *plainText) function to do so.

I have checked it through debugging. It neither encrypts the data nor sets a valid return value. (the return value it says is "error/ambiguous")

Kindly let me know if I am missing anything.

Also it would be better if you can share a sample example for encrypting the plain data..

  • PS: I have used SimpleBLEPeripheral Project for the implementation
  • Abhijeet,

    It is not easy to provide a good answer as "error/ambigous" is not very descriptive?

    Do you get HCI_SUCCESS (0x00) as return parameter from the command?

    If yes, you need to wait until the HCI_COMMAND_COMPLETE event is returned from the stack.

    The internal HCI command complete evnent for HCI_LE_ENCRYPT is sent to GAPRole on completion, because GAPRole has registered for "unwanted" stack messages. See 5.6.2 Receiving HCI Extension Events in the Application in the Software Developers Guide (SWRU393).

    This can be inserted into the SimpleBLEPeripheral application:

    __root uint8_t myKey[16]        = {0};
    __root uint8_t myPlainText[16]  = {0};
    __root uint8_t myCipherText[16] = {0};
    
    void myEncryptCb(uint8_t status, uint8_t* encryptedData) {
      memcpy(myCipherText, encryptedData, 16);
    }
    
    
    static void SimpleBLEPeripheral_performPeriodicTask(void)
    {
    
      HCI_LE_EncryptCmd(myKey, myPlainText);
    

    And an event listener must be added to the GAPRole (peripheral.c)

    static void gapRole_processStackMsg(ICall_Hdr *pMsg)
    {
      switch (pMsg->event)
      {
      case HCI_SMP_EVENT_EVENT:
    
          if( pMsg->status == HCI_COMMAND_COMPLETE_EVENT_CODE  )
          {
            hciEvt_CmdComplete_t *pPkt = (hciEvt_CmdComplete_t *)pMsg;
    
            if (pPkt->cmdOpcode == HCI_LE_ENCRYPT)
            {
              extern void myEncryptCb(uint8_t, uint8_t *);
              myEncryptCb(pPkt->pReturnParam[0], &pPkt->pReturnParam[1]);
            }
          }
    
        break;
    
        case HCI_GAP_EVENT_EVENT:
          if (pMsg->status == HCI_COMMAND_COMPLETE_EVENT_CODE)
          {
            hciEvt_CmdComplete_t *pPkt = (hciEvt_CmdComplete_t *)pMsg;
    
            if (pPkt->cmdOpcode == HCI_READ_RSSI)

    This will call myEncryptCb when the result is ready. Note that the SimpleBLEPeripheral function is only called when in a connection.


    Regards,
    Svend

  • Hello Sir,
    Thanks for your reply. I have implemented exactly as you mentioned. But it is still not working.
    It is showing some values in encrypted text (myCipherText), but the issue now is the encrypted text remains the same even if the plain data (myPlainText) is changed.
    Please suggest the changes if any that I should make in my code.
  • Abhijeet,

    We have discussed this a bit internally and found that the application should ideally not use the HW AES encryption module as it might interfere with when the BLE stack needs to perform encryption.

    There is a ROM version of AES ECB that you can use to achieve the same functionality. The APIs are:

    AES_ECB_EncryptData(inputData, 16, AESkey);
    memcpy(encryptedData, inputData, 16);
    
    AES_ECB_DecryptData(inputData, 16, AESkey);
    memcpy(decryptedData, inputData, 16);

    [Link removed by TI]

    .:svend

  • I am also trying to encrypt/decrypt on the 2650. I implemented the first solution, via HCI, that you proposed and it worked fine for me.
    It's crucial for my application to have hardware acceleration on AES and we never use encrypted communication on BLE, since we encrypt them ourselves.

    Do you still see a possible problem with the stack given that we encrypt the packets ourselves?

    Also, I didn't find a definition of the ROM versions in any header files. I tried the code you proposed above, but I end up with an undefined symbol. Maybe I need to add something? But that won't use the hardware?
  • Hello,
    As mentioned by Luca, I too havent found any definition of the above API's (AES_ECB_EncryptData & AES_ECB_DeccryptData) in any of the header files.
    The linker ends up with the error, saying no definition found. :(
    Do I need to include any specific header file?
  • Hi,

    The definitions are for now found only in a stack side ROM->RAM jump table which makes them fairly hard to use. I am assigning the thread to the stack team to see if they have some knowledge on this.
    For next release of CC26XXWARE there will be a utils folder available with a set of files called RomEncryption.c/h which will contain all you need for using SW encryption in ROM.

    Regards,
    Svend
  • Thank You Svend for the information.

    Till when we can expect the next release of CC26XXWARE?

    Regards,

    abhijeet

  • Hi, I get "access denied" when trying to download RomAES128Encryption.zip.

    Also, I still didn't get it: if I am NOT using encryption in the BLE layer at all (all the AES is done by us at app level) is it still better not to use the first method suggested?
  • Other question: the first example provided for encrypting works fine, but I cannot get the decrypt to work.
    I understand that the decrypt is an extended HCI command.

    I added the following code:

    case HCI_EXT_CMD_EVENT:
    if( pMsg->status == HCI_COMMAND_COMPLETE_EVENT_CODE )
    {
    hciEvt_VSCmdComplete_t *pPkt = (hciEvt_VSCmdComplete_t *)pMsg;

    if (pPkt->cmdOpcode == HCI_EXT_DECRYPT)
    {
    extern void myDecryptCb(uint8_t, uint8_t *);
    myDecryptCb(pPkt->pEventParam[0], &pPkt->pEventParam[1]);
    }
    }
    break;

    but I never get HCI_EXT_CMD_EVENT after calling HCI_EXT_DecryptCmd.

    I started to look into functions like HCI_SMPTaskRegister, but I don't know how to properly hook them up.

    Any ideas?
  • processors.wiki.ti.com/.../CC2640_AES_Encryption
    On this page, I am getting Access denied when I try to download the RomAES128Encryption.zip file.

    regards,
    Abhijeet
  • Hi Abhijeet,

    We will provide an official API to this instead through CC26XXWARE when we do a release of this next week.

    Regards,
    Svend
  • Instead of modifying "gapRole_processStackMsg()" of peripheral.c this can be done in a better way -
    1. Call "GAP_RegisterForMsgs(self_entity);" in "Init" function
    2. In "_processStackMsg()" function add a case for "HCI_SMP_EVENT_EVENT" (case HCI_SMP_EVENT_EVENT: ) and then check the status if "(pPkt->cmdOpcode == HCI_LE_ENCRYPT)" as stated above.

    Encryption now works for me. (TI RTOS - 2.14.01.20; CC26XXWARE - 2.21.03.15980)

    This is in response to -

    _______________________________________

    And an event listener must be added to the GAPRole (peripheral.c)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    static void gapRole_processStackMsg(ICall_Hdr *pMsg)
    {
      switch (pMsg->event)
      {
      case HCI_SMP_EVENT_EVENT:
          if( pMsg->status == HCI_COMMAND_COMPLETE_EVENT_CODE  )
          {
            hciEvt_CmdComplete_t *pPkt = (hciEvt_CmdComplete_t *)pMsg;
            if (pPkt->cmdOpcode == HCI_LE_ENCRYPT)
            {
              extern void myEncryptCb(uint8_t, uint8_t *);
              myEncryptCb(pPkt->pReturnParam[0], &pPkt->pReturnParam[1]);
            }
          }
        break;
        case HCI_GAP_EVENT_EVENT:
          if (pMsg->status == HCI_COMMAND_COMPLETE_EVENT_CODE)
          {
            hciEvt_CmdComplete_t *pPkt = (hciEvt_CmdComplete_t *)pMsg;
            if (pPkt->cmdOpcode == HCI_READ_RSSI)

    _______________________________________


    Thanks for the above answer!