Because of the holidays, TI E2E™ design support forum responses will be delayed from Dec. 25 through Jan. 2. Thank you for your patience.

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC1200 AES CBC decrypt

Other Parts Discussed in Thread: CC1200

Hi,

Is there a way to decrypt a 16 byte block using CC1200? I see the option to encrypt (CBC) but I don't see how to decrypt.

Thx

  • Hi

    The CC1200 does only have a CBC encryption module, it is not possible to do CBC decryption. The reason why the chip only has the CBC encryption module is because the intended AES mode to be used are Counter Mode (CTR), which only requires the CBC encryption module for both CTR encryption and decryption. See:

    http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

  • Thx for the answer. 

    I am not encryption expert and maybe this is not the forum for my question but I will try :-)

    I need to encrypt small blocks of 8 bytes / 16 bytes (I don't want to encrypt / decrypt the whole message only part of it). Can I use the AES CTR mode to encrypt /decrypt only part of the message (e.g., the message length is 24 bytes and I want to encrypt / decrypt only bytes 8 to 15)? Do you have an example code for this case?

    Thx

  • Hi

    These small code snippets will uses the CBC encryption module of the CC1200 to encrypt and decrypt 16 byte blocks of data:

    /******************************************************************************
    * @fn          runAesCtrBlockEncryption
    *
    * @brief       performs AES CTR encryption on 128 bit block of data  
    *                
    * @param       chiperData - pointer to array for encrypted data
    *              nonce 	  - pointer to 128 bit nonce or initialization vector
    *	       aesKey 	  - pointer to 128 bit aes encryption key
    *              plainData  - pointer to array containing data to be encrypted
    *
    * @return      none
    */
    #define AES_BLOCK_SIZE      16
    void runAesCtrBlockEncryption(uint8* chipherData,uint8* nonce, uint8* aesKey, uint8* plainData){
      
      static uint8 chipherBlock[AES_BLOCK_SIZE] = {0};
      
      // Write 128 bit nonce into plain data memory input
      cc120xSpiWriteReg(CC120X_AES_BUFFER, nonce, AES_BLOCK_SIZE);
      
      // Write 128 bit aes key into key memory input
      cc120xSpiWriteReg(CC120X_AES_KEY, aesKey, AES_BLOCK_SIZE);                      
      
      // Execute aes run
      writeByte = 0x01;
      cc120xSpiWriteReg(CC120X_AES, &writeByte, 1);
      
      // Wait for AES operation to finish
      while((writeByte & 0x01)== 0x01 ){
        cc120xSpiReadReg(CC120X_AES, &writeByte, 1);
      }
      
      // Read chipher block
      cc120xSpiReadReg(CC120X_AES_BUFFER, chipherBlock, AES_BLOCK_SIZE);
      
      // XOR chipher block with plain data 
      for (uint8 i = 0; i < AES_BLOCK_SIZE; i++)
      {
        chipherData[i] = (plainData[i] ^ chipherBlock[i]);
      }  
    }

    /******************************************************************************
    * @fn          runAesCtrBlockDecryption
    *
    * @brief       performs AES CTR encryption on 128 bit block of data  
    *                
    * @param       chiperData - pointer to array containing encrypted data
    *              nonce 	  - pointer to 128 bit nonce or initialization vector
    *	       aesKey 	  - pointer to 128 bit aes encryption key
    *              plainData  - pointer to array for decrypted data
    *
    * @return      none
    */
    #define AES_BLOCK_SIZE      16
    void runAesCtrBlockDecryption(uint8* chipherData,uint8* nonce, uint8* aesKey, uint8* plainData){
      
      static uint8 chipherBlock[AES_BLOCK_SIZE] = {0};
      
      // Write 128 bit nonce into plain data memory input
      cc120xSpiWriteReg(CC120X_AES_BUFFER, nonce, AES_BLOCK_SIZE);
      
      // Write 128 bit aes key into key memory input
      cc120xSpiWriteReg(CC120X_AES_KEY, aesKey, AES_BLOCK_SIZE);                      
      
      // Execute aes run
      writeByte = 0x01;
      cc120xSpiWriteReg(CC120X_AES, &writeByte, 1);
      
      // Wait for AES operation to finish
      while((writeByte & 0x01)== 0x01 ){
        cc120xSpiReadReg(CC120X_AES, &writeByte, 1);
      }
      
      // Read chipher block
      cc120xSpiReadReg(CC120X_AES_BUFFER, chipherBlock, AES_BLOCK_SIZE);
      
      // XOR chipher block with chipher data 
      for (uint8 i = 0; i < AES_BLOCK_SIZE; i++)
      {
         plainData[i]= (chipherData[i] ^ chipherBlock[i]);
      }  
    }

  • Great, Thx, I will try it.

  • The CC1200 usermanual doesn't  mention anywhere about xor function about encryption. For CBC AES encryption it doesn't even mention anything about initializing vector. Also for CTR encryption the usermanual has more spesifications and actions required. So, can you explain a bit what are you doing in your code? My thought for CBC encryption when reading the usermanual was to write my content for encryption at AES_BUFFER and then when encryption is done (checking AES register just like you) to read the data that are overwriten at this buffer. I thought the encryption was performed by HW only, isn't that correct?

  • Hi Chris

    I’m sorry if the user guide is a bit short when it comes to the AES functionality. We are currently working on an application report covering the AES functionality in greater depth. Hopefully this will be available on the web within a couple of weeks.

    In the meantime let me try to give you a bit more details.

    It is right that the user guide does not mention the initialization vector (IV). The HW support for CBC block operations is restricted to the block cipher encryption of the 16 byte data block. It is up to the software the XOR the plaintext data with an IV before loading it to the AES module. This IV is up to the user to decide.

    The code snippet above shows how to use the CBC encryption in the AES module to perform CTR block encryption and decryption. In CTR you use the encryption module for both encryption and decryption by XOR’ing the plain text data with the output from the CBC encryption module. In that way you can simply revert the procedure to decrypt the encrypted data.

    When doing CTR we do not use an IV, but instead we use a nonce, which increments for each block operation. The IV and nonce is almost the same thing but while CBC XOR’s the plain text with the IV before doing the block encryption, the CTR does the block encryption directly on the nonce and XOR’s the result of the encrypted nonce with the plain text data.

    I hope this clarifies what the code does. If not, do not hesitate to follow up with more questions.
  • thanks for the reply and your time. So, if i m correct, if i want to perform cbc encryption i have to XOR plain data with the IV and then load the result to aes_buffer to make the encryption? After this, at the decryption part, i must use the same key to perform the procedure on receiver aes module? Then read data from aes_buffer and perform XOR with the same IV? Or should i perform XOR the incoming data with the IV and then run the aes procedure to have the correct data? Last thing, what about the IV in CBC? Do they have to change with every block encrypted? thaks a lot again.

  • Hi Chris

    You are partly right. To encrypt in CBC mode you XOR the IV with the first plain data block before writing it to the aes_buffer, perform the encryption and then read out the ciphered block. The next data block needs to be XOR'ed with the cipher block from the first run and so on. See illustration below:

     

    however, the CC1200 only has a encryption module so it will not be able to decrypt any CBC encrypted data.

    For the CC1200 to be able to both encrypt and decrypt you need to use AES Counter (CTR) mode. This mode uses the encryption module both for encryption and decryption.

    The code snippets posted in the earlier posts shows how CTR block operations are done with the CC1200.

  • Ok, so, since i go for CTR encryption to use CC1200, should i use those snippets? There are some instructions in datasheet for CTR encryption(commands, parameters etc) for both encryption on TXFIFO and decryption on RXFIFO. Are these snippets equivalent to that? I mean is it still CTR encryption if i use them and is it the exact same result as the one given by the procedure described in the datasheet? Thanks a lot again.

  • Hi

    The CC1200 supports two modes of operation when it comes to AES. One is the ability to use the CC1200 as an encryption module to do block encryption. This is what the code snippets above shows. The second method is to let the CC1200 do CTR encryption and decryption directly on the packets that lies in the RX and TX FIFO. This will be the preferred method if it is RF packets you want to encrypt or decrypt. The procedure for the latter is described in the users guide, and will be shown in the application report that we will publish any day now. I will post a link to this as soon as it is online.