• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 55 subscribers
  • Views 3112 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Difference between AES CCM and AES-CCM*

Fredrik Isaksson
Intellectual 630 points


Hi guys,

I'm working a little in python to make a helping tool for when I'm working in ZigBee. This is to verify messages, help in testing (simulating nodes for example). 

So I have a package in Python that supports AES-CCM (pycryptodome), but I'm having some issues (that's an understatement :) ) getting the same result between the message I sniffed and trying to reproduce (to verify the python code).

I understand that CCM* is just a specific way to use CCM, for example what's included when calculating the MAC, and what the nonce shall be. The AuthData shall be the NwkHeader and AuxHeader, to be included when calculating the MAC. The nonce shall be extended src || security frame counter || security control field (all in all, 13 bytes, 8 +4 +1). I include the AuthData before calculating the MAC, I have the nonce as input as well when encrypting.

So, if someone have some pointers for me, done something similar, or have example vectors that I can try to see how it goes, it would be awesome.

This is a bit narrow area, perhaps the wrong forum?

Thanks and best regards

Fredrik

  • 0
    Intellectual 630 points
    FYI, When I use example from a .doc (Formal Specification of the CCM* Mode of Operation, from IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)) it seems to go well.
    I wonder if I have done some mistake in the formatting, and/or little/big endian.
  • 0 in reply to Fredrik Isaksson
    Intellectual 630 points

    I seem to have some issue with either the key or nonce.

    If someone have worked with this encryption could provide example data from zigbee (i.e. the nwk header, aux header, ciphertext, plaintext, and mic) or point me in the right direction it would be greatly helpful. 

    I have uploaded the script for whoever who wants it, you need pycryptodome to use it. Some fields are wrong, but what I've done is to compare the result (ciphertext and mic) with what I've sniffed and can clearly see that they are wrong. If I manage (or someone else) to fix it, I can post an updated version

    https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/158/zigbeehelperPublic.7z

  • 0 in reply to Fredrik Isaksson
    Prodigy 50 points

    Hi Fredrik.

    I came across your post about the zigbee encryption. And I'm very curious if you get the AES_CCM mode running. 

    I have similar problems. I'm working on a very simple zigbee transmitter. I'm trying to send a valid message. But I'm strungling with the encryption of the nwk layer. I'm using an integrated IEEE 802.15.4  transceiver with an encryption engine. And I get different results for the encryption. I tried to use the python script. I used the integrated encryption engine of the chip. And I have one reference board which sends a correct encrypted frame. But neither the python script nor the integrated AES engine gives me the same result.

    Do you know if AES_CCM and AES_CCM* is different?

    Thanks alot,
    Andreas

  • 0 in reply to Andreas Auer
    Intellectual 630 points
    Hi,
    Not sure that I can be of too much help but here's my input:
    CCM vs CCM*, I'm not sure if you are refering to a module but CCM* is a specific "way" to use CCM, more info about that is in my first post.
    Unfortunately the work I was doing wasn't crucial for my job, more knowledge gathering and I never succeeded with making a correct encryption outside Zigbee (in your case the reference board).
    I'm not sure why that is, but if you look into AES encryption I wonder if the number of rounds or S-Box is different. However it should be possible to find out what is what since I've used wireshark to decrypt messages.
    Best of luck
  • 0 in reply to Fredrik Isaksson
    Prodigy 50 points
    Thanks for your reply. I managed to get the same result from your python script and my AES engine of the transceiver chip. That's good. But the result is different from the valid encrypted message.

    So, you mean CCM* is basically CCM but specifies that you need to use a special nonce and the nwk header + auth header for the calculation?!

    Thanks,
    Andreas