ATAES132a MAC Generation for Decryption

Go To Last Post
6 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

This question is related to https://community.atmel.com/forum/ataes132a-help-decryption-mac-error

 

I am asking in a new thread because I believe my question has changed from why am I getting a MAC error to, this question "How to generate a MAC for Decryption". I am trying to do a simple Encryption and decryption on the same ATAES132a device. Am calculating the MAC correctly? I don't think I need to use CTR mode, as I am not using the AUTH command.

 

I.3 MAC Generation

The following example shows how the integrity MAC is calculated for an authentication operation requiring up to 14 bytes of authenticate-only data. This operation involves three passes through the AES crypto engine; all three using the same key. If there are more than 14 bytes of authenticate-only data, then another pass through the AES crypto engine is required. There are two passes through the AES crypto engine in CBC mode to create the cleartext MAC. The inputs to the crypto engine for those blocks are labeled B0 and B1, and the outputs are B’0 and B’1, respectively.

 

• B0 is composed of the following 128 bits:

– 1 byte flag, a fixed value of b0111 1001.
– 12 byte Nonce, as generated by the Nonce command.
– 1 byte MacCount, one for first MAC generation.
– 2 byte length field, always 0x00 00 for authentication only.

• B1 is the XOR of B’0 with the following 128 bits:
– 2 byte length field, size of authenticate-only data.
– 14 byte data to be authenticated only.

• B’1 is the cleartext MAC, which must be encrypted before being sent to the system.

There is one additional pass through the AES crypto engine in CTR mode to create the key block that is used to encrypt the MAC. The input to the crypto engine for this block is labeled A0 and the output is A’0. A’0 is the MAC sent to the system as the output parameter of the Auth command.

• A0 is composed of the following 128 bits:
– 1 byte flag – fixed value of b0000 0001.
– 12 byte Nonce – as generated by ATAES132A during Nonce command.
– 1 byte MacCount – one for first MAC generation.
– 2 byte counter field – always 0x00 00 for A0.

• A’0 is XOR’d with the cleartext MAC (B’1) and sent to the system.

Input integrity MACs for Auth, Counter, KeyCreate, and Lock are also calculated using this procedure. If the input MAC does not match A’0, then the command returns an AUTH error.

Code:

 

 uint8_t key[16] = {0x4D,0x79,0x53,0x65,0x63,0x72,0x65,0x74,0x6B,0x65,0x79,0x32,0x30,0x31,0x38,0x40};
 uint8_t b0[16] =  {0x79,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0xA5,0x01,0x00,0x00};
 uint8_t b1[16] =  {0x00,0x0E,0x06,0x00,0x00,0x00,0x00,0x0B,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

 uint8_t b0_result[16];
 uint8_t b1_result[16];

 int i;
 // pass 1 (CBC Mode)
 for(i = 0; i < 16;i++){
     b0_result[i] = b0[i] ^ key[i];
 }
 // pass 2 (CBC Mode)
 for(i = 0; i < 16;i++){
     b1_result[i] = b0_result[i] ^ b1[i];
 }

 printf("Out Mac [Clear Text]:\t");
 for(i = 0; i < 16;i++){
     printf("0x%02X ",b1_result[i]);
 }
 printf("\n");
 printf("Out Mac [Clear Text]:\t");
 for(i = 0; i < 16;i++){
     printf("%02X ",b1_result[i]);
 }
 printf("\n");

Output:

Out Mac [Clear Text]:   0x34 0xD2 0xF0 0xC0 0xC6 0xD7 0xC0 0xDA 0xCF 0xC0 0xDC 0x97 0x95 0x30 0x38 0x40
Out Mac [Clear Text]:   34 D2 F0 C0 C6 D7 C0 DA CF C0 DC 97 95 30 38 40

 

"When all else fails, read the directions"

Last Edited: Thu. Jun 28, 2018 - 11:27 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

** bump ***

"When all else fails, read the directions"

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Your question is not really MCU related, maybe there is a better place to ask it.

But have you exhausted all resources available here:

http://www.microchip.com/develop...

Seems there is a library available.

/Lars

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Lajon wrote:
Seems there is a library available.

Thx - Yes I've reviewed this library. From what I can tell its a handles all the transactions, e.g. Encrypt, KeyCreate etc..., but assumes the inputs are correct. In my case, I am stuck on how to the create the integrity MAC. As I comb the internet, it seems I need to know a how to CBC and CTR the data. There is an example AES project in ASF, which does thesecalculations, but I am not sure if I am calculating correctly.  I have put in a ticket with MicroChip/Atmel.. Wish me luck.

 

 

"When all else fails, read the directions"

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

 

I know this is a late reply but I don't check the forum very often now, so you may well have solved this by now.

 

Anyway... there is a spreadsheet detail MAC calculation & MAC encipherment/decipherment attached to the following thread:

 

https://community.atmel.com/foru...

 

Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

anha6317 wrote:
I know this is a late reply but I don't check the forum very often now, so you may well have solved this by now.   Anyway... there is a spreadsheet detail MAC calculation & MAC encipherment/decipherment attached to the following thread:   https://community.atmel.com/foru...   Regards.

 

Thanks but what I needed was an AES library to calculate the MAC in CCM mode on the software side. I put in a ticket with MicroChip and they provided a nice small AES library. I was able to get everything working, Hardware Encryption, Decryption, EncRead, EncWrite, Keyload (volatile and Key memory), KeyCreate and lastly Authentication. Now on to conquer the ATSHA204a...

"When all else fails, read the directions"