Addtional details of ESP-NOW security implementation (AEGHB-805)

espressif / esp-now

A connectionless Wi-Fi communication protocol

Apache License 2.0

540 stars 94 forks source link

Addtional details of ESP-NOW security implementation (AEGHB-805) #128

Open ChuckMash opened 1 month ago

ChuckMash commented 1 month ago

Hello,

In the documentation it is mentioned PMK is used to encrypt LMK with the AES-128 algorithm and LMK of the paired device is used to encrypt the vendor-specific action frame with the CCMP method

In what way is the LMK encrypted by the PMK before use with encrypting the frame?

Is there a specific AES cipher or method used with a specific nonce?

Thank you

zhangyanjiaoesp commented 1 month ago

ESP-NOW use AES-ECB to encrypt LMK using PMK.

ChuckMash commented 1 month ago

Thank you.

Are you also able to detail the nonce used with the key for decryption of the CCMP data?

I am under the impression that the nonce bytes are as follows: 0x00 addr2[6] PN5 PN4 PN3 PN2 PN1 PN0

ChuckMash commented 1 month ago

Confirmed, thank you for your assistance.

ChuckMash commented 1 month ago

Hello,

Are you able to describe the byte formats and process for calculating the 8 byte message authentication code at the end of the AES-CCM encrypted data?

Thank you