Bluetooth Firmware AES implementation and replacement possibility

Hello,

In regards to the nRF Connect SDK...

I am looking into the possibility of switching out the current implementation of AES used by the Bluetooth firmware. I am curious if my initial impressions/intuition of where this would be done is correct, based on the naming convention of the SDK "subsys/bluetooth/controller/".

It seems that the AES solution used by the bluetooth module is located here in crypto.c. This obviously calls down to the MPSL layer implementation of AES ECB which I think is closed sourced? Anyways if I wanted to experiment with my own AES ECB solution for Bluetooth firmware would it be acceptable to patch both bt_encrypt_le and bt_encrypt_be to call my implementation of AES ECB for Big/Little Endian instead of the code calling down to the MPSL implementation.

The other part to this question is, am I looking in the wrong area for the firmware used by the Bluetooth module if not where should I look or is that closed sourced?

If I am looking at the correct location in the SDK is there already a system in place via kconfig/build system to switch this instead of patching crypto.c?

Thanks!

Top Replies

Parents

0 Emil Lenngren over 1 year ago

Why would you want to do that? The AES implementation in MPSL uses the ECB hardware peripheral. MPSL's job is to make sure that the hardware resources are not used by several pieces of code at the same time.

A custom software replacement would possibly be too slow so it's nothing I would recommend.

Note that the normal Link Layer encryption (encryption of radio packets) is performed by the CCM peripheral in sync with receiving/sending radio packets on the air, initiated by the hardware automatically using PPI.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Emil Lenngren over 1 year ago

Why would you want to do that? The AES implementation in MPSL uses the ECB hardware peripheral. MPSL's job is to make sure that the hardware resources are not used by several pieces of code at the same time.

A custom software replacement would possibly be too slow so it's nothing I would recommend.

Note that the normal Link Layer encryption (encryption of radio packets) is performed by the CCM peripheral in sync with receiving/sending radio packets on the air, initiated by the hardware automatically using PPI.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 night1rider over 1 year ago in reply to Emil Lenngren

Hello,

I am just simply researching the potential of doing such a thing, whether or not it is practical is not for me to determine currently.

From my understanding you are saying that upon a request to send, the packet I send is automatically encrypted via the AES-CCM hardware component as described in this section as "On the Fly".

It does look possible to disable that hardware component.

Thank you for this information!

Do you happen to know what the ECB functions in crypto.c are used for specifically?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Emil Lenngren over 1 year ago in reply to night1rider

The ECB functions are used for more infrequent operations, such as in the pairing protocol (SMP) as well as when the session key for the link layer encryption setup is derived (typically at the beginning of encrypted connection setup).
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel