AES CBC 256 encryption on nrf52840

Question

Hi,

I need to use AES CBC 256 encryption/decryption on nrf52840 but since its cyrpto cell only supports AES 128, I tried using mbedtls to do AES 256 encryption. It works fine but if then I add

CONFIG_NRF_SECURITY=y in the prj.conf, the decrypted data doesn't match with original string anymore. It works if either I use 128 bits key size of set

CONFIG_NRF_SECURITY=n.

My problem is that I need to use hardware support for running some other RSA related operations, but I would also like to run AES 256 via software.

How can I do that?

CONFIG_NRF_SECURITY=y

CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
CONFIG_ENTROPY_GENERATOR=y

#include <zephyr/kernel.h>
#include <mbedtls/aes.h>
#include <string.h>

#define AES_KEY_SIZE  32  // AES-256 requires 32 bytes (256 bits)
#define AES_BLOCK_SIZE 16


#define KEY_SIZE 256

static const uint8_t key[AES_KEY_SIZE] = {
    0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
    0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
    0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
    0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};

static uint8_t iv[AES_BLOCK_SIZE] = {
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};

// **PKCS#7 Padding**
static size_t pkcs7_pad(uint8_t *data, size_t data_len, size_t block_size) {
    size_t pad_len = block_size - (data_len % block_size);
    for (size_t i = 0; i < pad_len; i++) {
        data[data_len + i] = (uint8_t)pad_len;
    }
    return data_len + pad_len;
}

// **PKCS#7 Unpadding**
static size_t pkcs7_unpad(uint8_t *data, size_t data_len) {
    uint8_t pad_len = data[data_len - 1];  // Last byte gives padding size
    if (pad_len > AES_BLOCK_SIZE || pad_len == 0) {
        return data_len;  // Invalid padding, return as-is
    }
    return data_len - pad_len;
}


// **AES-256-CBC Encryption**
static int aes_encrypt(const uint8_t *input, size_t input_len, uint8_t *output, size_t *output_len) {
    mbedtls_aes_context aes;
    uint8_t iv_enc[AES_BLOCK_SIZE];
    memcpy(iv_enc, iv, AES_BLOCK_SIZE);  // Use fresh IV

    // **PKCS#7 Pad Input**
    uint8_t padded_input[64];  // Adjust buffer size as needed
    memcpy(padded_input, input, input_len);
    *output_len = pkcs7_pad(padded_input, input_len, AES_BLOCK_SIZE);

    mbedtls_aes_init(&aes);
    mbedtls_aes_setkey_enc(&aes, key, KEY_SIZE);

    int ret = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, *output_len, iv_enc, padded_input, output);
    mbedtls_aes_free(&aes);

    return ret;
}

// **AES-256-CBC Decryption**
static int aes_decrypt(const uint8_t *input, size_t input_len, uint8_t *output, size_t *output_len) {
    mbedtls_aes_context aes;
    uint8_t iv_dec[AES_BLOCK_SIZE];
    memcpy(iv_dec, iv, AES_BLOCK_SIZE);  // Use fresh IV

    mbedtls_aes_init(&aes);
    mbedtls_aes_setkey_dec(&aes, key, KEY_SIZE);

    int ret = mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, input_len, iv_dec, input, output);
    mbedtls_aes_free(&aes);

    // **PKCS#7 Unpad Output**
    *output_len = pkcs7_unpad(output, input_len);
    return ret;
}


// **Main Function**
void main(void) {
    uint8_t plaintext[] = "Hello, AES-256-CBC!";  // 20 bytes
    uint8_t encrypted[64] = {0};
    uint8_t decrypted[64] = {0};
    size_t enc_len, dec_len;

    printf("Plain: %s\n", plaintext);


    // Encrypt
    if (aes_encrypt(plaintext, strlen((char *)plaintext), encrypted, &enc_len) != 0) {
        printf("Encryption failed!\n");
        return;
    }
    printf("Encrypted: ");
    for (size_t i = 0; i < enc_len; i++) {
        printf("%02x", encrypted[i]);
    }
    printf("\n");

    // Decrypt
    if (aes_decrypt(encrypted, enc_len, decrypted, &dec_len) != 0) {
        printf("Decryption failed!\n");
        return;
    }
    decrypted[dec_len] = '\0';  // Null-terminate string
    printf("Decrypted: %s\n", decrypted);
}