RE: AES -CCM

bjorn-spockeli — Mon, 03 Jun 2019 09:38:24 GMT

The nrf_crypto library uses NRF_CRYPTO_ALLOC and NRF_CRYPTO_FREE, which is are wrapper for nrf_malloc() and nrf_free() respectively. The allocated memory is used to store context variables for the cryptograpic operation, see nrf_crypto_aes_crypt below.

ret_code_t nrf_crypto_aes_crypt(nrf_crypto_aes_context_t * const    p_context,
                                nrf_crypto_aes_info_t const * const p_info,
                                nrf_crypto_operation_t              operation,
                                uint8_t *                           p_key,
                                uint8_t *                           p_iv,
                                uint8_t *                           p_data_in,
                                size_t                              data_size,
                                uint8_t *                           p_data_out,
                                size_t *                            p_data_out_size)
{
    ret_code_t ret_val;
    void *     p_allocated_context = NULL;

    nrf_crypto_aes_context_t * p_ctx = p_context;

    VERIFY_TRUE(p_info != NULL, NRF_ERROR_CRYPTO_INPUT_NULL);

    if (p_ctx == NULL)
    {
        p_allocated_context = NRF_CRYPTO_ALLOC(p_info->context_size);
        if (p_allocated_context == NULL)
        {
            return NRF_ERROR_CRYPTO_ALLOC_FAILED;
        }
        p_ctx = (nrf_crypto_aes_context_t *)p_allocated_context;
    }

    ret_val = nrf_crypto_aes_init(p_ctx, p_info, operation);
    NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(ret_val, p_allocated_context);

    ret_val = nrf_crypto_aes_key_set(p_ctx, p_key);
    NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(ret_val, p_allocated_context);

    ret_val = nrf_crypto_aes_iv_set(p_ctx, p_iv);
    /* not all AES modes support IV */
    if (ret_val != NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE)
    {
        NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(ret_val, p_allocated_context);
    }

    ret_val = nrf_crypto_aes_finalize(p_ctx,
                                      p_data_in,
                                      data_size,
                                      p_data_out,
                                      p_data_out_size);
    if (ret_val != NRF_SUCCESS)
    {
        /* Context was not successfully deinitialized in nrf_crypto_aes_finalize */
        UNUSED_RETURN_VALUE(nrf_crypto_aes_uninit(p_ctx));
    }

    if (p_allocated_context != NULL)
    {
        NRF_CRYPTO_FREE(p_allocated_context);
    }

    return ret_val;
}

The AES-CCM peripheral is blocked when the SoftDevice is enabled, please see the System on Chip resource requirements in the S132 SoftDevice specification. It is possible to access the blocked peripherals by using the Timeslot API, see Concurrent multiprotocol implementation using the Radio Timeslot API in the SoftDevice specification.

Best regards

Bjørn