• State Verified Answer
  • Replies 2 replies
  • Subscribers 67 subscribers
  • Views 1651 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 105047
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF51422 AES app mode with soft module S110

Jim Dattolo

There are a few threads on using the AES module and there is a lot of confusing and somewhat contradictory information.

I want to do the following:

  1. generate secure random numbers via hw (e.g. using radio noise and entropy calcs)
  2. encrypt and decrypt data using ECB hardware acceleration with no counters
  3. I will be doing the CBC chaining on the side in sw.
  4. this is all in support of a diffie-hellman 1024 bit key exchange protocol we are implementing outside of the normal BLE encryption (which I am not ever going to be using)

Some posts state that only encryption can be done and not decryption, others state that you must use counter mode, while others state that the block is used by BLE and not available for use. Is there an example somewhere where data is encrypted and decrypted using ECB in hardware with a shared key? I understand how its done, just not how to get the hardware acceleration working. My previous HW solution also couldn't handle the CBC stuff in hardware since only one IV could be managed so all of my existing code is doing the block chain manually anyway.

-Jim

  • 0

    Nordic Support, Any comments on the question above? I am also interested in knowing this for nRF51822 regards!

  • 0

    I'm not a cryptographic expert, but I will try to answer your questions.

    1. To generate random numbers you can use the Random Number Generator, please see Section 21 in the nRF51 Series Reference Manual v3.0 for more information. It creates generates true non-deterministic random numbers based on internal thermal noise. The Random Number Generator Example might also be helpful.
    2. The AES ECB module (see Section 23 in the nRF51 Series Reference Manual v3.0) only does encryption. Counter mode only requires a encryption module and that is why it has been suggested previously.
    3. CBC seems to require a decryption module, so I don't think it can be implemented.

    Please see Section 10.2 in the S110 SoftDevice Specification v1.3 for what hardware blocks that are open, restricted, and open when the SoftDevice is active. CCM is blocked, while ECB is restricted. Restricted means that the application has limited access throught the SoftDevice API.

    We don't have an example, but it should easy just to use the following function from nrf_soc.h:

    /**@brief Encrypts a block according to the specified parameters.
 *
 * 128-bit AES encryption.
 *
 * @param[in, out] p_ecb_data Pointer to the ECB parameters' struct (two input
 *                            parameters and one output parameter).
 *
 * @retval ::NRF_SUCCESS
 */
SVCALL(SD_ECB_BLOCK_ENCRYPT, uint32_t, sd_ecb_block_encrypt(nrf_ecb_hal_data_t * p_ecb_data));
Related