How to enable AES-128 Encryption engine in nrf52832 soc

Hi Team,

We are using the nrf52830 SOC for our application. In data sheet mentioned that it supports AES-128 bit Hardware engines (ECB,CCM, AAR). How to enable and use these engines without using the soft libraries like "mbed TLS " and "Optiga".

1. suppose we are using the "mbed TLS " soft library for crypto functionality, how this will in turn uses the AES-128 HW engine from SOC. Similar way for RNG and SHA-256 functionalities as well.

2. How enable and Disable the EasyDMA Driver to AES Engines.

3. For Soft crypto Libraries how to map these HW engines like AES HW, SHA-256 ,RNG and EasyDMA peripherals.If we enable the any crypto mode automatically it will take HW peripherals or only uses soft lib code only.

Eg: HW AES-128 Reg details

Base address                  Peripheral                 Instance                   Description                                                           Configuration
0x4000E000                   ECB                            ECB                        AES electronic code book (ECB) mode

 

Regards,

Srinivas.V

Parents
  • In data sheet mentioned that it supports AES-128 bit Hardware engines (ECB,CCM, AAR)

    The AES-128 support on the NRF52832 is the bare minimum required for BTLE operation. Not really usable for other purposes, with AES-128-CBC as an exception (but you still need to do the XORing in software).

    Note that CCM and AAR are blocked when using softdevice, ECB and RNG are restricted.

  • Hi Turbo,

    Thanks for your reply.

    1. In reply, mentioned that AES-128 required for BTLE operation.By default BTLE is secure communication, or we need to enable this by manually.

    2. But we are using the SoftDevice, along with these RNG and other Soft crypto engines(AES-ECB,ECB),Oberon.Is there any timing impact on these operations.

    3. "ECB and RNG are restricted", but how to avoid timing issues when we are using the RNG and SD operations at a time.

    4. Is there any alternate way to avoid these blocking conditions like EasyDMA or any other techniques we need to implement on top of these Soft Libraries.

    Regards,

    Srinivas.V

  • Hi Srinivas,

    Srinivas V said:
    1. In reply, mentioned that AES-128 required for BTLE operation.By default BTLE is secure communication, or we need to enable this by manually.

    The Bluetooth link will be encrypted if you use pairing/bonding. This is per the BLE specification. Most of the SDK examples use pairing (encrypted link), which is handled by the peer manager SDK library.

    Srinivas V said:
    2. But we are using the SoftDevice, along with these RNG and other Soft crypto engines(AES-ECB,ECB),Oberon.Is there any timing impact on these operations.

    Can you elaborate? Generally, crypto operations are CPU intensive so it will take some CPU time. Note that you canuse the RNG peripheral in a way that is shared with the SoftDevice without a problem.

    Srinivas V said:
    3. "ECB and RNG are restricted", but how to avoid timing issues when we are using the RNG and SD operations at a time.

    You have to use the SoftDevice API's, or support libraries. Unless you have a strong reason for using ECB I suggest you do everything via the nrf_crypto library (examples here). This will handle the complexities of using the RNG for you, but it does not provide a way to use the ECB peripheral. That would be done in SW, which may be most sensible in any case on the nRF52832. Note that you have proper generic HW acceleration for AES on the nRF52840 using the CryptoCell peripheral.

    Srinivas V said:
    4. Is there any alternate way to avoid these blocking conditions like EasyDMA or any other techniques we need to implement on top of these Soft Libraries.

    For SW libraries, DMA is not an option. And regarding not conflicting with the SoftDevice, this is regardless of DMA (which is used), as the problem is that the SoftDevice must be allowed to use the peripheral when it needs it. So you cannot use it for anything else at that time.

Reply
  • Hi Srinivas,

    Srinivas V said:
    1. In reply, mentioned that AES-128 required for BTLE operation.By default BTLE is secure communication, or we need to enable this by manually.

    The Bluetooth link will be encrypted if you use pairing/bonding. This is per the BLE specification. Most of the SDK examples use pairing (encrypted link), which is handled by the peer manager SDK library.

    Srinivas V said:
    2. But we are using the SoftDevice, along with these RNG and other Soft crypto engines(AES-ECB,ECB),Oberon.Is there any timing impact on these operations.

    Can you elaborate? Generally, crypto operations are CPU intensive so it will take some CPU time. Note that you canuse the RNG peripheral in a way that is shared with the SoftDevice without a problem.

    Srinivas V said:
    3. "ECB and RNG are restricted", but how to avoid timing issues when we are using the RNG and SD operations at a time.

    You have to use the SoftDevice API's, or support libraries. Unless you have a strong reason for using ECB I suggest you do everything via the nrf_crypto library (examples here). This will handle the complexities of using the RNG for you, but it does not provide a way to use the ECB peripheral. That would be done in SW, which may be most sensible in any case on the nRF52832. Note that you have proper generic HW acceleration for AES on the nRF52840 using the CryptoCell peripheral.

    Srinivas V said:
    4. Is there any alternate way to avoid these blocking conditions like EasyDMA or any other techniques we need to implement on top of these Soft Libraries.

    For SW libraries, DMA is not an option. And regarding not conflicting with the SoftDevice, this is regardless of DMA (which is used), as the problem is that the SoftDevice must be allowed to use the peripheral when it needs it. So you cannot use it for anything else at that time.

Children
No Data
Related