How to enable AES-128 Encryption engine in nrf52832 soc

RE: How to enable AES-128 Encryption engine in nrf52832 soc

Einar Thorsrud — Mon, 03 Aug 2020 14:54:25 GMT

Hi Srinivas,

[quote user="Srinivas V"]1. In reply, mentioned that AES-128 required for BTLE operation.By default BTLE is secure communication, or we need to enable this by manually.[/quote]

The Bluetooth link will be encrypted if you use pairing/bonding. This is per the BLE specification. Most of the SDK examples use pairing (encrypted link), which is handled by the peer manager SDK library.

[quote user="Srinivas V"]2. But we are using the SoftDevice, along with these RNG and other Soft crypto engines(AES-ECB,ECB),Oberon.Is there any timing impact on these operations.[/quote]

Can you elaborate? Generally, crypto operations are CPU intensive so it will take some CPU time. Note that you canuse the RNG peripheral in a way that is shared with the SoftDevice without a problem.

[quote user="Srinivas V"]3. "ECB and RNG are restricted", but how to avoid timing issues when we are using the RNG and SD operations at a time.[/quote]

You have to use the SoftDevice API's, or support libraries. Unless you have a strong reason for using ECB I suggest you do everything via the nrf_crypto library (examples here). This will handle the complexities of using the RNG for you, but it does not provide a way to use the ECB peripheral. That would be done in SW, which may be most sensible in any case on the nRF52832. Note that you have proper generic HW acceleration for AES on the nRF52840 using the CryptoCell peripheral.

[quote user="Srinivas V"]4. Is there any alternate way to avoid these blocking conditions like EasyDMA or any other techniques we need to implement on top of these Soft Libraries.[/quote]

For SW libraries, DMA is not an option. And regarding not conflicting with the SoftDevice, this is regardless of DMA (which is used), as the problem is that the SoftDevice must be allowed to use the peripheral when it needs it. So you cannot use it for anything else at that time.

RE: How to enable AES-128 Encryption engine in nrf52832 soc

Srinivas V — Sun, 02 Aug 2020 15:38:24 GMT

Hi Turbo,

Thanks for your reply.

1. In reply, mentioned that AES-128 required for BTLE operation.By default BTLE is secure communication, or we need to enable this by manually.

2. But we are using the SoftDevice, along with these RNG and other Soft crypto engines(AES-ECB,ECB),Oberon.Is there any timing impact on these operations.

3. "ECB and RNG are restricted", but how to avoid timing issues when we are using the RNG and SD operations at a time.

4. Is there any alternate way to avoid these blocking conditions like EasyDMA or any other techniques we need to implement on top of these Soft Libraries.

Regards,

Srinivas.V

RE: How to enable AES-128 Encryption engine in nrf52832 soc

Turbo J — Sun, 02 Aug 2020 10:55:40 GMT

[quote userid="87768" url="~/f/nordic-q-a/64430/how-to-enable-aes-128-encryption-engine-in-nrf52832-soc"] In data sheet mentioned that it supports AES-128 bit Hardware engines (ECB,CCM, AAR)[/quote]

The AES-128 support on the NRF52832 is the bare minimum required for BTLE operation. Not really usable for other purposes, with AES-128-CBC as an exception (but you still need to do the XORing in software).

Note that CCM and AAR are blocked when using softdevice, ECB and RNG are restricted.