This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

AES encryption experience

Hi,

I would like to ask if someone has experience using the AES. I n eed to be absolutely sure that the user SW can use the AES HW block for own custom usage. If yes, Are there any limitations (ie shared resource with the radio etc)?

Thanks, Uri

  • Hi Uri,

    Yes, AES ECB encryption processor on nRF51x22 works as advertised. You can see the API reference here: developer.nordicsemi.com/.../a00756.html. First obvious limitation is that only this one mode is supported (so no decryption for instance). Second is priority management: Soft Device has always priority so in case that some extensive radio action or even worse encryption for standard BLE layers are needed your API call will wait for return. I have no performance data and I guess you will need to evaluate this yourself...

    Cheers Jan

  • Not sure why you're saying that decryption is not supported, it is. A bigger drawback is, though, is that AES block can't be used when SoftDevice is enabled (which makes it useless for just about every use case).

  • Hi andrey,

    I'm saying it simply because I believe it's true and there are several questions and answers on this forum which confirmed that. However if there is AES decryption HW block then hurray, please share some sample code with test vector or similar thing to benefit from your observation. I'd also be wondering why decryption block wouldn't be usable by the app when AES encryption is available even when Soft Device is used and enabled. I suppose AES functions are only used during actual connection event for AES CRT encryption operation on the flight when anyway app is not running and CPU is occupied by Soft Device only, however it's true that I've never used BLE security layer (mostly because it's really weak until asymmetric variants of SSP from BT SIG 4.2 gets implemented) so there might be limitations when you use that part of the stack.

    Cheers Jan

  • I haven't tried the decryption, but there's no way it isn't supported since ECB encryption/decryption operations are synonymous, the difference is the data on the input of the algorithm.

    Regarding the simultaneous use of SoftDevice and ECB, I'm basing this on this answer as well as the fact that nrf_ecb_init() causes HardFault when called after ble_stack_init().

    I could be wrong on both points, though.

  • Well cannot judge the referred post but it woks well in my application. You shouldn't need anything else then calling sd_ecb_block_encrypt(...) function (forget any nrf_ecb_... functions, these are really blocked by Soft Device when it is enabled) at it never hardfaults in our tests or production. Regarding AES encryption and decryption there is probably slight misunderstanding how these crypto primitives work. Please go through following two threads and comment when you feel they are misleading or incorrect: nrf_ecb_crypt and how to decrypt AES-ECB-Nopadding data?.

    Cheers Jan

Related