AES encryption experience

Hi Uri,

Yes, AES ECB encryption processor on nRF51x22 works as advertised. You can see the API reference here: developer.nordicsemi.com/.../a00756.html. First obvious limitation is that only this one mode is supported (so no decryption for instance). Second is priority management: Soft Device has always priority so in case that some extensive radio action or even worse encryption for standard BLE layers are needed your API call will wait for return. I have no performance data and I guess you will need to evaluate this yourself...

Cheers Jan

Hi Uri,

Yes, AES ECB encryption processor on nRF51x22 works as advertised. You can see the API reference here: developer.nordicsemi.com/.../a00756.html. First obvious limitation is that only this one mode is supported (so no decryption for instance). Second is priority management: Soft Device has always priority so in case that some extensive radio action or even worse encryption for standard BLE layers are needed your API call will wait for return. I have no performance data and I guess you will need to evaluate this yourself...

Cheers Jan

Not sure why you're saying that decryption is not supported, it is. A bigger drawback is, though, is that AES block can't be used when SoftDevice is enabled (which makes it useless for just about every use case).

Hi andrey,

I'm saying it simply because I believe it's true and there are several questions and answers on this forum which confirmed that. However if there is AES decryption HW block then hurray, please share some sample code with test vector or similar thing to benefit from your observation. I'd also be wondering why decryption block wouldn't be usable by the app when AES encryption is available even when Soft Device is used and enabled. I suppose AES functions are only used during actual connection event for AES CRT encryption operation on the flight when anyway app is not running and CPU is occupied by Soft Device only, however it's true that I've never used BLE security layer (mostly because it's really weak until asymmetric variants of SSP from BT SIG 4.2 gets implemented) so there might be limitations when you use that part of the stack.

Cheers Jan

Well cannot judge the referred post but it woks well in my application. You shouldn't need anything else then calling sd_ecb_block_encrypt(...) function (forget any nrf_ecb_... functions, these are really blocked by Soft Device when it is enabled) at it never hardfaults in our tests or production. Regarding AES encryption and decryption there is probably slight misunderstanding how these crypto primitives work. Please go through following two threads and comment when you feel they are misleading or incorrect: nrf_ecb_crypt and how to decrypt AES-ECB-Nopadding data?.

Cheers Jan