Hi,
I want to use the AES of 51822 and I have read the nRF51_Reference_manual,I cann't find any demo about AES in SDK.Do you have the demo code about 51822 AES encryption and decryption ?
BR Alice
Hi,
I want to use the AES of 51822 and I have read the nRF51_Reference_manual,I cann't find any demo about AES in SDK.Do you have the demo code about 51822 AES encryption and decryption ?
BR Alice
Hi Alice,
The AES codebook mode (ECB) library is provided in the SDK. You can have a look at Source\nrf_ecb.c file. Encryption and decryption use the same function: nrf_ecb_crypt().
The appropriate function if you have enabled the softdevice is sd_ecb_block_encrypt().
Note that the AES block in the nRF51822 can do encryption only, so I'd recommend to use counter mode or something similar, since that uses encryption in hardware to do both encryption and decryption of user data. Take a look at Wikipedia's description of the mode here: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29
Hi Ole,
I wonder whether I have understood what you mean.Do u mean that I just only call the sd_ecb_block_encrypt() to do the encryption if I have enabled the softdevice ?
However,if I use the 2.4G Proprietary protocol,for the nrf_ecb_set_key ( const uint8_t * key ) ,how does the key generate?Can it be set by myself?
BR, Alice
Alice, a lot of the Nordic APIs have a sd_ prefix to arbitrate sharing of HW resources between user code and SoftDevice.
With that said: if you're not using the SoftDevice (or it's disabled) call nrf_ecb_crypt() if you're using the SoftDevice and its active, call sd_ecb_block_encrypt()
As Ole Morten states above, you'll likely want to implement CBC mode yourself on top of the HW accelerated ECB functionality. Remember it is considered dangerous to use ECB alone to protect data (read the Wikipedia article)!
To do this you would pick a nonce value (random, and doesn't need to be protected) and counter which gets incremented for each data block and concatenate them for use as the data to encrypt, call encrypt with a key of your choice and then XOR your data block with the output of the encrypt call. You would publicly give the output of the XOR and the nonce to the other party and communicate the key to them via protected means or by it being a pre-shared secret.
The hardware is only suitable for counter mode. CBC encryption would be possible, but decryption is not supported