Hi,
I am trying to determine if PSA supports AES-256 encryption and decryption. From the documentation, it appears that it does. However, the aes-cbc example in the nRF Connect SDK 1.7.1 ran correctly with a 128-bit key. Then I changed the key size to 256-bit and nothing else, it failed in the call to psa_cipher_encrypt_setup() with an error code of -134, which I thinks means PSA_ERROR_NOT_SUPPORTED. What else do I need to modify or add to be able to use 256-bit keys in AES-CBC? Thanks in advance.
int generate_key(void)
{
psa_status_t status;
LOG_INF("Generating random AES key...");
/* Configure the key attributes */
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_CBC_NO_PADDING);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&key_attributes, 256);
/* Generate a random key. The key is not exposed to the application,
* we can use it to encrypt/decrypt using the key handle
*/
status = psa_generate_key(&key_attributes, &key_handle);
if (status != PSA_SUCCESS) {
LOG_INF("psa_generate_key failed! (Error: %d)", status);
return APP_ERROR;
}
/* After the key handle is acquired the attributes are not needed */
psa_reset_key_attributes(&key_attributes);
LOG_INF("AES key generated successfully!");
return APP_SUCCESS;
}
int encrypt_cbc_aes(void)
{
uint32_t olen;
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
LOG_INF("Encrypting using AES CBC MODE...");
/* Setup the encryption operation */
status = psa_cipher_encrypt_setup(&operation, key_handle, PSA_ALG_CBC_NO_PADDING);
if (status != PSA_SUCCESS) {
LOG_INF("psa_cipher_encrypt_setup failed! (Error: %d)", status);
return APP_ERROR;
}
...
}