• State Not Answered
  • Replies 5 replies
  • Subscribers 75 subscribers
  • Views 872 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 295126
Options

Crypto fronted doesn't work with Softdevice in SDK17

Viktor Venczel

Dear Devzone!

I am trying to add AES-128 decryption support for secure DFU with cc310_bl backend. However when I call nrf_crypto_aes_update it never returns. Examining the call stack it is waiting in SaSi_HalWaitInterrupt function forever. Looking at the code I assume the CRYPTOCELL_IRQHandler is never called. The same code works with SDK 15.3.0 though. 

I tried the nrf_crypto/aes/aes_cbc_with_padding example code, it works well, but if I add the same code to the secure_bootloader project I am able to reproduce the issue.

Could be the softdevice does not forward this interrupt to the application? 

  • 0

    Hi,

    The cc310_bl backend is a minimal backend for use in the bootloader. This backend only implements support for the algorithms used by the bootloader (secp224r1/secp256r1 ECC and SHA-256 hash) to keep the flash footprint of the bootloader as small as possible. If you want to use AES through the CC310 Cryptocell you need to replace the cc310_bl backend with the standard cc310 backend in the bootloader. Note that the full CC310 backend will consume significantly more flash, so you might want to consider using AES through one of the SW backends if this will only be used for DFU. SW backends will use more time, resulting in a bit higher current consumption, but this is something you need to consider/decide based on your application requirements.

    Best regards,
    Jørgen

  • 0 in reply to Jørgen Holmefjord

    Thank you for your fast reply!

    Indeed, replacing all the files cc310_bl_* to cc310_* and replacing the  libnrf_cc310_bl_0.9.13.a library to libnrf_cc310_0.9.13.a solved the problem!
    The strange thing is that if the bl version of the library didn't contain the functions for AES-128, I wouldn't  be able to compile the code as linker script could not find the functions. In fact I replaced the SDK to version 15, and the same code works with it even though I use the bl version of the library.

  • 0 in reply to Jørgen Holmefjord

    I'm not sure about the internals in the CC310 runtime libraries, but since there are no configs for enabling AES in cc310_bl backend, Did you enable the config for the standard cc310 backend and included the nrf_crypto source files for AES? I see there are some include files related to AES in the cc310_bl include directory, but the runtime library may not include implementation of other algorithms than the ones used by the bootloader.

  • 0 in reply to Jørgen Holmefjord

    Yes, I included all the necessary C files and enabled cc310 backend in sdk_config.h.

  • 0 in reply to Jørgen Holmefjord

    Hi,

    I know it is an old thread, but I have encountered this exact same issue. On SDK 15.2.0 AES-128 worked just fine when using cc310_bl backend. After migrating to SDK 17.1.0 it freezes on SaSi_HalWaitInterrupt.

    I managed to solve it just by surrounding the aes function calls by cc310_bl_backend_enable/disable.

    What bothers me though is why the libnrf_cc310_bl binary contains the aes code, but does not advertise it in the headers (I had to use "cc310_backend_aes.h")? Using the headers from cc310 backend is a hack that I don't feel comfortable with. But it works and I don't have to link against a much larger library.

    Why are the AES functions not exposed through cc310_bl_backend_aes.c/h even though the library contains them?

Related
Terms of service