0

nRF52840 AES encrypt / decrypt
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

nRF52840 AES encrypt / decrypt

by packetloss69 on Wed Jun 26, 2019 11:20 am

Hi Adafruit forum users.
Can anyone point me in a direction to get started with encrypt / decrypt AES 128 CCM, ECB on nRF52840.
Does not seem like CRYPTOCELL has been deployed in the Adafruit BSP (0.11.0)
Further, Headers etc in nRF SDK (examples\crypto\nrf_cc310\example_name\pca10056\blank\armgcc.) seems to be missing from Adafruit BSP

Have had limited success trying to get https://github.com/NordicPlayground/nrf ... cm-example comipled with 0.11.0
Basic ECB CCM support does seem to be noted in nrf52.h

Any ideas?

packetloss69
 
Posts: 5
Joined: Fri Jun 07, 2019 1:57 am

Re: nRF52840 AES encrypt / decrypt

by packetloss69 on Wed Jun 26, 2019 12:33 pm

OK. Have made a start.
nrf_ecb.h does exist (my bad)

Code: Select all | TOGGLE FULL SIZE
/*
 *  Reference:
 *  https://devzone.nordicsemi.com/f/nordic-q-a/29552/nrf_ecb_crypt-transmits-waste-chars
 *  https://github.com/Densaugeo/base64_arduino
*/

#include <nrf_ecb.h>
#include <base64.hpp>

#define SRC ((uint8_t *)"sample 16B text.")
#define AES_KEY ((uint8_t *)"abcdefgh12345678")

#define SERIAL1_TX_PIN ( NRF_GPIO_PIN_MAP(0, 6) )   /* P0.6 D9 Serial1 TX */
#define SERIAL1_RX_PIN ( NRF_GPIO_PIN_MAP(0, 8) )   /* P0.8 D10 Serial1 RX */

uint8_t crypt[64];
unsigned char base64_encoded[64];


void setup() {
  // put your setup code here, to run once:
  Serial1.setPins(SERIAL1_RX_PIN, SERIAL1_TX_PIN);
  Serial1.begin(115200);
  Serial1.setTimeout(128);
  Serial.begin(115200);
 
if ( nrf_ecb_init() )
  {
  Serial1.println("AES-ECB init OK"); 
  } else
  {
    Serial1.println("AES-ECB init NOT OK");
  }

// Set the encrytion key
nrf_ecb_set_key(AES_KEY);

if ( nrf_ecb_crypt(crypt, SRC) )
  {
  Serial1.println("Encytion OK.");
  } else
  {
    Serial1.println("Encytion FAIL.");
  }

Serial1.print("Size of aes-encrypted: ");
Serial1.println( sizeof(crypt) );

unsigned int base64_length = encode_base64(crypt, 16, base64_encoded);
Serial1.print("base64_length: ");
Serial1.println(base64_length);

// Raw AES encrypted output. Should be show garbage in terminal
Serial1.println( (char*) crypt );
Serial1.println( (char*) base64_encoded );     // Need to verify: 2p3L1fkQYKk2VTK6zkdtaQ==
}

void loop() {
  // put your main code here, to run repeatedly:
}

Apparently need to be making use of sd_ecb_block_encrypt() if making use of softdevice:
If you are using a Softdevice the ECB is a restricted resource, and hence should use a sd_ecb_xx


Any help would be appreciated.

packetloss69
 
Posts: 5
Joined: Fri Jun 07, 2019 1:57 am

Re: nRF52840 AES encrypt / decrypt

by hathach on Sun Jun 30, 2019 10:15 pm

yeah, that is the API. We haven't used it for anything yet, but it is supported by Softdevice as you figured out. You should look up Nordic's information or check on Nordice devzone for how to use it. And please let us and other know how it is used :)

hathach
 
Posts: 1020
Joined: Tue Apr 23, 2013 1:02 am

Re: nRF52840 AES encrypt / decrypt

by packetloss69 on Tue Jul 02, 2019 9:50 am

HI. Decided to go with mbedtls software solution as aes-128-ecb was not deemed secure enough.
Did however manage to get hardware accelerated aes-128-ecb going with soft device.
Hope this saves someone some time.

Please find:
Code: Select all | TOGGLE FULL SIZE
/*
 *  Reference:
 *  https://devzone.nordicsemi.com/f/nordic-q-a/29552/nrf_ecb_crypt-transmits-waste-chars
 *  https://github.com/Densaugeo/base64_arduino
 *  https://github.com/Yveaux/Arduino_HexDump
 * 
*/

#include <bluefruit.h>
#include <nrf_soc.h>
#include <base64.hpp>
#include "HexDump.h"

#define SERIAL1_TX_PIN ( NRF_GPIO_PIN_MAP(0, 6) )   /* P0.6 D9 Serial1 TX */
#define SERIAL1_RX_PIN ( NRF_GPIO_PIN_MAP(0, 8) )   /* P0.8 D10 Serial1 RX */

static const uint8_t AES_KEY[16] = { 'd', 'p', 'p', 'j', 'o', 'z', 'x', 'h', 'c', 'f', 'x', 'z', 'v', 'z', 'k', 'p' };
uint8_t plain_data[16] = "abcdefgh1234567";
uint8_t cipher_text[16];
unsigned char base64_encoded[64];

void setup() {
  Serial1.setPins(SERIAL1_RX_PIN, SERIAL1_TX_PIN);
  Serial1.begin(115200);
  Serial1.setTimeout(128);

  Bluefruit.begin();  // The nRF soft device has to be started in order to use sd_ecb_block_encrypt
  Serial1.print("AES_KEY dump: ");
  HexDump(Serial1, (char *) AES_KEY, sizeof(AES_KEY));
  aes_ecb_encryption((uint8_t * ) plain_data, (uint8_t * ) cipher_text );
}

void aes_ecb_encryption(uint8_t * p_cleartext, uint8_t * p_cipehertext){
  nrf_ecb_hal_data_t m_ecb_data;
 
  uint32_t err_code;
  // Clear m_ecb_data
  memset(&m_ecb_data, 0, sizeof(m_ecb_data));
  // Set AES-128-ECB Key
  memcpy( m_ecb_data.key, AES_KEY, SOC_ECB_KEY_LENGTH);  // SOC_ECB_KEY_LENGTH is 16 as defined in nrf_soc.h
  Serial1.print("ecb_key: ");
  Serial1.println( (char * ) m_ecb_data.key);
  // Set Plain text to be encrypted 
  memcpy( m_ecb_data.cleartext, p_cleartext, SOC_ECB_CLEARTEXT_LENGTH); //SOC_ECB_CLEARTEXT_LENGTH is 16 as defined in nrf_soc.h
  Serial1.print("cleartext: ");
  Serial1.write( (char * ) m_ecb_data.cleartext, SOC_ECB_CLEARTEXT_LENGTH);

  // Perform block encryption
  err_code = sd_ecb_block_encrypt(&m_ecb_data);
  Serial1.print("Error code: ");
  Serial1.println( err_code );

  memcpy(p_cipehertext, m_ecb_data.ciphertext, SOC_ECB_CIPHERTEXT_LENGTH);
  Serial1.print("AES encoded dump: ");
  HexDump(Serial1, (char *) m_ecb_data.ciphertext, sizeof(m_ecb_data.ciphertext));
 
  // perform base64 encoding
  unsigned int base64_length = encode_base64(m_ecb_data.ciphertext, sizeof(m_ecb_data.ciphertext), base64_encoded);
  Serial1.print("base64_length: ");
  Serial1.println(base64_length);
  Serial1.println( (char*) base64_encoded );
}


Produces AES-128-EBC:
Code: Select all | TOGGLE FULL SIZE
AES encoded dump:
00000000: 50 DE 9E 5A DE E9 E4 5A AA 84 60 54 CA F9 F8 C7  PÞžZÞéäZª„`TÊùøÇ (93)

base64 Output:
UN6eWt7p5FqqhGBUyvn4xw==


Test results with openssl:
Code: Select all | TOGGLE FULL SIZE
echo -ne "abcdefgh1234567\0" | openssl enc -aes-128-ecb -K 6470706A6F7A78686366787A767A6B70 -p -nosalt  -out rawecb.txt -nopad

hexdump -C rawecb.txt
 00000000  50 de 9e 5a de e9 e4 5a  aa 84 60 54 ca f9 f8 c7  |P..Z...Z..`T....|
 00000010

packetloss69
 
Posts: 5
Joined: Fri Jun 07, 2019 1:57 am

Re: nRF52840 AES encrypt / decrypt

by hathach on Wed Jul 03, 2019 2:59 am

superb, thank for the update. I am sure others will find this useful

hathach
 
Posts: 1020
Joined: Tue Apr 23, 2013 1:02 am

Please be positive and constructive with your questions and comments.