Defines | Enumerations | Functions

AES encryption (hal_aes)
[nRF24LE1 HAL]

The nRF24LE1 contains a co-processor for computing an 8 by 8 Galois Field Multiplication with an 8 bits output. This is the polynomial used by AES (Advanced Encryption Standard).

The nRF24LU1 contains a full hardware implementation of the AES algorithm, supporting both encryption and decryption for the modes ECB, CTR, OFB, CFB and CBC.

The AES HAL contains a common interface using the dedicated hardware implementation for the nRF24LU1 and a firmware implementation utilizing the Galois Multiplication co-processor for the nRF24LE1.

Note that for the nRF24LE1 implementation only ECB mode encryption is supported.

Defines

#define _AES_ENABLE_GET_DEC_KEY_

Enumerations

enum  aes_modes_t {
  CBC, CFB, OFB, CTR,
  ECB, CBC, CFB, OFB,
  CTR, ECB
}

Functions

void hal_aes_setup (_Bool decrypt_enable, aes_modes_t mode, const uint8_t *keyin, const uint8_t *ivin)
void hal_aes_crypt (uint8_t *dest_buf, const uint8_t *src_buf)
void hal_aes_get_dec_key (uint8_t *dest_dec_key, const uint8_t *src_enc_key)

Define Documentation

#define _AES_ENABLE_GET_DEC_KEY_

Must be defined in order to enable the function aes_get_dec_key()

Definition at line 43 of file hal_aes.h.

Enumeration Type Documentation

enum aes_modes_t
Enumerator:
CBC 
CFB 
OFB 
CTR 
ECB 
CBC 
CFB 
OFB 
CTR 
ECB 

Definition at line 46 of file hal_aes.h.

{
  CBC,
  CFB,
  OFB,
  CTR,
  ECB,
} aes_modes_t;

Function Documentation

void hal_aes_setup ( _Bool  decrypt_enable,
aes_modes_t  mode,
const uint8_t *  keyin,
const uint8_t *  ivin 
)
Remarks:
This interface is common to nRF24LU1 and nRF24LE1. For nRF24LE1 only ECB mode and encryption have been implemented. Other modes (described below) apply only to the nRF24LU1 implementation. This is because nRF24LU1 comes with built-in HW support for AES encryption in various modes. nRF24LE1 has only limited support for AES where most of the implementation is done in SW.

It configures the AES module prior to encrypting/decrypting with aes_crypt(). The parameters reside in memory, thus the function does not need to be run every time aes_crypt() is used.

Parameters:
decrypt_enableselects encrypt or decrypt operation. Possible arguments are:

  • true selects decrypt operation
  • false selects encrypt operation
modeselects AES mode of operation. Possible arguments are:

  • ECB
  • CTR
  • OFB
  • CFB
  • CBC
keyinis a pointer to a 16-byte array containing the key to be used for the cryptographic operation. Passing a zero pointer will leave the previous written key unaltered.
ivinis a pointer to a 16-byte array containing the initialization vector needed for CTR, OFB, CFB and CBC mode of operation. Passing a zero pointer will leave the previous, written initialization vector unaltered.
Remarks:

Which key is to be used for the cryptographic operation depends on the selected mode(ECB/CTR/OFB/CFB/CBC) and the direction of operation (encrypt/decrypt). For modes ECB and CBC the decrypt operation is different from the encrypt operation, while for the remaining modes the operation is identical for the two directions. As a result, when using ECB or CBC mode the key needed for decrypting a block of data is different from the key that was used for encrypting the block. However, for CTR, OFB and CFB the selected direction of operation does not care and the same key is used for both encryption and decryption.

The function aes_get_dec_key() can be used to aquire the decryption key from the encryption key when using ECB and CFB mode.

The initializtion vector is only loaded internally to the AES engine after one of the following occurrences:

  1. A new initializtion vector is passed
  2. Mode of operation is changed
  3. In CBC mode when direction of operation is changed

Definition at line 64 of file hal_aes.c.

{
    aes_set_key(keyin);

  //lint -save -e438
    // Not used in LE1, included to prevent compile-warnings------ |
    decrypt = decrypt;                                          // |
    mode = mode;                                                // |
    ivin = ivin;                                                // |
    //-------------------------------------------------------------|
  //lint -restore
}
void hal_aes_crypt ( uint8_t *  dest_buf,
const uint8_t *  src_buf 
)

Encrypts or decrypts a 128 bit (16 byte) block. The cryptographic operation is configured by using aes_setup().

Parameters:
dest_bufis a pointer to the 16-byte destination array.
src_bufis a pointer to the 16-byte source array.
Remarks:
See also:
hal_aes_setup();

Definition at line 81 of file hal_aes.c.

{
#ifdef __C51__
  uint8_t data aes_state[16];      //AES State
#endif

  uint8_t a;
    for(a=0;a<16;a++)
    {
        aes_state[a] = src_buf[a];
    }

  //Start
  CCPDATIB = 0x02;  //Set co-prosessor the GF(2^8)*2 (used in mix-colums)
  for (a=0;a<9;a++)
  {
    add_sub_shift(aes_state);
    mix_columns_hw(aes_state);
    key_upgrade(a);
  }

  //FINAL   round
  add_sub_shift(aes_state);
  key_upgrade(9);
  add_key(aes_state);

  //Clean up
    for(a=0;a<16;a++)
    {
        aes_round_key[a]=cipher_key[a]; //Write back cipher-key
        dest_buf[a] = aes_state[a];     //Write out encrypted result
    }
}
void hal_aes_get_dec_key ( uint8_t *  dest_dec_key,
const uint8_t *  src_enc_key 
)

Calculates decryption key from encryption key. For ECB and CBC mode of operation, different keys are used for encryption and decryption. This function calculates the required decryption key for these modes, based on the encryption key.

Parameters:
dest_dec_keyis a pointer to the 16-byte destination array where the calculated encryption key is to be placed.
src_enc_keyis a pointer to the 16-byte source array containing the encryption key from which the decryption key is to be calculated.
Remarks:
Before using this function _AES_ENABLE_GET_DEC_KEY_ must be defined.
See also:
hal_aes_setup(), _AES_ENABLE_GET_DEC_KEY_
Generated on Fri Apr 20 2012 14:11:46 for nRFGo SDK by  doxygen 1.7.2