- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- Product Forums
- :
- ColdFire/68K Microcontrollers and Processors
- :
- Re: AES encryption/decryption
AES encryption/decryption
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm working with the MCF52259 processor which includes the CAU (Cryptographic Acceleration Unit).
I wish to implement a simple AES256 decryption. In reading the NXP document (AN4307) "Using the CAU and mmCAU in ColdFire, ColdFire+, and Kinetis", section 2.3 specifically states that the crypto algorithms are executed in Cipher-block chaining (CBC) modes.
NXP document (AN4234) "Using the Cryptographic Service Engine (CSE)", section 1.2 discusses the Electronic Codebook (ECB) and the Cipher-block chaining (CBC). This document does not indicate which mode is used in the CAU, nor does it indicate if there is any ability to specify the mode.
When I read the NXP document "Colfire/ColdFire+ CAU and Kinetis mmCAU Software Library" user guide, revision 2.3, there are only 3 library commands associated with the AES encryption/decryption methodology; cau_aes_set_key, cau_aes_encrypt, and cau_aes_decrypt. If the AES methodolgy implemented in the CAU does indeed use the CBC mode, then there must be some manner in which I can provide the "initialization value" (commonly listed in AES documentation as IV), in addition to the key. I guess the other possibility is that the CBC mode is not really being used, but rather the ECB mode, which does not require the IV value.
Can anyone shed a little light on this for me?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response, but I have answered my own question when I did a little follow-up investigation into the actual CBC encryption/decryption algorithm. The IV value is only applied to the first block that is being processed in the decryption modality. This value is simply XOR'd with the block after it has been decrypted. Subsequent blocks use the previous encrypted block as the "IV" value. So I just need to manually perform the XOR operation at the correct place to properly decrypt (or encrypt) a block.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response, but I have answered my own question when I did a little follow-up investigation into the actual CBC encryption/decryption algorithm. The IV value is only applied to the first block that is being processed in the decryption modality. This value is simply XOR'd with the block after it has been decrypted. Subsequent blocks use the previous encrypted block as the "IV" value. So I just need to manually perform the XOR operation at the correct place to properly decrypt (or encrypt) a block.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm used to the SKHA in the MCF5235. I didn't know about the CAU until you asked your question.
The SKHA implements the complete operation. Set it up, shove data through it (but you have to byte-reverse all data in and out!) and it gives a result. It is a piece of special purpose hardware and it does exactly what we need, and does it (fairly) quickly and simply. It is easy to interface to.
The CAU is a "coprocessor". It is a CPU with specialised instructions as well as load, store, add, shift, XOR etc. As such, it can be claimed to support anything that can be written for it. You could claim it supports MP4s if you could write a decoder for it in its instruction set. You need to talk to it with specialised assembly code.
All the "work" is done in the software libraries that have to drive it. So if you can't find the functions you require in the library, then it needs to be added to the library, or you have to write the code to perform that function, or buy it from somewhere.
Google found these:
https://www.wolfssl.com/wolfSSL/wolfssl-freescale.html
https://realtimelogic.com/products/sharkssl/Coldfire-80Mhz/
Here's a previous thread about looking for the AN4307 Software:
https://community.nxp.com/thread/305849
I note the Software Library User Note says:
"3DES crypto algorithms are supported by calling the corresponding DES crypto function three times.".
The Hardware may support the modes you need, but it looks like that library doesn't.
I think you're going to have to read the library sources to work out what it supports, and then add your own functions if you need to make it support anything else. Or buy one.
Tom
