K82: mbedtls mbedtls_gcm_crypt_and_tag/mbedtls_gcm_auth_decrypt

EugeneHiihtaja · ‎08-12-2019

Hello !

NXP implement own pair of APIs mbedtls_gcm_crypt_and_tag/mbedtls_gcm_auth_decrypt what is LTC accelerated.

But it is not so clear if context of decrypt operation supports decryption by using smaller blocks.

For example mbedtls_gcm_crypt_and_tag() is used and taged for 4KB block of data at one.

And after that can I decrypt it by using 1KB chunks, e.g call mbedtls_gcm_auth_decrypt() 4 times and pass some context from stage to stage ?

Looks like already second 1KB block give invalid data . Does those API is even disagned for incremental operation

or they always expect complete data for input and output ?

// decrypt by using 2 chunks
mbedtls_gcm_init(&gcm);
keysize = 256;
memset(buf, 0, sizeof(buf)); // output buffer
memset(key, 0x55, sizeof(key));
memset(iv, 0xAA, sizeof(iv));
mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, key, keysize);

int res = mbedtls_gcm_auth_decrypt(&gcm, /*MBEDTLS_GCM_DECRYPT,*/
BUFSIZE/4,
iv, // iv
12, // iv len
NULL, 0, // add
//tag, 16, // tag
NULL, 16, // ignore tag
buf_out, // in
buf); // out

PRINTF("1 decrypt %d bytes, res - %d\r\n", BUFSIZE/4, res);

Data OK !

res = mbedtls_gcm_auth_decrypt(&gcm,
BUFSIZE/4,
iv, // iv
12, // iv len
NULL, 0, // add
//tag, 16, // tag
NULL, 16, // ignore tag
buf_out + 256, // in
buf + 256); // out

PRINTF("2 decrypt %d bytes, res - %d\r\n", BUFSIZE/4, res);

Data broken

Regards,

Eugene

estephania_mart · ‎08-12-2019

Hello,

As those API's are the ones of the mbed examples, the best resource for understanding the functionality of those would be the official documentation that you can find in this link.

Hope this helps.

Regards,
Estephania

EugeneHiihtaja · ‎08-13-2019

Hello !

Looks like case is known : Block wise encryption using AES 128 GCM mbedtls library - Discussion Forum - Mbed TLS (Previously Po...

But if block wise encryption in use, API chain 1) mbedtls_gcm_starts 2) mbedtls_gcm_update 3) mbedtls_gcm_finish must be used.

And those APIs are not HW accelerated and actual performance is 10x less if mbedtls_gcm_crypt_and_tag/mbedtls_gcm_auth_decrypt are in use.

So it is possible but no HW acceleration in that mbedtls version for Kinetis MCU.

Can it be like this ?

Regards.

Eugene

estephania_mart · ‎08-14-2019

Hello,

I'm not fully sure I understand you query, but yes, the software implementation of the different algorithms might be slower than using the hardware accelerator modules which it's one of the capabilities of this MCU.

EugeneHiihtaja · ‎08-16-2019

Hello !

I mean not all API are ported to support LTC HW accelerator when AES-GSM is used.

mbedtls_gcm_crypt_and_tag/mbedtls_gcm_auth_decrypt - HW accelerated

mbedtls_gcm_starts, mbedtls_gcm_update, mbedtls_gcm_finish - SW implementation

It means not all practical cases for AES GSM usage can be covered by fast HW accelerated APIs.

Regards,

Eugene

estephania_mart · ‎08-16-2019

Hello,

But there is no question about it, is there?

Regards,

Estephania

EugeneHiihtaja · ‎08-20-2019

Hello !

Performance hit exists becouse mbedtls_gcm_starts, mbedtls_gcm_update, mbedtls_gcm_finish APIs dosn't support HW accelerator.

And I can't use mbedtls_gcm_crypt_and_tag/mbedtls_gcm_auth_decrypt becouse they dosn't support incremental decrypt process.

Regards,

Eugene.

estephania_mart · ‎08-20-2019

Hello,

I'm not sure about your question , still , if there are no examples available it is most likely that you will need to implement it by yourself.

Regards ,

Estephania