Kinetis KW2X AES128 CBC and CTR (CCM)

davidguinn · ‎10-16-2015

I'm using a Kinetis KW21D512 MCU and am porting / implementing our original code from the MC1322X (MC13224). In the original code, we are using AES 128 CCM to encrypt our data with both a key and a CTR Key.

For the MC1322X code, we use the original Freescale Security Management, which has 2 functions we use:

FuncReturn_t CipherConfigure(cipher_mode_t CipherMode, cipher_key_t *pCipherKey, ctr_value_t *pCtrValue)

FuncReturn_t CipherMsgU8(uint8_t *pu8CipherBuffer, uint8_t u8BufferLength)

But Freescale's Cau API only has a few functions for encrypting data:

cau_aes_set_key

cau_aes_encrypt

So that didn't seem like it had the support we needed. Looking at the KW2xD_SMAC example, the SecLib.h appears to have more AES128 support(which uses the 2 functions above):

AES_128_CBC_Encrypt

AES_128_CTR

Using these two function, I was able to match the same encryption as the MC1322X code.

So is there a way to tell if it is using the MCU hardware to do the encryption or if it is doing it all in software?

I set the FSL_FEATURE_SOC_CAU_COUNT macro, is that enough to set it up to use the hardware?

Thank you.

georgecapraru · ‎10-30-2015

Hi,

The cryptographic module from MC1322X had full AES CCM acceleration.

The FSL_FEATURE_SOC_CAU_COUNT macro is defined in the MCU_features.h header file (ex: MKW24D5_features.h). If it is set to 1, then the MCU has CAU support. You should not modify the value of these defines!

The MKW24D5 has MMCAU which supports the following algorithms: DES, 3DES, AES, MD5, SHA-1, and SHA-256.

The SecLib.h also contains API for AES CCM which in case of MKW24D5 uses part HW part SW. The actual AES encryption is done by the MMCAU module.

Regards,

George

View solution in original post

georgecapraru · ‎10-30-2015

Hi,