AES Encryption library for Kinetis KE02
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
does somebody know if there is a library for Kinetis MCUs that implement the AES encryption? 128bit I need.
I saw the library based on CAU and mmCAU co-processor, but my project uses KE02 so I would like to know if there is a library cau-independent, does it exist? I would also know the same for KL17Z MCU.
Thanks in advance,
Sandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks all,
I tried the Tiny AES C library, but I had trouble and no time to investigate on the problem, thanks also Mark for your links.
Anyway I found the best solution that fit to me, the one made by Texas Instrument.
It is very light and easy to use, works only with 128 bit keys, you can find it here:
http://www.ti.com/tool/aes-128
I suggest this for projects that need little space occupation and fast computation.
Just one note: be careful because the function modify the key itself.
Thanks everyone for help, I hope this can help somebody else :smileyhappy:
Sandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Can you quantify your recommendation? What is the speed and space requirement (in comparison)?
Also, do you know why it doesn't support AES192 and AES256 and whether it can be adapted to do so and keep its qualities?
Regards
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mark,
I'm sorry but I can't be more precisely at the moment, I just tried the functionality and verified that works for the application that I need. Please note that I didnt try the uTasker you suggested me, so I cant do comparison.
I dont know why it supports only 128 bit keys, I think it's simply a choice of the library developers', they decide to do this way. Maybe for have less size of the binaries?
I will do more tests and development next days, if I find other useful stuff I will let you know.
Thanks,
Sandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sandro
If you build your project with and without the AES128 code you can get a good indication of the size in Flash. You specify that the solution requires little space but you don't know whether that is actually true at the moment if you haven't done this. As reference, the mbed TLS can do SW AES128/192/256 with 3.2k of Flash, although it trades off SRAM in this mode [compile option] (where 9k of SRAM is required - it also improves throughput by ~35% due to faster SRAM access too).
Speed is of course more difficult to measure since it is also processor dependent. To compare this it is best to use a single HW platform and run various libraries to get the processing time of an identical encryption and/or decryption. Again you have stated that the implementation has fast computation but this is not actually known - it may be slow in comparison to alternatives (and will certainly be much slower that HW accelerators can do it).
Note that uTasker is not an AES implementation but a cover function allowing various libraries to be used compatibly so that one can chose between implementations where it makes sense (more control) [it may optimise some library code to improve base performance in some cases]. It automatically switches in mmCAU and LTM where possible, which reduces code size and increased throughput by using the HW accelerators available in some chips (and not using SW).
I believe that AES128 is considered adequately secure today but AES256 is preferred by many services (although this may not be fully founded). Generally an AES128 only implementation seems too restricted for general use since one doesn't always have this choice and if AES128 is rejected and AES256 demanded (eg. during a connection handshake) it would cause a failure. Therefore without accurate arguments for specially good performance and speed I would think that the "standard" solutions (I am especially thinking of mbed TLS and OpenSSL libraries) would still represent the best solution.
Regards
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for explanation Mark,
effectively I have no comparison for saying what is the best and fast library among them, I was too superficial, mine was only a suggestion for those whom who need a "simple" library, meaning that it is easy to find, compile and use.
Please sorry me for my mistake, I'm sure that mbed TLS and OpenSSL libraries are better and more complete.
My application is very little and the communication is only between our own products, so 128 bit are enough for us, I agree with you about the fact that having only AES128 could be too restrictive.
The only data that I can give is the Flash occupation: it is about 2.8K, using gcc arm compiler of the KDS IDE, but as we know only with 128bit encoding.
Sorry again for my mistake,
Sandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sandro
OK. Thanks - 2.8k is not a bad value when Flash resources are tight, assuming it doesn't need too much SRAM.
Regards
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
AES-128/192/256 is built into the uTasker KE02 project - see
http://www.utasker.com/kinetis/FRDM-KE02Z.html
http://www.utasker.com/kinetis/FRDM-KE02Z40M.html
AES interface and implementations are described in
http://www.utasker.com/docs/uTasker/uTasker_Cryptography.pdf
whereby OpenSSL, WolfSSL or mbedTLS base libraries can be selected, depending on the user's preference.
The program space cost on the KE02 is
- mbedTLS with tables in ROM 12.3k Bytes
- WolfSSL 14.6k Bytes
- OpenSSL with full loop unrolling (20% faster) 17.6k Bytes
- OpenSSL without full loop unrolling 12.8k Bytes
RAM cost is typically about 256 bytes
This is also built into the uTasker KL17 project:
http://www.utasker.com/kinetis/FRDM-KL27Z.html
http://www.utasker.com/kinetis/Capuccino-KL27.html
whereby projects are compatible on KL17 and KE02, so no porting is required.
If alternative processors are selected with mmCAU or LTC (eg. K82, K70, KL82) these are automatically implemented natively, reducing program size by about 12k and the AES throughput by about 10..12x
Regards
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Javier,
I will take a look and let you know, meanwhile I found also this tiny AES C Library: https://github.com/kokke/tiny-AES128-C
I will check both and let u know if they work.
Thanks again!
Sandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sandro,
Yeah I came accross the tiny-AES128, but did not actually try it. I'm curious about your results with it.
Cheers,
Javier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sandro,
Could ARM mbedtls work? I have worked with it in the past. GitHub - ARMmbed/mbedtls: An open source, portable, easy to use, readable and flexible SSL library