FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AES Key management in STM32H7

Go to solution
Gpeti
Senior II

‎2022-04-20 03:36 AM

Following this question, I am also confused about how to fill the key in the CRYP peripheral. I don't find the Ref Manual very clear

The register description mentions the key as an array K and an array b where MSB of K are in lowest address register.

But it seems to be different in the key registers section of the doc.

Basically an AES key would be an array of bytes, and I can't figure out how I fill these bytes in the key registers...

0693W00000LySTUQA3.png 

0693W00000LySQGQA3.png

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2022-04-20 11:58 AM

Hello @Gpeti​ ,

I would guess this is same issue as for IV.

The STM32H7 Cube provides an mbedTLS wrapping to the CRYP peripheral in

STM32Cube_FW_H7_V1.10.0\Projects\STM32H743I-EVAL\Applications\mbedTLS\Crypto_Selftest

You can see in aes_alt.c how the mbedTLS input key is transformed into Cryp compatible key using:

  /* Format and fill AES key */

  for( i=0; i < (keybits/32); i++)

    GET_UINT32_BE( ctx->aes_key[i], key,4*i );

Where GET_UINT32_BE is implemented as:

#define GET_UINT32_BE(n,b,i)              \

{                            \

  (n) = ( (uint32_t) (b)[(i)  ] << 24 )       \

    | ( (uint32_t) (b)[(i) + 1] << 16 )       \

    | ( (uint32_t) (b)[(i) + 2] << 8 )       \

    | ( (uint32_t) (b)[(i) + 3]    );      \

}

This should help you finding the good implementation

Best regards

Jocelyn

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
Jocelyn RICARD
ST Employee

‎2022-04-20 11:58 AM

Hello @Gpeti​ ,

I would guess this is same issue as for IV.

The STM32H7 Cube provides an mbedTLS wrapping to the CRYP peripheral in

STM32Cube_FW_H7_V1.10.0\Projects\STM32H743I-EVAL\Applications\mbedTLS\Crypto_Selftest

You can see in aes_alt.c how the mbedTLS input key is transformed into Cryp compatible key using:

  /* Format and fill AES key */

  for( i=0; i < (keybits/32); i++)

    GET_UINT32_BE( ctx->aes_key[i], key,4*i );

Where GET_UINT32_BE is implemented as:

#define GET_UINT32_BE(n,b,i)              \

{                            \

  (n) = ( (uint32_t) (b)[(i)  ] << 24 )       \

    | ( (uint32_t) (b)[(i) + 1] << 16 )       \

    | ( (uint32_t) (b)[(i) + 2] << 8 )       \

    | ( (uint32_t) (b)[(i) + 3]    );      \

}

This should help you finding the good implementation

Best regards

Jocelyn

0 Kudos
Go to solution
Gpeti
Senior II
In response to Jocelyn RICARD

‎2022-04-20 11:08 PM

Perfect ! I had a look to the AES example project but not in mbedTLS.

thank you

0 Kudos
Go to solution
Gpeti
Senior II

‎2022-04-22 07:23 AM

Hello, I had a closer look to the GitHub example code, and it's still confusing. the example you copied tends to indicate that the Key and IV registers are big-endian (GET_UINT32_B converts an array of 4 bytes into a big-endian represented 32 bits value). However the ref manual says:

The swapping operation concerns only the CRYP_DOUT and CRYP_DIN registers. The

CRYP_KxL/KxR and CRYP_IVxL/IVxR registers are not sensitive to the swap mode

selected.They have a fixed little-endian configuration

0 Kudos
Top