2024-03-18 07:42 AM
I want to use AES peripheral for encryption in ECB mode (256). I am able to encrypt and decrypt on the same MCU, but if I compare the encryption results, the HW peripheral has a different result than the SW library AES.c or encryption in Python - the last two have the same result.
hcryp.Instance = AES;
hcryp.Init.DataType = CRYP_DATATYPE_32B;
hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
hcryp.Init.pKey = (uint32_t *)aAES256key;
hcryp.Init.Algorithm = CRYP_AES_ECB;
hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
if (HAL_CRYP_Init(&hcryp) != HAL_OK)
I use it like that: HAL_CRYP_Encrypt(&hcryp,(uint32_t*) plain_text, 16,(uint32_t*) tmp_encrypt,0xffff);
uint8_t aAES256key[32] =
{
0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
};
uint8_t plain_text[] = {0xff, 0xff, 0xff, 0xff, 0xca, 0x9d, 0xcf, 0x09,
0x5c, 0xba, 0xb7, 0x1d, 0x2e, 0x00, 0xf2, 0x20,
0xff, 0x54, 0x03, 0x02, 0xbd};
I should get cipher starting like 0x6e,0x55,0x3e,0xae,.. instead of it I get 0x28,0x8b,0xd9,0x17,0x31,...
Solved! Go to Solution.
2024-03-19 04:51 AM
I've already solved it; the whole problem was in the correct comparison of the AES key and setting of AES
if you have KEY:
uint8_t aes_key_8bit[] = {
0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
};
you have to convert it to:
uint32_t aes_key2_32bit[] = {
0x4df02c47, 0x64a428d9, 0xe5368338, 0x4c3e69fa,
0x144db9b4, 0xdf4d7743, 0x4cf3f6ff, 0x5d5cde81
};
also AES setting for ECB can be like that:
hcryp.Instance = AES;
hcryp.Init.DataType = CRYP_DATATYPE_8B;
hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
hcryp.Init.pKey = (uint32_t *)aes_key2_32bit;
hcryp.Init.Algorithm = CRYP_AES_ECB;
hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
2024-03-18 08:15 AM
Hello,
You need also to provide the product you're using!
2024-03-18 08:23 AM
...STM32WL55jc1
2024-03-18 08:34 AM - edited 2024-03-19 05:03 AM
Duplicate: https://community.st.com/t5/stm32-mcus-security/aes-ecb-256-peripheral-encrypts-differently/td-p/651469 ?
EDIT: it's now been deleted.
2024-03-18 08:37 AM
In the other thread, the product mentioned is STM32U5. Here STM32WL55 .. confusion!
2024-03-18 10:53 AM
It does tend to be endian related.
I tend to use PC/X86 builds to test and contrast.
I seem to recall some NIST/FIPS type test cases in some of the examples. And definitely have some of my own test cases to validate the build functions properly.
TBH I'd hope the behaviour across STM32 families to be consistent. Some of the library code is crippled / STM32 locked via the CRC peripheral
2024-03-18 11:36 AM
It is really for STM32WL.. When I use tinyAES on STM32 it calculates also the same as on windows (python). Only the HW peri calculates it differently. https://github.com/kokke/tiny-AES-c/blob/master/aes.c
Any idea what else to try?
2024-03-19 12:54 AM
The issue may be in sending an array of uint8_t values for encryption, instead of an array of uint32_t values, because NO_SWAPPING is intended only for uint32_t types? But I wan to encrypt only 16 Bytes.. Any Idea please?
#define CRYP_DATATYPE_32B 0x00000000U /*!< 32-bit data type (no swapping) */
#define CRYP_DATATYPE_16B AES_CR_DATATYPE_0 /*!< 16-bit data type (half-word swapping) */
#define CRYP_DATATYPE_8B AES_CR_DATATYPE_1 /*!< 8-bit data type (byte swapping) */
#define CRYP_DATATYPE_1B AES_CR_DATATYPE /*!< 1-bit data type (bit swapping) */
hcryp.Instance = AES;
hcryp.Init.DataType = CRYP_DATATYPE_8B;
hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
hcryp.Init.pKey = (uint32_t *)aAES256key;
hcryp.Init.Algorithm = CRYP_AES_ECB;
hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
2024-03-19 04:51 AM
I've already solved it; the whole problem was in the correct comparison of the AES key and setting of AES
if you have KEY:
uint8_t aes_key_8bit[] = {
0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
};
you have to convert it to:
uint32_t aes_key2_32bit[] = {
0x4df02c47, 0x64a428d9, 0xe5368338, 0x4c3e69fa,
0x144db9b4, 0xdf4d7743, 0x4cf3f6ff, 0x5d5cde81
};
also AES setting for ECB can be like that:
hcryp.Instance = AES;
hcryp.Init.DataType = CRYP_DATATYPE_8B;
hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
hcryp.Init.pKey = (uint32_t *)aes_key2_32bit;
hcryp.Init.Algorithm = CRYP_AES_ECB;
hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;