Senior II

Solved

AES peripheral works differently

Forum|Forum|2 years ago
March 18, 2024
5 replies
2345 views

I want to use AES peripheral for encryption in ECB mode (256). I am able to encrypt and decrypt on the same MCU, but if I compare the encryption results, the HW peripheral has a different result than the SW library AES.c or encryption in Python - the last two have the same result.

hcryp.Instance = AES;

hcryp.Init.DataType = CRYP_DATATYPE_32B;

hcryp.Init.KeySize = CRYP_KEYSIZE_256B;

hcryp.Init.pKey = (uint32_t *)aAES256key;

hcryp.Init.Algorithm = CRYP_AES_ECB;

hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;

hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;

hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;

if (HAL_CRYP_Init(&hcryp) != HAL_OK)

I use it like that: HAL_CRYP_Encrypt(&hcryp,(uint32_t*) plain_text, 16,(uint32_t*) tmp_encrypt,0xffff);

uint8_t aAES256key[32] =
{
 0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
 0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
 0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
 0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
};

uint8_t plain_text[] = {0xff, 0xff, 0xff, 0xff, 0xca, 0x9d, 0xcf, 0x09,
		 0x5c, 0xba, 0xb7, 0x1d, 0x2e, 0x00, 0xf2, 0x20,
			0xff, 0x54, 0x03, 0x02, 0xbd};

I should get cipher starting like 0x6e,0x55,0x3e,0xae,.. instead of it I get 0x28,0x8b,0xd9,0x17,0x31,...

This topic has been closed for replies.

Best answer by JR2963

I've already solved it; the whole problem was in the correct comparison of the AES key and setting of AES

if you have KEY:

 uint8_t aes_key_8bit[] = {
 0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
 0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
 0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
 0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
 };

you have to convert it to:

 uint32_t aes_key2_32bit[] = {
 0x4df02c47, 0x64a428d9, 0xe5368338, 0x4c3e69fa,
 0x144db9b4, 0xdf4d7743, 0x4cf3f6ff, 0x5d5cde81
 };

also AES setting for ECB can be like that:

 hcryp.Instance = AES;
 hcryp.Init.DataType = CRYP_DATATYPE_8B;
 hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
 hcryp.Init.pKey = (uint32_t *)aes_key2_32bit;
 hcryp.Init.Algorithm = CRYP_AES_ECB;
 hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
 hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
 hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;

mƎALLEm

Technical Moderator

Hello,

You need also to provide the product you're using!

"To give better visibility on the answered topics, please click on ""Accept as Solution"" on the reply which solved your issue or answered your question."

JR2963Author

Senior II

...STM32WL55jc1

Andrew Neil

Super User

Duplicate: https://community.st.com/t5/stm32-mcus-security/aes-ecb-256-peripheral-encrypts-differently/td-p/651469 ?

EDIT: it's now been deleted.

A complex system that works is invariably found to have evolved from a simple system that worked.A complex system designed from scratch never works and cannot be patched up to make it work.

mƎALLEm

Technical Moderator

In the other thread, the product mentioned is STM32U5. Here STM32WL55 .. confusion!

"To give better visibility on the answered topics, please click on ""Accept as Solution"" on the reply which solved your issue or answered your question."

Tesla DeLorean

Guru

It does tend to be endian related.

I tend to use PC/X86 builds to test and contrast.

I seem to recall some NIST/FIPS type test cases in some of the examples. And definitely have some of my own test cases to validate the build functions properly.

TBH I'd hope the behaviour across STM32 families to be consistent. Some of the library code is crippled / STM32 locked via the CRC peripheral

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..

JR2963Author

Senior II

The issue may be in sending an array of uint8_t values for encryption, instead of an array of uint32_t values, because NO_SWAPPING is intended only for uint32_t types? But I wan to encrypt only 16 Bytes.. Any Idea please?

#define CRYP_DATATYPE_32B 0x00000000U /*!< 32-bit data type (no swapping) */
#define CRYP_DATATYPE_16B AES_CR_DATATYPE_0 /*!< 16-bit data type (half-word swapping) */
#define CRYP_DATATYPE_8B AES_CR_DATATYPE_1 /*!< 8-bit data type (byte swapping) */
#define CRYP_DATATYPE_1B AES_CR_DATATYPE /*!< 1-bit data type (bit swapping) */

 hcryp.Instance = AES;
 hcryp.Init.DataType = CRYP_DATATYPE_8B;
 hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
 hcryp.Init.pKey = (uint32_t *)aAES256key;
 hcryp.Init.Algorithm = CRYP_AES_ECB;
 hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
 hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
 hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;

JR2963Author

Senior II

It is really for STM32WL.. When I use tinyAES on STM32 it calculates also the same as on windows (python). Only the HW peri calculates it differently. https://github.com/kokke/tiny-AES-c/blob/master/aes.c

Any idea what else to try?

JR2963AuthorBest answer

Senior II

I've already solved it; the whole problem was in the correct comparison of the AES key and setting of AES

if you have KEY:

 uint8_t aes_key_8bit[] = {
 0x4d, 0xf0, 0x2c, 0x47, 0x64, 0xa4, 0x28, 0xd9,
 0xe5, 0x36, 0x83, 0x38, 0x4c, 0x3e, 0x69, 0xfa,
 0x14, 0x4d, 0xb9, 0xb4, 0xdf, 0x4d, 0x77, 0x43,
 0x4c, 0xf3, 0xf6, 0xff, 0x5d, 0x5c, 0xde, 0x81
 };

you have to convert it to:

 uint32_t aes_key2_32bit[] = {
 0x4df02c47, 0x64a428d9, 0xe5368338, 0x4c3e69fa,
 0x144db9b4, 0xdf4d7743, 0x4cf3f6ff, 0x5d5cde81
 };

also AES setting for ECB can be like that:

 hcryp.Instance = AES;
 hcryp.Init.DataType = CRYP_DATATYPE_8B;
 hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
 hcryp.Init.pKey = (uint32_t *)aes_key2_32bit;
 hcryp.Init.Algorithm = CRYP_AES_ECB;
 hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
 hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
 hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded