Hi, i just want to share a code snippet that i just finished writing for my main project
#include <string.h>
#include <secure_services.h>
#include <tinycrypt/ctr_mode.h>
#include <tinycrypt/constants.h>
#include <stdio.h>
#include <stdlib.h>`
int encryptDataAES(u8_t AESKey [],u8_t plainTextData [],size_t plainTextDataSize,u8_t *encryptedDataDest){
u8_t initializationVector[16];
int result = generateRandomBytes(initializationVector,16);
if(result != 0){
return result;
}
struct tc_aes_key_sched_struct aesCTRConfig;
(void)tc_aes128_set_encrypt_key(&aesCTRConfig, AESKey);
(void)memcpy(encryptedDataDest, initializationVector,16);
result = tc_ctr_mode(&encryptedDataDest[TC_AES_BLOCK_SIZE],plainTextDataSize, plainTextData, plainTextDataSize,initializationVector, &aesCTRConfig);
return result;
}
int decryptDataAES(u8_t AESKey [],u8_t encryptedData [],size_t decryptedDataSize,u8_t *decryptedDataDest){
u8_t initializationVector[16];
struct tc_aes_key_sched_struct aesCTRConfig;
(void)tc_aes128_set_encrypt_key(&aesCTRConfig, AESKey);
(void)memcpy(initializationVector,encryptedData,16);
int result = tc_ctr_mode(decryptedDataDest, decryptedDataSize,&encryptedData[TC_AES_BLOCK_SIZE],decryptedDataSize,initializationVector, &aesCTRConfig);
return result;
}
int generateRandomBytes(u8_t* randomBytesDest,int numberOfRandomBytes){
//As of 19 Feb 2021 numberOfRequestedRandomBytes its required to be 144, this may change in the future
//The number 144 means that we are requesting 144 random bytes to the SPM
//But we only need numberOfRandomBytes, so the memcpy at the end is to limit the output
//This also means that the maximum number of bytes that we are allowed to grab in a single call to this funcion is 144
//So numberOfRandomBytes must be les tan 144
size_t numberOfRequestedRandomBytes = 144;
u8_t completeRandomNumber[numberOfRequestedRandomBytes];
int result = spm_request_random_number(completeRandomNumber,numberOfRequestedRandomBytes, &numberOfRequestedRandomBytes);
if (result != 0) {
return -1;
}
(void)memcpy(randomBytesDest, completeRandomNumber,numberOfRandomBytes);
return 0 ;
}`
It consists of 3 functions, the first two to encrypt and decrypt data using AES in CTR mode with a 128 bit key, the third one its to generate random bytes for the IV
This snippets use the TinyCrypt lib that its included with Zephyr, as far as i know this library does not use the ARM Cryptocell 310 that the nrf9160 includes, so the operations are executed in the main CPU
Here is an example on how to use it
u8_t AESKey[16] = {0x12,0x23,0x4a,0x5c,0x28,0xaa,0x13,0x1e,0x2e,0xa1,0xa9,0xd6,0x57,0x1e,0xa3,0xbe};
u8_t textToEncrypt[] = "It works";
u8_t encryptedData[sizeof(textToEncrypt)+16];
encryptDataAES(AESKey,textToEncrypt,sizeof(textToEncrypt),encryptedData);
u8_t decryptedData[sizeof(encryptedData)-16];
decryptDataAES(AESKey,encryptedData,sizeof(encryptedData)-16,decryptedData);
printf("Original: %s Encrypted: %s Decrypted: %s \n",textToEncrypt,encryptedData,decryptedData);
I hope someone find this useful
If you want more info, for example if you want to use another AES mode, take a look at /nfed/zephyr/tests/crypto/tinycrypt
I wrote this example using the tests that are in that folder
PD: You may want to include this options in your prj.conf
CONFIG_TINYCRYPT=y
CONFIG_TINYCRYPT_AES=y
CONFIG_TINYCRYPT_SHA256=y
CONFIG_TINYCRYPT_AES_CTR=y
CONFIG_IS_SPM=n
CONFIG_SPM_SECURE_SERVICES=y
CONFIG_SPM_SERVICE_RNG=y
Another PD: Sorry if you dont like my camel case style for writing code, I’m just really used to it, and I feel unconfortable writing code in the correct style of C