Hi.
I have a EK-RA2L1 and I want to test the build-in (hardware) AES module.
I created a test project and connected "TinyCrypt (H/W Accelerated)" stack.
In a project tree I found next directories:
- r_sce/
- rm_tinycrypt_port/
- intel/tinycrypt/lib/
My purpose is AES-256 CBC mode.
In RA2L1 Group User's Manual: Hardware Rev.1.40 Oct.31 2023, I saw that RA2L1 family supports AES 128 bits, 256 bits key length (ECB, CBC, CTR modes) - 38.AES Engine, page 1024.
But, in generated files I found only AES-128 CBC implementation (/rm_tinycrypt_port_cbc_mode.c - if you open this file you will see that "tc_cbc_mode_encrypt" and "tc_cbc_mode_decrypt" functions call "HW_SCE_Aes128EncryptDecrypt...." functions).
I found "HW_SCE_AES_256CbcEncrypt" function in /r_sce/ra2/ "SC324_P22.prc.c" file, but this function uses only in "HW_SCE_Aes256EncryptDecryptUpdateSub" function in /r_sce/ra2/adaptors directory.
1) How can I change my project settings (connect another library) if I want to use AES-256 CBC mode or I should use functions from "SC324_p2x.prc.c" files (without "rm_tinycrypt_port" directory)?
If I understand correctly, I should use functions from the "intel/tinycrypt/lib" directory, which will call functions from the "rm_tinycrypt_port" directory, which will call functions from the "r_sce" directory.
2) Is it okay, if I try to directly work with functions from the "r_sce" directory???
Hello,
The TinyCrypt module does not support AES-256 operations.
For AES-256 you will need to use Mbed Crypto H/W module:
https://renesas.github.io/fsp/group___r_m___p_s_a___c_r_y_p_t_o.html
Please find an example on AES-256 at:
https://github.com/renesas/ra-fsp-examples/tree/master/example_projects/ek_ra2l1/mbed_crypto/mbed_crypto_ek_ra2l1_ep
Regards
One question.
I checked your references and found one moment. On the example's Github page I found that EK-RA2L1 does not support SHA-256 (probably whole RA2L1 family):
"Note : EK-RA2L1, EK_RA4M1 and EK_RA4W1 boards do not support SHA, ECC and RSA operations."
If I understand correctly, Mbed Crypto ONLY uses hardware implementation of SHA-256. I'm right?
Because, in the TinyCrypt library I found software implementation of SHA-256 , I checked - the calculation result is correct.
I need to use AES-256 and SHA-256. Is it possible, change SHA-256 in Mbed Crypto on software?
In "rm_psa_crypto" I found next files: sha256_alt.h, sha256_alt_process.c, sha256_alt.c.
In the "sha256_alt_process.c" there is "mbedtls_internal_sha256_process_ext" function, which calls "HW_SHE_Sha224256GenerateMessageDigestSub" function.
And also one question.
In "sha256_alt.h" file there is next code:
"
typedef struct mbedtls_sha256_context{ uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[SIZE_MBEDTLS_SHA256_PROCESS_BUFFER_BYTES]; /*!< The data block being processed. */ int is224; /*!< Determines which function to use: * 0: Use SHA-256, or 1: Use SHA-224. */} mbedtls_sha256_context;
All time I have next error messages:
"conflicting types for 'mbedtls_sha256_context' sha256_alt.h /testSecurityFeaturesRA2L1/ra/fsp/src/rm_psa_crypto/inc line 48 C/C++ Problemredefinition of 'struct mbedtls_sha256_context' sha256_alt.h /testSecurityFeaturesRA2L1/ra/fsp/src/rm_psa_crypto/inc line 41 C/C++ Problem
I checked official Mbed TLS repository (https://github.com/Mbed-TLS/mbedtls/blob/development/include/mbedtls/sha256.h) and saw the same code (the structure members are slightly different, but..).
How can I fix it?
It happened, when I connect "sha256_alt.h" file and use "mbedtls_sha256_context".
1) The RA2L1 device does not support SHA operations.
2) The Mbed Crypto modules supports only AES operation for RA2L1.
As mentioned, SHA operations are not supported from RA2L1 so I do not know why you would use any SHA related files