RA2L1 AES-256

Hi.

I have a EK-RA2L1 and I want to test the build-in (hardware) AES module.

I created a test project and connected "TinyCrypt (H/W Accelerated)" stack.

In a project tree I found next directories:

- r_sce/

- rm_tinycrypt_port/

- intel/tinycrypt/lib/

My purpose is AES-256 CBC mode.

In RA2L1 Group User's Manual: Hardware Rev.1.40 Oct.31 2023, I saw that RA2L1 family supports AES 128 bits, 256 bits key length (ECB, CBC, CTR modes) - 38.AES Engine, page 1024.

But, in generated files I found only AES-128 CBC implementation (/rm_tinycrypt_port_cbc_mode.c - if you open this file you will see that "tc_cbc_mode_encrypt" and "tc_cbc_mode_decrypt" functions call "HW_SCE_Aes128EncryptDecrypt...." functions).

I found "HW_SCE_AES_256CbcEncrypt" function in /r_sce/ra2/ "SC324_P22.prc.c" file, but this function uses only in "HW_SCE_Aes256EncryptDecryptUpdateSub" function in /r_sce/ra2/adaptors directory.

1) How can I change my project settings (connect another library) if I want to use AES-256 CBC mode or I should use functions from "SC324_p2x.prc.c" files (without "rm_tinycrypt_port" directory)?

If I understand correctly, I should use functions from the "intel/tinycrypt/lib" directory, which will call functions from the "rm_tinycrypt_port" directory, which will call functions from the "r_sce" directory.

2) Is it okay, if I try to directly work with functions from the "r_sce" directory???

Parents Reply Children
  • One question.

    I checked your references and found one moment. On the example's Github page I found that EK-RA2L1 does not support SHA-256 (probably whole RA2L1 family):

    "Note : EK-RA2L1, EK_RA4M1 and EK_RA4W1 boards do not support SHA, ECC and RSA operations."

    If I understand correctly, Mbed Crypto ONLY uses hardware implementation of SHA-256. I'm right?

    Because, in the TinyCrypt library I found software implementation of SHA-256 , I checked - the calculation result is correct.

    I need to use AES-256 and SHA-256. Is it possible, change SHA-256 in Mbed Crypto on software?

    In "rm_psa_crypto" I found next files: sha256_alt.h, sha256_alt_process.c, sha256_alt.c.

    In the "sha256_alt_process.c" there is "mbedtls_internal_sha256_process_ext" function, which calls "HW_SHE_Sha224256GenerateMessageDigestSub" function.

  • And also one question.

    In "sha256_alt.h" file there is next code:

    "

    typedef struct mbedtls_sha256_context
    {
        uint32_t      total[2];                                         /*!< The number of Bytes processed.  */
        uint32_t      state[8];                                         /*!< The intermediate digest state.  */
        unsigned char buffer[SIZE_MBEDTLS_SHA256_PROCESS_BUFFER_BYTES]; /*!< The data block being processed. */
        int           is224;                                            /*!< Determines which function to use:
                                                                         * 0: Use SHA-256, or 1: Use SHA-224. */
    } mbedtls_sha256_context;

    "

    All time I have next error messages:

    "
    conflicting types for 'mbedtls_sha256_context'    sha256_alt.h    /testSecurityFeaturesRA2L1/ra/fsp/src/rm_psa_crypto/inc    line 48    C/C++ Problem
    redefinition of 'struct mbedtls_sha256_context'    sha256_alt.h    /testSecurityFeaturesRA2L1/ra/fsp/src/rm_psa_crypto/inc    line 41    C/C++ Problem

    "

    I checked official Mbed TLS repository (https://github.com/Mbed-TLS/mbedtls/blob/development/include/mbedtls/sha256.h) and saw the same code (the structure members are slightly different, but..).

    How can I fix it?

    It happened, when I connect "sha256_alt.h" file  and use "mbedtls_sha256_context".

  • 1) The RA2L1 device does not support SHA operations.

    2) The Mbed Crypto modules supports only AES operation for RA2L1. 

  • As mentioned, SHA operations are not supported from RA2L1 so I do not know why you would use any SHA related files