Using AES encryption

Mathias_Tausig · 11 February 2016 10:17

Hy!

I am trying to write a litle RIOT-OS project which uses AES encryption. After some fiddling around, I made it work by adding a "CFLAGS += -DCRYPTO_AES" line to my Makefile. Is this the recommended way to do it? I am asking, because I could not find any reference to it in the documentations.

cheers Mathias

Landsmann_Martin · 11 February 2016 10:33

Hi Mathias,

You need to add: USEMODULE += crypto to your Makefile to enable the AES cypher in your implementation. This line includes the crypto module which includes AES. Just head over to the RIOT wiki to learn more about modules [1] and how to use them.

You can also have a look into the crypto unittests [2] to get some hints how to use the AES implementation.

Best Regards, Martin

[1] https://github.com/RIOT-OS/RIOT/wiki/Introduction#including-modules [2] https://github.com/RIOT-OS/RIOT/tree/master/tests/unittests/tests-crypto

Oleg_Hahm · 11 February 2016 10:34

Hi Mathias!

Mathias_Tausig · 11 February 2016 11:34

I did use the USEMODULE clause, but without the addtional CFLAGS setting, it won't work. aes_init/cipher_init will return 0 because CIPHER_MAX_CONTEXT_SIZE is set to 1 in sys/include/crypto/ciphers.h. The unit test you referenced works, because it adds a "CFLAGS += -DCRYPTO_THREEDES" (which enables aes, too, because the CIPHER_MAX_CONTEXT_SIZE set for 3DES is larger then the one for AES) in the Makefile.include, too.

cheers Mathias

Landsmann_Martin · 11 February 2016 11:46

Hi Mathias,

yes I forgot to mention the CFLAG. If you use AES I suggest to use: CFLAGS += -DCRYPTO_AES and not: CFLAGS += -DCRYPTO_THREEDES then the appropriate CIPHER_MAX_CONTEXT_SIZE for AES will be defined [1].

Best regards, Martin

[1] https://github.com/RIOT-OS/RIOT/blob/master/sys/include/crypto/ciphers.h#L56

Mathias_Tausig · 11 February 2016 11:54

So this is on purpose. This should be added to docs, I think.

cheers Mathias

Oleg_Hahm · 11 February 2016 12:43

Hi!

Funny, my small example with AES worked without setting any CFLAGS.

Cheers, Oleg

Landsmann_Martin · 11 February 2016 12:49

Hi,

that's really interesting since initialize AES should fail [1].

Best regards, Martin

[1] https://github.com/RIOT-OS/RIOT/blob/master/sys/crypto/aes.c#L729

Oleg_Hahm · 11 February 2016 12:53

Hi!

Landsmann_Martin · 11 February 2016 13:02

true,

I didn't tested it with failing initialization. Could you change your small example accordingly?

Best regards, Martin

Oleg_Hahm · 11 February 2016 13:37

Hi Martin!

Landsmann_Martin · 11 February 2016 14:08

I mean change the example in the documentation in #4786

Oleg_Hahm · 11 February 2016 14:47

Hi!

Landsmann_Martin · 11 February 2016 14:55

Hi,

Hm, I would rather update the implementation and documentation first.

good point.

Best regards, Martin