Cryptographic Engine¶

Context Management¶

The cryptographic context describes the set of data that can be saved in flash by the Cryptographic Engine (keys and parameters).

To make sure all data are ready to use, the best practice is to restore the cryptographic context after a power-on or when leaving sleep mode without retention.

1. If necessary, restore the cryptographic context. This will load context from flash to RAM, via the CryptoRestoreFromFlash() command.

2. Implement your application-related actions (e.g., Encrypt data, Compute AES-CMAC, etc.).

3. Save the cryptographic context if it was modified. This will save the context from RAM to flash, via the CryptoStoreToFlash() command.

Set and Use a Key¶

1. Restore the cryptographic context.

2. Set a key with CryptoSetKey().

3. Save the cryptographic context. This can be done any time before going into sleep mode without retention or before resetting the chip.

4. Perform a cryptographic operation (e.g., CryptoAesEncrypt()) with the correct Key ID.

Set and Use a Parameter¶

1. Restore the cryptographic context.

2. Set a parameter with CryptoSetParam().

3. Save the cryptographic context. This can be done anytime before going into sleep mode without retention, or before resetting the chip.

4. When needed, the parameter can be read with CryptoGetParam().

Cryptographic Operations¶

The Cryptographic Engine implements an AES-128 encryption as defined in FIPS PUB 197 and ISO/IEC 18033-3.

Memory Management¶

The Cryptographic Engine has its own RAM and flash memory area.

The dedicated RAM is split into three address spaces:

• A protected (write only) address space to store keys

• A protected (read / write) address space used by the cryptographic core

• An unprotected address space to store device parameters (such as EUIs)

The dedicated flash is under direct access of the cryptographic engine. (There is no direct access from the CPU.) It is used to store both protected and unprotected RAM address spaces. The purpose of this dedicated flash memory area is to enable the circuit to restore its state from low power modes.

To reduce the power consumption and optimize the processing time, all operations are performed in RAM. A context is saved in flash memory upon user request.

The RAM of the Cryptographic Engine is preserved when the chip goes into sleep mode with retention.

Key Management¶

The keys are arranged into several groups, according to the functionality they serve.

This arrangement determines:

• Which cryptographic functions can be used with a group.

• Which other group(s) of keys a Key ID can be derived from.

LoRaWAN®¶

The Cryptographic Engine offers several useful functions in a LoRaWAN context:

• CryptoProcessJoinAccept(): decrypts and verifies the MIC of a join accept message. Decrypted data are returned only if the verification succeeds.

• CryptoAesEncrypt01(): encrypts data with an AES-128 algorithm (the first data byte is forced to 0x01, see §4.3.3 LoRaWAN specification 1.0.3).

• CryptoDeriveKey(): can be used to derive AppSKey and NwkSKey.

• CryptoComputeAesCmac(): generates an AES-CMAC based MIC.

• CryptoVerifyAesCmac(): verifies an AES-CMAC based MIC.