MBED TLS - get encryption key from set key


I am using MBED TLS to connect to the azure IoT Hub. Somewhere in the Azure code, a key is passed into the function “mbedtls_aes_setkey_enc”. I need to get this key out of the function so I can use it in my own hardware accelerated version of the MBED TLS CBC encryption function. However, the complicating factor is that the set key function is called multiple times by unrelated functions, so the only thing I have is the context struct which is passed to the encryption function.

The context struct only stores round keys from “mbedtls_aes_setkey_enc”, but I need the 256 bit encryption key, not the round keys. The only solution I have come up with is to take the round keys and convert it back to the encryption key in my encryption function, however this seems to be a very complex approach for something that should be quite simple.

Does anyone have any ideas of how I could get this 256 encryption key into my encryption function?


Hi @wolly981
If it was possible to get the key, with API, it was easy to hack the code.
I am not sure I understand your use case.
DO you wan to use the hardware accelerated version instead of the Azure code? Have you considered porting the hardware accelerated AES into the Mbed TLS code? If you port the hardware accelerated into Mbed TLS, every library calls the Mbed TLS AES API will use the hardware accelerated version.
Is this what you need?
Mbed TLS support

Hi Ron,

Yes, I’m looking to just test out hardware acceleration but instead of using AES_alt, I just thought it would be simple enough to directly replace the function to test it. I was never able to get it to work as I expected with Azure C sdk in the end, but I did manage to do the equivalent with the hash function. I was able to conclude from this that I do not have an adequate understanding of how the Azure C sdk uses AES keys in its implementation, since I was able to get the AES encryption working as expected with my own inputs and keys. Thanks for your help