LoRaWAN encryption in Hardware

Isn't it sad that hardware engineers build all those powerful features into modern microcontrollers, and then the application software doesn't use it ?

LoraWAN encryption is a good example : almost all MCU's in the sensor devices have a 32-bit Hardware AES encryption built in. Still, almost all application software uses an old 8-bit software implementation.

A hardware implementation is several times faster (consuming less power) and is guaranteed to be standards compliant. While researching this topic, I put several AES-libraries under test with NIST test-vectors and some of them did contain errors.

So, after a bit of experimenting and reverse engineering ST's demo code, I got the hardware encryption working and so I decided to do some benchmarking on the STM32WLE5 MCU I am currently working with, and here are my results :

• 128 byte payload encryption : HW is 32 times faster than SW
• 128 byte payload MIC calculation : HW is 39 times faster than SW
• ROM footprint (code) : HW implementation consumes ~420 bytes less
• RAM footprint (data) : HW implementation consumes ~350 bytes less

I think it's a no-brainer that for serious LoRaWAN, your device should use hardware encryption if the MCU supports it.

For more information or help, feel free to contact me.