beautypg.com

Keys, Nonce / counter, Cc2420 – Texas Instruments 3138 155 232931 User Manual

Page 45

background image

CC2420

SWRS041B Page 45 of 89

21 MAC Security Operations (Encryption and Authentication)

CC2420

features hardware IEEE 802.15.4

MAC security operations. This includes
counter mode (CTR) encryption /
decryption, CBC-MAC authentication and
CCM encryption + authentication. All
security operations are based on AES
encryption [2] using 128 bit keys. Security
operations are performed within the
transmit and receive FIFOs on a frame
basis.

CC2420

also includes stand-alone AES

encryption, in which one 128 bit plaintext
is encrypted to a 128 bit ciphertext.

The

SAES

,

STXENC

and SRXDEC

command strobes are used to start
security operations in

CC2420

as will be

described in the following sections. The
ENC_BUSY

status bit (see Table 5) may be

used to monitor when a security operation
has been completed. Security command
strobes issued while the security engine is
busy will be ignored, and the ongoing
operation will be completed.

Table 6 on page 31 shows the

CC2420

RAM memory map, including the security
related data located from addresses
0x100 through 0x15F. RAM access (see
the RAM access section on page 29) is
used to write or read the keys, nonces and
stand-alone buffer. All security related
data is stored little-endian, i.e. the least
significant byte is transferred first over the
SPI interface during RAM read or write
operations.

For a complete description of IEEE
802.15.4 MAC security operations, please
refer to [1].

21.1 Keys

All security operations are based on 128
bit keys. The

CC2420

RAM space has

storage space for two individual keys
(KEY0 and KEY1). Transmit, receive and
stand-alone encryption may select one of
these two keys individually in the
SEC_TXKEYSEL

, SEC_RXKEYSEL and

SEC_SAKEYSEL

control bits (SECCTRL0).

As can be seen from Table 6 on page 31,
KEY0 is located from address 0x100 and
KEY1 from address 0x130.

A way of establishing the keys used for
encryption and authentication must be
decided for each particular application.
IEEE 802.15.4 does not define how this is
done, it is left to the higher layer of the
protocol.

ZigBee uses an Elliptic Curve
Cryptography (ECC) based approach to
establish keys. For PC based solutions,
more processor intensive solutions such
as Diffie-Hellman may be chosen. Some
applications may also use pre-
programmed keys, e.g. for remote keyless
entry where the key and lock are delivered
in pairs. A push-button approach for
loading keys may also be selected.

21.2 Nonce / counter

The receive and transmit nonces used for
encryption / decryption are located in RAM
from addresses 0x110 and 0x140
respectively. They are both 16 bytes.

The nonce must be correctly initialized
before receive or transmit CTR or CCM
operations are started. The format of the
nonce is shown in Table 7. The block
counter must be set to 1 for compliance
with [1]. The key sequence counter is
controlled by a layer above the MAC layer.
The frame counter must be increased for
each new frame by the MAC layer. The
source address is the 64 bit IEEE address.

1 byte

8 bytes

4 bytes

1 byte

2 bytes

Flags Source

Address

Frame
Counter

Key
Sequence
Counter

Block
Counter

Table 7. IEEE 802.15.4 Nonce [1]

The block counter bytes are not updated
in RAM, only in a local copy that is
reloaded for each new in-line security
operation. I.e. the block counter part of the
nonce does not need to be rewritten. The

CC2420

block counter should be set to

0x0001 for compliance with [1].

CC2420

gives the user full flexibility in

selecting the flags for both nonces. The