beautypg.com

Ctr mode encryption / decryption, Cbc-mac, Cc2420 – Texas Instruments 3138 155 232931 User Manual

Page 47

background image

CC2420

SWRS041B Page 47 of 89

RX in-line security operations are always
performed on the first frame currently
inside the RXFIFO, even if parts of this
have already been read out over the SPI
interface. This allows the receiver to first
read the source address out to decide
which key to use before doing
authentication of the complete frame. In
CTR or CCM mode it is of course
important that bytes to be decrypted are
not read out before the security operation
is started.

When the SRXDEC command strobe is
issued, the FIFO and FIFOP pins will go
inactive. This is to indicate to the
microcontroller that no further data may be
read out before the next byte to be read
has undergone the requested security
operation.

The frame in the RXFIFO may be received
over RF or it may be written into the
RXFIFO over the SPI interface for
debugging or higher layer security
operations.

21.5

CTR mode encryption /
decryption

CTR mode encryption / decryption is
performed by

CC2420

on MAC frames

within the TXFIFO / RXFIFO respectively.

SECCTRL1.SEC_TXL

/ SEC_RXL sets the

number of bytes between the length field
and the first byte to be encrypted /
decrypted respectively. This controls the
number of plaintext bytes in the current
frame. For IEEE 802.15.4 MAC
encryption, only the MAC payload (see
Figure 17 on page 36) should be
encrypted, so SEC_TXL / SEC_RXL is set
to 3 + (0 to 20) depending on the address
information in the current frame.

When encryption is initiated, the plaintext
in the TXFIFO is then encrypted as
specified by [1]. The encryption module
will encrypt all the plaintext currently
available, and wait if not everything is pre-
buffered. The encryption operation may
also be started without any data in the
TXFIFO at all, and data will be encrypted
as it is written to the TXFIFO.

When decryption is initiated with a
SRXDEC

command strobe, the ciphertext

of the RXFIFO is then decrypted as
specified by [1].

21.6 CBC-MAC

CBC-MAC in-line authentication is
provided by

CC2420

hardware.

SECCTRL0.SEC_M

sets the MIC length M,

encoded as (M-2)/2.

When enabling CBC-MAC in-line TXFIFO
authentication, the generated MIC is
written to the TXFIFO for transmission.
The frame length must include the MIC.

SECCTRL1.SEC_TXL

/ SEC_RXL sets the

number of bytes between the length field
and the first byte to be authenticated,
normally set to 0 for MAC authentication.

SECCTRL0.SEC_CBC_HEAD

defines if the

authentication length is used as the first
byte of data to be authenticated or not.
This bit should be set for compliance with
[1].

When enabling CBC-MAC in-line RXFIFO
authentication, the generated MIC is
compared to the MIC in the RXFIFO. The
last byte of the MIC is replaced in the
RXFIFO with:

• 0x00 if the MIC is correct

• 0xFF if the MIC is incorrect

The other bytes in the MIC are left
unchanged in the RXFIFO.

21.7 CCM

CCM combines CTR mode encryption and
CBC-MAC authentication in one operation.
CCM is described in [3].

SECCTRL1.SEC_TXL

/ SEC_RXL sets the

number of bytes after the length field to be
authenticated but not encrypted.

The MIC is generated and verified very
much like with CBC-MAC described
above. The only differences are from the
requirements in [1] for CCM.