beautypg.com

At86rf231 extended feature set, 1 security module (aes), 1 overview – Rainbow Electronics AT86RF231 User Manual

Page 128: 2 security module preparation, Section 11.1, Tails refer to, Section 11.1 “security module, Section 11

background image

128

8111A–AVR–05/08

AT86RF231

11. AT86RF231 Extended Feature Set

11.1

Security Module (AES)

The security module (AES) is characterized by:

• Hardware accelerated encryption and decryption

• Compatible with AES-128 standard (128 bit key and data block size)

• ECB (encryption/decryption) mode and CBC (encryption) mode support

• Stand-alone operation, independent of other blocks

11.1.1

Overview

The security module is based on an AES-128 core according to FIPS197 standard, refer to

[5]

.

The security module works independent of other building blocks of the AT86RF231, encryption
and decryption can be performed in parallel to a frame transmission or reception.

Controlling the security block is implemented as an SRAM access to address space 0x82 to
0x94. A Fast SRAM access mode allows simultaneously writing new data and reading data from
previously processed data within the same SPI transfer. This access procedure is used to
reduce the turnaround time for ECB mode, see

Section 11.1.5 “Data Transfer - Fast SRAM

Access” on page 132

.

In addition, the security module contains another 128-bit register to store the initial key used for
security operations. This initial key is not modified by the security module.

11.1.2

Security Module Preparation

The use of the security module requires a configuration of the security engine before starting a
security operation. The following steps are required:

Before starting any security operation a key must be written to the security engine, refer to

Sec-

tion 11.1.3 “Security Key Setup” on page 129

. The key set up requires the configuration of the

AES engine KEY mode using register bits AES_MODE (SRAM address 0x83, AES_CON).

The following step selects the AES mode, either electronic code book (ECB) or cipher block
chaining (CBC). These modes are explained more in detail in sections

Section 11.1.4 “Security

Operation Modes” on page 129

. Further, encryption or decryption must be selected with register

bit AES_DIR (SRAM address 0x83, AES_CON).

As next the 128-bit plain text or ciphertext data has to be provided to the AES hardware engine.
The data uses the SRAM address range 0x84 - 0x93.

Table 11-1.

AES Engine Configuration Steps

Step

Description

Description

Section

1

Key Setup

Write encryption or decryption key to SRAM

Section 11.1.3

2

AES Mode

Select AES mode: ECB or CBC

Select encryption or decryption

Section 11.1.4.1

Section 11.1.4.2

3

Write Data

Write plaintext or cipher text to SRAM

Section 11.1.5

4

Start Operation

Start AES operation

5

Read Data

Read cipher text or plaintext from SRAM

Section 11.1.5

See also other documents in the category Rainbow Electronics Wireless Headsets: