Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

2.Use AES-CTR mode to encrypt the payload with counter values 1, 2, 3, …

3.Use AES-CTR mode to encrypt the MIC with counter value 0 (First key stream (S0) from AES-CTR operation)

Figure 37. CCM Operation Flow

E

B0

 

...

E

...

E

 

 

padding

 

padding

B1

… Bk

0 Bk+1

Br 0

Header

Payload

MIC

 

S1

 

...

Sm

 

S0

A1

E

...

Am

E

A0

E

 

 

 

 

 

 

B3002-01

Legend:

E – Encryption operation

B – Data blocks to be encrypted (data is split into multiple blocks of the size of cipher block length) S – Key stream generated from AES-CTR encryption

A – Counter blocks for AES-CTR encryption MIC – Message Integrity Code

Figure 38. CCM Operation on Data Packet

 

Encrypted

 

Header

payload

MIC

 

Authenticated

 

 

 

B3003-01

The API usage for performing an IPSec-style AES-CCM operation is as follows:

1.Register a crypto context for AES-CBC encryption (cipher context). A crypto context ID (A, in this example) will be obtained in this operation. Non-in-place operation must be chosen (useDifferentSrcAndDestMbufs in IxCryptoAccCtx must set to TRUE) to avoid the original data being overwritten by encrypted data. This crypto context is used only for the purpose of authentication and generating the MIC.

April 2005

IXP400 Software Version 2.0

Programmer’s Guide

104

Document Number: 252539, Revision: 007

 

Page 104
Image 104
Intel IXP400 manual CCM Operation Flow