CC2420

flag setting is stored in the most significant byte of the nonce. The flag byte used for encryption and authentication is then generated as shown in Figure 26.

 

 

MSB in CC2420 nonce RAM

 

 

7

6

5

4

3

2

1

0

-

CTR

Flag

CBC

Flag

 

L

 

bits 7:6

bits 7:6

 

 

 

 

 

 

 

 

 

CTR mode flag byte

 

 

 

7

6

5

 

4

3

 

2

1

0

Res

Res

0

 

0

0

 

 

L

 

 

 

 

 

 

 

 

 

 

 

The frame counter part of the nonce must be incremented for each new packet by software.

SECCTRL0.SEC_M

 

 

 

 

 

 

 

 

 

 

 

CBC-MAC flag byte

 

 

 

 

 

 

 

 

 

 

 

 

7

6

5

4

3

2

1

0

Res

Adata

 

M

 

 

L

 

 

 

 

 

 

 

 

 

 

 

Figure 26. CC2420 Security Flag Byte

21.3 Stand-alone encryption

Plain AES encryption, with 128 bit plaintext and 128 bit keys [2], is available using stand-alone encryption. The plaintext is stored in stand-alone buffer located at RAM location 0x120, as can be seen from Table 6 on page 31.

A stand-alone encryption operation is initiated by using the SAES command

strobe. The selected key (SECCTRL0.SEC_SAKEYSEL) is then used to encrypt the plaintext written to the stand-alone buffer. Upon completion of the encryption operation, the ciphertext is written back to the stand-alone buffer, thereby overwriting the plaintext.

Note that RAM write operations also output data currently in RAM, so that a new plaintext may be written at the same time as reading out the previous ciphertext.

21.4 In-line security operations

CC2420 can do MAC security operations (encryption, decryption and authentication) on frames within the TXFIFO and RXFIFO. These operations are called in- line security operations.

As with other MAC hardware support within CC2420, in-line security operation relies on the length field in the PHY header. A correct length field must therefore be used for all security operations.

The key, nonce (does not apply to CBC- MAC), and SECCTRL0 and SECCTRL1 control registers must be correctly set before starting any in-line security operation.

The in-line security mode is set in SECCTRL0.SEC_MODE to one of the following modes:

Disabled

CBC-MAC (authentication)

CTR (encryption / decryption)

CCM (authentication and encryption / decryption)

When enabled, TX in-line security is started in one of two ways:

Issue a STXENC command strobe. In- line security will be performed within the TXFIFO, but a RF transmission will not be started. Ciphertext may be read back using RAM read operations.

Issue a STXON or STXONCCA command strobe. In-line security will be performed within the TXFIFO and a RF transmission of the ciphertext is started.

When enabled, RX in-line security is started as follows:

Issue a SRXDEC command strobe. The first frame in the RXFIFO is then decrypted / authenticated as set by the current security mode.

SWRS041B

Page 46 of 89

Page 46
Image 46
Texas Instruments 3138 155 232931 manual CC2420 Security Flag Byte Stand-alone encryption, In-line security operations