CC2430 Datasheet, PDF(136/212 Page) Texas Instruments – A True System-on-Chip solution for 2.4 GHz IEEE 802.15.4 / ZigBee-TM

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

CC2430 Datasheet, PDF (136/212 Pages) Texas Instruments – A True System-on-Chip solution for 2.4 GHz IEEE 802.15.4 / ZigBee-TM

◁

CC2430

Peripherals : AES Coprocessor

13.12 AES Coprocessor

The CC2430 data encryption is performed using

a dedicated coprocessor which supports the

Advanced Encryption Standard, AES. The

coprocessor allows encryption/decryption to be

performed with minimal CPU usage.

The coprocessor has the following features:

â¢ Supports all security suites in IEEE

802.15.4

â¢ ECB, CBC, CFB, OFB, CTR and CBC-

MAC modes.

â¢ Hardware support for CCM mode

â¢ 128-bits key and IV/Nonce

â¢ DMA transfer trigger capability

13.12.1 AES Operation

To encrypt a message, the following procedure

must be followed (ECB, CBC):

â¢ Load key

â¢ Load initialization vector (IV)

â¢ Download and upload data for

encryption/decryption.

13.12.2 Key and IV

Before a key or IV/nonce load starts, an

appropriate load key or IV/nonce command

must be issued to the coprocessor. When

loading the IV it is important to also set the

correct mode.

A key load or IV load operation aborts any

processing that could be running.

The AES coprocessor works on blocks of 128

bits. A block of data is loaded into the

coprocessor, encryption is performed and the

result must be read out before the next block

can be processed. Before each block load, a

dedicated start command must be sent to the

coprocessor.

The key, once loaded, stays valid until a key

reload takes place.

The IV must be downloaded before the

beginning of each message (not block).

Both key and IV values are cleared by a reset

of the device.

13.12.3 Padding of input data

The AES coprocessor works on blocks of 128

bits. If the last block contains less than 128

bits, it must be padded with zeros when written

to the coprocessor.

13.12.4 Interface to CPU

The CPU communicates with the coprocessor

using three SFR registers:

â¢ ENCCS, Encryption control and status

â¢ ENCDI, Encryption input register

â¢ ENCDO, Encryption output register

Read/write to the status register is done

directly by the CPU, while access to the

input/output registers should be performed

using direct memory access (DMA).

When using DMA with AES coprosessor, two

DMA channels must be used, one for input

data and one for output data. The DMA

channels must be initialized before a start

command is written to the ENCCS. Writing a

start command generates a DMA trigger and

the transfer is started. After each block is

processed, an interrupt is generated. The

interrupt is used to issue a new start command

to the ENCCS.

13.12.5 Modes of operation

When using CFB, OFB and CTR mode, the

128 bits blocks are divided into four 32 bit

blocks. 32 bits are loaded into the AES

coprocessor and the resulting 32 bits are read

out. This continues until all 128 bits have been

encrypted. The only time one has to consider

this is if data is loaded/read directly using the

CPU. When using DMA, this is handled

automatically by the DMA triggers generated

by the AES coprocessor, thus DMA is

preferred.

Both encryption and decryption are performed

similarly.

The CBC-MAC mode is a variant of the CBC

mode. When performing CBC-MAC, data is

downloaded to the coprocessor one 128 bits

block at a time, except for the last block.

Before the last block is loaded, the mode must

CC2430 Data Sheet (rev. 2.1) SWRS036F

Page 136 of 211

▷