CC2430 Datasheet, PDF(137/212 Page) Texas Instruments – A True System-on-Chip solution for 2.4 GHz IEEE 802.15.4 / ZigBee-TM

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

CC2430 Datasheet, PDF (137/212 Pages) Texas Instruments – A True System-on-Chip solution for 2.4 GHz IEEE 802.15.4 / ZigBee-TM

◁

CC2430

Peripherals : AES Coprocessor

be changed to CBC. The last block is then

downloaded and the block uploaded will be the

MAC value.

13.12.5.1

CBC-MAC

CCM is a combination of CBC-MAC and CTR.

Parts of the CCM must therefore be done in

software. The following section gives a short

explanation of the necessary steps to be done.

When performing CBC-MAC encryption, data

is downloaded to the coprocessor in CBC-

MAC mode one block at a time, except for the

last block. Before the last block is loaded, the

mode is changed to CBC. The last block is

downloaded and the block uploaded is the

message MAC.

CBC-MAC decryption is similar to encryption.

The message MAC uploaded must be

compared with the MAC to be verified.

13.12.5.2

CCM mode

To encrypt a message under CCM mode, the

following sequence can be conducted (key is

already loaded):

Message Authentication Phase

(1) The software loads the IV with zeros.

(2) The software creates the block B0. The

layout of block B0 is shown in Figure 28.

This phase takes place during steps 1-6

shown in the following.

Name

Designation

First block for authentication in CCM mode

Byte 0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Name Flag

NONCE

L_M

Figure 28: Message Authentication Phase Block 0

There is no restriction on the NONCE value.

L_M is the message length in bytes.

The content of the Authentication Flag byte is

described in Figure 29.

For 802.15.4 the NONCE is 13 bytes and L_M

is 2 bytes.

L is set to 6 in this example. So, L-1 is set to 5.

M and A_Data can be set to any value.

Name

Designation

FLAG/B0

Authentication Flag Field for CCM mode

Bit

Name

Reserved

A_Data

(M-2)/2

L-1

Value

Figure 29: Authentication Flag Byte

(3) If some Additional Authentication Data

(denoted a below) is needed (that is A_Data

=1), the software creates the A_Data length

field, called L(a) by :

â¢ (3a) If l(a)=0, (that is A_Data =0), then L(a)

is the empty string. Note that l(a) is the

length of a in octets.

â¢ (3b) If 0 < l(a) < 216 - 28 , then L(a) is the 2-

octets encoding of l(a).

The Additional Authentication Data is

appended to the A_Data length field L(a). The

Additional Authentication Blocks is padded

with zeros until the last Additional

Authentication Block is full. There is no

restriction on the length of a.

AUTH-DATA = L(a) + Authentication Data +

(zero padding)

(4) The last block of the message is padded

with zeros until full (that is if its length is not a

multiple of 128 bits).

(5) The software concatenates the block B0,

the Additional Authentication Blocks if any, and

the message;

Input message = B0 + AUTH-DATA +

Message + (zero padding of message)

(6) Once the input message authentication by

CBC-MAC is finished, the software leaves the

uploaded buffer contents unchanged (M=16),

or keeps only the bufferâs higher M bytes

CC2430 Data Sheet (rev. 2.1) SWRS036F

Page 137 of 211

▷