CC2420
SWRS041B Page 46 of 89
flag setting is stored in the most significant
byte of the nonce. The flag byte used for
encryption and authentication is then
generated as shown in Figure 26.
The frame counter part of the nonce must
be incremented for each new packet by
software.
7
6
CTR Flag
bits 7:6
5
4
3
2
1
0
-
CBC Flag
bits 7:6
L
7
6
Res
5
4
3
2
1
0
L
7
6
Adata
5
4
3
2
1
0
M
L
0
0
0
SECCTRL0.SEC_M
MSB in CC2420 nonce RAM
CTR mode flag byte
CBC-MAC flag byte
Res
Res
Figure 26.
CC2420
Security Flag Byte
21.3 Stand-alone
encryption
Plain AES encryption, with 128 bit
plaintext and 128 bit keys [2], is available
using stand-alone encryption. The
plaintext is stored in stand-alone buffer
located at RAM location 0x120, as can be
seen from Table 6 on page 31.
A stand-alone encryption operation is
initiated by using the SAES command
strobe. The selected key
(
SECCTRL0.SEC_SAKEYSEL
) is then used
to encrypt the plaintext written to the
stand-alone buffer. Upon completion of the
encryption operation, the ciphertext is
written back to the stand-alone buffer,
thereby overwriting the plaintext.
Note that RAM write operations also
output data currently in RAM, so that a
new plaintext may be written at the same
time as reading out the previous
ciphertext.
21.4 In-line security operations
CC2420
can do MAC security operations
(encryption, decryption and authentication)
on frames within the TXFIFO and
RXFIFO. These operations are called in-
line security operations.
As with other MAC hardware support
within
CC2420
, in-line security operation
relies on the length field in the PHY
header. A correct length field must
therefore be used for all security
operations.
The key, nonce (does not apply to CBC-
MAC), and
SECCTRL0
and
SECCTRL1
control registers must be correctly set
before starting any in-line security
operation.
The in-line security mode is set in
SECCTRL0.SEC_MODE
to one of the
following modes:
•
Disabled
•
CBC-MAC
(authentication)
•
CTR (encryption / decryption)
•
CCM (authentication and encryption /
decryption)
When enabled, TX in-line security is
started in one of two ways:
•
Issue
a
STXENC
command strobe. In-
line security will be performed within
the TXFIFO, but a RF transmission
will not be started. Ciphertext may be
read back using RAM read operations.
•
Issue a
STXON
or
STXONCCA
command strobe. In-line security will
be performed within the TXFIFO and a
RF transmission of the ciphertext is
started.
When enabled, RX in-line security is
started as follows:
•
Issue
a
SRXDEC
command strobe. The
first frame in the RXFIFO is then
decrypted / authenticated as set by
the current security mode.