CC1110Fx / CC1111Fx
13.12 AES Coprocessor
The CC1110Fx/CC1111Fx data encryption is
performed using a dedicated coprocessor
which supports the Advanced Encryption
Standard, AES. The coprocessor allows
encryption/decryption to be performed with
minimal CPU usage.
•
ENCCS, Encryption control and status
register
ENCDI, Encryption input register
ENCDO, Encryption output register
•
•
Read/write to the control and status register
is done by the CPU, while read/write the
output/input registers is intended for use
together with direct memory access (DMA).
The coprocessor has the following features:
• ECB, CBC, CFB, OFB, CTR, and
CBC- MAC modes.
• Hardware support for CCM mode
• 128-bits key and IV/Nonce
• DMA transfer trigger capability
When using DMA, one channel is used for
input data and one for output data. The DMA
channels must be initialized before a start
command is written to the ENCCS. Writing a
start command generates a DMA trigger and
the transfer is started. After each block is
processed, the interrupt flag, S0CON.ENCIF,
is asserted, and an interrupt request
generated if IEN0.ENCIE is set to 1. The
interrupt is used to issue a new start
command to the ENCCS.
13.12.1 AES Operation
To encrypt
a
message, the following
procedure must be followed:
• Load key
• Load initialization vector (IV)/nonce
• Download and upload data for
encryption/decryption.
13.12.5 Modes of Operation
The AES coprocessor works on blocks of
128 bits. A block of data is loaded into the
coprocessor, encryption is performed, and
the result must be read out before the next
block can be processed. Before each block
load, a dedicated start command must be
sent to the coprocessor.
ECB and CBC modes are performed as
described in section 13.12.1
When using CFB, OFB, and CTR mode, the
128 bits blocks are divided into four 32 bit
blocks. 32 bits are loaded into the AES
coprocessor and the resulting 32 bits are
read out. This continues until all 128 bits
have been encrypted. The only time one has
to consider this is if data is loaded/read
directly using the CPU. When using DMA,
this is handled automatically by the DMA
triggers generated by the AES coprocessor,
thus DMA is preferred.
13.12.2 Key and IV
Before a key or IV/nonce load starts, an
appropriate load key or IV/nonce command
must be issued to the coprocessor. When
loading the IV it is important to also set the
correct mode.
Both encryption and decryption are
performed similarly.
A key load or IV load operation aborts any
processing that could be running.
The CBC-MAC mode is a variant of the CBC
mode. When performing CBC-MAC, data is
downloaded to the coprocessor one 128 bits
block at a time, except for the last block.
Before the last block is loaded, the mode
must be changed to CBC. The last block is
then downloaded and the block uploaded will
be the MAC value. CBC-MAC decryption is
similar to encryption. The message MAC
uploaded must be compared with the MAC
to be verified.
The key, once loaded, stays valid until a key
reload takes place.
The IV must be downloaded before the
beginning of each message (not block).
Both key and IV are cleared by a reset of the
device and when PM2 or PM3 are entered.
13.12.3 Padding of Input Data
AES works on blocks of 128 bits. If the last
block contains less than 128 bits, it must be
padded with zeros when written to the
coprocessor.
13.12.6 AES Interrupts
The AES interrupt flag, S0CON.ENCIF, is
asserted when encryption or decryption of a
block is completed. An interrupt request is
generated if IEN0.ENCIEis set to 1
13.12.4 Interface to CPU
The
CPU
communicates
with
the
coprocessor using three SFRs:
SWRS033E
Page 149 of 239