CC2430
Peripherals : AES Coprocessor
unchanged, while setting the lower bits to 0 (M
!= 16).
must be zero. When encrypting message
blocks using CTR mode, CTR value must be
any value but zero.
The result is called T.
The content of the Encryption Flag byte is
described in Figure 31.
Message Encryption
(7) The software creates the key stream block
A0. Note that L=6, with the current example of
the CTR generation. The content is shown in
Figure 30.
Note that when encrypting authentication data
T to generate U in OFB mode, the CTR value
Name
A0
Designation
First CTR value for CCM mode
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15
Byte
Name
Flag
NONCE
CTR
Figure 30: Message Encryption Phase Block
Name
Designation
FLAG/A0
Encryption Flag Field for CCM mode
7
6
0
5
4
3
2
1
0
1
Bit
Name
Value
Reserved
0
-
0
L-1
0
0
0
1
Figure 31: Encryption Flag Byte
Message Encryption (cont.)
six-bit word. So, the value L is set to 6. To
decrypt a CCM mode processed message, the
following sequence can be conducted (key is
already loaded):
(8) The software loads A0 by selecting a Load
IV/Nonce command. To do so, it sets Mode to
CFB or OFB at the same time it selects the
Load IV/Nonce command.
Message Parsing Phase
(9) The software calls a CFB or an OFB
encryption on the authenticated data T. The
uploaded buffer contents stay unchanged
(1) The software parses the message by
separating the M rightmost octets, namely U,
and the other octets, namely string C.
(M=16), or only its first
unchanged, the others being set to 0 (M-16).
The result is U, which will be used later.
M bytes stay
(2) C is padded with zeros until it can fill an
integer number of 128-bit blocks;
(3) U is padded with zeros until it can fill a 128-
bit block.
(10) The software calls
a
CTR mode
encryption right now on the still padded
message blocks. It has to reload the IV when
CTR value is any value but zero.
(4) The software creates the key stream block
A0. It is done the same way as for CCM
encryption.
(11) The encrypted authentication data U is
appended to the encrypted message. This
gives the final result, c.
(5) The software loads A0 by selecting a Load
IV/Nonce command. To do so, it sets Mode to
CFB or OFB at the same time as it selects the
IV load.
Result c = encrypted message(m) + U
Message Decryption
(6) The software calls a CFB or an OFB
encryption on the encrypted authenticated
data U. The uploaded buffer contents stay
unchanged (M=16), or only its first M bytes
stay unchanged, the others being set to 0
(M!=16). The result is T.
CCM Mode decryption
In the coprocessor, the automatic generation
of CTR works on 32 bits, therefore the
maximum length of a message is 128 x 232
bits, that is 236 bytes, which can be written in a
CC2430 Data Sheet (rev. 2.1) SWRS036F
Page 138 of 211