CC2420
SWRS041B Page 45 of 89
21 MAC Security Operations (Encryption and Authentication)
CC2420
features hardware IEEE 802.15.4
MAC security operations. This includes
counter mode (CTR) encryption /
decryption, CBC-MAC authentication and
CCM encr authentication. All
security operations are based on AES
encryption [2] using 128 bit keys. Security
operations are performed within the
transmit and receive FIFOs on a frame
basis.
CC2420
also includes stand-alone AES
encryption, in which one 128 bit plaintext
is encrypted to a 128 bit ciphertext.
The
SAES
,
STXENC
and
SRXDEC
command strobes are used to start
security operations in
CC2420
as will be
described in the following sections. The
ENC_BUSY
status bit (see Table 5) may be
used to monitor when a security operation
has been completed. Security command
strobes issued while the security engine is
busy will be ignored, and the ongoing
operation will be completed.
Table 6 on page 31 shows the
CC2420
RAM memory map, including the security
related data located from addresses
0x100 through 0x15F. RAM access (see
the RAM access section on page 29) is
used to write or read the keys, nonces and
stand-alone buffer. All security related
data is stored little-endian, i.e. the least
significant byte is transferred first over the
SPI interface during RAM read or write
operations.
For a complete description of IEEE
802.15.4 MAC security operations, please
refer to [1].
21.1 Keys
All security operations are based on 128
bit keys. The
CC2420
RAM space has
storage space for two individual keys
(KEY0 and KEY1). Transmit, receive and
stand-alone encryption may select one of
these two keys individually in the
SEC_TXKEYSEL
,
SEC_RXKEYSEL
and
SEC_SAKEYSEL
control bits (
SECCTRL0
).
As can be seen from Table 6 on page 31,
KEY0 is located from address 0x100 and
KEY1 from address 0x130.
A way of establishing the keys used for
encryption and authentication must be
decided for each particular application.
IEEE 802.15.4 does not define how this is
done, it is left to the higher layer of the
protocol.
ZigBee uses an Elliptic Curve
Cryptography (ECC) based approach to
establish keys. For PC based solutions,
more processor intensive solutions such
as Diffie-Hellman may be chosen. Some
applications may also use pre-
programmed keys, e.g. for remote keyless
entry where the key and lock are delivered
in pairs. A push-button approach for
loading keys may also be selected.
21.2 Nonce / counter
The receive and transmit nonces used for
encryption / decryption are located in RAM
from addresses 0x110 and 0x140
respectively. They are both 16 bytes.
The nonce must be correctly initialized
before receive or transmit CTR or CCM
operations are started. The format of the
nonce is shown in Table 7. The block
counter must be set to 1 for compliance
with [1]. The key sequence counter is
controlled by a layer above the MAC layer.
The frame counter must be increased for
each new frame by the MAC layer. The
source address is the 64 bit IEEE address.
1 byte
8 bytes
4 bytes
1 byte
2 bytes
Flags Source
Address
Frame
Counter
Key
Sequence
Counter
Block
Counter
Table 7. IEEE 802.15.4 Nonce [1]
The block counter bytes are not updated
in RAM, only in a local copy that is
reloaded for each new in-line security
operation. I.e. the block counter part of the
nonce does not need to be rewritten. The
CC2420
block counter should be set to
0x0001 for compliance with [1].
CC2420
gives the user full flexibility in
selecting the flags for both nonces. The