CC2420
SWRS041B Page 47 of 89
RX in-line security operations are always
performed on the first frame currently
inside the RXFIFO, even if parts of this
have already been read out over the SPI
interface. This allows the receiver to first
read the source address out to decide
which key to use before doing
authentication of the complete frame. In
CTR or CCM mode it is of course
important that bytes to be decrypted are
not read out before the security operation
is started.
When the
SRXDEC
command strobe is
issued, the
FIFO
and
FIFOP
pins will go
inactive. This is to indicate to the
microcontroller that no further data may be
read out before the next byte to be read
has undergone the requested security
operation.
The frame in the RXFIFO may be received
over RF or it may be written into the
RXFIFO over the SPI interface for
debugging or higher layer security
operations.
21.5
CTR mode encryption /
decryption
CTR mode encryption / decryption is
performed by
CC2420
on MAC frames
within the TXFIFO / RXFIFO respectively.
SECCTRL1.SEC_TXL
/
SEC_RXL
sets the
number of bytes between the length field
and the first byte to be encrypted /
decrypted respectively. This controls the
number of plaintext bytes in the current
frame. For IEEE 802.15.4 MAC
encryption, only the MAC payload (see
Figure 17 on page 36) should be
encrypted, so
SEC_TXL
/
SEC_RXL
is set
to 3 + (0 to 20) depending on the address
information in the current frame.
When encryption is initiated, the plaintext
in the TXFIFO is then encrypted as
specified by [1]. The encryption module
will encrypt all the plaintext currently
available, and wait if not everything is pre-
buffered. The encryption operation may
also be started without any data in the
TXFIFO at all, and data will be encrypted
as it is written to the TXFIFO.
When decryption is initiated with a
SRXDEC
command strobe, the ciphertext
of the RXFIFO is then decrypted as
specified by [1].
21.6 CBC-MAC
CBC-MAC in-line authentication is
provided by
CC2420
hardware.
SECCTRL0.SEC_M
sets the MIC length M,
encoded as (M-2)/2.
When enabling CBC-MAC in-line TXFIFO
authentication, the generated MIC is
written to the TXFIFO for transmission.
The frame length must include the MIC.
SECCTRL1.SEC_TXL
/
SEC_RXL
sets the
number of bytes between the length field
and the first byte to be authenticated,
normally set to 0 for MAC authentication.
SECCTRL0.SEC_CBC_HEAD
defines if the
authentication length is used as the first
byte of data to be authenticated or not.
This bit should be set for compliance with
[1].
When enabling CBC-MAC in-line RXFIFO
authentication, the generated MIC is
compared to the MIC in the RXFIFO. The
last byte of the MIC is replaced in the
RXFIFO with:
•
0x00 if the MIC is correct
•
0xFF if the MIC is incorrect
The other bytes in the MIC are left
unchanged in the RXFIFO.
21.7 CCM
CCM combines CTR mode encryption and
CBC-MAC authentication in one operation.
CCM is described in [3].
SECCTRL1.SEC_TXL
/
SEC_RXL
sets the
number of bytes after the length field to be
authenticated but not encrypted.
The MIC is generated and verified very
much like with CBC-MAC described
above. The only differences are from the
requirements in [1] for CCM.