2 cipher block chaining (cbc), Atmega128rfa1 – Rainbow Electronics ATmega128RFA1 User Manual

Page 95

Advertising
background image

95


8266A-MCU Wireless-12/09

ATmega128RFA1

key is the content of the key address space stored after running one full encryption
cycle and must be saved for decryption. If the decryption key has not been saved, it has
to be recomputed by first running a dummy encryption (of an arbitrary plaintext) using
the original encryption key. Then the resulting round key must be fetched from the key
memory and written back into the key memory as the decryption key.

ECB decryption is not used by either IEEE 802.15.4 or ZigBee frame security. Both of
these standards do not directly encrypt the payload. Instead they protect the payload by
applying a XOR operation between the original payload and the resulting (AES-) cipher
text with a nonce (number used once). As the nonce is the same for encryption and
decryption only ECB encryption is required. Decryption is performed by a XOR
operation between the received cipher text and its own encryption result concluding in
the original plain text payload upon success.

9.8.8.4.2 Cipher Block Chaining (CBC)

In CBC mode the result of a previous AES operation is XOR-combined with the new
incoming vector forming the new plaintext to encrypt as shown in the next figure. This
mode is used for the computation of a cryptographic checksum (message integrity
code, MIC).

Figure 9-37. CBC Mode - Encryption

Block Cipher

Encryption

Encryption

Key

Ciphertext

Block Cipher

Encryption

Plaintext

Ciphertext

Plaintext

Initialization Vector (IV)

Encryption

Key

ECB

mode

CBC

mode

After preparing the AES key and defining the AES operation direction register bit
AES_DIR, the data has to be provided to the AES engine and the CBC operation can
be started.

The first CBC run has to be configured as ECB to process the initial data (plain text
XOR with an initialization vector provided by the application software). All succeeding
AES runs are to be configured as CBC by setting bit AES_MODE = 1 (AES_CTRL
register ). Bit AES_DIR (AES_CTRL register) must be set to AES_DIR = 0 to enable
AES encryption. The data to be processed has to be transferred to the AES_STATE
register. Setting bit AES_REQUEST = 1 (AES_CTRL register) as described in section

"Security Operation Modes" on page 94

starts the first encryption. This causes the next

128 bits of plain text data to be XORed with the previous cipher text data, see

Figure 9-

37 above

.

According to IEEE 802.15.4 the input for the very first CBC operation has to be
prepared by a XOR operation of the plain text with the initialization vector (IV). The
value of the initialization vector is 0. However any other initialization vector can be
applied for non-compliant usage. This operation has to be prepared by the application
software.

Note that the MIC algorithm of the IEEE 802.15.4-2006 standard requires CBC mode
encryption only because it implements a one-way hash function.

Advertising
Popular Brands
Popular manuals