Table of Contents
Advertisement
CCM Mode
CBC-MAC decryption is similar to encryption. The message MAC uploaded must be compared with the
MAC to be verified.
15.7 CCM Mode
To encrypt a message in CCM mode, the following sequence can be conducted (key is already loaded):
Message Authentication Phase
This phase takes place during the following steps 1–6.
1. The software loads the IV with zeros.
2. The software creates block B0. The layout of block B0 is shown in
Name
B0
Byte
0
1
2
Name
Flag
There is no restriction on the nonce value. L_M is the message length in bytes.
For 802.15.4, nonce is 13 bytes and L_M is 2 bytes.
The content of the authentication flag byte is described in
L is set to 6 in this example. So, L – 1 is set to 5. M and A_Data can be set to any value.
Name
FLAG-B0
Bit
7
Name
Reserved
Value
0
3. If some additional authentication data (denoted a, following) is needed (that is, A_Data = 1), the
software creates the A_Data length field, called L(a) by:
•
(a) If l(a) = 0, (that is, A_Data = 0), then L(a) is the empty string. Note that l(a) is the length of a in
octets.
•
(b) If 0 < l(a) < 2
The additional authentication data is appended to the A_Data length field L(a). The additional
authentication blocks are padded with zeros until the last additional authentication block is full. There is
no restriction on the length of a.
AUTH-DATA = L(a) + Authentication Data + (zero padding)
4. The last block of the message is padded with zeros until full (that is, if its length is not an integral
multiple of 128 bits).
5. The software concatenates block B0, the additional authentication blocks if any, and the message;
Input message = B0 + AUTH-DATA + Message + (zero padding of message)
6. Once the input message authentication by CBC-MAC is finished, the software leaves the uploaded
buffer contents unchanged (M = 16), or keeps only the higher-M bytes of the buffer unchanged, while
setting the lower bits to 0 (M != 16).
The result is called T.
Message Encryption
7. The software creates the key stream block A0. Note that L = 6, with the current example of the CTR
generation. The content is shown in
Note that when encrypting authentication data T to generate U in OFB mode, the CTR value must be
zero. When encrypting message blocks using CTR mode, the CTR value must be any value but zero.
The content of the encryption-flag byte is described in
148
AES Coprocessor
Designation
First Block for Authentication in CCM Mode
3
4
5
6
Nonce
Figure 15-1. Message Authentication Phase Block B0
Designation
Authentication Flag Field for CCM mode
6
5
A_Data
(M – 2) / 2
x
x
Figure 15-2. Authentication Flag Byte
16
8
– 2
, then L(a) is the 2-octet encoding of l(a).
Figure
Copyright © 2009–2014, Texas Instruments Incorporated
Figure
7
8
9
10
Figure
15-2.
4
3
x
x
15-3.
Figure
15-4.
SWRU191F – April 2009 – Revised April 2014
www.ti.com
15-1.
11
12
13
14
L_M
2
1
L – 1
1
0
Submit Documentation Feedback
15
0
1
Hide quick links:
Advertisement
Table of Contents
