Freescale Semiconductor MPC8313E Family Reference Manual page 706

Security Engine (SEC) 2.2
5. The counter value is incremented, and is then encrypted with the symmetric key. The result is then
hashed with the first block of plaintext to produce the first block of cipher text. The ciphertext is
placed in the shared symmetric output FIFO.
6. The counter continues to be incremented, and encrypted with the symmetric key, with the result
hashed with each successive block of plaintext, until all plaintext has been converted to ciphertext.
The SEC controller will manage FIFO reads and writes, fetching plaintext and writing ciphertext
per the pointers provided in the descriptor. When all ciphertext and the MIC have been output, the
CCM encrypt operation is complete.
The context for CCM decryption/MAC generation is:
• Reg 1–2, session specific 128-bit initialization vector (from memory)
• Reg 3–4, MIC (from received frame) + 64 bits of zero padding
• Reg 5–6, session specific counter (initial counter value) (from memory)
• Reg 7, counter modulus exponent (msb<--lsb). Should be fixed at 0x0000_0080.
Note that the counter modulus for CCM mode is currently defined as 2
value has been made programmable in the SEC in case the final version of the IEEE 802.11i standard uses
a different counter modulus. Because this is a programmable field, it must be generated and stored along
with other session specific information for loading into the AESU context register prior to CCM
decryption.
CCM decryption processing is the reverse of encryption;
With the session specific key and context, the AESU will perform the following operations.
1. Initialize the IV, and encrypt with the symmetric key. Simultaneously, the counter (initial counter
value) from context registers 5–6 is encrypted with the symmetric key. The result is hashed with
the encrypted MAC (from context registers 3–4), and the resulting original MAC is written to
context registers 3–4, overwriting the encrypted MAC.
Note that the counter is encrypted with the symmetric key, however, the AESU should be set for
'decrypt' to perform the counter and CBC processes in the correct order.
2. The IEEE Std. 802.11 frame header is hashed with the encrypted IV. (The AESU automatically
determines the header length.) Simultaneously, the counter is incremented, and is then encrypted
with the symmetric key. The result is then hashed with the first block of ciphertext to produce the
first block of plaintext. The plaintext is placed in the shared symmetric output FIFO, while
simultaneously, in CBC fashion, a copy of the first block of plaintext is hashed with the output of
encryption of the IEEE Std. 802.11 frame header. The output is encrypted with the symmetric key.
3. As each ciphertext block is converted to plaintext, the plaintext is CBC encrypted. When the final
plaintext block has been processed, the CBC MAC (MAC tag) is written to context registers 1–2.
The first 64 bits of the MAC tag are compared to the MAC tag recovered in step 1.
Note that for both encrypt and decrypt operations, if the IEEE Std. 802.11 frame is being processed as a
whole (not split across multiple descriptors), the 'Initialize' and 'Final MAC' bits should be set in the
AESU mode register.
MPC8313E PowerQUICC II Pro Integrated Processor Family Reference Manual, Rev. 3
14-52
128
, making the exponent 128. This
Freescale Semiconductor