User Manual

ManualsBrandsRainbow Electronics ManualsWireless HeadsetsAT86RF231

121

122

123

124

125

126

127

128

129

130

128

8111A–AVR–05/08

AT86RF231

11. AT86RF231 Extended Feature Set

11.1 Security Module (AES)

The security module (AES) is characterized by:

• Hardware accelerated encryption and decryption

• Compatible with AES-128 standard (128 bit key and data block size)

• ECB (encryption/decryption) mode and CBC (encryption) mode support

• Stand-alone operation, independent of other blocks

11.1.1 Overview

The security module is based on an AES-128 core according to FIPS197 standard, refer to [5].

The security module works independent of other building blocks of the AT86RF231, encryption

and decryption can be performed in parallel to a frame transmission or reception.

Controlling the security block is implemented as an SRAM access to address space 0x82 to

0x94. A Fast SRAM access mode allows simultaneously writing new data and reading data from

previously processed data within the same SPI transfer. This access procedure is used to

reduce the turnaround time for ECB mode, see Section 11.1.5 “Data Transfer - Fast SRAM

Access” on page 132.

In addition, the security module contains another 128-bit register to store the initial key used for

security operations. This initial key is not modified by the security module.

11.1.2 Security Module Preparation

The use of the security module requires a configuration of the security engine before starting a

security operation. The following steps are required:

Before starting any security operation a key must be written to the security engine, refer to Sec-

tion 11.1.3 “Security Key Setup” on page 129. The key set up requires the configuration of the

AES engine KEY mode using register bits AES_MODE (SRAM address 0x83, AES_CON).

The following step selects the AES mode, either electronic code book (ECB) or cipher block

chaining (CBC). These modes are explained more in detail in sections Section 11.1.4 “Security

Operation Modes” on page 129. Further, encryption or decryption must be selected with register

bit AES_DIR (SRAM address 0x83, AES_CON).

As next the 128-bit plain text or ciphertext data has to be provided to the AES hardware engine.

The data uses the SRAM address range 0x84 - 0x93.

Table 11-1. AES Engine Configuration Steps

Step Description Description Section

1 Key Setup Write encryption or decryption key to SRAM Section 11.1.3

2 AES Mode Select AES mode: ECB or CBC

Select encryption or decryption

Section 11.1.4.1

Section 11.1.4.2

3 Write Data Write plaintext or cipher text to SRAM Section 11.1.5

4 Start Operation Start AES operation

5 Read Data Read cipher text or plaintext from SRAM Section 11.1.5