Versions Compared

Old Version 1

changes.mady.by.user Thomas Watteyne

Saved on

compared with

New Version Current

changes.mady.by.user Thomas Watteyne

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This section refers to the following sample application(s):

  • 03-security

Table of Contents


Include Page
_def_sm
_def_sm
 network ensures confidentiality, integrity and authentication of all packets traveling over the 
Include Page
_def_sm
_def_sm
 network. Data packets are, however, published as plaintext on the 
Include Page
_def_mgr
_def_mgr
 serial API (see the SmartMesh IP Manager API Guide). To enable your application to implement an end-to-end security scheme, your application has access to a number of functions for encrypting and authentication arbitrary application payload.

The 

Include Page
_def_chip_eterna
_def_chip_eterna
 chip contains an AES block cipher core, as well as the necessary support hardware for full CCM* generic combined encryption and authentication block cipher mode, as defined in the IEEE802.15.4 standard. It also allows you to use the AES CBC-MAC and CTR modes.

The security software component of the 
Include Page
_def_ocsdk_library
_def_ocsdk_library
 allows your application to initialize and set up the hardware module, which executes all the calculations.

The 03-security Sample Application

This sample application defines the following CLI commands to run and print test vectors for the different modes.

CTR mode

Type ctr to use the AES engine in Counter (CTR) mode. This mode can be used for encrypting/decrypting your payload by specifying a key and an initialization vector.

Info

For consistency across the different function calls, we use the term "initialization vector", or iv, to refer to the "nonce", which is the term typically used in CTR mode.

As shown in the CLI capture below, you can use CTR mode to encrypt and decrypt an arbitrary payload:

No Format
> ctr
params:
 - key:         c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
 - iv:          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
input:
 - plaintext:   00 11 22 34 44 55 66 77 88 99 aa bb cc dd ee ff
output:
 - ciphertext:  85 67 52 24 76 60 5b b4 8d 9d 4b 77 ad cd ac 56
output:
 - decrypted:   00 11 22 34 44 54 66 77 88 99 aa bb cc dd ee ff

CBC-MAC mode

Type cbc to use the AES engine in Cipher Block Chaining Message Authentication Code (CBC-MAC) mode. This mode allows you to generate a Message Authentication Code (MAC) using the Cipher Block Chaining mode of AES. The MAC is a series of bytes which depend on the bytes it was generated on, as well as a key and initialization vector. It is often used for authentication.

No Format
> cbc
params:
 - key:         c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
 - iv:          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
input:
 - inBuf:       00 11 22 34 44 55 66 77 88 99 aa bb cc dd ee ff
output:
 - mic:         6f bb 0f 24 16 e8 14 a8 e1 d3 53 b1 83 f5 aa dd

CCM* mode

For CCM* mode, the sample application covers the three test vectors from Annex C of the IEEE802.15.4-2011.

Type ccm1 to run the test vector from Section "C.2.1 MAC beacon frame" of the IEEE802.15.4-2011 standard. This test vector performs authentication only, producing an 8-byte MIC.

No Format
> ccm1
Test vector from "C.2.1 MAC beacon frame"
params:
 - M:          8
 - L:          2
 - key:        c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
 - nonce:      ac de 48 00 00 00 00 01 00 00 00 05 02 00 00 00
input:
 - aBuf:       08 d0 84 21 43 01 00 00 00 00 48 de ac 02 05 00 00 00 55 cf 00 00 51 52 53 54
output:
 - aBuf:       08 d0 84 21 43 01 00 00 00 00 48 de ac 02 05 00 00 00 55 cf 00 00 51 52 53 54
 - mic:        22 3b c1 ec 84 1a b5 53

Type ccm2 to run the test vector from Section "C.2.2 MAC data frame" of the IEEE802.15.4-2011 standard. This test vector performs encryption only.

No Format
> ccm2
Test vector from "C.2.2 MAC data frame"
params:
 - M:          4
 - L:          2
 - key:        c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
 - nonce:      ac de 48 00 00 00 00 01 00 00 00 05 04 00 00 00
input:
 - aBuf:       69 dc 84 21 43 02 00 00 00 00 48 de ac 01 00 00 00 00 48 de ac 04 05 00 00 00
 - mBuf:       61 62 63 64
output:
 - aBuf:       69 dc 84 21 43 02 00 00 00 00 48 de ac 01 00 00 00 00 48 de ac 04 05 00 00 00
 - mBuf:       d4 3e 02 2b

Type ccm3 to run the test vector from Section "C.2.3 MAC command frame" of the IEEE802.15.4-2011 standard. This test vector performs encryption and authentication,  producing an 8-byte MIC.

No Format
> ccm3
Test vector from "C.2.3 MAC command frame"
params:
 - M:          8
 - L:          2
 - key:        c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf
 - nonce:      ac de 48 00 00 00 00 01 00 00 00 05 06 00 00 00
input:
 - aBuf:       2b dc 84 21 43 02 00 00 00 00 48 de ac ff ff 01 00 00 00 00 48 de ac 06 05 00 00 00 01
 - mBuf:       ce
output:
 - aBuf:       2b dc 84 21 43 02 00 00 00 00 48 de ac ff ff 01 00 00 00 00 48 de ac 06 05 00 00 00 01
 - mBuf:       d8
 - mic:        4f de 52 90 61 f9 c6 f1