Security
This section refers to the following sample application(s):
03-security
A
SmartMesh
network ensures confidentiality, integrity and authentication of all packets traveling over theSmartMesh
network. Data packets are, however, published as plaintext on theSmartMesh manager
serial API (see the SmartMesh IP Manager API Guide). To enable your application to implement an end-to-end security scheme, your application has access to a number of functions for encrypting and authentication arbitrary application payload.The
LTC5800
chip contains an AES block cipher core, as well as the necessary support hardware for full CCM* generic combined encryption and authentication block cipher mode, as defined in the IEEE802.15.4 standard. It also allows you to use the AES CBC-MAC and CTR modes.security software component of the SmartMesh library
allows your application to initialize and set up the hardware module, which executes all the calculations.The 03-security Sample Application
This sample application defines the following CLI commands to run and print test vectors for the different modes.
CTR mode
Type ctr to use the AES engine in Counter (CTR) mode. This mode can be used for encrypting/decrypting your payload by specifying a key and an initialization vector.
For consistency across the different function calls, we use the term "initialization vector", or iv, to refer to the "nonce", which is the term typically used in CTR mode.
As shown in the CLI capture below, you can use CTR mode to encrypt and decrypt an arbitrary payload:
> ctr params: - key: c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf - iv: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 input: - plaintext: 00 11 22 34 44 55 66 77 88 99 aa bb cc dd ee ff output: - ciphertext: 85 67 52 24 76 60 5b b4 8d 9d 4b 77 ad cd ac 56 output: - decrypted: 00 11 22 34 44 54 66 77 88 99 aa bb cc dd ee ff
CBC-MAC mode
Type cbc to use the AES engine in Cipher Block Chaining Message Authentication Code (CBC-MAC) mode. This mode allows you to generate a Message Authentication Code (MAC) using the Cipher Block Chaining mode of AES. The MAC is a series of bytes which depend on the bytes it was generated on, as well as a key and initialization vector. It is often used for authentication.
> cbc params: - key: c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf - iv: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 input: - inBuf: 00 11 22 34 44 55 66 77 88 99 aa bb cc dd ee ff output: - mic: 6f bb 0f 24 16 e8 14 a8 e1 d3 53 b1 83 f5 aa dd
CCM* mode
For CCM* mode, the sample application covers the three test vectors from Annex C of the IEEE802.15.4-2011.
Type ccm1 to run the test vector from Section "C.2.1 MAC beacon frame" of the IEEE802.15.4-2011 standard. This test vector performs authentication only, producing an 8-byte MIC.
> ccm1 Test vector from "C.2.1 MAC beacon frame" params: - M: 8 - L: 2 - key: c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf - nonce: ac de 48 00 00 00 00 01 00 00 00 05 02 00 00 00 input: - aBuf: 08 d0 84 21 43 01 00 00 00 00 48 de ac 02 05 00 00 00 55 cf 00 00 51 52 53 54 output: - aBuf: 08 d0 84 21 43 01 00 00 00 00 48 de ac 02 05 00 00 00 55 cf 00 00 51 52 53 54 - mic: 22 3b c1 ec 84 1a b5 53
Type ccm2 to run the test vector from Section "C.2.2 MAC data frame" of the IEEE802.15.4-2011 standard. This test vector performs encryption only.
> ccm2 Test vector from "C.2.2 MAC data frame" params: - M: 4 - L: 2 - key: c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf - nonce: ac de 48 00 00 00 00 01 00 00 00 05 04 00 00 00 input: - aBuf: 69 dc 84 21 43 02 00 00 00 00 48 de ac 01 00 00 00 00 48 de ac 04 05 00 00 00 - mBuf: 61 62 63 64 output: - aBuf: 69 dc 84 21 43 02 00 00 00 00 48 de ac 01 00 00 00 00 48 de ac 04 05 00 00 00 - mBuf: d4 3e 02 2b
Type ccm3 to run the test vector from Section "C.2.3 MAC command frame" of the IEEE802.15.4-2011 standard. This test vector performs encryption and authentication, producing an 8-byte MIC.
> ccm3 Test vector from "C.2.3 MAC command frame" params: - M: 8 - L: 2 - key: c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf - nonce: ac de 48 00 00 00 00 01 00 00 00 05 06 00 00 00 input: - aBuf: 2b dc 84 21 43 02 00 00 00 00 48 de ac ff ff 01 00 00 00 00 48 de ac 06 05 00 00 00 01 - mBuf: ce output: - aBuf: 2b dc 84 21 43 02 00 00 00 00 48 de ac ff ff 01 00 00 00 00 48 de ac 06 05 00 00 00 01 - mBuf: d8 - mic: 4f de 52 90 61 f9 c6 f1