NEW DATABASE - 350 MILLION DATASHEETS FROM 8500 MANUFACTURERS
NEW DATABASE - 350 MILLION DATASHEETS FROM 8500 MANUFACTURERS
AN3085 MPC8555E AN2755 MPC8555/41 MPC8555CDS AN3075 800-38B CH370 - Datasheet Archive
Application Note AN3085 Rev. 0, 06/2006 SEC 2.x Descriptor Programmer's Guide Supplement Implementing AES-CMAC Using the SEC 2.x
Freescale Semiconductor Application Note AN3085 AN3085 Rev. 0, 06/2006 SEC 2.x Descriptor Programmer's Guide Supplement Implementing AES-CMAC Using the SEC 2.x by Systems Engineering Freescale Semiconductor, Inc. The advanced encryption standard-cipher message authentication code (AES-CMAC) is a mode of AES encryption used in IEEE® Std. 802.16eTM (WiMax) for subscriber station authentication with base stations. CMAC is a message authentication scheme built on two more basic modes of AES: · Electronic code book (ECB) · Cipher block chaining (CBC) AES-CMAC is relatively new, and most commercially available encryption accelerators do not support it directly. The CMAC specification published by NIST can be accelerated with hardware that performs AES-ECB and AES-CBC. However, some processing that would likely be executed on a general-purpose CPU is required at each stage. The SEC 2.x is a descriptor-based security engine integrated into several Freescale PowerQUICCTM products. It can accelerate AES-ECB and CBC, and, by extension, AES-CMAC. This application notes describes the hardware and software procedures for generating a CMAC using examples based on the MPC8555E MPC8555E SEC 2.0 hardware and device drivers. The techniques and code examples generically apply to all PowerQUICC devices with an SEC 2.x security engine. This document supplements the SEC 2.0 Descriptor Programmer's Guide (AN2755 AN2755). © Freescale Semiconductor, Inc., 2006. All rights reserved. Contents 1 AES-CMAC Basics . . . . . . . . . . . . . . . . . . . . . . . . . . .2 2 CMAC Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 2.1 Configuring and Building the CMAC Module . . . 3 2.2 Example Run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 2.3 Customizing the Software . . . . . . . . . . . . . . . . . . . .5 3 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 AES-CMAC Basics All application software provided with this application note applies to the Freescale Linux-based security driver. The CPU executes the application software, prepares the crypto request data structure, and launches the crypto operation through an ioctl call. 1 AES-CMAC Basics AES-CMAC is a new mode of AES for message authentication only. The IEEE 802.16e standard uses this AES mode to authenticate control messages. The PowerQUICC SEC 2.x hardware cannot perform full AES-CMAC in a single descriptor as it can for many of the more established AES modes. However, with some modification of the 802.16e management software, the SEC can complete a CMAC operation in a single descriptor. 16{0x00} K Host Preprocessing Determines Final Block Into Descriptor AES Encryption Padded Pn Pn K1 K2 L = ciph(K, 0128) 2 Descriptor 1 AES-ECB Encryption |Pn| = 128 K1 C i1 2 K2 Host Postprocessing: If MSB = 1, K1 = (L1