Changes

587 bytes added ,  11:26, 31 December 2016
Add information about non-standard CCM mode
Line 231: Line 231:  
== Endianness and word order ==
 
== Endianness and word order ==
 
When writing to the AES_CTR, AES_MAC or AES_KEY0/1/2/3 register, the hardware will process the written data according to the current input endianness specified in AES_CNT. However, the current specified input word order will not be honored for this register, and always defaults to reversed word order. Therefore, for normal word order, the reversal must be carried out manually if required.
 
When writing to the AES_CTR, AES_MAC or AES_KEY0/1/2/3 register, the hardware will process the written data according to the current input endianness specified in AES_CNT. However, the current specified input word order will not be honored for this register, and always defaults to reversed word order. Therefore, for normal word order, the reversal must be carried out manually if required.
 +
 +
== CCM mode pitfall ==
 +
Non-standard AES-CCM behaviour is observed on [[APT:Wrap|Wrap]]/[[APT:Unwrap|Unwrap]] function. According to [https://tools.ietf.org/html/rfc3610 RFC 3610], the first block B_0 for authentication should be generated from the message length and some other parameters. Using these function, it seems that the message length is aligned up to 16 when generating B_0. This makes the generated MAC not compliant with the standard when (inputsize-noncesize)%16!=0. It is very likely that this non-standard behaviour happens on the hardware level, but not confirmed yet.
    
== Keyslot ranges ==
 
== Keyslot ranges ==
242

edits