Implementation on FPGA - 2024.2 English - XD160

Vitis Libraries

Document ID
XD160
Release Date
2024-11-29
Version
2024.2 English

The CCM mode is supported including both encryption and decryption parts in this implementation.

Attention

The bit-width of the interfaces provided is shown as follows:

  payload cipher cipherkey nonce AD tag lenPld lenCph lenAD
CCM-AES128 128 128 128 56-104 128 32-128 64 64 64
CCM-AES192 128 128 192 56-104 128 32-128 64 64 64
CCM-AES256 128 128 256 56-104 128 32-128 64 64 64

The bit-width for the nonce and the tag is specified by the template parameters _t and _q. Read the API’s specification for further information.

The tag (MAC) is used to verify the received data is whether authentic or not. To maintain the same interface for both input and output ports, no bool flag is provided to indicate if the received data is authentic or not but a tag for you to verify it outside the primitive.

Caution

Applicable conditions:

1. To verify the received data, compare the tag, which is the output of the decrypting process with the tag from the encrypting process. If they are equal, the received data is authentic.

The algorithm flow chart of encryption part of CCM mode is shown as follows:

algorithm flow chart of CCM_encryption

As seen from the chart, the CCM encryption part can be divided into two individual parts: The Counter Mode (CTR) and The Cipher Block Chaining-Message Authentication Code (CBC-MAC). CTR is used to encrypt the plaintext to ciphertext, and CBC-MAC is used to generate the data tag (MAC).

The algorithm flow chart of decryption part of CCM mode is shown as follows:

algorithm flow chart of CCM_decryption

The decryption part is similar to the encryption part of CCM mode. The only difference is that the ciphertext to plaintext in the decryption part is decrypted. In the decryption part of CCM mode, no bool flag is provided to indicate whether the data is authentic or not. You should compare the tag, which the decryption part gives with the tag from CCM encryption part to judge the authenticity of the data. If the data is authentic, the tags should be equal.

The internal data flow of both encryption and decryption parts of CCM mode is shown in the following figures:

internal structure of CCM encryption internal structure of CCM decryption

In the implementation, the CCM mode has four independent modules, which are dupStrm, formatting, aesCtrEncrypt/aesCtrDecrypt, and CBC_MAC. As the four modules can work independently, they are designed into parallel dataflow processes, and connected by streams (FIFOs). Loop-carried dependency is enforced by the algorithm to the CBC-MAC, so its initiation internal (II) cannot achieve 1. On the contrary, the input block for the single block cipher inside the mode can be directly calculated by the counter, it can achieve II = 1 for the CTR part.