AN10922 – AES-128 Example

[Petar Sladic]

I'm working through the AES-128 key diversification example in section 2.2.1 of AN10922, and I'm running into an issue with the subkey generation.

From the example:
K0 = FDE4FBAE4A09E020EFF722969F83832B

If the most significant bit of K0 is 0, then K1 is generated by left shifting K0 by 1 bit
else
K1 is generated by left shifting K0 and XORing a constant that depends on block size (in this case 0x87 on the high order byte)

The high order byte of K0 is 2B, which has a MSB of 0, so the constant should not be required.

Shifting K0 gives us a K1 of FBC9F75C9413C041DFEE452D3F070656

The example specifies that K1 is FBC9F75C9413C041DFEE452D3F0706D1, which is K0 shifted and XORed.

Either I'm making some sort of mistake, or the example provided in the application note is incorrect.

---

+ 0  |  - 0

[TapLinx Support]

Hi Petar,

First, we cannot talk about details of NDA material on a public portal. For any questions, please write directly to taplinx@nxp.com.

Second, it seems that you ask about the AES-CMAC algorithm. This algorithm is documented in:

NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication

You will find this document in the web.

The TapLinx team

---

+ 0  |  - 0

[Petar Sladic]

AN10922 is publicly accessible through search engines and labelled "COMPANY PUBLIC" throughout the PDF. Am I not allowed to discuss it here?

---

+ 0  |  - 0

[TapLinx Support]

Hi Petar,

Right, AN10922 is public. We can talk about it. But what I meant is the details of the authentication algorithm where the AES-CMAC is used.

The TapLinx team

---

+ 0  |  - 0

[Author]

Posts