|
|
|
Algorithms |
|
|
|
73 |
|
|
|
|
|
|
|
|||
|
Y = RAND[0K14] |
(RAND[15] |
N ′) |
|
(4.19) |
|||
where N ′ = min(16, 6 + N ) is the length of PKEY ′ in octets and where |
|
|||||||
|
PKEY [0,K, N − 1] |
( |
|
)] |
|
|
||
PKEY '= |
|
|
[ |
|
N < 16 |
(4.20) |
||
BD _ ADDR 0,K, min 5, 15− |
N |
|
||||||
|
|
|
|
|
||||
|
|
[ |
] |
|
|
|
N = 16 |
|
|
PKEY |
0,K, N − 1 |
|
|
|
|
||
4.2.4Encryption key algorithm E3
Finally, the encryption key generation algorithm E3 is defined as
128 |
128 |
96 |
128 |
(4.21) |
E 3:{0, 1} |
× {0, 1} |
× {0, 1} → |
{0, 1} |
|
(K ,RAND,COF) a hash(K ,RAND,COF, 12) |
(4.22) |
|||
where hash is the function defined in (4.9). The reader should remember, though, that this encryption key KC is not used directly. KC is used to derive the constraint key that is input into the ciphering algorithm E0, which we describe in the next section. One may notice that E21 and E22 are very similar. This is a design choice to simplify the implementation. Figure 4.5 gives the block diagram of E3.
4.3 Encryption engine
We already informally discussed the encryption engine E0 in Bluetooth at the beginning of this chapter. Abstractly E0 is a so-called autonomous finite state machine. Loaded with an initial state, it will on every clock cycle move to a new state and produce one single output bit of the key stream. The ciphering key that is loaded into the encryption engine is the constraint key K C′ . Apart from
K |
|
|
|||
|
128 |
|
|
KC |
|
RAND |
E3 |
||||
|
|||||
|
128 |
|
128 |
||
|
|
||||
COF |
|
|
|||
|
96 |
|
|
|
|
Figure 4.5 Block diagram of E3.