AES Functional Description
662
SLAU723A – October 2017 – Revised October 2018
Copyright © 2017–2018, Texas Instruments Incorporated
Advance Encryption Standard Accelerator (AES)
9.2.1.3.3 AES Decryption Core
The architecture of the AES decryption core is generally the same as the architecture of the encryption
core. One difference is that the generation of round keys for decryption requires an initial conversion of the
input key (always supplied by the host in the form of an encryption key) to the corresponding decryption
key. This conversion is done by performing a dummy encryption operation and storing the final round key
as a decryption key. The key scheduler is then reversed to generate the round keys for the decryption
operation. Consequently, for each sequence of decryption operations under the same key, a single
throughput reduction equal to the time to encrypt a single block occurs. Once a decryption key is
generated, subsequent decryption operations with the same key use this generated decryption key
directly.
9.2.1.3.4 AES Feedback Mode Block
AES feedback mode block buffers the feedback parameters and controls the various feedback modes. For
more information about the ECB, CBC, CTR, and CFB modes of operation, see the
specification.
CTR implements the standard incrementing function, as described in the NIST-SP800-38A specification,
with m set to 16 or a multiple of 32.
AES-XTS mode requires a polynomial multiplication for initialization vector (IV) generation of the AES
operation. This multiplication can be simplified when the first result is available due to the definition and
use of the block number within a unit. The input for the polynomial multiplication is not directly j, but
α
j
,
where
α
= x
2
in the GF (2
128
) domain.
In addition, F8 encryption or decryption mode, F9, and (X)CBC-MAC authentication modes are available.
9.2.1.3.5 GHASH Block
The data sequencer manages the data flow to and from the AES core. For data input, the data sequencer
monitors the input buffer until a 16-byte block is available. If the AES core is idle, the data sequencer
writes this data block to the internal working registers of the AES core, thus clearing the buffer for the next
block.
After completing an encryption or decryption operation, the data sequencer writes the AES output to the
output buffer. If the output buffer is full at the time of completion, the AES core is held until the buffer
clears. Although the data sequencer is designed to support uninterrupted packet encryption, the host must
properly manage the input and output packet buffers to achieve optimal performance.
9.2.2 AES Algorithm
The AES algorithm generates block ciphers. The AES block size is 16 bytes. The AES key(s) can be
coded on 128, 192, or 256 bits. Larger key sizes provide a higher level of security, but at the cost of a
moderate decrease in throughput.
For the AES algorithm:
•
The length of the input and output blocks is 128 bits, which is represented by Nb = 4, which reflects the
number of 32-bit words.
•
The length of the cipher key (K) is 128, 192, or 256 bits. The key length is represented by Nk = 4, 6, or
8, which reflects the number of 32-bit words in the cipher key.
•
The number of rounds to be performed during execution of the algorithm is dependent on the key size.
The number of rounds is represented by Nr, where:
–
Nr = 10 when Nk = 4 (128-bit key)
–
Nr = 12 when Nk = 6 (192-bit key)
–
Nr = 14 when Nk = 8 (256-bit key)
lists the combinations of keys, blocks, and rounds.
