AES Functional Description
671
SLAU723A – October 2017 – Revised October 2018
Copyright © 2017–2018, Texas Instruments Incorporated
Advance Encryption Standard Accelerator (AES)
9.2.3.2.2 CCM Protocol Operation
The CCM protocol operation is a combined operation consisting of encryption or decryption and
authentication. The authentication and encryption or decryption operations use the cryptographic core;
these are executed sequentially on the AES core. A part of the data stream can require authentication
only. The authentication-only data must always be in front of the data requiring encryption.
Authentication starts with the encryption of a predefined block B0. This block consists of flags, nonce, and
message length. The next blocks contain the authentication data length concatenated with the
authentication-only data. After processing the authentication-only data, the encryption or decryption
operations are performed, each followed by the related authentication of the plaintext data block (which
equals the input in the case of encryption, and the output in the case of decryption). The final
authentication result must be encrypted using the output of the encryption of the IV block A0. This block
contains the IV (consisting of flags and nonce) concatenated with the counter, which is zero for A0.
9.2.4 AES Software Reset
To perform a software reset of the AES module, write a 1 to the SOFTRESET bit in the AES System
Configuration (AES_SYSCONFIG) register. The RESETDONE bit in the AES Secure System Status
(AES_SYSSTATUS) register indicates that the software reset is complete when its value is 1. When the
software reset completes, the SOFTRESET bit in the AES_SYSCONFIG register is automatically reset.
Software must ensure that the software reset completes before doing any operations.
The behavior of the software reset is the same as the hardware reset, except that the software reset bit
resets this module without affecting the reset core domain of the entire device.
9.2.5 Power Management
To save power, the application can disable the clock to the AES module when not in use. The AES is
clock gated by setting the AESCFG bit in the Cryptographic Modules Clock Gating Request
(CCMCGREQ) register, CRC and Cryptographic Modules (CCM) offset 0x204. The AES in addition to the
DES, SHA/MD5 and CRC can also be clock gated as a group by setting the D0 bit in the CRC and
Cryptographic Modules (DCGCCCM) register, System Control Module offset 0x874.
9.2.6 Hardware Requests
The AES module can assert a µDMA request for context in, context out, input data, or output data read.
The AES uDMA Interrupt Mask (AES_DMAIM) register can be set to generate interrupts during the
following events:
•
Context In µDMA request (AES0 Cin)
•
Context Out µDMA request (AES0 Cout)
•
Data In µDMA request (AES0 Din)
•
Data Out µDMA request (AES0 Dout)
The AES module can be programmed to assert an interrupt when the uDMA has completed its last
transfer. See
for more information.
If context and data transfers are to be handled through software, then the AES Interrupt Enable
(AES_IRQENABLE), offset 0x090, can be used to enable interrupt triggering when context out, context in,
data in or data out is ready. The AES Interrupt Status (AES_IRQSTATUS), offset 0x08C, indicates when
an interrupt is triggered.
Table 9-2. Interrupts and Events
Event
Description
AES_IRQSTATUS [3]: CONTEXT_OUT
Context output interrupt
AES_IRQSTATUS [2]: DATA_OUT
Data output interrupt
AES_IRQSTATUS [1]: DATA_IN
Data input interrupt
AES_IRQSTATUS [0]: CONTEXT_IN
Context input interrupt
