DocID024597 Rev 5
819/1830
RM0351
Advanced encryption standard hardware accelerator (AES)
852
in the AES_KEYRx registers and the AES is disabled by hardware. In this mode, the
AES_KEYRx registers must not be read when AES is enabled and until the CCF flag is set
to 1 by hardware.
The status flag CCF in the AES_SR register is set once the computation phase is complete.
An interrupt can be generated if bit CCFIE = 1 (CCF interrupt enable) in the AES_CR
register. The software can then read back the data from the AES_DOUTR register (for
modes 1, 3, 4) or from the AES_KEYRx registers (if mode 2 is selected).
The flag CCF has no meaning when DMA is used (DMAOUTEN = 1 in the AES_CR
register), because the reading the AES_DOUTR register is managed by DMA automatically
without any software action at the end of the computation phase.
The operation ends with the output phase, during which the software reads successively the
4 output data words from the AES_DOUTR register in mode 1, 3 or 4. In mode 2 (key
derivation mode), the data is automatically stored in the AES_KEYRx registers and the AES
is disabled by hardware. Then, software can select mode 3 (decryption mode) before it
enables the AES to start the decryption using this derivative key.
During the input and output phases, the software must read or write the data bytes
successively (except in mode 2) but the AES is tolerant of any delays occurring between
each read or write operation (example: if servicing another interrupt at this time).
The read error flag (RDERR) and write error flag (WRERR) in the AES_SR register are set
when an unexpected read or write operation is detected. An interrupt can be generated if
the error interrupt enable (ERRIE) bit is set in the AES_CR register. AES is not disabled
after an error detection and continues processing as normal.
It is also possible to use the general purpose DMA to write the input words and to read the
output words (refer to
and
).
The AES can be re-initialized at any moment by resetting the EN bit in the AES_CR register.
Then the AES can be re-started from the beginning by setting EN = 1, waiting for the first
input data byte to be written (except in mode 2 where key derivation processing starts as
soon as the EN bit is set, starting from the value stored in the AES_KEYRx registers).
28.4
Encryption and derivation keys
The AES_KEYRx registers are used to store the encryption or decryption keys. These four
(respectively eight) registers are organized in little-endian configuration: Register
AES_KEYR0 has to be loaded with the 32-bit LSB of the key. Consequently, AES_KEYR3
(respectively AES_KEYR7) has to be loaded with the 32-bit MSB of the 128-bit key
(respectively with the 32-bit MSB of the 256-bit key).
Note:
1
AES_KEYR0 to AES_KEYR3 registers are used when key length equal to 128-bit or 256-bit
is selected.
2
AES_KEYR4 to AES_KEYR7 registers are used only when key length equal to 256-bit is
selected.
The key for encryption or decryption must be stored in these registers when the AES is
disabled (EN = 0 into the AES_CR register). Their endianess are fixed.
In mode 2 (key derivation), the AES_KEYRx needs to be loaded with the encryption key.
Then, the AES has to be enabled. At the end of the computation phase, the derivation key is
stored automatically in the AES_KEYRx registers, overwriting the previous encryption key.
The AES is disabled by hardware when the derivation key is available. If the software needs