AES hardware accelerator (AES)
RM0453
650/1454
RM0453 Rev 2
23.4.3 AES
cryptographic
core
Overview
The AES cryptographic core consists of the following components:
•
AES core algorithm (AEA)
•
multiplier over a binary Galois field (GF2mul)
•
key input
•
initialization vector (IV) input
•
chaining algorithm logic (XOR, feedback/counter, mask)
The AES core works on 128-bit data blocks (four words) with 128-bit or 256-bit key length.
Depending on the chaining mode, the AES requires zero or one 128-bit initialization vector
IV.
The AES features the following modes of operation:
•
Mode 1:
Plaintext encryption using a key stored in the AES_KEYRx registers
•
Mode 2:
ECB or CBC decryption key preparation. It must be used prior to selecting Mode 3 with
ECB or CBC chaining modes. The key prepared for decryption is stored automatically
in the AES_KEYRx registers. Now the AES peripheral is ready to switch to Mode 3 for
executing data decryption.
•
Mode 3:
Ciphertext decryption using a key stored in the AES_KEYRx registers. When ECB and
CBC chaining modes are selected, the key must be prepared beforehand, through
Mode 2.
Note:
Mode 2 is only used when performing ECB and CBC decryption.
The operating mode is selected by programming the MODE[1:0] bitfield of the AES_CR
register. It may be done only when the AES peripheral is disabled.
Typical data processing
Typical usage of the AES is described in
Section 23.4.4: AES procedure to perform a cipher
Note:
The outputs of the intermediate AEA stages are never revealed outside the cryptographic
boundary, with the exclusion of the IVI bitfield.
Chaining modes
The following chaining modes are supported by AES, selected through the CHMOD[2:0]
bitfield of the AES_CR register:
•
Electronic code book (ECB)
•
Cipher block chaining (CBC)
•
Counter (CTR)
•
Galois counter mode (GCM)
•
Galois message authentication code (GMAC)
•
Counter with CBC-MAC (CCM)