ST STM32G4 Series Reference Manual page 1454

AES hardware accelerator (AES)
d)
e)
Note: AES is tolerant of delays between consecutive read or write operations, which allows, for
example, an interrupt from another peripheral to be served between two AES computations.
NPBLB bits are not used in header phase of GCM, GMAC and CCM chaining modes.
Data append using DMA
With this method, all the transfers and processing are managed by DMA and AES. To use
the method, proceed as follows:
1. Prepare the last four-word data block (if the data to process does not fill it completely),
by padding the remainder of the block with zeros.
2. Configure the DMA controller so as to transfer the data to process from the memory to
the AES peripheral input and the processed data from the AES peripheral output to the
memory, as described in
controller so as to generate an interrupt on transfer completion. In case of GCM
payload encryption or CCM payload decryption, DMA transfer must not include the
last four-word block if padded with zeros. The sequence described in
through polling
setup before processing the block, for AES to compute a correct tag.
3. Enable the AES peripheral by setting the EN bit of the AES_CR register
4. Enable DMA requests by setting the DMAINEN and DMAOUTEN bits of the AES_CR
register.
5. Upon DMA interrupt indicating the transfer completion, get the AES-processed data
from the memory.
Note: The CCF flag has no use with this method, because the reading of the AES_DOUTR
register is managed by DMA automatically, without any software action, at the end of the
computation phase.
NPBLB bits are not used in header phase GCM, GMAC and CCM chaining modes.
33.4.5 AES decryption key preparation
For an ECB or CBC decryption, a key for the first round of decryption must be derived from
the key of the last round of encryption. This is why a complete key schedule of encryption is
required before performing the decryption. This key preparation is not required for AES
decryption in modes other than ECB or CBC.
Recommended method is to select the Mode 2 by setting to 01 the MODE[1:0] bitfield of the
AES_CR (key process only), then proceed with the decryption by setting MODE[1:0] to 10
(Mode 3, decryption only). Mode 2 usage is described below:
1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select Mode 2 by setting to 01 the MODE[1:0] bitfield of the AES_CR. The
CHMOD[2:0] bitfield is not significant in this case because this key derivation mode is
independent of the chaining algorithm selected.
3. Set key length to 128 or 256 bits, via KEYSIZE bit of AES_CR register.
1454/2083
bitfield of the AES_CR register, for AES to compute a correct tag. Then proceed
with point 4e).
If the data block just processed is the last block of the message, discard the data
that is not part of the payload, then disable the AES peripheral by clearing the EN
bit of the AES_CR register and quit the interrupt service routine.
Write next four input data words into the AES_DINR register and quit the interrupt
service routine.
Section 33.4.16: AES DMA
must be used instead for this last block, because NPBLB bits must be
RM0440 Rev 1
interface. Configure the DMA
Data append
RM0440