Table of Contents
Advertisement
AES hardware accelerator (AES)
GCM processing
Figure 105
by writing 011 to the CHMOD[2:0] bitfield of the AES_CR register.
(1) Init
AES_KEYRx (KEY)
[0]
128
Encrypt
H
(2) Header
AES_DINR (AAD 0)
Swap
DATATYPE
management
[1:0]
GF2mul
H
Legend
input
output
XOR
The mechanism for the confidentiality of the plaintext in GCM mode is similar to that in the
Counter mode, with a particular increment function (denoted 32-bit increment) that
generates the sequence of input counter blocks.
AES_IVRx registers keeping the counter block of data are used for processing each data
block. The AES peripheral automatically increments the Counter[31:0] bitfield. The first
counter block (CB1) is derived from the initial counter block ICB by the application software
(see
Table
AES_IVR3[31:0]
ICB[127:96]
Note:
In this mode, the setting 01 of the MODE[1:0] bitfield (key derivation) is forbidden.
564/1306
describes the GCM implementation in the AES peripheral. The GCM is selected
Figure 105. GCM authenticated encryption
AES_KEYRx (KEY)
AES_DINR (plaintext P1)
Swap
management
DATATYPE
[1:0]
AES_DINR (AAD i)
AES_DOUTR
(ciphertext C1)
Swap
management
GF2mul
H
124).
Table 124. Initialization of AES_IVRx registers in GCM mode
AES_IVR2[31:0]
ICB[95:64]
Block 1
AES_IVRx
ICB + (32-bit counter = 0x02)
CB1
Encrypt
DATATYPE
[1:0]
Swap
management
GF2mul
H
(4) Final
AES_DINR
Len(A)
64
AES_IVRx
(IV + 32-bit counter (= 0x1))
AES_IVR1[31:0]
ICB[63:32]
RM0461 Rev 5
(3) Payload
CBn
Counter
increment (+1)
AES_KEYRx (KEY)
AES_DINR (plaintext Pn)
DATATYPE
Swap
management
[1:0]
DATATYPE[1:0]
AES_DOUTR
(ciphertext Cn)
H
|| Len(C)
64
H
Encrypt
(Authentication TAG T)
AES_KEYRx (key)
AES_IVR0[31:0]
ICB[31:0]
32-bit counter = 0x0002
RM0461
Block n
AES_IVRx
CBn
Encrypt
Swap
management
GF2mul
GF2mul
S
AES_DOUTR
Advertisement
Chapters
Table of Contents
Need help?
Do you have a question about the STM32WLEx and is the answer not in the manual?