Aes Cryptographic Core - ST STM32G0 1 Series Reference Manual

RM0444
20.4.3

AES cryptographic core

Overview
The AES cryptographic core consists of the following components:
•
AES core algorithm (AEA)
• multiplier over a binary Galois field (GF2mul)
•
key input
• initialization vector (IV) input
•
chaining algorithm logic (XOR, feedback/counter, mask)
The AES core works on 128-bit data blocks (four words) with 128-bit or 256-bit key length.
Depending on the chaining mode, the AES requires zero or one 128-bit initialization vector
IV.
The AES features the following modes of operation:
• Mode 1:
Plaintext encryption using a key stored in the AES_KEYRx registers
• Mode 2:
ECB or CBC decryption key preparation. It must be used prior to selecting Mode 3 with
ECB or CBC chaining modes. The key prepared for decryption is stored automatically
in the AES_KEYRx registers. Now the AES peripheral is ready to switch to Mode 3 for
executing data decryption.
•
Mode 3:
Ciphertext decryption using a key stored in the AES_KEYRx registers. When ECB and
CBC chaining modes are selected, the key must be prepared beforehand, through
Mode 2.
•
Mode 4:
ECB or CBC ciphertext single decryption using the key stored in the AES_KEYRx
registers (the initial key is derived automatically).
Note: Mode 2 and mode 4 are only used when performing ECB and CBC decryption.
When Mode 4 is selected only one decryption can be done, therefore usage of Mode 2 and
Mode 3 is recommended instead.
The operating mode is selected by programming the MODE[1:0] bitfield of the AES_CR
register. It may be done only when the AES peripheral is disabled.
Typical data processing
Typical usage of the AES is described in
operation on page
Note: The outputs of the intermediate AEA stages are never revealed outside the cryptographic
boundary, with the exclusion of the IVI bitfield.
480.
RM0444 Rev 5
AES hardware accelerator (AES)
Section 20.4.4: AES procedure to perform a cipher
475/1390
522