38.6.3.1 GCM Operation
Hashkey Generation
- Configure CTRLA register as
follows:
- CTRLA.STARTMODE as Manual (Auto for DMAC)
- CTRLA.CIPHER as Encryption
- CTRLA.KEYSIZE as per the key used
- CTRLA.AESMODE as ECB
- CTRLA.CTYPE as per the countermeasures required.
- Set CTRLA.ENABLE
- Write zero to CIPLEN reg.
- Write the key in KEYWORD register
- Write the zeros to DATA reg
- Set CTRLB.Start.
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates Hash Subkey in HASHKEY register.
Authentication Header Processing
- Configure CTRLA register as
follows:
- CTRLA.STARTMODE as Manual
- CTRLA.CIPHER as Encryption
- CTRLA.KEYSIZE as per the key used
- CTRLA.AESMODE as GCM
- CTRLA.CTYPE as per the countermeasures required.
- Set CTRLA.ENABLE
- Write the key in KEYWORD register
- Set CTRLB.GFMUL
- Write the Authdata to DATA reg
- Set CTRLB.START as1
- Wait for INTFLAG.GFMCMP to be set.
- AES Hardware generates output in GHASH register
- Continue steps 4 to 7 for remaining
Authentication Header.
Note: If the Auth data is less than 128 bit, it has to be padded with zero to make it 128 bit aligned.
Plain Text Processing
- Set CTRLB.NEWMSG for the new set of plain text processing.
- Load CIPLEN reg.
- Load (J0+1) in INTVECT register.
- As described in NIST documentation J 0 = IV || 0 31 || 1 when len(IV)=96 and J0 =GHASHH (IV || 0 s+64 || [len(IV)] 64 ) (s is the minimum number of zeroes that should be padded with the Initialization Vector to make it a multiple of 128) if len(IV) != 96.
- Load plain text in DATA register.
- Set CTRLB.START as 1.
- Wait for INTFLAG.ENCCMP to be set.
- AES Hardware generates output in DATA register.
- Intermediate GHASH is stored in GHASH register and Cipher Text available in DATA register.
- Continue 3 to 6 till the input of plain text to get the cipher text and the Hash keys.
- At the last input, set CTRLB.EOM.
- Write last in-data to DATA reg.
- Set CTRLB.START as 1.
- Wait for INTFLAG.ENCCMP to be set.
- AES Hardware generates output in DATA register and final Hash key in GHASH register.
- Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1.
- Wait for INTFLAG.GFMCMP to be set.
- AES Hardware generates final GHASH value in GHASH register.
Plain text processing with DMAC
- Set CTRLB.NEWMSG for the new set of plain text processing.
- Load CIPLEN reg.
- Load (J0+1) in INTVECT register.
- Load plain text in DATA register.
- Wait for INTFLAG.ENCCMP to be set.
- AES Hardware generates output in DATA register.
- Intermediate GHASH is stored in GHASH register and Cipher Text available in DATA register.
- Continue 3 to 5 till the input of plain text to get the cipher text and the Hash keys.
- At the last input, set CTRLB.EOM.
- Write last in-data to DATA reg.
- Wait for INTFLAG.ENCCMP to be set.
- AES Hardware generates output in DATA register and final Hash key in GHASH register.
- Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1.
- Wait for INTFLAG.GFMCMP to be set.
- AES Hardware generates final GHASH value in GHASH register.
Tag Generation
- Configure CTRLA
- Set CTRLA.ENABLE to 0
- Set CTRLA.AESMODE as CTR
- Set CTRLA.ENABLE to 1
- Load J0 value to INITVECTV reg.
- Load GHASH value to DATA reg.
- Set CTRLB.NEWMSG and CTRLB.START to start the Counter mode operation.
- Wait for INTFLAG.ENCCMP to be set.
- AES Hardware generates the GCM Tag output in DATA register.