38.6.3.1 GCM Operation

Hashkey Generation

  • Configure CTRLA register as follows:
    1. CTRLA.STARTMODE as Manual (Auto for DMAC)
    2. CTRLA.CIPHER as Encryption
    3. CTRLA.KEYSIZE as per the key used
    4. CTRLA.AESMODE as ECB
    5. CTRLA.CTYPE as per the countermeasures required.
  • Set CTRLA.ENABLE
  • Write zero to CIPLEN reg.
  • Write the key in KEYWORD register
  • Write the zeros to DATA reg
  • Set CTRLB.Start.
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates Hash Subkey in HASHKEY register.

Authentication Header Processing

  • Configure CTRLA register as follows:
    1. CTRLA.STARTMODE as Manual
    2. CTRLA.CIPHER as Encryption
    3. CTRLA.KEYSIZE as per the key used
    4. CTRLA.AESMODE as GCM
    5. CTRLA.CTYPE as per the countermeasures required.
  • Set CTRLA.ENABLE
  • Write the key in KEYWORD register
  • Set CTRLB.GFMUL
  • Write the Authdata to DATA reg
  • Set CTRLB.START as1
  • Wait for INTFLAG.GFMCMP to be set.
  • AES Hardware generates output in GHASH register
  • Continue steps 4 to 7 for remaining Authentication Header.

    Note: If the Auth data is less than 128 bit, it has to be padded with zero to make it 128 bit aligned.

Plain Text Processing

  • Set CTRLB.NEWMSG for the new set of plain text processing.
  • Load CIPLEN reg.
  • Load (J0+1) in INTVECT register.
  • As described in NIST documentation J 0 = IV || 0 31 || 1 when len(IV)=96 and J0 =GHASHH (IV || 0 s+64 || [len(IV)] 64 ) (s is the minimum number of zeroes that should be padded with the Initialization Vector to make it a multiple of 128) if len(IV) != 96.
  • Load plain text in DATA register.
  • Set CTRLB.START as 1.
  • Wait for INTFLAG.ENCCMP to be set.
  • AES Hardware generates output in DATA register.
  • Intermediate GHASH is stored in GHASH register and Cipher Text available in DATA register.
  • Continue 3 to 6 till the input of plain text to get the cipher text and the Hash keys.
  • At the last input, set CTRLB.EOM.
  • Write last in-data to DATA reg.
  • Set CTRLB.START as 1.
  • Wait for INTFLAG.ENCCMP to be set.
  • AES Hardware generates output in DATA register and final Hash key in GHASH register.
  • Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1.
  • Wait for INTFLAG.GFMCMP to be set.
  • AES Hardware generates final GHASH value in GHASH register.

Plain text processing with DMAC

  • Set CTRLB.NEWMSG for the new set of plain text processing.
  • Load CIPLEN reg.
  • Load (J0+1) in INTVECT register.
  • Load plain text in DATA register.
  • Wait for INTFLAG.ENCCMP to be set.
  • AES Hardware generates output in DATA register.
  • Intermediate GHASH is stored in GHASH register and Cipher Text available in DATA register.
  • Continue 3 to 5 till the input of plain text to get the cipher text and the Hash keys.
  • At the last input, set CTRLB.EOM.
  • Write last in-data to DATA reg.
  • Wait for INTFLAG.ENCCMP to be set.
  • AES Hardware generates output in DATA register and final Hash key in GHASH register.
  • Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1.
  • Wait for INTFLAG.GFMCMP to be set.
  • AES Hardware generates final GHASH value in GHASH register.

Tag Generation

  • Configure CTRLA
    1. Set CTRLA.ENABLE to 0
    2. Set CTRLA.AESMODE as CTR
    3. Set CTRLA.ENABLE to 1
  • Load J0 value to INITVECTV reg.
  • Load GHASH value to DATA reg.
  • Set CTRLB.NEWMSG and CTRLB.START to start the Counter mode operation.
  • Wait for INTFLAG.ENCCMP to be set.
  • AES Hardware generates the GCM Tag output in DATA register.