14.6.1.2 Security Module Preparation
The use of the security module requires a configuration of the security engine before starting a security operation. The following steps are required:
| Step | Description | Description |
|---|---|---|
| 1 | Key Setup | Write encryption or decryption key to SRAM |
| 2 | AES mode |
Select AES mode: ECB or CBC Select encryption or decryption |
| 3 | Write Data | Write plaintext or cipher text to SRAM |
| 4 | Start operation | Start AES operation |
| 5 | Read Data | Read cipher text or plaintext from SRAM |
Before starting any security operation, a key must be written to the security engine. The key set up requires the configuration of the AES engine KEY mode using the AES_MODE bits in the AES_CTRL register (AES_CTRL.AES_MODE).
The following step selects the AES mode, either electronic code book (ECB) or cipher block chaining (CBC). Further, encryption or decryption must be selected with the AES_DIR bit in the AES_CTRL register (AES_CTRL.AES_DIR).
After this, the 128-bit plain text or cipher text data has to be provided to the AES hardware engine. The data uses the SRAM address range 0x84 – 0x93.
An encryption or decryption is initiated with bit AES_REQUEST = 1 (either in the SRAM address 0x83 AES_CTRL, or the mirrored version SRAM address 0x94 AES_CTRL_MIRROR).
The AES module control registers are only accessible using SRAM read and write accesses on address space 0x82 to 0x94. Configuring the AES mode, providing the data, and starting a decryption or encryption operation can be combined in a single SRAM access.
- No additional register access is required to operate the security block.
- Access to the security block is not possible while the radio transceiver is in SLEEP, or RESET state.
- All configurations of the security module, the SRAM content, and keys are reset during RESET state.
- A read or write access to the AES_CTRL register during AES operation terminates the current processing.