14.6.1.2 Security Module Preparation

The use of the security module requires a configuration of the security engine before starting a security operation. The following steps are required:

Table 14-34. AES Engine Configuration Steps
Step Description Description
1 Key Setup Write encryption or decryption key to SRAM
2 AES mode

Select AES mode: ECB or CBC

Select encryption or decryption

3 Write Data Write plaintext or cipher text to SRAM
4 Start operation Start AES operation
5 Read Data Read cipher text or plaintext from SRAM

Before starting any security operation, a key must be written to the security engine. The key set up requires the configuration of the AES engine KEY mode using the AES_MODE bits in the AES_CTRL register (AES_CTRL.AES_MODE).

The following step selects the AES mode, either electronic code book (ECB) or cipher block chaining (CBC). Further, encryption or decryption must be selected with the AES_DIR bit in the AES_CTRL register (AES_CTRL.AES_DIR).

After this, the 128-bit plain text or cipher text data has to be provided to the AES hardware engine. The data uses the SRAM address range 0x84 – 0x93.

An encryption or decryption is initiated with bit AES_REQUEST = 1 (either in the SRAM address 0x83 AES_CTRL, or the mirrored version SRAM address 0x94 AES_CTRL_MIRROR).

The AES module control registers are only accessible using SRAM read and write accesses on address space 0x82 to 0x94. Configuring the AES mode, providing the data, and starting a decryption or encryption operation can be combined in a single SRAM access.

Note:
  1. No additional register access is required to operate the security block.
  2. Access to the security block is not possible while the radio transceiver is in SLEEP, or RESET state.
  3. All configurations of the security module, the SRAM content, and keys are reset during RESET state.
  4. A read or write access to the AES_CTRL register during AES operation terminates the current processing.