54.5.2 SHA Mode Register
| Name: | SHA_MR |
| Offset: | 0x04 |
| Reset: | 0x0000100 |
| Property: | Read/Write |
| Bit | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | |
| CHKCNT[3:0] | CHECK[1:0] | ||||||||
| Access | R/W | R/W | R/W | R/W | R/W | R/W | |||
| Reset | 0 | 0 | 0 | 0 | 0 | 0 | |||
| Bit | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | |
| DUALBUFF | |||||||||
| Access | R/W | ||||||||
| Reset | 0 |
| Bit | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | |
| TMPLCK | ALGO[3:0] | ||||||||
| Access | R/W | R/W | R/W | R/W | R/W | ||||
| Reset | 0 | 0 | 0 | 0 | 1 | ||||
| Bit | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |
| BPE | UIEHV | UIHV | PROCDLY | AOE | SMOD[1:0] | ||||
| Access | R/W | R/W | R/W | R/W | R/W | R/W | R/W | ||
| Reset | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ||
Bits 31:28 – CHKCNT[3:0] Check Counter
Number of 32-bit words to check. The value 0 indicates that the number of words to compare will be based on the algorithm selected (5 words for SHA1, 7 words for SHA224, 8 words for SHA256, 12 words for SHA384, 16 words for SHA512).
Bits 25:24 – CHECK[1:0] Hash Check
Values not listed in table must be considered as “reserved”.
| Value | Name | Description |
|---|---|---|
| 0 | NO_CHECK | No check is performed. |
| 1 | CHECK_EHV | Check is performed with expected hash stored in internal expected hash value registers. |
| 2 | CHECK_MESSAGE | Check is performed with expected hash provided after the message. |
Bit 16 – DUALBUFF Dual Input Buffer
| Value | Name | Description |
|---|---|---|
| 0 | INACTIVE |
SHA_IDATARx and SHA_IODATARx cannot be written during processing of previous block. |
| 1 | ACTIVE |
SHA_IDATARx and SHA_IODATARx can be written during processing of previous block when SMOD value = 2. It speeds up the overall runtime of large files. |
Bit 15 – TMPLCK Tamper Lock Enable
| Value | Description |
|---|---|
| 0 | A tamper event has no effect. |
| 1 | A tamper event locks the SHA until the tamper root cause is cleared and SHA_CR.UNLOCK is written to 1. |
Bits 11:8 – ALGO[3:0] SHA Algorithm
Values not listed in the table must be considered as “reserved”.
| Value | Name | Description |
|---|---|---|
| 0 | SHA1 | SHA1 algorithm processed |
| 1 | SHA256 | SHA256 algorithm processed |
| 2 | SHA384 | SHA384 algorithm processed |
| 3 | SHA512 | SHA512 algorithm processed |
| 4 | SHA224 | SHA224 algorithm processed |
| 8 | HMAC_SHA1 | HMAC algorithm with SHA1 Hash processed |
| 9 | HMAC_SHA256 | HMAC algorithm with SHA256 Hash processed |
| 10 | HMAC_SHA384 | HMAC algorithm with SHA384 Hash processed |
| 11 | HMAC_SHA512 | HMAC algorithm with SHA512 Hash processed |
| 12 | HMAC_SHA224 | HMAC algorithm with SHA224 Hash processed |
| 13 | Reserved | – |
| 14 | Reserved | – |
Bit 7 – BPE Block Processing End
When SMOD=2 and ALGO<5, the SHA_ISR.DATRDY flag rises when each block has been processed.
When SMOD=2 and ALGO>7, the SHA_ISR.DATRDY rises when all blocks except the last one have been processed.
| Value | Description |
|---|---|
| 0 | BPE must be cleared when a DMA transfers data. When SMOD=2, SHA_ISR.DATRDY flag rises only when the SHA or HMAC processing cycle has completed. No intermediate block processing is reported. |
| 1 | When processing small messages, data transfer by software can improve performance compared to DMA. In this case, BPE can be written to 1, forcing the SHA_ISR.DATRDY to rise when a data must be loaded into SHA_IDATARx. |
Bit 6 – UIEHV User Initial or Expected Hash Value Registers
| Value | Description |
|---|---|
| 0 | The SHA algorithm is started with the standard initial values as defined in the FIPS 180 specification. |
| 1 | The SHA algorithm is started with the user initial hash values stored in the internal register 1 (IR1). If HMAC is configured, UIEHV has no effect (i.e. IR1 is always selected). |
Bit 5 – UIHV User Initial Hash Values
| Value | Description |
|---|---|
| 0 | The SHA algorithm is started with the standard initial values as defined in the FIPS 180 specification. |
| 1 | The SHA algorithm is started with the user initial hash values stored in the internal register 0 (IR0). If HMAC is configured, UIHV has no effect (i.e. IR0 is selected). |
Bit 4 – PROCDLY Processing Delay
When SHA1 algorithm is processed, runtime period is either 85 or 209 clock cycles.
When SHA256 or SHA224 algorithm is processed, runtime period is either 72 or 194 clock cycles.
When SHA384 or SHA512 algorithm is processed, runtime period is either 88 or 209 clock cycles.
| Value | Name | Description |
|---|---|---|
| 0 | SHORTEST | SHA processing runtime is the shortest one |
| 1 | LONGEST | SHA processing runtime is the longest one (reduces the SHA bandwidth requirement, reduces the system bus overload) |
Bit 3 – AOE Always On Enable
| Value | Description |
|---|---|
| 0 | The SHA operates in functional operating modes. |
| 1 | As soon as a START command is written, the SHA processes dummy calculations until AOE=0, without software intervention. This can be used to create an additional current consumption when AES is used to encrypt/decrypt. |
Bits 1:0 – SMOD[1:0] Start Mode
Values not listed in the table must be considered as “reserved”.
If a DMA transfer is used, configure the SMOD value to 2. See DMA Mode for details.
| Value | Name | Description |
|---|---|---|
| 0 | MANUAL_START | Manual mode |
| 1 | AUTO_START | Auto mode |
| 2 | IDATAR0_START | SHA_IDATAR0 access only mode (mandatory when DMA is used) |