54.4.5 Internal Registers for Initial Hash Value or Expected Hash Result

The SHA module embeds two sets of internal registers (IR0, IR1) to store different data used by the SHA or HMAC algorithms (see the figure User Initial Hash Value and Expected Hash Internal Register Access). These internal registers are accessed through SHA Input Data registers (SHA_IDATARx).

When the ALGO field selects SHA algorithms, IR0 can be configured with a user initial hash value. This initial hash value can be used to compute a custom hash algorithm with two sets of different initial constants, or to continue a hash computation by providing the intermediate hash value previously returned by the SHA module.

When the ALGO field selects SHA algorithms, IR1 can be configured with either a user initial hash value or an expected hash result. The expected hash result must be configured in the IR1 if the field CHECK = 1 (see Automatic Check). If the field CHECK = 0 or 2, IR1 can be configured with a user initial hash value that differs from IR0 value.

When the ALGO field selects HMAC algorithms, IR0 must be configured with the hash result of K0 ⊕ ipad and IR1 must be configured with the hash result of K0 ⊕ opad. These pre-computed first blocks speed up the HMAC computation by saving the time to compute the intermediate hash values of the first block which is constant while the secret key is constant (see HMAC Algorithm).

Table 54-1. Configuration Values of Internal Registers
Register SHA Modes (ALGO < 8) HMAC Modes (ALGO > 7)
CHECK = 0 CHECK = 1 CHECK = 2
IR0 User Initial Hash User Initial Hash User Initial Hash hash(K0 ⊕ ipad)
IR1 User Initial Hash Expected Hash Result User Initial Hash hash(K0 ⊕ opad)

To calculate the initial HMAC values, follow this sequence:

  1. Calculate K0.
  2. Calculate K0 ⊕ ipad and K0 ⊕ opad.
  3. Perform a hash of the result of K0 ⊕ ipad and K0 ⊕ opad (auto-padding must be disabled for that type of hash).
  4. Write h(K0 ⊕ ipad) and h(K0 ⊕ opad) in IR0 and IR1 respectively.

To write IR0 or IR1, follow this sequence:

  1. Set SHA_CR. WUIHV (IR0) or SHA_CR.WUIEHV (IR1).
  2. Write the data in SHA_IDATARx. The number of registers to write depends on the type of data (user initial hash values or expected hash result) and on the type of algorithm selected:
    • For user initial hash values:
      • SHA_IDATAR0 to SHA_IDATAR4 for SHA1
      • SHA_IDATAR0 to SHA_IDATAR7 for SHA224 or SHA256
      • SHA_IDATAR0 to SHA_IDATAR15 for SHA384, SHA512
    • For expected hash result:
      • SHA_IDATAR0 to SHA_IDATAR4 for SHA1
      • SHA_IDATAR0 to SHA_IDATAR6 for SHA224
      • SHA_IDATAR0 to SHA_IDATAR7 for SHA256
      • SHA_IDATAR0 to SHA_IDATAR11 for SHA384
      • SHA_IDATAR0 to SHA_IDATAR16 for SHA512
  3. Clear SHA_CR.WUIHV or SHA_CR.WUIEHV.

IR0 and IR1 are automatically selected for HMAC processing if the field ALGO selects HMAC algorithms. If SHA algorithms are selected, the internal registers are selected if the corresponding UIHV or UIEHV bits are set.

Figure 54-2. User Initial Hash Value and Expected Hash Internal Register Access