Processing a Complete Message without Tag Generation
Processing a message without generating the Tag can be used to customize the Tag generation, or to process a fragmented message. To manually generate the GCM Tag, see Manual GCM Tag Generation.
To process a complete message without Tag generation, the sequence is as follows:
- Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘0’.
- Write the key and wait until AES_ISR.DATRDY is set (GCM hash subkey generation complete); use interrupt if needed. After the GCM hash subkey generation is complete the GCM hash subkey can be read or overwritten with specific value in AES_GCMHRx. See Key Writing and Automatic Hash Subkey Calculation.
- Calculate the J0 value as described in NIST documentation J0 = IV || 031 || 1 when len(IV) = 96 and J0 = GHASHH(IV || 0s+64 || [len(IV)]64) if len(IV) ≠ 96. See Processing a Message with only AAD (GHASHH) for J0 generation example when len(IV) ≠ 96.
- Set AES_IVRx.IV with inc32(J0) (J0 + 1 on 32 bits).
- Configure AES_AADLENR.AADLEN and AES_CLENR.CLEN.
- Fill AES_IDATARx.IDATA with the message to process according to the SMOD configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when the data have been processed (however, no output data are generated when processing AAD).
- Make sure the last output data have been read if AES_CLENR.CLEN ≠ 0 (or wait for DATRDY), then read AES_GHASHRx.GHASH to obtain the hash value after the last processed data.