Processing a Complete Message with Tag Generation
Use this procedure only if J0 four LSB bytes ≠ 0xFFFFFFFF.
Note: If J0 four LSB bytes =
0xFFFFFFFF or if the value is unknown, use the procedure described in Processing a
Complete Message without Tag Generation followed by the procedure in Manual GCM Tag
Generation.
To process a complete message with Tag generation, the sequence is as follows:
- Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘1’.
- Write the key and wait until AES_ISR.DATRDY is set (GCM hash subkey generation complete); use interrupt if needed. See Key Writing and Automatic Hash Subkey Calculation.
- Calculate the J0 value as described in NIST documentation J0 = IV || 031 || 1 when len(IV) = 96 and J0 = GHASHH(IV || 0s+64 || [len(IV)]64) if len(IV) ≠ 96. See Processing a Message with only AAD (GHASHH) for J0 generation.
- Set AES_IVRx.IV with inc32(J0) (J0 + 1 on 32 bits).
- Configure AES_AADLENR.AADLEN and AES_CLENR.CLEN.
- Fill AES_IDATARx.IDATA with the message to process according to the SMOD configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when the data have been processed (however, no output data are generated when processing AAD).
- Wait for TAGRDY to be set (use interrupt if needed), then read AES_TAGRx.TAG to obtain the authentication tag of the message.