7.2.1 Description

The Advanced Encryption Standard (AES) is compliant with the American FIPS (Federal Information Processing Standard) Publication 197 specification.

The AES supports the following confidentiality modes of operation for symmetrical key block cipher algorithms: ECB, CBC, OFB, CFB, CTR and XTS, as specified in the NIST Special Publication 800-38A Recommendation and NIST Special Publication 800-38E Recommendation, as well as Galois/Counter Mode (GCM) as specified in the NIST Special Publication 800-38D Recommendation. It is compatible with all these modes via DMA Controller channels, minimizing processor intervention for large buffer transfers.

The AES key can be either loaded by the software or loaded in an invisible manner from the software.

The 128-bit/192-bit/256-bit AES key is stored in the AES Key register made of four/six/eight 32-bit write-only AES Key Word registers (AES_KEYWR0–7). For a software-invisible key transfer, the Private Key Bus accesses the Private Key Internal Register from the TRNG or OTPC. The bit PKRS in the Extended Mode register (AES_EMR) selects either AES_KEYWRx or the Private Key Internal Register.

The 128-bit input data and initialization vector (for some modes) are each stored in four 32-bit write-only AES Input Data registers (AES_IDATAR0–3) and AES Initialization Vector registers (AES_IVR0–3).

As soon as the initialization vector, the input data and the key are configured, the encryption/decryption process may be started. Then the encrypted/decrypted data are ready to be read out on the four 32-bit AES Output Data registers (AES_ODATAR0–3) or through the DMA channels.