Processing a Message with only AAD (GHASHH)

Figure 7-8. Single GHASHH Block Diagram (AADLEN ≤ 0x10 and CLEN = 0)

It is possible to process a message with only AAD setting the CLEN field to ‘0’ in AES_CLENR, this can be used for J0 generation when len(IV) ≠ 96 for instance.

Example: Processing J0 when len(IV) ≠ 96

To process J0 = GHASHH(IV || 0s+64 || [len(IV)]64), the sequence is as follows:

  1. Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘0’.
  2. Write AES_KEYWRx and wait until AES_ISR.DATRDY is set (GCM hash subkey generation complete); use interrupt if needed. After the GCM hash subkey generation is complete the GCM hash subkey can be read or overwritten with specific value in AES_GCMHRx. See Key Writing and Automatic Hash Subkey Calculation.
  3. Configure AES_AADLENR.AADLEN with ‘len(IV || 0s+64 || [len(IV)]64)’ in and AES_CLENR.CLEN to ‘0’. This will allow running a GHASHH only.
  4. Fill AES_IDATARx.IDATA with the message to process (IV || 0s+64 || [len(IV)]64) according to the SMOD configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when a GHASHH step is over (use interrupt if needed).
  5. Read AES_GHASHRx.GHASH to obtain the J0 value.

    Note: The GHASH value can be overwritten at any time by writing the value of AES_GHASHRx.GHASH, used to perform a GHASHH with an initial value for GHASH (write GHASH field between step 3 and step 4 in this case).