37.6.3.1 GCM Operation
Hashkey Generation
- Configure CTRLA register as
follows:
- CTRLA.STARTMODE as Manual (Auto for DMAC).
- CTRLA.CIPHER as Encryption.
- CTRLA.KEYSIZE as per the key used.
- CTRLA.AESMODE as ECB.
- CTRLA.CTYPE as per the countermeasures required.
- Set CTRLA.ENABLE
- Write zero to CIPLEN register
- Write the key in KEYWORDx register
- Write the zeros to DATA register
- Set CTRLB.START
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates Hash Subkey in HASHKEYx register
Authentication Header Processing
- Configure CTRLA register as
follows:
- CTRLA.STARTMODE as Manual.
- CTRLA.CIPHER as Encryption.
- CTRLA.KEYSIZE as per the key used.
- CTRLA.AESMODE as GCM.
- CTRLA.CTYPE as per the countermeasures required.
- Set CTRLA.ENABLE
- Write the key in KEYWORDx register
- Set CTRLB.GFMUL
- Write the Authdata to DATA register
- Set CTRLB.START as 1
- Wait for INTFLAG.GFMCMP to be set
- AES Hardware generates output in GHASHx register
- Continue steps 4 to 7 for remaining
Authentication HeaderNote: If the Authorization data is less than 128 bits, it has to be padded with zero to make it 128 bit aligned.
Plain Text Processing
- Set CTRLB.NEWMSG for the new set of plain text processing
- Load CIPLEN register
- Load (J0+1) in INTVECTx register
- As described in NIST documentation J 0 = IV || 0 31 || 1 when len(IV)=96 and J0 =GHASHH (IV || 0 s+64 || [len(IV)] 64 ) (s is the minimum number of zeroes that should be padded with the Initialization Vector to make it a multiple of 128) if len(IV) != 96
- Load plain text in DATA register
- Set CTRLB.START as 1
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates output in DATA register
- Intermediate GHASH is stored in GHASHx register and Cipher Text available in DATA register
- Continue 3 to 6 till the input of plain text to get the cipher text and the Hash keys
- At the last input, set CTRLB.EOM
- Write last in-data to DATA register
- Set CTRLB.START as 1
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates output in DATA register and final Hash key in GHASH register
- Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1
- Wait for INTFLAG.GFMCMP to be set
- AES Hardware generates final GHASH value in GHASHx register
Plain text processing with DMAC
- Set CTRLB.NEWMSG for the new set of plain text processing
- Load CIPLEN register
- Load (J0+1) in INTVECTx register
- Load plain text in DATA register
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates output in DATA register
- Intermediate GHASH is stored in GHASHx register and Cipher Text available in DATA register
- Continue 3 to 5 till the input of plain text to get the cipher text and the Hash keys
- At the last input, set CTRLB.EOM
- Write last in-data to DATA register
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates output in DATA register and final Hash key in GHASHx register
- Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1
- Wait for INTFLAG.GFMCMP to be set
- AES Hardware generates final GHASH value in GHASHx register
Tag Generation
- Configure CTRLA
- Set CTRLA.ENABLE to 0.
- Set CTRLA.AESMODE as CTR.
- Set CTRLA.ENABLE to 1.
- Load J0 value to INTVECTVx reg
- Load GHASH value to DATA reg
- Set CTRLB.NEWMSG and CTRLB.START to start the Counter mode operation
- Wait for INTFLAG.ENCCMP to be set
- AES Hardware generates the GCM Tag output in DATA register