37.6.3.1 GCM Operation

Hashkey Generation

  • Configure CTRLA register as follows:
    1. CTRLA.STARTMODE as Manual (Auto for DMAC).
    2. CTRLA.CIPHER as Encryption.
    3. CTRLA.KEYSIZE as per the key used.
    4. CTRLA.AESMODE as ECB.
    5. CTRLA.CTYPE as per the countermeasures required.
  • Set CTRLA.ENABLE
  • Write zero to CIPLEN register
  • Write the key in KEYWORDx register
  • Write the zeros to DATA register
  • Set CTRLB.START
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates Hash Subkey in HASHKEYx register

Authentication Header Processing

  • Configure CTRLA register as follows:
    1. CTRLA.STARTMODE as Manual.
    2. CTRLA.CIPHER as Encryption.
    3. CTRLA.KEYSIZE as per the key used.
    4. CTRLA.AESMODE as GCM.
    5. CTRLA.CTYPE as per the countermeasures required.
  • Set CTRLA.ENABLE
  • Write the key in KEYWORDx register
  • Set CTRLB.GFMUL
  • Write the Authdata to DATA register
  • Set CTRLB.START as 1
  • Wait for INTFLAG.GFMCMP to be set
  • AES Hardware generates output in GHASHx register
  • Continue steps 4 to 7 for remaining Authentication Header
    Note: If the Authorization data is less than 128 bits, it has to be padded with zero to make it 128 bit aligned.

Plain Text Processing

  • Set CTRLB.NEWMSG for the new set of plain text processing
  • Load CIPLEN register
  • Load (J0+1) in INTVECTx register
  • As described in NIST documentation J 0 = IV || 0 31 || 1 when len(IV)=96 and J0 =GHASHH (IV || 0 s+64 || [len(IV)] 64 ) (s is the minimum number of zeroes that should be padded with the Initialization Vector to make it a multiple of 128) if len(IV) != 96
  • Load plain text in DATA register
  • Set CTRLB.START as 1
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates output in DATA register
  • Intermediate GHASH is stored in GHASHx register and Cipher Text available in DATA register
  • Continue 3 to 6 till the input of plain text to get the cipher text and the Hash keys
  • At the last input, set CTRLB.EOM
  • Write last in-data to DATA register
  • Set CTRLB.START as 1
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates output in DATA register and final Hash key in GHASH register
  • Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1
  • Wait for INTFLAG.GFMCMP to be set
  • AES Hardware generates final GHASH value in GHASHx register

Plain text processing with DMAC

  • Set CTRLB.NEWMSG for the new set of plain text processing
  • Load CIPLEN register
  • Load (J0+1) in INTVECTx register
  • Load plain text in DATA register
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates output in DATA register
  • Intermediate GHASH is stored in GHASHx register and Cipher Text available in DATA register
  • Continue 3 to 5 till the input of plain text to get the cipher text and the Hash keys
  • At the last input, set CTRLB.EOM
  • Write last in-data to DATA register
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates output in DATA register and final Hash key in GHASHx register
  • Load [LEN(A)]64||[LEN(C)]64 in DATA register and set CTRLB.GFMUL and CTRLB.START as 1
  • Wait for INTFLAG.GFMCMP to be set
  • AES Hardware generates final GHASH value in GHASHx register

Tag Generation

  • Configure CTRLA
    1. Set CTRLA.ENABLE to 0.
    2. Set CTRLA.AESMODE as CTR.
    3. Set CTRLA.ENABLE to 1.
  • Load J0 value to INTVECTVx reg
  • Load GHASH value to DATA reg
  • Set CTRLB.NEWMSG and CTRLB.START to start the Counter mode operation
  • Wait for INTFLAG.ENCCMP to be set
  • AES Hardware generates the GCM Tag output in DATA register