50.4.4.3.6 Processing a Single GF128 Multiplication

The AES can also be used to process a single multiplication in the Galois field on 128 bits (GF128) using a single GHASHH with custom H value (see the figure above).

To run a GF128 multiplication (A x B), the sequence is as follows:

1. Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘0’.

  1. Configure AES_AADLENR.AADLEN with 0x10 (16 bytes) and AES_CLENR.CLEN to ‘0’. This will allow running a single GHASHH.
  2. Fill AES_GCMHRx.H with B value.
  3. Fill AES_IDATARx.IDATA with the A value according to the SMOD configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when a GHASHH computation is over (use interrupt if needed).
  4. Read AES_GHASHRx.GHASH to obtain the result.
Note: AES_GHASHRx.GHASH can be initialized with a value C between step 3 and step 4 to run a ((A XOR C) x B) GF128 multiplication.