Figure 1. Single GHASHH Block Diagram (AADLEN ≤ 0x10
and CLEN = 0)
It is possible to process a message with only AAD setting the
CLEN field to ‘0’ in AES_CLENR, this can be used for J0 generation when len(IV) ≠ 96
for instance.
Example: Processing J0 when len(IV) ≠
96
To process J0 = GHASHH(IV
|| 0s+64 || [len(IV)]64), the sequence is as
follows:
1. Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘0’.
- 1.Set the AES Key Register and wait until AES_ISR.DATRDY is set
(GCM hash subkey generation complete); use interrupt if needed. After the GCM hash
subkey generation is complete the GCM hash subkey can be read or overwritten with
specific value in AES_GCMHRx. See Key Writing and Automatic Hash Subkey Calculation.
- 2.Configure AES_AADLENR.AADLEN with ‘len(IV || 0s+64 || [len(IV)]64)’ in and AES_CLENR.CLEN to
‘0’. This will allow running a GHASHH only.
- 3.Fill AES_IDATARx.IDATA with the message to process (IV ||
0s+64 || [len(IV)]64) according to the SMOD
configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when a
GHASHH step is over (use interrupt if needed).
- 4.Read AES_GHASHRx.GHASH to obtain the J0
value.
Note: The GHASH value can be overwritten at any time
by writing the value of AES_GHASHRx.GHASH, used to perform a GHASHH
with an initial value for GHASH (write GHASH field between step 3 and step 4 in this
case).