Processing a Message with only AAD (GHASHH)

Figure 1. Single GHASH_H Block Diagram (AADLEN ≤ 0x10 and CLEN = 0)

It is possible to process a message with only AAD setting the CLEN field to ‘0’ in AES_CLENR, this can be used for J0 generation when len(IV) ≠ 96 for instance.

Example: Processing J₀ when len(IV) ≠ 96

To process J₀ = GHASH_H(IV || 0^s+64 || [len(IV)]64), the sequence is as follows:

1. Set AES_MR.OPMOD to GCM and AES_MR.GTAGEN to ‘0’.

1. 1.Set the AES Key Register and wait until AES_ISR.DATRDY is set (GCM hash subkey generation complete); use interrupt if needed. After the GCM hash subkey generation is complete the GCM hash subkey can be read or overwritten with specific value in AES_GCMHRx. See Key Writing and Automatic Hash Subkey Calculation.
2. 2.Configure AES_AADLENR.AADLEN with ‘len(IV || 0^s+64 || [len(IV)]64)’ in and AES_CLENR.CLEN to ‘0’. This will allow running a GHASH_H only.
3. 3.Fill AES_IDATARx.IDATA with the message to process (IV || 0^s+64 || [len(IV)]64) according to the SMOD configuration used. If Manual Mode or Auto Mode is used, the DATRDY bit indicates when a GHASH_H step is over (use interrupt if needed).
4. 4.Read AES_GHASHRx.GHASH to obtain the J₀ value.

   Note: The GHASH value can be overwritten at any time by writing the value of AES_GHASHRx.GHASH, used to perform a GHASH_H with an initial value for GHASH (write GHASH field between step 3 and step 4 in this case).