The SAM L11 product embeds a hardware/software cryptographic accelerator (CRYA) which supports Advanced Encryption Standard (AES) encryption and decryption, Secure Hash Algorithm 2 (SHA-256) authentication, and Galois Counter Mode (GCM) encryption and authentication through a set of APIs, which are only accessible once the Boot ROM has completed.

Note: The CRYA cryptographic accelerator is mapped as a client on the IOBUS port and is driven by the CPU using assembly code (located in ROM).

The Advanced Encryption Standard (AES) is compliant with the American FIPS (Federal Information Processing Standard) Publication 197 specification. The AES operates on a 128-bit block of input data. The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input plaintext, into the final output, called the ciphertext. The AES works on a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

The SHA-256 is a cryptographic hash function that creates a 256-bit digest of a data block. The data block is processed in chunks of 512 bits.

The GCM is a mode of operation for AES that combines the CTR (Counter) mode of operation with an authentication hash function.

For detail algorithm specification, refer to following standards and specification: