49. AES hardware accelerator (AES)

This section only applies to STM32U545/585/5Ax/5Gx devices.

49.1 Introduction

The AES hardware accelerator (AES) encrypts or decrypts data, using an algorithm and implementation fully compliant with the advanced encryption standard (AES) defined in Federal information processing standards (FIPS) publication 197.

The peripheral supports CTR, GCM, GMAC, CCM, ECB, and CBC chaining modes for key sizes of 128 or 256 bits.

AES is an AMBA AHB slave peripheral accessible through 32-bit single accesses only. Other access types generate an AHB error, and other than 32-bit writes may corrupt the register content.

The peripheral supports DMA single transfers for incoming and outgoing data (two DMA channels required).

49.2 AES main features

• Compliance with NIST “ Advanced encryption standard (AES), FIPS publication 197 ” from November 2001
• 128-bit data block processing
• Support for cipher key lengths of 128-bit and 256-bit
• Encryption and decryption with multiple chaining modes:
- – Electronic codebook (ECB) mode
- – Cipher block chaining (CBC) mode
- – Counter (CTR) mode
- – Galois counter mode (GCM)
- – Galois message authentication code (GMAC) mode
- – Counter with CBC-MAC (CCM) mode
• 51 or 75 clock cycle latency in ECB mode for processing one 128-bit block of data with, respectively, 128-bit or 256-bit key
• Integrated round key scheduler to compute the last round key for ECB/CBC decryption
• AMBA AHB slave peripheral, accessible through 32-bit word single accesses only
• 256-bit write-only register for storing the cryptographic key (eight 32-bit registers)
• 128-bit register for storing initialization vector (four 32-bit registers)
• 32-bit buffer for data input and output
• Automatic data flow control with support of single-transfer direct memory access (DMA) using two channels (one for incoming data, one for processed data)
• Data-swapping logic to support 1-, 8-, 16- or 32-bit data
• Possibility for software to suspend a message if AES needs to process another message with a higher priority, then resume the original message
• Hardware key sharing with side-channel resistant SAES peripheral (Shared-key mode), controlled by SAES

49.3 AES implementation

The devices have one AES and one SAES peripheral, implemented as shown in the following table.

Table 467. AES/SAES features

AES/SAES modes/features ⁽¹⁾	AES	SAES
ECB, CBC chaining	X	X
CTR, CCM, GCM chaining	X	-
AES 128-bit ECB encryption in cycles	51	528
DHUK and BHK key selection	-	X
Side-channel attacks resistance	-	X
Shared key between SAES and AES	X

1. X = supported.

49.4 AES functional description

49.4.1 AES block diagram

Figure 459 shows the block diagram of AES.

Figure 459. AES block diagram

Figure 459. AES block diagram. The diagram shows the internal architecture of the AES peripheral. On the left, a 32-bit AHB bus connects to an AHB interface. Below the bus are signals aes_hclk, aes_in_dma, aes_out_dma, aes_it, and aes_itamp_out. The AHB interface connects to a set of registers: AES_KEYRx, AES_IVRx, AES_SR, AES_CR, AES_DINR, AES_DOUTR, and AES_SUSPRx. These registers are part of a 'Banked registers' block. A SAES block at the top provides a 'Shared key' to the AES_KEYRx register. The registers connect to an 'AES Core (AEA)' block on the right. Data flows from AES_DINR to the core and from the core to AES_DOUTR through a 'swap' block. The core also connects to 'Control Logic' and a 'DMA interface'. The DMA interface connects to the aes_in_dma and aes_out_dma signals. The Control Logic connects to the aes_it signal and the aes_itamp_out signal. The Control Logic also connects to the AES_SUSPRx register for 'Save / Restore' operations. The diagram is labeled MSv47991V1.

49.4.2 AES internal signals

Table 468 describes the user relevant internal signals interfacing the AES peripheral.

Table 468. AES internal input/output signals

Signal name	Signal type	Description
aes_hclk	Input	AHB bus clock
aes_it	Output	AES interrupt request
aes_in_dma	Input/Output	Input DMA single request/acknowledge
aes_out_dma	Input/Output	Output DMA single request/acknowledge
aes_itamp_out	Output	Tamper event signal to TAMP (XOR-ed), triggered when an unexpected hardware fault occurs. When this signal is triggered, AES automatically clears key registers. A reset is required for AES to be usable again.

49.4.3 AES cryptographic core

Overview

The AES cryptographic core consists of the following components:

• AES core algorithm (AEA)
• multiplier over a binary Galois field (GF2mul)
• key input
• initialization vector (IV) input
• chaining algorithm logic (XOR, feedback/counter, mask)

The AES core works on 128-bit data blocks (four words) with 128-bit or 256-bit key length. Depending on the chaining mode, the AES requires zero or one 128-bit initialization vector IV.

The AES features the following modes of operation:

• Mode 1:
Plaintext encryption using a key stored in the AES_KEYRx registers
• Mode 2:
ECB or CBC decryption key preparation. It must be used prior to selecting Mode 3 with ECB or CBC chaining modes. The key prepared for decryption is stored automatically in the AES_KEYRx registers. Now the AES peripheral is ready to switch to Mode 3 for executing data decryption.
• Mode 3:
Ciphertext decryption using a key stored in the AES_KEYRx registers. When ECB and CBC chaining modes are selected, the key must be prepared beforehand, through Mode 2.

Note: Mode 2 is only used when performing ECB and CBC decryption.

The operating mode is selected by programming the MODE[1:0] bitfield of the AES_CR register. It may be done only when the AES peripheral is disabled.

Special key operation is selected using the KMOD[1:0] bitfield of the AES_CR register. See Section 49.4.13 for details.

Typical data processing

Typical usage of the AES is described in Section 49.4.4: AES procedure to perform a cipher operation .

Note: The outputs of the intermediate AEA stages are never revealed outside the cryptographic boundary, with the exclusion of the IVI bitfield.

Chaining modes

The following chaining modes are supported by AES, selected through the CHMOD[2:0] bitfield of the AES_CR register:

• Electronic code book (ECB)
• Cipher block chaining (CBC)
• Counter (CTR)
• Galois counter mode (GCM)
• Galois message authentication code (GMAC)
• Counter with CBC-MAC (CCM)

Note: The chaining mode may be changed only when AES is disabled (bit EN of the AES_CR register cleared).

Principle of each AES chaining mode is provided in the following subsections.

Detailed information is in dedicated sections, starting from Section 49.4.8: AES basic chaining modes (ECB, CBC) .

Electronic codebook (ECB) mode

Figure 460. ECB encryption and decryption principle

Encryption

Plaintext block 1 → [Encrypt] → Ciphertext block 1

Plaintext block 2 → [Encrypt] → Ciphertext block 2

Plaintext block 3 → [Encrypt] → Ciphertext block 3

Decryption

Ciphertext block 1 → [Decrypt] → Plaintext block 1

Ciphertext block 2 → [Decrypt] → Plaintext block 2

Ciphertext block 3 → [Decrypt] → Plaintext block 3

Legend

input
output
key scheduling

MSV42140V1

Diagram illustrating the ECB encryption and decryption principle. The diagram is divided into two main sections: 'Encryption' and 'Decryption'. In the 'Encryption' section, three 'Plaintext block' boxes (1, 2, and 3) are shown at the top. Each block has a downward arrow pointing to an 'Encrypt' box. Each 'Encrypt' box also has a 'key' input from the left. The output of each 'Encrypt' box points down to a 'Ciphertext block' box (1, 2, and 3). In the 'Decryption' section, three 'Ciphertext block' boxes (1, 2, and 3) are shown at the bottom. Each block has an upward arrow pointing to a 'Decrypt' box. Each 'Decrypt' box also has a 'key' input from the left. The output of each 'Decrypt' box points up to a 'Plaintext block' box (1, 2, and 3). A 'Legend' is located in the bottom left corner, showing a light gray box for 'input', a dark gray box for 'output', and a circular arrow icon for 'key scheduling'. The diagram is labeled 'MSV42140V1' in the bottom right corner.

ECB is the simplest mode of operation. There are no chaining operations, and no special initialization stage. The message is divided into blocks and each block is encrypted or decrypted separately.

Note: For decryption, a special key scheduling is required before processing the first block.

Cipher block chaining (CBC) mode

Figure 461. CBC encryption and decryption principle

The diagram illustrates the CBC encryption and decryption process across three blocks. In the Encryption section, 'Plaintext block 1', 'Plaintext block 2', and 'Plaintext block 3' are shown as input (white boxes). For the first block, an 'initialization vector' is XORed with the plaintext. For subsequent blocks, the previous 'Ciphertext block' is XORed with the current plaintext. Each XOR result is then processed by an 'Encrypt' block using a 'key' (indicated by a key scheduling symbol). The outputs are 'Ciphertext block 1', 'Ciphertext block 2', and 'Ciphertext block 3' (shaded boxes). In the Decryption section, the 'Ciphertext blocks' are input to 'Decrypt' blocks using the same 'key'. The output of each decrypt block is XORed with the previous ciphertext block (or the 'initialization vector' for the first block) to produce the final 'Plaintext block'. A Legend at the bottom left identifies white boxes as 'input', shaded boxes as 'output', and a circular arrow symbol as 'key scheduling'. The diagram is labeled 'MSv42141V1' in the bottom right corner.

Diagram illustrating CBC encryption and decryption with three blocks. Encryption shows plaintext blocks being XORed with the previous ciphertext (or IV for the first block) and then encrypted. Decryption shows ciphertext blocks being decrypted and then XORed with the previous ciphertext (or IV for the first block) to recover the plaintext. A legend defines input, output, and key scheduling symbols.

In CBC mode the output of each block chains with the input of the following block. To make each message unique, an initialization vector is used during the first block processing.

Note: For decryption, a special key scheduling is required before processing the first block.

Counter (CTR) mode Figure 462. CTR encryption and decryption principle

Encryption

Counter → (+1) → Counter → (+1) → Counter

value value + 1 value + 2

key → Encrypt key → Encrypt key → Encrypt

Plaintext block 1 → ⊕ Plaintext block 2 → ⊕ Plaintext block 3 → ⊕

Ciphertext block 1 Ciphertext block 2 Ciphertext block 3

Decryption

Counter → (+1) → Counter → (+1) → Counter

value value + 1 value + 2

key → Decrypt key → Decrypt key → Decrypt

Plaintext block 1 ← ⊕ Plaintext block 2 ← ⊕ Plaintext block 3 ← ⊕

Ciphertext block 1 Ciphertext block 2 Ciphertext block 3

Legend

input

output

⊕ XOR

MSv42142V1

Diagram illustrating the CTR encryption and decryption principle. The diagram is divided into two horizontal sections: 'Encryption' and 'Decryption'. In the 'Encryption' section, a sequence of three 'Counter' blocks is shown. The first Counter block outputs 'value', the second 'value + 1', and the third 'value + 2'. Each Counter output is fed into an 'Encrypt' block along with a 'key'. The output of each 'Encrypt' block is XORed (indicated by a circle with a cross) with a corresponding 'Plaintext block' (1, 2, or 3) to produce a 'Ciphertext block' (1, 2, or 3). In the 'Decryption' section, the same sequence of 'Counter' blocks and 'key' inputs is used, but the 'Encrypt' blocks are replaced by 'Decrypt' blocks. The output of each 'Decrypt' block is XORed with a corresponding 'Ciphertext block' (1, 2, or 3) to produce the original 'Plaintext block' (1, 2, or 3). A 'Legend' on the left indicates that light gray boxes represent 'input', dark gray boxes represent 'output', and the circle with a cross represents 'XOR'. The diagram is labeled 'MSv42142V1' in the bottom right corner.

The CTR mode uses the AES core to generate a key stream. The keys are then XOR-ed with the plaintext to obtain the ciphertext as specified in NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation .

Note: Unlike with ECB and CBC modes, no key scheduling is required for the CTR decryption, since in this chaining scheme the AES core is always used in encryption mode for producing the key stream, or counter blocks.

Galois/counter mode (GCM)

Figure 463. GCM encryption and authentication principle

The diagram illustrates the GCM encryption and authentication process. It starts with an Initialization vector and a key being input to an Init (Encrypt) block, which outputs an H value. Simultaneously, the Initialization vector is passed to a Counter block. This counter outputs its value to an Encrypt block and also increments by 1 (indicated by +1 ) to the next Counter block. This second counter outputs value + 1 to another Encrypt block and increments by 1 to a third Counter block, which outputs value + 2 to a third Encrypt block. Each Encrypt block also receives the key and a plaintext block ( Plaintext block 1 , Plaintext block 2 , and Plaintext block 3 ). The output of each Encrypt block is XORed ( $\oplus$ ) with its corresponding plaintext block to produce a Ciphertext block ( Ciphertext block 1 , Ciphertext block 2 , and Ciphertext block 3 ). Each ciphertext block is then input to a GF2mul block. The H value from the Init block is also input to the first GF2mul block. The outputs of the GF2mul blocks are XORed ( $\oplus$ ) sequentially and then passed to a Final block, which produces the TAG . A legend indicates that light grey boxes represent input , dark grey boxes represent output , and the $\oplus$ symbol represents XOR . The diagram is labeled MSv42143V1.

Diagram of GCM encryption and authentication principle showing the flow from Initialization vector and key through Init, Counter, Encrypt, and GF2mul blocks to produce ciphertext and a TAG.

In Galois/counter mode (GCM), the plaintext message is encrypted while a message authentication code (MAC) is computed in parallel, thus generating the corresponding ciphertext and its MAC (also known as authentication tag). It is defined in NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC .

GCM mode is based on AES in counter mode for confidentiality. It uses a multiplier over a fixed finite field for computing the message authentication code. It requires an initial value and a particular 128-bit block at the end of the message.

Galois message authentication code (GMAC) principle

Figure 464. GMAC authentication principle

The diagram illustrates the GMAC authentication process. It starts with an Initialization vector and a key being input to an Init (Encrypt) block, which outputs an H value. The Initialization vector is also passed to the first GF2mul block. The H value is input to the first GF2mul block. The first GF2mul block also receives Plaintext block 1 and produces an output that is XORed ( $\oplus$ ) with Plaintext block 2 . This result is input to the second GF2mul block, which produces an output that is XORed ( $\oplus$ ) with Plaintext block 3 . This result is input to the third GF2mul block. The output of the third GF2mul block is passed to a Final block, which produces the TAG . A legend indicates that light grey boxes represent input , dark grey boxes represent output , and the $\oplus$ symbol represents XOR . The diagram is labeled MSv42144V1.

Diagram of GMAC authentication principle showing the flow from Initialization vector and key through Init, H, GF2mul, and Final blocks to produce a TAG.

Galois message authentication code (GMAC) allows authenticating a message and generating the corresponding message authentication code (MAC). It is defined in NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC .

GMAC is similar to GCM, except that it is applied on a message composed only by plaintext authenticated data (that is, only header, no payload).

Counter with CBC-MAC (CCM) principle

Figure 465. CCM encryption and authentication principle

Diagram illustrating the CCM encryption and authentication principle. The process starts with B0, which is input to an 'Init (Encrypt)' block along with a 'key'. The output is an 'Initialization vector'. B0 also feeds into 'Count 1', which is incremented by +1 to produce 'Count 2', which is incremented by +1 to produce 'Count 3'. 'Count 1', 'Count 2', and 'Count 3' are input to 'Encrypt' blocks along with the 'key'. The outputs of these 'Encrypt' blocks are XORed with 'Plaintext block 1', 'Plaintext block 2', and 'Plaintext block 3' respectively to produce 'Ciphertext block 1', 'Ciphertext block 2', and 'Ciphertext block 3'. The 'Initialization vector' is XORed with 'Ciphertext block 1' and input to an 'Encrypt' block with the 'key'. The output is XORed with 'Ciphertext block 2' and input to another 'Encrypt' block with the 'key'. The output is XORed with 'Ciphertext block 3' and input to a 'Final' block, which produces the 'TAG'. A legend indicates that light gray boxes are 'input', dark gray boxes are 'output', and the circle with a cross symbol is 'XOR'. The diagram is labeled MSv42145V1.

In Counter with cipher block chaining-message authentication code (CCM) mode, the plaintext message is encrypted while a message authentication code (MAC) is computed in parallel, thus generating the corresponding ciphertext and the corresponding MAC (also known as tag). It is described by NIST in Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation - The CCM Mode for Authentication and Confidentiality .

CCM mode is based on AES in counter mode for confidentiality and it uses CBC for computing the message authentication code. It requires an initial value.

Like GCM, the CCM chaining mode can be applied on a message composed only by plaintext authenticated data (that is, only header, no payload). Note that this way of using CCM is not called CMAC (it is not similar to GCM/GMAC), and its use is not recommended by NIST.

49.4.4 AES procedure to perform a cipher operation

Introduction

A typical cipher operation is explained below. Detailed information is provided in sections starting from Section 49.4.8: AES basic chaining modes (ECB, CBC) .

Initialization of AES

To initialize AES, first disable it by clearing the EN bit of the AES_CR register. Then perform the following steps in any order:

• Configure the AES mode, by programming the MODE[1:0] bitfield of the AES_CR register.
- – For encryption, select Mode 1 (MODE[1:0] = 00).
- – For decryption, select Mode 3 (MODE[1:0] = 10), unless ECB or CBC chaining modes are used. In this latter case, perform an initial key derivation of the encryption key, as described in Section 49.4.5: AES decryption round key preparation .
• Select the chaining mode, by programming the CHMOD[2:0] bitfield of the AES_CR register.
• Configure the data type (1-, 8-, 16- or 32-bit), with the DATATYPE[1:0] bitfield in the AES_CR register.
• When it is required (for example in CBC or CTR chaining modes), write the initialization vector into the AES_IVRx registers.
• Configure the key size (128-bit or 256-bit), with the KEYSIZE bitfield of the AES_CR register. This step must be done before writing into key registers.
• Write a symmetric key into the AES_KEYRx registers (4 or 8 registers depending on the key size).

Note: AES sets KEYVALID in AES_SR when key information defined by KEYSIZE is loaded in AES_KEYRx.

Data append

This section describes different ways of appending data for processing, where the size of data to process is not a multiple of 128 bits when KMOD[1:0] = 00. For other KMOD[1:0] values refer to Section 49.4.13 .

For ECB or CBC mode, refer to Section 49.4.6: AES ciphertext stealing and data padding . The last block management in these cases is more complex than in the sequence described in this section.

Data append through polling

This method uses flag polling to control the data append through the following sequence:

1. Enable the AES peripheral by setting the EN bit of the AES_CR register.
2. Repeat the following sub-sequence until the payload is entirely processed:
1. a) Write four input data words into the AES_DINR register.
2. b) Wait until the status flag CCF is set in the AES_SR, then read the four data words from the AES_DOUTR register.
3. c) Clear the CCF flag, by setting the CCF bit of the AES_ICR register.
4. d) If the data block just processed is the second-last block of the message and the significant data in the last block to process is inferior to 128 bits, pad the remainder of the last block with zeros and, in case of GCM payload encryption or CCM payload decryption, specify the number of non-valid bytes, using the NPBLB bitfield of the AES_CR register, for AES to compute a correct tag;.
3. As it is the last block, discard the data that is not part of the data, then disable the AES peripheral by clearing the EN bit of the AES_CR register.

Note: Up to three wait cycles are automatically inserted between two consecutive writes to the AES_DINR register, to allow sending the key to the AES processor.

NPBLB bits are not used in header phase of GCM, GMAC and CCM chaining modes.

Data append using interrupt

The method uses interrupt from the AES peripheral to control the data append, through the following sequence:

1. Enable interrupts from AES by setting the CCFIE bit of the AES_IER register.
2. Enable the AES peripheral by setting the EN bit of the AES_CR register.
3. Write first four input data words into the AES_DINR register.
4. Handle the data in the AES interrupt service routine, upon interrupt:
1. a) Read four output data words from the AES_DOUTR register.
2. b) Clear the CCF flag and thus the pending interrupt, by setting the CCF bit of the AES_ICR register.
3. c) If the data block just processed is the second-last block of an message and the significant data in the last block to process is inferior to 128 bits, pad the remainder of the last block with zeros and, in case of GCM payload encryption or CCM payload decryption, specify the number of non-valid bytes, using the NPBLB bitfield of the AES_CR register, for AES to compute a correct tag;. Then proceed with point 4e).
4. d) If the data block just processed is the last block of the message, discard the data that is not part of the data, then disable the AES peripheral by clearing the EN bit of the AES_CR register and quit the interrupt service routine.
5. e) Write next four input data words into the AES_DINR register and quit the interrupt service routine.

Note: AES is tolerant of delays between consecutive read or write operations, which allows, for example, an interrupt from another peripheral to be served between two AES computations.

NPBLB bits are not used in header phase of GCM, GMAC and CCM chaining modes.

Data append using DMA

With this method, all the transfers and processing are managed by DMA and AES. To use the method, proceed as follows:

1. Prepare the last four-word data block (if the data to process does not fill it completely), by padding the remainder of the block with zeros.
2. Configure the DMA controller so as to transfer the data to process from the memory to the AES peripheral input and the processed data from the AES peripheral output to the memory, as described in Section 49.4.17: AES DMA interface . Configure the DMA controller so as to generate an interrupt on transfer completion. In case of GCM payload encryption or CCM payload decryption, DMA transfer must not include the last four-word block if padded with zeros. The sequence described in Data append through polling must be used instead for this last block, because NPBLB bits must be setup before processing the block, for AES to compute a correct tag.
3. Enable the AES peripheral by setting the EN bit of the AES_CR register
4. Enable DMA requests by setting the DMAINEN and DMAOUTEN bits of the AES_CR register.
5. Upon DMA interrupt indicating the transfer completion, get the AES-processed data from the memory.

Note: The CCF flag has no use with this method, because the reading of the AES_DOUTR register is managed by DMA automatically, without any software action, at the end of the computation phase.

NPBLB bits are not used in header phase of GCM, GMAC, and CCM chaining modes.

49.4.5 AES decryption round key preparation

Internal key schedule is used to generate AES round keys. In AES encryption, the round 0 key is the one stored in the key registers. AES decryption must start using the last round key. As the encryption key is stored in memory, a special key scheduling must be performed to obtain the decryption key. This key scheduling is only required for AES decryption in ECB and CBC modes.

Recommended method is to select the Mode 2 by setting to 01 the MODE[1:0] bitfield of the AES_CR (key process only), then proceed with the decryption by setting MODE[1:0] to 10 (Mode 3, decryption only). Mode 2 usage is described below:

1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select Mode 2 by setting to 01 the MODE[1:0] bitfield of the AES_CR. The CHMOD[2:0] bitfield is not significant in this case because this key derivation mode is independent of the chaining algorithm selected. Select normal key mode by setting KMOD[1:0] to 00. For decryption with other KMOD[1:0] values, refer to Section 49.4.13 .
3. Set key length to 128 or 256 bits, via KEYSIZE bit of AES_CR register.
4. Write the AES_KEYRx registers (128 or 256 bits) with encryption key. Writes to the AES_IVRx registers have no effect.
5. Enable the AES peripheral, by setting the EN bit of the AES_CR register.
6. Wait until the CCF flag is set in the AES_SR register.
7. Clear the CCF flag. Derived key is available in AES core, ready to use for decryption.

Note: The AES is disabled by hardware when the derivation key is available.

To restart a derivation key computation, repeat steps 4, 5, 6, and 7.

Note: The operation of the key preparation lasts 59 or 82 clock cycles, depending on the key size (128- or 256-bit).

49.4.6 AES ciphertext stealing and data padding

When using AES in ECB or CBC modes to manage messages the size of which is not a multiple of the block size (128 bits), ciphertext stealing techniques are used, such as those described in NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode . Since the AES peripheral does not support such techniques, the application must complete the last block of input data using data from the second last block.

Note: Ciphertext stealing techniques are not documented in this reference manual.

Similarly, when AES is used in other modes than ECB or CBC, an incomplete input data block (that is, block with input data shorter than 128 bits) must be padded with zeros prior to encryption (that is, extra bits must be appended to the trailing end of the data string). After decryption, the extra bits must be discarded. As AES does not implement automatic data padding operation to the last block , the application must follow the recommendation given

in Section 49.4.4: AES procedure to perform a cipher operation to manage messages the size of which is not a multiple of 128 bits.

Note: Padding data are swapped in a similar way as normal data, according to the DATATYPE[1:0] field of the AES_CR register (see Section 49.4.14: AES data registers and data swapping for details).

49.4.7 AES task suspend and resume

A message can be suspended if another message with a higher priority must be processed. When this highest priority message is sent, the suspended message can resume in both encryption or decryption mode.

Suspend/resume operations do not break the chaining operation and the message processing can resume as soon as AES is enabled again to receive the next data block.

Figure 466 gives an example of suspend/resume operation: Message 1 is suspended in order to send a shorter and higher-priority Message 2.

Figure 466. Example of suspend mode management

The diagram shows the flow of data blocks for two messages. Message 1 starts with '128-bit block 1', followed by '128-bit block 2', and '128-bit block 3'. After block 3, a callout bubble indicates a 'New higher-priority message 2 to be processed'. An arrow points from '128-bit block 3' to a box labeled 'AES suspend sequence'. From this box, an arrow points to '128-bit block 1' of Message 2. Message 2 consists of '128-bit block 1' and '128-bit block 2'. From '128-bit block 2', an arrow points to a box labeled 'AES resume sequence'. From this box, an arrow points back to '128-bit block 4' of Message 1. Message 1 then continues with '128-bit block 4', '128-bit block 5', and '128-bit block 6', followed by an ellipsis. The diagram is labeled 'MSv42148V1' in the bottom right corner.

Diagram illustrating the suspend and resume operation for AES messages. Message 1 consists of 6 blocks. After block 3, a higher-priority Message 2 (2 blocks) is processed. An 'AES suspend sequence' saves the state after block 3, and an 'AES resume sequence' restores it before block 4. Message 1 then continues with blocks 4, 5, and 6.

A detailed description of suspend/resume operations is in the sections dedicated to each AES mode.

49.4.8 AES basic chaining modes (ECB, CBC)

Overview

This section gives a brief explanation of the four basic operation modes provided by the AES core: ECB encryption, ECB decryption, CBC encryption and CBC decryption. For detailed information, refer to the FIPS publication 197 from November 26, 2001.

Figure 467 illustrates the electronic codebook (ECB) encryption.

Diagram of ECB encryption showing two blocks, Block 1 and Block 2. Each block shows the flow from AES_DINR (plaintext) through Swap management, Encrypt (with KEY), and another Swap management to produce AES_DOUTR (ciphertext).

Figure 467. ECB encryption

The diagram illustrates the ECB encryption process for two blocks, Block 1 and Block 2. Each block follows a similar flow:

Block 1: The 128-bit plaintext input data block P1 is stored in the AES_DINR register. It first goes through a Swap management block (controlled by DATATYPE[1:0]) to produce a swap result I1. I1 is then processed by the Encrypt block (using the AES_KEYRx (KEY)). The encryption result O1 goes through another Swap management block (controlled by DATATYPE[1:0]) and is stored in the AES_DOUTR register as the 128-bit ciphertext output data block C1.
Block 2: The 128-bit plaintext input data block P2 is stored in the AES_DINR register. It first goes through a Swap management block (controlled by DATATYPE[1:0]) to produce a swap result I2. I2 is then processed by the Encrypt block (using the AES_KEYRx (KEY)). The encryption result O2 goes through another Swap management block (controlled by DATATYPE[1:0]) and is stored in the AES_DOUTR register as the 128-bit ciphertext output data block C2.

A legend indicates that light gray boxes represent input and dark gray boxes represent output. The diagram is labeled MSv19105V2.

Diagram of ECB encryption showing two blocks, Block 1 and Block 2. Each block shows the flow from AES_DINR (plaintext) through Swap management, Encrypt (with KEY), and another Swap management to produce AES_DOUTR (ciphertext).

In ECB encrypt mode, the 128-bit plaintext input data block P _xin the AES_DINR register first goes through bit/byte/half-word swapping. The swap result I _xis processed with the AES core set in encrypt mode, using a 128- or 256-bit key. The encryption result O _xgoes through bit/byte/half-word swapping, then is stored in the AES_DOUTR register as 128-bit ciphertext output data block C _x. The ECB encryption continues in this way until the last complete plaintext block is encrypted.

Figure 468 illustrates the electronic codebook (ECB) decryption.

Diagram of ECB decryption showing two blocks, Block 1 and Block 2. Each block shows the flow from AES_DINR (ciphertext) through Swap management, Decrypt (with KEY), and another Swap management to produce AES_DOUTR (plaintext).

Figure 468. ECB decryption

The diagram illustrates the ECB decryption process for two blocks, Block 1 and Block 2. Each block follows a similar flow:

Block 1: The 128-bit ciphertext input data block C1 is stored in the AES_DINR register. It first goes through a Swap management block (controlled by DATATYPE[1:0]) to produce a swap result I1. I1 is then processed by the Decrypt block (using the AES_KEYRx (KEY)). The decryption result O1 goes through another Swap management block (controlled by DATATYPE[1:0]) and is stored in the AES_DOUTR register as the 128-bit plaintext output data block P1.
Block 2: The 128-bit ciphertext input data block C2 is stored in the AES_DINR register. It first goes through a Swap management block (controlled by DATATYPE[1:0]) to produce a swap result I2. I2 is then processed by the Decrypt block (using the AES_KEYRx (KEY)). The decryption result O2 goes through another Swap management block (controlled by DATATYPE[1:0]) and is stored in the AES_DOUTR register as the 128-bit plaintext output data block P2.

A legend indicates that light gray boxes represent input and dark gray boxes represent output. The diagram is labeled MSv19106V2.

Diagram of ECB decryption showing two blocks, Block 1 and Block 2. Each block shows the flow from AES_DINR (ciphertext) through Swap management, Decrypt (with KEY), and another Swap management to produce AES_DOUTR (plaintext).

To perform an AES decryption in the ECB mode, the secret key has to be prepared by collecting the last-round encryption key (which requires to first execute the complete key schedule for encryption), and using it as the first-round key for the decryption of the ciphertext. This preparation is supported by the AES core.

In ECB decrypt mode, the 128-bit ciphertext input data block C ₁in the AES_DINR register first goes through bit/byte/half-word swapping. The keying sequence is reversed compared to that of the ECB encryption. The swap result I ₁is processed with the AES core set in decrypt mode, using the formerly prepared decryption key. The decryption result goes through bit/byte/half-word swapping, then is stored in the AES_DOUTR register as 128-bit plaintext output data block P ₁. The ECB decryption continues in this way until the last complete ciphertext block is decrypted.

Figure 469 illustrates the cipher block chaining (CBC) encryption.

Diagram of CBC encryption showing two blocks, Block 1 and Block 2. Block 1 takes plaintext P1, swaps it to P1', XORs it with the IV, encrypts it with the key to produce O1, swaps O1 to produce ciphertext C1. Block 2 takes plaintext P2, swaps it to P2', XORs it with the previous ciphertext O1, encrypts it with the key to produce O2, swaps O2 to produce ciphertext C2. A legend indicates input, output, and XOR symbols.

Figure 469. CBC encryption

The diagram illustrates the CBC encryption process for two blocks. Block 1 : The input AES_DINR (plaintext P1) is processed by a Swap management block (controlled by DATATYPE[1:0] ) to produce P1' . P1' is XOR-ed with the AES_IVRx (init. vector) to produce I1 . I1 is then processed by the Block cipher encryption block (using AES_KEYRx (KEY) ) to produce O1 . O1 is processed by another Swap management block to produce the final output AES_DOUTR (ciphertext C1) . Block 2 : The input AES_DINR (plaintext P2) is processed by a Swap management block to produce P2' . P2' is XOR-ed with the previous ciphertext O1 to produce I2 . I2 is then processed by the Block cipher encryption block (using AES_KEYRx (KEY) ) to produce O2 . O2 is processed by another Swap management block to produce the final output AES_DOUTR (ciphertext C2) . A Legend indicates that light gray boxes represent input , dark gray boxes represent output , and the circle with a cross symbol represents XOR . The diagram is labeled MSv19107V2 .

Diagram of CBC encryption showing two blocks, Block 1 and Block 2. Block 1 takes plaintext P1, swaps it to P1', XORs it with the IV, encrypts it with the key to produce O1, swaps O1 to produce ciphertext C1. Block 2 takes plaintext P2, swaps it to P2', XORs it with the previous ciphertext O1, encrypts it with the key to produce O2, swaps O2 to produce ciphertext C2. A legend indicates input, output, and XOR symbols.

In CBC encrypt mode, the first plaintext input block, after bit/byte/half-word swapping ( $$ P1' $$ ), is XOR-ed with a 128-bit IVI bitfield (initialization vector and counter), producing the $$ I1 $$ input data for encrypt with the AES core, using a 128- or 256-bit key. The resulting 128-bit output block $$ O1 $$ , after swapping operation, is used as ciphertext $$ C1 $$ . The $$ O1 $$ data is then XOR-ed with the second-block plaintext data $$ P2' $$ to produce the $$ I2 $$ input data for the AES core to produce the second block of ciphertext data. The chaining of data blocks continues in this way until the last plaintext block in the message is encrypted.

If the message size is not a multiple of 128 bits, the final partial data block is encrypted in the way explained in Section 49.4.6: AES ciphertext stealing and data padding .

Figure 470 illustrates the cipher block chaining (CBC) decryption.

Diagram of CBC decryption showing two blocks, Block 1 and Block 2. Block 1 takes ciphertext C1, swaps it to I1, decrypts it with the key to produce O1, XORs O1 with the IV to produce P1', swaps P1' to produce plaintext P1. Block 2 takes ciphertext C2, swaps it to I2, decrypts it with the key to produce O2, XORs O2 with the previous ciphertext O1 to produce P2', swaps P2' to produce plaintext P2. A legend indicates input, output, and XOR symbols.

Figure 470. CBC decryption

The diagram illustrates the CBC decryption process for two blocks. Block 1 : The input AES_DINR (ciphertext C1) is processed by a Swap management block (controlled by DATATYPE[1:0] ) to produce I1 . I1 is then processed by the Decrypt block (using AES_KEYRx (KEY) ) to produce O1 . O1 is XOR-ed with the AES_IVRx (IV) to produce P1' . P1' is processed by another Swap management block to produce the final output AES_DOUTR (plaintext P1) . Block 2 : The input AES_DINR (ciphertext C2) is processed by a Swap management block to produce I2 . I2 is then processed by the Decrypt block (using AES_KEYRx (KEY) ) to produce O2 . O2 is XOR-ed with the previous ciphertext O1 to produce P2' . P2' is processed by another Swap management block to produce the final output AES_DOUTR (plaintext P2) . A Legend indicates that light gray boxes represent input , dark gray boxes represent output , and the circle with a cross symbol represents XOR . The diagram is labeled MSv19104V2 .

Diagram of CBC decryption showing two blocks, Block 1 and Block 2. Block 1 takes ciphertext C1, swaps it to I1, decrypts it with the key to produce O1, XORs O1 with the IV to produce P1', swaps P1' to produce plaintext P1. Block 2 takes ciphertext C2, swaps it to I2, decrypts it with the key to produce O2, XORs O2 with the previous ciphertext O1 to produce P2', swaps P2' to produce plaintext P2. A legend indicates input, output, and XOR symbols.

In CBC decrypt mode, like in ECB decrypt mode, the secret key must be prepared to perform an AES decryption.

After the key preparation process, the decryption goes as follows: the first 128-bit ciphertext block (after the swap operation) is used directly as the AES core input block $$ I1 $$ for decrypt operation, using the 128-bit or 256-bit key. Its output $$ O1 $$ is XOR-ed with the 128-bit IVI field (that must be identical to that used during encryption) to produce the first plaintext block $$ P1 $$ .

The second ciphertext block is processed in the same way as the first block, except that the I1 data from the first block is used in place of the initialization vector.

The decryption continues in this way until the last complete ciphertext block is decrypted.

If the message size is not a multiple of 128 bits, the final partial data block is decrypted in the way explained in Section 49.4.6: AES ciphertext stealing and data padding .

For more information on data swapping, refer to Section 49.4.14: AES data registers and data swapping .

ECB/CBC encryption sequence

The sequence of events to perform an ECB/CBC encryption (more detail in Section 49.4.4 ):

1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select the Mode 1 by setting to 00 the MODE[1:0] bitfield of the AES_CR register and select ECB or CBC chaining mode by setting the CHMOD[2:0] bitfield of the AES_CR register to 000 or 001, respectively. Data type can also be defined, using DATATYPE[1:0] bitfield. Select normal key mode by setting KMOD[1:0] to 00. For encryption with other KMOD[1:0] values, refer to Section 49.4.13 .
3. Select 128- or 256-bit key length through the KEYSIZE bit of the AES_CR register.
4. Write the AES_KEYRx registers (128 or 256 bits) with encryption key. Fill the AES_IVRx registers with the initialization vector data if CBC mode has been selected.
5. Enable the AES peripheral by setting the EN bit of the AES_CR register.
6. Write the AES_DINR register four times to input the plaintext (MSB first), as shown in Figure 471 .
7. Wait until the CCF flag is set in the AES_SR register.
8. Read the AES_DOUTR register four times to get the ciphertext (MSB first) as shown in Figure 471 . Then clear the CCF flag by setting the CCF bit of the AES_ICR register.
9. Repeat steps 6-7-8 to process all the blocks with the same encryption key.

Figure 471. ECB/CBC encryption (Mode 1)

Diagram of ECB/CBC encryption sequence showing Input, Computation, and Output phases.

The diagram illustrates the ECB/CBC encryption sequence in Mode 1, divided into three phases:

Input phase: Four write operations into the AES_DINR register. The data is written in four words (PT3, PT2, PT1, PT0) in MSB first order. The first write (WR PT3) is at the MSB end, and the last write (WR PT0) is at the LSB end.
Computation phase: A central block labeled "Wait until flag CCF = 1".
Output phase: Four read operations from the AES_DOUTR register. The data is read in four words (CT3, CT2, CT1, CT0) in MSB first order. The first read (RD CT3) is at the MSB end, and the last read (RD CT0) is at the LSB end.

Legend:
PT = plaintext = 4 words (PT3, ..., PT0)
CT = ciphertext = 4 words (CT3, ..., CT0)

Reference: MS18936V3

Diagram of ECB/CBC encryption sequence showing Input, Computation, and Output phases.

ECB/CBC decryption sequence

The sequence of events to perform an AES ECB/CBC decryption is as follows (More detail in Section 49.4.4 ). Select normal key mode by setting KMOD[1:0] to 00. For decryption with other KMOD[1:0] values, refer to Section 49.4.13 .

1. Follow the steps described in Section 49.4.5: AES decryption round key preparation , in order to prepare the decryption key in AES core.
2. Select the Mode 3 by setting to 10 the MODE[1:0] bitfield of the AES_CR register and select ECB or CBC chaining mode by setting the CHMOD[2:0] bitfield of the AES_CR register to 000 or 001, respectively. Data type can also be defined, using DATATYPE[1:0] bitfield. KEYSIZE bitfield must be kept as-is.
3. Write the AES_IVRx registers with the initialization vector (required in CBC mode only).
4. Enable AES by setting the EN bit of the AES_CR register.
5. Write the AES_DINR register four times to input the cipher text (MSB first), as shown in Figure 472 .
6. Wait until the CCF flag is set in the AES_SR register.
7. Read the AES_DOUTR register four times to get the plain text (MSB first), as shown in Figure 472 . Then clear the CCF flag by setting the CCF bit of the AES_ICR register.
8. Repeat steps 5-6-7 to process all the blocks encrypted with the same key.

Figure 472. ECB/CBC decryption (Mode 3)

PT = plaintext = 4 words (PT3, ..., PT0)
CT = ciphertext = 4 words (CT3, ..., CT0)

MS18938V3

Figure 472: ECB/CBC decryption (Mode 3) flow diagram. The diagram is divided into three phases: Input phase, Computation phase, and Output phase. The Input phase consists of four write operations (WR CT3, WR CT2, WR CT1, WR CT0) into the AES_DINR register, labeled MSB to LSB. The Computation phase is a 'Wait until flag CCF = 1' block. The Output phase consists of four read operations (RD PT3, RD PT2, RD PT1, RD PT0) from the AES_DOUTR register, labeled MSB to LSB. Below the diagram, a legend defines PT as plaintext (4 words: PT3, ..., PT0) and CT as ciphertext (4 words: CT3, ..., CT0). The diagram is labeled MS18938V3 in the bottom right corner.

Suspend/resume operations in ECB/CBC modes

To suspend the processing of a message, proceed as follows:

1. If DMA is used, stop the AES DMA transfers to the IN FIFO by clearing the DMAINEN bit of the AES_CR register.
2. If DMA is not used, read four times the AES_DOUTR register to save the last processed block. If DMA is used, wait until the CCF flag is set in the AES_SR register then stop the DMA transfers from the OUT FIFO by clearing the DMAOUTEN bit of the AES_CR register.
3. If DMA is not used, poll the CCF flag of the AES_SR register until it becomes 1 (computation completed).
4. Clear the CCF flag by setting the CCF bit of the AES_ICR register.
5. Save initialization vector registers (only required in CBC mode as AES_IVRx registers are altered during the data processing).
6. Disable the AES peripheral by clearing the bit EN of the AES_CR register.
7. Save the AES_CR register and clear the key registers if they are not needed, to process the higher priority message.
8. If DMA is used, save the DMA controller status (pointers for IN and OUT data transfers, number of remaining bytes, and so on).

To resume the processing of a message, proceed as follows:

1. If DMA is used, configure the DMA controller so as to complete the rest of the FIFO IN and FIFO OUT transfers.
2. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
3. Restore AES_CR register (with correct KEYSIZE) then restore AES_KEYRx registers.
4. Prepare the decryption key as described in Section 49.4.5: AES decryption round key preparation (only required for ECB or CBC decryption).
5. Restore AES_IVRx registers using the saved configuration (only required in CBC mode).
6. Enable the AES peripheral by setting the EN bit of the AES_CR register.
7. If DMA is used, enable AES DMA transfers by setting the DMAINEN and DMAOUTEN bits of the AES_CR register.

49.4.9 AES counter (CTR) mode

Overview

The counter mode (CTR) uses AES as a key-stream generator. The generated keys are then XOR-ed with the plaintext to obtain the ciphertext.

CTR chaining is defined in NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation . A typical message construction in CTR mode is given in Figure 473 .

Figure 473. Message construction in CTR mode

The diagram illustrates the message construction in CTR mode. At the top, a horizontal bar represents the message structure with 16-byte boundaries. It starts with the Initial Counter Block (ICB), followed by the Ciphertext (C), and ends with Zero padding (indicated by '0'). Below the ICB, a callout shows its internal structure with 4-byte boundaries, divided into the Initialization vector (IV) and the Counter. A vertical arrow labeled 'decrypt' points from the Ciphertext (C) to the Plaintext (P) below it. The Plaintext (P) is shown as a horizontal bar. The diagram is labeled MSv42156V1 in the bottom right corner.

Diagram illustrating message construction in CTR mode. It shows the structure of the Initial Counter Block (ICB) and the resulting Ciphertext (C) and Plaintext (P).

The structure of this message is:

• A 16-byte initial counter block (ICB), composed of two distinct fields:
- – Initialization vector (IV) : a 96-bit value that must be unique for each encryption cycle with a given key.
- – Counter : a 32-bit big-endian integer that is incremented each time a block processing is completed. The initial value of the counter must be set to 1.
• The plaintext P is encrypted as ciphertext C, with a known length. This length can be non-multiple of 16 bytes, in which case a plaintext padding is required.

CTR encryption and decryption

Figure 474 and Figure 475 describe the CTR encryption and decryption process, respectively, as implemented in the AES peripheral. The CTR mode is selected by writing 010 to the CHMOD[2:0] bitfield of AES_CR register.

Figure 474. CTR encryption

The diagram illustrates the CTR encryption process across two blocks, Block 1 and Block 2. In Block 1, the AES_IVRx (Nonce + 32-bit counter) is input to an Encrypt block along with AES_KEYRx (KEY). The output O1 is XORed with the plaintext P1 (via a Swap management block) to produce the ciphertext C1. The counter is incremented by 1 for Block 2. In Block 2, the AES_IVRx (Nonce + 32-bit counter + 1) is input to an Encrypt block along with AES_KEYRx (KEY). The output O2 is XORed with the plaintext P2 (via a Swap management block) to produce the ciphertext C2. A legend indicates that white boxes are inputs, grey boxes are outputs, and a circle with a cross is XOR.

Figure 474. CTR encryption diagram showing two blocks (Block 1 and Block 2) of the encryption process. Each block uses an AES_IVRx (Nonce + 32-bit counter) as input to an Encrypt block along with AES_KEYRx (KEY). The output O1 (or O2) is XORed with the plaintext P1 (or P2) via a Swap management block to produce the ciphertext C1 (or C2). The counter is incremented by 1 for each block. A legend indicates that white boxes are inputs, grey boxes are outputs, and a circle with a cross is XOR.

Figure 475. CTR decryption

The diagram illustrates the CTR decryption process across two blocks, Block 1 and Block 2. In Block 1, the AES_IVRx (Nonce + 32-bit counter) is input to an Encrypt block along with AES_KEYRx (KEY). The output O1 is XORed with the ciphertext C1 (via a Swap management block) to produce the plaintext P1. The counter is incremented by 1 for Block 2. In Block 2, the AES_IVRx (Nonce + 32-bit counter + 1) is input to an Encrypt block along with AES_KEYRx (KEY). The output O2 is XORed with the ciphertext C2 (via a Swap management block) to produce the plaintext P2. A legend indicates that white boxes are inputs, grey boxes are outputs, and a circle with a cross is XOR.

Figure 475. CTR decryption diagram showing two blocks (Block 1 and Block 2) of the decryption process. Each block uses an AES_IVRx (Nonce + 32-bit counter) as input to an Encrypt block along with AES_KEYRx (KEY). The output O1 (or O2) is XORed with the ciphertext C1 (or C2) via a Swap management block to produce the plaintext P1 (or P2). The counter is incremented by 1 for each block. A legend indicates that white boxes are inputs, grey boxes are outputs, and a circle with a cross is XOR.

In CTR mode, the cryptographic core output (also called keystream) $$ O_x $$ is XOR-ed with relevant input block ( $$ P_x' $$ for encryption, $$ C_x' $$ for decryption), to produce the correct output block ( $$ C_x' $$ for encryption, $$ P_x' $$ for decryption). Initialization vectors in AES must be initialized as shown in Table 469.

Table 469. CTR mode initialization vector definition

AES_IVR3[31:0]	AES_IVR2[31:0]	AES_IVR1[31:0]	AES_IVR0[31:0]
IVI[127:96]	IVI[95:64]	IVI[63:32]	IVI[31:0] 32-bit counter = 0x0001

Unlike in CBC mode that uses the AES_IVRx registers only once when processing the first data block, in CTR mode AES_IVRx registers are used for processing each data block, and the AES peripheral increments the counter bits of the initialization vector (leaving the nonce bits unchanged).

CTR decryption does not differ from CTR encryption, since the core always encrypts the current counter block to produce the key stream that is then XOR-ed with the plaintext (CTR encryption) or ciphertext (CTR decryption) input. In CTR mode, the MODE[1:0] bitfield setting 01 (key derivation) is forbidden and all the other settings default to encryption mode.

The sequence of events to perform an encryption or a decryption in CTR chaining mode:

1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select CTR chaining mode by setting to 010 the CHMOD[2:0] bitfield of the AES_CR register. Set MODE[1:0] bitfield to any value other than 01.
3. Initialize the AES_KEYRx registers, and load the AES_IVRx registers as described in Table 469 .
4. Set the EN bit of the AES_CR register, to start encrypting the current counter (EN is automatically reset when the calculation finishes).
5. If it is the last block, pad the data with zeros to have a complete block, if needed.
6. Append data in AES, and read the result. The three possible scenarios are described in Section 49.4.4: AES procedure to perform a cipher operation .
7. Repeat the previous step till the second-last block is processed. For the last block, apply the two previous steps and discard the bits that are not part of the payload (if the size of the significant data in the last input block is less than 16 bytes).

Suspend/resume operations in CTR mode

Like for the CBC mode, it is possible to interrupt a message to send a higher priority message, and resume the message that was interrupted. Detailed CBC suspend/resume sequence is described in Section 49.4.8: AES basic chaining modes (ECB, CBC) .

Note: Like for CBC mode, the AES_IVRx registers must be reloaded during the resume operation.

49.4.10 AES Galois/counter mode (GCM)

Overview

The AES Galois/counter mode (GCM) allows encrypting and authenticating a plaintext message into the corresponding ciphertext and tag (also known as message authentication code). To ensure confidentiality, GCM algorithm is based on AES counter mode. It uses a multiplier over a fixed finite field to generate the tag.

GCM chaining is defined in NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC . A typical message construction in GCM mode is given in Figure 476 .

Figure 476. Message construction in GCM

The diagram illustrates the message construction in GCM. It shows the flow from the Initialization vector (IV) and Counter to the Initial Counter Block (ICB), then through the Additional Authenticated Data (AAD) and Plaintext (P) to the Authenticated & encrypted ciphertext (C), and finally to the Authentication tag (T). The ICB is composed of a 96-bit IV and a 32-bit Counter. The AAD is authenticated but not encrypted. The Plaintext (P) is both authenticated and encrypted as ciphertext (C). The Last block contains the AAD header length (bits [32:63]) and the payload length (bits [96:127]) information. The Authentication tag (T) is derived from the ICB, AAD, and C.

Diagram illustrating the message construction in GCM. It shows the flow from the Initialization vector (IV) and Counter to the Initial Counter Block (ICB), then through the Additional Authenticated Data (AAD) and Plaintext (P) to the Authenticated & encrypted ciphertext (C), and finally to the Authentication tag (T).

The message has the following structure:

• 16-byte initial counter block (ICB) , composed of two distinct fields:
- – Initialization vector (IV) : a 96-bit value that must be unique for each encryption cycle with a given key. Note that the GCM standard supports IVs with less than 96 bits, but in this case strict rules apply.
- – Counter : a 32-bit big-endian integer that is incremented each time a block processing is completed. According to NIST specification, the counter value is 0x2 when processing the first block of payload.
• Authenticated header AAD (also known as additional authentication data) has a known length $$ Len(A) $$ that may be a non-multiple of 16 bytes, and must not exceed $2^{64} - 1$ bits. This part of the message is only authenticated, not encrypted.
• Plaintext message P is both authenticated and encrypted as ciphertext C, with a known length $$ Len(P) $$ that may be non-multiple of 16 bytes, and cannot exceed $2^{32} - 2$ 128-bit blocks.
• Last block contains the AAD header length (bits [32:63]) and the payload length (bits [96:127]) information, as shown in Table 470 .

The GCM standard specifies that ciphertext C has the same bit length as the plaintext P.

When a part of the message (AAD or P) has a length that is a non-multiple of 16-bytes a special padding scheme is required.

Table 470. GCM last block definition

Endianness	Bit[0] ----- Bit[31]	Bit[32]----- Bit[63]	Bit[64] ----- Bit[95]	Bit[96] ----- Bit[127]
Input data	0x0	AAD length[31:0]	0x0	Payload length[31:0]

GCM processing

Figure 477 describes the GCM implementation in the AES peripheral. The GCM is selected by writing 011 to the CHMOD[2:0] bitfield of the AES_CR register.

Figure 477. GCM authenticated encryption

Diagram of GCM authenticated encryption process showing Init, Header, Payload, and Final stages.

The diagram illustrates the GCM authenticated encryption process, divided into four main stages:

(1) Init: The process starts with AES_KEYRx (KEY) input to an Encrypt block, which outputs H . A zero block $[0]_{128}$ is also input to this Encrypt block.
(2) Header: AES_DINR (AAD 0) and AES_DINR (AAD i) are processed through Swap management blocks with DATATYPE [1:0] settings. The outputs are then processed by GF2mul blocks using H as an input. The results are XORed together.
(3) Payload: This stage processes multiple blocks, from Block 1 to Block n .
- Block 1: AES_DINR (plaintext P1) is processed through Swap management ( DATATYPE [1:0] ) and XORed with CB1 . CB1 is the output of an Encrypt block taking AES_KEYRx (KEY) and AES_IVRx (initialized with ICB + (32-bit counter = 0x02) ) as inputs. The XOR result produces AES_DOUTR (ciphertext C1) . This ciphertext is then processed by Swap management and XORed with the previous stage's output before entering a GF2mul block with H .
- Block n: Similar to Block 1, but the AES_IVRx is updated by a Counter increment (+1) block to produce CBn .
(4) Final: The final authentication tag AES_DOUTR (Authentication TAG T) is generated. First, the lengths AES_DINR Len(A) ₆₄|| Len(C) ₆₄are XORed with the accumulated value from the payload stage and passed through GF2mul with H . The result (S) is XORed with the output of an Encrypt block that takes AES_KEYRx (key) and the initial counter block AES_IVRx (IV + 32-bit counter (= 0x01)) as inputs.

Legend:

input
output
⊕ XOR

Diagram of GCM authenticated encryption process showing Init, Header, Payload, and Final stages.

The mechanism for the confidentiality of the plaintext in GCM mode is similar to that in the Counter mode, with a particular increment function (denoted 32-bit increment) that generates the sequence of input counter blocks.

AES_IVRx registers keeping the counter block of data are used for processing each data block. The AES peripheral automatically increments the Counter[31:0] bitfield. The first counter block (CB1) is derived from the initial counter block ICB by the application software (see Table 471).

Table 471. Initialization of AES_IVRx registers in GCM mode

AES_IVR3[31:0]	AES_IVR2[31:0]	AES_IVR1[31:0]	AES_IVR0[31:0]
ICB[127:96]	ICB[95:64]	ICB[63:32]	ICB[31:0] 32-bit counter = 0x0002

Note: In this mode, the setting 01 of the MODE[1:0] bitfield (key derivation) is forbidden.

The authentication mechanism in GCM mode is based on a hash function called GF2mul that performs multiplication by a fixed parameter, called hash subkey (H), within a binary Galois field.

A GCM message is processed through the following phases, further described in next subsections:

• Init phase: AES prepares the GCM hash subkey (H).
• Header phase: AES processes the additional authenticated data (AAD), with hash computation only.
• Payload phase: AES processes the plaintext (P) with hash computation, counter block encryption and data XOR-ing. It operates in a similar way for ciphertext (C).
• Final phase: AES generates the authenticated tag (T) using the last block of the message.

GCM init phase

During this first step, the GCM hash subkey (H) is calculated and saved internally, to be used for processing all the blocks. The recommended sequence is:

1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select GCM chaining mode, by setting to 011 the CHMOD[2:0] bitfield of the AES_CR register, and optionally, set the DATATYPE[1:0] bitfield.
3. Indicate the Init phase, by setting to 00 the GCMPH[1:0] bitfield of the AES_CR register.
4. Set the MODE[1:0] bitfield of the AES_CR register to 00 or 10. Although the bitfield is only used in payload phase, it is recommended to set it in the Init phase and keep it unchanged in all subsequent phases.
5. Initialize the AES_KEYRx registers with a key, and initialize AES_IVRx registers with the information as defined in Table 471 .
6. Start the calculation of the hash key, by setting to 1 the EN bit of the AES_CR register (EN is automatically reset when the calculation finishes).
7. Wait until the end of computation, indicated by the CCF flag of the AES_SR transiting to 1. Alternatively, use the corresponding interrupt.
8. Clear the CCF flag of the AES_SR register, by setting the CCF bit of the AES_ICR register.

GCM header phase

This phase coming after the GCM Init phase must be completed before the payload phase. The sequence to execute, identical for encryption and decryption, is:

1. Indicate the header phase, by setting to 01 the GCMPH[1:0] bitfield of the AES_CR register. Do not modify the MODE[1:0] bitfield as set in the Init phase.
2. Enable the AES peripheral by setting the EN bit of the AES_CR register.
3. If it is the last block and the AAD size in the block is inferior to 128 bits, pad the remainder of the block with zeros. Then append the data block into AES in one of ways described in Section 49.4.4: AES procedure to perform a cipher operation . No data is read during this phase.
4. Repeat the step 3 until the last additional authenticated data block is processed.

Note: The header phase can be skipped if there is no AAD, that is, Len(A) = 0.

GCM payload phase

This phase, identical for encryption and decryption, is executed after the GCM header phase. During this phase, the encrypted/decrypted payload is stored in the AES_DOUTR register. The sequence to execute is:

1. Indicate the payload phase, by setting to 10 the GCMPH[1:0] bitfield of the AES_CR register. Do not modify the MODE[1:0] bitfield as set in the Init phase.
2. If the header phase was skipped, enable the AES peripheral by setting the EN bit of the AES_CR register.
3. If it is the last block and the plaintext (encryption) or ciphertext (decryption) size in the block is inferior to 128 bits, pad the remainder of the block with zeros.
4. Append the data block into AES in one of ways described in Section 49.4.4: AES procedure to perform a cipher operation , and read the result.
5. Repeat the previous step till the second-last plaintext block is encrypted or till the last block of ciphertext is decrypted. For the last block of plaintext (encryption only), execute the two previous steps. For the last block, discard the bits that are not part of the payload when the last block size is less than 16 bytes.

Note: The payload phase can be skipped if there is no payload data, that is, Len(C) = 0 (see GMAC mode).

GCM final phase

In this last phase, the AES peripheral generates the GCM authentication tag and stores it in the AES_DOUTR register. The sequence to execute is:

1. Indicate the final phase, by setting to 11 the GCMPH[1:0] bitfield of the AES_CR register.
2. Compose the data of the block, by concatenating the AAD bit length and the payload bit length, as shown in Table 470 . Write the block into the AES_DINR register.
3. Wait until the end of computation, indicated by the CCF flag of the AES_SR transiting to 1.
4. Get the GCM authentication tag, by reading the AES_DOUTR register four times.
5. Clear the CCF flag of the AES_SR register, by setting the CCF bit of the AES_ICR register.
6. Disable the AES peripheral, by clearing the bit EN of the AES_CR register. If it is an authenticated decryption, compare the generated tag with the expected tag passed with the message.

Note: In the final phase, data is written to AES_DINR normally (no swapping), while swapping is applied to tag data read from AES_DOUTR.

When transiting from the header or the payload phase to the final phase, the AES peripheral must not be disabled, otherwise the result is wrong.

Suspend/resume operations in GCM mode

To suspend the processing of a message , proceed as follows:

1. If DMA is used, stop the AES DMA transfers to the IN FIFO by clearing the DMAINEN bit of the AES_CR register. If DMA is not used, make sure that the current computation is completed, which is indicated by the CCF flag of the AES_SR register set to 1.
2. In the payload phase, if DMA is not used, read four times the AES_DOUTR register to save the last-processed block. If DMA is used, wait until the CCF flag is set in the AES_SR register then stop the DMA transfers from the OUT FIFO by clearing the DMAOUTEN bit of the AES_CR register.
3. Clear the CCF flag of the AES_SR register, by setting the CCF bit of the AES_ICR register.
4. Save the AES_SUSPxR registers in the memory, where x is from 0 to 7.
5. In the payload phase, save the AES_IVRx registers as, during the data processing, they changed from their initial values. In the header phase, this step is not required.
6. Disable the AES peripheral, by clearing the EN bit of the AES_CR register.
7. Save the current AES configuration in the memory, excluding the initialization vector registers AES_IVRx. Key registers do not need to be saved as the original key value is known by the application.
8. If DMA is used, save the DMA controller status (pointers for IN data transfers, number of remaining bytes, and so on). In the payload phase, pointers for OUT data transfers must also be saved.

To resume the processing of a message , proceed as follows:

1. If DMA is used, configure the DMA controller in order to complete the rest of the FIFO IN transfers. In the payload phase, the rest of the FIFO OUT transfers must also be configured in the DMA controller.
2. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
3. Write the suspend register values, previously saved in the memory, back into their corresponding AES_SUSPxR registers, where x is from 0 to 7.
4. In the payload phase, write the initialization vector register values, previously saved in the memory, back into their corresponding AES_IVRx registers. In the header phase, write initial setting values back into the AES_IVRx registers.
5. Restore the initial setting values in the AES_CR and AES_KEYRx registers.
6. Enable the AES peripheral by setting the EN bit of the AES_CR register.

If DMA is used, enable AES DMA requests by setting the DMAINEN bit (and DMAOUTEN bit if in payload phase) of the AES_CR register.

49.4.11 AES Galois message authentication code (GMAC)

Overview

The Galois message authentication code (GMAC) allows the authentication of a plaintext, generating the corresponding tag information (also known as message authentication code). It is based on GCM algorithm, as defined in NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC .

A typical message construction for GMAC is given in Figure 478.

Figure 478. Message construction in GMAC mode

The diagram illustrates the message construction for GMAC. It shows a sequence of blocks: an Initialization Vector (IV) and Counter (ICB) block, followed by 'Authenticated data' blocks, and a 'Last block'. The ICB block is 16 bytes long and is split into a 4-byte IV and a 4-byte Counter. The 'Authenticated data' is composed of 16-byte blocks, with a total length labeled as Len(A). The 'Last block' is also 16 bytes long and contains zero padding. Above the 'Last block', there are two fields: [Len(A)] ₆₄and [0] ₆₄. A dashed line labeled 'auth.' points from the 'Authenticated data' to an 'Authentication tag (T)'. A legend indicates that grey-shaded areas represent 'Zero padding'. The diagram is labeled MSv42158V2.

Diagram of message construction in GMAC mode showing ICB, Authenticated data, and Last block with zero padding.

AES GMAC processing

Figure 479 describes the GMAC mode implementation in the AES peripheral. This mode is selected by writing 011 to the CHMOD[2:0] bitfield of the AES_CR register.

Figure 479. GMAC authentication mode

The flowchart details the GMAC authentication mode implementation in four steps:
(1) Init: An AES_KEYRx (KEY) block and an [0] ₁₂₈block are input to an 'Encrypt' block, which outputs H.
(2) Header: Multiple message blocks (AES_DINR, message block 1 to n) are processed. Each block goes through a 'Swap management' block (controlled by DATATYPE [1:0]) and then a 'GF2mul' block that also takes H as input. The outputs are XORed together.
(4) Final: The XORed result from step (2) is input to another 'GF2mul' block along with H. The output S is XORed with the output of an 'Encrypt' block. The 'Encrypt' block takes AES_KEYRx (KEY) and an IV + 32-bit counter (= 0x0) as input. The final output is AES_DOUTR (authentication tag T).
A legend indicates that light grey blocks are 'input', dark grey blocks are 'output', and a circle with a cross symbol represents 'XOR'. The diagram is labeled MSv42150V2.

Flowchart of GMAC authentication mode showing Init, Header, and Final processing steps.

The GMAC algorithm corresponds to the GCM algorithm applied on a message only containing a header. As a consequence, all steps and settings are the same as with the GCM, except that the payload phase is omitted.

Suspend/resume operations in GMAC

In GMAC mode, the sequence described for the GCM applies except that only the header phase can be interrupted.

49.4.12 AES counter with CBC-MAC (CCM)

Overview

The AES counter with cipher block chaining-message authentication code (CCM) algorithm allows encryption and authentication of plaintext, generating the corresponding ciphertext and tag (also known as message authentication code). To ensure confidentiality, the CCM algorithm is based on AES in counter mode. It uses cipher block chaining technique to generate the message authentication code. This is commonly called CBC-MAC.

Note: NIST does not approve this CBC-MAC as an authentication mode outside the context of the CCM specification.

CCM chaining is specified in NIST Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation - The CCM Mode for Authentication and Confidentiality . A typical message construction for CCM is given in Figure 480 .

Figure 480. Message construction in CCM mode

The diagram illustrates the message construction in CCM mode. The top part shows the message structure with fields: B0 (16-byte authentication block), Associated data (A) of length Len(A), Plaintext (P) of length Len(P), and Enc(T) (Encrypted Tag) of length Len(T). B0 is composed of flags, Nonce (N) of length Len(N), and Q. The message is authenticated and encrypted to produce Authenticated & encrypted ciphertext (C). The bottom part shows the decryption and comparison process.

Diagram illustrating the message construction in CCM mode. The top part shows the message structure with fields: B0 (16-byte authentication block), Associated data (A) of length Len(A), Plaintext (P) of length Len(P), and Enc(T) (Encrypted Tag) of length Len(T). B0 is composed of flags, Nonce (N) of length Len(N), and Q. The message is authenticated and encrypted to produce Authenticated & encrypted ciphertext (C). The bottom part shows the decryption and comparison process.

The structure of the message is:

• 16-byte first authentication block (B0) , composed of three distinct fields:
- – Q : a bit string representation of the octet length of P (Len(P))
- – Nonce (N) : a single-use value (that is, a new nonce must be assigned to each new communication) of Len(N) size. The sum Len(N) + Len(P) must be equal to 15 bytes.
- – Flags : most significant octet containing four flags for control information, as specified by the standard. It contains two 3-bit strings to encode the values t (MAC length expressed in bytes) and Q (plaintext length such that $\text{Len(P)} < 2^{8Q}$ bytes). The counter blocks range associated to Q is equal to $2^{8Q-4}$ , that is, if the maximum value of Q is 8, the counter blocks used in cipher must be on 60 bits.
• 16-byte blocks (B) associated to the Associated Data (A).
This part of the message is only authenticated, not encrypted. This section has a

known length $\text{Len}(A)$ that can be a non-multiple of 16 bytes (see Figure 480 ). The standard also states that, on MSB bits of the first message block ( $$ B_1 $$ ), the associated data length expressed in bytes ( $$ a $$ ) must be encoded as follows:

– If $0 < a < 2^{16} - 2^8$ , then it is encoded as $[a]_{16}$ , that is, on two bytes.
– If $2^{16} - 2^8 < a < 2^{32}$ , then it is encoded as $0xff \parallel 0xfe \parallel [a]_{32}$ , that is, on six bytes.
– If $2^{32} < a < 2^{64}$ , then it is encoded as $0xff \parallel 0xff \parallel [a]_{64}$ , that is, on ten bytes.
• 16-byte blocks (B) associated to the plaintext message $$ P $$ , which is both authenticated and encrypted as ciphertext $$ C $$ , with a known length $\text{Len}(P)$ . This length can be a non-multiple of 16 bytes (see Figure 480 ).
• Encrypted MAC (T) of length $\text{Len}(T)$ appended to the ciphertext $$ C $$ of overall length $\text{Len}(C)$ .

When a part of the message ( $$ A $$ or $$ P $$ ) has a length that is a non-multiple of 16-bytes, a special padding scheme is required.

Note: CCM chaining mode can also be used with associated data only (that is, no payload).

As an example, the C.1 section in NIST Special Publication 800-38C gives the following values (hexadecimal numbers):

N: 10111213 141516 ( $\text{Len}(N) = 56$ bits or 7 bytes)
A: 00010203 04050607 ( $\text{Len}(A) = 64$ bits or 8 bytes)
P: 20212223 ( $\text{Len}(P) = 32$ bits or 4 bytes)
T: 6084341B ( $\text{Len}(T) = 32$ bits or 4 bytes)
$$ B_0 $$ : 4F101112 13141516 00000000 00000004
$$ B_1 $$ : 00080001 02030405 06070000 00000000
$$ B_2 $$ : 20212223 00000000 00000000 00000000
$$ CTR_0 $$ : 0710111213 141516 00000000 00000000
$$ CTR_1 $$ : 0710111213 141516 00000000 00000001

Generation of formatted input data blocks $$ B_x $$ (especially $$ B_0 $$ and $$ B_1 $$ ) must be managed by the application.

CCM processing

Figure 481 describes the CCM implementation within the AES peripheral (encryption example). This mode is selected by writing 100 into the CHMOD[2:0] bitfield of the AES_CR register.

Figure 481. CCM mode authenticated encryption

Figure 481. CCM mode authenticated encryption diagram showing the flow of data through the AES hardware accelerator. The process is divided into four main stages: (1) Init, (2) Header, (3) Payload, and (4) Final. Stage (1) Init shows the generation of the first counter block (CTR0) from a mask and the first block (B0). Stage (2) Header shows the encryption of associated data blocks (B1 to Bu). Stage (3) Payload shows the encryption of plaintext blocks (P1 to Pm) using counter mode (CTR1 to CTRm). Stage (4) Final shows the generation of the MAC (T) and the final ciphertext (EncTAG). The diagram includes various registers (AES_IVRx, AES_KEYRx, AES_DINR, AES_DOUTR) and processing blocks (Encrypt, Swap management, Counter increment). A legend indicates that light gray boxes represent inputs, dark gray boxes represent outputs, and circles with an 'X' represent XOR operations.

The data input to the generation-encryption process are a valid nonce, a valid payload string, and a valid associated data string, all properly formatted. The CBC chaining mechanism is applied to the formatted plaintext data to generate a MAC, with a known length. Counter mode encryption that requires a sufficiently long sequence of counter blocks as input, is applied to the payload string and separately to the MAC. The resulting ciphertext C is the output of the generation-encryption process on plaintext P.

AES_IVRx registers are used for processing each data block, AES automatically incrementing the CTR counter with a bit length defined by the first block B0. Table 472 shows how the application must load the B0 data.

Note: The AES peripheral in CCM mode supports counters up to 64 bits, as specified by NIST.

Table 472. Initialization of AES_IVRx registers in CCM mode

AES_IVR3[31:0]	AES_IVR2[31:0]	AES_IVR1[31:0]	AES_IVR0[31:0]
B0[127:96]	B0[95:64]	B0[63:32]	B0[31:0]

Note: In this mode, the setting 01 of the MODE[1:0] bitfield (key derivation) is forbidden.

A CCM message is processed through the following phases, further described in next subsections:

• Init phase: AES processes the first block and prepares the first counter block.
• Header phase: AES processes associated data (A), with tag computation only.
• Payload phase: IP processes plaintext (P), with tag computation, counter block encryption, and data XOR-ing. It works in a similar way for ciphertext (C).
• Final phase: AES generates the message authentication code (MAC).

CCM Init phase

In this phase, the first block B0 of the CCM message is written into the AES_IVRx register. The AES_DOUTR register does not contain any output data. The recommended sequence is:

1. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
2. Select CCM chaining mode, by setting to 100 the CHMOD[2:0] bitfield of the AES_CR register, and optionally, set the DATATYPE[1:0] bitfield.
3. Indicate the Init phase, by setting to 00 the GCMPH[1:0] bitfield of the AES_CR register.
4. Set the MODE[1:0] bitfield of the AES_CR register to 00 or 10. Although the bitfield is only used in payload phase, it is recommended to set it in the Init phase and keep it unchanged in all subsequent phases.
5. Initialize the AES_KEYRx registers with a key, and initialize AES_IVRx registers with B0 data as described in Table 472 .
6. Start the calculation of the counter, by setting to 1 the EN bit of the AES_CR register (EN is automatically reset when the calculation finishes).
7. Wait until the end of computation, indicated by the CCF flag of the AES_SR transiting to 1. Alternatively, use the corresponding interrupt.
8. Clear the CCF flag in the AES_SR register, by setting to 1 the CCF bit of the AES_ICR register.

CCM header phase

This phase coming after the GCM Init phase must be completed before the payload phase. During this phase, the AES_DOUTR register does not contain any output data.

The sequence to execute, identical for encryption and decryption, is:

1. Indicate the header phase, by setting to 01 the GCMPH[1:0] bitfield of the AES_CR register. Do not modify the MODE[1:0] bitfield as set in the Init phase.
2. Enable the AES peripheral by setting the EN bit of the AES_CR register.
3. If it is the last block and the AAD size in the block is inferior to 128 bits, pad the remainder of the block with zeros. Then append the data block into AES in one of ways described in Section 49.4.4: AES procedure to perform a cipher operation . No data is read during this phase.
4. Repeat the step 3 until the last additional authenticated data block is processed.

Note: The header phase can be skipped if there is no associated data, that is, Len(A) = 0.

The first block of the associated data (B1) must be formatted by software, with the associated data length.

CCM payload phase (encryption or decryption)

This phase, identical for encryption and decryption, is executed after the CCM header phase. During this phase, the encrypted/decrypted payload is stored in the AES_DOUTR register. The sequence to execute is:

1. Indicate the payload phase, by setting to 10 the GCMPH[1:0] bitfield of the AES_CR register. Do not modify the MODE[1:0] bitfield as set in the Init phase.
2. If the header phase was skipped, enable the AES peripheral by setting the EN bit of the AES_CR register.
3. If it is the last data block to encrypt and the plaintext size in the block is inferior to 128 bits, pad the remainder of the block with zeros.
4. Append the data block into AES in one of ways described in Section 49.4.4: AES procedure to perform a cipher operation , and read the result.
5. Repeat the previous step till the second-last plaintext block is encrypted or till the last block of ciphertext is decrypted. For the last block of plaintext (encryption only), apply the two previous steps. For the last block, discard the data that is not part of the payload when the last block size is less than 16 bytes.

Note: The payload phase can be skipped if there is no payload data, that is, $$ Len(P) = 0 $$ or $$ Len(C) = Len(T) $$ .

Remove $LSB_{Len(T)}(C)$ encrypted tag information when decrypting ciphertext C.

CCM final phase

In this last phase, the AES peripheral generates the GCM authentication tag and stores it in the AES_DOUTR register. The sequence to execute is:

1. Indicate the final phase, by setting to 11 the GCMPH[1:0] bitfield of the AES_CR register.
2. Wait until the end-of-computation flag CCF of the AES_SR register is set.
3. Read four times the AES_DOUTR register: the output corresponds to the CCM authentication tag.
4. Clear the CCF flag of the AES_SR register by setting the CCF bit of the AES_ICR register.
5. Disable the AES peripheral, by clearing the EN bit of the AES_CR register.
6. For authenticated decryption, compare the generated encrypted tag with the encrypted tag padded in the ciphertext.

Note: In this final phase, swapping is applied to tag data read from AES_DOUTR register.

When transiting from the header phase to the final phase, the AES peripheral must not be disabled, otherwise the result is wrong.

Application must mask the authentication tag output with tag length to obtain a valid tag.

Suspend/resume operations in CCM mode

To suspend the processing of a message in header or payload phase, proceed as follows:

1. If DMA is used, stop the AES DMA transfers to the IN FIFO by clearing the DMAINEN bit of the AES_CR register. If DMA is not used, make sure that the current computation is completed, which is indicated by the CCF flag of the AES_SR register set to 1.
2. In the payload phase, if DMA is not used, read four times the AES_DOUTR register to save the last-processed block. If DMA is used, wait until the CCF flag is set in the

AES_SR register then stop the DMA transfers from the OUT FIFO by clearing the DMAOUTEN bit of the AES_CR register.
1. 3. Clear the CCF flag of the AES_SR register, by setting to 1 the CCF bit of the AES_ICR register.
2. 4. Save the AES_SUSPxR registers (where x is from 0 to 7) in the memory.
3. 5. Save the AES_IVRx registers as, during the data processing, they changed from their initial values.
4. 6. Disable the AES peripheral, by clearing the EN bit of the AES_CR register.
5. 7. Save the current AES configuration in the memory, excluding the initialization vector registers AES_IVRx. Key registers do not need to be saved as the original key value is known by the application.
6. 8. If DMA is used, save the DMA controller status (pointers for IN data transfers, number of remaining bytes, and so on). In the payload phase, pointers for OUT data transfers must also be saved.

To resume the processing of a message , proceed as follows:

1. If DMA is used, configure the DMA controller in order to complete the rest of the FIFO IN transfers. In the payload phase, the rest of the FIFO OUT transfers must also be configured in the DMA controller.
2. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
3. Write the suspend register values, previously saved in the memory, back into their corresponding AES_SUSPxR registers (where x is from 0 to 7).
4. Write the initialization vector register values, previously saved in the memory, back into their corresponding AES_IVRx registers.
5. Restore the initial setting values in the AES_CR and AES_KEYRx registers.
6. Enable the AES peripheral by setting the EN bit of the AES_CR register.
7. If DMA is used, enable AES DMA requests by setting to 1 the DMAINEN bit (and DMAOUTEN bit if in payload phase) of the AES_CR register.

49.4.13 AES operation with shared keys

The AES peripheral can use the SAES peripheral as security co-processor. In this case, secure application prepares the key in the robust SAES peripheral. When ready, the AES application can load this prepared key through a dedicated hardware key bus.

Recommended sequences are described below and in SAES peripheral section Section 50.4.10: SAES operation with shared keys .

1. In SAES peripheral application encrypts the key to be shared, once, in Shared-key mode (KMOD[1:0] = 10).
2. Each time shared key is needed in AES peripheral application needs to decrypt it in SAES peripheral, selecting the same Shared-key mode (KMOD[1:0] = 10).
3. Once the shared key is decrypted and loaded in SAES_KEYRx registers it can be shared with the AES peripheral. Indeed, when shared key must be loaded in AES peripheral, application sets correct KEYSIZE and write KMOD[1:0] = 10 in AES_CR register. When KEYVALID is cleared, the key information is automatically transferred by hardware into AES_KEYRx, with BUSY set in AES_SR.
4. Once transfer is completed BUSY bit is cleared and KEYVALID bit is set in AES_SR register. If KEYVALID is not set when BUSY bit is cleared, or if a key error flag (KEIF) is set it means that an unexpected event occurred during the transfer (for example

hardware fault) or the KEYVALID bit in SAES_SR was cleared before the end of the transfer. When such errors occur, the whole SAES key sharing process must be restarted through the IPRST bits of control registers in both SAES and AES peripherals (see Section 49.4.18 for details).

At that point AES is initialized with a valid, shared key. Application can proceed with the processing of data, setting KMOD[1:0] to 00.

Note: While KMOD[1:0] = 10 and BUSY = 1, if KEYSIZE in AES peripheral is different from the KEYSIZE in SAES peripheral the key sharing fails and KEIF is set in both peripherals.

49.4.14 AES data registers and data swapping

Data input and output

A 128-bit data block is entered into the AES peripheral with four successive 32-bit word writes into the AES_DINR register (bitfield DIN[31:0]), the most significant word (bits [127:96]) first, the least significant word (bits [31:0]) last.

A 128-bit data block is retrieved from the AES peripheral with four successive 32-bit word reads from the AES_DOUTR register (bitfield DOUT[31:0]), the most significant word (bits [127:96]) first, the least significant word (bits [31:0]) last.

The 32-bit data word for AES_DINR register or from AES_DOUTR register is organized in big endian order, that is:

• the most significant byte of a word to write into AES_DINR must be put on the lowest address out of the four adjacent memory locations keeping the word to write, or
• the most significant byte of a word read from AES_DOUTR goes to the lowest address out of the four adjacent memory locations receiving the word

For using DMA for input data block write into AES, the four words of the input block must be stored in the memory consecutively and in big-endian order, that is, the most significant word on the lowest address. See Section 49.4.17: AES DMA interface .

Data swapping

The AES peripheral can be configured to perform a bit-, a byte-, a half-word-, or no swapping on the input data word in the AES_DINR register, before loading it to the AES processing core, and on the data output from the AES processing core, before sending it to the AES_DOUTR register. The choice depends on the type of data. For example, a byte swapping is used for an ASCII text stream.

The data swap type is selected through the DATATYPE[1:0] bitfield of the AES_CR register. The selection applies both to the input and the output of the AES core.

For different data swap types, Figure 482 shows the construction of AES processing core input buffer data P127 to P0, from the input data entered through the AES_DINR register, or the construction of the output data available through the AES_DOUTR register, from the AES processing core output buffer data P127 to P0.

Figure 482. 128-bit block construction with respect to data swap

The diagram illustrates the mapping of data bits from memory to the AES core input/output buffer for four different swap modes. At the top, a table shows the byte order in memory by increasing address: byte 3 (D63..D56), byte 2 (D55..D48), byte 1 (D47..D40), and byte 0 (D39..D32). Below this, four sections show the data layout for DATATYPE[1:0] values 00, 01, 10, and 11. Each section displays four words (Word 3 to Word 0) in memory and in the core buffer, with arrows indicating the data swap process. The MSB (Most Significant Bit) is bit 127 and the LSB (Least Significant Bit) is bit 0. A legend at the bottom defines the symbols used: solid grey for memory blocks, dashed for buffer blocks, grey for zero padding, and arrows for data swaps. Numbers 1-4 indicate the order of write to AES_DINR / read from AES_DOUTR for each word.

Diagram showing 128-bit block construction with respect to data swap for different DATATYPE[1:0] settings: 00 (no swapping), 01 (16-bit half-word swapping), 10 (8-bit byte swapping), and 11 (bit swapping).

Note: The data in AES key registers (AES_KEYRx) and initialization registers (AES_IVRx) are not sensitive to the swap mode selection.

Data padding

Figure 482 also gives an example of memory data block padding with zeros such that the zeroed bits after the data swap form a contiguous zone at the MSB end of the AES core input buffer. The example shows the padding of an input data block containing:

• 48 message bits, with DATATYPE[1:0] = 01
• 56 message bits, with DATATYPE[1:0] = 10
• 34 message bits, with DATATYPE[1:0] = 11

49.4.15 AES key registers

The AES_KEYRx write-only registers store the encryption or decryption key bitfield KEY[127:0] or KEY[255:0]. The data to write to each register is organized in the memory in little-endian order, that is, with most significant byte on the highest address (reads are not allowed for security reason).

The key is spread over eight registers as shown in Table 473 .

Table 473. Key endianness in AES_KEYRx registers (128- or 256-bit key length)

AES_KEYR7 [31:0]	AES_KEYR6 [31:0]	AES_KEYR5 [31:0]	AES_KEYR4 [31:0]	AES_KEYR3 [31:0]	AES_KEYR2 [31:0]	AES_KEYR1 [31:0]	AES_KEYR0 [31:0]
-	-	-	-	KEY[127:96]	KEY[95:64]	KEY[63:32]	KEY[31:0]
KEY[255:224]	KEY[223:192]	KEY[191:160]	KEY[159:128]	KEY[127:96]	KEY[95:64]	KEY[63:32]	KEY[31:0]

The key for encryption or decryption may be written into these registers when the AES peripheral is disabled, by clearing the EN bit of the AES_CR register.

The key registers are not affected by the data swapping controlled by DATATYPE[1:0] bitfield of the AES_CR register.

The entire key must be written before starting an AES computation. In normal key mode (KMOD[1:0] = 00), the AES_KEYRx (x = 0 to 3 for KEYSIZE = 0, x = 0 to 7 for KEYSIZE = 1) registers must always be written in either ascending or descending order.

Note: Initiating the key-loading sequence sets the BUSY flag and clears the KEYVALID flag. Once the amount of bits defined by KEYSIZE is transferred to the AES_KEYRx registers, BUSY is cleared, KEYVALID set and the EN bit becomes writable. If an error occurs, BUSY and KEYVALID are cleared and KEIF set (see Section 49.4.18: AES error management for details). For additional information on key modes, refer to Section 49.4.13 .

49.4.16 AES initialization vector registers

The four AES_IVRx registers keep the initialization vector input bitfield IVI[127:0]. The data to write to or to read from each register is organized in the memory in little-endian order, that is, with most significant byte on the highest address. The registers are also ordered from lowest address (AES_IVR0) to highest address (AES_IVR3).

The signification of data in the bitfield depends on the chaining mode selected. When used, the bitfield is updated upon each computation cycle of the AES core.

Write operations to the AES_IVRx registers when the AES peripheral is enabled have no effect to the register contents. For modifying the contents of the AES_IVRx registers, the EN bit of the AES_CR register must first be cleared.

Reading the AES_IVRx registers returns the latest counter value (useful for managing suspend mode).

The AES_IVRx registers are not affected by the data swapping feature controlled by the DATATYPE[1:0] bitfield of the AES_CR register.

49.4.17 AES DMA interface

The AES peripheral provides an interface to connect to the DMA (direct memory access) controller. The DMA operation is controlled through the AES_CR register.

Data input using DMA

Setting the DMAINEN bit of the AES_CR register enables DMA writing into AES. The AES peripheral then initiates a DMA request during the input phase each time it requires to write a 128-bit block (quadruple word) to the AES_DINR register, as shown in Figure 483.

Note: According to the algorithm and the mode selected, special padding / ciphertext stealing might be required. For example, in case of AES GCM encryption or AES CCM decryption, a DMA transfer must not include the last block. For details, refer to Section 49.4.4: AES procedure to perform a cipher operation.

Figure 483. DMA transfer of a 128-bit data block during input phase

The diagram illustrates the DMA transfer of a 128-bit data block during the input phase. At the top, a horizontal arrow indicates 'Chronological order' and 'Increasing address' from left to right. Below this, a section titled 'Memory accessed through DMA' shows four words: Word3 (D127 to D96), Word2 (D95 to D64), Word1 (D63 to D32), and Word0 (D31 to D0). Each word is associated with a 'DMA single write' operation, labeled 1, 2, 3, and 4 respectively. DMA requests are indicated as 'DMA req N', 'DMA req N+1', 'DMA req N+2', and 'DMA req N+3'. Arrows show the data flow from these writes into the 'AES_DINR' register. Below the register, another section shows the 'AES core input buffer' with bits I127 to I0. Arrows labeled 1, 2, 3, and 4 show the data being transferred from the AES_DINR register into the buffer. A label '(No swapping)' is present. At the bottom, a legend shows circled numbers 1 through 4 with the text 'Order of write to AES_DINR'. The diagram is labeled 'MSv42160V1' in the bottom right corner.

Diagram showing DMA transfer of a 128-bit data block during input phase. It illustrates the flow of data from memory (Words 0-3) through DMA single writes to the AES_DINR register and then into the AES core input buffer. The diagram shows bit positions (D127 to D0) and the order of writes (1 to 4).

Data output using DMA

Setting the DMAOUTEN bit of the AES_CR register enables DMA reading from AES. The AES peripheral then initiates a DMA request during the Output phase each time it requires to read a 128-bit block (quadruple word) to the AES_DINR register, as shown in Figure 484.

Note: According to the message size, extra bytes might need to be discarded by application in the last block.

Figure 484. DMA transfer of a 128-bit data block during output phase

The diagram illustrates the DMA transfer of a 128-bit data block during the output phase. At the top, a horizontal arrow indicates 'Chronological order' and 'Increasing address' from left to right. Below this, a section titled 'Memory accessed through DMA' shows four words: Word3 (D127 to D96), Word2 (D95 to D64), Word1 (D63 to D32), and Word0 (D31 to D0). Each word is associated with a 'DMA single read' request (DMA req N, N+1, N+2, N+3). Below the memory section is the 'AES_DOUTR' register. Arrows labeled 1, 2, 3, and 4 point from the 'DMA single read' requests to the 'AES_DOUTR' register. Below the 'AES_DOUTR' register is the 'AES core output buffer' (labeled '(No swapping)'). Arrows labeled 1, 2, 3, and 4 point from the 'AES core output buffer' to the 'AES_DOUTR' register. The 'AES core output buffer' contains data segments O127 to O96, O95 to O64, O63 to O32, and O31 to O0. At the bottom, a dashed line indicates the 'Order of read from AES_DOUTR' with circled numbers 1 to 4. The diagram is labeled 'MSV42161V1' in the bottom right corner.

Diagram illustrating the DMA transfer of a 128-bit data block during the output phase. The diagram shows the flow of data from the AES core output buffer through the AES_DOUTR register to memory via DMA single reads. The memory is accessed through DMA in four words (Word0 to Word3), with addresses increasing chronologically. The AES_DOUTR register is read in four steps (1 to 4), corresponding to the DMA single reads. The data is transferred from the AES core output buffer to the AES_DOUTR register, and then to memory. The diagram also shows the MSB and LSB of the data words and the order of read from the AES_DOUTR register.

DMA operation in different operating modes

DMA operations are usable when Mode 1 (encryption) or Mode 3 (decryption) are selected via the MODE[1:0] bitfield of the register AES_CR. As in Mode 2 (key derivation) the AES_KEYRx registers must be written by software, enabling the DMA transfer through the DMAINEN and DMAOUTEN bits of the AES_CR register have no effect in that mode.

DMA single requests are generated by AES until it is disabled. So, after the data output phase at the end of processing of a 128-bit data block, AES switches automatically to a new data input phase for the next data block, if any.

When the data transferring between AES and memory is managed by DMA, the CCF flag has no use because the reading of the AES_DOUTR register is managed by DMA automatically at the end of the computation phase. The CCF flag must only be cleared when transiting back to data transferring managed by software. See Section 49.4.4: AES procedure to perform a cipher operation , subsection Data append , for details.

49.4.18 AES error management

AES configuration can be changed at any moment by clearing the EN bit of the AES_CR register.

Read error flag (RDERR)

Unexpected read attempt of the AES_DOUTR register sets the RDERR flag of the AES_SR register and the RWEIF flag of the AES_ISR register, and returns zero.

RDERR is triggered during the computation phase or during the input phase.

Note: AES is not disabled upon a RDERR error detection and continues processing.

An interrupt is generated if the RWEIE bit of the AES_IER register is set. For more details, refer to Section 49.5: AES interrupts .

The RDERR and RWEIF flag is cleared by setting the RWEIE bit of the AES_ICR register.

Write error flag (WDERR)

Unexpected write attempt of the AES_DINR register sets the WRERR flag of the AES_SR register and the RWEIF flag of the AES_ISR register, and has no effect on the AES_DINR register. The WRERR is triggered during the computation phase or during the output phase.

Note: AES is not disabled after a WRERR error detection and continues processing.

An interrupt is generated if the RWEIE bit of the AES_IER register is set. For more details, refer to Section 49.5: AES interrupts .

The WRERR and RWEIF flag is cleared by setting the RWEIF bit of the AES_ICR register.

Key error interrupt flag (KEIF)

Failure to load a key into key registers, sets the KEIF flag of the AES_ISR register and clears the KEYVALID bit of the AES_SR register.

The KEIF flag is cleared with corresponding bit of the AES_ICR register. An interrupt is generated if the KEIE bit of the AES_IER register is set. For more details, refer to Section 49.5: AES interrupts .

The possible sources of key errors are:

• Key writing sequence error: an incorrect sequence has been detected when writing key registers. See Section 49.4.15: AES key registers for details.
• Key sharing size mismatch: error is triggered when KMOD[1:0] = 10 and application sets a KEYSIZE information in AES peripheral that does not match the KEYSIZE stored in SAES peripheral
• Key sharing error: the copy of key registers from SAES peripheral to AES failed. See Section 49.4.13: AES operation with shared keys for details.

Upon a key sharing error, reset both AES and SAES peripherals through the IPRST bit of their corresponding control register, then restart the key sharing sequence.

Note: For any key error, clear KEIF flag prior to re-configuring AES.

49.5 AES interrupts

Individual maskable interrupt sources generated by the AES peripheral signal the following events:

• computation completed
• read error
• write error
• key error

These sources are combined into a common interrupt signal from the AES peripheral that connects to the Arm ^®Cortex ^®interrupt controller. Each can individually be enabled/disabled, by setting/clearing the corresponding enable bit of the AES_IER register, and cleared by setting the corresponding bit of the AES_ICR register.

The status of each can be read from the AES_SR and AES_ISR registers.

Table 474 gives a summary of the interrupt sources, their event flags and enable bits.

Table 474. AES interrupt requests

Interrupt acronym	AES interrupt event	Event flag	Enable bit	Interrupt clear method
AES	computation completed flag	CCF	CCFIE	set CCF ⁽¹⁾
	read error flag	RDERR ⁽²⁾	RWEIE	set RWEIF ⁽¹⁾
	write error flag	WRERR ⁽²⁾	RWEIE	set RWEIF ⁽¹⁾
	key error flag	KEIF	KEIE	set KEIF ⁽¹⁾

1. Bit of the AES_ICR register.

2. Flag of the AES_SR register, mirrored by the flag RWEIF of the AES_ISR register.

49.6 AES processing latency

The tables below summarize the latency to process a 128-bit block for each mode of operation.

Table 475. Processing latency for ECB, CBC and CTR

Key size	Mode of operation	Algorithm	Clock cycles
128-bit	Mode 1: Encryption	ECB, CBC, CTR	51
	Mode 2: Key derivation	-	59
	Mode 3: Decryption	ECB, CBC, CTR	51
256-bit	Mode 1: Encryption	ECB, CBC, CTR	75
	Mode 2: Key derivation	-	82
	Mode 3: Decryption	ECB, CBC, CTR	75

Table 476. Processing latency for GCM and CCM (in clock cycles)

Key size	Mode of operation	Algorithm	Init Phase	Header phase ⁽¹⁾	Payload phase ⁽¹⁾	Tag phase ⁽¹⁾
128-bit	Mode 1: Encryption/ Mode 3: Decryption	GCM	64	35	51	59
128-bit	Mode 1: Encryption/ Mode 3: Decryption	CCM	63	55	114	58
256-bit	Mode 1: Encryption/ Mode 3: Decryption	GCM	88	35	75	75
256-bit	Mode 1: Encryption/ Mode 3: Decryption	CCM	87	79	162	82

1. Data insertion can include wait states forced by AES on the AHB bus (maximum 3 cycles, typical 1 cycle).

49.7 AES registers

49.7.1 AES control register (AES_CR)

Address offset: 0x00

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
IPRST	Res.			Res.		KMOD[1:0]		NPBLB[3:0]				Res.	KEYSIZE	Res.	CHMOD[2]
rw						rw	rw	rw	rw	rw	rw		rw		rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Res.	GCMPh[1:0]		DMAOUTEN	DMAINEN	Res.	Res.	Res.	Res.	CHMOD[1:0]		MODE[1:0]		DATATYPE[1:0]		EN
	rw	rw	rw	rw					rw	rw	rw	rw	rw	rw	rw

Bit 31 IPRST : AES peripheral software reset

Setting the bit resets the AES peripheral, putting all registers to their default values, except the IPRST bit itself. Hence, any key-relative data is lost. For this reason, it is recommended to set the bit before handing over the AES to a less secure application.

The bit must be low while writing any configuration registers.

Bits 30:26 Reserved, must be kept at reset value.

Bits 25:24 KMOD[1:0] : Key mode selection

The bitfield defines how the AES key can be used by the application:

00: Normal key

10: Shared key from SAES co-processor

Others: Reserved

With normal key selection, the key registers are freely usable, no specific usage or protection applies to AES_DIN and AES_DOUT registers.

With selection of shared key from SAES co-processor, the AES peripheral automatically loads its key registers with the data stored in the key registers of the SAES peripheral. The key value is available in key registers when BUSY bit is cleared and KEYVALID is set in the AES_SR register. Key error flag KEIF is set otherwise in the AES_ISR register.

The bitfield must be set only when KEYSIZE is correct, and when a shared key decryption sequence has been successfully completed in SAES co-processor.

Attempts to write the bitfield are ignored when the BUSY flag of AES_SR register is set, as well as when the EN bit of the AES_CR register is set before the write access and it is not cleared by that write access.

Bits 23:20 NPBLB[3:0] : Number of padding bytes in last block

The bitfield sets the number of padding bytes in last block of payload:

0000: All bytes are valid (no padding)

0001: Padding for one least-significant byte of last block

...

1111: Padding for 15 least-significant bytes of last block

Bit 19 Reserved, must be kept at reset value.

Bit 18 KEYSIZE : Key size selection

This bitfield defines the length of the key used in the AES cryptographic core, in bits:

0: 128
1: 256

Attempts to write the bit are ignored when the BUSY flag of AES_SR register is set, as well as when the EN bit of the AES_CR register is set before the write access and it is not cleared by that write access.

Bit 17 Reserved, must be kept at reset value.

Bit 15 Reserved, must be kept at reset value.

Bits 14:13 GCMPH[1:0] : GCM or CCM phase selection

This bitfield selects the phase of GCM, GMAC or CCM algorithm:

00: Init phase
01: Header phase
10: Payload phase
11: Final phase

The bitfield has no effect if other than GCM, GMAC or CCM algorithms are selected (through the ALGOMODE bitfield).

Bit 12 DMAOUTEN : DMA output enable

This bit enables/disables data transferring with DMA, in the output phase:

0: Disable
1: Enable

When the bit is set, DMA requests are automatically generated by AES during the output data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).

Bit 11 DMAINEN : DMA input enable

This bit enables/disables data transferring with DMA, in the input phase:

0: Disable
1: Enable

When the bit is set, DMA requests are automatically generated by AES during the input data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).

Bits 10:7 Reserved, must be kept at reset value.

Bits 16, 6:5 CHMOD[2:0] : Chaining mode selection

This bitfield selects the AES chaining mode:

000: Electronic codebook (ECB)
001: Cipher-block chaining (CBC)
010: Counter mode (CTR)
011: Galois counter mode (GCM) and Galois message authentication code (GMAC)
100: Counter with CBC-MAC (CCM)
others: Reserved

Bits 4:3 MODE[1:0] : AES operating mode

This bitfield selects the AES operating mode:

00: Mode 1: encryption

01: Mode 2: key derivation (or key preparation for ECB/CBC decryption)

10: Mode 3: decryption

11: Reserved

Bits 2:1 DATATYPE[1:0] : Data type selection

This bitfield defines the format of data written in the AES_DINR register or read from the AES_DOUTR register, through selecting the mode of data swapping:

00: None

01: Half-word (16-bit)

10: Byte (8-bit)

11: Bit

For more details, refer to Section 49.4.14: AES data registers and data swapping .

Bit 0 EN : AES enable

This bit enables/disables the AES peripheral:

0: Disable

1: Enable

At any moment, clearing then setting the bit re-initializes the AES peripheral.

This bit is automatically cleared by hardware upon the completion of the key preparation (Mode 2) and upon the completion of GCM/GMAC/CCM initial phase.

The bit cannot be set as long as KEYVALID = 0.

Note: With KMOD[1:0] other than 00, use the IPRST bit rather than the bit EN.

49.7.2 AES status register (AES_SR)

Address offset: 0x04

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEYVALID	Res.	Res.	Res.	BUSY	WRERR	RDERR	CCF
								r				r	r	r	r

Bits 31:8 Reserved, must be kept at reset value.

Bit 7 KEYVALID: Key Valid flag

This bit is set by hardware when the amount of key information defined by KEYSIZE in AES_CR has been loaded in AES_KEYx key registers.

0: No valid key information is available in key registers. EN bit in AES_CR cannot be set.

1: Valid key information, defined by KEYSIZE in AES_CR, is loaded in key registers.

In normal mode when KEYSEL equals to zero, the application must write the key registers in the correct sequence, otherwise the KEIF flag of the AES_ISR register is set and KEYVALID stays at zero.

When KEYSEL is different from zero the BUSY flag is automatically set by AES. When key is loaded successfully, the BUSY flag is cleared and KEYVALID set. Upon an error, the KEIF flag of the AES_ISR register is set, the BUSY flag cleared and KEYVALID kept at zero.

When the KEIF flag is set, the application must clear it through the AES_ICR register, otherwise KEYVALID cannot be set. See the KEIF bit description for more details.

For more information on key loading, refer to Section 49.4.15: AES key registers .

Bits 6:4 Reserved, must be kept at reset value.

Bit 3 BUSY: Busy

This flag indicates whether AES is idle or busy during GCM payload encryption phase:

0: Idle

1: Busy

When the flag indicates “idle”, the current GCM encryption processing may be suspended to process a higher-priority message. In other chaining modes, or in GCM phases other than payload encryption, the flag must be ignored for the suspend process.

The flag is set when transferring a shared key from SAES peripheral.

Bit 2 WRERR: Write error

This flag indicates the detection of an unexpected write operation to the AES_DINR register (during computation or data output phase):

0: Not detected

1: Detected

The flag is set by hardware. It is cleared by software upon setting the RWEIF bit of the AES_ICR register.

Upon the flag setting, an interrupt is generated if enabled through the RWEIE bit of the AES_ICR register.

The flag setting has no impact on the AES operation. Unexpected write is ignored.

Bit 1 RDERR: Read error flag

This flag indicates the detection of an unexpected read operation from the AES_DOUTR register (during computation or data input phase):

0: Not detected

1: Detected

The flag is set by hardware. It is cleared by software upon setting the RWEIF bit of the AES_ICR register.

Upon the flag setting, an interrupt is generated if enabled through the RWEIE bit of the AES_ICR register.

The flag setting has no impact on the AES operation. Unexpected read returns zero.

Bit 0 CCF: Computation completed flag

This bit mirrors the CCF bit of the AES_ISR register.

49.7.3 AES data input register (AES_DINR)

Address offset: 0x08

Reset value: 0x0000 0000

Only 32-bit write access type is supported.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
DIN[31:16]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
DIN[15:0]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 DIN[31:0] : Input data word

A four-fold sequential write to this bitfield during the input phase results in writing a complete 128-bit block of input data to the AES peripheral. From the first to the fourth write, the corresponding data weights are [127:96], [95:64], [63:32], and [31:0]. Upon each write, the data from the 32-bit input buffer are handled by the data swap block according to the DATATYPE[1:0] bitfield, then written into the AES core 128-bit input buffer.

The data signification of the input data block depends on the AES operating mode:

- Mode 1 (encryption): plaintext
- Mode 2 (key derivation): the bitfield is not used (AES_KEYRx registers used for input)
- Mode 3 (decryption): ciphertext

The data swap operation is described in Section 49.4.14: AES data registers and data swapping on page 1951 .

49.7.4 AES data output register (AES_DOUTR)

Address offset: 0x0C

Reset value: 0x0000 0000

Only 32-bit read access type is supported.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
DOUT[31:16]
r	r	r	r	r	r	r	r	r	r	r	r	r	r	r	r
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
DOUT[15:0]
r	r	r	r	r	r	r	r	r	r	r	r	r	r	r	r

Bits 31:0 DOUT[31:0] : Output data word

This read-only bitfield fetches a 32-bit output buffer. A four-fold sequential read of this bitfield, upon the computation completion (CCF set), virtually reads a complete 128-bit block of output data from the AES peripheral. Before reaching the output buffer, the data produced by the AES core are handled by the data swap block according to the DATATYPE[1:0] bitfield.

Data weights from the first to the fourth read operation are: [127:96], [95:64], [63:32], and [31:0].

The data signification of the output data block depends on the AES operating mode:

- Mode 1 (encryption): ciphertext
- Mode 2 (key derivation): the bitfield is not used
- Mode 3 (decryption): plaintext

The data swap operation is described in Section 49.4.14: AES data registers and data swapping on page 1951 .

49.7.5 AES key register 0 (AES_KEYR0)

Address offset: 0x10

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[31:16]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[15:0]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[31:0] : Cryptographic key, bits [31:0]

This write-only bitfield contains the bits [31:0] of the AES encryption or decryption key, depending on the operating mode:

- In Mode 1 (encryption), Mode 2 (key derivation): the value to write into the bitfield is the encryption key.
- In Mode 3 (decryption): the value to write into the bitfield is the encryption key to be derived before being used for decryption.

The AES_KEYRx registers may be written only when KEYSIZE value is correct and when the AES peripheral is disabled (EN bit of the AES_CR register cleared). A special writing sequence is also required, as described in KEYVALID bit of the AES_SR register. Note that, if KMOD[1:0] = 10 (shared key), the key is directly loaded from SAES peripheral to AES_KEYRx registers (hence writes to key register is ignored and KEIF is set).

Refer to Section 49.4.15: AES key registers on page 1953 for more details.

49.7.6 AES key register 1 (AES_KEYR1)

Address offset: 0x14

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[63:48]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[47:32]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[63:32] : Cryptographic key, bits [63:32]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.7 AES key register 2 (AES_KEYR2)

Address offset: 0x18

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[95:80]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[79:64]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[95:64] : Cryptographic key, bits [95:64]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.8 AES key register 3 (AES_KEYR3)

Address offset: 0x1C

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[127:112]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[111:96]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[127:96] : Cryptographic key, bits [127:96]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.9 AES initialization vector register 0 (AES_IVR0)

Address offset: 0x20

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
IVI[31:16]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
IVI[15:0]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw

Bits 31:0 IVI[31:0] : Initialization vector input, bits [31:0]

Refer to Section 49.4.16: AES initialization vector registers on page 1953 for description of the IVI[127:0] bitfield.

The initialization vector is only used in chaining modes other than ECB.

The AES_IVRx registers may be written only when the AES peripheral is disabled

49.7.10 AES initialization vector register 1 (AES_IVR1)

Address offset: 0x24

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
IVI[63:48]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
IVI[47:32]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw

Bits 31:0 IVI[63:32] : Initialization vector input, bits [63:32]

Refer to the AES_IVR0 register for description of the IVI[128:0] bitfield.

49.7.11 AES initialization vector register 2 (AES_IVR2)

Address offset: 0x28

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
IVI[95:80]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
IVI[79:64]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw

Bits 31:0 IVI[95:64] : Initialization vector input, bits [95:64]

Refer to the AES_IVR0 register for description of the IVI[128:0] bitfield.

49.7.12 AES initialization vector register 3 (AES_IVR3)

Address offset: 0x2C

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
IVI[127:112]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
IVI[111:96]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw

Bits 31:0 IVI[127:96] : Initialization vector input, bits [127:96]
Refer to the AES_IVR0 register for description of the IVI[128:0] bitfield.

49.7.13 AES key register 4 (AES_KEYR4)

Address offset: 0x30

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[159:144]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[143:128]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[159:128] : Cryptographic key, bits [159:128]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.14 AES key register 5 (AES_KEYR5)

Address offset: 0x34

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[191:176]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[175:160]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[191:160] : Cryptographic key, bits [191:160]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.15 AES key register 6 (AES_KEYR6)

Address offset: 0x38

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[223:208]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[207:192]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[223:192] : Cryptographic key, bits [223:192]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

49.7.16 AES key register 7 (AES_KEYR7)

Address offset: 0x3C

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
KEY[255:240]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
KEY[239:224]
w	w	w	w	w	w	w	w	w	w	w	w	w	w	w	w

Bits 31:0 KEY[255:224] : Cryptographic key, bits [255:224]

Refer to the AES_KEYR0 register for description of the KEY[255:0] bitfield.

Note: The key registers from 4 to 7 are used only when the key length of 256 bits is selected. They have no effect when the key length of 128 bits is selected (only key registers 0 to 3 are used in that case).

49.7.17 AES suspend registers (AES_SUSPxR)

Address offset: 0x040 + 0x4 * x, (x = 0 to 7)

Reset value: 0x0000 0000

These registers contain the complete internal register states of the AES processor when the AES processing of the current task is suspended to process a higher-priority task.

Upon suspend, the software reads and saves the AES_SUSPxR register contents (where x is from 0 to 7) into memory, before using the AES processor for the higher-priority task.

Upon completion, the software restores the saved contents back into the corresponding suspend registers, before resuming the original task.

Note: These registers are used only when GCM, GMAC, or CCM chaining mode is selected.

These registers can be read only when AES is enabled. Reading these registers while AES is disabled returns 0x0000 0000.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
SUSP[31:16]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
SUSP[15:0]
rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw	rw

Bits 31:0 SUSP[31:0] : AES suspend

Upon suspend operation, this bitfield of the corresponding AES_SUSPxR register takes the value of one of internal AES registers.

49.7.18 AES interrupt enable register (AES_IER)

Address offset: 0x300

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIE	RWEIE	CCFIE
													rw	rw	rw

Bits 31:3 Reserved , must be kept at reset value.

Bit 2 KEIE: Key error interrupt enable

This bit enables or disables (masks) the AES interrupt generation when KEIF (key error flag) is set.

0: Disabled (masked)
1: Enabled (not masked)

Bit 1 RWEIE: Read or write error interrupt enable

This bit enables or disables (masks) the AES interrupt generation when RWEIF (read and/or write error flag) is set.

0: Disabled (masked)
1: Enabled (not masked)

Bit 0 CCFIE: Computation complete flag interrupt enable

This bit enables or disables (masks) the AES interrupt generation when CCF (computation complete flag) is set.

0: Disabled (masked)
1: Enabled (not masked)

49.7.19 AES interrupt status register (AES_ISR)

Address offset: 0x304

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIF	RWEIF	CCF
													r	r	r

Bits 31:3 Reserved , must be kept at reset value.

Bit 2 KEIF : Key error interrupt flag

This read-only bit is set by hardware when key information failed to load into key registers.

0: No key error detected

1: Key information failed to load into key registers

Setting the corresponding bit of the AES_ICR register clears the KEIF and generates interrupt if the KEIE bit of the AES_IER register is set.

KEIF is triggered upon any of the following errors:

– AES_KEYRx register write does not respect the correct order. (For KEYSIZE = 0, AES_KEYR0 then AES_KEYR1 then AES_KEYR2 then AES_KEYR3 register, or reverse. For KEYSIZE = 1, AES_KEYR0 then AES_KEYR1 then AES_KEYR2 then AES_KEYR3 then AES_KEYR4 then AES_KEYR5 then AES_KEYR6 then AES_KEYR7 , or reverse).

KEIF must be cleared by the application software, otherwise KEYVALID cannot be set.

Bit 1 RWEIF : Read or write error interrupt flag

This read-only bit is set by hardware when a RDERR or a WRERR error flag is set in the AES_SR register.

0: No read or write error detected

1: Read or write error detected (see AES_SR register for details)

RWEIF bit is cleared when application sets the corresponding bit of AES_ICR register. An interrupt is generated if the RWEIE bit has been previously set in the AES_IER register.

This flags has no meaning when key derivation mode is selected.

Bit 0 CCF : Computation complete flag

This flag indicates whether the computation is completed:

0: Not completed

1: Completed

The flag is set by hardware upon the completion of the computation. It is cleared by software, upon setting the CCF bit of the AES_ICR register.

Upon the flag setting, an interrupt is generated if enabled through the CCFIE bit of the AES_IER register.

The flag is significant only when the DMAOUTEN bit is 0. It may stay high when DMA_EN is 1.

49.7.20 AES interrupt clear register (AES_ICR)

Address offset: 0x308

Reset value: 0x0000 0000

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIF	RWEIF	CCF
													w	w	w

Bits 31:3 Reserved, must be kept at reset value.

Bit 2 KEIF : Key error interrupt flag clear

Setting this bit clears the KEIF status bit of the AES_ISR register.

Bit 1 RWEIF : Read or write error interrupt flag clear

Setting this bit clears the RWEIF status bit of the AES_ISR register, and both RDERR and WRERR flags in the AES_SR register.

Bit 0 CCF : Computation complete flag clear

Setting this bit clears the CCF status bit of the AES_SR and AES_ISR registers.

49.7.21 AES register map

Table 477. AES register map and reset values

Offset	Register	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
0x000	AES_CR	IPRST	Res.	Res.	Res.	Res.	Res.	KMOD[1]	KMOD[0]	NPBLB[3:0]				Res.	KEYSIZE	Res.	CHMOD[2]	Res.	GCMPH[1:0]		DMAOUTEN	DMAINEN	Res.	Res.	Res.	Res.	CHMOD[1:0]		MODE[1:0]		DATATYPE[1:0]		EN
0x000	Reset value	0						0	0	0	0	0	0		0		0		0	0	0	0					0	0	0	0	0	0	0
0x004	AES_SR	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEYVALID	Res.	Res.	Res.	BUSY	WRERR	RDERR	CCF
0x004	Reset value																									0				0	0	0	0
0x008	AES_DINR	DIN[31:0]
0x008	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x00C	AES_DOUTR	DOUT[31:0]
0x00C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x010	AES_KEYR0	KEY[31:0]
0x010	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x014	AES_KEYR1	KEY[63:32]
0x014	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x018	AES_KEYR2	KEY[95:64]
0x018	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x01C	AES_KEYR3	KEY[127:96]
0x01C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x020	AES_IVR0	IVI[31:0]
0x020	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x024	AES_IVR1	IVI[63:32]
0x024	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x028	AES_IVR2	IVI[95:64]
0x028	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x02C	AES_IVR3	IVI[127:96]
0x02C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0

Table 477. AES register map and reset values (continued)

Offset	Register	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
Offset	Register	0x030	AES_KEYR4	KEY[159:128]
Reset value	0	0x030	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x034	AES_KEYR5	KEY[191:160]
0x034	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x038	AES_KEYR6	KEY[223:192]
0x038	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x03C	AES_KEYR7	KEY[255:224]
0x03C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x040	AES_SUSP0R	SUSP[31:0]
0x040	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x044	AES_SUSP1R	SUSP[31:0]
0x044	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x048	AES_SUSP2R	SUSP[31:0]
0x048	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x04C	AES_SUSP3R	SUSP[31:0]
0x04C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x050	AES_SUSP4R	SUSP[31:0]
0x050	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x054	AES_SUSP5R	SUSP[31:0]
0x054	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x058	AES_SUSP6R	SUSP[31:0]
0x058	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x05C	AES_SUSP7R	SUSP[31:0]
0x05C	Reset value	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
0x060- 0x2FF	Reserved	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.
0x300	AES_IER	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIE	RWEIE	CCFIE
0x300	Reset value																														0	0	0
0x304	AES_ISR	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIF	RWEIF	CCF
0x304	Reset value																														0	0	0
0x308	AES_ICR	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	Res.	KEIF	RWEIF	CCF
0x308	Reset value																														0	0	0

Refer to Section 2.3 on page 140 for the register boundary addresses.