 English |
|
|
|
|
|
|
|
| SAM4L Datasheet, PDF (425/1185 Pages) ATMEL Corporation – ATSAM ARM-based Flash MCU | |||
| |||
| ◁ |
ATSAM4L4/L2
18.4.2
Confidentiality Modes of Operation
AESA supports all five confidentiality modes of operation as recommended by the NIST Special
Publication 800-38A, Recommendation for Block Cipher Modes of Operation - Methods and
Techniques:
⢠Electronic Code Book (ECB)
⢠Cipher Block Chaining (CBC)
⢠Output Feedback (OFB)
⢠Cipher Feedback (CFB)
â CFB8 (8-bit data segment)
â CFB16 (16-bit data segment)
â CFB32 (32-bit data segment)
â CFB64 (64-bit data segment)
â CFB128 (128-bit data segment)
⢠CTR: Counter
The pre-processing, post-processing, and chaining of data required in these modes of operation
are automatically performed by AESA. For complete information on these modes of operation,
refer to the NIST Special Publication 800-38A.
The desired mode of operation is selected by programming the Operation Mode (OPMODE)
field in the MODE register. For the CFB mode, the desired data segment size (8, 16, 32, 64, or
128 bits) is selected by programming the Cipher Feedback Data Size (CFDS) field in the MODE
register.
With the only exception of the ECB operation mode, an initialization vector or an initial counter is
required as an input to the encryption and decryption processes for all confidentiality modes of
operation. The initialization vector or initial counter is stored in the four 32-bit INITVECT regis-
ters. The initialization vector or initial counter is only used for processing the first 128-bit data
block of a message. For this reason, it is necessary to notify AESA whenever the next data block
it is going to process is the beginning of a new message. This is done by writing a one to the
New Message (NEWMSG) bit in the CTRL register.
The following paragraphs on the selection of the initialization vector or counter value should be
noted to avoid compromising the confidentiality of an operation mode.
For the CBC and CFB modes, the initialization vector must be unpredictable (see NIST Special
Publication 800-38A, Appendix C: Generation of Initialization Vectors for recommendations for
generating unpredictable initialization vectors).
For the OFB mode, the initialization vector need not be unpredictable, but it must be unique for
every message ever encrypted under a given key (see NIST Special Publication 800-38A,
Appendix C: Generation of Initialization Vectors for recommendations for generating unique ini-
tialization vectors).
For the CTR mode, the counter value must be unique for each input data block that is ever
encrypted under a given key, across all messages. In AESA, a counter value for each input data
block is automatically generated by applying the standard incrementing function on a predefined
number, m, of LSBs of the counter value (the initial counter value is provided by the user). This
number is specified in the Module Configuration section at the end of this chapter. Note that the
number of data blocks (128 bits) in the message must be no more than 2m in order for the coun-
ter value to be unique for each input data block within the message. The satisfaction of the
42023CâSAMâ02/2013
425
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese