 English |
|
|
|
|
|
|
|
| SAM4L Datasheet, PDF (426/1185 Pages) ATMEL Corporation – ATSAM ARM-based Flash MCU | |||
| |||
| ◁ |
ATSAM4L4/L2
uniquess requirement for counter values across all messages is dependent on the choices of the
initial counter values for the messages (see NIST Special Publication 800-38A, Appendix B:
Generation of Counter Blocks for recommendations for choosing initial couter values).
18.4.3
DMA Interface
AESA is able to interface with a DMA controller, thus allowing the processing of multiple data
blocks with minimal CPU intervention. AESA operates in the DMA mode when the DMA bit in the
MODE register is programmed to â1â.
Two channels are supported by the DMA interface - an input data channel for writing input data
to AESA and an output data channel for reading output data from AESA. The destination
address for the input data channel is the IDATA register address, whereas the source address
for the output data channel is the ODATA register address.
Note that the DMA write transactions must be performed in the ascending word order, i.e., the
first write transaction is for the first word of the input data, the second write transaction is for the
second word, and so on. The number of write transactions required depends on the confidential-
ity mode of operation that AESA is in and is the same as the number of relevant input buffer
registers as shown in Table 18-1 on page 424.
Likewise, the DMA read transactions must also be performed in the ascending word order, i.e.,
the first read transaction is for the first word of the output data, the second read transaction is for
the second word, and so on.
18.4.4
Computation of Last Nk Words of Expanded Key
The AES algorithm takes the cryptographic key provided by the user and performs a Key Expan-
sion routine to generate an expanded key. The expanded key contains a total of 4(Nr + 1) 32-bit
words, where the first Nk (4 for a 128-bit key) words are the user-provided key.
For data encryption, the expanded key is used in the forward direction, i.e., the first four words
are used in the initial round of data processing, the second four words in the first round, the third
four words in the second round, and so on.
On the other hand, for data decryption, the expanded key is used in the reverse direction, i.e.,
the last four words are used in the initial round of data processing, the last second four words in
the first round, the last third four words in the second round, and so on.
To reduce gate count, AESA does not generate and store the entire expanded key prior to data
processing. Instead, it computes on-the-fly the round key (four 32-bit words) required for the cur-
rent round of data processing. In general, the round key for the current round of data processing
can be computed from the Nk words of the expanded key generated in the previous rounds.
When AESA is operating in the encryption mode, the round key for the initial round of data pro-
cessing is simply the user-provided key written to the KEY registers.
On the other hand, when AESA is operating in the decryption mode, the round key for the initial
round of data processing is the last four words of the expanded key, which is not available
unless AESA has performed at least one encryption process prior to operating in the decryption
mode. In general, the last Nk words of the expanded key must be available before decryption
can start.
If desired, AESA can be instructed to compute the last Nk words of the expanded key in advance
by writing a one to the Decryption Key Generate (DKEYGEN) bit in the CTRL register. The com-
putation takes Nr clock cycles.
42023CâSAMâ02/2013
426
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese