Atmel ARM-Based Evaluation Kit AT91SAM9N12-EK AT91SAM9N12-EK Data Sheet
Product codes
AT91SAM9N12-EK
1004
SAM9N12/SAM9CN11/SAM9CN12 [DATASHEET]
11063K–ATARM–05-Nov-13
45.4
Functional Description
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to
protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher)
information.
protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher)
information.
Encryption converts data to an unintelligible form called ciphertext. Decrypting the ciphertext converts the data back into
its original form, called plaintext. The CIPHER bit in the AES Mode Register (AES_MR) allows selection between the
encryption and the decryption processes.
its original form, called plaintext. The CIPHER bit in the AES Mode Register (AES_MR) allows selection between the
encryption and the decryption processes.
The AES is capable of using cryptographic keys of 128/192/256 bits to encrypt and decrypt data in blocks of 128 bits.
This 128-bit/192-bit/256-bit key is defined in the Key Registers (AES_KEYWRx).
This 128-bit/192-bit/256-bit key is defined in the Key Registers (AES_KEYWRx).
The input to the encryption processes of the CBC, CFB, and OFB modes includes, in addition to the plaintext, a 128-bit
data block called the initialization vector (IV), which must be set in the Initialization Vector Registers (AES_IVRx). The
initialization vector is used in an initial step in the encryption of a message and in the corresponding decryption of the
message. The Initialization Vector Registers are also used by the CTR mode to set the counter value.
data block called the initialization vector (IV), which must be set in the Initialization Vector Registers (AES_IVRx). The
initialization vector is used in an initial step in the encryption of a message and in the corresponding decryption of the
message. The Initialization Vector Registers are also used by the CTR mode to set the counter value.
45.4.1 Operation
Modes
The AES supports the following modes of operation:
ECB: Electronic Code Book
CBC: Cipher Block Chaining
OFB: Output Feedback
CFB: Cipher Feedback
CFB8 (CFB where the length of the data segment is 8 bits)
CFB16 (CFB where the length of the data segment is 16 bits)
CFB32 (CFB where the length of the data segment is 32 bits)
CFB64 (CFB where the length of the data segment is 64 bits)
CFB128 (CFB where the length of the data segment is 128 bits)
CTR: Counter
The data pre-processing, post-processing and data chaining for the concerned modes are automatically performed.
Refer to the NIST Special Publication 800-38A Recommendation for more complete information.
Refer to the NIST Special Publication 800-38A Recommendation for more complete information.
These modes are selected by setting the OPMOD field in the AES_MR.
In CFB mode, five data sizes are possible (8, 16, 32, 64 or 128 bits), configurable by means of the CFBS field in the
AES_MR (
AES_MR (
In CTR mode, the size of the block counter embedded in the module is 16 bits. Therefore, there is a rollover after
processing 1 megabyte of data. If the file to be processed is greater than 1 megabyte, this file must be split into
fragments of 1 megabyte. Prior to loading the first fragment into AES_IDATARx, AES_IVRx must be cleared. For any
fragment, after the transfer is completed and prior to transferring the next fragment, AES_IVR0 must be programmed so
that the fragment number (0 for the first fragment, 1 for the second one, and so on) is written in the 16 MSB of
AES_IVR0.
processing 1 megabyte of data. If the file to be processed is greater than 1 megabyte, this file must be split into
fragments of 1 megabyte. Prior to loading the first fragment into AES_IDATARx, AES_IVRx must be cleared. For any
fragment, after the transfer is completed and prior to transferring the next fragment, AES_IVR0 must be programmed so
that the fragment number (0 for the first fragment, 1 for the second one, and so on) is written in the 16 MSB of
AES_IVR0.
45.4.2 Double
Input
Buffer
The input data register can be double-buffered to reduce the runtime of large files.
This mode allows writing a new message block when the previous message block is being processed. This is only
possible when DMA accesses are performed (SMOD = 0x2).
possible when DMA accesses are performed (SMOD = 0x2).
The DUALBUFF bit in AES_MR must be set to 1 to access the double buffer.