Texas Instruments Development Kit for TM4C129x,Tiva™ ARM® Cortex™ -M4 Microcontroller DK-TM4C129X DK-TM4C129X Datenbogen
Produktcode
DK-TM4C129X
Figure 13-11. AES - CCM Operation
Input buffer
(plain text)
AES core
(encrypt)
Output buffer
(cipher text)
Key register
128
12
256
data_in
data_out
Key in
Encryption
Temporary
register
128
12
IV register
IV register
(counter)
127
32n
32n-1
0
+
1
32n
128-32n
128
32n
128
256
Authentication
Result
128
128
AES core
(encrypt)
32n
Input buffer
(cipher text)
AES core
(encrypt)
Output buffer
(plain text)
Key register
128
12
256
data_in
data_out
Key in
Decryption
Temporary
register
128
12
IV register
IV register
(counter)
127
32n
32n-1
0
+
1
32n
128-32n
128
128
256
Authentication
Result
128
128
AES core
(encrypt)
13.2.3.2
Extended and Combined Modes of Operations
This section describes the protocols (or autonomous precalculations) supported by the AES wide-bus
engine.
engine.
GCM Protocol Operation
A GCM protocol operation is a combined operation consisting of encryption/decryption and
authentication. A part of the input data stream can be authenticated only, while normally most of
the input data is encrypted/decrypted and authenticated. The authentication-only data must always
be in front of the data requiring encryption. Within GCM, the authentication-only data is called the
additional authentication data (AAD). The AAD is fetched independently of other data.
authentication. A part of the input data stream can be authenticated only, while normally most of
the input data is encrypted/decrypted and authenticated. The authentication-only data must always
be in front of the data requiring encryption. Within GCM, the authentication-only data is called the
additional authentication data (AAD). The AAD is fetched independently of other data.
The intermediate (temporary) result data is used as input to the remaining authentication operation.
Because the authentication operation does not require the cryptographic core but only the polynomial
multiplication, encryption/decryption and authentication can be performed in parallel. After encryption
of the last data block, additional polynomial multiplication and encryption are required to authenticate
a 128-bit length vector and finally encrypt the authentication result.
Because the authentication operation does not require the cryptographic core but only the polynomial
multiplication, encryption/decryption and authentication can be performed in parallel. After encryption
of the last data block, additional polynomial multiplication and encryption are required to authenticate
a 128-bit length vector and finally encrypt the authentication result.
CCM Protocol Operation
The CCM protocol operation is a combined operation consisting of encryption/decryption and
authentication. The authentication and encryption/decryption operations use the cryptographic core;
these are executed sequentially on the AES core. A part of the data stream can require authentication
only. The authentication-only data must always be in front of the data requiring encryption.
authentication. The authentication and encryption/decryption operations use the cryptographic core;
these are executed sequentially on the AES core. A part of the data stream can require authentication
only. The authentication-only data must always be in front of the data requiring encryption.
Authentication starts with the encryption of a predefined block B0. This block consists of flags,
nonce, and message length. The next blocks contain the authentication data length concatenated
with the authentication-only data. After processing the authentication-only data, the
encryption/decryption operations are performed, each followed by the related authentication of the
plaintext data block (which equals the input in the case of encryption, and the output in the case of
nonce, and message length. The next blocks contain the authentication data length concatenated
with the authentication-only data. After processing the authentication-only data, the
encryption/decryption operations are performed, each followed by the related authentication of the
plaintext data block (which equals the input in the case of encryption, and the output in the case of
December 13, 2013
998
Texas Instruments-Advance Information
Advance Encryption Standard Accelerator (AES)