AES hardware accelerator (AES) RM0444
492/1390 RM0444 Rev 5
Suspend/resume operations in CTR mode
Like for the CBC mode, it is possible to interrupt a message to send a higher priority
message, and resume the message that was interrupted. Detailed CBC suspend/resume
sequence is described in Section 20.4.8: AES basic chaining modes (ECB, CBC).
Note: Like for CBC mode, the AES_IVRx registers must be reloaded during the resume operation.
20.4.10 AES Galois/counter mode (GCM)
Overview
The AES Galois/counter mode (GCM) allows encrypting and authenticating a plaintext
message into the corresponding ciphertext and tag (also known as message authentication
code). To ensure confidentiality, GCM algorithm is based on AES counter mode. It uses a
multiplier over a fixed finite field to generate the tag.
GCM chaining is defined in NIST Special Publication 800-38D, Recommendation for Block
Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC. A typical message
construction in GCM mode is given in Figure 92.
Figure 92. Message construction in GCM
MSv42157V1
Plaintext (P)
16-byte
boundaries
Additional authenticated data
(AAD)
Authenticated & encrypted ciphertext (C)
0
Len(A) Len(P) = Len(C)
0
[Len(A)]
64
Last
block
[Len(C)]
64
Authentication tag (T)
ICB
4-byte boundaries
CounterInitialization vector (IV)
authenticate
0
encrypt
Zero padding / zeroed bits
authenticate
auth.
To Next Page
Loading...
