AES Functional Description
www.ti.com
614
SWRU543–January 2019
Submit Documentation Feedback
Copyright © 2019, Texas Instruments Incorporated
Advance Encryption Standard Accelerator (AES)
• Substitution-boxes (S-Boxes): Contain AES S-Box GF(2
8
) implementations
AES encryption requires a specific number of rounds, depending on the key length. The supported key
lengths are 128-, 192-, and 256-bit, which require 10, 12, and 14 rounds, respectively, or 32, 38, and 44
clock cycles, respectively, because {number of clock cycles} = 2 + 3 × {number of rounds}.
The larger key lengths provide greater encryption strength at the expense of additional rounds and
therefore reduced throughput. The overall throughput of the AES executing polynomial multiplication is
adjusted based on the overall cryptographic performance. The AES module contains one ECB core and a
dedicated 32-cycle polynomial multiplication module for performing GHASH operations. Polynomial
multiplication operates in parallel with the AES core, if data is available for both modules.
Depending on the key size (128, 192, or 256 bits), this core requires 32, 38, or 44 clock cycles to process
one 128-bit data block. While one data block processes, the next block can be preloaded immediately.
When a block is preloaded, the previous block must finish before additional data can be loaded.
Therefore, when the pipeline is full, sequential data blocks can be passed every 32, 38, or 44 clock cycles.
17.2.1.1 Interfaces
The interface signals to the AES module can be grouped into the following categories:
• Clock enable
• DMA and interrupt interface, used to request new context and packet data or to indicate available
result data (encrypted or decrypted data, or authentication result)
• Functional register interface
17.2.1.2 AES Wide-Bus Engine
The AES wide-bus engine performs the cryptographic operations. The composition of the AES core
follows:
• The main data path operates on the input block, performing the required substitution, shift, and mix
operations.
• The key scheduler generates the round keys. A new subkey is generated and XORed with the data
each round.
AES Key Scheduler
The AES key scheduler generates the round keys. During each round, a new subkey is generated from
the input key to be XORed with the data. Round keys are generated on-the-fly and parallel to data
processing to minimize register requirements.
For encryption operations, the key sequencer transfers the initial key data to the AES core. For decryption
operations, the key scheduler must provide the final subkey to the AES core so it can generate the
subkeys in reverse order.
AES Encryption Core
The AES encryption core implements the Rijndael algorithm as specified in [FIPS-197]. This core operates
on the input block and performs the required substitution, shift, and mix operations. For each round, the
encryption core receives the proper round key from the AES key scheduler. A fundamental component of
the AES algorithm is the S-Box. The S-Box provides a unique 8-bit output for each 8-bit input. This
implementation of the AES encryption core has a 64-bit data path.
AES Decryption Core
The architecture of the AES decryption core is generally the same as the architecture of the encryption
core. One difference is that the generation of round keys for decryption requires an initial conversion of the
input key (always supplied by the host in the form of an encryption key) to the corresponding decryption
key. This conversion is done by performing a dummy encryption operation and storing the final round key
as a decryption key. The key scheduler is then reversed to generate the round keys for the decryption
operation. Consequently, for each sequence of decryption operations under the same key, a single
throughput reduction equal to the time to encrypt a single block occurs. Once a decryption key is
generated, subsequent decryption operations with the same key use this generated decryption key
directly.
To Next Page
Loading...
