www.ti.com
AES Functional Description
615
SWRU543–January 2019
Submit Documentation Feedback
Copyright © 2019, Texas Instruments Incorporated
Advance Encryption Standard Accelerator (AES)
AES Feedback Mode Block
The AES feedback mode block buffers the feedback parameters and controls the various feedback
modes. For more information about the ECB, CBC, CTR, and CFB modes of operation, see the NIST-
SP800-38A specification.
CTR implements the standard incrementing function, as described in the NIST-SP800-38A specification,
with m set to 16 or a multiple of 32.
AES-XTS mode requires a polynomial multiplication for initialization vector (IV) generation of the AES
operation. This multiplication can be simplified when the first result is available due to the definition and
use of the block number within a unit. The input for the polynomial multiplication is not directly j, but α
j
,
where α = x
2
in the GF(2
128
) domain.
In addition, f8 encryption/decryption mode and f9 and (X)CBC-MAC authentication modes are available.
GHASH Block
The data sequencer manages the data flow to and from the AES core. For data input, the data sequencer
monitors the input buffer until a 16-byte block is available. If the AES core is idle, the data sequencer
writes this data block to the internal working registers of the AES core, thus clearing the buffer for the next
block.
After completing an encryption or decryption operation, the data sequencer writes the AES output to the
output buffer. If the output buffer is full at the time of completion, the AES core is held until the buffer
clears. Although the data sequencer is designed to support uninterrupted packet encryption, the host must
properly manage the input and output packet buffers to achieve optimal performance.
17.2.2 AES Algorithm
The AES algorithm generates block ciphers. The AES block size is 16 bytes. The AES keys can be coded
on 128, 192, or 256 bits. The larger key sizes provide a higher level of security, but at the cost of a
moderate decrease in throughput.
For the AES algorithm:
• The length of the input and output blocks is 128 bits. The block length is represented by Nb = 4, which
reflects the number of 32-bit words.
• The length of the cipher key (K) is 128, 192, or 256 bits. The key length is represented by Nk = 4, 6, or
8, which reflects the number of 32-bit words in the cipher key.
• The number of rounds to be performed during the execution of the algorithm depends on the key size.
The number of rounds is represented by Nr, where Nr = 10 when Nk = 4 (128-bit key); Nr = 12 when
Nk = 6 (192-bit key); and Nr = 14 when Nk = 8 (256-bit key).
Table 17-1 lists the combinations of keys, blocks, and rounds.
Table 17-1. Key-Block-Round Combinations
Key Key Length (Nk) Block Size (Nb) Number of Rounds (Nr)
128 bits 4 4 10
192 bits 6 4 12
256 bits 8 4 14
The AES algorithm for cipher and inverse cipher uses a round function composed of four different byte-
oriented transformations:
• Byte substitution using a substitution table (S-Box): This transformation is a nonlinear byte substitution
that operates independently on each byte of the state (the state is an intermediate processed block of
128 bits inside the AES; the state is arranged as an array of [4 × Nk] bytes) using an S-Box. This S-
Box transformation is reversible.
• Shifting rows of the state array by different offsets: In this transformation, the bytes in the last three
rows of the state are cyclically shifted over different numbers of bytes (offsets). The first row (r = 0) is
not shifted.
To Next Page
Loading...
