STM32L4 Security AES

STM32L4 Security AES
Hello and welcome to this presentation of the STM32
Advanced Encryption Standard hardware accelerator. It
covers the features of the AES interface, which is widely
used for cryptographic applications.
The AES algorithm is a symmetric block cipher used to
encrypt and decrypt information using a secret
cryptographic key that is 128 or 256 bits long. Encryption
converts data to an unintelligible format called ciphertext;
decrypting the ciphertext converts the data back into its
original format, called plaintext.
Applications benefit from the NIST FIPS 197 compliant
implementation of the AES algorithm to protect the
confidentiality of data as well as its low processing time.
The AES accelerator supports four operation modes:
Encryption, Key derivation, Decryption and Key
derivation plus decryption.
It processes 128-bit data blocks using an encryption key
that is either 128 or 256 bits long, based on the selected
chaining mode as shown on the next slide.
This simplified block diagram of the AES shows the basic
functional and control modules.
The AES accelerator processes 128-bit data blocks
using an encryption key with a length of either 256 bits or
128 bits, with or without a data swapping option.
The AES accelerator has 4 operating modes:
• Mode 1: Encryption using the encryption key stored in
the AES Key registers.
• Mode 2: Key derivation which derives a new key based
on the value stored in the AES Key registers before
enabling the AES accelerator. This mode is independent
from the AES chaining mode selection.
• Mode 3: Decryption using a given (pre-computed)
decryption key stored in the AES Key registers.
• Mode 4: Key derivation + decryption using an
encryption key stored in the AES Key registers (not used
when the AES is configured in Counter mode for perform
a chaining algorithm).
The AES accelerator supports six chaining algorithms or
Electronic codebook (ECB)This is the default mode.
This mode does not use the AES_IVR register. There are
no chaining operations. The message is divided into
blocks and each block is encrypted separately.
Cipher block chaining (CBC) Each block of plaintext is
XORed with the previous ciphertext block before being
encrypted. To make each message unique, an
initialization vector is used when processing the first
Counter mode (CTR) A 32-bit counter is used in
addition to a nonce value for the XOR operation with the
ciphertext or plaintext.
Galois counter mode (GCM) Used to encrypt and
authenticate the plaintext, generating the corresponding
ciphertext and the TAG (also known as message
authentication code or message integrity check). It is
based on the AES’s counter mode for confidentiality and
uses a multiplier over a fixed finite field for generating the
TAG. It requires an initialization vector at the beginning.
Galois message authentication code mode (GMAC)
GMAC is the same as GCM applied on a message
composed of only the header. All steps and settings are
the same except the payload phase will not be used.
Cipher message authentication code mode (CMAC).
CMAC is used to authenticate the plaintext, generating
the corresponding TAG. The message is composed of
only the header phase and the tag phase. The CCM
standard defines specific encoding rules for the first
authentication block (called B0 in the standard). In
particular, the first block includes flags, a nonce and the
payload length expressed in bytes.
The Error Flags block checks the behavior of the AES
accelerator via two different flags:
The Read Error flag (RDERR) is set in the AES Status
register when an unexpected read operation is detected
during the computation phase or during the input phase.
The Write Error flag (WRERR) is set in the AES Status
register when an unexpected write operation is detected
during the output phase or during the computation phase.
An interrupt can be generated when one of these two
error flags is set if the Error Interrupt Enable (ERRIE) bit
in the AES Control register was previously set.
Two extra flags are available for the AES accelerator to
give the status of current operation:
The Computation Complete flag (CCF) is set by hardware
when the computation is complete. An interrupt is
generated if the CCF Interrupt Enable bit was previously
The Busy flag, used only with GCM mode, indicates that
a higher priority message can interrupt the current
message during GCM payload phase for encryption
The following slides give the processing times for each of
the operating modes according to the selected chaining
Here it is the processing times depending on the key size
and algorithms
To complete the feature, here it is the processing time for
GCM and GMAC algorithms.
Here is a summary of the events able to trigger an
interrupt in the nested vectored interrupt controller: AES
computation completed, AES read error, and AES write
Direct memory access requests are generated internally
for both incoming and outgoing data. The DMA channel
must be configured in Memory-to-peripheral or
Peripheral-to-memory mode with a data size equal to 32
Here is an overview of the status of the AES accelerator
in each of the low-power modes.
AES operations are not possible when the device is in
Stop mode.
The AES encryption and decryption algorithms are
suitable for a variety of applications such as secure
networking routers, wireless communications, encrypted
data storage including secure smartcards, secure video
surveillance systems, secure electronic financial
transactions, etc.
The sender sends a plaintext message encrypted with a
secret-key. And the receiver decrypts the message with
the same secret key.
This is a list of peripherals related to the AES
accelerator. Please refer to these peripheral trainings for
more information if needed.
For more details, please refer to these application notes
and user manual available on our website.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF