stm32 /stm32h5 /STM32H533 /SAES /SAES_CR

Enable

0 (B_0x0): Disable

1 (B_0x1): Enable

Data type

0 (B_0x0): No swapping (32-bit data).

1 (B_0x1): Half-word swapping (16-bit data)

2 (B_0x2): Byte swapping (8-bit data)

3 (B_0x3): Bit-level swapping

Operating mode

0 (B_0x0): Encryption

1 (B_0x1): Key derivation (or key preparation), for ECB/CBC decryption only

2 (B_0x2): Decryption

CHMOD[1:0]: Chaining mode

0 (B_0x0): Electronic codebook (ECB)

1 (B_0x1): Cipher-block chaining (CBC)

2 (B_0x2): Counter mode (CTR)

3 (B_0x3): Galois counter mode (GCM) and Galois message authentication code (GMAC)

DMA input enable

0 (B_0x0): Disable

1 (B_0x1): Enable

DMA output enable

0 (B_0x0): Disable

1 (B_0x1): Enable

GCM or CCM phase selection

0 (B_0x0): Initialization phase

1 (B_0x1): Header phase

2 (B_0x2): Payload phase

3 (B_0x3): Final phase

CHMOD[2]

Key size selection

0 (B_0x0): 128-bit

1 (B_0x1): 256-bit

Key protection

0 (B_0x0): When KEYVALID is set and KEYSEL[2:0] = 0 application can transfer the ownership of the SAES, with its loaded key, to an application running in another security context (such as non-secure, secure).

1 (B_0x1): When KEYVALID is set, key error flag (KEIF) is set when an access to any registers is detected, this access having a security context (for example, secure, non-secure) that does not match the one of the application that loaded the key.

Number of padding bytes in last block

0 (B_0x0): All bytes are valid (no padding)

1 (B_0x1): Padding for the last LSB byte

15 (B_0xF): Padding for the 15 LSB bytes of last block.

Key mode selection

0 (B_0x0): Normal key mode.

1 (B_0x1): Wrapped key for SAES mode.

2 (B_0x2): Shared key mode.

Key share identification

0 (B_0x0): AES peripheral

Key selection

0 (B_0x0): Software key, loaded in key registers SAES_KEYx

1 (B_0x1): Derived hardware unique key (DHUK)

2 (B_0x2): Boot hardware key (BHK)

4 (B_0x4): XOR of DHUK and BHK

SAES peripheral software reset