DATATYPE=B_0x0, KMOD=B_0x0, MODE=B_0x0, EN=B_0x0, KEYSEL=B_0x0, KEYSIZE=B_0x0, CHMOD=B_0x0, KSHAREID=B_0x0, GCMPH=B_0x0, DMAOUTEN=B_0x0, DMAINEN=B_0x0, NPBLB=B_0x0, KEYPROT=B_0x0
SAES control register
| EN | Enable 0 (B_0x0): Disable 1 (B_0x1): Enable |
| DATATYPE | Data type 0 (B_0x0): No swapping (32-bit data). 1 (B_0x1): Half-word swapping (16-bit data) 2 (B_0x2): Byte swapping (8-bit data) 3 (B_0x3): Bit-level swapping |
| MODE | Operating mode 0 (B_0x0): Encryption 1 (B_0x1): Key derivation (or key preparation), for ECB/CBC decryption only 2 (B_0x2): Decryption |
| CHMOD | CHMOD[1:0]: Chaining mode 0 (B_0x0): Electronic codebook (ECB) 1 (B_0x1): Cipher-block chaining (CBC) 2 (B_0x2): Counter mode (CTR) 3 (B_0x3): Galois counter mode (GCM) and Galois message authentication code (GMAC) |
| DMAINEN | DMA input enable 0 (B_0x0): Disable 1 (B_0x1): Enable |
| DMAOUTEN | DMA output enable 0 (B_0x0): Disable 1 (B_0x1): Enable |
| GCMPH | GCM or CCM phase selection 0 (B_0x0): Initialization phase 1 (B_0x1): Header phase 2 (B_0x2): Payload phase 3 (B_0x3): Final phase |
| CHMOD_1 | CHMOD[2] |
| KEYSIZE | Key size selection 0 (B_0x0): 128-bit 1 (B_0x1): 256-bit |
| KEYPROT | Key protection 0 (B_0x0): When KEYVALID is set and KEYSEL[2:0] = 0 application can transfer the ownership of the SAES, with its loaded key, to an application running in another security context (such as non-secure, secure). 1 (B_0x1): When KEYVALID is set, key error flag (KEIF) is set when an access to any registers is detected, this access having a security context (for example, secure, non-secure) that does not match the one of the application that loaded the key. |
| NPBLB | Number of padding bytes in last block 0 (B_0x0): All bytes are valid (no padding) 1 (B_0x1): Padding for the last LSB byte 15 (B_0xF): Padding for the 15 LSB bytes of last block. |
| KMOD | Key mode selection 0 (B_0x0): Normal key mode. Key registers are freely usable and no specific use or protection applies to SAES_DINR and SAES_DOUTR registers. 1 (B_0x1): Wrapped key mode. Key loaded in key registers can only be used to encrypt or decrypt AES keys. Hence, when a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. 2 (B_0x2): Shared key mode. After a successful decryption process, SAES key registers are shared with the peripheral described in KSHAREID[1:0] bitfield. This sharing is valid only while KMOD[1:0] at 0x2 and KEYVALID=1. When a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. |
| KSHAREID | Key share identification 0 (B_0x0): CRYP peripheral |
| KEYSEL | Key selection 0 (B_0x0): Software key, loaded in key registers SAES_KEYx 1 (B_0x1): Derived hardware unique key (DHUK) 2 (B_0x2): Boot hardware key (BHK) 4 (B_0x4): XOR of DHUK and BHK 7 (B_0x7): Test mode key (256-bit hardware constant 0xA5A5…A5A5) |
| IPRST | SAES peripheral software reset |