KSHAREID=B_0x0, CHMOD=B_0x0, KEYSEL=B_0x0, KEYPROT=B_0x0, EN=B_0x0, KMOD=B_0x0, GCMPH=B_0x0, DMAOUTEN=B_0x0, DATATYPE=B_0x0, NPBLB=B_0x0, DMAINEN=B_0x0, MODE=B_0x0, KEYSIZE=B_0x0
SAES control register
| EN | Enable This bit enables/disables the SAES peripheral. At any moment, clearing then setting the bit re-initializes the SAES peripheral. When KMOD[1:0] is different from 00, using IPRST bit is recommended instead. This bit is automatically cleared by hardware upon the completion of the key preparation (MODE[1:0] at 01) and upon the completion of GCM/GMAC/CCM initialization phase. The bit cannot be set as long as KEYVALID=0. The situation is similar for one of the following configurations:
0 (B_0x0): Disable 1 (B_0x1): Enable |
| DATATYPE | Data type This bitfield defines the format of data written in the SAES_DINR register or read from the SAES_DOUTR register, through selecting the mode of data swapping. This swapping is defined in Section23.4.17: SAES data registers and data swapping. Attempts to write the bitfield are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): No swapping (32-bit data). 1 (B_0x1): Half-word swapping (16-bit data) 2 (B_0x2): Byte swapping (8-bit data) 3 (B_0x3): Bit-level swapping |
| MODE | Operating mode This bitfield selects the SAES operating mode: Attempts to write the bitfield are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): Encryption 1 (B_0x1): Key derivation (or key preparation), for ECB/CBC decryption only 2 (B_0x2): Decryption |
| CHMOD | CHMOD[1:0]: Chaining mode This bitfield selects the AES chaining mode: others: Reserved Attempts to write the bitfield are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): Electronic codebook (ECB) 1 (B_0x1): Cipher-block chaining (CBC) 2 (B_0x2): Counter mode (CTR) 3 (B_0x3): Galois counter mode (GCM) and Galois message authentication code (GMAC) |
| DMAINEN | DMA input enable When this bit is set, DMA requests are automatically generated by the peripheral during the input data phase. Setting this bit is ignored when MODE[1:0] is at 01 (key derivation). 0 (B_0x0): DMA for incoming data transfer is disabled 1 (B_0x1): DMA for incoming data transfer is enabled |
| DMAOUTEN | DMA output enable When this bit is set, DMA requests are automatically generated by the peripheral during the output data phase. Setting this bit is ignored when MODE[1:0] is at 01 (key derivation). 0 (B_0x0): DMA for outgoing data transfer is disabled 1 (B_0x1): DMA for outgoing data transfer is enabled |
| GCMPH | GCM or CCM phase selection This bitfield selects the phase, applicable only with GCM, GMAC or CCM chaining modes. This bitfield has no effect if GCM, GMAC or CCM algorithm is not selected with CHMOD[2:0]. 0 (B_0x0): Initialization phase 1 (B_0x1): Header phase 2 (B_0x2): Payload phase 3 (B_0x3): Final phase |
| CHMOD_1 | CHMOD[2] |
| KEYSIZE | Key size selection This bitfield defines the key length in bits of the key used by SAES. When KMOD[1:0] is at 01 or 10, KEYSIZE also defines the length of the key to encrypt or decrypt. Attempts to write the bit are ignored when BUSY is set, as well as when the EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): 128-bit 1 (B_0x1): 256-bit |
| KEYPROT | Key protection When set, hardware-based key protection is enabled. Attempts to write the bit are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): When KEYVALID is set and KEYSEL[2:0]=0 application can transfer the ownership of the SAES, with its loaded key, to an application running in another security context (such as non-secure, secure). 1 (B_0x1): When KEYVALID is set, key error flag (KEIF) is set when an access to any registers is detected, this access having a security context (for example, secure, non-secure) that does not match the one of the application that loaded the key. |
| NPBLB | Number of padding bytes in last block This padding information must be filled by software before processing the last block of GCM payload encryption or CCM payload decryption, otherwise authentication tag computation is incorrect. … 0 (B_0x0): All bytes are valid (no padding) 1 (B_0x1): Padding for the last LSB byte 15 (B_0xF): Padding for the 15 LSB bytes of last block. |
| KMOD | Key mode selection The bitfield defines how the SAES key can be used by the application. KEYSIZE must be correctly initialized when setting KMOD[1:0] different from zero. Others: Reserved With KMOD[1:0] other than zero, any attempt to configure the SAES peripheral for use by an application belonging to a different security domain (such as secure or non-secure) results in automatic key erasure and setting of the KEIF flag. Attempts to write the bitfield are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): Normal key mode. Key registers are freely usable, no specific usage or protection applies to SAES_DINR and SAES_DOUTR registers. 1 (B_0x1): Wrapped key mode. Key loaded in key registers can only be used to encrypt or decrypt AES keys. Hence, when a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. 2 (B_0x2): Shared key mode. After a successful decryption process, SAES key registers are shared with the peripheral described in KSHAREID[1:0] bitfield. This sharing is valid only while KMOD[1:0] at 10 and KEYVALID=1. When a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. |
| KSHAREID | Key share identification This bitfield defines, at the end of a decryption process with KMOD[1:0] at 10 (shared key), which target can read the SAES key registers using a dedicated hardware bus. Others: Reserved Attempts to write the bitfield are ignored when BUSY is set, as well as when EN is set before the write access and it is not cleared by that write access. 0 (B_0x0): AES peripheral |
| KEYSEL | Key selection The bitfield defines the source of the key information to use in the AES cryptographic core. Others: Reserved (if used, unfreeze SAES with IPRST) When KEYSEL[2:0] is different from zero, selected key value is available in key registers when BUSY bit is cleared and KEYVALID is set in the SAES_SR register. Otherwise, the key error flag KEIF is set. Repeated writing of KEYSEL[2:0] with the same non-zero value only triggers the loading of DHUK or BHK when KEYVALIDis cleared. When the application software changes the key selection by writing the KEYSEL[2:0] bitfield, the key registers are immediately erased and the KEYVALID flag cleared. At the end of the decryption process, if KMOD[1:0] is other than zero, KEYSEL[2:0] is cleared. With the bitfield value other than zero and KEYVALID set, the application cannot transfer the ownership of SAES with a loaded key to an application running in another security context (such as secure, non-secure). More specifically, when security of an access to any register does not match the information recorded by SAES, the KEIF flag is set. Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access. 0 (B_0x0): Software key, loaded in key registers SAES_KEYx 1 (B_0x1): Derived hardware unique key (DHUK) 2 (B_0x2): Boot hardware key (BHK) 4 (B_0x4): XOR of DHUK and BHK 7 (B_0x7): Test mode key (256-bit hardware constant 0xA5A5…A5A5) |
| IPRST | SAES peripheral software reset Setting the bit resets the SAES peripheral, putting all registers to their default values, except the IPRST bit itself. Hence, any key-relative data are lost. For this reason, it is recommended to set the bit before handing over the SAES to a less secure application. The bit must be low while writing any configuration registers. |