The AES and Hash Cryptoprocessor module provides hardware-accelerated data encryption, decryption, authentication, and hash operations.
Encryption converts plain text data to an unintelligible form called cipher text. Decrypting cipher text converts previously encrypted data back into the original plain text form. The AES algorithm implemented by the module is a symmetric algorithm, meaning that the encryption and decryption keys are identical. The main AES features of the module are:
- Support and availability of the following block modes:
- Electronic code book mode (ECB)
- Cipher block chaining mode (CBC)
- Counter mode (CTR)
- Support and availability of the following Authenticated Encryption with Associated Data (AEAD) modes, with continuation support:
- Counter mode with CBC-MAC (CCM)
- Galois/Counter mode (GCM)
- Support and availability of the following Message Authentication Code modes, with continuation support:
- Cipher block chaining message authentication code (CBC-MAC)
- Key sizes: 128 bits, 192 bits, and 256 bits
- Key scheduling in hardware
- Internal DMA for transferring data to and from system memory
- Fully synchronous design
The module also supports SHA-2 hash algorithms. SHA-2 provides a secure one-way conversion of data of arbitrary length to a fixed bit size output. The main SHA-2 features of the module are:
- Support and availability of the following SHA-2 hash algorithms:
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- Internal DMA for transferring data from system memory
- Fully synchronous design
Note: Using the algorithm and modes supported by the AES and Hash Cryptoprocessor module, additional algorithms and modes can be accelerated with the addition of software. For example:
- AES CMAC can be accelerated by using the CBC-MAC support
- HMAC can be accelerated by using the SHA-2 support
Note: The defined output of block mode algorithms and SHA-2 hash algorithms includes all state that may influence the next block of data processed. However, AEAD and MAC modes of operation have additional state values which influence the next block of data processed. Continuation support allows SW to read these additional state values from the module and then reload that state to continue the AEAD or MAC operation at a later time.
Note: The AES and Hash Cryptoprocessor module does not provide concurrent AES and Hash operations.