Module atsamd_hal::aes

AES - Advanced Encryption Standard

Hardware Features

• Compliant with FIPS Publication 197, Advanced Encryption Standard (AES)
• 128/192/256 bit cryptographic key supported
• Encryption time of 57/67/77 cycles with 128-bit/192-bit/256-bit cryptographic key
• Five confidentiality modes of operation as recommended in NIST Special Publication 800-38A
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Output Feedback (OFB)
• Counter (CTR)
• Supports Counter with CBC-MAC (CCM/CCM*) mode for authenticated encryption
• 8,16, 32, 64, 128-bit data sizes possible in CFB mode
• Galois Counter mode (GCM) encryption and authentication

Throughput

The relationship between the module’s clock frequency and throughput (in bytes per second) is given by:

Clock Frequency = (Throughput/2) * (Nr+1) for 2 byte parallel processing Clock Frequency = (Throughput/4) * (Nr+1) for 4 byte parallel processing

Start modes

• Manual
  • Manually configuring all registers and processing starts when CTRLB.START is set
• Automatic (DMA)
  • Similar to manual mode, but starts automatically when correct number of input data registers is written, used by DMA.
• Last Output Data Mode (LOD)
  • Used to generate Message Authentication Code (MAC) on data in CCM mode. CCM combines counter mode for encryption and CBC-MAC generation for authentication.

Basic operation

Peripheral setup

1. Enable CLK_AES_APB (default disabled) to clock AES peripheral
2. If required, setup interrupts via NVIC

Note: Register Control A (CTRLA) is Enabled-protected, thus in order to modify CTRLA register AES must be disabled first.

RustCrypto backend

Implements RustCrypto BlockCiphers traits for AES

WARNING

AES Hardware peripheral is directly accessed, for each call to encrypt and decrypt the peripheral is reset and reconfigured.

User must ensure that these two interfaces are not simultaneously used

If high performance is required this might not be the most efficient way, then using the hardware directly might be better.

This provides the ability to use other ciphers of the RustCrypto family, such as

• Counter (CTR)
• Cipher-based Message Authentication Code (CMAC)
• Cipher Feedback (CFB)

The examples from these crates can directly be run provided that the Aes128, Aes192 or Aes256 type comes from this implementation.

See example directly from RustCrypto AES ECB:

    use atsamd_hal::aes::*;

    // AES RustCrypto Example

    let key = GenericArray::from_slice(&[0u8; 16]);
    let mut block = aes::Block::default();

    // Initialize cipher
    let cipher = atsamd_hal::aes::Aes128::new(key);

    let block_copy = block;

    // Encrypt block in-place
    cipher.encrypt_block(&mut block);

    // And decrypt it back
    cipher.decrypt_block(&mut block);
    assert_eq!(block, block_copy);

Structs

Aes

AES Peripheral

CtrlaConf

AES->CTRLA Register

Ctype

Hardware Countermeasures against Differential Power Analysis Attacks

Enums

AESMODE_A

AES Modes of operation

CFBS_A

Cipher Feedback Block Size

CIPHER_A

Cipher Mode

KEYSIZE_A

Encryption Key Size

LOD_A

Last Output Data Mode

STARTMODE_A

Start Mode Select

XORKEY_A

XOR Key Operation