SLAU846B June 2023 – November 2024 MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G1519 , MSPM0G3105 , MSPM0G3105-Q1 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3505-Q1 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1 , MSPM0G3519
The output feedback mode leverages an initialization vector (IV) to generate a keystream by repeatedly encrypting the IV with the cipher key. The output ciphertext is obtained by XORing plaintext with the encrypted and re-encrypted versions of the initialization vector. The OFB cipher is shown in Figure 24-3.
In OFB mode, the initialization vector must be a nonce (number used once). To prevent loss of confidentiality, each IV must only be used one time with a given key, and any value passed into the cipher Ek for a given key k must not be used as an initialization vector with the same key k.
The AES accelerator supports automated OFB mode operation of more than 128 bits of data either through interrupts or through the use of DMA. Software interrupt-based multi-block handling uses the AES interrupt condition reported in the CPU_INT.IIDX.STAT field. If this field reads 0x2 (INPUTRDY), then the next block of input can be written (as 4 32-bit writes). If this field reads 0x1 (OUTPUTRDY), then the output block can be read (as 4 32-bit reads).
In DMA mode, OFB utilizes two DMA channels. Channel bound to DMA_TRIG0 is the input channel. Channel bound to DMA_TRIG1 is the output channel. The channels need to be configured to perform one 32-bit read/write per trigger.