The data transactions between the master and the slave can be protected using stream cipher encryption. Encryption can be configured and enabled with the CIPHER_INIT command.
The following figure shows the stream cipher block with the configuration inputs. The stream cipher uses an AES 128 encryption operation to form the keystream from key, nonce, and external memory address. The keystream then combines each 32-bit plaintext digit one at a time with the corresponding digit of the keystream.
The same nonce and key must be used for both encryption and decryption of the same memory address. Stream ciphers are symmetric. They do not differentiate between encrypting or decrypting, reading or writing.
Stream cipher | Value |
---|---|
ENC.KEY [127:0] | {CIPHER_KEY3[31:0], CIPHER_KEY2[31:0], CIPHER_KEY1[31:0], CIPHER_KEY0[31:0]} |
ENC.NONCE [95:0] | {NONCE_CNT[31:0], NONCE_CFG[31:0], CIPHER_NONCE0[31:0]} |
ADRESS IN [31:0] | {8’h00, SPI Address [23:0]} |
ENC.ENABLE | CIPHER ENABLE |
Notes:
|