3.1.3.3
Initialization Vector (IV) and Additional Authenticated Data
(AAD)
All AES related operations except AES-ECB require a 16 byte initialization vector (IV) for
AES-CTR, AES-CBC, AES-XTS and GMAC, or a 32 byte initialization vector for AES-GCM, in
the source buffer. The 16 byte IV for AES-XTS is actually the logic address of the disk
sector. The Normal IV is the initial vector for the Encryption Engine AES algorithm and the
S0_IV is the initialization vector for the Hash Engine MAC operation AES algorithm.
As shown in Figure 3-13 below, the 16 byte IV for GMAC operations is the S0_IV (J0) for
the S0 calculation. AES-GCM requires 16 bytes of Normal_IV (J0) for the Encryption Engine
and another 16 bytes of S0_IV for the Hash engine. The Normal_IV and S0_IV are the
same value for stateless operation or for the first block of a stateful operation. The
Normal_IV and S0_IV will be different for the middle blocks and last block of a stateful
operation because the Normal_IV is not the first block initial value for the Encryption
engine, but S0_IV is the first block initial value for the Hash engine.
Figure 3-13. AES IV Lengths
Some AES-GCM related operations require Additional Authenticated Data (AAD) which is
authenticated but not encrypted.
In normal mode, the AAD can be written into a single source buffer, or several source
buffers. The length and address of a source buffer that only contains the AAD may be of
arbitrary length.
820x – Data Sheet, DS-0157-D
Page71
Hifn Confidential
EXAR [ EXAR CORPORATION ]
