Cryptography method and circuit, corresponding device

1 . A method, comprising: receiving over said communication bus access requests to memory locations for storing encrypted data, said memory locations having respective addresses and being accessible via a communication bus for reading data stored in the memory locations, wherein said access requests include burst requests for access to respective sets of said memory locations starting from respective start addresses, the burst requests conveying said respective start addresses; calculating, as a function of said start addresses, cryptographic masks based on cryptographic keys; receiving plain text data for encryption and applying said cryptographic masks to said plain text data to obtain therefrom encrypted data; and including said encrypted data into output data for transmission over said communication bus. 2 . The method of claim 1 , further comprising transmitting said output data over said communication bus and storing in said memory locations starting from said respective start addresses said encrypted data. 3 . The method of claim 1 , further comprising: retrieving said stored encrypted data via said communication bus from said memory locations starting from said respective start addresses; applying said cryptographic masks to said retrieved stored encrypted data to obtain therefrom decrypted data; and including said decrypted data into output data for transmission over said communication bus. 4 . The method of claim 3 , further comprising: receiving said access requests from a processing unit coupled to said communication bus; and transmitting said output data to said processing unit via said communication bus. 5 . The method of claim 4 , further comprising: sensing a secure mode signal indicative of said processing unit operating in a secure mode wherein secure resources of said processing unit are available; and applying said cryptographic masks to encrypt said plain text data or to decrypt said stored encrypted data as a function of a value of said secure mode signal. 6 . The method of claim 5 , further comprising retrieving said plain text data for encryption from a memory, wherein said memory is accessible as a result of the value of said secure mode signal being indicative of said processing unit operating in said secure mode. 7 . The method of claim 4 , comprising making said memory locations selectively accessible via a memory controller coupled to said communication bus by selectively propagating said access requests to said memory locations to said memory controller as a function of a control signal. 8 . The method of claim 7 , wherein said cryptographic masks are applied to encrypt said plain text data or to decrypt said stored encrypted data as a result of receiving an input data availability signal, said input data availability signal being provided by one of said memory controller and said processing unit as a function of said control signal. 9 . The method of claim 3 , wherein said access requests received over said communication bus convey, along with said respective start addresses, supplemental information on data security, data unit size, burst request type and burst request lengths, and wherein applying said cryptographic masks comprises: storing a set of calculated cryptographic masks; calculating, as a function of an input data availability signal and said supplemental information, current data addresses for plain text data available for application of said set of calculated cryptographic masks; and applying to said plain text data available for application of cryptographic masks, cryptographic masks selected out of said set of calculated cryptographic masks stored as a function of said current data addresses. 10 . The method of claim 9 , further comprising: providing in said current data addresses at least one; and changing at least one portion of the selected cryptographic masks applied as a result of changes of the value of said at least one mask change control bit. 11 . The method of claim 10 , further comprising: calculating said cryptographic masks by providing therein plural mask portions applicable to different data units of the plain text data; providing in said current data addresses a first mask change control bit and a second mask change control bit; changing the cryptographic masks applied to said data units as a result of changes of the value of said first mask change control bit; and changing the portions of said cryptographic masks applied to said data units as a result of changes of the value of said second mask change control bit. 12 . The method of claim 3 , wherein said access requests received over said communication bus convey, along with said respective start addresses, supplemental information on data unit size, burst request type and burst request lengths, and wherein applying said cryptographic masks comprises: calculating, as a function of an input data unit availability signal and said supplemental information, current data addresses for data available for application of cryptographic masks; and calculating a set of candidate cryptographic masks applicable to future incoming access requests as a function of at least one of the start address of a last received access request, the current data unit address calculated for said last received access request, and burst type and storing at least one cryptographic mask out of said set of candidate cryptographic masks. 13 . The method of claim 1 , further comprising: calculating said cryptographic masks as a function of said start addresses via a processing pipeline; checking whether the processing pipeline is available for processing incoming access requests and storing incoming access requests in a register in response to the processing pipeline being unavailable. 14 . The method of claim 3 , wherein calculating cryptographic masks as a function of said start addresses and applying cryptographic masks calculated includes applying Advanced Encryption Standard, processing to the. 15 . A circuit, comprising: an input node configured to receive over a communication bus access requests to memory locations, said memory locations being accessible via said communication bus, wherein said access requests including burst requests for access to respective sets of said memory locations starting from respective start addresses, the burst requests conveying said respective start addresses; an output node configured to transmit over said communication bus output data; and processing circuitry coupled to said input node and said output node and configured to: calculate, as a function of said start addresses, encryption/decryption cryptographic masks based on cryptographic keys; receive plain text data for encryption or encrypted data stored in said memory locations; apply said cryptographic masks to encrypt said plain text data to obtain therefrom encrypted data or to decrypt encrypted data stored in said memory locations to obtain therefrom decrypted data as a function of a value of a secure mode signal; and include said encrypted data or said decrypted data into output data provided on said output node for transmission over said communication bus. 16 . The circuit of claim 15 , wherein the processing circuitry is further configured to transmit said output data over said communication bus and to storage in said memory locations starting from said respective start addresses said encrypted data. 17 . The circuit of claim 15 , wherein the processing circuitry is further configured to read said stored encrypted data via said communica