Figure 223. Aes-Ecb Mode Decryption - STMicroelectronics STM32F405 Reference Manual

RM0090
1. K: key; C: cipher text; I: input block; O: output block; P: plain text.
2. If Key size = 128 => Key = [K3 K2].
If Key size = 192 => Key = [K3 K2 K1]
If Key size = 256 => Key = [K3 K2 K1 K0].
AES Cipher block chaining (AES-CBC) mode
•
AES-CBC mode encryption
The AES Cipher block chaining (AES-CBC) mode decryption is shown on
In AES-CBC encryption, the first input block (I
swapping (refer to
ORing the first plaintext data block (P
P ). The input block is processed through the AEA in the encrypt state using the 128-,
1
192- or 256-bit key (K0...K3). The resultant 128-bit output block (O
ciphertext (C
the second plaintext data block to produce the second input block, (I
that I
through the AEA to produce the second ciphertext block. This encryption process
continues to "chain" successive cipher and plaintext blocks together until the last
plaintext block in the message is encrypted. If the message does not consist of an
integral number of data blocks, then the final partial data block should be encrypted in a
manner specified for the application.
In the CBC mode, like in the ECB mode, the secret key must be prepared to perform an
AES decryption. Refer to
decryption on page 735
•
AES-CBC mode decryption
In AES-CBC decryption (see
directly as the input block (I
decrypt state using the 128-, 192- or 256-bit key. The resulting output block is
exclusive-ORed with the 128-bit initialization vector IV (which must be the same as that
used during encryption) to produce the first plaintext block (P
ciphertext block is then used as the next input block and is processed through the AEA.
The resulting output block is exclusive-ORed with the first ciphertext block to produce
the second plaintext data block (P

Figure 223. AES-ECB mode decryption

Section 23.3.3: Data type on page
), that is, C = O
1 1
and P now refer to the second block. The second input block is processed
2 2
Section 23.3.6: Procedure to perform an encryption or a
for more details on how to prepare the key.
DocID018909 Rev 11
) obtained after bit/byte/half-word
1
) with a 128-bit initialization vector IV (I
1
. This first ciphertext block is then exclusive-ORed with
1
Figure 225), the first 128-bit ciphertext block (C
). The input block is processed through the AEA in the
1
⊕ C
= O ). (Note that P
2 2 1
Cryptographic processor (CRYP)
730) is formed by exclusive-
) is used directly as
1
) = (C
2
⊕ IV). The second
= O
1 1
and O refer to the second
2 2
Figure 224.
= IV ⊕
1
⊕ P ). Note
1 2
) is used
1
721/1731
757