Figure 203. Aes-Cbc Mode Decryption - ST STM32F205 series Reference Manual

RM0033
1. K: key; C: cipher text; I: input block; O: output block; Ps: plain text before swapping (when decoding) or
after swapping (when encoding); P: plain text; IV: Initialization vectors.
2. IVx=[IVxR IVxL], R=right, L=left.
3. If Key size = 128 => Key = [K3 K2].
If Key size = 192 => Key = [K3 K2 K1]
If Key size = 256 => Key = [K3 K2 K1 K0].
AES counter mode (AES-CTR) mode
The AES counter mode uses the AES block as a key stream generator. The generated keys
are then XORed with the plaintext to obtain the cipher. For this reason, it makes no sense to
speak of different CTR encryption/decryption, since the two operations are exactly the
same.
In fact, given:
• Plaintext: P[0], P[1], ..., P[n] (128 bits each)
•
A key K to be used (the size does not matter)
•
An initial counter block (call it ICB but it has the same functionality as the IV of CBC)
The cipher is computed as follows:
C[i] = enck(iv[i]) xor P[i], where:
iv[0] = ICB and iv[i+1] = func(iv[i]), where func is an update function
applied to the previous iv block; func is basically an increment of one of the fields
composing the iv block.
Given that the ICB for decryption is the same as the one for encryption, the key stream
generated during decryption is the same as the one generated during encryption. Then, the
ciphertext is XORed with the key stream in order to retrieve the original plaintext. The
decryption operation therefore acts exactly in the same way as the encryption operation.

Figure 203. AES-CBC mode decryption

DATATYPE
128, 192
or 256
K 0...
I is written
back into IV
at the same time
as P is pushed
into the OUT FIFO
AHB2 data write
(before CRYP
is enabled)
(2)
IV=[IV1 IV0]
DATATYPE
RM0033 Rev 8
Cryptographic processor (CRYP)
IN FIFO
ciphertext C
C, 128 bits
swapping
I, 128 bits
AEA, decrypt
O, 128 bits
128
+
Ps, 128 bits
swapping
P, 128 bits
OUT FIFO
plaintext P
MS19024V1
519/1378
543