Table of Contents
Advertisement
AES hardware accelerator (AES)
Unlike in CBC mode that uses the AES_IVRx registers only once when processing the first
data block, in CTR mode AES_IVRx registers are used for processing each data block, and
the AES peripheral increments the counter bits of the initialization vector (leaving the nonce
bits unchanged).
CTR decryption does not differ from CTR encryption, since the core always encrypts the
current counter block to produce the key stream that is then XOR-ed with the plaintext (CTR
encryption) or ciphertext (CTR decryption) input. In CTR mode, the MODE[1:0] bitfield
setting 01 (key derivation) is forbidden and all the other settings default to encryption mode.
The sequence of events to perform an encryption or a decryption in CTR chaining mode:
1.
Ensure that AES is disabled (the EN bit of the AES_CR must be 0).
2.
Select CTR chaining mode by setting to 010 the CHMOD[2:0] bitfield of the AES_CR
register. Set MODE[1:0] bitfield to any value other than 01.
3.
Initialize the AES_KEYRx registers, and load the AES_IVRx registers as described in
Table
4.
Set the EN bit of the AES_CR register, to start encrypting the current counter (EN is
automatically reset when the calculation finishes).
5.
If it is the last block, pad the data with zeros to have a complete block, if needed.
6.
Append data in AES, and read the result. The three possible scenarios are described in
Section 23.4.4: AES procedure to perform a cipher
7.
Repeat the previous step till the second-last block is processed. For the last block,
apply the two previous steps and discard the bits that are not part of the payload (if the
size of the significant data in the last input block is less than 16 bytes).
Suspend/resume operations in CTR mode
Like for the CBC mode, it is possible to interrupt a message to send a higher priority
message, and resume the message that was interrupted. Detailed CBC suspend/resume
sequence is described in
Note:
Like for CBC mode, the AES_IVRx registers must be reloaded during the resume operation.
23.4.10
AES Galois/counter mode (GCM)
Overview
The AES Galois/counter mode (GCM) allows encrypting and authenticating a plaintext
message into the corresponding ciphertext and tag (also known as message authentication
code). To ensure confidentiality, GCM algorithm is based on AES counter mode. It uses a
multiplier over a fixed finite field to generate the tag.
GCM chaining is defined in NIST Special Publication 800-38D, Recommendation for Block
Cipher Modes of Operation - Galois/Counter Mode (GCM) and GMAC. A typical message
construction in GCM mode is given in
668/1461
134.
Section 23.4.8: AES basic chaining modes (ECB,
Figure
118.
RM0453 Rev 1
operation.
CBC).
RM0453
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32WL5 Series and is the answer not in the manual?
Questions and answers