Figure 512. Cbc Encryption; Figure 513. Cbc Decryption - ST STM32G4 Series Reference Manual

Advanced arm-based 32-bit mcus

Hide thumbs Also See for STM32G4 Series:

Reference manual (2083 pages)

Programming manual (262 pages)

Application note (56 pages)

page of 2126

/ 2126
Contents
Table of Contents
Bookmarks

Table of Contents

AES hardware accelerator (AES)

In ECB decrypt mode, the 128-bit ciphertext input data block C1 in the AES_DINR register

first goes through bit/byte/half-word swapping. The keying sequence is reversed compared

to that of the ECB encryption. The swap result I1 is processed with the AES core set in

decrypt mode, using the formerly prepared decryption key. The decryption result goes

through bit/byte/half-word swapping, then is stored in the AES_DOUTR register as 128-bit

plaintext output data block P1. The ECB decryption continues in this way until the last

complete ciphertext block is decrypted.

In CBC encrypt mode, the first plaintext input block, after bit/byte/half-word swapping (P1'),

is XOR-ed with a 128-bit IVI bitfield (initialization vector and counter), producing the I1 input

data for encrypt with the AES core, using a 128- or 256-bit key. The resulting 128-bit output

block O1, after swapping operation, is used as ciphertext C1. The O1 data is then XOR-ed

with the second-block plaintext data P2' to produce the I2 input data for the AES core to

produce the second block of ciphertext data. The chaining of data blocks continues in this

way until the last plaintext block in the message is encrypted.

If the message size is not a multiple of 128 bits, the final partial data block is encrypted in

the way explained in

illustrates the cipher block chaining (CBC) encryption.