Figure 237. Cbc Encryption; Figure 238. Cbc Decryption - ST STM32F423 Reference Manual

AES hardware accelerator (AES)
In ECB decrypt mode, the 128-bit ciphertext input data block C1 in the AES_DINR register
first goes through bit/byte/half-word swapping. The keying sequence is reversed compared
to that of the ECB encryption. The swap result I1 is processed with the AES core set in
decrypt mode, using the formerly prepared decryption key. The decryption result goes
through bit/byte/half-word swapping, then is stored in the AES_DOUTR register as 128-bit
plaintext output data block P1. The ECB decryption continues in this way until the last
complete ciphertext block is decrypted.
Figure 237
In CBC encrypt mode, the first plaintext input block, after bit/byte/half-word swapping (P1'),
is XOR-ed with a 128-bit IVI bitfield (initialization vector and counter), producing the I1 input
data for encrypt with the AES core, using a 128- or 256-bit key. The resulting 128-bit output
block O1, after swapping operation, is used as ciphertext C1. The O1 data is then XOR-ed
with the second-block plaintext data P2' to produce the I2 input data for the AES core to
produce the second block of ciphertext data. The chaining of data blocks continues in this
way until the last plaintext block in the message is encrypted.
If the message size is not a multiple of 128 bits, the final partial data block is encrypted in
the way explained in
Figure 238
706/1324
illustrates the cipher block chaining (CBC) encryption mode.

Figure 237. CBC encryption

Section 24.4.6: AES ciphertext stealing and data
illustrates the cipher block chaining (CBC) decryption mode.

Figure 238. CBC decryption

RM0430 Rev 8
RM0430
padding.