Aes Counter (Ctr) Mode; Figure 241. Message Construction In Ctr Mode - ST STM32F423 Reference Manual

AES hardware accelerator (AES)
Note: When mode 4 is selected mode 3 cannot be used.
In mode 4, the AES_KEYRx registers contain the encryption key during all phases of the
processing. No derivation key is stored in these registers. It is stored internally in AES.
24.4.9

AES counter (CTR) mode

Overview
The counter mode (CTR) uses AES as a key-stream generator. The generated keys are
then XOR-ed with the plaintext to obtain the ciphertext.
CTR chaining is defined in NIST Special Publication 800-38A, Recommendation for Block
Cipher Modes of Operation. A typical message construction in CTR mode is given in
Figure 241.
The structure of this message is:
•
A 16-byte initial counter block (ICB), composed of two distinct fields:
–
–
•
The plaintext P is encrypted as ciphertext C, with a known length. This length can be
non-multiple of 16 bytes, in which case a plaintext padding is required.
CTR encryption and decryption
Figure 242
respectively, as implemented in the AES peripheral. The CTR mode is selected by writing
010 to the CHMOD[2:0] bitfield of AES_CR register.
710/1324

Figure 241. Message construction in CTR mode

Initialization vector (IV): a 96-bit value that must be unique for each encryption
cycle with a given key.
Counter: a 32-bit big-endian integer that is incremented each time a block
processing is completed. The initial value of the counter should be set to 1.
and Figure 243 describe the CTR encryption and decryption process,
RM0430 Rev 8
RM0430