Figure 113. Ecb/Cbc Encryption (Mode 1) - ST STM32WL55JC Reference Manual

AES hardware accelerator (AES)
To resume the processing of a message, proceed as follows:
1. If DMA is used, configure the DMA controller so as to complete the rest of the FIFO IN
and FIFO OUT transfers.
2. Disable the AES peripheral by clearing the EN bit of the AES_CR register.
3. Restore AES_CR register (with correct KEYSIZE) then restore AES_KEYRx registers.
4. Prepare the decryption key as described in
preparation
5. Restore AES_IVRx registers using the saved configuration (only required in CBC
mode).
6. Enable the AES peripheral by setting the EN bit of the AES_CR register.
7. If DMA is used, enable AES DMA transfers by setting the DMAINEN and DMAOUTEN
bits of the AES_CR register.
23.4.9 AES counter (CTR) mode
Overview
The counter mode (CTR) uses AES as a key-stream generator. The generated keys are
then XOR-ed with the plaintext to obtain the ciphertext.
CTR chaining is defined in NIST Special Publication 800-38A, Recommendation for Block
Cipher Modes of Operation. A typical message construction in CTR mode is given in
Figure 115.
The structure of this message is:
•
A 16-byte initial counter block (ICB), composed of two distinct fields:
–
–
•
The plaintext P is encrypted as ciphertext C, with a known length. This length can be
non-multiple of 16 bytes, in which case a plaintext padding is required.
664/1454
(only required for ECB or CBC decryption).
Figure 115. Message construction in CTR mode
4-byte boundaries
Initialization vector (IV)
Initialization vector (IV): a 96-bit value that must be unique for each encryption
cycle with a given key.
Counter: a 32-bit big-endian integer that is incremented each time a block
processing is completed. The initial value of the counter must be set to 1.
Section 23.4.5: AES decryption round key
16-byte boundaries
ICB Ciphertext (C)
Plaintext (P)
Counter
RM0453 Rev 2
RM0453
Zero
padding
0
MSv42156V1