Table of Contents
Advertisement
RM0090
Figure 208. AES-ECB mode decryption
1. K: key; C: cipher text; I: input block; O: output block; P: plain text.
2. If Key size = 128 => Key = [K3 K2].
If Key size = 192 => Key = [K3 K2 K1]
If Key size = 256 => Key = [K3 K2 K1 K0].
AES Cipher block chaining (AES-CBC) mode
●
AES-CBC mode encryption
The AES Cipher block chaining (AES-CBC) mode decryption is shown on
In AES-CBC encryption, the first input block (I
swapping (refer to
ORing the first plaintext data block (P
P
). The input block is processed through the AEA in the encrypt state using the 128-,
1
192- or 256-bit key (K0...K3). The resultant 128-bit output block (O
ciphertext (C
the second plaintext data block to produce the second input block, (I
that I
through the AEA to produce the second ciphertext block. This encryption process
continues to "chain" successive cipher and plaintext blocks together until the last
plaintext block in the message is encrypted. If the message does not consist of an
integral number of data blocks, then the final partial data block should be encrypted in a
manner specified for the application.
In the CBC mode, like in the ECB mode, the secret key must be prepared to perform an
AES decryption. Refer to
decryption on page 572
●
AES-CBC mode decryption
In AES-CBC decryption (see
directly as the input block (I
decrypt state using the 128-, 192- or 256-bit key. The resulting output block is
exclusive-ORed with the 128-bit initialization vector IV (which must be the same as that
used during encryption) to produce the first plaintext block (P
ciphertext block is then used as the next input block and is processed through the AEA.
The resulting output block is exclusive-ORed with the first ciphertext block to produce
the second plaintext data block (P
K 0...3 (1)
Section 20.3.3: Data type on page
), that is, C
= O
1
1
and P
now refer to the second block. The second input block is processed
2
2
Section 20.3.6: Procedure to perform an encryption or a
for more details on how to prepare the key.
Doc ID 018909 Rev 4
IN FIFO
ciphertext C
C, 128 bits
DATATYPE
swapping
128/192
or 256
AEA, decrypt
DATATYPE
swapping
OUT FIFO
plaintext P
) obtained after bit/byte/half-word
1
) with a 128-bit initialization vector IV (I
1
. This first ciphertext block is then exclusive-ORed with
1
Figure
210), the first 128-bit ciphertext block (C
). The input block is processed through the AEA in the
1
⊕ C
= O
). (Note that P
2
2
1
Cryptographic processor (CRYP)
I, 128 bits
O, 128 bits
P, 128 bits
567) is formed by exclusive-
) is used directly as
1
) = (C
2
⊕ IV). The second
= O
1
1
and O
refer to the second
2
2
MS19023V1
Figure
209.
= IV ⊕
1
⊕ P
). Note
1
2
) is used
1
558/1422
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32F40 Series and is the answer not in the manual?
Questions and answers