Figure 85. Cbc Encryption; Figure 86. Cbc Decryption - ST STM32G0 1 Series Reference Manual

Hide thumbs

page of 1390

/ 1390
Contents
Table of Contents
Bookmarks

Table of Contents

AES hardware accelerator (AES)

In CBC encrypt mode, the first plaintext input block, after bit/byte/half-word swapping (P1'),

is XOR-ed with a 128-bit IVI bitfield (initialization vector and counter), producing the I1 input

data for encrypt with the AES core, using a 128- or 256-bit key. The resulting 128-bit output

block O1, after swapping operation, is used as ciphertext C1. The O1 data is then XOR-ed

with the second-block plaintext data P2' to produce the I2 input data for the AES core to

produce the second block of ciphertext data. The chaining of data blocks continues in this

way until the last plaintext block in the message is encrypted.

If the message size is not a multiple of 128 bits, the final partial data block is encrypted in

the way explained in

In CBC decrypt mode, like in ECB decrypt mode, the secret key must be prepared to

perform an AES decryption.

After the key preparation process, the decryption goes as follows: the first 128-bit ciphertext

block (after the swap operation) is used directly as the AES core input block I1 for decrypt

operation, using the 128-bit or 256-bit key. Its output O1 is XOR-ed with the 128-bit IVI field

(that must be identical to that used during encryption) to produce the first plaintext block P1.

illustrates the cipher block chaining (CBC) encryption.