Advertisement
RM0432
34.4.9
AES counter (CTR) mode
Overview
The counter mode (CTR) uses AES as a key-stream generator. The generated keys are
then XOR-ed with the plaintext to obtain the ciphertext.
CTR chaining is defined in NIST Special Publication 800-38A, Recommendation for Block
Cipher Modes of Operation. A typical message construction in CTR mode is given in
Figure
267.
The structure of this message is:
•
A 16-byte initial counter block (ICB), composed of two distinct fields:
–
–
•
The plaintext P is encrypted as ciphertext C, with a known length. This length can be
non-multiple of 16 bytes, in which case a plaintext padding is required.
CTR encryption and decryption
Figure 268
respectively, as implemented in the AES peripheral. The CTR mode is selected by writing
010 to the CHMOD[2:0] bitfield of AES_CR register.
Figure 267. Message construction in CTR mode
4-byte boundaries
Initialization vector (IV)
Initialization vector (IV): a 96-bit value that must be unique for each encryption
cycle with a given key.
Counter: a 32-bit big-endian integer that is incremented each time a block
processing is completed. The initial value of the counter should be set to 1.
and
Figure 269
describe the CTR encryption and decryption process,
16-byte boundaries
ICB
Ciphertext (C)
Plaintext (P)
Counter
RM0432 Rev 6
AES hardware accelerator (AES)
0
Zero
padding
MSv42156V1
1111/2301
1143
Advertisement
Need help?
Do you have a question about the STM32L4+ Series and is the answer not in the manual?