RM0033 Rev 9 517/1381
RM0033 Cryptographic processor (CRYP)
543
Figure 201. AES-ECB mode decryption
1. K: key; C: cipher text; I: input block; O: output block; P: plain text.
2. If Key size = 128 => Key = [K3 K2].
If Key size = 192 => Key = [K3 K2 K1]
If Key size = 256 => Key = [K3 K2 K1 K0].
AES Cipher block chaining (AES-CBC) mode
• AES-CBC mode encryption
The AES Cipher block chaining (AES-CBC) mode decryption is shown on Figure 202.
In AES-CBC encryption, the first input block (I
1) obtained after bit/byte/half-word
swapping (refer to Section 19.3.3: Data type on page 522) is formed by exclusive-
ORing the first plaintext data block (P
1) with a 128-bit initialization vector IV (I1 = IV ⊕
P
1). The input block is processed through the AEA in the encrypt state using the 128-,
192- or 256-bit key (K0...K3). The resultant 128-bit output block (O
1) is used directly as
ciphertext (C
1), that is, C1 = O1. This first ciphertext block is then exclusive-ORed with
the second plaintext data block to produce the second input block, (I
2) = (C1 ⊕ P2). Note
that I
2 and P2 now refer to the second block. The second input block is processed
through the AEA to produce the second ciphertext block. This encryption process
continues to “chain” successive cipher and plaintext blocks together until the last
plaintext block in the message is encrypted. If the message does not consist of an
integral number of data blocks, then the final partial data block should be encrypted in a
manner specified for the application.
In the CBC mode, like in the ECB mode, the secret key must be prepared to perform an
AES decryption. Refer to Section 19.3.6: Procedure to perform an encryption or a
decryption on page 527 for more details on how to prepare the key.
• AES-CBC mode decryption
In AES-CBC decryption (see Figure 203), the first 128-bit ciphertext block (C
1) is used
directly as the input block (I
1). The input block is processed through the AEA in the
decrypt state using the 128-, 192- or 256-bit key. The resulting output block is
exclusive-ORed with the 128-bit initialization vector IV (which must be the same as that
used during encryption) to produce the first plaintext block (P
1 = O1 ⊕ IV). The second
ciphertext block is then used as the next input block and is processed through the AEA.
The resulting output block is exclusive-ORed with the first ciphertext block to produce
the second plaintext data block (P
2 = O2 ⊕ C1). (Note that P2 and O2 refer to the second
IN FIFO
C, 128 bits
OUT FIFO
ciphertext C
plaintext P
AEA, decrypt
I, 128 bits
swapping
O, 128 bits
DATATYPE
DATATYPE
P, 128 bits
swapping
K0...3
(1)
128/192
or 256
MS19023V1
To Next Page
Loading...
Need help?
General
