EasyManuals Logo
Home>ST>Microcontrollers>STM32G431

ST STM32G431 User Manual

ST STM32G431
2126 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1515 background imageLoading...
Page #1515 background image
RM0440 Rev 4 1515/2126
RM0440 AES hardware accelerator (AES)
1538
34.4.12 AES counter with CBC-MAC (CCM)
Overview
The AES counter with cipher block chaining-message authentication code (CCM)
algorithm allows encryption and authentication of plaintext, generating the corresponding
ciphertext and tag (also known as message authentication code). To ensure confidentiality,
the CCM algorithm is based on AES in counter mode. It uses cipher block chaining
technique to generate the message authentication code. This is commonly called CBC-
MAC.
Note: NIST does not approve this CBC-MAC as an authentication mode outside the context of the
CCM specification.
CCM chaining is specified in NIST Special Publication 800-38C, Recommendation for Block
Cipher Modes of Operation - The CCM Mode for Authentication and Confidentiality. A typical
message construction for CCM is given in Figure 523.
Figure 523. Message construction in CCM mode
The structure of the message is:
16-byte first authentication block (B0), composed of three distinct fields:
Q: a bit string representation of the octet length of P (Len(P))
Nonce (N): a single-use value (that is, a new nonce should be assigned to each
new communication) of Len(N) size. The sum Len(N) + Len(P) must be equal to
15 bytes.
Flags: most significant octet containing four flags for control information, as
specified by the standard. It contains two 3-bit strings to encode the values t (MAC
length expressed in bytes) and Q (plaintext length such that Len(P) < 2
8q
bytes).
The counter blocks range associated to Q is equal to 2
8Q-4
, that is, if the maximum
value of Q is 8, the counter blocks used in cipher shall be on 60 bits.
16-byte blocks (B) associated to the Associated Data (A).
This part of the message is only authenticated, not encrypted. This section has a
known length Len(A) that can be a non-multiple of 16 bytes (see Figure 523). The
MSv42159V2
Plaintext (P)
16-byte
boundaries
Associated data (A)
Authenticated & encrypted ciphertext (C)
0
Len(A) Len(P)
0
Enc
(T)
MAC (T)
B0
4-byte boundaries
QNonce (N)
authenticate
encrypt
Zero padding
Len(C)
[a]
32
[a]
16
Len(T)
flags
Len(N)
Decrypt and compare

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ST STM32G431 and is the answer not in the manual?

ST STM32G431 Specifications

General IconGeneral
BrandST
ModelSTM32G431
CategoryMicrocontrollers
LanguageEnglish

Related product manuals