RM0440 Rev 4 1507/2126
RM0440 AES hardware accelerator (AES)
1538
Figure 517. CTR encryption
Figure 518. CTR decryption
In CTR mode, the cryptographic core output (also called keystream) Ox is XOR-ed with
relevant input block (Px' for encryption, Cx' for decryption), to produce the correct output
block (Cx' for encryption, Px' for decryption). Initialization vectors in AES must be initialized
as shown in Table 319.
Unlike in CBC mode that uses the AES_IVRx registers only once when processing the first
data block, in CTR mode AES_IVRx registers are used for processing each data block, and
the AES peripheral increments the counter bits of the initialization vector (leaving the nonce
bits unchanged).
CTR decryption does not differ from CTR encryption, since the core always encrypts the
current counter block to produce the key stream that is then XOR-ed with the plaintext (CTR
Table 319. CTR mode initialization vector definition
AES_IVR3[31:0] AES_IVR2[31:0] AES_IVR1[31:0] AES_IVR0[31:0]
Nonce[31:0] Nonce[63:32] Nonce[95:64] 32-bit counter = 0x0001
MSv19102V3
Encrypt
AES_KEYRx (KEY)
AES_DINR (plaintext P1)
AES_DOUTR (ciphertext C1)
DATATYPE[1:0]
Swap
management
input
output
Legend
XOR
Swap
management
DATATYPE[1:0]
Encrypt
AES_KEYRx (KEY)
AES_DOUTR (ciphertext C2)
DATATYPE[1:0]
Swap
management
Swap
management
DATATYPE[1:0]
Counter
increment (+1)
AES_DINR (plaintext P2)
I1
I2
O1 O2
Block 1 Block 2
P1'
P2'
C1'
C2'
AES_IVRx
Nonce + 32-bit counter (+1)
AES_IVRx
Nonce + 32-bit counter
MSv18942V2
Encrypt
AES_KEYRx (KEY)
AES_DINR (ciphertext C1)
AES_DOUTR (plaintext P1)
DATATYPE[1:0]
Swap
management
AES_IVRx
Nonce + 32-bit counter
input
output
Legend
XOR
Swap
management
DATATYPE[1:0]
Encrypt
AES_KEYRx (KEY)
AES_DOUTR (plaintext P2)
DATATYPE[1:0]
Swap
management
AES_IVRx
Nonce + 32-bit counter (+1)
Swap
management
DATATYPE[1:0]
Counter
increment (+1)
AES_DINR (ciphertext C2)
I1
I2
O1 O2
Block 1 Block 2
C1'
C2'
P1'
P2'
To Next Page
Loading...
Need help?
General
