STM32U545 AES GCM Tag mismatch

todor_digitalhealth · ‎2025-02-11

Hi,

I am trying to use the AES hardware on the STM32U545 with the STM HAL libraries.

I am able to correctly encrypt and tag an number of bytes of plain text. However, whenever I try to decrypt an encrypted message with a length not divisible by 4 I get a tag mismatch but the decrypted plain text is correct.

I am using byte size data width for everything and have no header data.

From what I can see is that the encryption will work for any arbitrary size, however, the decryption tag is not computed correctly, unless the size is divisible by 4. Is this expected behavior or is this an issue with the HAL?

Thanks!

STea · ‎2025-02-12

Hello @todor_digitalhealth ,

Hello as you can see in the readme file of STM32CubeU5/Projects/B-U585I-IOT02A/Examples/CRYP/CRYP_AES_GCM at main · STMicroelectronics/STM32CubeU5

"Plain text which will be authenticated and encrypted. Its size must be a multiple of 16 bytes. So if the original plain text size is not a multiple of 16 bytes, it must be padded."
also

Header that will be authenticated but not encrypted. The header size must be multiple of 16 bytes whatever the key size.
Initialization vector a value that is used only once within a specified context. It must be padded to 16-byte length with LSB set to 2.
Key is the parameter which determines the cipher text. In this example the key size is 128 bits =16 bytes but it can be tailored to 192 bits or 256 bits.

So, you need to add extra padding to your plaintext if it is not multiple of 16 to get correct tags and this is normal behavior that you are seeing.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.