FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32 AES-GCM Library Fails When Trying CTR-Only Decryption Without Tag

Go to solution
SSaiPrasad
Associate II

‎2025-10-21 7:05 AM

Hello,

I’m working on STM32H7 firmware using the STM32 Cryptographic Library (CryptoLib) for firmware decryption.

I have the following scenario:

  • Firmware is encrypted with AES128-GCM.

  • Integrity and authenticity are verified separately using ECDSA + SHA-256.

  • I want to decrypt firmware using AES-GCM in counter mode (CTR) without relying on the GCM authentication tag.

My questions are:

  1. Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

  2. If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

  3. Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

Thanks in advance for guidance.

@Jocelyn RICARD @Fred 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
STackPointer64
ST Employee

‎2025-10-23 11:11 AM - edited ‎2025-10-23 11:12 AM

Hello @SSaiPrasad, and welcome to ST Community!

To answer your questions:

> Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

AES-GCM is an authenticated encryption mode: it always expects to compute and/or verify the authentication tag as part of the operation.

> If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

Yes, you should use the dedicated AES-CTR mode provided by the CryptoLib under Middlewares\ST\STM32_Cryptographic\legacy_v3 folder.

This mode performs only the counter-mode encryption/decryption, with no authentication or tag involved.

> Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

No known hardware or library limitations for AES-CTR mode on STM32H7

Best regards,

To improve visibility of answered topics, please click 'Accept as Solution' on the reply that resolved your issue or answered your question.

View solution in original post

0 Kudos
2 REPLIES 2
Go to solution
STackPointer64
ST Employee

‎2025-10-23 11:11 AM - edited ‎2025-10-23 11:12 AM

Hello @SSaiPrasad, and welcome to ST Community!

To answer your questions:

> Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

AES-GCM is an authenticated encryption mode: it always expects to compute and/or verify the authentication tag as part of the operation.

> If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

Yes, you should use the dedicated AES-CTR mode provided by the CryptoLib under Middlewares\ST\STM32_Cryptographic\legacy_v3 folder.

This mode performs only the counter-mode encryption/decryption, with no authentication or tag involved.

> Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

No known hardware or library limitations for AES-CTR mode on STM32H7

Best regards,

To improve visibility of answered topics, please click 'Accept as Solution' on the reply that resolved your issue or answered your question.
0 Kudos
Go to solution
SSaiPrasad
Associate II

‎2025-10-27 12:40 AM

Thank you for the clarification and detailed response. That perfectly answers my questions.

Top