Odd Gunnar Dahl

How to make AES GCM encryption work with any plain text length

Discussion created by Odd Gunnar Dahl on Jan 3, 2018

I'm working on a project were we needed to encrypt/decrypt data of arbitrary size (mainly because of radio bandwidth limitations we had to keep messages short and avoid padding up to the nearest AES block size). During implementation we soon found out that the AES GCM hardware encryption (STM32F437) required AES block length, otherwise the finalization stage produced an incorrect MAC. After a lot of googling we found an errata that addressed the same issue but for a different MCU (STM32L4x6xx). However, nothing should be untried, so we decided to have a go and try implement the suggested fix.


For what it's worth, attached is the patch that we ended up implementing. And it really works!


Perhaps ST would consider applying this patch or at least issue an errata for STM32F437?