Skip to main content
S
SSaiPrasad
Associate
October 21, 2025
Solved

STM32 AES-GCM Library Fails When Trying CTR-Only Decryption Without Tag

  • October 21, 2025
  • 2 replies
  • 218 views

Hello,

I’m working on STM32H7 firmware using the STM32 Cryptographic Library (CryptoLib) for firmware decryption.

I have the following scenario:

  • Firmware is encrypted with AES128-GCM.

  • Integrity and authenticity are verified separately using ECDSA + SHA-256.

  • I want to decrypt firmware using AES-GCM in counter mode (CTR) without relying on the GCM authentication tag.

My questions are:

  1. Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

  2. If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

  3. Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

Thanks in advance for guidance.

@Jocelyn RICARD @Fred 

Best answer by STackPointer64

Hello @SSaiPrasad, and welcome to ST Community!

To answer your questions:

> Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

AES-GCM is an authenticated encryption mode: it always expects to compute and/or verify the authentication tag as part of the operation.

> If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

Yes, you should use the dedicated AES-CTR mode provided by the CryptoLib under Middlewares\ST\STM32_Cryptographic\legacy_v3 folder.

This mode performs only the counter-mode encryption/decryption, with no authentication or tag involved.

> Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

No known hardware or library limitations for AES-CTR mode on STM32H7

Best regards,

2 replies

S
STackPointer64Best answer
Technical Moderator
October 23, 2025

Hello @SSaiPrasad, and welcome to ST Community!

To answer your questions:

> Does AES-GCM in STM32 CryptoLib support CTR-only operation, bypassing the Galois-field authentication step?

AES-GCM is an authenticated encryption mode: it always expects to compute and/or verify the authentication tag as part of the operation.

> If not, is there a recommended way to perform AES-CTR decryption using CryptoLib on STM32H7 without tag verification?

Yes, you should use the dedicated AES-CTR mode provided by the CryptoLib under Middlewares\ST\STM32_Cryptographic\legacy_v3 folder.

This mode performs only the counter-mode encryption/decryption, with no authentication or tag involved.

> Are there any known limitations or caveats when skipping GCM tag verification in STM32H7 CryptoLib?

No known hardware or library limitations for AES-CTR mode on STM32H7

Best regards,

To improve visibility of answered topics, please click 'Accept as Solution' on the reply that resolved your issue or answered your question.
S
SSaiPrasadAuthor
Associate
October 27, 2025

Thank you for the clarification and detailed response. That perfectly answers my questions.

    Terms & ConditionsAccessibility statement