eusi nyumput
1 Paket Software X-CUBE-STSE01
2 Bubuka
3 Inpormasi umum
4 Katerangan umum
5 Parangkat lunak démo
6 Glosarium
7 Riwayat révisi
8 PERHATOSAN PENTING – BACA TELITI
9 Dokumén / Sumberdaya
9.1 Rujukan

X-CUBE-LOGO

Paket Software X-CUBE-STSE01

X-CUBE-STSE-Software-Package (4)

Bubuka

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Papasangan.
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

Inpormasi umum

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • Arm mangrupikeun mérek dagang kadaptar ti Arm Limited (atanapi anak perusahaanna) di AS sareng/atanapi di tempat sanés.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

Unsur aman STSAFE-A1x0

STSAFE-A110 sareng STSAFE-A120 mangrupikeun solusi anu aman anu bertindak salaku unsur aman anu nyayogikeun jasa auténtikasi sareng manajemén data ka host lokal atanapi jauh. Ieu diwangun ku solusi turnkey pinuh ku sistem operasi aman ngajalankeun on generasi panganyarna tina mikrokontroler aman.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Auténtikasi (tina périferal, alat IoT sareng USB Type-C®).
  • Ngadegkeun saluran anu aman sareng host jauh kalebet sasalaman kaamanan lapisan angkutan (TLS).
  • Ladenan verifikasi tanda tangan (boot aman sareng pamutahiran firmware).
  • Ngawaskeun pamakéan kalawan counters aman.
  • Nyapasangkeun sareng saluran aman sareng prosesor aplikasi host.
  • Bungkus sareng ngabuka amplop host lokal atanapi jauh.
  • Generasi pasangan konci on-chip.

STSecureElement Perpustakaan (STSELib) pedaran

Bagian ieu ngajéntrékeun eusi pakét parangkat lunak middleware STSELib sareng cara ngagunakeunana.

Katerangan umum

The STSELib middleware mangrupakeun sakumpulan komponén software dirancang pikeun:

  • panganteur STSAFE-A110 na STSAFE-A120 alat unsur aman kalawan MCU.
  • ngalaksanakeun STSAFE-A110 sareng STSAFE-A120 anu paling umum.
  • Middleware STSELib pinuh terpadu dina bungkusan software ST salaku komponén middleware pikeun nambahkeun fitur unsur aman.
  • Middleware STSELib nyadiakeun sakumpulan lengkep fungsi Antarmuka Pemrograman Aplikasi tingkat luhur ka pamekar sistem anu dipasang. Middleware Ieu abstrak ngawangun sarta sequencing tina paréntah diperlukeun pikeun mastikeun alat, asesoris jeung panangtayungan brand consumable maké STMicroelectronics STSAFE-A kulawarga unsur aman.
  • middleware Hal ieu ngamungkinkeun hiji integrasi seamless tina hiji atawa sababaraha STSAFE-A dina rupa host MCU / ekosistem MPU.
  • Ningali catetan pelepasan anu aya dina folder akar pakét kanggo inpormasi ngeunaan versi IDE anu dirojong.

Arsitéktur
STSELib middleware diwangun ku tilu modul software sakumaha digambarkeun dina gambar di handap ieu. Unggal lapisan nyayogikeun tingkat abstraksi sistem anu béda pikeun pamekar sistem anu dipasang.

X-CUBE-STSE-Software-Package (2)

Gambar di handap nembongkeun middleware STSELib terpadu dina aplikasi STM32Cube baku, ngajalankeun on hiji papan ékspansi X-NUCLEO-SAFEA1 atanapi X-NUCLEO-ESE01A1 dipasang dina papan STM32 Nucleo.

angka 2. diagram blok aplikasi X-CUBE-STSE01

X-CUBE-STSE-Software-Package (3)

Pikeun nyadiakeun hardware jeung platform kamerdikaan pangalusna, STSELib middleware teu langsung disambungkeun ka STM32Cube HAL, tapi ngaliwatan panganteur. files dilaksanakeun dina tingkat aplikasi

  • Lapisan Application Programming Interface (API).
    Lapisan parangkat lunak ieu mangrupikeun titik éntri pikeun aplikasi sistem. Éta nyayogikeun sakumpulan fungsi tingkat luhur anu ngamungkinkeun interaksi sareng STMicroelectronics Secure Elements. Lapisan Api nyayogikeun abstraksi pikeun aplikasi anu béda sapertos Manajemén Unsur Aman, Auténtikasi, Panyimpen Data, Manajemén Kunci.
  • Lapisan jasa
    Lapisan SERVICE nyayogikeun sakumpulan jasa produk anu pormat sadaya paréntah anu dirojong ku unsur aman anu dituju sareng ngalaporkeun réspon kana lapisan luhur API / Aplikasi. Lapisan ieu tiasa dianggo langsung tina Aplikasi (pikeun pangguna canggih).
  • Lapisan inti
    Ngandung definisi umum pikeun ST Secure Element sareng fungsi pikeun komunikasi sareng unsur aman target.
    Lapisan inti nanganan framing pesen ogé nyayogikeun abstraksi platform pikeun lapisan di luhur.

Struktur folder
Gambar di handap ieu nunjukkeun struktur folder X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Parangkat lunak démo

Bagian ieu ngagambarkeun parangkat lunak demonstrasi dumasar kana middleware STSELib.

Auténtikasi
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for example pikeun kaulinan, asesoris mobile atawa consumables, persis sarua.
Pikeun tujuan démo, host lokal sareng jauh mangrupikeun alat anu sami di dieu.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Papasangan (Penyediaan Kunci Host)
Kode ieu example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code example kudu dieksekusi suksés saméméh executing sakabeh kode examples.

Aliran paréntah

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    Operasi ieu lumangsung ngan lamun slot konci amplop lokal STSAFE-A110 urang teu acan dieusian.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Ngadegkeun konci (konci simetris AES-128 CMAC)
Démo ieu ngagambarkeun kasus dimana alat STSAFE-A110 dipasang dina alat (sapertos alat IoT), anu komunikasi sareng server jauh, sareng kedah ngadamel saluran anu aman pikeun tukeur data sareng éta.
Dina ex ieuample, alat STM32 muterkeun peran duanana server jauh (host jauh) jeung host lokal nu disambungkeun ka alat STSAFE-A110.
Tujuan tina kasus pamakean ieu nyaéta pikeun nunjukkeun kumaha cara ngadamel rusiah anu dibagi antara host lokal sareng server jauh nganggo kurva elliptic skéma Diffie-Hellman kalayan konci statik (ECDH) atanapi ephemeral (ECDHE) dina STSAFE-A110.
Rahasia anu dibagikeun kedah diturunkeun deui kana hiji atanapi langkung konci anu tiasa dianggo (henteu digambarkeun di dieu). Konci anu tiasa dianggo ieu teras tiasa dianggo dina protokol komunikasi sapertos TLS, contonaample pikeun ngajaga karusiahan, integritas jeung kaaslian data nu disilihtukeurkeun antara host lokal jeung server jauh.

Aliran paréntah
The Gambar 4. Aliran paréntah ngadegkeun konci illustrates aliran paréntah:

  • Konci pribadi sareng umum host jauh dikodekeun dina kode example.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • STSAFE-A110 / STSAFE-A120 ngirimkeun deui rusiah host lokal ka STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Bungkus / buka bungkus amplop lokal

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Generasi pasangan konci
Démo ieu ngagambarkeun aliran paréntah dimana alat STSAFE-A110 / STSAFE-A120 dipasang dina host lokal. A host jauh miwarang host lokal ieu ngahasilkeun pasangan konci (konci swasta sarta konci publik) dina slot 1 lajeng asup tantangan (nomer acak) jeung konci swasta dihasilkeun.
Host jauh teras tiasa pariksa tanda tangan nganggo konci umum anu dihasilkeun.
Démo ieu sami sareng démo Auténtikasi sareng dua bédana:

  • Pasangan konci dina démo Auténtikasi geus dihasilkeun (dina slot 0), sedengkeun, dina ex ieu.ample, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Aliran paréntah
Pikeun tujuan démo, host lokal sareng jauh mangrupikeun alat anu sami di dieu.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Glosarium

Singketan Hartina
AES Standar Énkripsi Canggih
ANSI Amérika National Standards Institute
API panganteur programming aplikasi
BSP pakét rojongan dewan
CA Otoritas Sertifikasi
CC Kriteria umum
C-MAC Paréntah kode auténtikasi pesen
ECC kriptografi kurva elliptic
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
EWARM IAR Embedded Workbench® for Arm®
HAL Lapisan abstraksi hardware
Abdi / O Input / kaluaran
IAR Systems® World leader in software tools and services for embedded systems development.
IDE Lingkungan pangwangunan terpadu. Hiji aplikasi software nu nyadiakeun fasilitas komprehensif ka programer komputer pikeun ngembangkeun software.
IoT Internét tina hal
I²C Interintegrated circuit (IIC)
LL Supir tingkat rendah
MAC Kodeu auténtikasi pesen
MCU Unit mikrokontroler
MDK-ARM Keil® microcontroller development kit for Arm®
MPU Unit panyalindungan memori
NVM mémori nonvolatile
OS Sistem operasi
SE Unsur aman
SHA Algoritma Hash Aman
SLA pasatujuan lisénsi software
ST STMicroelectronics
TLS Kaamanan Lapisan Angkutan
USB Beus Serial Universal

Riwayat révisi

titimangsa Révisi Parobahan
23-Jun-2025 1 Pelepasan awal.

PERHATOSAN PENTING – BACA TELITI

  • STMicroelectronics NV sareng anak perusahaanna ("ST") ngagaduhan hak pikeun ngarobih, koréksi, perbaikan, modifikasi, sareng perbaikan produk ST sareng / atanapi dokumen ieu iraha waé tanpa aya bewara. Purchasers kudu ménta inpo relevan panganyarna dina produk ST saméméh nempatkeun pesenan. Produk ST dijual dumasar kana sarat sareng kaayaan penjualan ST di tempat nalika pangakuan pesenan.
  • Purchasers téh solely jawab pilihan, seleksi, sarta pamakéan produk ST sarta ST nganggap euweuh liability pikeun bantuan aplikasi atawa desain produk purchasers '.
  • Henteu aya lisénsi, terang atanapi tersirat, kana hak cipta intelektual anu dipasihkeun ku ST di dieu.
  • Dijual deui produk ST kalayan katangtuan anu béda ti inpormasi anu dijelaskeun di dieu bakal ngabatalkeun jaminan anu dipasihkeun ku ST pikeun produk sapertos kitu.
  • ST jeung logo ST mangrupakeun mérek dagang ti ST. Pikeun émbaran tambahan ngeunaan merek dagang ST, tingal www.st.com/trademarks. Sadaya nami produk atanapi jasa sanés mangrupikeun hak milik nu gaduhna.
  • Inpormasi dina dokumén ieu ngagentos sareng ngagentos inpormasi anu disayogikeun saacanna dina versi sateuacanna tina dokumén ieu.
  • © 2025 STMicroelectronics – Sadaya hak ditangtayungan

Dokumén / Sumberdaya

Paket Software ST X-CUBE-STSE01 [pdf] Manual pamaké
Paket Software X-CUBE-STSE01, Paket Software, Software

Rujukan

Ninggalkeun komentar

alamat surélék anjeun moal diterbitkeun. Widang diperlukeun ditandaan *