Software Encryption Package (STM32 Cryptography)
Preface
The customer requires encryption protection for certain devices. ST offers two options:
- Hardware Encryption: Choose an MCU with hardware encryption capabilities (MCUs marked in deep blue on the ST list).
- Software Encryption PackageX-CUBE-CRYPTOLIB can be used with the entire range of ST MCUs (Flash size consideration is needed).
Directory Structure of V4 vs. Directory Structure of V3
The directory structure of the V3 software package corresponds to a separate directory for each STM32 series.
- Each chip series has a corresponding Middleware directory, which contains cryptographic libraries.
- The cryptographic libraries consist of multiple library files, tailored for different compilers and optimization options.
- Reference example projects are also located in the Projects directory within each STM32 series subdirectory.
The directory structure of V4 is fully compatible with the Cube/X-Cube software package (STM32CubeXX / X-Cube-XXX) architecture, making integration with Cube/X-Cube packages convenient.
- In V4, the Middleware folder containing cryptographic libraries is directly located at the top-level directory.
- The library files in the lib directory are not specific to each STM32 series and no longer differentiate between various compilers and optimization methods.
- Cryptographic library files are organized by Cortex core version, providing a unified library file for each core.
- The same library file is compatible with various compilers (AEABI compliant).
- Configuration for different optimization options can be done during the linking stage.
AES Encryption
Here, we will use AES as an example to illustrate due to the customer’s frequent usage of AES
Introduction to AES
“Symmetric” means that it uses the same key for both encryption and decryption. Additionally, both the sender and receiver of the data require a copy of this key to decrypt the cipher. On the other hand, asymmetric key systems use different keys for the two processes: encryption and decryption. The advantage of a symmetric system like AES is that they are much faster than asymmetric ones. This is because symmetric key algorithms require less computational power. This is why asymmetric keys are best suited for external file transmission, while symmetric keys are more suitable for internal encryption.”
AES Flow
You can refer to the video and image below for a better understanding of the AES process.
ST AES Hardware Encryption
Firstly, you can observe the structure of hardware encryption as shown in the diagram. ST also provides four modes.
- Mode 1: Encryption using the encryption key stored in the AES Key registers.
- Mode 2: Key derivation which derives a new key based on the value stored in the AES Key registers before enabling the AES accelerator. This mode is independent from the AES chaining mode selection.
- Mode 3: Decryption using a given (pre-computed) decryption key stored in the AES Key registers.
- Mode 4: Key derivation + decryption using an encryption key stored in the AES Key registers (not used 4 when the AES is configured in Counter mode for perform a chaining algorithm).
ST AES LIB Software Implementation
After downloading the software package, you need to add the Lib to the project. Below is the path to the Lib.
Middlewares\ST\STM32_Cryptographic
Here, using it is quite convenient, mainly by calling the function cmox_cipher_encrypt and referencing the ST Lib to enable usage.
/* Initialize cryptographic library */
if (cmox_initialize(NULL) != CMOX_INIT_SUCCESS)
{
Error_Handler();
}
/* --------------------------------------------------------------------------
* SINGLE CALL USAGE
* --------------------------------------------------------------------------
*/
/* Compute directly the ciphertext passing all the needed parameters */
/* Note: CMOX_AES_CBC_ENC_ALGO refer to the default AES implementation
* selected in cmox_default_config.h. To use a specific implementation, user can
* directly choose:
* - CMOX_AESFAST_CBC_ENC_ALGO to select the AES fast implementation
* - CMOX_AESSMALL_CBC_ENC_ALGO to select the AES small implementation
*/
retval = cmox_cipher_encrypt(CMOX_AES_CBC_ENC_ALGO, /* Use AES CBC algorithm */
Plaintext, sizeof(Plaintext), /* Plaintext to encrypt */
Key, sizeof(Key), /* AES key to use */
IV, sizeof(IV), /* Initialization vector */
Computed_Ciphertext, &computed_size); /* Data buffer to receive generated ciphertext */