STM32U585主打了数据安全,当然也提供了多种方式。我们这里用B-U585I-IOT02A开发板测试 PKA加密~也就是大家经常在计算机领域听到的公钥加密法~5 x5 H$ }9 g& f7 M6 p( c
我们先来看看一些导图:8 r0 ^! h i/ j9 n2 G
应用场景:
6 p( R, ^6 Y5 n& J C
* i' s; R3 ]7 K- e2 a2 _- N0 s) R3 d/ X
- v6 i! g( N/ v
完全硬件自发,无需CPU干预:. j* S7 @/ E G/ c% R2 X
* j3 B& J# g& ~7 V2 j使用流程:# B" V; }2 f" U7 ?: f6 w
% x, s4 ^" l6 R0 N; R9 u9 k
1 K# p8 q( n: `$ x
好,由于全在MCU内部,这了也没有什么原理图,我们直接开始CUBEMC的配置:' m: u2 Y0 r7 B+ U3 p7 m
4 \. y8 z5 t {% \0 G1 [
7 a5 J- h; _# [6 A
+ W$ g& u/ k" G9 s- k
: y2 w J1 G* I
* E1 q+ m! |+ V9 C
$ V0 u2 W7 E5 z5 h
+ M% [ C8 |" D4 Z& l! A
3 p+ q1 y( S' R7 r
自动生成代码,我们添加我们的私钥及公钥对,对其进行测试:
% Q! @, y' b2 o1 |0 y8 n1 N- PKA_HandleTypeDef hpka;" r% h0 Y0 k q) n
- " J2 a. X; z: b- i' H8 `
- RNG_HandleTypeDef hrng;0 l8 Z+ [8 r' \
* w8 a$ G# j7 @- /* USER CODE BEGIN PV */) l, Q( A# W7 [ H
- PKA_ModExpProtectModeInTypeDef in = {0};$ C' q2 M( n: \% q3 m k
- % M% N a* U% N/ R- S
- /* Input vectors */
/ y9 ?$ m& l) u2 H0 j. X. ` - uint32_t input1_OpSize = 32;
" E+ @/ W2 k1 A: q - uint32_t input1_ExpSize = 32;
. {" k4 k1 N' T - uint8_t input1_1[32] = {0xE4, 0x88, 0xD8, 0x11, 0x76, 0xE5, 0x06, 0xFA, 0xB7, 0xC2, 0xFC, 0x5D, 0xF3, 0xCB, 0x75, 0x55, 0x34, 0x3F, 0x45, 0xB4, 0x78, 0x52, 0xBA, 0x7E, 0xFB, 0xF5, 0xB1, 0x2A, 0xF4, 0x0B, 0xF4, 0xB3};
1 o! Y( v4 B) o8 i8 u6 I - uint8_t input1_2[32] = {0x12, 0x28, 0x49, 0x3A, 0x81, 0xFE, 0xCA, 0x62, 0x2B, 0x2D, 0x83, 0xCD, 0x97, 0x2C, 0x28, 0x23, 0x39, 0x76, 0xF1, 0xF3, 0x71, 0xCE, 0x16, 0x84, 0xA0, 0x37, 0x98, 0xE0, 0xC7, 0x0B, 0xF4, 0x39};$ g+ x' @ z7 G# u7 [8 x2 Y, o& c
- uint8_t input1_3[32] = {0x45, 0xAB, 0x14, 0x95, 0x48, 0x22, 0x69, 0xC4, 0x8F, 0x1E, 0xCA, 0x23, 0x0C, 0x1F, 0x5A, 0xB4, 0xBC, 0xE7, 0x12, 0xD8, 0x50, 0x09, 0x54, 0xBB, 0xE2, 0x1D, 0x2A, 0x39, 0x86, 0x3E, 0xDB, 0xFB};7 S* n7 c/ a1 M2 t! U
- uint8_t input1_4[32] = {0xE4, 0x88, 0xD8, 0x11, 0x76, 0xE5, 0x06, 0xFA, 0xB7, 0xC2, 0xFC, 0x5D, 0xF3, 0xCB, 0x75, 0x53, 0x50, 0x7D, 0xA2, 0xCD, 0x98, 0x24, 0x33, 0x76, 0x14, 0x8F, 0xCF, 0xA3, 0xF5, 0xCF, 0x4A, 0x88};5 c& V" N5 m& m
- uint8_t output1[32] = {0xD1, 0x2F, 0x36, 0x6C, 0x61, 0xB5, 0x66, 0x48, 0x61, 0x17, 0x8A, 0x1E, 0x6B, 0xD0, 0xE7, 0xBF, 0x66, 0x0A, 0x2B, 0x07, 0x9D, 0x4D, 0x82, 0x68, 0x7E, 0xB1, 0x9D, 0x29, 0x94, 0x43, 0x6D, 0x39}; s- c* `1 N- `; }1 r" Y
- 1 u |7 t- C& l# e
- uint8_t buffer[32];
1 e7 `# D% g6 @# F( M F5 n% f - # } M* {8 N* ~4 f" U
- __IO uint32_t hal_EndOfProcess = 0;* A- h x- \5 C' ?* e6 X
- __IO uint32_t hal_ErrorCallback = 0;
- static uint16_t Buffercmp(uint8_t* pBuffer1, uint8_t* pBuffer2, uint16_t BufferLength);
/ U& I2 _# v7 H1 N7 e* @- /* Initialize all configured peripherals */8 ]0 D! Z7 q! u* l; R
- MX_ICACHE_Init();
; d8 |" |0 X% l# b - MX_RNG_Init(); n/ H/ }4 X$ A D h/ q
- MX_PKA_Init();2 r8 X* x7 X, T! [
- /* USER CODE BEGIN 2 */. z5 @& W# W' B2 T5 U" d
6 ?$ w: k" l- {3 |5 @+ l. d- /* Set input parameters */
; Q) W- i3 U5 Z) ^ m" R - in.OpSize = input1_OpSize;( X+ V" k" T9 A% b8 a/ \7 }
- in.expSize = input1_ExpSize;5 ^& _ f s" M- q
- in.pMod = input1_1;
+ E9 ?/ a9 }" N# g' }, C: a1 z - in.pExp = input1_2;
( E0 c2 q/ K( w8 T6 z. o/ E - in.pOp1 = input1_3;% U: L( X- k4 P+ i
- in.pPhi = input1_4;
- ^+ ?, M# i/ c4 ^. h+ e6 N) `! p- W
% f @) N0 e8 G" |- /* Start PKA protected Modular exponentiation operation */; s+ e {6 i! \) X
- if (HAL_PKA_ModExpProtectMode_IT(&hpka, &in) != HAL_OK)
& D Y5 `3 x7 ?; j/ \9 a, C - {
: X' H5 S( d, D5 M - /* HAL PKA Operation error */; p2 p0 S) w. c! _7 N! Q; k
- Error_Handler();
" V$ \1 y( [( d2 W - }5 s8 Q# L0 a& }9 B0 H* Z# K3 v" _
- 7 M* {7 m- @2 m( ^2 G4 I
- /* Wait until operation finish */
* S$ O9 o6 r% o" M$ e7 d2 u - while (!hal_EndOfProcess);
6 J4 L ^. }# A/ g - hal_EndOfProcess = 0;
0 e, Y# ^, h5 [( @8 I0 `, x
( S' m# v" W8 o3 q2 _ V$ P- /* Retrieve computation result */ v# h( E# n0 J8 R5 f
- HAL_PKA_ModExp_GetResult(&hpka, buffer);3 |2 [* M( t3 Q* s$ S! z
- 2 }9 \) ~# i i) k/ N v2 z
- /* Check retrieved result with expected result */2 T r' k5 B0 s7 V/ ~$ I2 M( L
- if ((Buffercmp((uint8_t*)buffer, (uint8_t*)output1, 32) != 0) || (hal_ErrorCallback == 1))5 W5 ^! k' g# X3 s* u" Z( q
- {
7 O5 ?5 Q% A& z5 P/ {4 i - /* HAL PKA Operation error */% [& d+ z' K& y. t' u. e$ B
- Error_Handler();
* ?0 ~1 [" A7 @+ D6 L0 r& N - }
! H! r- D2 W- E& e$ L5 M% c( A5 o- /**6 Z6 L! K: U8 R+ y- M
- * @brief Process completed callback.3 x, H8 B* X$ }
- * @param hpka PKA handle
. E7 n2 D3 c J) r5 O/ e& V - * @retval None* |% Z* `* Z9 @# d
- */. M/ V7 T' w) V2 s5 s. _1 X9 X
- void HAL_PKA_OperationCpltCallback(PKA_HandleTypeDef *hpka)
" R* c! C; U/ Y1 ~. }0 u: s3 x - {
) T b( I' P2 E - hal_EndOfProcess = 1;
+ T, ?- q" l/ l - }* v$ i! g+ I- o
- 4 r6 u9 f. w/ K+ p
- /**
+ e: }* n1 X0 s - * @brief Error callback.
! F/ @0 ?" r0 O0 `4 {. s - * @param hpka PKA handle
6 W: U6 q1 z8 H$ v2 Q p# O - * @retval None
+ {/ l: Q; {2 Q9 w$ h - */+ D+ }9 j" ^# x% [" \5 {
- void HAL_PKA_ErrorCallback(PKA_HandleTypeDef *hpka)# i( U* k3 t. Y/ R
- {( E+ v) W8 l: F
- hal_ErrorCallback = 1;
# o; N- n1 x/ O6 o! P - }6 Q. F6 l* V/ T3 P9 V" U/ }
/ _$ S4 P) M- {- m- /**! x7 d# y- N, ?( |& Z
- * @brief Compares two buffers., w6 u: h7 ~! ]2 _1 I m
- * @param pBuffer1, pBuffer2: buffers to be compared.
+ |: u" Y' J: ^5 W - * @param BufferLength: buffer's length) j5 h! p8 {4 T; A5 P+ H
- * @retval 0 : pBuffer1 identical to pBuffer2
" n2 R y3 s6 S - * >0 : pBuffer1 differs from pBuffer2, Y1 ^3 l& P( ^/ B' k, n V+ s" K
- */7 b3 j- M7 x5 |, F1 y
- static uint16_t Buffercmp(uint8_t* pBuffer1, uint8_t* pBuffer2, uint16_t BufferLength)
* y* _; Z) G8 F) W" ^0 V - {8 l8 e: L1 S& i6 @( G; n! y
- while (BufferLength--)
9 x: f6 p" D# w- M! ?9 f4 {( k - {
, M) y. O& O" f5 X, _$ S/ |" Y& ~( k8 q - if ((*pBuffer1) != *pBuffer2)4 o/ h: i1 M* G& Z' q5 G
- {
& |. p4 z2 f7 E! G - return BufferLength;
1 ?$ e. y; b8 `, a - }
- O0 P& {! `: F1 B) N - pBuffer1++;( t6 R& S% m/ P9 c- I: q0 H
- pBuffer2++;
/ c, X( F6 T9 k( @5 z - }. }( L% W* @6 c$ U
- ; q7 S- s$ x5 N( {% z5 N
- return 0;9 S* ~2 x2 F6 G9 ]2 u# T
- }
/ @6 K z5 q% L. P, W9 O( s/ M4 {
- /* USER CODE BEGIN WHILE */7 Q k* z% M2 }9 k: @, f4 ]
- while (1)6 m( z) F7 z6 C1 D0 B6 }
- {
. a& L8 j( X' M0 G9 U+ @+ O - BSP_LED_Toggle(LED7); _9 B8 F5 L; c2 E p
- HAL_Delay(400);
( R4 m' |) p7 L2 u - /* USER CODE END WHILE */. R, j* p1 q$ T$ s9 b
7 u% i5 H0 g' x* [$ ]' d- /* USER CODE BEGIN 3 */
* W( M- F/ H" T4 ]$ d - }
( D% L( R7 B& s F! P
6 X! I# ~2 d: ~, m! d2 T# b' b, ^: o4 u0 `8 a- S
用PKA加密的好处就是有多种模式可选,而且不用CPU干啥,也无需外围加密芯片~s是个不错的选择!
2 t7 c) ^4 P H' D( C2 {当然,这是有大量的兑换机制有ST及其他密码学人员帮我们弄好了,其实也是挺复杂的。对于我们开8 u6 J X& l# V# c& V
发着而言,直接拿来用即可~无需知道下单的鸡长什么~当然有大神因此去读密码学也是不是不可能~
% W8 [( Z% f& a4 t5 t( m) `. E |
微信公众号
手机版
1 N) T# \. o* f' N4 x