STM32U585主打了数据安全,当然也提供了多种方式。我们这里用B-U585I-IOT02A开发板测试 PKA加密~也就是大家经常在计算机领域听到的公钥加密法~
7 Q6 ]# }6 a! R' O8 l' } R( K我们先来看看一些导图:
^! M# U( o$ L应用场景:4 \7 [2 I T$ y8 Y( V- l0 h6 a4 {# l
: C; A) j" v( d7 m( x5 w ]. M
1 [; ]! f4 O7 W }8 C( t完全硬件自发,无需CPU干预:
0 r* l: I! _! m& C( @) i" B8 {
5 G9 B8 U4 f z: P8 c3 ]
使用流程:1 q: x& ]: j* g- P, i
% \& s/ f. b# ^$ D
' U" r- W& j3 `& M好,由于全在MCU内部,这了也没有什么原理图,我们直接开始CUBEMC的配置:. g0 K7 K9 i# J! N5 ]
9 [' M: i' i4 P# ?, q* J
7 N& A1 [7 _- _4 a3 P0 [. a0 q' t
# p. T, u9 o( S
0 i0 m9 u9 e9 p& f* Q
l) U$ [" D/ w1 h; V' U: _9 G
7 k# v6 T# a+ ]
d+ O9 q* n8 L
1 E* r" `9 s' _4 A: L
自动生成代码,我们添加我们的私钥及公钥对,对其进行测试:
5 a' i$ U! a+ ]5 A8 T- PKA_HandleTypeDef hpka;
' R5 l! d. w8 I$ Y2 O: C) n
* Y$ h# q4 w. N: C# u- RNG_HandleTypeDef hrng; E, j8 B. ~# {, i) l# g
- 1 c5 M0 h0 T5 s# y2 m: w" x
- /* USER CODE BEGIN PV */
+ g+ j4 B, W! Q3 L1 e8 J - PKA_ModExpProtectModeInTypeDef in = {0};
* x, P4 @! l) B8 {; h- J% |
9 r2 V( ?7 [! }7 u* Y- /* Input vectors */
$ t. n! v4 L$ A, k+ P" F - uint32_t input1_OpSize = 32;
% K9 G/ I H/ I- M - uint32_t input1_ExpSize = 32;
9 R; F0 B$ M- K! ~+ R7 ~ - uint8_t input1_1[32] = {0xE4, 0x88, 0xD8, 0x11, 0x76, 0xE5, 0x06, 0xFA, 0xB7, 0xC2, 0xFC, 0x5D, 0xF3, 0xCB, 0x75, 0x55, 0x34, 0x3F, 0x45, 0xB4, 0x78, 0x52, 0xBA, 0x7E, 0xFB, 0xF5, 0xB1, 0x2A, 0xF4, 0x0B, 0xF4, 0xB3};# a; k$ k* S1 `1 ^( v( R/ @
- uint8_t input1_2[32] = {0x12, 0x28, 0x49, 0x3A, 0x81, 0xFE, 0xCA, 0x62, 0x2B, 0x2D, 0x83, 0xCD, 0x97, 0x2C, 0x28, 0x23, 0x39, 0x76, 0xF1, 0xF3, 0x71, 0xCE, 0x16, 0x84, 0xA0, 0x37, 0x98, 0xE0, 0xC7, 0x0B, 0xF4, 0x39};
- w4 ~# m! `" N8 }! \# o - uint8_t input1_3[32] = {0x45, 0xAB, 0x14, 0x95, 0x48, 0x22, 0x69, 0xC4, 0x8F, 0x1E, 0xCA, 0x23, 0x0C, 0x1F, 0x5A, 0xB4, 0xBC, 0xE7, 0x12, 0xD8, 0x50, 0x09, 0x54, 0xBB, 0xE2, 0x1D, 0x2A, 0x39, 0x86, 0x3E, 0xDB, 0xFB};
6 N( j2 [* m n3 W4 F; I% p/ y - uint8_t input1_4[32] = {0xE4, 0x88, 0xD8, 0x11, 0x76, 0xE5, 0x06, 0xFA, 0xB7, 0xC2, 0xFC, 0x5D, 0xF3, 0xCB, 0x75, 0x53, 0x50, 0x7D, 0xA2, 0xCD, 0x98, 0x24, 0x33, 0x76, 0x14, 0x8F, 0xCF, 0xA3, 0xF5, 0xCF, 0x4A, 0x88};
6 F ]3 E. i( p0 I7 X, o - uint8_t output1[32] = {0xD1, 0x2F, 0x36, 0x6C, 0x61, 0xB5, 0x66, 0x48, 0x61, 0x17, 0x8A, 0x1E, 0x6B, 0xD0, 0xE7, 0xBF, 0x66, 0x0A, 0x2B, 0x07, 0x9D, 0x4D, 0x82, 0x68, 0x7E, 0xB1, 0x9D, 0x29, 0x94, 0x43, 0x6D, 0x39};
: d9 u0 S5 p/ \, W) s) H - * i9 T& ^! t0 o3 T6 F
- uint8_t buffer[32];" e7 f6 F# | g/ ] d
- ' d0 M% D& B1 r" I! E& c" T# _
- __IO uint32_t hal_EndOfProcess = 0;4 m; s5 I1 _2 R) L1 _ q+ r: a4 O( y
- __IO uint32_t hal_ErrorCallback = 0;
复制代码 计算结果与预制值得比较函数:2 C; J1 C {% B3 z6 Y
- static uint16_t Buffercmp(uint8_t* pBuffer1, uint8_t* pBuffer2, uint16_t BufferLength);
复制代码 在main函数里面添加:- w3 C6 i' B. M" N; I
- /* Initialize all configured peripherals */% w r2 X: S1 B. L1 s" C- h' t9 X
- MX_ICACHE_Init();
' t* o9 J+ V" j, S( \% z - MX_RNG_Init();( k; R, r% [3 f* I0 n. a$ B( u6 \
- MX_PKA_Init();
( f9 g( A, f- k: ^" O! w - /* USER CODE BEGIN 2 */. n' n' @/ \ `2 W/ P$ x
- / ?& {% t0 w& c/ L9 z
- /* Set input parameters */
% X' G5 H y' R9 p$ o. p - in.OpSize = input1_OpSize;
3 g9 d6 r& y0 J( ]( q - in.expSize = input1_ExpSize;
% o& t! \4 f: r0 c: u- z: p' f; G% i - in.pMod = input1_1;
- M* j9 L& ]4 _+ E9 T; Q - in.pExp = input1_2;
9 K; J5 a! r# M5 g+ d$ Q% p - in.pOp1 = input1_3;$ n- c& D$ g% Y. S8 W
- in.pPhi = input1_4;
/ v7 Q W# Y. U# G. e - & Q+ x) f6 ?* X& M$ O: G
- /* Start PKA protected Modular exponentiation operation */& P2 ^1 l& [2 F. e
- if (HAL_PKA_ModExpProtectMode_IT(&hpka, &in) != HAL_OK)
j8 s4 j4 X5 }/ J - {+ }# S6 j) m3 q+ J$ {8 t
- /* HAL PKA Operation error */
, g5 m$ K! p* I# X& ~7 C - Error_Handler();+ T D. m$ h% h$ P& }$ N" D; V) g3 M
- }8 e* F6 u9 S9 ~3 A* x/ ]( I
- . h/ x8 t8 d5 A1 @9 N/ d
- /* Wait until operation finish */; E3 \% t. s" {4 v# W
- while (!hal_EndOfProcess);& ^" t! s8 s: `+ h" m& J) o
- hal_EndOfProcess = 0;& j+ R8 Z: N8 x1 I# Z3 L' X- k( S
- # w2 t, d( q) _0 R' c6 W% I. H+ W" g& V
- /* Retrieve computation result */
4 c% `- a9 n' @% S" y: G- O - HAL_PKA_ModExp_GetResult(&hpka, buffer);3 q; D7 q) f& B: @/ x: E
- 5 o7 v; j5 W4 O$ d1 C, |$ t* p
- /* Check retrieved result with expected result */; [* \0 K( r3 C$ I7 g4 I! J
- if ((Buffercmp((uint8_t*)buffer, (uint8_t*)output1, 32) != 0) || (hal_ErrorCallback == 1))
3 B+ W( [ d0 c# u! l' u - {
! i7 i( ]% W* N0 V1 a2 S, ? - /* HAL PKA Operation error */
7 D! O/ R+ I' s5 k) w) T. X+ r7 \+ O - Error_Handler();
. A6 ~; v9 t; h1 S - }
复制代码 一些回调函数:
' H- f: {6 h& T0 v( k- /**1 O: s7 _8 U/ d
- * @brief Process completed callback.! C& q3 v- ]5 Y3 e
- * @param hpka PKA handle6 U- M% L& Y3 D! t; {
- * @retval None$ T# I2 i3 \; n0 K( ?8 V8 I+ r3 q
- */# n5 D7 ]5 R# ]4 L
- void HAL_PKA_OperationCpltCallback(PKA_HandleTypeDef *hpka)
& r) W+ `: q9 n1 h6 s5 \$ P - {
4 R* @8 H9 ]( j ? - hal_EndOfProcess = 1;% B8 Z! U1 m7 P3 G& l/ S
- }8 k( z( r# d- B% G1 @
- . o/ d' u' z8 \0 b& @2 X$ u
- /**
8 d/ B9 g' l8 [2 i" z - * @brief Error callback." S& ?# u* j _% ]) `9 q
- * @param hpka PKA handle
! }( g) n, _0 g, s+ u( Z7 A9 @ - * @retval None
3 ^- `. L- Z5 L' `! C1 z/ { - */6 u, A7 H6 H3 F4 V
- void HAL_PKA_ErrorCallback(PKA_HandleTypeDef *hpka)- E- i) t w+ y% u
- {
2 L- I( c+ n9 \' I/ d# A3 t - hal_ErrorCallback = 1;6 y6 ?, j- `! J6 \ u
- }% o0 W5 }9 g, w$ ^ m- H, A
' l( S5 v0 P2 Q$ ~- /**- \5 ^: B* t) z4 G& T+ Q7 q
- * @brief Compares two buffers.
8 V9 T( A: p6 s- S# ~ - * @param pBuffer1, pBuffer2: buffers to be compared.) C/ d7 `5 z9 z% w* Z6 x' u; b7 t1 A
- * @param BufferLength: buffer's length
, f4 z9 v0 p0 U5 r, k6 }* I' S - * @retval 0 : pBuffer1 identical to pBuffer2( C5 [' Y7 m/ ]4 w) y
- * >0 : pBuffer1 differs from pBuffer2+ c1 Y, o% \$ a5 ~0 u
- */
1 d5 Z5 E. N' @! B( W0 o - static uint16_t Buffercmp(uint8_t* pBuffer1, uint8_t* pBuffer2, uint16_t BufferLength)
9 y! D) ]* l# I: c - {5 M0 T$ F/ r) s: T
- while (BufferLength--)& l* B. }: e: |/ v/ x1 I& j; ?) X
- {! |+ \8 W: |2 N% d! C" q
- if ((*pBuffer1) != *pBuffer2)4 @7 V' p( [7 O2 o
- {+ A, T3 ?; M2 t3 S9 \! [
- return BufferLength;- l5 `0 A2 D' b, m
- }8 \5 c( _/ h* [6 {* H* y6 x
- pBuffer1++;$ `; x. c( j9 Z( U+ w7 r( B
- pBuffer2++;
8 K4 F% x" U7 S8 M6 @ - }
3 o* j2 P+ ?- c& V; f5 V% X# Z - 3 n# _6 h5 _- D# n/ c
- return 0;
. V1 b% A6 ^4 h, j9 R% x9 C+ | - }
1 T& x4 c* _" d# `& w- u( K
复制代码 我们在while开启LED循环,只有前面秘钥验证正确后,才能执行到该处~
9 b" J; ]9 _2 B3 J; d" c, f- /* USER CODE BEGIN WHILE */
" ~. u B, ]1 k0 L - while (1); ]: k6 V) A& @# w; }5 {( \
- {
; H. a2 d& ?3 z+ i - BSP_LED_Toggle(LED7); f' N( m3 _- d1 U3 a8 O
- HAL_Delay(400);
8 W8 C2 J* a7 Q! W- I+ o - /* USER CODE END WHILE */
1 I5 S! n! F/ w6 {
2 j- ]3 t' u7 q' Y' f+ ~4 h- /* USER CODE BEGIN 3 */
9 t! Z% D5 W. d" c' w) l0 Q J' L" @ - }
复制代码 编译,下载查看,测试通过LED闪烁:
& g8 W7 ?! w! @
% z0 H* [# u2 x& o' }0 E; \+ R
7 ?0 g( O, h1 I$ u用PKA加密的好处就是有多种模式可选,而且不用CPU干啥,也无需外围加密芯片~s是个不错的选择!
+ k" X2 l& M9 Z0 g1 D) U当然,这是有大量的兑换机制有ST及其他密码学人员帮我们弄好了,其实也是挺复杂的。对于我们开: d5 v, b- r' z n" y) t6 @8 }
发着而言,直接拿来用即可~无需知道下单的鸡长什么~当然有大神因此去读密码学也是不是不可能~- A* A! _1 }+ d. V( r& @) ^
|
% Q( N# B+ Q1 Q M& S3 E) L