感谢这位博主,文章具有很高的参考价值:
STM32F1做RSA,AES数据加解密,MD5信息摘要处理_我以为我爱了的博客-CSDN博客
概述
ST官方在很多年前就推出了自己的加密库,配合ST芯片用起来非常方便,支持ST的所有MCU,官方已经给出了例程,移植起来非常简单方便,其他厂家Cotex-M内核芯片应该也可以使用吧,没试过,各位看官可以试一下,我使用的是最新版的V4.0.2 / 13-March-2023,下面也是以该版本进行移植。
关于STM32 Cryptographic的介绍:
Introduction to cryptographic library with STM32 - stm32mcu --- STM32加密库简介 - stm32mcu (stmicroelectronics.cn)
关于V4版本库和V3版本库的比较已经用法可以参考:
信息安全主题 | 新版STM32加解密算法库——X-Cube-Cryptolib V4 (stmicroelectronics.cn)
STM32 Cryptographic V4版本下载(建议使用V4,比上一代优化了):
X-CUBE-CRYPTOLIB - STM32 cryptographic firmware library software expansion for STM32Cube - STMicroelectronics
V3版本下载:
X-CUBE-CRYPTO-V3 - STM32 cryptographic firmware library software expansion for STM32Cube (UM1924) - STMicroelectronics
所有Cryptolib V4相关的文档都通过STM32 MCU Wiki以网页形式提供,不再提供单独的UM和其他文档,官方文档:
Category:Cryptographic library - stm32mcu (stmicroelectronics.cn)
V3版本与V4版本比较
V4的参考例程则类似Cube/X-Cube包的结构,在Projects目录下的各个系列的子目录中提供。
新版本示例工程支持的系列包括STM32G0,STM32G4
STM32H7
STM32L0,STM32L1,STM32L4,STM32L5,STM32U5 (V4.0.1中包含)
STM32WB,STM32WL
移植
下载下加密库后,其文件夹各内容如下所示:
在【projects】文件夹下有很多ST的芯片的不同加密算法的加密实例,我们自己写程序时就可以参考里面的实例进行修改和使用,如下所示:
我们移植主要使用的是【\Middlewares\ST\STM32_Cryptographic】这个文件里的内容,你可以简单粗暴直接把STM32_Cryptographic文件夹复制到工程文件里,也可以只复制【include】【lib】和【interface】这3个文件夹到工程文件里,我们加密算法使用的就是这两个文件夹里的文件。其中需要注意的是【interface】这个文件夹里存放的【cmox_low_level_template.c】文件是芯片CRC使能和失能的配置文件,ST的加密库需要打开CRC才能使用,我们需要根据所使用的芯片编修改该文件;【include】文件存放的是一些头文件,不需要修改,【lib】文件夹存放的是加密库文件,根据不同的内核选择加密库;注意:V3版本的加密库使用的不是以内核来划分的。
修改Keil工程添加文件:
1.将【include】文件中的头文件包含在工程中
2.添加加密库lib文件中.a后缀的库,我这里是M4内核的
如果添加的.a后缀编译不识别就进行如下操作配置成库文件:
3.将cmox_low_level_template.c改成cmox_low_level.c文件添加到工程中(改不改都无所谓,添加进来就行),然后在cmox_ll_init()函数内修改为自己使用芯片的CRC使能配置;
原cmox_low_level_template.c文件:
#include "cmox_init.h"
#include "cmox_low_level.h"
/* #include "stm32<series>xx_hal.h" *//*** @brief CMOX library low level initialization* @param pArg User defined parameter that is transmitted from initialize service* @retval Initialization status: @ref CMOX_INIT_SUCCESS / @ref CMOX_INIT_FAIL*/
cmox_init_retval_t cmox_ll_init(void *pArg)
{(void)pArg;/* Ensure CRC is enabled for cryptographic processing */__HAL_RCC_CRC_RELEASE_RESET();__HAL_RCC_CRC_CLK_ENABLE();return CMOX_INIT_SUCCESS;
}/*** @brief CMOX library low level de-initialization* @param pArg User defined parameter that is transmitted from finalize service* @retval De-initialization status: @ref CMOX_INIT_SUCCESS / @ref CMOX_INIT_FAIL*/
cmox_init_retval_t cmox_ll_deInit(void *pArg)
{(void)pArg;/* Do not turn off CRC to avoid side effect on other SW parts using it */return CMOX_INIT_SUCCESS;
}
修改为我使用的F411芯片的CRC使能:
/********************************************************************************* @file cmox_low_level_template.c* @brief******************************************************************************* @attention** Copyright (c) 2021 STMicroelectronics.* All rights reserved.** This software is licensed under terms that can be found in the LICENSE file* in the root directory of this software component.* If no LICENSE file comes with this software, it is provided AS-IS.********************************************************************************/#include "cmox_init.h"
#include "cmox_low_level.h"
#include "stm32f4xx.h"
/* #include "stm32<series>xx_hal.h" *//*** @brief CMOX library low level initialization* @param pArg User defined parameter that is transmitted from initialize service* @retval Initialization status: @ref CMOX_INIT_SUCCESS / @ref CMOX_INIT_FAIL*/
cmox_init_retval_t cmox_ll_init(void *pArg)
{(void)pArg;/* Ensure CRC is enabled for cryptographic processing */RCC_AHB1PeriphResetCmd(RCC_AHB1Periph_CRC, DISABLE); //失能CRCRCC_AHB1PeriphClockCmd(RCC_AHB1Periph_CRC, ENABLE); //使能CRC时钟return CMOX_INIT_SUCCESS;
}/*** @brief CMOX library low level de-initialization* @param pArg User defined parameter that is transmitted from finalize service* @retval De-initialization status: @ref CMOX_INIT_SUCCESS / @ref CMOX_INIT_FAIL*/
cmox_init_retval_t cmox_ll_deInit(void *pArg)
{(void)pArg;/* Do not turn off CRC to avoid side effect on other SW parts using it */return CMOX_INIT_SUCCESS;
}
移植步骤就做完了,下面进行验证
验证加密库
验证的话可以直接在移植文件夹的【Projects】内找到相同内核的芯片选择一个你要使用的加密方式将其main文件拷贝到你的工程中修改后进行验证,我这里使用的是AES加密,程序如下:
#include "main.h"
#include "communicate.h"
#include "cmox_crypto.h"int lv_usart1_init(void);
int lv_delay_init(void);/* Global variables ----------------------------------------------------------*/
/* CBC context handle */
cmox_cbc_handle_t Cbc_Ctx;//__IO TestStatus glob_status = FAILED;
/* Private typedef -----------------------------------------------------------*/
/* Private defines -----------------------------------------------------------*/
#define CHUNK_SIZE 48u /* Chunk size (in bytes) when data to encrypt or decrypt are processed by chunk */
/* Private macros ------------------------------------------------------------*/
/* Private variables ---------------------------------------------------------*///密钥
const uint8_t Key[] =
{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
//偏移量
const uint8_t IV[] =
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
const uint8_t Plaintext[] =
{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};
const uint8_t Expected_Ciphertext[] =
{0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7
};/* Computed data buffer */
uint8_t Computed_Ciphertext[sizeof(Expected_Ciphertext)];
uint8_t Computed_Plaintext[sizeof(Plaintext)];RCC_ClocksTypeDef get_rcc_clock;int main(void)
{cmox_cipher_retval_t retval;size_t computed_size;/* General cipher context */cmox_cipher_handle_t *cipher_ctx;/* Index for piecemeal processing */uint32_t index;lv_usart1_init();lv_delay_init();/*开启CRC,使用ST加密库需要开启CRC*/if (cmox_initialize(NULL) != CMOX_INIT_SUCCESS){printf("init error\r\n");}/**************************************************************************************************** CRC-None加密***************************************************************************************************/retval = cmox_cipher_encrypt(CMOX_AESSMALL_CBC_ENC_ALGO, /* Use AES CBC algorithm */Plaintext, sizeof(Plaintext)-1, /* Plaintext to encrypt */Key, sizeof(Key), /* AES key to use */IV, sizeof(IV), /* Initialization vector */Computed_Ciphertext, &computed_size); /* Data buffer to receive generated ciphertext *//* Verify API returned value */if (retval != CMOX_CIPHER_SUCCESS){printf("CBC ERROR\r\n");}printf("CBC encrypt data:\r\n");for(int i=0; i<computed_size; i++){printf("%x",Computed_Ciphertext[i]);}printf("\r\n");/* Compute directly the plaintext passing all the needed parameters *//* Note: CMOX_AES_CBC_DEC_ALGO refer to the default AES implementation* selected in cmox_default_config.h. To use a specific implementation, user can* directly choose:* - CMOX_AESFAST_CBC_DEC_ALGO to select the AES fast implementation* - CMOX_AESSMALL_CBC_DEC_ALGO to select the AES small implementation*//*********************************************************************************CRC-None解密********************************************************************************/retval = cmox_cipher_decrypt(CMOX_AES_CBC_DEC_ALGO, /* Use AES CBC algorithm */Computed_Ciphertext, computed_size, /* Ciphertext to decrypt */Key, sizeof(Key), /* AES key to use */IV, sizeof(IV), /* Initialization vector */Computed_Plaintext, &computed_size); /* Data buffer to receive generated plaintext *//* Verify API returned value */if (retval != CMOX_CIPHER_SUCCESS){printf("CBC decrypt ERROR\r\n");}printf("CBC decrypt data:\r\n");{for(int i=0; i<computed_size; i++){printf("%x",Computed_Plaintext[i]);}}printf("\r\ncomputed_size:%d\r\n",computed_size);/*********************************************************************************************SHA256演示********************************************************************************************/const uint8_t Message[] ={0x6b, 0x91, 0x8f, 0xb1, 0xa5, 0xad, 0x1f, 0x9c, 0x5e, 0x5d, 0xbd, 0xf1, 0x0a, 0x93, 0xa9, 0xc8,0xf6, 0xbc, 0xa8, 0x9f, 0x37, 0xe7, 0x9c, 0x9f, 0xe1, 0x2a, 0x57, 0x22, 0x79, 0x41, 0xb1, 0x73,0xac, 0x79, 0xd8, 0xd4, 0x40, 0xcd, 0xe8, 0xc6, 0x4c, 0x4e, 0xbc, 0x84, 0xa4, 0xc8, 0x03, 0xd1,0x98, 0xa2, 0x96, 0xf3, 0xde, 0x06, 0x09, 0x00, 0xcc, 0x42, 0x7f, 0x58, 0xca, 0x6e, 0xc3, 0x73,0x08, 0x4f, 0x95, 0xdd, 0x6c, 0x7c, 0x42, 0x7e, 0xcf, 0xbf, 0x78, 0x1f, 0x68, 0xbe, 0x57, 0x2a,0x88, 0xdb, 0xcb, 0xb1, 0x88, 0x58, 0x1a, 0xb2, 0x00, 0xbf, 0xb9, 0x9a, 0x3a, 0x81, 0x64, 0x07,0xe7, 0xdd, 0x6d, 0xd2, 0x10, 0x03, 0x55, 0x4d, 0x4f, 0x7a, 0x99, 0xc9, 0x3e, 0xbf, 0xce, 0x5c,0x30, 0x2f, 0xf0, 0xe1, 0x1f, 0x26, 0xf8, 0x3f, 0xe6, 0x69, 0xac, 0xef, 0xb0, 0xc1, 0xbb, 0xb8,0xb1, 0xe9, 0x09, 0xbd, 0x14, 0xaa, 0x48, 0xba, 0x34, 0x45, 0xc8, 0x8b, 0x0e, 0x11, 0x90, 0xee,0xf7, 0x65, 0xad, 0x89, 0x8a, 0xb8, 0xca, 0x2f, 0xe5, 0x07, 0x01, 0x5f, 0x15, 0x78, 0xf1, 0x0d,0xce, 0x3c, 0x11, 0xa5, 0x5f, 0xb9, 0x43, 0x4e, 0xe6, 0xe9, 0xad, 0x6c, 0xc0, 0xfd, 0xc4, 0x68,0x44, 0x47, 0xa9, 0xb3, 0xb1, 0x56, 0xb9, 0x08, 0x64, 0x63, 0x60, 0xf2, 0x4f, 0xec, 0x2d, 0x8f,0xa6, 0x9e, 0x2c, 0x93, 0xdb, 0x78, 0x70, 0x8f, 0xcd, 0x2e, 0xef, 0x74, 0x3d, 0xcb, 0x93, 0x53,0x81, 0x9b, 0x8d, 0x66, 0x7c, 0x48, 0xed, 0x54, 0xcd, 0x43, 0x6f, 0xb1, 0x47, 0x65, 0x98, 0xc4,0xa1, 0xd7, 0x02, 0x8e, 0x6f, 0x2f, 0xf5, 0x07, 0x51, 0xdb, 0x36, 0xab, 0x6b, 0xc3, 0x24, 0x35,0x15, 0x2a, 0x00, 0xab, 0xd3, 0xd5, 0x8d, 0x9a, 0x87, 0x70, 0xd9, 0xa3, 0xe5, 0x2d, 0x5a, 0x36,0x28, 0xae, 0x3c, 0x9e, 0x03, 0x25};uint8_t computed_hash[CMOX_SHA256_SIZE];retval = cmox_hash_compute(CMOX_SHA256_ALGO, /* Use SHA256 algorithm */Message, sizeof(Message), /* Message to digest */computed_hash, /* Data buffer to receive digest data */CMOX_SHA256_SIZE, /* Expected digest size */&computed_size); /* Size of computed digest *//* Verify API returned value */if (retval != CMOX_HASH_SUCCESS){printf("HASH ERROR\r\n");}printf("HASH data:\r\n");for(int i=0; i<computed_size; i++){printf("%x ",computed_hash[i]);}while(1){}}结果:
验证:AES 加密/解密 - 在线工具
AES加密
SHA256
