Yaliyomo kujificha
1 Kifurushi cha Programu cha X-CUBE-STSE01
2 Utangulizi
3 Taarifa za jumla
4 Maelezo ya jumla
5 Programu ya maonyesho
6 Faharasa
7 Historia ya marekebisho
8 TANGAZO MUHIMU – SOMA KWA UMAKINI
9 Nyaraka / Rasilimali
9.1 Marejeleo

X-CUBE-LOGO

Kifurushi cha Programu cha X-CUBE-STSE01

X-CUBE-STSE-Software-Package (4)

Utangulizi

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Kuoanisha.
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

Taarifa za jumla

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • Arm ni alama ya biashara iliyosajiliwa ya Arm Limited (au tanzu zake) huko Merika na / au kwingineko.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

Kipengele salama cha STSAFE-A1x0

STSAFE-A110 na STSAFE-A120 ni suluhisho salama sana ambalo hutumika kama kipengele salama kutoa huduma za uthibitishaji na usimamizi wa data kwa seva pangishi ya ndani au ya mbali. Inajumuisha suluhisho kamili la turnkey na mfumo salama wa uendeshaji unaoendesha kizazi cha hivi karibuni cha vidhibiti vidogo vilivyo salama.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Uthibitishaji (wa vifaa vya pembeni, IoT na vifaa vya USB Type-C®).
  • Salama uanzishaji wa kituo na seva pangishi ya mbali ikijumuisha usalama wa safu ya usafiri (TLS) kupeana mkono.
  • Huduma ya uthibitishaji wa saini (salama boot na uboreshaji wa firmware).
  • Ufuatiliaji wa matumizi na vihesabio salama.
  • Kuoanisha na kulinda kituo kwa kutumia kichakataji cha programu mwenyeji.
  • Kufunga na kufungua bahasha za mwenyeji wa ndani au wa mbali.
  • Uzalishaji wa jozi za ufunguo kwenye-chip.

Maelezo ya Maktaba ya STSecureElement (STSELib).

Sehemu hii inaelezea maudhui ya kifurushi cha programu ya kati ya STSELib na njia ya kukitumia.

Maelezo ya jumla

STSELib middleware ni seti ya vipengele vya programu vilivyoundwa ili:

  • unganisha kifaa salama cha STSAFE-A110 na STSAFE-A120 chenye MCU.
  • tekeleza matukio ya matumizi ya kawaida ya STSAFE-A110 na STSAFE-A120.
  • Vifaa vya kati vya STSELib vimeunganishwa kikamilifu ndani ya vifurushi vya programu vya ST kama kipengele cha kati ili kuongeza vipengele salama vya vipengele.
  • Vifaa vya kati vya STSELib hutoa seti kamili ya vitendakazi vya kiwango cha juu cha Kuandaa Programu kwa msanidi wa mfumo uliopachikwa. Muhtasari huu wa Middleware ni muundo na mpangilio wa amri zinazohitajika ili kuhakikisha kifaa, vifuasi na ulinzi unaoweza kutumika wa chapa kwa kutumia STMicroelectronics STSAFE-Kipengele salama cha familia.
  • Kifaa hiki cha kati huruhusu muunganisho usio na mshono wa STSAFE-A moja au nyingi katika mfumo ikolojia wa mwenyeji mbalimbali wa MCU/MPU.
  • Rejelea madokezo ya toleo yanayopatikana katika folda ya mizizi ya kifurushi kwa maelezo kuhusu matoleo ya IDE yanayotumika.

Usanifu
Vifaa vya kati vya STSELib vinajumuisha moduli tatu za programu kama inavyoonyeshwa kwenye takwimu hapa chini. Kila safu hutoa kiwango tofauti cha uondoaji wa mfumo kwa msanidi programu aliyepachikwa.

X-CUBE-STSE-Software-Package (2)

Kielelezo kilicho hapa chini kinaonyesha vifaa vya kati vya STSELib vilivyounganishwa katika programu ya kawaida ya STM32Cube, inayoendeshwa kwenye ubao wa upanuzi wa X-NUCLEO-SAFEA1 au X-NUCLEO-ESE01A1 uliowekwa kwenye ubao wa STM32 Nucleo.

Kielelezo 2. Mchoro wa kuzuia maombi ya X-CUBE-STSE01

X-CUBE-STSE-Software-Package (3)

Ili kutoa uhuru bora wa maunzi na jukwaa, vifaa vya kati vya STSELib havijaunganishwa moja kwa moja na STM32Cube HAL, lakini kupitia kiolesura. fileinatekelezwa katika kiwango cha maombi

  • Safu ya Kiolesura cha Kutayarisha Programu (API).
    Safu hii ya programu ni mahali pa kuingilia kwa programu ya mfumo. Inatoa seti ya vitendakazi vya hali ya juu vinavyoruhusu mwingiliano na Vipengee Salama vya STMicroelectronics. Safu ya Api hutoa ufupisho kwa programu tofauti kama vile Usimamizi wa Kipengele Salama, Uthibitishaji, Hifadhi ya Data, Usimamizi wa Ufunguo.
  • Safu ya huduma
    Safu ya SERVICE hutoa seti ya huduma za bidhaa zinazounda amri zote zinazoauniwa na kipengele salama kinacholengwa na huripoti majibu kwa safu za juu za API/Maombi. Safu hii inaweza kutumika moja kwa moja kutoka kwa Maombi (kwa mtumiaji wa hali ya juu).
  • Safu ya msingi
    Ina ufafanuzi wa jumla wa Kipengele Salama cha ST na chaguo za kukokotoa za kuwasiliana na kipengele salama kinacholengwa.
    Safu ya msingi hushughulikia uundaji wa ujumbe na vile vile kutoa muhtasari wa jukwaa kwa safu zilizo hapo juu.

Muundo wa folda
Kielelezo hapa chini kinawasilisha muundo wa folda ya X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Programu ya maonyesho

Sehemu hii inaonyesha programu ya maonyesho kulingana na programu ya kati ya STSELib.

Uthibitishaji
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for example kwa michezo, vifaa vya rununu au vifaa vya matumizi, ni sawa kabisa.
Kwa madhumuni ya maonyesho, seva pangishi za ndani na za mbali ni kifaa sawa hapa.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Kuoanisha (Utoaji Muhimu wa Mwenyeji)
Kanuni hii example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code example lazima itekelezwe kwa mafanikio kabla ya kutekeleza nambari zote zifuatazo exampchini.

Mtiririko wa amri

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    Uendeshaji huu hutokea tu ikiwa nafasi ya ufunguo wa bahasha ya ndani ya STSAFE-A110 haijajazwa.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Uanzishaji muhimu (ufunguo wa ulinganifu AES-128 CMAC)
Onyesho hili linaonyesha kisa ambapo kifaa cha STSAFE-A110 kimewekwa kwenye kifaa (kama vile kifaa cha IoT), ambacho huwasiliana na seva ya mbali, na kinahitaji kuanzisha chaneli salama ili kubadilishana nayo data.
Katika hii exampna, kifaa cha STM32 kinachukua jukumu la seva ya mbali (mwenyeji wa mbali) na seva pangishi ya ndani ambayo imeunganishwa kwenye kifaa cha STSAFE-A110.
Lengo la kesi hii ya utumiaji ni kuonyesha jinsi ya kuanzisha siri iliyoshirikiwa kati ya seva pangishi ya ndani na seva ya mbali kwa kutumia mpango wa mviringo wa Diffie-Hellman wenye msimbo tuli (ECDH) au ephemeral (ECDHE) katika STSAFE-A110.
Siri iliyoshirikiwa inapaswa kutolewa zaidi kwa funguo moja au zaidi za kufanya kazi (hazijaonyeshwa hapa). Vifunguo hivi vya kufanya kazi vinaweza kutumika katika itifaki za mawasiliano kama vile TLS, kwa mfanoample kwa kulinda usiri, uadilifu na uhalisi wa data ambayo hubadilishwa kati ya seva pangishi ya ndani na seva ya mbali.

Mtiririko wa amri
Kielelezo 4. Mtiririko wa amri kuu ya uanzishaji unaonyesha mtiririko wa amri:

  • Vifunguo vya faragha na vya umma vya seva pangishi ya mbali vimewekwa misimbo ngumu katika msimbo wa zamaniample.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • STSAFE-A110/ STSAFE-A120 hutuma tena siri ya mwenyeji wa ndani kwa STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Funga/fungua bahasha za ndani

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Uzalishaji wa jozi muhimu
Onyesho hili linaonyesha mtiririko wa amri ambapo kifaa cha STSAFE-A110/STSAFE-A120 kimewekwa kwenye seva pangishi ya ndani. Mpangishi wa mbali anauliza mwenyeji huyu wa karibu kuunda jozi ya ufunguo (ufunguo wa faragha na ufunguo wa umma) kwenye slot 1 na kisha kutia sahihi kwenye changamoto (nambari isiyo ya kawaida) kwa ufunguo wa faragha uliozalishwa.
Kipangishi cha mbali kinaweza kuthibitisha saini kwa ufunguo wa umma uliotolewa.
Onyesho hili ni sawa na onyesho la Uthibitishaji lenye tofauti mbili:

  • Jozi muhimu katika onyesho la Uthibitishaji tayari imetolewa (kwenye nafasi ya 0), ambapo, katika ex hii.ample, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Mtiririko wa amri
Kwa madhumuni ya maonyesho, seva pangishi za ndani na za mbali ni kifaa sawa hapa.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Faharasa

Ufupisho Maana
AES Kiwango cha Juu cha Usimbaji fiche
ANSI Taasisi ya Kitaifa ya Viwango ya Amerika
API Kiolesura cha programu ya programu
BSP Kifurushi cha usaidizi wa bodi
CA Mamlaka ya Udhibitishaji
CC Vigezo vya Kawaida
C-MAC Msimbo wa uthibitishaji wa ujumbe wa amri
ECC Usimbaji fiche wa mviringo wa mviringo
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
EWARM IAR Embedded Workbench® for Arm®
HAL Safu ya uondoaji wa vifaa
I/O Ingizo/pato
IAR Systems® World leader in software tools and services for embedded systems development.
IDE Mazingira jumuishi ya maendeleo. Programu tumizi ambayo hutoa vifaa vya kina kwa watayarishaji wa programu za kompyuta kwa ukuzaji wa programu.
IoT Mtandao wa mambo
I²C Saketi iliyounganishwa (IIC)
LL Madereva ya kiwango cha chini
MAC Msimbo wa uthibitishaji wa ujumbe
MCU Kitengo cha Microcontroller
MDK-ARM Keil® microcontroller development kit for Arm®
MPU Kitengo cha ulinzi wa kumbukumbu
NVM Kumbukumbu isiyo na tete
OS Mfumo wa uendeshaji
SE Kipengele salama
SHA Salama algorithm ya Hash
SLA Mkataba wa leseni ya programu
ST STMicroelectronics
TLS Usalama wa Tabaka la Usafiri
USB Basi la Universal Serial

Historia ya marekebisho

Tarehe Marekebisho Mabadiliko
23-Juni-2025 1 Kutolewa kwa awali.

TANGAZO MUHIMU – SOMA KWA UMAKINI

  • STMicroelectronics NV na kampuni zake tanzu (“ST”) inahifadhi haki ya kufanya mabadiliko, masahihisho, uboreshaji, marekebisho na uboreshaji wa bidhaa za ST na/au kwa hati hii wakati wowote bila taarifa. Wanunuzi wanapaswa kupata taarifa muhimu kuhusu bidhaa za ST kabla ya kuagiza. Bidhaa za ST zinauzwa kwa mujibu wa sheria na masharti ya ST ya mauzo yaliyopo wakati wa uthibitishaji wa agizo.
  • Wanunuzi wanawajibika kikamilifu kwa uchaguzi, uteuzi na matumizi ya bidhaa za ST na ST haichukui dhima ya usaidizi wa maombi au muundo wa bidhaa za wanunuzi.
  • Hakuna leseni, iliyoelezwa au iliyodokezwa, kwa haki yoyote ya uvumbuzi inayotolewa na ST humu.
  • Uuzaji wa bidhaa za ST zenye masharti tofauti na maelezo yaliyoelezwa hapa yatabatilisha udhamini wowote uliotolewa na ST kwa bidhaa hiyo.
  • ST na nembo ya ST ni alama za biashara za ST. Kwa maelezo ya ziada kuhusu chapa za biashara za ST, rejelea www.st.com/trademarks. Majina mengine yote ya bidhaa au huduma ni mali ya wamiliki husika.
  • Maelezo katika waraka huu yanachukua nafasi na kuchukua nafasi ya maelezo yaliyotolewa awali katika matoleo yoyote ya awali ya hati hii.
  • © 2025 STMicroelectronics - Haki zote zimehifadhiwa

Nyaraka / Rasilimali

Kifurushi cha Programu cha ST X-CUBE-STSE01 [pdf] Mwongozo wa Mtumiaji
Kifurushi cha Programu cha X-CUBE-STSE01, Kifurushi cha Programu, Programu

Marejeleo

Acha maoni

Barua pepe yako haitachapishwa. Sehemu zinazohitajika zimetiwa alama *