ọdịnaya zoo
1 Ngwugwu ngwanrọ X-CUBE-STSE01
2 Okwu mmalite
3 ozi izugbe
4 Nkọwa zuru oke
5 Akụrụngwa ngosi
6 Nkọwa okwu
7 Akụkọ ngbanwe
8 ỌMỤMỤ dị mkpa – Gụọ nke ọma
9 Akwụkwọ / akụrụngwa
9.1 Ntụaka

X-CUBE-LOGO

Ngwugwu ngwanrọ X-CUBE-STSE01

X-CUBE-STSE-Software-Package (4)

Okwu mmalite

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Na -ejikọ.
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

ozi izugbe

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • Arm bụ ụghalaahịa edenyere n'akwụkwọ ikikere nke Arm Limited (ma ọ bụ ndị enyemaka ya) na US na/ma ọ bụ ebe ọzọ.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

Ihe nchekwa STSAFE-A1x0

STSAFE-A110 na STSAFE-A120 bụ ihe ngwọta dị oke nchebe nke na-arụ ọrụ dị ka ihe nchekwa na-enye ọrụ nyocha na njikwa data na mpaghara ma ọ bụ nke dịpụrụ adịpụ. Ọ nwere ngwọta ntụgharị ntụgharị zuru oke yana sistemụ arụ ọrụ echedoro na-agba ọsọ na ọgbọ ọhụrụ nke microcontrollers echedoro.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Nyocha (nke mpụta, ngwaọrụ IoT na USB Ụdị-C®).
  • Nhazi ọwa echekwara nke nwere ndị ọbịa dịpụrụ adịpụ gụnyere nchekwa nchekwa njem (TLS).
  • Ọrụ nkwenye mbinye aka (boot echekwara na nkwalite ngwa ngwa).
  • Nyochaa ojiji na counters echedoro.
  • Ijikọ na ọwa echekwara ya na ngwa nhazi ngwa.
  • Ichichi na mwepu nke envelopu nke mpaghara ma ọ bụ nke dịpụrụ adịpụ.
  • Ọgbọ ụzọ igodo on-chip.

Nkọwa ọbá akwụkwọ STECureElement (STSELib).

Ngalaba a na-akọwa ọdịnaya ngwungwu STSElib middleware yana otu esi eji ya.

Nkọwa zuru oke

STSELib middleware bụ otu ngwa ngwa emebere ka:

  • interface STSAFE-A110 na STSAFE-A120 ngwaọrụ emebere nwere MCU.
  • mejuputa usoro STSAFE-A110 na STSAFE-A120 kachasị.
  • A na-ejikọta STSELib middleware n'ime ngwugwu ngwanrọ ST dị ka ihe etiti iji gbakwunye atụmatụ mmewere echedoro.
  • STSELib middleware na-enye ndị nrụpụta sistemụ agbakwunyere nrụnye zuru oke nke ọrụ mmemme mmemme ngwa dị elu. Nke a Middleware na-ewu na usoro nke iwu achọrọ iji hụ na ngwaọrụ, ngwa na nchekwa ngwaahịa eji STMicroelectronics STSAFE-A ezinụlọ mmewere echekwara.
  • Nke a middleware na-enye ohere njikọta enweghị nkebi nke otu ma ọ bụ ọtụtụ STSAFE-A na gburugburu ebe obibi MCU/MPU nnabata dị iche iche.
  • Rụtụ aka na ndetu ntọhapụ dị na nchekwa mgbọrọgwụ ngwugwu maka ozi gbasara ụdị IDE akwadoro.

Nhazi
STSELib middleware nwere modul sọftụwia atọ dịka e gosiri na foto dị n'okpuru. Igwe oyibo ọ bụla na-enye ọkwa dị iche iche nke abstraction usoro maka onye nrụpụta usoro agbakwunyere.

X-CUBE-STSE-Software-Package (2)

Ọnụ ọgụgụ dị n'okpuru na-egosi STSELib middleware agbakwunyere na ngwa STM32Cube ọkọlọtọ, na-agba ọsọ na X-NUCLEO-SAFEA1 ma ọ bụ X-NUCLEO-ESE01A1 gbasaa osisi nke etinyere na bọọdụ STM32 Nucleo.

Ọgụgụ 2. X-CUBE-STSE01 eserese ngọngọ ngwa

X-CUBE-STSE-Software-Package (3)

Iji nye ngwaike kachasị mma na nnwere onwe ikpo okwu, STSElib middleware adịghị ejikọta ya na STM32Cube HAL, kama site na interface. files emejuputa atumatu na ngwa ngwa

  • Ngwa Programming Interface (API) oyi akwa
    Igwe ngwanrọ a bụ ebe ntinye maka ngwa sistemụ. Ọ na-enye usoro ọrụ dị elu na-enye ohere mmekọrịta ya na STMicroelectronics Secure Elements. Ihe oyi akwa Api na-enye abstraction maka ngwa dị iche iche dị ka njikwa ihe nchekwa nchekwa, nkwenye, nchekwa data, njikwa igodo.
  • oyi akwa ọrụ
    Okpokoro SERVICE na-enye otu ọrụ ngwaahịa na-ahazi iwu niile nke ihe echedoro echedoro na-akwado ma na-akọ nzaghachi na API/Ngwa dị elu. Enwere ike iji oyi akwa a ozugbo site na Ngwa (maka onye ọrụ dị elu).
  • Isi oyi akwa
    Nwere nkọwa zuru oke maka ST Secure Element yana ọrụ maka imekọrịta ihe na ihe echedoro echedoro.
    Isi oyi akwa na-ejikwa nhazi nke ozi yana na-enye abstraction ikpo okwu maka ọkwa dị n'elu.

Ọdịdị nchekwa
Ọnụ ọgụgụ dị n'okpuru na-egosi nhazi nchekwa nke X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Akụrụngwa ngosi

Akụkụ a na-egosi sọftụwia ngosi dabere na STSElib middleware.

Nyocha
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for example maka egwuregwu, ngwa mkpanaka ma ọ bụ ihe oriri, bụ otu ihe ahụ.
Maka ebumnuche ngosi, ndị ọbịa mpaghara na ndị dịpụrụ adịpụ bụ otu ngwaọrụ ebe a.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Mmakọ (Nnyekwa igodo nnabata)
Nke a koodu example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code exampa ga-egburịrị nke ọma tupu emee koodu ndị a examples.

Usoro iwu

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    Ọrụ a na-eme naanị ma ọ bụrụ na oghere igodo envelopu mpaghara STSAFE-A110 enwebeghịrị mmadụ.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Ntọala igodo ( igodo Symmetric AES-128 CMAC)
Ngosipụta a na-egosi ọnọdụ ebe etinyere ngwaọrụ STSAFE-A110 na ngwaọrụ (dị ka ngwaọrụ IoT), nke na-ekwurịta okwu na ihe nkesa dịpụrụ adịpụ, ma chọọ ịmepụta ọwa echekwara iji gbanwee data na ya.
Na nke a exampOtú ọ dị, ngwaọrụ STM32 na-arụ ọrụ nke ma ihe nkesa dịpụrụ adịpụ (onye na-elekọta anya) na onye na-elekọta obodo nke ejikọrọ na ngwaọrụ STSAFE-A110.
Ebumnuche nke ikpe a bụ igosi otu esi ewepụta nzuzo nzuzo n'etiti onye na-elekọta obodo na ihe nkesa dịpụrụ adịpụ site na iji elliptical curve Diffie-Hellman atụmatụ nwere igodo static (ECDH) ma ọ bụ ephemeral (ECDHE) na STSAFE-A110.
Ekwesịrị ị nwetakwu ihe nzuzo a na-ekekọrịta na otu igodo ọrụ ma ọ bụ karịa (anaghị egosipụta ya ebe a). Enwere ike iji igodo ọrụ ndị a na usoro nkwukọrịta dị ka TLS, maka example maka ichedo nzuzo, iguzosi ike n'ezi ihe na eziokwu nke data a na-agbanwe n'etiti onye na-elekọta obodo na ihe nkesa dịpụrụ adịpụ.

Usoro iwu
Ọgụgụ 4. Igodo iwu nguzobe iwu na-egosi usoro iwu a:

  • A na-edobe igodo nzuzo nke onye ọbịa na nke ọha na koodu example.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • STSAFE-A110/STSAFE-A120 na-ezigaghachi ihe nzuzo onye ọbịa obodo na STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Kechie/ịkpọghee envelopu mpaghara

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Ọgbọ ụzọ abụọ igodo
Ngosipụta a na-egosi usoro iwu ebe etinyere ngwaọrụ STSAFE-A110/STSAFE-A120 na ndị ọbịa mpaghara. Onye ọbịa dịpụrụ adịpụ na-arịọ ndị ọbịa mpaghara a ka ha wepụta ụzọ ụzọ igodo ( igodo nzuzo na igodo ọha) na oghere 1 wee bịanye aka na ịma aka (nọmba enweghị usoro) jiri igodo nzuzo emepụtara.
Onye ọbịa nke dịpụrụ adịpụ na-enwe ike iji igodo ọha emepụtara nyochaa mbinye aka.
Ngosipụta a yiri ihe ngosi nkwenye nwere ọdịiche abụọ:

  • Isi ụzọ abụọ dị na ngosipụta nyocha ewepụtalarị (na oghere 0), ebe, na example, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Usoro iwu
Maka ebumnuche ngosi, ndị ọbịa mpaghara na ndị dịpụrụ adịpụ bụ otu ngwaọrụ ebe a.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Nkọwa okwu

Mbiri Pụtara
AES Ọkọlọtọ nzuzo dị elu
ANSI American National Standards Institute
API Ngwa mmemme interface
BSP ngwugwu nkwado osisi
CA ikike asambodo
CC Ụkpụrụ ndị nkịtị
C-MAC Koodu njirimara ozi iwu
ECC Elliptic curve cryptography
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
EWARM IAR Embedded Workbench® for Arm®
HAL oyi akwa abstraction ngwaike
I/O Ntinye/mmepụta
Ụlọ ọrụ IAR Systems® World leader in software tools and services for embedded systems development.
IDE gburugburu mmepe agbakwunyere. Ngwa ngwanrọ na-enye akụrụngwa zuru oke maka ndị mmemme kọmputa maka mmepe ngwanrọ.
IoT Ịntanetị ihe
I²C sekit jikọrọ ọnụ (IIC)
LL Ndị ọkwọ ụgbọ ala dị ala
MAC Koodu njirimara ozi
MCU Igwe njikwa microcontroller
MDK-ARM Keil® microcontroller development kit for Arm®
MPU Ngalaba nchekwa ebe nchekwa
NVM Ebe nchekwa na-adịghị agbanwe agbanwe
OS Sistemụ nrụọrụ
SE Ihe echedoro
SHA Secure Hash algọridim
SLA Nkwekọrịta ikike ngwanrọ
ST STMicroelectronics
TLS Nchekwa oyi akwa Transport
USB Ụgbọ ala Serial Universal

Akụkọ ngbanwe

Ụbọchị Ndozigharị Mgbanwe
23-June-2025 1 Ntọhapụ mbụ.

ỌMỤMỤ dị mkpa – Gụọ nke ọma

  • STMicroelectronics NV na ndị enyemaka ya (“ST”) debere ikike ime mgbanwe, ndozi, nkwalite, mgbanwe na nkwalite ngwaahịa ST na/ma ọ bụ akwụkwọ a n'oge ọ bụla na-enweghị ọkwa. Ndị na-azụ ahịa kwesịrị ịnweta ozi kacha ọhụrụ dị mkpa na ngwaahịa ST tupu ha etinye iwu. A na-ere ngwaahịa ST dabere na usoro na ọnọdụ ọrịre nke ST n'oge nnabata.
  • Ndị na-azụ ahịa bụ naanị maka nhọrọ, nhọrọ, na ojiji nke ngwaahịa ST yana ST anaghị ewere ụgwọ ọ bụla maka enyemaka ngwa ma ọ bụ imepụta ngwaahịa ndị zụrụ ya.
  • Enweghị ikike, ekwupụtara ma ọ bụ egosipụtara, ikike ikike ọgụgụ isi ọ bụla nke ST nyere n'ime ebe a.
  • Mweghachi nke ngwaahịa ST nwere ndokwa dị iche na ozi e depụtara n'ime ya ga-emebi akwụkwọ ikike ọ bụla ST nyere maka ụdị ngwaahịa a.
  • ST na akara ST bụ ụghalaahịa nke ST. Maka ozi ndị ọzọ gbasara ụghalaahịa ST, rụtụ aka www.st.com/trademarks. Ngwaahịa ma ọ bụ aha ọrụ ndị ọzọ bụ ihe onwunwe nke ndị nwe ha.
  • Ozi dị n'ime akwụkwọ a nọchiri ma dochie ozi enyere na mbụ na ụdị akwụkwọ a mbụ.
  • © 2025 STMicroelectronics – Ikike niile echekwabara

Akwụkwọ / akụrụngwa

Ngwungwu ngwanrọ ST X-CUBE-STSE01 [pdf] Akwụkwọ ntuziaka onye ọrụ
Ngwungwu ngwanrọ X-CUBE-STSE01, ngwugwu ngwanrọ, ngwanrọ

Ntụaka

Hapụ ikwu

Agaghị ebipụta adreesị ozi-e gị. Akara mpaghara achọrọ akara *