21ic电子技术开发论坛 单片机与嵌入式系统 ST MCU 【STM32L562 DK试用】AES加密
返回列表 发新帖我要提问

[STM32L5] 【STM32L562 DK试用】AES加密

[复制链接]
 楼主| lishuihua 发表于 2025-3-8 11:34 | 显示全部楼层 |阅读模式
<
stm32l5, AES加密, ck, TE, DA, AC
本帖最后由 lishuihua 于 2025-3-8 11:31 编辑

AES有五种工作模式:


1. 电码本模式(Electronic Codebook Book (ECB))
4924567cb07954d292.png


2.密码分组链接模式(Cipher Block Chaining (CBC)
6259467cb07a41cf41.png


3.计算器模式(Counter (CTR))
4402867cb07b7cf5c7.png


4.密码反馈模式(Cipher FeedBack (CFB))
7409467cb07c97226c.png


5.输出反馈模式(Output FeedBack (OFB))
5507867cb07d5c1610.png
STM32L5是一颗主打低功耗和安全应用的MCU,它的安全特性,从各个方面都比以往的STM32系列有了进一步提高。

- 它支持安全启动,这是信任链的可靠锚点:bootlock可以保证启动的唯一入口,HDP可以将用户闪存的一部分隐藏起来,通常是复位后运行的安全启动代码,使得其对后面的用户应用程序不可见。

本次在STM32L5上面体验其中的前三种。主要涉及明文加密,加密数据比对,解密等。

plaintext即待加密文本:
复制
  1. /* Plaintext */
    

  2. uint32_t aPlaintextECB[AES_TEXT_SIZE] =
    

  3.                         {0x6BC1BEE2 ,0x2E409F96 ,0xE93D7E11 ,0x7393172A ,
    

  4.                          0xAE2D8A57 ,0x1E03AC9C ,0x9EB76FAC ,0x45AF8E51 ,
    

  5.                          0x30C81C46 ,0xA35CE411 ,0xE5FBC119 ,0x1A0A52EF ,
    

  6.                          0xF69F2445 ,0xDF4F9B17 ,0xAD2B417B ,0xE66C3710};
    


  7. 

  8. uint32_t aPlaintextCBC[AES_TEXT_SIZE] =
    

  9.                          {0xE2BEC16B ,0x969F402E ,0x117E3DE9 ,0x2A179373 ,
    

  10.                           0x578A2DAE ,0x9CAC031E ,0xAC6FB79E ,0x518EAF45 ,
    

  11.                           0x461CC830 ,0x11E45CA3 ,0x19C1FBE5 ,0xEF520A1A ,
    

  12.                           0x45249FF6 ,0x179B4FDF ,0x7B412BAD ,0x10376CE6};
    


  13. 

  14. uint32_t aPlaintextCTR[AES_TEXT_SIZE] =
    

  15.                          {0x477D83D6 ,0x69F90274 ,0x887EBC97 ,0x54E8C9CE ,
    

  16.                           0xEA51B475 ,0x3935C078 ,0x35F6ED79 ,0x8A71F5A2 ,
    

  17.                           0x6238130C ,0x88273AC5 ,0x9883DFA7 ,0xF74A5058,
    

  18.                           0xA224F96F ,0xE8D9F2FB ,0xDE82D4B5 ,0x08EC3667};


串口初始化:
复制
  1.   /* Configure COM port */
    

  2.   COM_Init.BaudRate   = 115200;
    

  3.   COM_Init.WordLength = COM_WORDLENGTH_8B;
    

  4.   COM_Init.StopBits   = COM_STOPBITS_1;
    

  5.   COM_Init.Parity     = COM_PARITY_NONE;
    

  6.   COM_Init.HwFlowCtl  = COM_HWCONTROL_NONE;
    

  7.   if (BSP_COM_Init(COM1, &COM_Init) != BSP_ERROR_NONE)
    

  8.   {
    

  9.     Error_Handler();
    

  10.   }


初始化AES模块:
复制
  1. static void MX_AES_Init(void)
    

  2. {
    


  3. 

  4.   /* USER CODE BEGIN AES_Init 0 */
    


  5. 

  6.   /* USER CODE END AES_Init 0 */
    


  7. 

  8.   /* USER CODE BEGIN AES_Init 1 */
    


  9. 

  10.   /* USER CODE END AES_Init 1 */
    

  11.   hcryp.Instance = AES;
    

  12.   hcryp.Init.DataType = CRYP_DATATYPE_32B;
    

  13.   hcryp.Init.KeySize = CRYP_KEYSIZE_128B;
    

  14.   hcryp.Init.pKey = (uint32_t *)pKeyAES;
    

  15.   hcryp.Init.Algorithm = CRYP_AES_ECB;
    

  16.   hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_WORD;
    

  17.   hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
    

  18.   if (HAL_CRYP_Init(&hcryp) != HAL_OK)
    

  19.   {
    

  20.     Error_Handler();
    

  21.   }
    

  22.   /* USER CODE BEGIN AES_Init 2 */
    


  23. 

  24.   /* USER CODE END AES_Init 2 */
    


  25. 

  26. }
调用HAL API进行数据加密:
复制
  1.   /*****************  AES 128   ****************/
    

  2.   /* Start encrypting aPlaintextECB, the cypher data is available in aEncryptedtext */
    

  3.   if (HAL_CRYP_Encrypt(&hcryp, aPlaintextECB, AES_TEXT_SIZE, aEncryptedtext, TIMEOUT_VALUE) == HAL_OK)
    

  4.   {
    

  5.     /* Display encrypted Data */
    

  6.     Display_EncryptedData(ECB, 128, AES_TEXT_SIZE);
    

  7.   }
    

  8.   else
    

  9.   {
    

  10.     /* Processing Error */
    

  11.     Error_Handler();
    

  12.   }


与预期结果相比较:
复制
  1. static void data_cmp(uint32_t *EncryptedText, uint32_t *RefText, uint8_t Size)
    

  2. {
    

  3.   /*  Before starting a new process, you need to check the current state of the peripheral; 
    

  4.       if it�s busy you need to wait for the end of current transfer before starting a new one.
    

  5.       For simplicity reasons, this example is just waiting till the end of the 
    

  6.       process, but application may perform other tasks while transfer operation
    

  7.       is ongoing. */ 
    

  8.   while (HAL_CRYP_GetState(&hcryp) != HAL_CRYP_STATE_READY)
    

  9.   {
    

  10.   }
    

  11.   
    

  12.   /*##-3- Check the encrypted text with the expected one #####################*/
    

  13.   if(memcmp(EncryptedText, RefText, Size) != 0)
    

  14.   {
    

  15.     Error_Handler();
    

  16.   }
    

  17.   else
    

  18.   {
    

  19.     /* Right encryption */
    

  20.   }
    

  21. }


实物串口结果输出:
复制
  1. =============================================================
    

  2.  ================= Crypt Using HW Crypto  ====================
    

  3.  =============================================================
    

  4.  -----------------------------------------------
    

  5.  Plain Data (Input data for AES ECB encryption):
    

  6.  -----------------------------------------------
    

  7. [0xE2][0xBE][0xC1][0x6B][0x96][0x9F][0x40][0x2E][0x11][0x7E][0x3D][0xE9][0x2A][0x17][0x93][0x73]  Block 0 
    

  8. [0x57][0x8A][0x2D][0xAE][0x9C][0xAC][0x03][0x1E][0xAC][0x6F][0xB7][0x9E][0x51][0x8E][0xAF][0x45]  Block 1 
    

  9. [0x46][0x1C][0xC8][0x30][0x11][0xE4][0x5C][0xA3][0x19][0xC1][0xFB][0xE5][0xEF][0x52][0x0A][0x1A]  Block 2 
    

  10. [0x45][0x24][0x9F][0xF6][0x17][0x9B][0x4F][0xDF][0x7B][0x41][0x2B][0xAD][0x10][0x37][0x6C][0xE6]  Block 3 
    


  11. 

  12.  =============================================================
    

  13.  ------------------------------------------------
    

  14.  Cypher Data (Input data for AES 128 decryption):
    

  15.  ------------------------------------------------
    

  16. [0xB4][0x7B][0xD7][0x3A][0x60][0x36][0x7A][0x0D][0xF3][0xCA][0x9E][0xA8][0x97][0xEF][0x66][0x24]  Block 0 
    

  17. [0x85][0xD5][0xD3][0xF5][0x9D][0x69][0xB9][0x03][0x5A][0x89][0x85][0xE7][0xAF][0xBA][0xFD][0x96]  Block 1 
    

  18. [0x7F][0xCD][0xB1][0x43][0x23][0xCE][0x8E][0x59][0xE3][0x00][0x1B][0x88][0x88][0x06][0x03][0xED]  Block 2 
    

  19. [0x5E][0x78][0x0C][0x7B][0x3F][0xAD][0xE8][0x27][0x71][0x20][0x23][0x82][0xD4][0x5D][0x72][0x04]  Block 3 
    


  20. 

  21.  =======================================
    

  22.  Encrypted Data with AES 128  Mode  ECB
    

  23.  ---------------------------------------
    

  24. [0xB4][0x7B][0xD7][0x3A][0x60][0x36][0x7A][0x0D][0xF3][0xCA][0x9E][0xA8][0x97][0xEF][0x66][0x24]  Block 0 
    

  25. [0x85][0xD5][0xD3][0xF5][0x9D][0x69][0xB9][0x03][0x5A][0x89][0x85][0xE7][0xAF][0xBA][0xFD][0x96]  Block 1 
    

  26. [0x7F][0xCD][0xB1][0x43][0x23][0xCE][0x8E][0x59][0xE3][0x00][0x1B][0x88][0x88][0x06][0x03][0xED]  Block 2 
    

  27. [0x5E][0x78][0x0C][0x7B][0x3F][0xAD][0xE8][0x27][0x71][0x20][0x23][0x82][0xD4][0x5D][0x72][0x04]  Block 3 
    


  28. 

  29.  =======================================
    

  30.  Encrypted Data with AES 256  Mode  ECB
    

  31.  ---------------------------------------
    

  32. [0xBD][0xD1][0xEE][0xF3][0x3C][0xA0][0xD2][0xB5][0x7E][0x5A][0x4B][0x06][0xF8][0x81][0xB1][0x3D]  Block 0 
    

  33. [0x10][0xCB][0x1C][0x59][0x26][0xED][0x10][0xD4][0x4A][0xA7][0x5B][0xDC][0x70][0x28][0x36][0x31]  Block 1 
    

  34. [0xB9][0x21][0xED][0xB6][0xF9][0xF4][0xA6][0x9C][0xB1][0xE7][0x53][0xF1][0x1D][0xED][0xAF][0xBE]  Block 2 
    

  35. [0x7A][0x4B][0x30][0x23][0xFF][0xF3][0xF9][0x39][0x8F][0x8D][0x7D][0x06][0xC7][0xEC][0x24][0x9E]  Block 3 
    


  36. 

  37.  =======================================
    

  38.  Decrypted Data with AES 128  Mode  ECB
    

  39.  ---------------------------------------
    

  40. [0xE2][0xBE][0xC1][0x6B][0x96][0x9F][0x40][0x2E][0x11][0x7E][0x3D][0xE9][0x2A][0x17][0x93][0x73]  Block 0 
    

  41. [0x57][0x8A][0x2D][0xAE][0x9C][0xAC][0x03][0x1E][0xAC][0x6F][0xB7][0x9E][0x51][0x8E][0xAF][0x45]  Block 1 
    

  42. [0x46][0x1C][0xC8][0x30][0x11][0xE4][0x5C][0xA3][0x19][0xC1][0xFB][0xE5][0xEF][0x52][0x0A][0x1A]  Block 2 
    

  43. [0x45][0x24][0x9F][0xF6][0x17][0x9B][0x4F][0xDF][0x7B][0x41][0x2B][0xAD][0x10][0x37][0x6C][0xE6]  Block 3 
    


  44. 

  45.  =======================================
    

  46.  Decrypted Data with AES 256  Mode  ECB
    

  47.  ---------------------------------------
    

  48. [0xE2][0xBE][0xC1][0x6B][0x96][0x9F][0x40][0x2E][0x11][0x7E][0x3D][0xE9][0x2A][0x17][0x93][0x73]  Block 0 
    

  49. [0x57][0x8A][0x2D][0xAE][0x9C][0xAC][0x03][0x1E][0xAC][0x6F][0xB7][0x9E][0x51][0x8E][0xAF][0x45]  Block 1 
    

  50. [0x46][0x1C][0xC8][0x30][0x11][0xE4][0x5C][0xA3][0x19][0xC1][0xFB][0xE5][0xEF][0x52][0x0A][0x1A]  Block 2 
    

  51. [0x45][0x24][0x9F][0xF6][0x17][0x9B][0x4F][0xDF][0x7B][0x41][0x2B][0xAD][0x10][0x37][0x6C][0xE6]  Block 3 
    


  52. 

  53.  =======================================
    

  54.  Encrypted Data with AES 128  Mode  CBC
    

  55.  ---------------------------------------
    

  56. [0x76][0x49][0xAB][0xAC][0x81][0x19][0xB2][0x46][0xCE][0xE9][0x8E][0x9B][0x12][0xE9][0x19][0x7D]  Block 0 
    

  57. [0x50][0x86][0xCB][0x9B][0x50][0x72][0x19][0xEE][0x95][0xDB][0x11][0x3A][0x91][0x76][0x78][0xB2]  Block 1 
    

  58. [0x73][0xBE][0xD6][0xB8][0xE3][0xC1][0x74][0x3B][0x71][0x16][0xE6][0x9E][0x22][0x22][0x95][0x16]  Block 2 
    

  59. [0x3F][0xF1][0xCA][0xA1][0x68][0x1F][0xAC][0x09][0x12][0x0E][0xCA][0x30][0x75][0x86][0xE1][0xA7]  Block 3 
    


  60. 

  61.  =======================================
    

  62.  Encrypted Data with AES 256  Mode  CBC
    

  63.  ---------------------------------------
    

  64. [0xF5][0x8C][0x4C][0x04][0xD6][0xE5][0xF1][0xBA][0x77][0x9E][0xAB][0xFB][0x5F][0x7B][0xFB][0xD6]  Block 0 
    

  65. [0x9C][0xFC][0x4E][0x96][0x7E][0xDB][0x80][0x8D][0x67][0x9F][0x77][0x7B][0xC6][0x70][0x2C][0x7D]  Block 1 
    

  66. [0x39][0xF2][0x33][0x69][0xA9][0xD9][0xBA][0xCF][0xA5][0x30][0xE2][0x63][0x04][0x23][0x14][0x61]  Block 2 
    

  67. [0xB2][0xEB][0x05][0xE2][0xC3][0x9B][0xE9][0xFC][0xDA][0x6C][0x19][0x07][0x8C][0x6A][0x9D][0x1B]  Block 3 
    


  68. 

  69.  =======================================
    

  70.  Decrypted Data with AES 128  Mode  CBC
    

  71.  ---------------------------------------
    

  72. [0x6B][0xC1][0xBE][0xE2][0x2E][0x40][0x9F][0x96][0xE9][0x3D][0x7E][0x11][0x73][0x93][0x17][0x2A]  Block 0 
    

  73. [0xAE][0x2D][0x8A][0x57][0x1E][0x03][0xAC][0x9C][0x9E][0xB7][0x6F][0xAC][0x45][0xAF][0x8E][0x51]  Block 1 
    

  74. [0x30][0xC8][0x1C][0x46][0xA3][0x5C][0xE4][0x11][0xE5][0xFB][0xC1][0x19][0x1A][0x0A][0x52][0xEF]  Block 2 
    

  75. [0xF6][0x9F][0x24][0x45][0xDF][0x4F][0x9B][0x17][0xAD][0x2B][0x41][0x7B][0xE6][0x6C][0x37][0x10]  Block 3 
    


  76. 

  77.  =======================================
    

  78.  Decrypted Data with AES 256  Mode  CBC
    

  79.  ---------------------------------------
    

  80. [0x6B][0xC1][0xBE][0xE2][0x2E][0x40][0x9F][0x96][0xE9][0x3D][0x7E][0x11][0x73][0x93][0x17][0x2A]  Block 0 
    

  81. [0xAE][0x2D][0x8A][0x57][0x1E][0x03][0xAC][0x9C][0x9E][0xB7][0x6F][0xAC][0x45][0xAF][0x8E][0x51]  Block 1 
    

  82. [0x30][0xC8][0x1C][0x46][0xA3][0x5C][0xE4][0x11][0xE5][0xFB][0xC1][0x19][0x1A][0x0A][0x52][0xEF]  Block 2 
    

  83. [0xF6][0x9F][0x24][0x45][0xDF][0x4F][0x9B][0x17][0xAD][0x2B][0x41][0x7B][0xE6][0x6C][0x37][0x10]  Block 3 
    


  84. 

  85.  =======================================
    

  86.  Encrypted Data with AES 128  Mode  CTR
    

  87.  ---------------------------------------
    

  88. [0xE1][0xB2][0x86][0x89][0x6D][0x04][0xC7][0x64][0xD8][0xF7][0x16][0x26][0x99][0xB0][0x6D][0x73]  Block 0 
    

  89. [0x19][0x60][0x6F][0xD6][0x9E][0x0E][0xBF][0xFF][0x61][0xE8][0x18][0xDE][0x9D][0xFF][0xBF][0xFF]  Block 1 
    

  90. [0x5A][0x27][0xFB][0x7C][0xDB][0xAB][0xCB][0x7A][0xDA][0xF2][0x90][0x40][0xB0][0x0D][0x7C][0xD5]  Block 2 
    

  91. [0x78][0xC0][0xB8][0x5B][0xF4][0x7D][0xC0][0x8B][0x9E][0x84][0x0E][0x05][0xCF][0x00][0x39][0x77]  Block 3 
    


  92. 

  93.  =======================================
    

  94.  Encrypted Data with AES 256  Mode  CTR
    

  95.  ---------------------------------------
    

  96. [0x06][0x78][0xC3][0xC8][0xEE][0xEA][0x91][0xA5][0xED][0xE5][0xAF][0x20][0xDD][0xCF][0x4B][0x14]  Block 0 
    

  97. [0x2F][0xC2][0xC7][0x53][0xB2][0x46][0xAD][0x59][0x53][0x21][0x97][0x09][0x53][0x53][0xAF][0xA3]  Block 1 
    

  98. [0xD4][0x90][0x0C][0x5B][0x45][0xBC][0x97][0x32][0x17][0x0E][0xE8][0x5D][0xB4][0x21][0x19][0xB1]  Block 2 
    

  99. [0xFB][0x93][0xA3][0xB1][0x6D][0x5E][0xB5][0x65][0xC8][0x43][0xBB][0x10][0xA2][0x9E][0x82][0x65]  Block 3 
    


  100. 

  101.  =======================================
    

  102.  Decrypted Data with AES 128  Mode  CTR
    

  103.  ---------------------------------------
    

  104. [0xD6][0x83][0x7D][0x47][0x74][0x02][0xF9][0x69][0x97][0xBC][0x7E][0x88][0xCE][0xC9][0xE8][0x54]  Block 0 
    

  105. [0x75][0xB4][0x51][0xEA][0x78][0xC0][0x35][0x39][0x79][0xED][0xF6][0x35][0xA2][0xF5][0x71][0x8A]  Block 1 
    

  106. [0x0C][0x13][0x38][0x62][0xC5][0x3A][0x27][0x88][0xA7][0xDF][0x83][0x98][0x58][0x50][0x4A][0xF7]  Block 2 
    

  107. [0x6F][0xF9][0x24][0xA2][0xFB][0xF2][0xD9][0xE8][0xB5][0xD4][0x82][0xDE][0x67][0x36][0xEC][0x08]  Block 3 
    


  108. 

  109.  =======================================
    

  110.  Decrypted Data with AES 256  Mode  CTR
    

  111.  ---------------------------------------
    

  112. [0xD6][0x83][0x7D][0x47][0x74][0x02][0xF9][0x69][0x97][0xBC][0x7E][0x88][0xCE][0xC9][0xE8][0x54]  Block 0 
    

  113. [0x75][0xB4][0x51][0xEA][0x78][0xC0][0x35][0x39][0x79][0xED][0xF6][0x35][0xA2][0xF5][0x71][0x8A]  Block 1 
    

  114. [0x0C][0x13][0x38][0x62][0xC5][0x3A][0x27][0x88][0xA7][0xDF][0x83][0x98][0x58][0x50][0x4A][0xF7]  Block 2 
    

  115. [0x6F][0xF9][0x24][0xA2][0xFB][0xF2][0xD9][0xE8][0xB5][0xD4][0x82][0xDE][0x67][0x36][0xEC][0x08]  Block 3 
    

  116. ===================================================
    

  117.                                                     
    

  118.  ECB, CBC and CTR encryptions/decryptions done.
    

  119.                                                 No issue detected.








回复

举报

相关帖子
earlmax 发表于 2025-3-18 19:36 | 显示全部楼层
使用硬件加速可以提高加密和解密的速度
回复

举报

louliana 发表于 2025-3-18 19:44 | 显示全部楼层
大幅提升加密速度。              
回复

举报

benjaminka 发表于 2025-3-18 20:13 | 显示全部楼层
使用安全的随机数生成器来生成AES密钥
回复

举报

primojones 发表于 2025-3-18 20:47 | 显示全部楼层
使用强密钥,即至少128位的密钥长度。
回复

举报

ulystronglll 发表于 2025-3-18 21:02 | 显示全部楼层
通过AES-256加密密钥后再写入Flash
回复

举报

lzbf 发表于 2025-3-18 21:13 | 显示全部楼层
支持硬件AES引擎              
回复

举报

updownq 发表于 2025-3-18 21:27 | 显示全部楼层
如果使用STM32的硬件AES模块,可以显著提高加密解密的速度。
回复

举报

lihuami 发表于 2025-3-18 21:57 | 显示全部楼层
生成、存储、分发、更新全链路加密。
回复

举报

yorkbarney 发表于 2025-3-18 22:54 | 显示全部楼层
在使用AES加密时,还需要注意安全性方面的问题。例如,应避免使用简单的密钥或易于猜测的密钥;应定期更换密钥以防止密钥被**;同时,应确保加密数据的存储和传输过程中的安全性,防止数据被窃取或篡改。
回复

举报

maqianqu 发表于 2025-3-19 10:28 | 显示全部楼层
在实现AES加密时,应遵循安全编码原则,如最小特权原则、防御深度、输入验证、边界检查和错误处理等
回复

举报

jtracy3 发表于 2025-3-19 14:03 | 显示全部楼层
在使用CBC、CTR等模式时,IV的随机性和唯一性至关重要
回复

举报

bartonalfred 发表于 2025-3-19 17:35 | 显示全部楼层
将Flash设置为读保护,这样**者将不能用调试工具、内置SRAM。
回复

举报

minzisc 发表于 2025-3-20 09:46 | 显示全部楼层
可以考虑使用硬件加速器              
回复

举报

kmzuaz 发表于 2025-3-20 10:14 | 显示全部楼层
在设计加密方案时能够充分发挥硬件的优势,避免因超出硬件能力而导致的性能问题或错误。
回复

举报

ulystronglll 发表于 2025-3-20 11:25 | 显示全部楼层
为了防止硬件抄袭,可以利用每个芯片的96位唯一ID,进行一定的计算和单向加密,得到唯一的应用AppKey并保存至FLASH。
回复

举报

mattlincoln 发表于 2025-3-20 12:56 | 显示全部楼层
利用STM32的Secure Flash或SRAM安全区存储密钥,防止非法访问。
回复

举报

i1mcu 发表于 2025-3-20 14:01 | 显示全部楼层
利用STM32内置AES引擎提升性能。
回复

举报

jkl21 发表于 2025-3-20 15:29 | 显示全部楼层
避免分支预测泄露密钥信息。              
回复

举报

jtracy3 发表于 2025-3-21 14:26 | 显示全部楼层
STM32的加密函数传入的数据长度是按字计算,而mbedtls数据长度按字节计算,需要注意数据对齐和长度转换。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

lishuihua

9

主题

31

帖子

0

粉丝
快速回复 在线客服 返回列表 返回顶部