本帖最后由 南来之风 于 2024-7-20 15:51 编辑
一、什么是AES?高级加密标准AES (Advanced Encryption Standard)是全球通用的对称密钥加密标准。它包括三种分组密码:AES-128(128位密钥)、AES-192(192位密钥)和AES-256(256位密钥)。
AES算法对硬件友好,速度快,占用资源少。它的工作原理是乘积密码,并且是分组密码,这意味着它对固定长度为128位(16字节)的数据块进行操作。输入块称为明文,加密后的输出称为密文(也是128位)。使用第二个输入(密钥)来控制精确的转换。解密与加密类似,解密算法接收128位的密文块和密钥作为输入,生成原始的128位明文块。
本次实验中用到的两种加解密算法分别是AES CTR, AES CLB.
CTR加密原理:用密钥对输入的计数器加密,然后同明文异或得到密文。解密原理:用密钥对输入计数器加密,然后同密文异或得到明文。
CTR不需要Padding,而且采用了流密钥方式加解密,适合于并行运算,CTR涉及参量:Nounce随机数、Counter计数器和密钥。Nounce随机数和Counter计数器整 体可看作计数器,因为只要算法约定好,就可以回避掉串行化运算。
- CFB模式:Cipher FeedBack mode(密文反馈模式)
二、在英飞凌硬件上体验AES硬件加解密
cyw28029的security组件包含了多种不同的硬件加解密模块,方便不同的应用场合和安全需求。其中CPU子系统提供256K RAM、用于外部闪存的XIP接口,以及包括CAN在内的丰富外设组合,以支持各种应用。内置的安全功能包括安全启动、安全执行环境、真随机数生成器(TRNG)、基于eFuse的特定密钥和密码操作硬件加速技术等。本次使用参考例程:AES_CRYPTOLITE。
1.编程完成后,应用程序自动启动。确认UART终端显示如下:
图1所示。程序启动时的终端输出
2.读取用户的输入消息,如果超过MAX_MESSAGE_SIZE限制,则提示用户输入在限制范围内的新消息。
1.输入'1'使用AES CTR模式,输入'2'使用AES CFB模式。然后,使用各自的AES模式进行加密和解密,并在UART终端上显示结果。
图2。终端输出要求输入为AES CTR模式或AES CFB模式
AES CTR加解密算法:/*******************************************************************************
* Function Name: encrypt_message_cfb
********************************************************************************
* Summary: Function used to encrypt the message through ctr mode.
*
* Parameters:
* char * message - pointer to the message to be encrypted
* uint8_t size - size of message to be encrypted.
*
* Return:
* void
*
*******************************************************************************/
void encrypt_message_ctr(uint8_t* message, uint8_t size)
{
uint32_t srcOffset;
cy_stc_cryptolite_aes_state_t aes_state;
cy_stc_cryptolite_aes_buffers_t aesBuffers;
uint8_t aes_block_count = 0;
cy_en_cryptolite_status_t res;
void* result;
aes_block_count = (size % AES128_ENCRYPTION_LENGTH == 0) ?
(size / AES128_ENCRYPTION_LENGTH)
: (1 + size / AES128_ENCRYPTION_LENGTH);
/* Initializes the AES operation by setting key and key length */
res = Cy_Cryptolite_Aes_Init(CRYPTOLITE, aes_key, &aes_state, &aesBuffers);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
srcOffset = 0;
result = memcpy(AesCtrIV_copied, AesCtrIV, sizeof(AesCtrIV));
if(result == NULL)
{
perror("Memory failed\r\n");
}
res = Cy_Cryptolite_Aes_Ctr( CRYPTOLITE,
aes_block_count * AES128_ENCRYPTION_LENGTH,
&srcOffset,
AesCtrIV_copied,
encrypted_msg,
message,
&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
res = Cy_Cryptolite_Aes_Free(CRYPTOLITE,&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
printf("\r\nResult of Encryption:\r\n");
print_data((uint8_t*) encrypted_msg,
aes_block_count * AES128_ENCRYPTION_LENGTH );
}
/*******************************************************************************
* Function Name: decrypt_message
********************************************************************************
* Summary: Function used to decrypt the message for ctr mode.
*
* Parameters:
* char * message - pointer to the message to be decrypted
* uint8_t size - size of message to be decrypted.
*
* Return:
* void
*
*******************************************************************************/
void decrypt_message_ctr(uint8_t* message, uint8_t size)
{
uint32_t srcOffset;
cy_stc_cryptolite_aes_state_t aes_state;
cy_stc_cryptolite_aes_buffers_t aesBuffers;
uint8_t aes_block_count = 0;
cy_en_cryptolite_status_t res;
void* result;
aes_block_count = (size % AES128_ENCRYPTION_LENGTH == 0) ?
(size / AES128_ENCRYPTION_LENGTH)
: (1 + size / AES128_ENCRYPTION_LENGTH);
/* Initializes the AES operation by setting key and key length */
res = Cy_Cryptolite_Aes_Init(CRYPTOLITE, aes_key, &aes_state, &aesBuffers);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
srcOffset = 0;
/* Start decryption operation*/
result = memcpy(AesCtrIV_copied, AesCtrIV, sizeof(AesCtrIV));
if(result == NULL)
{
perror("Memory failed\r\n");
}
res = Cy_Cryptolite_Aes_Ctr( CRYPTOLITE,
aes_block_count * AES128_ENCRYPTION_LENGTH,
&srcOffset,
AesCtrIV_copied,
decrypted_msg,
encrypted_msg,
&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
res = Cy_Cryptolite_Aes_Free(CRYPTOLITE,&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
decrypted_msg[size]='\0';
/* Print the decrypted message on the UART terminal */
printf("\r\nResult of Decryption:\r\n\n");
printf("%s", decrypted_msg);
}
图3。终端输出显示AES CTR模式加解密
AES CFB加解密代码:
/*******************************************************************************
* Function Name: encrypt_message_cfb
********************************************************************************
* Summary: Function used to encrypt the message through cfb mode.
*
* Parameters:
* char * message - pointer to the message to be encrypted
* uint8_t size - size of message to be encrypted.
*
* Return:
* void
*
*******************************************************************************/
void encrypt_message_cfb(uint8_t* message, uint8_t size)
{
cy_stc_cryptolite_aes_state_t aes_state;
cy_stc_cryptolite_aes_buffers_t aesBuffers;
uint8_t aes_block_count = 0;
cy_en_cryptolite_status_t res;
void* result;
aes_block_count = (size % AES128_ENCRYPTION_LENGTH == 0) ?
(size / AES128_ENCRYPTION_LENGTH)
: (1 + size / AES128_ENCRYPTION_LENGTH);
/* Initializes the AES operation by setting key and key length */
res = Cy_Cryptolite_Aes_Init(CRYPTOLITE, aes_key, &aes_state, &aesBuffers);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
result = memcpy(AesCfbIV_copied, AesCfbIV, sizeof(AesCfbIV));
if(result == NULL)
{
perror("Memory failed\r\n");
}
res = Cy_Cryptolite_Aes_Cfb( CRYPTOLITE,
CY_CRYPTOLITE_ENCRYPT,
aes_block_count * AES128_ENCRYPTION_LENGTH,
AesCfbIV_copied,
encrypted_msg,
message,
&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
res = Cy_Cryptolite_Aes_Free(CRYPTOLITE,&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
printf("\r\nResult of Encryption:\r\n");
print_data((uint8_t*) encrypted_msg,
aes_block_count * AES128_ENCRYPTION_LENGTH );
}
/*******************************************************************************
* Function Name: decrypt_message
********************************************************************************
* Summary: Function used to decrypt the message for cfb mode.
*
* Parameters:
* char * message - pointer to the message to be decrypted
* uint8_t size - size of message to be decrypted.
*
* Return:
* void
*
*******************************************************************************/
void decrypt_message_cfb(uint8_t* message, uint8_t size)
{
cy_stc_cryptolite_aes_state_t aes_state;
cy_stc_cryptolite_aes_buffers_t aesBuffers;
uint8_t aes_block_count = 0;
cy_en_cryptolite_status_t res;
void* result;
aes_block_count = (size % AES128_ENCRYPTION_LENGTH == 0) ?
(size / AES128_ENCRYPTION_LENGTH)
: (1 + size / AES128_ENCRYPTION_LENGTH);
/* Initializes the AES operation by setting key and key length */
res = Cy_Cryptolite_Aes_Init(CRYPTOLITE, aes_key, &aes_state, &aesBuffers);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
/* Start decryption operation*/
result = memcpy(AesCfbIV_copied, AesCfbIV, sizeof(AesCfbIV));
if(result == NULL)
{
perror("Memory failed\r\n");
}
res = Cy_Cryptolite_Aes_Cfb(CRYPTOLITE,
CY_CRYPTOLITE_DECRYPT,
aes_block_count * AES128_ENCRYPTION_LENGTH,
AesCfbIV_copied,
decrypted_msg,
encrypted_msg,
&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
res = Cy_Cryptolite_Aes_Free(CRYPTOLITE,&aes_state);
if(res!=CY_CRYPTOLITE_SUCCESS)
{
CY_ASSERT(0);
}
decrypted_msg[size]='\0';
/* Print the decrypted message on the UART terminal */
printf("\r\nResult of Decryption:\r\n\n");
printf("%s", decrypted_msg);
}
图4。终端输出显示AES CFB模式加解密
总结:
英飞凌CYW20829芯片不仅提供了卓越的硬件加解密模块,还提供了ModusToolbox软件生态,功能完善的BSP等软件资源,可以大大简化硬件加解密的设计的同时满足高标准的安全需求。
|
此文章已获得独家原创/原创奖标签,著作权归21ic所有,未经允许禁止转载。
 共1人点赞
|
楼主
标题置顶
标题高亮
