Litaba pata
1 X-CUBE-STSE01 Software Package
2 Selelekela
3 Lintlha tse akaretsang
4 Tlhaloso e akaretsang
5 Software ea lipontšo
6 Bukana ea mantsoe
7 Nalane ea ntlafatso
8 TSEBISO EA BOHLOKOA – BALA KA HLOKO
9 Litokomane / Lisebelisoa
9.1 Litšupiso

X-CUBE-LOGO

X-CUBE-STSE01 Software Package

X-CUBE-STSE-Software-Package (4)

Selelekela

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Ho kopanya.
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

Lintlha tse akaretsang

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • Arm ke letshwao la kgwebo le ngodisitsweng la Arm Limited (kapa makala a yona) ho la US le / kapa kae kapa kae.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

Ntho e sireletsehileng ea STSAFE-A1x0

STSAFE-A110 le STSAFE-A120 ke tharollo e sireletsehileng haholo e sebetsang e le ntho e sireletsehileng e fanang ka litšebeletso tsa netefatso le taolo ea data ho moamoheli oa lehae kapa ea hole. E na le tharollo e felletseng ea turnkey e nang le sistimi e sireletsehileng ea ts'ebetso e sebetsang molokong oa morao-rao oa li-microcontrollers tse sireletsehileng.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Netefatso (ea lisebelisoa tsa peripherals, IoT le USB Type-C®).
  • Sireletsehile ho theha mocha o nang le moamoheli oa hole ho kenyeletsoa ho ts'oarana ka letsoho ka har'a transport layer security (TLS).
  • Ts'ebeletso ea netefatso ea ho tekenoa (sireletsehile bootle le ntlafatso ea firmware).
  • Tlhokomelo ea tšebeliso e nang le li-counters tse sireletsehileng.
  • Ho kopanya le ho sireletsa kanale e nang le processor ea app e amohelang.
  • Ho phuthela le ho phutholla lienfelopo tsa lehae kapa tse hole.
  • Ho hlahisa li-key pair tsa on-chip.

STSecureElement Library (STSELib) tlhaloso

Karolo ena e fana ka lintlha tse mabapi le litaba tsa sephutheloana sa software ea STSELib middleware le mokhoa oa ho e sebelisa.

Tlhaloso e akaretsang

STSELib middleware ke sete ea likarolo tsa software tse etselitsoeng ho:

  • Sehokelo sa sesebelisoa sa STSAFE-A110 le STSAFE-A120 se sireletsehileng se nang le MCU.
  • kenya ts'ebeliso ea linyeoe tsa ts'ebeliso ea STSAFE-A110 le STSAFE-A120 ka ho fetesisa.
  • STSELib middleware e kenyelelitsoe ka botlalo ka har'a liphutheloana tsa software tsa ST e le karolo ea middleware ho eketsa likarolo tse sireletsehileng tsa likarolo.
  • STSELib middleware e fana ka sete e felletseng ea lits'ebetso tsa boemo bo holimo tsa Sesebelisoa sa Lenaneo la Kopo ho mohlahlami oa sistimi e kentsoeng. Middleware ena e fana ka maikutlo a kaho le tatellano ea litaelo tse hlokahalang ho netefatsa hore sesebelisoa, lisebelisoa le ts'ireletso ea brand e ka sebelisoang ho sebelisa STMicroelectronics STSAFE-Lelapa le sireletsehileng la lisebelisoa.
  • Setsi sena sa bohareng se lumella ho kopanngoa ho se nang moeli ha STSAFE-A e le 'ngoe kapa tse ngata ho tse fapaneng tse amohelang tikoloho ea MCU/MPU.
  • Sheba lintlha tsa tokollo tse fumanehang foldareng ea metso ea sephutheloana bakeng sa tlhahisoleseling mabapi le mefuta ea IDE e tšehetsoeng.

Meaho
STSELib middleware e entsoe ka li-module tse tharo tsa software joalo ka ha ho bonts'itsoe setšoantšong se ka tlase. Karolo e 'ngoe le e' ngoe e fana ka boemo bo fapaneng ba ts'ebetso ea sistimi ho moqapi oa sistimi e kentsoeng.

X-CUBE-STSE-Software-Package (2)

Palo e ka tlase e bonts'a STSELib middleware e kenyellelitsoeng ts'ebelisong e tloaelehileng ea STM32Cube, e sebetsang ho X-NUCLEO-SAFEA1 kapa X-NUCLEO-ESE01A1 boto ea katoloso e behiloeng botong ea STM32 Nucleo.

Setšoantšo sa 2. Setšoantšo sa thibelo ea kopo ea X-CUBE-STSE01

X-CUBE-STSE-Software-Package (3)

Ho fana ka lisebelisoa tse ntle ka ho fetisisa le boikemelo ba sethala, STSELib middleware ha e hokahane ka kotloloho le STM32Cube HAL, empa ka sehokelo. files kenngwa tshebetsong boemong ba kopo

  • Lera la Application Programming Interface (API).
    Lenaneo lena la software ke ntlha ea ho kena bakeng sa ts'ebeliso ea sistimi. E fana ka sete ea mesebetsi ea boemo bo holimo e lumellang ho sebelisana le STMicroelectronics Secure Elements. The Api layer e fana ka ts'ebeliso bakeng sa ts'ebeliso e fapaneng joalo ka Tsamaiso e Sireletsehileng ea Element, netefatso, polokelo ea data, taolo ea senotlolo.
  • Sebaka sa tšebeletso
    Setlamo sa SERVICE se fana ka sehlopha sa lits'ebeletso tsa sehlahisoa tse fomatang litaelo tsohle tse tšehetsoeng ke karolo e sireletsehileng e lebeletsoeng le ho tlaleha likarabo ho API/Application. Lera lena le ka sebelisoa ka kotloloho ho tsoa ho Kopo (bakeng sa mosebelisi ea tsoetseng pele).
  • Lera la mantlha
    E na le litlhaloso tse akaretsang tsa ST Secure Element le mesebetsi ea ho buisana le ntho e sireletsehileng ea sepheo.
    Core layer e sebetsana le moralo oa melaetsa hape e fana ka tlhaloso ea sethala bakeng sa likarolo tse ka holimo.

Sebopeho sa foldara
Setšoantšo se ka tlase se hlahisa sebopeho sa foldara ea X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Software ea lipontšo

Karolo ena e bonts'a software ea pontšo e thehiloeng ho STSELib middleware.

Netefatso
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for example bakeng sa lipapali, lisebelisoa tsa mohala kapa lisebelisoa, li tšoana hantle.
Bakeng sa lipontšo, batho ba haufi le ba hole le ba bang ke lisebelisoa tse tšoanang mona.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Ho kopanya (Ho fana ka lintlha tsa Moamoheli)
Khoutu ena example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code exampe tlameha ho phethwa ka katleho pele o etsa khoutu e latelang examples.

Phallo ea taelo

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    Ts'ebetso ena e etsahala ha feela sekotjana sa senotlolo sa STSAFE-A110 sa sebakeng sa enfelopo se se se se se na le batho.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Ho theha senotlolo (Symmetric key AES-128 CMAC)
Pontšo ena e bontša boemo boo sesebelisoa sa STSAFE-A110 se kentsoeng sesebelisoa (joaloka sesebelisoa sa IoT), se buisanang le seva se hole, 'me se hloka ho theha mocha o sireletsehileng oa ho fapanyetsana data le ona.
Ho sena mohlalaample, sesebelisoa sa STM32 se bapala karolo ea seva e hole (moamoheli o hole) le moamoheli oa lehae ea hokahaneng le sesebelisoa sa STSAFE-A110.
Sepheo sa nyeoe ena ke ho bontša mokhoa oa ho theha sephiri se arolelanoang pakeng tsa moamoheli oa lehae le seva se hole ho sebelisa elliptic curve Diffie-Hellman scheme ka senotlolo sa static (ECDH) kapa ephemeral (ECDHE) ho STSAFE-A110.
Lekunutu le arolelanoang le tlameha ho hlahisoa ho linotlolo tse le 'ngoe kapa tse ngata tse sebetsang (tse sa bonts'itsoeng mona). Linotlolo tsena tse sebetsang li ka sebelisoa liprothokholeng tsa puisano tse kang TLS, mohlalaample bakeng sa ho sireletsa lekunutu, botšepehi le bonnete ba lintlha tse fapanyetsanoang lipakeng tsa moamoheli oa lehae le seva e hole.

Phallo ea taelo
Setšoantšo sa 4. Phallo ea taelo ea mantlha e bonts'a phallo ea taelo:

  • Linotlolo tsa lekunutu le tsa bohle tsa remoutu li ngotsoe ka thata ho khoutu ea example.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • STSAFE-A110/ STSAFE-A120 e khutlisetsa lekunutu la moamoheli oa lehae ho STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Phuthela/ phutholla dienfelopo tsa lehae

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Key pair moloko
Pontšo ena e bontša phallo ea taelo moo sesebelisoa sa STSAFE-A110/STSAFE-A120 se kentsoeng ho moamoheli oa lehae. Moamoheli ea hole o kopa moamoheli enoa oa lehae hore a hlahise li-key pair (senotlolo sa lekunutu le senotlolo sa sechaba) ho slot 1 ebe o saena phephetso (nomoro e sa reroang) ka senotlolo sa lekunutu se hlahisitsoeng.
Motho ea amohelang remoutu o khona ho netefatsa tshaeno ka senotlolo sa sechaba se hlahisitsoeng.
Pontšo ena e tšoana le pontšo ea Tiiso e nang le liphapang tse peli:

  • The pair ea bohlokoa ponts'ong ea netefatso e se e entsoe (ho slot 0), athe, ho ex ena.ample, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Phallo ea taelo
Bakeng sa lipontšo, batho ba haufi le ba hole le ba bang ke lisebelisoa tse tšoanang mona.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Bukana ea mantsoe

Kgutsufatso Tlhaloso
AES Maemo a Ntlafetseng a Encryption
ANSI Setsi sa Maemo a Naha sa Amerika
API Sebopeho sa lenaneo la kopo
BSP Sephutheloana sa tšehetso sa boto
CA Bolaoli ba Setifikeiti
CC Mekhoa e Tloaelehileng
C-MAC Khouto ya netefatso ya molaetsa wa taelo
ECC Elliptic curve cryptography
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
EWARM IAR Embedded Workbench® for Arm®
HALALA Hardware abstraction layer
I/O Kenyeletso/sephetho
IAR Systems® World leader in software tools and services for embedded systems development.
IDE Tikoloho e kopaneng ya ntshetsopele. Sesebelisoa sa software se fanang ka lisebelisoa tse felletseng ho baetsi ba mananeo a komporo bakeng sa nts'etsopele ea software.
IoT Inthanete ea lintho
I²C Inter-integrated circuit (IIC)
LL Bakhanni ba boemo bo tlase
MAC Khouto ya netefatso ya molaetsa
MCU Setsi sa Microcontroller
MDK-ARM Keil® microcontroller development kit for Arm®
MPU Setsi sa ts'ireletso ea memori
NVM Mehopolo e sa tsitsang
OS Mokhoa oa tšebetso
SE Secure element
SHA Sireletsa Hash algorithm
SLA Tumellano ea laesense ea software
ST STMicroelectronics
TLS Tshireletso ya Layer Layer
USB Universal Serial Bus

Nalane ea ntlafatso

Letsatsi Khatiso Liphetoho
23-Phup-2025 1 Tokollo ea pele.

TSEBISO EA BOHLOKOA – BALA KA HLOKO

  • STMicroelectronics NV le li-subsidiary tsa eona ("ST") li na le tokelo ea ho etsa liphetoho, litokiso, lintlafatso, lintlafatso, le lintlafatso ho lihlahisoa tsa ST le/kapa tokomaneng ena ka nako efe kapa efe ntle le tsebiso. Bareki ba lokela ho fumana lintlha tsa morao-rao tse amanang le lihlahisoa tsa ST pele ba fana ka litaelo. Lihlahisoa tsa ST li rekisoa ho latela lipehelo le maemo a thekiso ea ST ka nako ea tumello ea taelo.
  • Bareki ke bona feela ba ikarabellang bakeng sa khetho, khetho, le tšebeliso ea lihlahisoa tsa ST mme ST ha e nke e le molato bakeng sa thuso ea kopo kapa moralo oa lihlahisoa tsa bareki.
  • Ha ho laesense, e hlalositsoeng kapa e boletsoeng, ea tokelo efe kapa efe ea thepa ea mahlale e fanoeng ke ST mona.
  • Ho rekisoa ha lihlahisoa tsa ST ka litokisetso tse fapaneng le tlhahisoleseding e boletsoeng mona ho tla hlakola waranti leha e le efe e fanoeng ke ST bakeng sa sehlahisoa se joalo.
  • ST le logo ea ST ke matšoao a khoebo a ST. Bakeng sa lintlha tse ling mabapi le matšoao a khoebo a ST, sheba ho www.st.com/trademarks. Mabitso a mang kaofela a lihlahisoa kapa litšebeletso ke thepa ea beng ba tsona.
  • Lintlha tse tokomaneng ena li nkela sebaka le ho nkela tlhahisoleseding e neng e fanoe pele liphetolelong tsa pele tsa tokomane ena.
  • © 2025 STMicroelectronics – Litokelo tsohle li sirelelitsoe

Litokomane / Lisebelisoa

ST X-CUBE-STSE01 Software Package [pdf] Bukana ea Mosebelisi
X-CUBE-STSE01 Software Package, Software Package, Software

Litšupiso

Tlohela maikutlo

Aterese ea hau ea lengolo-tsoibila e ke ke ea phatlalatsoa. Libaka tse hlokahalang li tšoailoe *