【STM32H5开发板】第五帖 stm32h563移植mbedtls加密库
[复制链接]
mbedTLS是一个轻量级的加密库,可用于在STM32上实现安全的通信。该库提供了许多加密算法,如AES、RSA和ECC等。在STM32上使用mbedTLS库,可以实现SSL / TLS安全通信,保护数据的机密性和完整性。
mbedTLS库的使用非常简单,可以直接使用cubemx代码生成工具直接在STM32项目中添加mbedtls库,并在代码中调用其API即可。该库还提供了许多示例代码,以帮助开发人员快速了解其功能和使用方法。
下面介绍一下具体步骤:
首先使用cubemx代码生成工具选择开发板STM32H563 NUCLEO;然后自动初始化板载资源,使用非trustzone;
第二步在Middleware and software packs中选中mbedTLS库,如下图:
生成代码后,我们在代码中配置需要启用的mbedtls功能,在头文件mbedtls_config.h,这里我们使能AES和MD5,代码如下:
/**
* Configuration template
*/
/*
* Copyright (C) 2006-2022, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define MBEDTLS_CONFIG_VERSION 0x03010000
/* System support */
//#define MBEDTLS_HAVE_ASM
//#define MBEDTLS_HAVE_TIME
//#define MBEDTLS_HAVE_TIME_DATE
//#define MBEDTLS_PLATFORM_MEMORY
//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
/* mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_FEWER_TABLES
//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
//#define MBEDTLS_CHECK_RETURN_WARNING
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_CIPHER_MODE_OFB
#define MBEDTLS_CIPHER_MODE_XTS
//#define MBEDTLS_CIPHER_PADDING_PKCS7
//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
//#define MBEDTLS_CIPHER_PADDING_ZEROS
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
//#define MBEDTLS_ECP_DP_CURVE448_ENABLED
//#define MBEDTLS_ECP_NIST_OPTIM
//#define MBEDTLS_ECP_RESTARTABLE
//#define MBEDTLS_ECDSA_DETERMINISTIC
//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
//#define MBEDTLS_PK_PARSE_EC_EXTENDED
//#define MBEDTLS_ERROR_STRERROR_DUMMY
//#define MBEDTLS_GENPRIME
//#define MBEDTLS_FS_IO
//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
//#define MBEDTLS_NO_PLATFORM_ENTROPY
//#define MBEDTLS_ENTROPY_FORCE_SHA256
//#define MBEDTLS_ENTROPY_NV_SEED
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
//#define MBEDTLS_MEMORY_DEBUG
//#define MBEDTLS_MEMORY_BACKTRACE
//#define MBEDTLS_PK_RSA_ALT_SUPPORT
//#define MBEDTLS_PKCS1_V15
//#define MBEDTLS_PKCS1_V21
//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
//#define MBEDTLS_PSA_CRYPTO_CLIENT
//#define MBEDTLS_PSA_CRYPTO_DRIVERS
//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
//#define MBEDTLS_PSA_CRYPTO_SPM
//#define MBEDTLS_RSA_NO_CRT
//#define MBEDTLS_SELF_TEST
//#define MBEDTLS_SHA256_SMALLER
//#define MBEDTLS_SHA512_SMALLER
//#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
//#define MBEDTLS_SSL_ASYNC_PRIVATE
//#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
//#define MBEDTLS_SSL_DEBUG_ALL
//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
//#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
//#define MBEDTLS_SSL_RENEGOTIATION
//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
//#define MBEDTLS_SSL_PROTO_TLS1_2
//#define MBEDTLS_SSL_PROTO_TLS1_3
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
//#define MBEDTLS_SSL_PROTO_DTLS
//#define MBEDTLS_SSL_ALPN
//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
//#define MBEDTLS_SSL_DTLS_SRTP
//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
//#define MBEDTLS_SSL_SESSION_TICKETS
//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_CONFIG
//#define MBEDTLS_VERSION_FEATURES
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
/* mbed TLS modules */
#define MBEDTLS_AES_C
//#define MBEDTLS_ASN1_PARSE_C
//#define MBEDTLS_ASN1_WRITE_C
//#define MBEDTLS_BASE64_C
//#define MBEDTLS_BIGNUM_C
//#define MBEDTLS_CAMELLIA_C
//#define MBEDTLS_ARIA_C
//#define MBEDTLS_CCM_C
//#define MBEDTLS_CHACHA20_C
//#define MBEDTLS_CHACHAPOLY_C
//#define MBEDTLS_CIPHER_C
//#define MBEDTLS_CMAC_C
//#define MBEDTLS_CTR_DRBG_C
//#define MBEDTLS_DEBUG_C
//#define MBEDTLS_DES_C
//#define MBEDTLS_DHM_C
//#define MBEDTLS_ECDH_C
//#define MBEDTLS_ECDSA_C
//#define MBEDTLS_ECJPAKE_C
//#define MBEDTLS_ECP_C
//#define MBEDTLS_ENTROPY_C
//#define MBEDTLS_ERROR_C
//#define MBEDTLS_GCM_C
//#define MBEDTLS_HKDF_C
//#define MBEDTLS_HMAC_DRBG_C
//#define MBEDTLS_NIST_KW_C
//#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
//#define MBEDTLS_NET_C
//#define MBEDTLS_OID_C
//#define MBEDTLS_PEM_PARSE_C
//#define MBEDTLS_PEM_WRITE_C
//#define MBEDTLS_PK_C
//#define MBEDTLS_PK_PARSE_C
//#define MBEDTLS_PK_WRITE_C
//#define MBEDTLS_PKCS5_C
//#define MBEDTLS_PKCS12_C
//#define MBEDTLS_PLATFORM_C
//#define MBEDTLS_POLY1305_C
//#define MBEDTLS_PSA_CRYPTO_C
//#define MBEDTLS_PSA_CRYPTO_SE_C
//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
//#define MBEDTLS_PSA_ITS_FILE_C
//#define MBEDTLS_RIPEMD160_C
//#define MBEDTLS_RSA_C
//#define MBEDTLS_SHA1_C
//#define MBEDTLS_SHA224_C
//#define MBEDTLS_SHA256_C
//#define MBEDTLS_SHA384_C
//#define MBEDTLS_SHA512_C
//#define MBEDTLS_SSL_CACHE_C
//#define MBEDTLS_SSL_COOKIE_C
//#define MBEDTLS_SSL_TICKET_C
//#define MBEDTLS_SSL_CLI_C
//#define MBEDTLS_SSL_SRV_C
//#define MBEDTLS_SSL_TLS_C
//#define MBEDTLS_THREADING_C
//#define MBEDTLS_TIMING_C
//#define MBEDTLS_VERSION_C
//#define MBEDTLS_X509_USE_C
//#define MBEDTLS_X509_CRT_PARSE_C
//#define MBEDTLS_X509_CRL_PARSE_C
//#define MBEDTLS_X509_CSR_PARSE_C
//#define MBEDTLS_X509_CREATE_C
//#define MBEDTLS_X509_CRT_WRITE_C
//#define MBEDTLS_X509_CSR_WRITE_C
然后在main函数中添加md5测试代码,具体如下:
/**
* [url=home.php?mod=space&uid=159083]@brief[/url] The application entry point.
* @retval int
*/
int main(void)
{
/* USER CODE BEGIN 1 */
mbedtls_md5_context ctx;
uint8_t i,test_str[] = "EEWorld stm32H563 md5 test!";
uint8_t out_buf[16];
/* USER CODE END 1 */
/* MCU Configuration--------------------------------------------------------*/
/* Reset of all peripherals, Initializes the Flash interface and the Systick. */
HAL_Init();
/* USER CODE BEGIN Init */
/* USER CODE END Init */
/* Configure the system clock */
SystemClock_Config();
/* USER CODE BEGIN SysInit */
/* USER CODE END SysInit */
/* Initialize all configured peripherals */
MX_GPIO_Init();
MX_ADC1_Init();
MX_ETH_Init();
MX_ICACHE_Init();
MX_LPUART1_UART_Init();
MX_USART3_UART_Init();
MX_UCPD1_Init();
MX_USB_PCD_Init();
/* USER CODE BEGIN 2 */
printf("start\n");
mbedtls_md5_init( &ctx );
mbedtls_md5_starts( &ctx );
mbedtls_md5_update( &ctx,test_str,strlen((char*)test_str));
mbedtls_md5_finish(&ctx,out_buf);
printf("\"EEWorld stm32H563 md5 test!\" MD5:\n");
for(i = 0; i < 16; i ++ )
{
printf("%02x ",out_buf[i]);
}
printf("\n");
mbedtls_md5_free( &ctx );
/* USER CODE END 2 */
/* Infinite loop */
/* USER CODE BEGIN WHILE */
while (1)
{
/* USER CODE END WHILE */
/* USER CODE BEGIN 3 */
HAL_Delay(1000);
}
/* USER CODE END 3 */
}
最后通过串口输出md5结果,对比网页md5工具查看结果是否一致。如下图:
这里相同的内容,经过MD5运算后是一致的结果,可见我们mbedtls库调用没有问题。
后续在开发过程中很多时候都会用到对称、非对称、哈希等加解密算法,mbedtls库是嵌入式开发中一个不错的选择。
|