Mataupu lalafi
1 X-CUBE-STSE01 Polokalame Polokalama
2 Folasaga
3 Fa'amatalaga lautele
4 Fa'amatalaga lautele
5 Polokalama fa'aaliga
6 Glossary
7 Toe iloilo tala'aga
8 FA'AALIGA TAUA – FAITAU MA LE FA'AMANATU
9 Pepa / Punaoa
9.1 Fa'asinomaga

X-CUBE-LOGO

X-CUBE-STSE01 Polokalame Polokalama

X-CUBE-STSE-Software-Package (4)

Folasaga

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Paʻaga
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

Fa'amatalaga lautele

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • O le Arm o se fa'ailoga fa'amaufa'ailoga a le Arm Limited (po'o ona lala) i le US ma/po'o se isi nofoaga.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

STSAFE-A1x0 elemene malupuipuia

O le STSAFE-A110 ma le STSAFE-A120 o se fofo sili ona malupuipuia lea e galue o se elemene malupuipuia e tuʻuina atu faʻamaoniga ma faʻamaumauga faʻamaumauga i se faʻalapotopotoga faʻapitonuʻu poʻo mamao. O lo'o i ai se tali fa'ato'a atoa ma se faiga fa'aoga saogalemu o lo'o fa'agaoioia i luga o le augatupulaga aupito lata mai o microcontrollers malupuipuia.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Fa'amaoni (o peripherals, IoT ma USB Type-C® masini).
  • Saogalemu le fa'avaeina o le alalaupapa ma le talimalo mamao e aofia ai le fela'uaiga layer security (TLS) lululima.
  • Au'aunaga fa'amaonia saini (fa'alelei le ta'avale ma le fa'aleleia o le firmware).
  • Mata'ituina le fa'aogaina ma fa'amau fa'amautu.
  • Fa'afeso'ota'i ma fa'amautu ala fa'atasi ma le fa'aogaina o le fa'aogaina o talosaga.
  • O le afifiina ma le tatalaina o teutusi fa'apitonu'u pe mamao.
  • Fa'atupuina pa'aga i luga ole masini.

STSecureElement Library (STSELib) faʻamatalaga

O lenei vaega o loʻo faʻamatalaina le STSELib middleware software package content ma le auala e faʻaoga ai.

Fa'amatalaga lautele

O le STSELib middleware o se seti o vaega faakomepiuta ua fuafuaina e:

  • faʻafesoʻotaʻi le STSAFE-A110 ma le STSAFE-A120 masini elemene malupuipuia ma se MCU.
  • fa'atino tulaga fa'aoga STSAFE-A110 ma le STSAFE-A120 sili ona lautele.
  • O le STSELib middleware o loʻo faʻapipiʻiina atoatoa i totonu o pusa polokalama ST e avea o se vaega middleware e faʻaopoopo ai vaega elemene malupuipuia.
  • O le STSELib middleware e tu'uina atu ai se seti atoatoa o galuega fa'akomepiuta Polokalama Fa'aoga maualuga i le tagata fa'apipi'i fa'apipi'i. O lenei Middleware e fa'avasegaina le fausiaina ma le fa'asologa o poloaiga e mana'omia e fa'amautinoaina ai masini, mea fa'aoga ma fa'aoga fa'aoga puipuia e fa'aaoga ai le STMicroelectronics STSAFE-A se aiga elemene saogalemu.
  • O lenei middleware e mafai ai ona tu'ufa'atasia le tasi po'o le tele o STSAFE-A i le tele o fa'alapotopotoga fa'anatura MCU/MPU.
  • Va'ai i fa'amatalaga tu'u mai o lo'o maua i totonu o le pusa a'a mo fa'amatalaga e uiga i lomiga IDE lagolagoina.

Fa'ataina
O le STSELib middleware o loʻo aofia ai ni faʻaoga polokalame e tolu e pei ona faʻaalia i le ata o loʻo i lalo. E tu'uina atu e vaega ta'itasi se tulaga ese'ese o le fa'aogaina o faiga i le tagata fa'apipi'i fa'apipi'i.

X-CUBE-STSE-Software-Package (2)

O le ata o loʻo i lalo o loʻo faʻaalia ai le STSELib middleware ua tuʻufaʻatasia i totonu o se faʻaoga masani STM32Cube, o loʻo taʻavale i luga o se laupapa faʻalautele X-NUCLEO-SAFEA1 poʻo X-NUCLEO-ESE01A1 faʻapipiʻi i luga o se laupapa STM32 Nucleo.

Ata 2. X-CUBE-STSE01 fa'aoga poloka poloka

X-CUBE-STSE-Software-Package (3)

Ina ia tuʻuina atu meafaigaluega sili ona lelei ma tulaga tutoʻatasi, o le STSELib middleware e le o fesoʻotaʻi tuusaʻo i le STM32Cube HAL, ae e ala i le atinaʻe files fa'atinoina ile tulaga ole talosaga

  • Fa'asologa o Polokalama Fa'aoga (API).
    O lenei fa'apipi'i fa'akomepiuta o le nofoaga e ulufale ai mo le fa'aogaina o le polokalama. E maua ai se seti o galuega maualuga maualuga e mafai ai ona fegalegaleai ma STMicroelectronics Secure Elements. O le Api layer e tuʻuina atu ai faʻamatalaga mo faʻaoga eseese e pei o le Secure Element Management, Authentication, Data Storage, Key Management.
  • Laega tautua
    O le SERVICE layer e tuʻuina atu ai se seti o auaunaga o oloa e faʻapipiʻiina uma tulafono e lagolagoina e le elemene saogalemu faʻatatau ma lipoti tali i luga ole laulau API/Talosaga. E mafai ona fa'aoga tuusa'o lenei laulau mai le Talosaga (mo tagata fa'aoga maualuga).
  • Papa autu
    O lo'o iai fa'amatalaga lautele mo le ST Secure Element ma galuega mo le feso'ota'iga ma le fa'amautu fa'amoemoe.
    O le vaega autu e fa'afoeina le fa'avasegaina o fe'au fa'apea fo'i ma le fa'avasegaina o fa'avae mo fa'avae o lo'o i luga.

Faiga o faila
O le ata o loʻo i lalo o loʻo faʻaalia ai le fausaga faila o le X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Polokalama fa'aaliga

O lenei vaega o loʻo faʻaalia ai polokalame faʻataʻitaʻiga e faʻavae ile STSELib middleware.

Fa'amaoni
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for example mo ta'aloga, mea feavea'i po'o mea fa'aaoga, e tutusa lelei lava.
Mo faʻamoemoega faʻataʻitaʻiga, o 'au faʻapitonuʻu ma mamao mamao o le masini lava lea e tasi iinei.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Fa'aga'i (Tulaga Fa'atonuga)
Lenei code example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code exampe tatau ona fa'ataunu'uina ma le manuia a'o le'i fa'atinoina uma le fa'ailoga fa'apeaamples.

Fa'atonuga

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    E na'o le fa'agaioiga lea e tupu pe afai e le'i fa'atumuina le avanoa ki teutusi fa'apitonu'u a le STSAFE-A110.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Fa'avae autu (Ki fa'atusa AES-128 CMAC)
O lenei faʻataʻitaʻiga o loʻo faʻaalia ai le tulaga o loʻo faʻapipiʻiina ai le masini STSAFE-A110 i luga o se masini (e pei o le IoT device), lea e fesoʻotaʻi ma se server mamao, ma manaʻomia le faʻatuina o se auala saogalemu e faʻafesoʻotaʻi ai faʻamatalaga.
I lenei example, o le STM32 masini e taʻalo le sao o le 'auʻaunaga mamao (mamao mamao) ma le 'au faʻapitonuʻu e fesoʻotaʻi atu i le STSAFE-A110 masini.
O le sini o lenei faʻaoga faʻaoga o le faʻaalia lea o le faʻavaeina o se mealilo fefaʻasoaaʻi i le va o le tagata talimalo i le lotoifale ma le server mamao e faʻaaoga ai le elliptic curve Diffie-Hellman scheme ma se static (ECDH) poʻo le ephemeral (ECDHE) ki i le STSAFE-A110
Ole mealilo fefa'asoaa'i e tatau ona maua atili ile tasi pe sili atu ki galue (e le fa'aalia iinei). O nei ki galue e mafai ona faʻaaogaina i fesoʻotaʻiga fesoʻotaʻiga e pei ole TLS, mo faʻataʻitaʻigaample mo le puipuia o le le faalauaiteleina, faamaoni ma le moni o faamatalaga o loo fesuiai i le va o le talimalo i le lotoifale ma le server mamao.

Fa'atonuga
O le Ata 4. Fa'atonuga fa'avae autu o lo'o fa'aalia ai le fa'atonuga:

  • O ki fa'apitoa ma fa'alaua'itele a le 'au mamao e fa'amalo i le code example.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • O le STSAFE-A110/STSAFE-A120 e toe faafoi le mealilo a le tagata talimalo ile STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Afifi/talatala teutusi i le lotoifale

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Tupuga paga autu
O lenei faʻataʻitaʻiga o loʻo faʻaalia ai le faʻatonuga o loʻo faʻapipiʻiina le masini STSAFE-A110/STSAFE-A120 i luga o se talimalo i le lotoifale. E fai atu se tagata talimalo mamao i lenei talimalo i le lotoifale e fa'atupuina se pa'aga autu (se ki tumaoti ma se ki fa'alaua'itele) i luga o le slot 1 ona sainia lea o se lu'i (numera fa'afuase'i) ma le ki fa'apitoa na gaosia.
Ona mafai lea e le tagata talimalo mamao ona faʻamaonia le saini i le ki faʻasalalau lautele.
O lenei faʻataʻitaʻiga e talitutusa ma le faʻamaoniga faʻamaonia e lua eseesega:

  • O le paga autu i le faʻataʻitaʻiga Faʻamaonia ua uma ona faʻatupuina (i luga o le slot 0), ae, i lenei example, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Fa'atonuga
Mo faʻamoemoega faʻataʻitaʻiga, o 'au faʻapitonuʻu ma mamao mamao o le masini lava lea e tasi iinei.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Glossary

Faapuupuuga Uiga
AES Fa'ailoga Fa'ailoga Maualuga
ANSI American National Standards Institute
API Fa'aoga polokalame fa'aoga
BSP Fonotaga lagolago a le Komiti
CA Pulega Fa'ailoga
CC Tulaga masani
C-MAC Poloaiga fe'au fa'amaonia code
ECC Elliptic curve cryptography
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
EWARM IAR Embedded Workbench® for Arm®
HAL Fa'apipi'i mea faigaluega
I/O Ulufale/ulufale
IAR Systems® World leader in software tools and services for embedded systems development.
IDE Siosiomaga atina'e tu'ufa'atasi. Ose polokalame fa'akomepiuta e tu'uina atu ai nofoaga fa'apitoa i tagata fai polokalame komipiuta mo le atina'eina o polokalame.
IoT Initaneti o mea
I²C Feso'ota'iga fa'atasi (IIC)
LL Avetaavale maualalo
MAC Fa'ailoga fa'amaonia fe'au
MCU Vaega microcontroller
MDK-ARM Keil® microcontroller development kit for Arm®
MPU Vaega puipuiga manatua
NVM Fa'amanatuga e le fa'afefeteina
OS Faiga fa'agaioiga
SE Elemene saogalemu
SHA Saogalemu Hash algorithm
SLA Maliega laisene polokalame
ST STMicroelectronics
TLS Saogalemu Laiga Felauaiga
USB Fa'asalalau Fa'asalalau pasi

Toe iloilo tala'aga

Aso Toe Iloiloga Suiga
23-Iun-2025 1 Fa'asalalauga muamua.

FA'AALIGA TAUA – FAITAU MA LE FA'AMANATU

  • STMicroelectronics NV ma ona lala ("ST") fa'aagaga le aia e fai ai suiga, fa'asa'oga, fa'aleleia, fa'aleleia, ma fa'aleleia atili i oloa ST ma/po'o lenei pepa i so'o se taimi e aunoa ma se fa'aaliga. E tatau i tagata fa'atau ona maua fa'amatalaga talafeagai lata mai i oloa ST a'o le'i tu'uina atu oka. O oloa ST o lo'o fa'atau atu e tusa ai ma tu'utu'uga ma aiaiga a le ST o lo'o fa'atau atu i le taimi e fa'ailoa ai le oka.
  • E na'o le au fa'atau le filifiliga, filifiliga, ma le fa'aogaina o oloa ST ma e leai se noataga a le ST mo fesoasoani talosaga po'o le mamanu o oloa a tagata fa'atau.
  • Leai se laisene, fa'aalia pe fa'aalia, i so'o se aia tatau tau le atamai ua fa'atagaina e ST i totonu.
  • Toe fa'atauina atu oloa ST ma aiaiga e ese mai fa'amatalaga o lo'o fa'ailoa mai i inei e tatau ona fa'aleaogaina ai so'o se fa'ataga na tu'uina atu e ST mo ia oloa.
  • ST ma le logo ST o fa'ailoga fa'ailoga a ST. Mo fa'amatalaga fa'aopoopo e uiga i fa'ailoga tau ST, va'ai ile www.st.com/trademarks. O isi igoa uma o oloa po'o auaunaga o le meatotino a latou lava tagata.
  • O fa'amatalaga i totonu o lenei pepa e suitulaga ma suia fa'amatalaga na tu'uina atu muamua i so'o se lomiga muamua o lenei pepa.
  • © 2025 STMicroelectronics – Ua taofia aia tatau uma

Pepa / Punaoa

ST X-CUBE-STSE01 Polokalame Polokalama [pdf] Tusi Taiala
X-CUBE-STSE01 Polokalame Polokalama, Polokalama Polokalama, Polokalama

Fa'asinomaga

Tuu se faamatalaga

E le fa'asalalauina lau tuatusi imeli. Fa'ailogaina fanua mana'omia *