FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Regarding Encryption and Decryption Processing with STSAFE-A110

y_yamamoto
Associate II

‎2025-03-11 6:11 PM

I am conducting operational verification of the sample application of X-CUBE-SAFEA1 by connecting NUCLEO-L476RG and X-NUCLEO-SAFEA1B.
I have some questions regarding the operation of the sample application "STSAFEA1_WRAP_UNWRAP".

My questions are as follows:

  1. I demonstrated the sample applcation of "STSAFEA1_WRAP_UNWRAP" with a logic analyzer observing the I2C communication. According to that, it seems that the encryption and decryption processes are performed on the NUCLEO-L476RG side. Is this correct behavior?
  2. Is it possible to perform encryption and decryption processes on the STSAFE-A110 side (and with secret keys stored in STSAFE-A110)? If so, how can this be implemented?

 

Details

Below are the steps I have taken:

1. Execution of the sample code

I created a project on STM32CubeIDE via STM32CubeMX and executed the sample application "STSAFEA1_WRAP_UNWRAP" from X-CUBE-SAFEA1. The UART output results appear to be functioning without errors.

capture.png

 

2. Step execution with a debugger and observation of I2C communication with a logic analyzer

I performed step execution of the sample application "STSAFEA1_WRAP_UNWRAP" with a debugger and observed the encryption and decryption processes.

It appears that the encryption process is executed in the StSafeA_DataEncryption function at line 2618 of "stsafea_core.c". Similarly, the decryption process seems to be executed in the StSafeA_DataDecryption function at line 2747 of "stsafea_core.c".

StSafeA_ResponseCode_t StSafeA_WrapLocalEnvelope(
  StSafeA_Handle_t *pStSafeA,
  uint8_t InKeySlotNum,
  uint8_t *pInData,
  uint16_t InDataSize,
  StSafeA_LVBuffer_t *pOutLVResponse,
  uint8_t InMAC,
  uint8_t InHostEncryption)
{
    // ...

    /* Encrypt data */
    if (((uint8_t)InHostEncryption & (uint8_t)STSAFEA_ENCRYPTION_COMMAND) == (uint8_t)STSAFEA_ENCRYPTION_COMMAND)
    {
      status_code = StSafeA_DataEncryption(pStSafeA);
    }

    // ...
}

 

StSafeA_ResponseCode_t StSafeA_UnwrapLocalEnvelope(
  StSafeA_Handle_t *pStSafeA,
  uint8_t InKeySlotNum,
  uint8_t *pInLocalEnvelope,
  uint16_t InLocalEnvelopeSize,
  StSafeA_LVBuffer_t *pOutLVResponse,
  uint8_t InMAC,
  uint8_t InHostEncryption)
{
    // ...

        /* Decrypt data */
        if (((uint8_t)InHostEncryption & (uint8_t)STSAFEA_ENCRYPTION_RESPONSE) == (uint8_t)STSAFEA_ENCRYPTION_RESPONSE)
        {
          status_code = StSafeA_DataDecryption(pStSafeA);
        }

    // ...
}

 

During the execution of each function, I could not observe I2C communication between NUCLEO-L476RG and STSAFE-A110, and it seems that the encryption and decryption processes are performed on the NUCLEO-L476RG side.

 

3. Confirmation from the datasheet

I referred to the STSAFE-A110 datasheet.

According to Figure 12 "Wrap/Unwrap Local Envelop command flow" on page 21 of the datasheet, it seems that the encryption and decryption of plaintext are processed on the local host(here, NUCLEO-L476RG) side.

On the other hand, the command set list on page 23 includes Encrypt and Decrypt, indicating that STSAFE-A110 seems to provide encryption and decryption functions. Are there commands not implemented in the software of X-CUBE-SAFEA1?

 

Thank you for your confirmation and response.

Labels:
0 Kudos
0 REPLIES 0
Top