cancel
Showing results for 
Search instead for 
Did you mean: 

Regarding Encryption and Decryption Processing with STSAFE-A110

y_yamamoto
Associate II

I am conducting operational verification of the sample application of X-CUBE-SAFEA1 by connecting NUCLEO-L476RG and X-NUCLEO-SAFEA1B.
I have some questions regarding the operation of the sample application "STSAFEA1_WRAP_UNWRAP".

My questions are as follows:

  1. I demonstrated the sample applcation of "STSAFEA1_WRAP_UNWRAP" with a logic analyzer observing the I2C communication. According to that, it seems that the encryption and decryption processes are performed on the NUCLEO-L476RG side. Is this correct behavior?
  2. Is it possible to perform encryption and decryption processes on the STSAFE-A110 side (and with secret keys stored in STSAFE-A110)? If so, how can this be implemented?

 

Details

Below are the steps I have taken:

1. Execution of the sample code

I created a project on STM32CubeIDE via STM32CubeMX and executed the sample application "STSAFEA1_WRAP_UNWRAP" from X-CUBE-SAFEA1. The UART output results appear to be functioning without errors.

capture.png

 

2. Step execution with a debugger and observation of I2C communication with a logic analyzer

I performed step execution of the sample application "STSAFEA1_WRAP_UNWRAP" with a debugger and observed the encryption and decryption processes.

It appears that the encryption process is executed in the StSafeA_DataEncryption function at line 2618 of "stsafea_core.c". Similarly, the decryption process seems to be executed in the StSafeA_DataDecryption function at line 2747 of "stsafea_core.c".

StSafeA_ResponseCode_t StSafeA_WrapLocalEnvelope(
  StSafeA_Handle_t *pStSafeA,
  uint8_t InKeySlotNum,
  uint8_t *pInData,
  uint16_t InDataSize,
  StSafeA_LVBuffer_t *pOutLVResponse,
  uint8_t InMAC,
  uint8_t InHostEncryption)
{
    // ...

    /* Encrypt data */
    if (((uint8_t)InHostEncryption & (uint8_t)STSAFEA_ENCRYPTION_COMMAND) == (uint8_t)STSAFEA_ENCRYPTION_COMMAND)
    {
      status_code = StSafeA_DataEncryption(pStSafeA);
    }

    // ...
}

 

StSafeA_ResponseCode_t StSafeA_UnwrapLocalEnvelope(
  StSafeA_Handle_t *pStSafeA,
  uint8_t InKeySlotNum,
  uint8_t *pInLocalEnvelope,
  uint16_t InLocalEnvelopeSize,
  StSafeA_LVBuffer_t *pOutLVResponse,
  uint8_t InMAC,
  uint8_t InHostEncryption)
{
    // ...

        /* Decrypt data */
        if (((uint8_t)InHostEncryption & (uint8_t)STSAFEA_ENCRYPTION_RESPONSE) == (uint8_t)STSAFEA_ENCRYPTION_RESPONSE)
        {
          status_code = StSafeA_DataDecryption(pStSafeA);
        }

    // ...
}

 

During the execution of each function, I could not observe I2C communication between NUCLEO-L476RG and STSAFE-A110, and it seems that the encryption and decryption processes are performed on the NUCLEO-L476RG side.

 

3. Confirmation from the datasheet

I referred to the STSAFE-A110 datasheet.

According to Figure 12 "Wrap/Unwrap Local Envelop command flow" on page 21 of the datasheet, it seems that the encryption and decryption of plaintext are processed on the local host(here, NUCLEO-L476RG) side.

On the other hand, the command set list on page 23 includes Encrypt and Decrypt, indicating that STSAFE-A110 seems to provide encryption and decryption functions. Are there commands not implemented in the software of X-CUBE-SAFEA1?

 

Thank you for your confirmation and response.

4 REPLIES 4
Benjamin BARATTE
ST Employee

Hi @y_yamamoto,

 

The Wrap/Unwrap use case is encrypting a data with a key known only by the STSAFE-A110.

In order to perform this operation in a secure way, the I2C link shall be protected.

Therefore, the Wrap command mandate to encrypt the data with the local pairing key.

For the Unwrap, it's the response of the command which is protected by the local pairing key.

 

Yes, there is some encryption/decryption on the STM32L4 side but this is related to the local pairing key to protect the I2C bus.

The envelop return by the wrap command is encrypted with a internal key of the STSAFE-A110.

 

Best Regards,

Benjamin

Hi, @Benjamin BARATTE -san, @y_yamamoto -san. 
I apologize for interrupting, but I'm interrested this topic too, especially processing encryption and decryption inside STSAFE-A110.
According to the datasheet, page 22, STSAFE-A110 provides us Encrypt and Decrypt commands.

YUTA1_0-1743043073211.png

Additionally, in stsafea_core.c program, I found StSafeA_RawCommand. I understand this function provides us to call the command directly.

StSafeA_ResponseCode_t StSafeA_RawCommand(
  StSafeA_Handle_t *pStSafeA,
  const StSafeA_TLVBuffer_t *pInRawCommand,
  uint16_t InRespDataLen,
  StSafeA_TLVBuffer_t *pOutTLVResponse,
  uint32_t DelayMs,
  uint8_t InMAC)

Therefore, I beleive we can process an encryption inside STSAFE-A110 with the above combination.
However, I couldn't find the detail information and specifications of Encrypt command in open data.

 

Could you show me the example program of calling Encrypt command, or detail specifications of Encrypt command?

Best regards

Hi @YUTA1 ,

 

on STSAFE-A110, the encrypt/decrypt API are not accessible as you can't store the key you need in the symmetric key table.

For this feature, you have to use STSAFE-A120 which has different way of loading a symmetric key and supports more AES variant.

Best Regards,

Benjamin

 

YUTA1
Associate II

Thank you for your quick response, @Benjamin BARATTE -san.

I've come to understand that -A110 doesn't support the function, but -A120 can do that. Now I'm having the much interested in the product of -A120.

I found the datasheet of -A120 here. However, it's still unrevealed for me that the detail specification and information of related "Symmetric key table commands" thourgh I2C.

How do I get more details? Does it require NDA? 

Best regards.