Why mbedtls, which is part of STCube 1.16 release, does not contain HW acceleration code?

Bogdan Rosandic · ‎2017-05-11

Posted on May 11, 2017 at 17:47

Recently PolarSSL library has been replaced by mbedtls in STCube Third Party libraries.

PolarSSL used to have STM32 specific code for some of the Polar SSL APIs. Now, in the latest STCube

mbedtls library does not have STM32 specific code which enables usage of hardware HASH and CRYPTO engine.

What is the reason for this ?

Best regards,

Bogdan

#stm32 #crypto #mbedtls #hash

Haithem Rahmani · ‎2017-05-24

Posted on May 24, 2017 at 11:44

Hi Bodgan,

indeed the mbedtls released within the STM32 Cube FW is without any HW crypto engine integration.This is planned in the next release of the Cube FW.

Notice that integration of the hw crypto won't be integrated in mbedtls source code itself but in the applications source code instead.In fact the mbedtls is offering config flags that allows user to provide alternate functions for crypto functions.

We did that for the Random Number generator, have a look at the files:

Projects/STM32469I_EVAL/Applications/mbedTLS/SSL_Client/Src/hardware_rng.c

Projects/STM32469I_EVAL/Applications/mbedTLS/SSL_Client/Src/stm32f4xx_hal_msp.c

regards

Haithem.

Bogdan Rosandic · ‎2017-05-24

Posted on May 24, 2017 at 15:37

Hi Haithem,

Thanks for the reply. I wander, when do you expect next release of the Cube FW ?

Best regards,

Bogdan

Bogdan Rosandic · ‎2017-06-08

Posted on June 08, 2017 at 11:18

Hi again,

I have just one more comment about the code in Projects/STM32469I_EVAL/Applications/mbedTLS/SSL_Client/Src/hardware_rng.c.

Following code line is not correct:

memset(&(Output[index * 4]), (int)randomValue, 4);

Since Output is unsigned char* type, the line printed above will fill in the &(Output[index * 4]) with LSB of randomValue.

Here is the correction :

memcpy(&(Output[index * 4]), &randomValue, 4);

Best regards,

Bogdan

jochen · ‎2017-07-18

Posted on July 18, 2017 at 15:27

Hi Haithem,

that sounds very interesting!

When do you release the new CubeFW with the alternative enryption functions for 'AES', 'DES', 'SHA1', 'SHA256', ... by using the HW Crypto Engine / acceleration of the STM32F4xx-Family?

Thank you in advance for your reply.

Best regards,

Jo

jochen · ‎2017-10-25

Posted on October 25, 2017 at 08:40

@all:

The latest release of STM32CubeMX (v4.23) support mbedTLS middleware now!

Haithem Rahmani · ‎2017-11-12

Posted on November 12, 2017 at 20:06

hi,

sorry, the v4.23 is intended to support only the mbedtls without hw crypto.

the hw crypto integration is currently under study

keep you updated!

Bogdan Rosandic · ‎2017-11-16

Posted on November 16, 2017 at 11:02

Why do you need so much time? It's been almost 6 months since the original post?

You already had this feature for PolarSSL which is

predecessor of mbedTLS...

Best regards,

Bogdan

samsangani · ‎2017-11-23

Posted on November 23, 2017 at 23:21

Hi ST support team,

We are looking for hard accelerated crypto engine library for mbedTLS for our current project. We are batting on this project just because of AES hardware. Could you please help us when it would be available?

Regards,

Sam Sangani

Bogdan Rosandic · ‎2017-11-30

Posted on November 30, 2017 at 14:15

Hi Sam,

I solved my problem with AES hw acceleration by adding following line :

hcryp_aes.Instance = CRYP; before calling HAL_CRYP_Init(&hcryp_aes);. I made this change in aes.c.

Hope this helps!

Best regards,

Bogdan