Introduction to cryptographic library with STM32

This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.


1. What is the Cryptographic Library?

There are two versions of the Cryptographic Library.

The Cryptographic Library V4.x.x supports most of required algorithms for encryption, hashing, message authentication and digital signing, enabling developers to meet application requirements for any combination of data, integrity, confidentiality, identification/authentication, and non-repudiation.

The Cryptographic Library V5.x.x represents a major step forward from V4.x.x, combining enchanced performance, a reduced memory footprint, and fixes for previously identified issues. It also expands the cryptographic portfolio with new algorithms, including selected Post-Quantum primitives, helping to address both current and future security requirements. Designed with continuity in mind, V5.x.x preserves full compatibility with the V4.x.x API. This ensures a smooth, transparent migration path, allowing developers to benefit from the latest improvements without redesigning existing software.

Differences between V4.x.x and V5.x.x:

  • Improved AES performance and reduced footprint through the use of optimized assembly code leveraging DSP instructions when available (*).
  • AES-CCM* mode added
  • KDF algorithms added (see details below)
  • Post-Quantum Cryptographic algorithms added (see details below)
  • RSA and ECDSA compliant with FIPS 186.-5 (versus 186.4 for V4.x.x)

(*) Due to the use of DSP-instruction-optimized assembly code, on recent IDE you may need to enable “DSP instruction” support.

The Cryptographic Library is designed and compiled to run on Arm® Cortex®-M based ST MCUs.

Information
Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

2. Getting started with STM32 and the Cryptographic Library

Cortex®-M Optimized Crypto Stack (CMOX) is an optimized Cryptographic Library to be used with STM32 Cortex®-M based MCUs. For detail description of the supported features and interface please refers to the CHM available in the Middleware documentation in the software package.

Supported cryptographic algorithms:

  • Cipher encryption and decryption:
    • AES: CBC, CCM, CCM* Template:New, CFB, CTR, ECB, GCM, OFB, XTS, KeyWrap
    • SM4: CBC, CFB, CTR, ECB, OFB
    • Chacha-Poly1305
  • Digest generation:
    • SHA-1
    • SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
    • SHA-3: SHA3-224, SHA3-256, SHA3-384, SHA3-512
    • SM3
    • SHAKE
  • Message authentication code (MAC) generation:
    • HMAC:
      • SHA-1
      • SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
      • SM3
    • AES: CMAC
    • KMAC: SHAKE
  • Elliptic curves based on key generation, signature, verification, key exchange, encryption and decryption:
    • Elliptic curve digital signature algorithm (ECDSA): NIST-R (P-224, P-256, P-384, P-521), NIST-K P-256, BRAINPOOL R/T (P-160, P-192, P-224, P-256, P-320, P-384, P-512), ANSSI P-256. In V5, support for deterministic ECDSA signatureTemplate:New.
    • Edwards-curve digital signature algorithm (EdDSA): Ed448, Ed25519. In v5, support for Pre-Hashed Ed448PH and Ed25519PH.
    • SM2 digital signature algorithm: OSCCA 256-bits curve.
    • SM2 Key Exchange Template:New:compliant to OSCCA standard.
    • SM2 Encryption/Decryption Template:New: support for single and multi-call.
  • Elliptic curves Diffie-Hellman:
    • Curve448, curve25519
    • NIST-R (P-224, P-256, P-384, P-521), NIST-K P-256, BRAINPOOL R/T (P-160, P-192, P-224, P-256, P-320, P-384, P-512), ANSSI P-256
  • RSA signature, verification, encryption & decryption:
    • PKCS#1 v1.5 and v2.2
    • Chinese remainder theorem (CRT) key representation
    • Hash method:
      • SHA-1
      • SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
  • Deterministic random bit generator (DRBG):
    • CTR-DRBG
  • Key Derivation Functions (KDF) Template:New:
    • HKDF
    • X9.63 KDF
    • Hash Method:
      • SHA-1
      • SHA-2: SHA-224, SHA-256, SHA-512
      • SM3
  • Post Quantum Cryptographic SchemesTemplate:New :
    • ML-DSA key generation, signature generation and verification:
      • Parameter Sets: ML-DSA-44, ML-DSA-65, ML-DSA-87
      • Hash method:
        • SHA2 : SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256
        • SHA3 : SHA3-224, SHA3-256, SHA3-384, SHA3-512
        • SHAKE: SHAKE-128, SHAKE-256
    • ML-KEM Key Generation, Encapsulation, Decapsulation
      • Parameter Sets: ML-KEM-512, ML-KEM-768, ML-KEM-1024
    • Hash-Based Signature Schemes (HBS) for signature verification
      • Leighton-Micali Signature (LMS)
        • LMS with SHA-256 :
          • LM-OTS Parameter Sets: LMOTS_SHA256_N32_W1,LMOTS_SHA256_N32_W2, LMOTS_SHA256_N32_W4,LMOTS_SHA256_N32_W8
          • LMS Parameter Sets: LMS_SHA256_M32_H5, LMS_SHA256_M32_H10, LMS_SHA256_M32_H15, LMS_SHA256_M32_H20, LMS_SHA256_M32_H25
        • LMS with SHAKE256/256:
          • LM-OTS Parameter Sets: LMOTS_SHAKE_N32_W1, LMOTS_SHAKE_N32_W2, LMOTS_SHAKE_N32_W4, LMOTS_SHAKE_N32_W8
          • LMS Parameter Sets: LMS_SHAKE_M32_H5, LMS_SHAKE_M32_H10, LMS_SHAKE_M32_H15, LMS_SHAKE_M32_H20, LMS_SHAKE_M32_H25
        • LMS with SHA-256/192:
          • LM-OTS Parameter Sets: LMOTS_SHA256_N24_W1, LMOTS_SHA256_N24_W2, LMOTS_SHA256_N24_W4, LMOTS_SHA256_N24_W8
          • LMS Parameter Sets: LMS_SHA256_M24_H5, LMS_SHA256_M24_H10, LMS_SHA256_M24_H15, LMS_SHA256_M24_H20, LMS_SHA256_M24_H25
        • LMS with SHAKE256/192:
          • LM-OTS Parameter Sets: LMOTS_SHAKE_N24_W1, LMOTS_SHAKE_N24_W2, LMOTS_SHAKE_N24_W4, LMOTS_SHAKE_N24_W8
          • LMS Parameter Sets: LMS_SHAKE_M24_H5, LMS_SHAKE_M24_H10, LMS_SHAKE_M24_H15, LMS_SHAKE_M24_H20, LMS_SHAKE_M24_H25
      • eXtended Merkle Signature Scheme (XMSS)
        • XMSS with SHA-256
          • XMSS Parameter Sets: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256
        • XMSS with SHA-256/192
          • XMSS Parameter Sets: XMSS-SHA2_10_192, XMSS-SHA2_16_192, XMSS-SHA2_20_192
        • XMSS with SHAKE256/192
          • XMSS Parameter Sets: XMSS-SHAKE256_10_192, XMSS-SHAKE256_16_192, XMSS-SHAKE256_20_192


3. Cryptographic Library compliancy with STM32 MCUs

The delivered libraries (one per each Cortex®-M core) are structured to be compliant with all the cores used by STM32 MCUs. They can thus be used on any STM32 MCU that embeds the corresponding Cortex®-M core.

4. STMicroelectronics resources

The Cryptographic library package can be downloaded from: STM32 cryptographic firmware library software expansion for STM32Cube[1]

Information
Licensing: The Cryptographic library V4.x.x and V5.x.x delivered binaries are licensed under ST proprietary terms (see details with the downloadable package).

5. References

  1. STM32 cryptographic firmware library software expansion for STM32Cube


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Introduction_to_the_cryptographic_library_with_STM32&oldid=88230"