STM32CubeF4 PolarSSL example
Contents
1. eee eee eee 14 3 1 Cryptographic processor c cece eens 14 3 2 Random number generator liiis eee ee eee 14 3 3 Hash processor nanana naaa 14 4 Description of the package eeeseess 15 4 1 Package directories 4a anh bene eek ane CR cR RR ee exo 15 4 2 Application settings anan 15 4 2 1 PHY interface configuration cece ee 15 4 2 2 MAC and IP address settings 000 e eee ees 16 4 3 Evaluation boards settings liliis 16 4 3 1 STM324x9I EVAL settings lille 16 4 3 2 STM324xG EVAL settings lille 16 5 Using the applications nann 17 5 1 SSL client application 0 0 0 0 ee 17 5 2 SSL server application 2 2 0 0c cee 20 6 GONCIUSION rs ae vie Sido ola eee ea eta 25 2 30 DoclD025805 Rev 1 Ly UM1723 Contents 7 FAG n 26 Appendix A Additional information 0000 eee eee ee 27 REVISION history cesos AA 29 Ly DocID025805 Rev 1 3 30 List of tables UM1723 List of tables Table 1 STM324x9I EVAL jumper configurations 0 0 0 0 cee 16 Table 2 STM324xG EVAL jumper configurations eh 16 Table 3 Document revision history lille 29 4 30 DoclD025805 Rev 1 ky UM1723 List of figures List of figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Fig2. MS33024V1 SSL Handshake protocol The SSL session state is controlled by the SSL Handshake protocol This protocol involves using the SSL record protocol to exchange a series of messages between SSL server and SSL client when they first start communicating This exchange of messages is designed to facilitate the following actions e The protocol version e Allow the client and server to select the cryptographic algorithms or ciphers that they both support e Authenticate the server to the client e Optionally authenticate the client to the server e Use public key encryption techniques to generate shared secrets e Establish an encrypted SSL connection 2 DoclD025805 Rev 1 UM1723 2 SSL TLS protocol overview Figure 3 SSL Handshake protocol Server Client Lf ClientHello ServerHello Certificate ServerKeyExchange CertificateRequest ServerHelloDone Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished ChangeCipherSpec Finished Application data Application data Optional The following is the procedure for SSL Handshake protocol 1 The client sends a ClientHello message specifying the highest SSL protocol version it supports a random number a list of cipher suites and compression methods Server responds with a ServerHello message that contains the chosen protocol version another random number cipher suite a
3. RFC 5246 The TLS protocol version 1 2 DoclD025805 Rev 1 Ly UM1723 SSL TLS protocol overview Figure 4 Handshake protocol to resume an SSL session Server Client p ClientHello ServerHella ChangeCipherSpec Finished ChangeCipherspec Finished Application data Application data 1 3 2 SSL Record protocol The Record protocol takes messages to be transmitted fragments the data into manageable blocks optionally compresses the data applies a MAC encrypts and transmits the results The received data is decrypted verified decompressed and reassembled then delivered to higher level clients Figure 5 SSL Record protocol Application data 1 4 l F1 F2 Fn Fragment Compression Authentification MS33025V1 DoclD025805 Rev 1 11 30 2 SSL TLS protocol overview UM1723 1 3 3 1 3 4 12 30 SSL Alert protocol The SSL Alert protocol signals problems with the SSL session ranging from simple warnings unknown certificate revoked certificate expired certificate to fatal error messages that immediately terminate the SSL connection Change Cipher Spec protocol The SSL Change Cipher Spec protocol consists of a single message that indicates the end of the SSL Handshake protocol 2 DoclD025805 Rev 1 UM1723 2 2 1 2 2 2 PolarSSL library PolarSSL library Overview PolarSSL is a light weight open source cr
4. 2 SSL TLS application layers An application using SSL TLS protocol consists generally of five layers e Application layer the Application Layer refers to the higher level protocols used by most applications for network communication e SSL TLS layer the SSL TLS layer provides security communication over the Internet e TCP layer the Transport Layer s responsibilities include end to end message transfer capabilities independent of the underlying network along with error control segmentation flow control congestion control and application addressing e IP layer the Internet Protocol layer is responsible for addressing hosts and routing packets from a source host to the destination host e Physical layer the Physical Layer consists of the basic hardware transmission technologies of a network Figure 1 SSL application architecture Application layer SSL TLS layer TCP layer IP layer Physical layer MS33023V1 1 3 SSL TLS sub protocols The SSL TLS protocol includes four sub protocols the SSL Record protocol the SSL Handshake protocol the SSL Alert protocol and the SSL Change Cipher Spec protocol 2 DoclD025805 Rev 1 7 30 SSL TLS protocol overview UM1723 1 3 1 8 30 Figure 2 SSL sub protocols Application A y Handshake 9 v 5 Alert ccs B Y Y Record v v TCP IP
5. LwIP FreeRTOS and STM32F4Cube HAL and BSP drivers The firmware is composed from the following modules e Drivers contains the SMT32Cube drivers of the MCU CMSIS BSP drivers HAL drivers e Middleware contains libraries and protocol components LwIP TCP IP stack PolarSSL library FreeRTOS e Projects contains the source file and configurations of each application Application settings PHY interface configuration The Ethernet peripheral is interfaced with an external PHY to provide physical layer communication The PHY registers definition and defines are located under the HAL configuration file stm32f4xx hal conf h The PHY operates following two modes MII and RMII to select the required mode user has to fill the Medialnterface parameter of Init structure when initializing the Ethernet peripheral The RMII mode is not supported when using the STM32439I EVAL board In the RMII mode with STM3241G EVAL you have to provide the 50 MHz clock by soldering a 50 MHZ oscillator ref SM7745HEV 50 0M or equivalent on the U3 footprint located under CN3 and also by removing the jumper from JP5 This oscillator is not provided with the board DoclD025805 Rev 1 15 30 Description of the package UM1723 4 2 2 4 3 4 3 1 4 3 2 16 30 MAC and IP address settings The default MAC address is set to 00 00 00 00 00 02 To change this address modify the six bytes defined in the stm32f4xx hal
6. and server applications to communicate in a way that is private and secure The purpose of this user manual is to present a demonstration package built on top of STM32Cube HAL drivers and the PolarSSL library a free SSL TLS library This document is structured as follows e Ageneral introduction to SSL TLS is presented in Chapter 2 e Chapter 3 introduces the PolarSSL library e Chapter 4 describes the STM32F417 F439 hardware cryptographic processors e Lastly Chapter 5 describes the demonstration package for STM32F417 F439 microcontrollers In this document STM32F4xx refers to STM32F417 and STM32F439 microcontrollers also the STM324xx EVAL refers to the STM3241G EVAL and the STM32439I EVAL boards Q DoclD025805 Rev 1 1 30 www st com Contents UM1723 Contents 1 SSL TLS protocol overview llllsssss 6 1 1 History of the SSL TLS protocols oo ooo ooooooo 6 1 2 SSL TLS application layers 0 0 00 es 7 1 3 SSL TLS sub protocols AA 7 1 3 1 SSL Handshake protocol oooccococccooooo eee es 8 1 3 2 SSL Record protocol 0 0000 eee tees 11 1 3 3 SSL Alert protocol 0 00 ccc eee 12 1 3 4 Change Cipher Spec protocol 20 000 e eee eee o 12 2 PolarSSL library a iw v ee oe bebe ae De KO LI NAMI DELO bebe Se 13 2 1 OVEIVIEW xe us Catena gun NABAL NG a OR NC do a art a or dee PA NS 13 2 2 License cra 13 3 STM32F4 hardware cryptography
7. are needed to implement SSL TLS applications To off load the CPU from encryption decryption hash and RNG random number generator tasks all these functions and algorithms are implemented using the hardware acceleration AES 128 192 256 Triple DES MD5 SHA 1 SHA 2 and analog RNG through the STM32Cube HAL APIs Cryptographic processor The cryptographic processor can be used to both encipher and decipher data using the Triple DES or AES algorithm It is a fully compliant implementation of the following standards e The data encryption standard DES and Triple DES TDES as defined by the Federal Information Processing Standards Publication FIPS PUB 46 3 1999 October 25 It follows the American National Standards Institute ANSI X9 52 standard e The advanced encryption standard AES as defined by Federal Information Processing Standards Publication FIPS PUB 197 2001 November 26 The CRYP processor may be used for both encryption and decryption in the Electronic codebook ECB mode the Cipher block chaining CBC mode or the Counter CTR mode in AES only Random number generator The RNG processor is a random number generator based on a continuous analog noise that provides a random 32 bit value to the host when read Hash processor The hash processor is a fully compliant implementation of the SHA secure hash algorithm the message digest algorithm 5 hash algorithm and the HMAC keyed hash message authenticati
8. data integrity between two communicating applications e Protect information transmitted between server and client e Authenticate the server to the client e Allow the client and server to select the cryptographic algorithms that they both support e Optionally authenticate the client to the server e Use public key encryption techniques to generate shared secrets e Establish an encrypted SSL connection History of the SSL TLS protocols SSL was developed by Netscape in 1994 to secure transactions over the Internet Soon after the Internet Engineering Task Force IETF began work to develop a standard protocol to provide the same functionality e SSL 1 0 Netscape 1993 Internal Netscape design e SSL 2 0 Netscape 1994 This version contained a number of security flaws e SSL 3 0 Netscape 1996 All Internet browsers support this version of the protocol e TLS 1 0 IETF 1999 This version was defined in RFC 2246 as an upgrade to SSL 3 0 The differences between this protocol and SSL 3 0 are not dramatic but they are significant enough that TLS 1 0 and SSL 3 0 do not inter operate e TLS 1 1 IETF 2006 This version was defined in RFC 4346 It is an update from TLS version 1 0 e TLS 1 2 IETF 2008 This version was defined in RFC 5246 It is based on the earlier TLS 1 1 The SSL TLS protocols are referred by SSL throughout this document 2 DoclD025805 Rev 1 UM1723 SSL TLS protocol overview 1
9. or to your local network through a straight Ethernet cable e RS222 link used with HyperTerminal like application to display debug messages To run the SSL server demonstration e Build and program the SSL server code in the STM32F4xx Flash e Start the STM324xx EVAL board e Opena web browser such as Internet Explorer or Firefox and type https followed by the board s IP address in the browser by default type https 192 168 0 10 If a firewall is present user must be sure that the HTTPS port accepts the connection requests If it does not the firewall will reject the connection DoclD025805 Rev 1 21 30 Using the applications UM1723 Figure 11 The SSL server application poe n m Ethernet RS232 cable 1 for debug I SSL Server Sti um Hes KOO oral AE dala Pertaraiona the SAILS hard SSL Client L Browser HyperTerminal On successful connection a page is displayed showing the running tasks and their status This page contains also the number of page hits and the list of cipher suites used in the connection 2 22 30 DoclD025805 Rev 1 UM1723 Using the applications Figure 12 HTML page displayed on successful connection Mozilla Firefox File Edit View History Bookmarks Tools Help ti https 192 168 0 10 index html Q https 192 168 0 10 index html vw e O oso P Most Visited Getting Started i Customize Links jj Windows Marketplace STM32 Cube SSL server Demo using
10. 30 Additional information Figure 15 SSL server thread flowchart UM1723 tart P i Load the certificate v Bind on https port Wait until a client connects Clien lO o connects es NG Initialize the RNG and the session data y ret ssl_ handshake Handshake protocol uo no ret ssl read Read the HTTP Request mA yes ret ssl write Write the response Y net close Close the connection Y ssl free Cleanup all memory A A C End DoclD025805 Rev 1 2 UM1723 Revision history Revision history Table 3 Document revision history me mmm o Ga 27 Mar 2014 1 Initial release 2 DoclD025805 Rev 1 29 30 UM1723 Please Read Carefully Information in this document is provided solely in connection with ST products STMicroelectronics NV and its subsidiaries ST reserve the right to make changes corrections modifications or improvements to this document and the products and services described herein at any time without notice All ST products are sold pursuant to ST s terms and conditions of sale Purchasers are solely responsible for the choice selection and use of the ST products and services described herein and ST assumes no liability whatsoever relating to the choice selection
11. GNATED BY ST AS BEING INTENDED FOR AUTOMOTIVE AUTOMOTIVE SAFETY OR MEDICAL INDUSTRY DOMAINS ACCORDING TO ST PRODUCT DESIGN SPECIFICATIONS PRODUCTS FORMALLY ESCC QML OR JAN QUALIFIED ARE DEEMED SUITABLE FOR USE IN AEROSPACE BY THE CORRESPONDING GOVERNMENTAL AGENCY Resale of ST products with provisions different from the statements and or technical features set forth in this document shall immediately void any warranty granted by ST for the ST product or service described herein and shall not create or extend in any manner whatsoever any liability of ST ST and the ST logo are trademarks or registered trademarks of ST in various countries Information in this document supersedes and replaces all information previously supplied The ST logo is a registered trademark of STMicroelectronics All other names are the property of their respective owners O 2014 STMicroelectronics All rights reserved STMicroelectronics group of companies Australia Belgium Brazil Canada China Czech Republic Finland France Germany Hong Kong India Israel Italy Japan Malaysia Malta Morocco Philippines Singapore Spain Sweden Switzerland United Kingdom United States of America www st com 30 30 DoclD025805 Rev 1 Ly
12. Note March 2014 Ces UM1723 WI life qugmented User Manual STM32CubeF4 PolarSSL example Introduction The STM32Cube initiative was originated by STMicroelectronics to ease developers life by reducing development efforts time and cost STM32Cube covers the STM32 portfolio STM32Cube Version 1 x includes e The STM32CubeMX a graphical software configuration tool that allows to generate C initialization code using graphical wizards e A comprehensive embedded software platform delivered per series such as STM32CubeF4 for STM32F4 series The STM32Cube HAL an STM32 abstraction layer embedded software ensuring maximized portability across the STM32 portfolio Aconsistent set of middleware components such as RTOS USB TCP IP and graphics A All embedded software utilities coming with a full set of examples STM32F4xx microcontrollers feature a complete 10 100 Mbit s Ethernet peripheral that supports both the Media Independent Interface MII and Reduced Media Independent Interface RMII to interface with the Physical Layer PHY with hardware checksums of the IP UDP TCP and ICMP protocols One of the advanced features of the STM32F4xx is the hardware cryptographic processor for AES 128 192 256 Triple DES DES SHA 1 SHA 2 MD5 and RNG Secure Sockets Layer SSL and Transport Layer Security TLS cryptographic protocols provide security for communications over networks such as the Internet and allow client
13. STM32F417xx HW Crypto Page Hits 70 The list of tasks and their status State Priority Stack Server LinkThr IDLE TCP IP LED4 Blocked R Ready D Deleted 3S Suspended HTTP 1 0 200 OK Content Type text html PolarSSL Test Server Successful connection using TLS DHE RSA WITH AES 256 CBC SH 2 DoclD025805 Rev 1 23 30 Using the applications Note 24 30 UM1723 You can monitor the connection status of the SSL server application running on STM32F4xx device using the HyperTerminal window This window Figure 13 shows The status of connection SSL structures and Handshake protocol The size of the client s request message The size of the server s response html page Figure 13 HyperTerminal SSL server connection status ssl server Hyper Terminal File Edit View Call Transfer Help D u Waiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 947 bytes to client Maiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 947 bytes to client Maiting for a remote connection Connected 0 02 05 Auto detect 9600 8 N 1 The first time you connect to the server you receive a warning message from the browser about the certificate presented This warning occurs when the certificate h
14. as been issued by a certification authority CA that is not recognized by the browser or when the certificate was issued to a different web address 2 DoclD025805 Rev 1 UM1723 Conclusion 6 Conclusion This user manual describes two STM32F4xx applications that implement the PolarSSL library with the STM32Cube drivers The first one demonstrates the ability of the STM32F4xx devices to exchange messages with a server through an SSL connection This application allows the STM32 to connect to a secure web server The second one is a combination of HTTP with SSL protocol to provide encryption and secure identification of the server This application allows the user to connect to an STM32 using the SSL protocol from a web browser 2 DoclD025805 Rev 1 25 30 FAQ 26 30 UM1723 FAQ How to choose between static or dynamic DHCP IP address allocation When the macro define USE DHCP located in main h is commented a static IP address is assigned to the STM32 microcontroller by default 192 168 0 10 this value can be modified from main h file If the macro define USE DHCP is uncommented the DHCP protocol is enabled and the STM32 will act as a DHCP client How the application behaves when the Ethernet cable is disconnected When the cable is disconnected the Ethernet peripheral stops both transmission and reception traffics also the network interface will be set down If an LCD controller is used a message is d
15. conf h file The default IP address is set to 192 168 0 10 To change this address modify the six bytes defined in the main h file Evaluation boards settings STM324x9I EVAL settings To run the software on the STM324x9I EVAL board configure it as shown in Table 1 Table 1 STM324x9I EVAL jumper configurations Jumper MII mode configuration 1 2 provide 25 MHz clock by external crystal 2 3 provide 25 MHz clock by MCO at PA8 STM324xG EVAL settings To run the software on the STM324xG EVAL board configure it as shown in Table 2 Table 2 STM324xG EVAL jumper configurations Jumper MII mode configuration RMII mode configuration 1 2 provide 25 MHz clock by external crystal JP5 Not fitted 2 3 provide 25 MHz clock by MCO atPA8 e JP6 2 3 MII interface mode is enabled 1 2 RMII interface mode is enabled JP8 Open MII interface mode is selected Closed RMII interface mode is selected 2 DoclD025805 Rev 1 UM1723 5 5 1 2 Using the applications Using the applications SSL client application This demonstration consists of using the STM3241G EVAL or the STM32439l EVAL board as a client that connects to a secure server to provide the SSL Handshake protocol Architecture of the application The SSL client demonstration as shown in Figure 6 contains five threads LED task Blink LED4 every 200 ms Ethernet input thread The low level layer was set to detect the reception of frames by
16. igned with the client s private key By verifying the signature of this message the server can explicitly verify the ownership of the client digital certificate 10 The client sends a ChangeCipherSpec message announcing that the new parameters cipher method keys have been loaded 11 The client sends a finished message it is the first message encrypted with the new cipher method and keys 12 The server responds with a ChangeCipherSpec and a finished message from its end 13 The SSL Handshake protocol ends and the encrypted exchange of application data can be started Resuming SSL session When the client and the server decide to resume a previous session or to duplicate an existing session instead of negotiating new security parameters the message flow is as follows 1 Theclient sends a ClientHello message using the Session ID of the session to be resumed 2 The server checks its session cache for a match If a match is found and the server is willing to re establish the connection under the specified session state it sends a ServerHello message with the same Session ID value 3 Both client and server must send ChangeCipherSpec messages and proceed directly to the finished messages 4 Once the re establishment is complete the client and server may begin to exchange encrypted application data If a Session ID match is not found the server generates a new session ID and the client and server perform a full Handshake protocol 1
17. interrupts So when the Ethernet controller receives a valid frame it generates an interrupt In the handling function of this interrupt a binary semaphore is created to wake up the Ethernet task This task transfers the input frames to the TCP IP stack Ethernet link thread handles Ethernet cable connection and disconnection process TCP IP thread All packet processing input and output is done inside this thread The application threads communicate with this thread using message boxes and semaphores SSL client thread This task handles the SSL Handshake protocol It connects to an SSL server and performs the following Initializes SSL structures SSL context SSL session SSL RNG Connects to a SSL server Sets up the SSL session Handles the SSL Handshake protocol Writes a message to the server Reads a message from the server Sends these messages through USART Closes the connection Cleans all SSL structures DoclD025805 Rev 1 17 30 Using the applications UM1723 Note 18 30 Figure 6 SSL client demonstration architecture SSL client thread PolarSSL SSL TLS LwIP SO1L43314 TCP IP Thread Ethernet Thread STM32Cube Library MS33027V1 How to use the application First connect the STM324xx EVAL board as follows Ethernet link Connect to a remote PC through a crossover Ethernet cable or
18. isplayed to inform user that the cable is not connected else the Red LED of the evaluation board will turn on When the user re connects the cable the Ethernet traffic will resume and network interface will be set up If an LCD controller is used a message is displayed to inform user the new IP address either with static or dynamic allocation else the Yellow LED of the evaluation board will turn on How to port the application on a different hardware When another hardware platform is used you have to check the GPIO configuration into the HAL ETH Msplnit function for the Ethernet peripheral also HAL PPP Msplnit or HAL Msplnit if the application needs more PPP peripheral 2 DoclD025805 Rev 1 UM1723 Appendix A Additional information Additional information Figure 14 SSL client thread flowchart C Start memset Allocate all Memory buf y havege init Initialize the RNG and the session data y ret net connect Start the connection ret 0 yes h 4 ret ssl init Initialize an SSL context no yes ret ssl write Send application data Y yes v ret ssl read Read the HTTP response lt v net close Close the connection y ssl free Cleanup all memory e n MS18969V1 2 DoclD025805 Rev 1 27 30 28
19. lly write 947 bytes to client Waiting for a remote connection Connected 0 02 05 Auto detect 9600 8 N 1 SSL server application This demonstration consists of setting up the STM32 as an SSL server that waits for a SSL client request to make the connection Architecture of the application The SSL server demonstration contains six threads The LED Ethernet input Ethernet link and TCP IP thread are the same as the SSL client application threads SSL server thread This thread creates an SSL connection and waits for the client s request to make the secure connection When the connection is established the client sends Get request to load the html page This page contains information about the tasks running in this demonstration The SSL server task also sends the status of the connection through USART DHCP Client thread This thread is used to configure the IP address by DHCP To enable the DHCP client uncomment the define USE DHCP in main h file DoclD025805 Rev 1 Ly UM1723 Using the applications Figure 10 SSL server application architecture SSL client thread PolarSSL SSL TLS LwIP SOLu99J4 TCP IP Thread Ethernet Thread STM32Cube Library MS33027V1 Note 2 How to use the application First connect the STM324xx EVAL board as follows e Ethernet link Connect to a remote PC through a crossover Ethernet cable
20. nd compression method from the choices offered by the client and the session ID DoclD025805 Rev 1 9 30 SSL TLS protocol overview UM1723 Note Note Note 10 30 The client and the server must support at least one common cipher suite or else the Handshake protocol fails The server generally chooses the strongest common cipher suite they both support 3 The server sends its digital certificate in an optional certificate message for example the server uses X 509 digital certificates 4 If no certificate is sent an optional ServerKeyExchange message is sent containing the server public information 5 If the server requires a digital certificate for client authentication an optional CertificateRequest message is appended 6 The server sends a ServerHelloDone message indicating the end of this phase of negotiation 7 If the server has sent a CertificateRequest message the client must send its X 509 client certificate in a Certificate message 8 The client sends a ClientKeyExchange message This message contains the premaster secret number used in the generation of the symmetric encryption keys and the message authentication code MAC keys The client encrypts pre master secret number with the public key of the server The public key is sent by the server in the digital certificate or in ServerKeyExchange message 9 If the client sent a digital certificate to the server the client sends a CertificateVerify message s
21. on code algorithm suitable for a variety of applications It computes a message digest 160 bits for the SHA 1 algorithm 256 bits for the SHA 256 algorithm and 224 bits for the SHA 224 algorithm 128 bits for the MD5 algorithm for messages of up to 2 64 1 bits while HMAC algorithms provide a way of authenticating messages by means of hash functions HMAC algorithms consist in calling the SHA 1 SHA 224 SHA 256 or MD5 hash function twice For more detailed information please refer to the CRYP HASH and RNG sections of RM0090 STM32F405xx 07xx STM32F415xx 17xx STM32F42xxx and STM32F43xxx advanced ARM based 32 bit MCUs 2 DoclD025805 Rev 1 UM1723 4 4 1 4 2 4 2 1 Note 2 Description of the package Description of the package This package contains two applications running on top of the PolarSSL library and LwIP stack in RTOS mode e SSL Client This application proves the ability of the STM32F4xx device to exchange messages with a server over TCP IP connectivity through a SSL connection This application allows you to connect the STM324xx EVAL board to a secure web server with SSL protocol e SSL server This application is a combination of HTTP with SSL protocol to provide encryption and secure identification of the server This application allows you to connect from a web browser to a STM324xx EVAL board using SSL protocol Package directories The package contains a two applications running on top of PolarSSL
22. or use of the ST products and services described herein No license express or implied by estoppel or otherwise to any intellectual property rights is granted under this document If any part of this document refers to any third party products or services it shall not be deemed a license grant by ST for the use of such third party products or services or any intellectual property contained therein or considered as a warranty covering the use in any manner whatsoever of such third party products or services or any intellectual property contained therein UNLESS OTHERWISE SET FORTH IN ST S TERMS AND CONDITIONS OF SALE ST DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY WITH RESPECT TO THE USE AND OR SALE OF ST PRODUCTS INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND THEIR EQUIVALENTS UNDER THE LAWS OF ANY JURISDICTION OR INFRINGEMENT OF ANY PATENT COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT ST PRODUCTS ARE NOT DESIGNED OR AUTHORIZED FOR USE IN A SAFETY CRITICAL APPLICATIONS SUCH AS LIFE SUPPORTING ACTIVE IMPLANTED DEVICES OR SYSTEMS WITH PRODUCT FUNCTIONAL SAFETY REQUIREMENTS B AERONAUTIC APPLICATIONS C AUTOMOTIVE APPLICATIONS OR ENVIRONMENTS AND OR D AEROSPACE APPLICATIONS OR ENVIRONMENTS WHERE ST PRODUCTS ARE NOT DESIGNED FOR SUCH USE THE PURCHASER SHALL USE PRODUCTS AT PURCHASER S SOLE RISK EVEN IF ST HAS BEEN INFORMED IN WRITING OF SUCH USAGE UNLESS A PRODUCT IS EXPRESSLY DESI
23. to your local network through a straight Ethernet cable RS232 link used with HyperTerminal like application to display debug messages Connect a null modem female female RS232 cable between the USART connector of the STM324xx EVAL board and the PC serial port To run the SSL client example please proceed as follows Build and program the SSL client code in the STM32F4xx Flash Run the SSL server application on the remote PC and run ss server exe under Utilities1PC Softwarelssl server This application then waits for a client connection on https port 443 Start the STM324xx EVAL board Monitor the connection status in the SSL server application window and HyperTerminal window Please ensure that the remote PC IP address is the same address as defined in ssl client c file define SSL SERVER NAME 192 168 0 1 If a firewall is used user must be sure that the ss server application accepts connection requests If it does not the firewall will reject the client requests 2 DoclD025805 Rev 1 UM1723 Using the applications Figure 7 SSL client application i Ethernet Ethernet RS232 cable for debug SSL Client SSL Server HyperTerminal ss server exe The ss server exe application window is shown in Figure 8 The SSL server application displays the connection request status all exchange messages between the server and the client are displayed Figure 8 The ssl server application windo
24. ure 12 Figure 13 Figure 14 Figure 15 2 SSL application architecture 0 202 7 SSL s b protocols sa coa ik RR a ER a AA Reim d ara 8 SSL Handshake protocol 0000 00 lle 9 Handshake protocol to resume an SSL session ees 11 SSL Record protocol ooo 11 SSL client demonstration architecture 0 0000 cece eee 18 SSL client application llli 19 The ssl server application window llle 19 HyperTerminal window llle E eE E eTA WA 20 SSL server application architecture tees 21 The SSL server application 4 22 HTML page displayed on successful connection liliis 23 HyperTerminal SSL server connection status lille 24 SSL client thread flowchart 0020 esee 27 SSL server thread flowchart sees 28 DoclD025805 Rev 1 5 30 SSL TLS protocol overview UM1723 1 1 Note 6 30 SSL TLS protocol overview The Secure Socket Layer SSL and Transport Layer Security TLS protocols provide communications security over the Internet and allow client server applications to communicate in a way that is private and reliable These protocols are layered above a transport protocol such as TCP IP SSL is the standard security technology for creating an encrypted link between server and client This link ensures that all communication data remains private and secure The major objectives of SSL TLS are e Provide
25. w cr C lssl server exe Loading the server cert and key Bind on https localhost 4433 Seeding the random number generator Setting up the SSL data ok Waiting for a remote connection Performing the SSL TLS handshake lt Read from client 18 bytes read GET HTTP 1 8 Mrite to client 148 bytes written HTTP 1 8 266 OK Content Type text html lt h2 gt PolarSSL Test Server lt h2 gt Kp gt Successful connection using TLS DHE RSA WITH AES 256 CBC SHA256 lt p gt Waiting for a remote connection 2 DoclD025805 Rev 1 19 30 Using the applications UM1723 5 2 20 30 HyperTerminal HyperTerminal window Figure 9 displays the status of the SSL client application running on the STM32F4xx device write messages and read messages e Status of SSL structures SSL context SSL session SSL RNG e Client request to the server GET e The received message contains the result of Handshake protocol for example Successful connection using SSL EDH RSA AES 256 SHA Figure 9 HyperTerminal window e ssl server HyperTerminal File Edit View Call Transfer Help Dg 5 DB Waiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfully write 947 bytes to client Waiting for a remote connection ok Performing the SSL TLS handshake ok Read from client 331 bytes read Write to client Successfu
26. yptographic and SSL TLS library written in C This library contains all needed functions to implement an SSL TLS server or client lt contains also a set of hashing functions and cryptographic algorithms Library features e SSL 3 0 TLS 1 0 TLS 1 1 and TLS 1 2 client server support Symmetric encryption algorithms AES Blowfish Triple DES 3DES DES ARCA Camellia XTEA e Modes of operation ECB CBC CFB CTR GCM e Hash algorithms MD2 MD4 MD5 SHA 1 SHA 224 SHA 256 SHA 384 SHA 512 e Software random number generator HAVEGE CTR DRBG e X509 certificates CRLs Keys and ASN 1 e Public key cryptography RSA and Diffie Hellman DHM key exchange The source code of the PolarSSL library can be downloaded from this link http polarssl org License PolarSSL is licensed according to the dual licensing model PolarSSL is available under the open source GPL version two license as well as under a commercial license for closed source projects For detailed information about licensing please refer to this link https polarssl org DoclD025805 Rev 1 13 30 STM32F4 hardware cryptography UM1723 3 3 1 3 2 3 3 Note 14 30 STM32F4 hardware cryptography As described in Chapter 2 PolarSSL library the PolarSSL library contains a set of symmetric encryption algorithms AES 128 192 256 Triple DES hashing functions MD5 SHA 1 SHA 2 and a software random number generator All these functions and algorithms
Download Pdf Manuals
Related Search