STM32HAL库-移植mbedtls开源库示例(一)
STM32HAL库-移植mbedtls开源库示例(一)
- Chapter1 STM32HAL库-移植mbedtls开源库示例(一)
- 概述
- 一、使用方法
- mbedtls有什么用处
- 二、STM32CubeMx配置
- 三、Examples
- 解决报错问题
- 四、运行结果
- 参考文章:
- Chapter2 STM32移植使用mbedtls-2.24.0(实用)
- (1)关于PolarSSL
Chapter1 STM32HAL库-移植mbedtls开源库示例(一)
原文链接:https://blog.csdn.net/qq_36075612/article/details/115962112
概述
本篇文章介绍如何使用STM32HAL库,移植mbedtls开源库支持mqtt证书加密示例。
GitHub:https://github.com/ARMmbed/mbedtls
gitee:https://gitee.com/armmbed/mbedtls/tags
硬件:STM32F103CBT6最小系统板
软件:Keil 5.29 + STM32CubeMX6.01
一、使用方法
什么是mbedtls:
Mbed TLS是一个C库,实现了密码原语、X.509证书操作以及SSL/TLS和DTLS协议。它的代码占用空间小,因此适合于嵌入式系统。
Mbed TLS包括PSA加密API的参考实现。这是目前仅用于评估目的的预览。
mbedtls遵循 Apache 2.0 开源许可协议。
详情请移步到官网阅读:https://github.com/ARMmbed/mbedtls
mbedtls有什么用处
mbedtls库提供了 TLS / DTLS协议的实现,有了mbedtls库之后意味着:
TCP + TLS = TCP(S)
MQTT + TLS = MQTT(S)
HTTP + TLS = HTTP(S)
COAP + DTLS = COAP(S)
目前的物联网操作系统+各种通信模组方式可以很好的实现TCP/UDP通信,进而提供一些HTTP、MQTT、COAP之类的上层协议,这些协议最大的特点是“明文传输”,一旦有中间人想要截获篡改数据,非常容易。
要想物联网设备和服务器之间具备高安全性,mbedtls库不可或缺。
二、STM32CubeMx配置
三、Examples
1、进入GitHub拉取源码
进入版本页
STM32移植v2.24.0,最新版本进行移植过,很多错误,捣鼓很长时间,最终选择了v2.24.0,验证过的问题少些。
2、打开STM32CubeMx生成的keil工程,新建mbedtls文件夹,按照如下步骤进行。
3、把mbedtls\library所有.c文件添加到Keil中来。
4、添加头文件路径
5、编译工程
解决报错问题
1)、添加宏定义mbedconfig配置文件:
MBEDTLS_CONFIG_FILE=<config-mini-tls1_1.h>,
2)、修改config-mini-tls1_1.h 文件
分别注释掉,无需要功能模块:
- 注释掉宏定义MBEDTLS_HAVE_TIME,因为我们目前没有用到时间相关的
- 注释掉宏定义MBEDTLS_NET_C,因为没有用到网络
- 添加一个宏定义MBEDTLS_NO_PLATFORM_ENTROPY,单片机无系统所以需要添加该宏。
/*** \file config-mini-tls1_1.h** \brief Minimal configuration for TLS 1.1 (RFC 4346)*/
/** Copyright The Mbed TLS Contributors* SPDX-License-Identifier: Apache-2.0** Licensed under the Apache License, Version 2.0 (the "License"); you may* not use this file except in compliance with the License.* You may obtain a copy of the License at** http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.*/
/** Minimal configuration for TLS 1.1 (RFC 4346), implementing only the* required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA** See README.txt for usage instructions.*/#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H/* System support */
#define MBEDTLS_HAVE_ASM
//#define MBEDTLS_HAVE_TIME/* mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_1/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_DES_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
//#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C/* For test certificates */
#define MBEDTLS_BASE64_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C/* For testing with compat.sh */
//#define MBEDTLS_FS_IO#define MBEDTLS_NO_PLATFORM_ENTROPY#include "mbedtls/check_config.h"#endif /* MBEDTLS_CONFIG_H */
6、再次编译
7、main.c文件
/* USER CODE BEGIN Header */
/********************************************************************************* @file : main.c* @brief : Main program body******************************************************************************* @attention** <h2><center>© Copyright (c) 2021 STMicroelectronics.* All rights reserved.</center></h2>** This software component is licensed by ST under BSD 3-Clause license,* the "License"; You may not use this file except in compliance with the* License. You may obtain a copy of the License at:* opensource.org/licenses/BSD-3-Clause********************************************************************************/
/* USER CODE END Header */
/* Includes ------------------------------------------------------------------*/
#include "main.h"
#include "usart.h"
#include "gpio.h"/* Private includes ----------------------------------------------------------*/
/* USER CODE BEGIN Includes */
#include "stdio.h"
#include "mbedtls/sha1.h" //使用sha1相关加密函数
#include "string.h" //使用到了strlen函数
/* USER CODE END Includes *//* Private typedef -----------------------------------------------------------*/
/* USER CODE BEGIN PTD *//* USER CODE END PTD *//* Private define ------------------------------------------------------------*/
/* USER CODE BEGIN PD */
/* USER CODE END PD *//* Private macro -------------------------------------------------------------*/
/* USER CODE BEGIN PM *//* USER CODE END PM *//* Private variables ---------------------------------------------------------*//* USER CODE BEGIN PV *//* USER CODE END PV *//* Private function prototypes -----------------------------------------------*/
void SystemClock_Config(void);
/* USER CODE BEGIN PFP *//* USER CODE END PFP *//* Private user code ---------------------------------------------------------*/
/* USER CODE BEGIN 0 */
void sha1_test(void)
{printf("mbedtls port on STM32F103 core board by champion666\r\n");/* sha1 test */char *source_cxt = "champion666";char encrypt_cxt[64];printf("source context is:%s\r\n", source_cxt);mbedtls_sha1_context sha1_ctx;mbedtls_sha1_init(&sha1_ctx);mbedtls_sha1_starts(&sha1_ctx);mbedtls_sha1_update(&sha1_ctx, (unsigned char *)source_cxt, strlen(source_cxt));mbedtls_sha1_finish(&sha1_ctx, (unsigned char *)encrypt_cxt);mbedtls_sha1_free(&sha1_ctx);int i = 0;printf("sha1 encrypt context is:[");while (encrypt_cxt[i]) {printf("%02x", encrypt_cxt[i]);i++;}printf("]\r\n");
}
/* USER CODE END 0 *//*** @brief The application entry point.* @retval int*/
int main(void)
{/* USER CODE BEGIN 1 *//* USER CODE END 1 *//* MCU Configuration--------------------------------------------------------*//* Reset of all peripherals, Initializes the Flash interface and the Systick. */HAL_Init();/* USER CODE BEGIN Init *//* USER CODE END Init *//* Configure the system clock */SystemClock_Config();/* USER CODE BEGIN SysInit *//* USER CODE END SysInit *//* Initialize all configured peripherals */MX_GPIO_Init();MX_USART1_UART_Init();/* USER CODE BEGIN 2 */sha1_test();/* USER CODE END 2 *//* Infinite loop *//* USER CODE BEGIN WHILE */while (1){/* USER CODE END WHILE *//* USER CODE BEGIN 3 */}/* USER CODE END 3 */
}/*** @brief System Clock Configuration* @retval None*/
void SystemClock_Config(void)
{RCC_OscInitTypeDef RCC_OscInitStruct = {0};RCC_ClkInitTypeDef RCC_ClkInitStruct = {0};/** Initializes the RCC Oscillators according to the specified parameters* in the RCC_OscInitTypeDef structure.*/RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSE;RCC_OscInitStruct.HSEState = RCC_HSE_ON;RCC_OscInitStruct.HSEPredivValue = RCC_HSE_PREDIV_DIV1;RCC_OscInitStruct.HSIState = RCC_HSI_ON;RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON;RCC_OscInitStruct.PLL.PLLSource = RCC_PLLSOURCE_HSE;RCC_OscInitStruct.PLL.PLLMUL = RCC_PLL_MUL9;if (HAL_RCC_OscConfig(&RCC_OscInitStruct) != HAL_OK){Error_Handler();}/** Initializes the CPU, AHB and APB buses clocks*/RCC_ClkInitStruct.ClockType = RCC_CLOCKTYPE_HCLK|RCC_CLOCKTYPE_SYSCLK|RCC_CLOCKTYPE_PCLK1|RCC_CLOCKTYPE_PCLK2;RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK;RCC_ClkInitStruct.AHBCLKDivider = RCC_SYSCLK_DIV1;RCC_ClkInitStruct.APB1CLKDivider = RCC_HCLK_DIV2;RCC_ClkInitStruct.APB2CLKDivider = RCC_HCLK_DIV1;if (HAL_RCC_ClockConfig(&RCC_ClkInitStruct, FLASH_LATENCY_2) != HAL_OK){Error_Handler();}
}/* USER CODE BEGIN 4 */
#ifdef __GNUC__/* With GCC/RAISONANCE, small printf (option LD Linker->Libraries->Small printfset to 'Yes') calls __io_putchar() */#define PUTCHAR_PROTOTYPE int __io_putchar(int ch)
#else#define PUTCHAR_PROTOTYPE int fputc(int ch, FILE *f)
#endif /* __GNUC__ */
/*** @brief Retargets the C library printf function to the USART.* @param None* @retval None*/
PUTCHAR_PROTOTYPE
{/* Place your implementation of fputc here *//* e.g. write a character to the EVAL_COM1 and Loop until the end of transmission */HAL_UART_Transmit(&huart1, (uint8_t *)&ch, 1, 0xFFFF);return ch;
}int fgetc(FILE * f)
{uint8_t ch = 0;HAL_UART_Receive(&huart1, (uint8_t *)&ch, 1, 0xffff);return ch;
}/* USER CODE END 4 *//*** @brief This function is executed in case of error occurrence.* @retval None*/
void Error_Handler(void)
{/* USER CODE BEGIN Error_Handler_Debug *//* User can add his own implementation to report the HAL error return state *//* USER CODE END Error_Handler_Debug */
}#ifdef USE_FULL_ASSERT
/*** @brief Reports the name of the source file and the source line number* where the assert_param error has occurred.* @param file: pointer to the source file name* @param line: assert_param error line source number* @retval None*/
void assert_failed(uint8_t *file, uint32_t line)
{/* USER CODE BEGIN 6 *//* User can add his own implementation to report the file name and line number,tex: printf("Wrong parameters value: file %s on line %d\r\n", file, line) *//* USER CODE END 6 */
}
#endif /* USE_FULL_ASSERT *//************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/
四、运行结果
在线验证Hash在线计算、md5计算、sha1计算、sha256计算、sha512计算。
网址1:https://1024tools.com/hash;
网址2:http://encode.chahuo.com/
传送门->代码 (内含有:mbedtls-2.24.0.zip 源码)
参考文章:
1、https://www.it610.com/article/1297797408901636096.htm
2、https://mculover666.blog.csdn.net/article/details/108680779
3、https://blog.csdn.net/qq153471503/article/details/109461794
Chapter2 STM32移植使用mbedtls-2.24.0(实用)
原文链接:https://blog.csdn.net/qq153471503/article/details/109461794
(1)关于PolarSSL
mbed TLS(以前称为PolarSSL)是TLS和SSL协议的实现,并且需要相应的加密算法和支持代码。这是双重许可与Apache许可证 2.0版(与GPLv2许可也可)。
核心SSL库用C编程语言编写,并实现SSL模块,基本加密功能并提供各种实用功能。与OpenSSL和TLS的其他实现不同,mbed TLS设计为适合小型嵌入式设备,最小完整的TLS堆栈需要60KB的程序空间和64KB的RAM。它也是高度模块化的:每个组件,如加密函数,可以独立于框架的其余部分使用。因为mbed TLS是用C编程语言编写的,没有外部依赖,现在叫MbedTSL,PolarSSL源码,也许是最小巧的ssl代码库。高效、便于移植和集成。尤其适合嵌入式应用。
本章就基于STM32移植mbedtls-2.24.0版本进行测试与使用!
mbedtls下载地址:https://github.com/ARMmbed/mbedtls
本章工程代码下载地址:https://github.com/wowyyy/HAL_STM32_MBEDTLS_DEMO.git
注意:因为本章节只是用了加解密的API,没有使用网络进行SSL认证操作,如果要使用mbedtls的SSL认证,最低的硬件环境最低需要60K的FLASH以及64K的SRAM(内存),如果你使用的比较低端的STM32,那么无解,没法用embedtls。。。