Design Win

STM32 cryptographic firmware library software expansion for STM32Cube

ソフトウェア入手 データブリーフのダウンロード



The STM32 cryptographic library package (X-CUBE-CRYPTOLIB) includes all the major security algorithms for encryption, hashing, message authentication, and digital signing, enabling developers to satisfy application requirements for any combination of data integrity, confidentiality, identification/authentication, and non-repudiation.

The library includes firmware functions for STM32F0 Series, STM32F1 Series, STM32F2 Series, STM32F3 Series, STM32F4 Series, STM32F7 Series, STM32G0 Series, STM32G4 Series, STM32H7 Series, STM32L0 Series, STM32L1 Series, STM32L4 Series, STM32L4+ Series, STM32L5 Series, STM32WB Series and STM32WL Series. For more details refer to the STM32 crypto library user manual (UM1924) on the www.st.com website.

This firmware is classified ECCN 5D002.

Most of the well-used algorithms are certified according to the US cryptographic algorithm validation program (CAVP), helping customers to prove quickly and cost-effectively the security of their new products.

The certified algorithms are: AES (3971), RSA (2036), ECDSA (874), SHS (3275), DRBG (1165) and HMAC (2589). Full details are available online at the NIST CSRC algorithm validation lists website, selecting the CAVP web page.

In this package there are examples for each algorithm for popular development tools including IAR Systems EWARM (IAR Embedded Workbench®), Keil® MDK-ARM, and GCC -based IDEs such as Ac6 SW4STM32 and STMicroelectronics STM32CubeIDE.

To benefit from STM32 cryptographic accelerators, refer to STM32Cube MCU and MPU package hardware abstraction layer (HAL) functions and examples.

  • 特徴

    • AES-128, AES-192, AES-256 bits:
      • ECB (electronic codebook mode)
      • CBC (cipher-block chaining) with support for cipher text stealing
      • CTR (counter mode)
      • CFB (cipher feedback)
      • OFB (output feedback)
      • CCM (counter with CBC-MAC)
      • GCM (Galois counter mode)
      • CMAC
      • KEY WRAP
      • XTS (XEX-based tweaked-codebook mode with cipher text stealing
    • HASH functions with HMAC support:
      • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
      • SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
      • SHA-3: SHA3-224, SHA3-256, SHA3-384, SHA3-512
      • SM3
      • SHAKE
    • Random engine based on DRBG-AES-128
      • HMAC:SHA-1SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256SM3
      • AES: CMAC
      • KMAC: SHAKE
    • RSA with PKCS#1v1.5:ECC (elliptic curve cryptography):
      • Encryption/decryption
      • 署名
      • Key generation
      • Scalar multiplication (the base for ECDH)
      • ECDSA
    • ARC4
      • Curve448, curve25519
      • NIST-R (P-224, P-256, P-384, P-521), NIST-K P-256, BRAINPOOL R/T (P-160, P-192, P-224, P-256, P-320, P-384, P-512), ANSSI P-256
    • DES, TripleDES:
      • ECB (electronic codebook mode)
      • CBC (cipher-block chaining)
      • Hash method:SHA-1SHA-2: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
    • HASH:
      • MD5
      • HKDF-SHA-512
    • ChaCha20
    • Poly1305
    • CHaCHA20-POLY1305
    • Curve25519
    • ED25519


STM32 cryptographic library dedicated pages