【N32L40XCL-STB 開發(fā)板評測】安全加密算法評測

1 本章內(nèi)容
本章主要以AES和SHA算法為例，介紹算法使用，同時對比基于硬件加速引擎和純軟件算法運(yùn)算速度的差異。

2 測試環(huán)境
開發(fā)板：N32L40XCL-STB V1.0
開發(fā)環(huán)境：Keil 5
RT-Thread版本：5.0.0

3 模塊介紹
3.1 SAC模塊簡介
本MCU具有密碼算法硬件加速引擎(SAC)，支持多種國際算法及國家密碼對稱密碼算法和雜湊密碼算法加速，相較于純軟件算法而言能極大的提高加解密速度。

3.2 硬件支持的算法如下：
支持 DES對稱算法
? 支持 DES和 3DES加解密運(yùn)算
? TDES支持 2KEY和 3KEY模式
? 支持 CBC和 ECB模式

支持 AES對稱算法
? 支持 128bit/192bit/ 256bit密鑰長度
? 支持 CBC、 ECB、 CTR模式

支持 SHA摘要算法
? 支持 SHA1/SHA224/SHA256

支持 MD5摘要算法
? 支持 MD5摘要算法

支持 國密算法
? 支持對稱式國密 SM1、 SM4、 SM7算法以及 SM3雜湊算法
注：
國民技術(shù)SAC模塊寄存器目前暫未開發(fā)，原廠僅提供基于加速引擎的靜態(tài)庫，通過查看API目前已開放下載的最新版本靜態(tài)庫僅支持AES、DES、TDES、SHA1/224/256、SM3和隨機(jī)數(shù)。
目前已開放下載的最新版本靜態(tài)庫還不支持SM1、SM4和SM7，另外SM1和SM7國密局僅提供IP授權(quán)，算法并不開源，暫無有效驗證工具。
TinyCrypt組件為RT-Thead官方移植庫，API接口簡潔明了，使用非常方便。該庫目前最新版本暫不支持DES算法，故本例程選擇國民技術(shù)原廠和TinyCrypt都支持的AES和SHA為例對比硬件加速和純軟件算法的差異。

4 創(chuàng)建工程
由于官方只提供*.lib靜態(tài)庫，故采用ENV構(gòu)建Keil工程項目。
在RT-Thread源碼BSP目錄中找到N32

拷貝n32l40xcl-stb，重命名為n32l40xcl-stb_algo_test
使用ENV工具，添加以下TinyCrypt組件，由于n32l40x芯片內(nèi)存較?。?0KB）,而加解密運(yùn)算需要較大的緩沖區(qū)來做測試，故需將無關(guān)的功能配置組件等全部關(guān)閉。如外設(shè)，僅保留GPIO和UART，其他系統(tǒng)外設(shè)全部關(guān)閉。

保存配置，適用pkgs和 scons命令構(gòu)建工程。

添加algo_test.c

手動添加國民技術(shù)基于SAC模塊的算法驅(qū)動庫。

5 編寫測試程序程序
HASH運(yùn)算測試方法
1.記錄系統(tǒng)tick值
2.讀n32 flash 16Byte
3.計算HASH值
4.循環(huán)2-3步驟，直到128KB全部計算完成。
5.查詢當(dāng)前系統(tǒng)tick值，計算程序運(yùn)行時間。

AES加解密測試方法
1.記錄系統(tǒng)tick值
2.讀n32 flash 16Byte
3.AES128_ECB 加密16Byte, ECB解密，解密后與明文比較
4.循環(huán)2-3步驟，直到128KB全部解密。
5.查詢當(dāng)前系統(tǒng)tick值，計算程序運(yùn)行時間。

注：官方提供的AES API適用并不友好，參考TinyCrypt中AES API做了二次封裝。

SHA1代碼：
/**

@brief SHA1 algorithm test code
@param none
@return none
@note HASH operation test method

1. Record the system tick value

2. Read n32 flash R_FLASH_LEN Byte

3. Calculate the HASH value

4. Cycle steps 2-3 until the 128KB calculation is complete.

5. Query the current system tick value and calculate the program running time.

/
void sha1(void)
{
rt_tick_t tick ,tick_1,tick_2;
tiny_sha1_context ctx;
HASH_CTX n32sac_ctx;
uint8_t output[20];
uint32_t pos = 0;
uint32_t num = N32_FLASH_SIZE/R_FLASH_LEN ;
rt_kprintf("nTinyCrypt SHA1 Testn");
tick_1 = rt_tick_get();
tiny_sha1_starts(&ctx );
pos = 0;
for (int var = 0; var < num; ++var)
{
if (n32_flash_read(N32_FLASH_START_ADRESS+pos, databuf, R_FLASH_LEN) < 0)
{
rt_kprintf("read flash error !!! n");
return;
}
else
{
tiny_sha1_update(&ctx, databuf, R_FLASH_LEN);
pos += R_FLASH_LEN ;
}
}
tiny_sha1_finish(&ctx, output);
tick_2 = rt_tick_get();
memset(&ctx, 0, sizeof(tiny_sha1_context));
tick = tick_2 - tick_1 ;
rt_kprintf("start systick:%dms n", tick_1);
rt_kprintf("finish systick:%dms n", tick_2);
rt_kprintf("data len :%dByte,time:%dms n", N32_FLASH_SIZE,tick);
rt_kprintf("SHA1 HASH:%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02Xn",
output[0],output[1],output[2],output[3],output[4],output[5],output[6],output[7],
output[8],output[9],output[10],output[11],output[12],output[13],output[14],output[15],
output[16],output[17],output[18],output[19]);
n32sac_ctx.hashAlg = HASH_ALG_SHA1;
n32sac_ctx.sequence = HASH_SEQUENCE_FALSE;
rt_kprintf("nN32L4_SAC SHA1 Testn");
tick_1 = rt_tick_get();
if (HASH_Init_OK != HASH_Init(&n32sac_ctx))
{
rt_kprintf("N32L4_SAC HASH_Init failed.n");
return;
}
if (HASH_Start_OK != HASH_Start(&n32sac_ctx))
{
rt_kprintf("N32L4_SAC HASH_Start failed.n");
return;
}
pos = 0;
for (int var = 0; var < num; ++var)
{
if (n32_flash_read(N32_FLASH_START_ADRESS+pos, databuf, R_FLASH_LEN) < 0)
{
rt_kprintf("read flash error !!! n");
return;
}
else
{
if (HASH_Update_OK != HASH_Update(&n32sac_ctx, (uint8_t )databuf, R_FLASH_LEN))
{
rt_kprintf("N32L4_SAC HASH_Update failed.n");
return;
}
else
{
pos += R_FLASH_LEN ;
}
}
}
if (HASH_Complete_OK != HASH_Complete(&n32sac_ctx, output))
{
rt_kprintf("N32L4_SAC HASH_Complete failed.n");
return;
}
tick_2 = rt_tick_get();
memset(&n32sac_ctx, 0, sizeof(HASH_CTX));
tick = tick_2 - tick_1 ;
rt_kprintf("start systick:%dms n", tick_1);
rt_kprintf("finish systick:%dms n", tick_2);
rt_kprintf("data len :%dByte,time:%dms n", N32_FLASH_SIZE,tick);
rt_kprintf("SHA1 HASH:%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02Xn",
output[0],output[1],output[2],output[3],output[4],output[5],output[6],output[7],
output[8],output[9],output[10],output[11],output[12],output[13],output[14],output[15],
output[16],output[17],output[18],output[19]);
}
AES代碼：
/**

• @brief AES algorithm test code
  @param none
  @return none
  @note AES Encryption and decryption test method

1. Record the tick value of the system

2. Read n32 flash 16Byte

3. AES128_ECB encrypts 16Byte, decrypts ECB, and compares with plaintext after decryption

4. Repeat steps 2-3 until all 128KB is decrypted.

5. Query the tick value of the current system and calculate the program running time.

/
void aes(void)
{
rt_tick_t tick ,tick_1,tick_2;
tiny_aes_context ctx;
AES_PARM AES_Parm;
uint8_t key[16]={0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
//uint8_t iv[16]={0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
uint8_t plain[16]={0};//
uint8_t cipher[16]={0};//
uint8_t plainOut[16]={0};//
#if DBG_AES
uint32_t num = 4 ;
#else
uint32_t num = N32_FLASH_SIZE/16 ;
#endif
uint32_t pos = 0;
rt_kprintf("nTinyCrypt AES128_ECB Testn");
tick_1 = rt_tick_get();
pos = 0;
for (int var = 0; var < num; ++var)
{
if (n32_flash_read(N32_FLASH_START_ADRESS+pos, plain, 16) < 0)
{
rt_kprintf("read flash error !!! n");
return;
}
else
{
tiny_aes_setkey_enc(&ctx, key, 128);
tiny_aes_crypt_ecb(&ctx,AES_ENCRYPT,plain, cipher);
tiny_aes_setkey_dec(&ctx, key, 128);
tiny_aes_crypt_ecb(&ctx,AES_DECRYPT,cipher, plainOut);
#if DBG_AES
rt_kprintf("key = ");
DumpBytes(key, sizeof(key));
rt_kprintf("n");
rt_kprintf("plain = ");
DumpBytes(plain, sizeof(plain));
rt_kprintf("n");
rt_kprintf("cipher = ");
DumpBytes(cipher, sizeof(cipher));
rt_kprintf("n");
rt_kprintf("decrypt out = ");
DumpBytes(plainOut, sizeof(plainOut));
rt_kprintf("n");
#endif
if(memcmp(plain,plainOut,16)==0)
{
pos += 16 ;
}
else
{
rt_kprintf("tiny aes crypt error !!! n");
return;
}
}
}
if (memcmp(plain, plainOut, sizeof(plain)) != 0)
{
rt_kprintf("AES decrypt result do not equal plain data.n");
return;
}
tick_2 = rt_tick_get();
tick = tick_2 - tick_1 ;
rt_kprintf("start systick:%dms n", tick_1);
rt_kprintf("finish systick:%dms n", tick_2);
rt_kprintf("data len :%dByte,time:%dms n", N32_FLASH_SIZE,tick);
rt_kprintf("nN32L4_SAC AES128_ECB Testn");
tick_1 = rt_tick_get();
pos = 0;
for (int var = 0; var < num; ++var)
{
if (n32_flash_read(N32_FLASH_START_ADRESS+pos, plain, 16) < 0)
{
rt_kprintf("read flash error !!! n");
return;
}
else
{
AES_SetKey_Enc(&AES_Parm, key, 128);
AES_Crypt_ECB(&AES_Parm,AES_ENCRYPT,plain, cipher);
AES_SetKey_Dec(&AES_Parm, key, 128);
AES_Crypt_ECB(&AES_Parm,AES_DECRYPT,cipher, plainOut);
#if DBG_AES
rt_kprintf("key = ");
DumpBytes(key, sizeof(key));
rt_kprintf("n");
rt_kprintf("plain = ");
DumpBytes(plain, sizeof(plain));
rt_kprintf("n");
rt_kprintf("cipher = ");
DumpBytes(cipher, sizeof(cipher));
rt_kprintf("n");
rt_kprintf("decrypt out = ");
DumpBytes(plainOut, sizeof(plainOut));
rt_kprintf("n");
#endif
if(memcmp(plain,plainOut,16)==0)
{
pos += 16 ;
}
else
{
rt_kprintf("tiny aes crypt error !!! n");
return;
}
}
}
tick_2 = rt_tick_get();
tick = tick_2 - tick_1 ;
rt_kprintf("start systick:%dms n", tick_1);
rt_kprintf("finish systick:%dms n", tick_2);
rt_kprintf("data len :%dByte,time:%dms n", N32_FLASH_SIZE,tick);
}
AES 重新封裝代碼：
/**

@brief AES key schedule (encryption)
@param[in] parm pointer to AES context and the detail please refer to struct AES_PARM in n32l40x_aes.h
@param[in] key encryption key
@param[in] keysize must be 128, 192 or 256
@return none
/
void AES_SetKey_Enc(AES_PARM parm, unsigned char key, int keysize)
{
parm->key = (uint32_t )key;
parm->iv = NULL; // IV is not needed in ECB mode
switch (keysize)
{
case 128:
parm->keyWordLen = 4;
break;
case 192:
parm->keyWordLen = 6;
break;
case 256:
parm->keyWordLen = 8;
break;
default:
return;
}
parm->Mode = AES_ECB;
parm->En_De = AES_ENC;
}
/
@brief AES key schedule (decryption)
@param[in] parm pointer to AES context and the detail please refer to struct AES_PARM in n32l40x_aes.h
@param[in] key encryption key
@param[in] keysize must be 128, 192 or 256
@return none
/
void AES_SetKey_Dec(AES_PARM parm, uint8_t key, uint32_t keysize)
{
parm->key = (uint32_t )key;
parm->iv = NULL; // IV is not needed in ECB mode
switch (keysize)
{
case 128:
parm->keyWordLen = 4;
break;
case 192:
parm->keyWordLen = 6;
break;
case 256:
parm->keyWordLen = 8;
break;
default:
return;
}
parm->Mode = AES_ECB;
parm->En_De = AES_DEC;
}
/
@brief AES-ECB block encryption/decryption
@param[in] parm pointer to AES context and the detail please refer to struct AES_PARM in n32l40x_aes.h
@param[in] mode AES_ENCRYPT or AES_DECRYPT
@param[in] input 16-byte input block
@param[out] output 16-byte output block
@return none
/
void AES_Crypt_ECB(AES_PARM parm, uint32_t mode, uint8_t input[16], uint8_t output[16])
{
parm->inWordLen = 4;
parm->in = (uint32_t )input;
parm->out = (uint32_t )output;
if (AES_Init_OK != AES_Init(parm))
{
rt_kprintf("N32L4_SAC AES_Init failed.n");
return;
}
if (AES_Crypto_OK != AES_Crypto(parm))
{
rt_kprintf("N32L4_SAC AES_Crypto failedn");
return;
}
}

6 測試數(shù)據(jù)

7 章節(jié)總結(jié)

從測試數(shù)據(jù)上對比，執(zhí)行相同的密碼運(yùn)算基于硬件加速引擎速度遠(yuǎn)遠(yuǎn)大于純軟件算法。尤其是進(jìn)行大量數(shù)據(jù)加解密運(yùn)算時差異較大。