ST STM32U5 Series User Manual page 10

True random number generator
For the device to generate random numbers as specified in NIST SP800-90B, the Integrator must use the TRNG
peripheral with the configuration A. Refer to the validation conditions subsection of the RNG section in the
[RM_U5] or [RM_WBA5]
TOE hardware cryptographic accelerators
The TOE is certified with hardware‑accelerated cryptography that is protected against side-channel, fault injection,
and timing analysis attacks.
To achieve the required resistance against hardware attacks, the Integrator must use the following
hardware‑accelerated cryptographic function, detailed in the corresponding sections of the
[RM_WBA5].
• SAES peripheral:
– AES-128 and AES-256:
◦
◦
◦
• PKA peripheral:
– RSA decryption using protected modular exponentiation (MODE=0x3).
– ECC scalar multiplication (MODE=0x20) and ECDSA signature (MODE=0x24).
• RNG peripheral for cryptographic key generation (ECDH, ECIES, and ECDSA algorithms)
– In FIPS PUB 186-4 specification section B.4 NIST proposes two methods for the generation of the
ECC private key (extra random bits or testing candidates). The Integrator must select one of those
two methods when using the RNG peripheral to compute the ECC private keys.
Note: SAES and PKA cannot operate if the RNG peripheral is not properly initialized, with its AHB clock running.
When implementing an RSA or ECC function with the PKA peripheral the Integrator must check that, when writing
sensitive data such as nonces or private keys into the PKA RAM, the written data is correct and has not been
altered before starting the PKA operation.
When implementing an AES function with the SAES peripheral the Integrator must follow the below guidelines to
meet SESIP security assurance level 3 (or equivalent).
• Implement systematically the inverse of the cryptographic operation (encrypt then decrypt or decrypt then
encrypt) and compare the result with the initial cryptographic input. The Integrator must implement a
random timing jitter between the cryptographic operation and its inverse.
• Implement redundancy when verifying results. The Integrator must implement a random timing jitter
between each result comparison.
• Implement a control flow that verifies that each step mentioned above is completed.
Additionally, the Integrator should follow the below guidelines when implementing the AES function with the SAES
peripheral:
• Activate the internal tamper 9 dedicated to cryptographic peripherals fault.
• Increase the AES key size to 256-bit, or limit the number of AES computations using the same key to 8
million.
Finally, when an error related to the aforementioned countermeasures is detected, the Integrator must take
appropriate action according to its security policy (as an example, the application might reset the system).
Cryptographic key storage
In its configuration with additional cryptography (see
protect the confidentiality of AES 128 or 256-bit keys in its KeyStore, using the key wrapping/unwrapping method
described in the SAES operation with wrapped keys subsection of the SAES section in
As with any software dealing with sensitive data, the software driving the SAES peripheral must follow the
guidelines described in the
control flow...).
Note: The wrapping and unwrapping functions are unusable while an active tamper event is not cleared (see next).
UM3387 - Rev 1
for details.
Encryption-decryption
Authenticated encryption or decryption
Cipher-based message authentication code computation
Fault injection attacks countermeasures
Section 3.1) the Integrator can use the SAES peripheral to
section (for example timing randomization,
UM3387
Operational user guidance
[RM_U5] or
[RM_U5] or [RM_WBA5].
page 10/22