Hello,
I face a problem with CMAC verification, if message has some specific lengths (verification fails when message length is equal to red lines):
Pls see attached pdf for details.
Do I something wrong, or should be there done some fix in "Csec_Ip.c" ?
Thanks
Hello Dan,
thanks for quick response !
I use csec driver from "Csec_Ip.c". I use copy version (not pointer version) of cmac verification function Csec_Ip_VerifyMac(). As can be seen on below printscreen so I want to verify 656/8=82 bytes (just an example).
From Csec_Ip_VerifyMac() is then called Csec_Ip_StartVerifMACCmd() -> Csec_Ip_WriteCommandHeader()
In Csec_Ip_WriteCommandHeader() is this:
Definition CSEC_IP_FUNC_FORMAT_COPY (which is 0) is fixed here and I am not able to change it to 1.
"Func form at" equal to 1 is used in pointer version of Csec_Ip_VerifyMacAddrMode():
But I am not using API call Csec_Ip_VerifyMacAddrMode().
So how should I change "Func form at" equal to 1 if it is internal definition of the "Csec_Ip.c" ?
Thank you
Vojtech
Hello Dan,
I have not found any function in CSEc API for changing value of CallSeq variable.
Actually CSEc driver should care about CallSeq by itself I think:
CMAC verification fails even if there is requested to verify 81-96 bytes, where page2-page7 should be sufficient (CallSeq = 0x01 is enough). What do you think about my proposed correction of CSEc driver as I wrote in attached pdf in initial question?
I can explain in the call if needed.
Thank you
Hello @Vojtech,
Follow to " CMD_VERIFY_MAC" in reference manual, we have:
In your situation, n = 1 and MESSAGE_LENGTH must be 128 bytes => you only have data from page 0 => page 6th. So, you have to fill all of data of page 7th equal to 0 to enough 128 bytes (7 pages data + 1 page with padding value).
For example:
You got issue because you wrote 7 pages instead of 8 pages - enough 128 byte (7 pages data + 1 page with padding value).
Best regards,
Dan
Hello Dan,
I am using NXP CSEc driver:
So I can use only non-static functions from Csec_Ip.c source file (only functions from API as printscreened in previous post). So I should not anyhow directly solve filling of PRAM interface (this is done internally by NXP CSEc driver).
I just use this function for CMAC verification (I just provide as input arguments: message buffer, message size in bits, key etc.):
When I changed the code in this NXP CSEc driver (as described in the pdf attached to original post), so everything seems to work fine - but it is RTD source file, so it should not be changed by me. I can show in a call if needed. Or do I miss something?
Thanks
Vojtech
