ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc Calculated CMAC and stored CMAC do not match.

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

CSEc Calculated CMAC and stored CMAC do not match.

‎01-03-2023 03:59 AM
1,857件の閲覧回数
BRK_Y
Contributor III

Hi everyone,

I use S32K116-EVB and trying to generate CMAC using these values:

key : 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x080x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00

Message : 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x070x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f

After CMAC generation on EVB, using an external AES-CMAC calculation code and generated another CMAC with same values. (External AES-CMAC implementation from official RFC-4493 document.) 

However when i try to match two generated CMAC values, i find that they are different.

So, what is different between offical AES-CMAC calculation and S32K CSEc CMAC calculation? 

Why these two values do not match?

0 件の賞賛
返信
4 返答(返信)

‎01-03-2023 04:34 AM
1,848件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @BRK_Y 

please take a look at my last answer in this thread:

https://community.nxp.com/t5/S32K/S32K116-Bricked-after-CSEc-Operations/m-p/1179670

I was able to get correct result when using test vectors provided by SHE spec. It just depends if you use SDK or if you use code from AN5401 - the drivers use different data format.

Regards,

Lukas

0 件の賞賛
返信

‎01-10-2023 06:33 AM
1,824件の閲覧回数
BRK_Y
Contributor III

Hi @lukaszadrapa ,

Thank you for reply but i guess the problem is not mentioned in the solution. 

As you can see with additional pictures SHE spec vectors specified 8bit words. Also you can see test key, message and API which generate CMAC.

she_spec.png

test_key_and_msg.png

loadplainkey_generatecmac.png

Regards,

0 件の賞賛
返信

‎01-12-2023 08:22 AM
1,798件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @BRK_Y 

lukaszadrapa_0-1673536932952.png

It's number of bits, not bytes. Use length 128 instead of 16.

Regards,

Lukas

0 件の賞賛
返信

‎01-17-2023 01:38 AM
1,774件の閲覧回数
BRK_Y
Contributor III

Hi @lukaszadrapa

Thank you for reply.

I have another issue.

I have an cmac value for a binary code file. Code size is 7308byte.

external_boot_mac.png

I defined this cmac value in my csec code and loaded it as boot_mac via debug RAM.

s32ds_boot_mac.png

s32ds_boot_mac_load.png

Then i debug the RAM again to enable secure boot.

s32ds_secure_boot_define.png

The size variable that the CSEC_DRV_BootDefine function takes is defined as follows,

boot_define_size_expl.png

As a result, secure boot gives an error as boot_mac_key_missmatched.

 

I follows these steps :

* Operate flash partition for csec via Debug Ram.

* Define master_ecu_key, boot_mac_key, boot_mac via Debug Ram.

* Loade code into Flash.

* Define secure boot with CSEC_DRV_BootDefine  via Debug Ram.

* Reset device.

 

I'm waiting for your feedback.

Regards,

0 件の賞賛
返信