FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CSEc Calculated CMAC and stored CMAC do not match.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CSEc Calculated CMAC and stored CMAC do not match.

‎01-03-2023 03:59 AM
1,081 Views
BrK_
Contributor III

Hi everyone,

I use S32K116-EVB and trying to generate CMAC using these values:

key : 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x080x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00

Message : 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x070x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f

After CMAC generation on EVB, using an external AES-CMAC calculation code and generated another CMAC with same values. (External AES-CMAC implementation from official RFC-4493 document.) 

However when i try to match two generated CMAC values, i find that they are different.

So, what is different between offical AES-CMAC calculation and S32K CSEc CMAC calculation? 

Why these two values do not match?

0 Kudos
Reply
4 Replies

‎01-03-2023 04:34 AM
1,072 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @BrK_ 

please take a look at my last answer in this thread:

https://community.nxp.com/t5/S32K/S32K116-Bricked-after-CSEc-Operations/m-p/1179670

I was able to get correct result when using test vectors provided by SHE spec. It just depends if you use SDK or if you use code from AN5401 - the drivers use different data format.

Regards,

Lukas

0 Kudos
Reply

‎01-10-2023 06:33 AM
1,048 Views
BrK_
Contributor III

Hi @lukaszadrapa ,

Thank you for reply but i guess the problem is not mentioned in the solution. 

As you can see with additional pictures SHE spec vectors specified 8bit words. Also you can see test key, message and API which generate CMAC.

she_spec.png

test_key_and_msg.png

loadplainkey_generatecmac.png

Regards,

0 Kudos
Reply

‎01-12-2023 08:22 AM
1,022 Views
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @BrK_ 

lukaszadrapa_0-1673536932952.png

It's number of bits, not bytes. Use length 128 instead of 16.

Regards,

Lukas

0 Kudos
Reply

‎01-17-2023 01:38 AM
998 Views
BrK_
Contributor III

Hi @lukaszadrapa

Thank you for reply.

I have another issue.

I have an cmac value for a binary code file. Code size is 7308byte.

external_boot_mac.png

I defined this cmac value in my csec code and loaded it as boot_mac via debug RAM.

s32ds_boot_mac.png

s32ds_boot_mac_load.png

Then i debug the RAM again to enable secure boot.

s32ds_secure_boot_define.png

The size variable that the CSEC_DRV_BootDefine function takes is defined as follows,

boot_define_size_expl.png

As a result, secure boot gives an error as boot_mac_key_missmatched.

 

I follows these steps :

* Operate flash partition for csec via Debug Ram.

* Define master_ecu_key, boot_mac_key, boot_mac via Debug Ram.

* Loade code into Flash.

* Define secure boot with CSEC_DRV_BootDefine  via Debug Ram.

* Reset device.

 

I'm waiting for your feedback.

Regards,

0 Kudos
Reply