Can csec key11~17 update other keys as auth key?

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Can csec key11~17 update other keys as auth key?

跳至解决方案
1,586 次查看
yaojianhang
Contributor II

Hi,

I'm using S32K144, trying to use CSEc key11~17 update oher keys, since M1 message's Auth ID is 4 bit and doesn't have 1 bit KBS as KeyID. It seems impossible to do this.

0 项奖励
回复
1 解答
1,553 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @yaojianhang 

that's very good point. I did some debugging on my side and I found out that there's a bug in the calculate_M1_to_M5 function.

I already mentioned this code:

key_id = key_id & 0x0F; //For keys in the other bank, don't consider the KBS bit in M1 & M4 calculation. Follow traditional SHE specs

However, this is not enough. Also AuthID should be modified in the same way when calculating M1 and M4. From AN5401:

lukaszadrapa_0-1673344588552.png

And:

lukaszadrapa_1-1673344661024.png

 

So, I added this code:

auth_key_id = auth_key_id & 0x0F;

... and everything works as expected now.

Thank you for pointing this out, I will report it.

Regards,

Lukas

 

在原帖中查看解决方案

0 项奖励
回复
5 回复数
1,574 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @yaojianhang 

let me share some screenshots:

From the reference manual:

lukaszadrapa_0-1673276693048.png

 In application note AN5401:

lukaszadrapa_1-1673276752746.png

In source files of AN5401:

lukaszadrapa_2-1673276795382.png

 

And regarding the second question, this can be found in AN5401:

lukaszadrapa_3-1673276951738.png

This is given by SHE specification. RAM_KEY can be updated anytime, you do not need to know MASTER_ECU_KEY or previous value of the RAM_KEY.

Regards,

Lukas

 

 

0 项奖励
回复
1,566 次查看
yaojianhang
Contributor II

HI,@lukaszadrapa 

In this code,use CSEC_KEY_11 updates CSEC_KEY_11 return  ERC_KEY_INVALID, use MASTER_ECU_KEY updates CSEC_KEY_11 return no error.

How to use CSEC_KEY_11 updates CSEC_KEY_11? Is it possible?  Thanks for you reply.

20230110_111617 (1).jpg

Regards,

yaojianhang.

0 项奖励
回复
1,554 次查看
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi @yaojianhang 

that's very good point. I did some debugging on my side and I found out that there's a bug in the calculate_M1_to_M5 function.

I already mentioned this code:

key_id = key_id & 0x0F; //For keys in the other bank, don't consider the KBS bit in M1 & M4 calculation. Follow traditional SHE specs

However, this is not enough. Also AuthID should be modified in the same way when calculating M1 and M4. From AN5401:

lukaszadrapa_0-1673344588552.png

And:

lukaszadrapa_1-1673344661024.png

 

So, I added this code:

auth_key_id = auth_key_id & 0x0F;

... and everything works as expected now.

Thank you for pointing this out, I will report it.

Regards,

Lukas

 

0 项奖励
回复
1,522 次查看
yaojianhang
Contributor II
Thanks!

Regards,
yaojianhang
0 项奖励
回复
1,578 次查看
yaojianhang
Contributor II

additions:

can CSEc key11~17 update themselves and ram_key?

0 项奖励
回复