How to generate CMAC with a non-volatile key?

nevozade · ‎02-28-2022

Hello,

I want to obtain CMAC value with a non-volatile key (only verification is even OK). I am using modified 'csec_boot_protection_s32k148' project. After initialization CSEc module, I load key rom RAM with given instructions :

uint8_t testkey[16] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};

retVal = loadKey(CSEC_KEY_7, testkey, 1, 1);

Then, I debug from FLASH and tried to generate/verify MAC values with the loaded non-volatlie key (CSEC_KEY_7):

uint8_t input_text[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};

statusMAC = CSEC_DRV_GenerateMAC(CSEC_KEY_7, input_text, 128U, cmac, 10U);

statusMAC = CSEC_DRV_VerifyMAC(CSEC_KEY_7, input_text, 128U, cmac, 128U, &verifStatus, 10U);

Unfortunately, both statusMAC values return 0x404 which refers STATUS_SEC_KEY_INVALID. According to this, I cannot obtain/verify CMAC value with CSEC_KEY_7. On the other hand, I can get and verify a CMAC value with plainText key with the given instructions:

stat = CSEC_DRV_LoadPlainKey(testkey);

statusMAC = CSEC_DRV_GenerateMAC(CSEC_RAM_KEY, input_text, 128U, cmac, 10U);
statusMAC = CSEC_DRV_VerifyMAC(CSEC_RAM_KEY, input_text, 128U, cmac, 128U, &verifStatus, 10U);

For given condition above, I get the true CMAC value (compared with CMAC that is obtained with Perl script which is mentioned in AN4235). Briefly, I cannot call generateMAC function successfully with a non-volatile key such as CSEC_KEY_7, CSEC_KEY_10, ... etc. I want to obtain it with CSE_KEY_7, not RAM key. Is there any option or alternative way to do this as I desire?

Thanks.

PS: After some investigating about this, KEY_USAGE must set, can someone helps me for changing this?

ThienBui · ‎07-14-2023

Hi,

It works now with CMAC generation. Thank you so much for your support. However, those KEYs that are loaded via this new edited code become INVALID for ENC & DEC of both CBC & ECB mode. Is this behaviour also correct?

ZEROOO · ‎07-14-2023

This is normal, you can look at the application manual about cbc and cmac features of the application.

lukaszadrapa · ‎03-01-2022

Hi Nevzat,

yes, the attributes are the reason. Let me re-use what I already wrote somewhere:

After some investigation, I found out that SW example in SDK does not consider Key Attributes. There’s an important attribute called KEY_USAGE. Description from AN5401:
„This flag determines if a key is used for encryption/decryption or for CMAC generation/verification. If the flag is set, the key is used for CMAC generation/verification. If the flag is clear, the key is used for encryption.“
This is given by SHE specification.

I’m sure this is the reason. The SDK example uses only plain key for CMAC, so it works. There’s no problem in the CSE SDK driver, this needs to be implemented by user’s code. The function computeM1M2M3 in file csec_utils.c needs to be updated. You can take a look at function calculate_M1_to_M5 in AN5401 (attribute_flags is used when calculating M2).

Another way is to use code from AN5401 for initialization.
Take a look at 1_Configure_part_and_Load_keys in AN5401.
KEY_1 is used for encryption, so the last parameter of calculate_M1_to_M5 function is 0.
KEY_11 is used for CMAC, so the last parameter is 0b000100 (KEY_USAGE is 1).

Or another option is to provide the values M1-M5 calculated offline, so these functions are not needed ever and you can simply use CSE_DRV_LoadKey command.

https://www.nxp.com/webapp/Download?colCode=AN5401&location=null

https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null

Regards,

Lukas

ZEROOO · ‎04-05-2023

Hi Lukas

I also encountered the same problem, I want to ask if the corresponding relationship between attribute_flags and 0b000100 is as below?The attribute_flags description I found online seems to have a different meaning, KEY_USAGE is indicated by Bit 6-5, 00: indicates that the key is used for encryption/decryption operations, 01 indicates that the key is used for CMAC generation/authentication operations.Could you explain how to set the attribute flags parameter?

ThienBui · ‎07-14-2023

Hi ZEROOO,

Has you found a solution to set the KEY_USAGE Attribute Flag?

ZEROOO · ‎07-14-2023

Hi

You will need to set the key properties when you load the user key, which you can do if you are using the AN5401 code.If you're using the SDK, you'll need to modify computeM1M2M3 to add an attribute_flags parameter.At the same time, you also need to put attribute flags into m2Plain[4].

ThienBui · ‎07-14-2023

Hi ZEROOO,

I've tried your solution by assigning 0b000100 attribute value to m2Plain[4] in computeM1M2M3(..) function. But it still returns STATUS_SEC_KEY_INVALID when I run this command:

statusVal = CSEC_DRV_GenerateMAC(CSEC_KEY_1, input_text, sizeof(input_text), cmac, 10);

ZEROOO · ‎07-14-2023

Hi

Please try it like this：

m2Plain[0] = (counter & 0xFF00000) >> 20;
m2Plain[1] = (counter & 0xFF000) >> 12;
m2Plain[2] = (counter & 0xFF0) >> 4;
m2Plain[3] = (counter & 0xF) << 4|((attribute_flags & 0xF0u) >> 4u);
m2Plain[4] = (uint8_t)(attribute_flags & 0x0Fu) << 4u;

ThienBui · ‎07-14-2023

Hi,

I've implemented as your suggestion (see the picture below). I still cannot generate CMAC. Both KEY1 and KEY2 are return INVALID. KEY1 is not "bootProtection", KEY2 is "bootProtection".

ZEROOO · ‎07-14-2023

Hi

attribute_flags should be set to 0x10, you can refer to AN5401