S32K CSEC M1 to M3

wanglijun · ‎04-19-2021

Hello,

When calculating the M1 to M3, there is a parameter "key updated counter".

If the key update counter is wrong, can the key be loaded successfully?

lukaszadrapa · ‎04-19-2021

Hi,

the answer is no. This behavior is required by SHE specification, it adds protection against replay attacks.

Regards,

Lukas

wanglijun · ‎04-19-2021

Hello, Do you mean the input parameter key update counter must be equal to the actual key updated counter, if the 2 value is not equal, the key update not successfully, right?

lukaszadrapa · ‎04-19-2021

No, new counter needs to be incremented (+1). Initial value of the counter is 0 (this is given by SHE, considering new device or device reset to factory state). When you are going to load the key first time, you use counter = 1. When you are going to update the key second time, use counter = 2 and so on. If you do not follow this rule, the key won't be updated.

Regards,

Lukas

wanglijun · ‎04-20-2021

Hello, Thank you for the reply. Can you share that how to prevent replay attach by the counter? Thank you!

lukaszadrapa · ‎04-20-2021

There's nothing to share, implementation of the counter itself is the protection.

Regards,

Lukas