S32K3 SHE key update

JiayuZhou · ‎10-11-2024

1. In K3 HSE_B Firmware RM document, FID is defined by 6 bit, so K3 not support to FID-5bit, right?[In K146 chip, FID not only support to 6 bit, but also 5 bit.]

So, in S32K3, if use FID-5bit to generate M1-M3, SHE key cannot be updated, right?

2. In S32K3 MCAL's crypto driver, SHE key's M4 stored in key element 2(CRYPTO_KE_MAC_PROOF), and M5 stored in key element 6(CRYPTO_KE_CIPHER_PROOF). but, As far as I know, M4M5 should store in key element 2, not element 6. Does NXP's crypto code not comply with autosar standard?

lukaszadrapa · ‎10-16-2024

1. There's no difference. According to SHE specification, FID is used only for M2 calculation and it looks like this:

So, M2 is the CBC-encrypted concatenation of the new counter value CID, the according flags FID, a pattern to fill the first block with ‘0’ bits and the new key KID.
VERIFY_ONLY extension flag is added to the end of FID - it replaces the first zero in that 95bits padding.
If you keep VERIFY_ONLY zero, it meets SHE specification. No other changes are necessary, no specific HSE firmware is needed. The behavior will correspond to SHE spec without this extension.

2. As I wrote, this was reported short time ago, it's not resolved yet.
I expect that only the CRYPTO_KE_CIPHER_PROOF definition will be changed from 6 to 2 as required by the standard.
And because it's not resolved yet, I can't provide expected release date.

Regards,
Lukas

View solution in original post

lukaszadrapa · ‎10-15-2024

Hi @JiayuZhou

1. This extension of SHE spec is available on both CSEc on K1 and HSE on K3. It’s up to you if you will use it or not. Both options are possible:

From AN5401 for S32K1:

From HSE FW RM for S32K3:

2. Yes, you are right. I can see that this was already reported short time ago. This will be fixed in next RTD versions in the near future.

Regards,

Lukas

JiayuZhou · ‎10-15-2024

Hi,lukaszadrapa,
1.In your figure, S32K3 don't have SFE flag like S32K1, so it only support to FID 6 bit, can not meet to FID 5bit, because it must configure VERIFY_ONLY bit. Wether NXP provide HSE firmware to support to use FID 5bit?
2.when is the next RTD provide? Can you provide a way to modify the relevant code in the current RTD? We‘re using this RTD to develop SW currently and already need to use this function.

lukaszadrapa · ‎10-16-2024

1. There's no difference. According to SHE specification, FID is used only for M2 calculation and it looks like this:

So, M2 is the CBC-encrypted concatenation of the new counter value CID, the according flags FID, a pattern to fill the first block with ‘0’ bits and the new key KID.
VERIFY_ONLY extension flag is added to the end of FID - it replaces the first zero in that 95bits padding.
If you keep VERIFY_ONLY zero, it meets SHE specification. No other changes are necessary, no specific HSE firmware is needed. The behavior will correspond to SHE spec without this extension.

2. As I wrote, this was reported short time ago, it's not resolved yet.
I expect that only the CRYPTO_KE_CIPHER_PROOF definition will be changed from 6 to 2 as required by the standard.
And because it's not resolved yet, I can't provide expected release date.

Regards,
Lukas