I am using CST to generate encrypted image. I am setting MAC = 16 bytes in my CSF. However, I see 32 bytes of MAC being generated in the CSF output. I see a constant 4 byte pattern and the rest 28 bytes of random data. Any idea where the MAC data is put in these bytes, and what the extra bytes are?
I am assuming that you are referring to csf.bin. And that the [Decrypt Data] command is the last command on your CSF.
When in the presence of [Decrypt Data], CST will encrypt the data blocks in-place(data blocks in the input file are replaced by their encrypted version), using the data encryption key. And it also generates a MAC tag of the file and appends it to the CSF.
However, at boot time HAB needs to know what algorithm and what size use to authenticate the MAC. Let's take the following example of csf.bin:
AC 00 24 41 00 0C 00 10 54 46 4E 21 27 6D C9 16 CA A0 BE 70 11 DE 64 1A F2 20 D4 93 B1 DB C3 75 98 72 E5 F3
If we parse the HAB data structure, it would be like this:
AC 00 24 41
HAB_TAG_MAC = 0xAC
length = 0x0024
version = 0x41
So this part of the structure is the 4 byte pattern that you probably are looking at.
HAB uses CBC-MAC, therefore a nonce and a length are required .Then the next word is divded in two.
00 0C 00 10
[NONCE LENGTH][MAC LENGTH]
NONCE LENGTH = 0x000C
MAC LENGTH = 0x0010
Then by intuition, we can tell that the nonce is:
54 46 4E 21 27 6D C9 16 CA A0 BE 70
and that the mac is
11 DE 64 1A F2 20 D4 93 B1 DB C3 75 98 72 E5 F3
if you need more information about on the parameters and algorithms. I would read the Security Reference manual for your target board