AnsweredAssumed Answered

[mpc5777c][cse] DEBUG_AUTH 0x0A Error

Question asked by Jaejyn Shin on May 17, 2017

Hello Expert

 

I am developing DEBUG_AUTH command referencing "4.1 Resetting the secure flash to its factory state" in the "AN5418_Using_CSE2.pdf"

But there was 0x0A error after running DEBUG_AUTH command.

 

All previous commands succeeded, so I don't know how to solve this problem.

Could anyone find any problem on my codes ?

 

code

static char failcount = 0;
static vuint32_t challenge_UID[8];
static vuint32_t UID[4];
static vuint32_t MAC[4];
static vuint32_t challenge[4];
static vuint32_t authorization[4];
static unsigned long long length = 248;
static vuint32_t KDEBUG[4];
static char master_key[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11
};
static vuint32_t DEBUG_KEY_C[4] = {0x01035348, 0x45008000, 0x00000000, 0x000000B0}; // DEBUG_KEY_C = 0x01035348_45008000_00000000_000000B0
static char mpc_in[32];
static unsigned long long mpc_len = 176;


void KDF(char *key/*16 bytes*/, char *constant/*16 bytes*/, char *d_key)
{
    //unsigned long long mpc_len = 256;
    // copy key + constant to mpc_in, 32 bits at a time
    *(vuint32_t *) &mpc_in[0] = *(vuint32_t *) &key[0];
    *(vuint32_t *) &mpc_in[4] = *(vuint32_t *) &key[4];
    *(vuint32_t *) &mpc_in[8] = *(vuint32_t *) &key[8];
    *(vuint32_t *) &mpc_in[12] = *(vuint32_t *) &key[12];
    *(vuint32_t *) &mpc_in[16] = *(vuint32_t *) &constant[0];
    *(vuint32_t *) &mpc_in[20] = *(vuint32_t *) &constant[4];
    *(vuint32_t *) &mpc_in[24] = *(vuint32_t *) &constant[8];
    *(vuint32_t *) &mpc_in[28] = *(vuint32_t *) &constant[12];
    CSE.P[0].R = (vuint32_t) &mpc_len; /* message length (bits) address */
    CSE.P[1].R = (vuint32_t) &mpc_in; /* message start address */
    CSE.P[2].R = (vuint32_t) d_key; /* output address of derived key */
    CSE.CMD.R = 0x16; //CSE_MP_COMPRESS; /* issue MP_COMPRESS command */
    while (CSE.SR.B.BSY == 1) {
    }; /*wait until CSE is idle*/
}


// return to the factory mode
void CSCan_EraseKeys()
{
    /////////////////////////////////////////////
    // creating challenge - 1
    /* set up DIVIDER for TRNG*/
    CSE.CR.B.DIV = 29; /* for 120 Mhz Fsys - gives 2 Mhz TRNG clock*/
    /* initialize RNG */
    CSE.CMD.R= 0x0A; /*INIT_TRNG command*/
    if (CSE.SR.R & 0x00000020 != 0x00000020 ) {failcount++;} /* check RIN bit is set*/

    /////////////////////////////////////////////
    // creating challenge - 2
    /* generate challenge value */
    CSE.P[0].R = (vuint32_t)&challenge ; /* challenge is declared as 4 x uint32_t */
    CSE.CMD.R= 0x12; /*CSE_DEBUG_CHAL command*/
    while (CSE.SR.B.BSY == 1){}; /*wait until CSE is idle*/

    /////////////////////////////////////////////
    // get UID
    CSE.P[0].R = (vuint32_t) & challenge; /*Pointer to ID challenge*/
    CSE.P[1].R = (vuint32_t) & UID; /*Pointer to location, UID to be stored at*/
    CSE.P[2].R = 0;
    CSE.P[3].R = (vuint32_t) & MAC; /*Pointer to location, MAC to be stored at*/
    CSE.CMD.R = 0x10; /*Command ID of GET_ID */
    while (CSE.SR.B.BSY == 1) {}; /*Polling for busy bit to get clear*/
    if (CSE.ECR.R != 0) failcount++;

    /////////////////////////////////////////////
    //
    /* load RAM_key with KDEBUG*/
    // KDEBUG = KDF(MASTER_ECU_KEY ,DEBUG_KEY_C)
    KDF((char*)master_key, (char*)DEBUG_KEY_C, (char*)KDEBUG);
    CSE.P[0].R = (uint32_t) &KDEBUG;
    CSE.CMD.R= 0x8; /*CSE_LOAD_PLAIN_KEY*/
    while (CSE.SR.B.BSY ==1){}; /*wait until CSE is idle*/

    /////////////////////////////////////////////
    //
    // The authorization value is calculated as follows:
    // AUTHORIZATION= CMACKDEBUG(CHALLENGE|UID)
    challenge_UID[0] = challenge[0];
    challenge_UID[1] = challenge[1];
    challenge_UID[2] = challenge[2];
    challenge_UID[3] = challenge[3];
    challenge_UID[4] = UID[0];
    challenge_UID[5] = UID[1];
    challenge_UID[6] = UID[2];
    challenge_UID[7] = UID[3];
    /* generate CMAC based on challenge|UID using KDEBUG */
    CSE.P[0].R = 0xE; /* RAM key */
    CSE.P[1].R = (unsigned long long)&length; /* msg length : 248 in this case (UID is 120 bits )*/
    CSE.P[2].R = (vuint32_t)&challenge_UID;
    CSE.P[3].R = (vuint32_t)&authorization;
    CSE.CMD.R= 0x5; /*CSE_GENERATE_MAC*/

    //AUTHORIZATION is passed to CSE and CSE_DEBUG_AUTH is issued.
    /* issue authorization command */
    CSE.P[0].R = (vuint32_t)&authorization ;
    CSE.CMD.R = 0x13; /* CSE_DEBUG_AUTH*/
}

 

Thank you

Jaejyn

Outcomes