2022-11-09 02:03 AM
I am trying to use MAC with my STSAFE-A110, in order to further restrict access.
I would have expected a function similar to establishing a public key, i.e. StSafeA_PutPublicKeySlot(...), but I can only find StSafeA_PutAttribute.
Are we really supposed to setup the symmetric HMAC key with PutAttribute?
StSafeA_ResponseCode_t StSafeA_PutAttribute(
StSafeA_Handle_t *pStSafeA,
uint8_t InAttributeTag, // e.g. STSAFEA_TAG_HOST_KEY_SLOT
const uint8_t *pInData,
uint16_t InDataSize,
uint8_t InMAC);
The HMAC key should be "write once". Once the HMAC key is established, we should not be able to change it.
2022-11-16 11:01 PM
Still hoping for answer!
2022-11-22 03:09 AM
Hi @CWein.1 ,
Thanks for your question.
The STSAFE-A110 CMAC mechanism is using the pairing keys.
You have a code example for the Pairing use case in the X-CUBE-SAFEA1 package.
you will get the example of StSafeA_PutAttribute() to properly configure the pairing keys.
Then you need to implement the stsafea_crypto_interface.c, once again, you have example with mbedtls in the X-CUBE-SAFEA1 package.
One point that is important, the pairing example is using by default test pairing keys and in the stsafea_crypto_interface.c you must manage the pairing keys handle so you have to make sure you are using the same key for the pairing and the crypto interface implementation.
As you mention, the configuration of the pairing keys is a one-time operation, so you can't update the pairing keys.
Last point, you have a maximum of 50 invalid CMAC operation in a row before locking the pairing keys permanently. So, during your first experiment, be sure that you don't have a loop that retry the STSAFE-A commands as this could lead to a lock of the pairing keys in a fast way.
if this happens you will get a STSAFEA_KEY_BLOCKED error on every command with CMAC authorisation.
Best Regards,
Benjamin
2022-12-06 01:54 AM
Thanks Benjamin. I was able to use the example and set the Host Key.
It appears setting the Host Key does not do anything unless you also configure the STSAFE CMDs to actually require it? Is that right?
#define STSAFEA_TAG_COMMAND_AUTHORIZATION_CONFIGURATION (0x24U) /*!< Command authorization configuration tag. */
#define STSAFEA_TAG_COMMAND_ACCESS_CONDITIONS (0x29U) /*!< Command access conditions tag. */
#define STSAFEA_TAG_COMMAND_HOST_ENCRYPTION_FLAGS (0x2AU) /*!< Command host encryption flags tag. */
I Imagine I need to also call PutAttribute, while setting one of these tags, but I don't see an example for doing that.
Is there something else I'm missing?
2022-12-06 01:57 AM
My goal is to simply restrict who can communicate with the STSAFE. I don't want bad actors to desolder the chip and use it to generate signatures.
2022-12-07 02:05 AM
Hi @CWein.1
These commands are one-time operation that is customizable at profile level. This is not possible with STSAFA110DFSPL02.
If you want to use such personalization, you need to contact your local ST FAE for STSAFE-A product to check the condition of the dedicated profile and the definition of it.
Best Regards,
Benjamin
2022-12-11 04:38 AM
Thank you for the answer.
Okay. Interesting. I would have expected that the devices from Mouser, DigiKey, etc, come "blank" and are fully customizable during client production.
My goal is simply to require HMAC authorization (or some other authorization) in order to submit a signature request command to the STSAFE. I don't want a bad actor to desolder the chips and reuse them.
Does something that "simple" require personalization from ST?
If so, I will look into ST FAE, but of course that is less "convenient" than it working out of the box.
Thank you, again.
Chip
2022-12-12 02:04 AM
Hi @CWein.1 ,
The evaluation sample STSAFA110S8SPL02 are just here to evaluation STSAFE-A features and is fully describe in the following application note.
For production, you need to go for a personalization.
Nevertheless, you can exercise the signature commands with the authentication and let this configuration for your personalized parts.
I understand your point but this type of configuration could be tricky to define and error could lead to the need to change the physically the part, therefore this is a tradeoff between simplicity of evaluation and complexity of the product.
Best Regards,
Benjamin
2022-12-12 06:49 AM
Thank you for the many answers, Benjamin. Your help is the reason I can consider STSAFE.
In your link, I see the following table, for STSAFA110S8SPL02:
Generate Signature
Command Code: 16
Command AC: Free
Encryption of Command Data: (NO)
Encryption of Response Data: (NO)
"free" means user configurable?
Can you share the request format needed to change it to Host C-MAC?
2022-12-12 06:57 AM
Hi @CWein.1 ,
The command AC means Command Access Condition, "free" means that the authentication of the command (C-MAC) is optional.
To enter in detail, the configure command is a one-time operation to configure all the command you have in the figure 2.
On the STSAFA110S8SPL02, the configure command has been already done so you can't modify this setup.
Could you enter an OLS ticket here for your request ?
Thanks,
Best Regards,
Benjamin