cancel
Showing results for 
Search instead for 
Did you mean: 

in the StSafeA_GenerateSignature() function what does the InMAC parameter do and how should it be used.

GSmit.3
Associate II

cant find and examples on how to use GenerateSignature

3 REPLIES 3
Andrea Palmieri
ST Employee

Hi,

the parameter should be related to the authentication requirement between the MCU and the STSAFE secure element.

Please, refer to the examples included in the X-CUBE-SAFEA1 package.

Regards

Andrea

GSmit.3
Associate II

Thanks for the quick responce, I'm signing for MCU STSAFE pairing. I am trying to sign a CSR with the key pair I have in slot1.

HBaga.1
Associate II

Did you ever get anything to work with InMAC other than STSAFEA_MAC_NONE? I can do the Echo command and it works fine when using STSAFEA_MAC_NONE but zero return when I use something like STSAFEA_MAC_HOST_CMAC? I have narrowed my issue down(I think) to the StSafeA_ComputeCMAC() function. I have implemented my own wrapper using the hardware AES (using AES-GMAC) but I'm NOT quite sure if that is the correct one to use to calculate the CMAC. The authentication tag generated by AES-GMAC is 16 bytes but the StSafeA_ComputeCMAC() appends only 4 bytes to the original message as shown with this particular code at the end of that function

pStSafeA->InOutBuffer.LV.Length += STSAFEA_MAC_LENGTH; <--- this is 4

The response that I get from the STSAFE with a "wrong CMAC" is

0000000B <----- a header perhaps?

00000000 <----- I believe this is the size (16 bits) including the next byte

00000002

0000004E <---- I believe these are some error codes

000000AB <---- I believe these are some error codes

I also don't see any reference to AES-CMAC is the feature set for the STM32L4S MCU that I have though it supports ECB, CBC, CTR, GCM, GMAC, and CBC-MAC. Does the HAL/XCRYPTO library implement this in software?

Maybe someone at ST can clarify what is the exact AES-CMAC mode the STSAFE-A110 uses so I can use the correct mode on the STM32 side (if possible). Better yet, maybe ST can provide a reference manual for the STSAFE device describing the messaging format, command and response code, etc so I don't have to reverse engineer their STSAFE library to figure out what is going on.