cancel
Showing results for 
Search instead for 
Did you mean: 

X-CUBE-CRYPTOLIB computed SHA256 hash wrong

Martin42
Associate III

Hello,

I would like to use the X-CUBE-CRYPTOLIB to calculate a SHA256 with a key. My implementation or the example HMAC_SHA2_AuthenticateVerify works in STM32CubeIDE 1.13.1 for an STM32L432KCU microcontroller.

Source: https://www.st.com/en/embedded-software/x-cube-cryptolib.html

To rule out the possibility that the example project has implemented something that I forgot to copy into Atollic Studio, I created a new project in STM32CubeIDE and integrated the X-CUBE-CRYPTOLIB there as I did in Atollic Studio. The hash was calculated correctly there.

Now my problem:

The development environment Atollic TrueSTUDIO for STM32 9.3.0 is used for an existing project. I would like to use the X-CUBE-CRYPTOLIB there. If I put the "simple" example there, then the hash is calculated incorrectly.

The error occurs on the line if (memcmp(Expected_Tag, Computed_Tag, computed_size) != 0) because the Computed_Tag was not calculated correctly.

 

What could be the reason?

 

 

 

 

  /* Initialize cryptographic library */
  if (cmox_initialize(NULL) != CMOX_INIT_SUCCESS)
  {
    Error_Handler();
  }

  /* --------------------------------------------------------------------------
   * SINGLE CALL USAGE
   * --------------------------------------------------------------------------
   */

  /* Compute directly the authentication tag passing all the needed parameters */
  retval = cmox_mac_compute(CMOX_HMAC_SHA256_ALGO,     /* Use HMAC SHA256 algorithm */
                            Message, sizeof(Message),  /* Message to authenticate */
                            Key, sizeof(Key),          /* HMAC Key to use */
                            NULL, 0,                   /* Custom data */
                            Computed_Tag,              /* Data buffer to receive generated authnetication tag */
                            sizeof(Expected_Tag),      /* Expected authentication tag size */
                            &computed_size);           /* Generated tag size */

  /* Verify API returned value */
  if (retval != CMOX_MAC_SUCCESS)
  {
    Error_Handler();
  }

  /* Verify generated data size is the expected one */
  if (computed_size != sizeof(Expected_Tag))
  {
    Error_Handler();
  }

  /* Verify generated data are the expected ones */
  if (memcmp(Expected_Tag, Computed_Tag, computed_size) != 0)
  {
    Error_Handler();
  }

  /* Verify directly the message passing all the needed parameters */
  retval = cmox_mac_verify(CMOX_HMAC_SHA256_ALGO,     /* Use HMAC SHA256 algorithm */
                           Message, sizeof(Message),  /* Message to authenticate */
                           Key, sizeof(Key),          /* HMAC Key to use */
                           NULL, 0,                   /* Custom data */
                           Expected_Tag,              /* Authentication tag */
                           sizeof(Expected_Tag));     /* tag size */

  /* Verify API returned value */
  if (retval != CMOX_MAC_AUTH_SUCCESS)
  {
    Error_Handler();
  }

 

 

computed  

6 REPLIES 6

Is the CRC Peripheral clock enabled?

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

Do you mean that with CRC Peripheral clock?

Martin42_0-1712835616406.png

With STM32CubeIDE 1.13.1 it doesn't matter whether this is activated or not. The correct hash always comes out.

ST frequently ties their software to STM32 hardware via test patterns it queries against the CRC unit.

 

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

I have the firmware running on the same board.

Is it possible that the library works differently with the new compiler?

STea
ST Employee

Hello @Martin42 ,

as mentioned by tesla you need to make sure that the CRC is activated you can also deactivate the FPU implementation and select a pure software implementation for the cryptolib.

Check also the selected complier target of the library you are including in the cryptolib config.h file and make sure the GCC compiler is selected this should work in Atollic TrueSTUDIO for STM32 9.3.0 if it is working with cubeIde I think as they are both based on GCC. Make sure you are selecting the proper library for your project as the library is distributed with different compiled versions for different compilers and different cortex. Don't forget to check for your compiler optimization also because it may affect the results depending on the version of the lib you are including high speed or high size optimization. check this video for more details.

You can refer to this tutorial to get to know more about the proper way to integrate Cryptolib into your project.

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Perhaps make the code more free standing and compliable. With the test patterns and test data.

You could also submit as an Online Support Request from the support page.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..