in the StSafeA_GenerateSignature() function what does the InMAC parameter do and how should it be used.

Hi,

the parameter should be related to the authentication requirement between the MCU and the STSAFE secure element.

Please, refer to the examples included in the X-CUBE-SAFEA1 package.

Regards

Andrea

Thanks for the quick responce, I'm signing for MCU STSAFE pairing. I am trying to sign a CSR with the key pair I have in slot1.

Did you ever get anything to work with InMAC other than STSAFEA_MAC_NONE? I can do the Echo command and it works fine when using STSAFEA_MAC_NONE but zero return when I use something like STSAFEA_MAC_HOST_CMAC? I have narrowed my issue down(I think) to the StSafeA_ComputeCMAC() function. I have implemented my own wrapper using the hardware AES (using AES-GMAC) but I'm NOT quite sure if that is the correct one to use to calculate the CMAC. The authentication tag generated by AES-GMAC is 16 bytes but the StSafeA_ComputeCMAC() appends only 4 bytes to the original message as shown with this particular code at the end of that function

pStSafeA->InOutBuffer.LV.Length += STSAFEA_MAC_LENGTH; <--- this is 4

The response that I get from the STSAFE with a "wrong CMAC" is

0000000B <----- a header perhaps?

00000000 <----- I believe this is the size (16 bits) including the next byte

00000002

0000004E <---- I believe these are some error codes

000000AB <---- I believe these are some error codes

I also don't see any reference to AES-CMAC is the feature set for the STM32L4S MCU that I have though it supports ECB, CBC, CTR, GCM, GMAC, and CBC-MAC. Does the HAL/XCRYPTO library implement this in software?

Maybe someone at ST can clarify what is the exact AES-CMAC mode the STSAFE-A110 uses so I can use the correct mode on the STM32 side (if possible). Better yet, maybe ST can provide a reference manual for the STSAFE device describing the messaging format, command and response code, etc so I don't have to reverse engineer their STSAFE library to figure out what is going on.