STSAFE A120: Reprovisioning is successful, but returns error STSE_INVALID_C_MAC

[NewUser2020]

Hello,

in our setup, we allow host key reprovisioning.

These are our provisioning control fields:

provisioningControlFields.change_right = 0; // The control fields can only be set once!
provisioningControlFields.reprovision = 1; // Allow reprovisioning.
provisioningControlFields.plaintext = 0; // Do not allow plain text.
provisioningControlFields.wrapped_anonymous = 1; // We are using DH derived KEK.
provisioningControlFields.wrapped_or_DH_derived_authentication_key = 0xFF; // Do not use private/public keys when starting a KEK session.

Then, we are using host key slot V2 and provision the host session keys with a 128-Bit AES key:

stse_host_key_provisioning_wrapped(context, STSAFEA_AES_128_HOST_KEY, aes128keys, STSE_ECC_KT_NIST_P_384);

Next we activate the command access condition for all commands to STSE_CMD_AC_HOST and set the host encryption flags to STSE_HOST_ENCRYPT_ALL.

Afterwards everything works as expected, the Host C-MAC and R-MAC are used for all commands and Host C-encryption/R-encryption are active for all commands.

But now comes the problem: When we reprovision the device with a call to

stse_host_key_provisioning_wrapped(context, STSAFEA_AES_256_HOST_KEY, aes256keys, STSE_ECC_KT_NIST_P_384);

the return value is STSE_INVALID_C_MAC, indicating that the provisioning failed.

However, this is not the case: the STSAFE has accepted the new keys and is using them.

I have digged a little deeper and found that the CMAC counter is stored in the session object in the device.
When a new host key is provisioned, stsafea_stop_volatile_KEK_session() is called.
It seems that the STSAFE is resetting the internal CMAC when a new host key is sent, however when stsafea_stop_volatile_KEK_session() is called at the end of the reprovisioning process STSELib is using the CMAC value of the current session and the STSAFE uses the resetted value and thus returns STSE_INVALID_C_MAC (last line in stsafea_frame_receive()).

Could you please advise me whether it is safe to ignore the error STSE_INVALID_C_MAC when reprovisioning the host keys with stse_host_key_provisioning_wrapped()?

Or is this a bug in STSELib that must be fixed?

[Grom-]

Hello @NewUser2020 ,

I confirm that STSAFE-A120 is resetting its Host MAC key counter when a new host key is provisioned/established . This is indeed a bug in the STSELib .

1 - As quick workaround , I confirm that you can ignore this error and ensure that new host session and KEK session is open before provisioning other keys (i.e : provisioning a new host key or a new symmetric keys)

2 - In parallel , I will check how to update of the library .