14.3.2 AES-256-CMAC Authentication (AUTH_TYPE = 0)
In AES-256-CMAC Authentication mode, the 128-bit signature of the user application is computed using the AES-256-CMAC algorithm, hence using the 256-bit secret key, AES_256_CMAC_KEY, stored in USB0 page 0.
The computed signature is compared to the signature appended to the 128-bit aligned user application in Flash. The ROM code locates the position of the signature in Flash reading the 8th vector in the ARM Cortex-M4 exception table read from 0x01000000 address. Indeed, this 32-bit word, in little endian format, is written with the size in bytes of the 128-bit aligned user application size plus the 16 bytes of the 128-bit AES-CMAC signature.
| Byte Offset | Bits[127:96] | Bits[95:64] | Bits[63:32] | Bits[31:0] |
|---|---|---|---|---|
| 0x000 | Hard Fault | NMI | Reset | Stack Pointer |
| 0x010 | (User App + Signature) Size | Usage Fault | Bus Fault | Mem Manage |
| 0x020 | ||||
| 0x040 | ||||
| … | ||||
| User App Size | 128-bit AES-256-CMAC signature | |||
| (User App + Signature) Size | ||||
As an example, for a 1000-byte unsigned user application, the size of the 128-bit aligned user application is ((1000 + 16 -1) / 16) * 16 = 1008. Then the User App Size written into the 8th vector is 1008 + 16 = 1024.