SPRACT3A September   2020  – June 2026 F29H850TU , F29H859TU-Q1 , F29P329SM-Q1 , TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F280033 , TMS320F280034 , TMS320F280034-Q1 , TMS320F280036-Q1 , TMS320F280036C-Q1 , TMS320F280037 , TMS320F280037-Q1 , TMS320F280037C , TMS320F280037C-Q1 , TMS320F280038-Q1 , TMS320F280038C-Q1 , TMS320F280039 , TMS320F280039-Q1 , TMS320F280039C , TMS320F280039C-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P550SG , TMS320F28P550SJ , TMS320F28P559SG-Q1 , TMS320F28P559SJ-Q1 , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DH-Q1 , TMS320F28P659DK-Q1 , TMS320F28P659SH-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. Introduction
  5. Secure Flash Boot Overview
  6. CMAC Authentication
  7. Secure Flash Boot Options
  8. Secure Flash Boot Flow
  9. C2000Ware Example Details
  10. Authenticating Flash Code Beyond 16 KB
  11. Debug Resources
  12. Additional Information and Points to Consider
  13. 10Alignment of C2000 CMAC Algorithm to OpenSSL
    1. 10.1 C28x Memory and Binary File Byte Ordering
    2. 10.2 Flash Binary Byte Ordering
    3. 10.3 CMAC Key Byte Ordering
    4. 10.4 CMAC Output Alignment Procedure
    5. 10.5 Worked Example
    6. 10.6 Summary of Differences
  14. 11References
  15. 12Revision History

10.6 Summary of Differences

The only behavioral differences between the hex2000 --cmac signing flow and a raw invocation of the OpenSSL AES-128-CMAC command are the two swapwords transforms that wrap the AES operation. The underlying cryptographic algorithm, key schedule, and initialization vector are identical in both cases. Table 10-2 summarizes the complete correspondence between the two flows for reference.

Table 10-2 Comparison of C2000 and OpenSSL CMAC Flows
Aspect C2000 OpenSSL
Message pre-processing swapwords(masked_binary) applied before AES Raw byte stream; no transform applied
Signature area masking Byte offsets 0x4–0x13 replaced with 0xFF Must be applied manually before invoking OpenSSL
Key byte order MSB-first (CMACKEY0 || ... || CMACKEY3) MSB-first; same order, no conversion needed
AES-128-CMAC algorithm NIST SP 800-38B (OMAC1) NIST SP 800-38B (OMAC1); identical
Initialization vector All zeros (implicit in CMAC standard) All zeros (implicit in CMAC standard)
Tag post-processing swapwords(aes_tag) applied before embedding Raw AES tag output; swapwords must be applied manually
Output Signed binary with embedded stored tag 16-byte raw AES tag; further processing required
Note:

The swapwords transform operates on 32-bit groups and therefore requires that the authenticated region length be a multiple of four bytes. The 16 KB (0x4000-byte) C28x Primary Secure Boot region satisfies this requirement. When performing extended authentication over a custom flash range as described in Section 7, the start and end addresses must similarly align to 128 bits in order for the CMAC algorithm to operate correctly without padding.