Secure Authentication中的主题 SE050 VerifySessionUserID APDU returns SW 6B00 error

SE050 VerifySessionUserID APDU returns SW 6B00 error

krisztian_stancz — Wed, 16 Jun 2021 22:44:12 GMT

Hi,

I'm trying to open a session with a previously added user id on SE050 (OM-SE050ARD board), but when it comes to the VerifySessionUserID APDU, it returns a 6B00 error: Wrong parameter(s) P1-P2.

The APDU header is constructed according to AN12413 section 4.5.2.1. I've also double checked the values in the MW source code (se05x_enums.h) and they seem to be identical.

CLA: 0x80, INS: MGMT (0x04), P1: P1_DEFAULT (0x00), P2: P2_SESSION_USERID (0x2C)

Am I missing something?

The transaction:

--- Select applet
C-APDU: 00 a4 04 00 10 a0 00 00 03 96 54 53 00 00 00 01 03 00 00 00 00 00
R-APDU: 03 01 00 6f ff 01 0b 90 00
--- ret: 0

--- Get version
C-APDU: 80 04 00 20 0b
R-APDU: 41 82 00 07 03 01 00 6f ff 01 0b 90 00
--- Version: 3.1.0
--- ret: 0

--- Create session
C-APDU: 80 04 00 1b 06 41 04 00 00 00 15 0c
R-APDU: 41 82 00 08 01 d5 5f 77 5c 04 cf c4 90 00
--- session id: 01 d5 5f 77 5c 04 cf c4
--- ret: 0

--- Verify session user id
C-APDU: 80 04 00 2c 08 41 06 75 73 65 72 31 00
R-APDU: 6b 00
--- user id: user1
--- ret: -6

Re: SE050 VerifySessionUserID APDU returns SW 6B00 error

Kan_Li — Mon, 21 Jun 2021 06:56:13 GMT

Hi @krisztian_stancz ,

You have to use a ProcessSessionCommand in which the VerifySessionUserID command is wrapped , just as shown in the section UserID session in the APDU spec .

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Re: SE050 VerifySessionUserID APDU returns SW 6B00 error

krisztian_stancz — Tue, 22 Jun 2021 01:29:09 GMT

@Kan_Li

Thank you, that indeed solved it!

Well, that figure (and the other two as well) is a bit confusing. Appart from the typo (the APDU name should be ProcessSessionCmd), why does it talk about the MiddleWare, when this is an APDU specification?

Also, it contradicts to point 3.6.2 in the same document (page 21) which reads:

To open an (authenticated) applet session, a user must do the following:
1. Call CreateSession, passing an Authentication Object identifier as input and getting an 8-byte unique session identifier as response. At this point the session is not yet opened and commands should not be wrapped yet until authentication succeeded.
2. Depending on the type of Authentication Object, authentication needs to occur.
3. Once successfully authenticated, the session is opened. Commands sent within a session are wrapped in a ProcessSessionCmd APDU where the 1st argument is the session identifier and the 2nd argument is the APDU to be handled.

In my reading this means that ProcessSessionCmd should be only used after a plain VerifySessionUserID was successful. But obvisouly that is not the case. Maybe this should be better clarified.

Kind regards,

Krisztian

Re: SE050 VerifySessionUserID APDU returns SW 6B00 error

milanatik — Wed, 06 Nov 2024 13:35:42 GMT

Hi,

I would like to re-open this thread...

the ProcessSessionCommand use as parameter the session ID and VerifysessionuserID APDU command.

The response to CreateSession APDU from the SE050 is 8B length array. I have noticed, that first byte is always "0x01". Is it okay?

The VerifySessionUserId command should be "plain", i.e. 0x84,0x04,0x00,0x2C, 0x09, 0x41,0x0C,'NEEDSCP'. Or this APDU should be encrypted and MACed?

Best regards,

milanatik