FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Curious behaviour through Applet SCP03 session

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Curious behaviour through Applet SCP03 session

‎12-30-2019 10:05 AM
1,729 Views
antoine_provot
Contributor II

Hi,

I'm facing a curious behaviour that I think comes from my SCP03 keys but I don't know where I missed the point.

Here's what I did:

When I installed a new SE050 on my setup I tried to open a session with the RESERVED_ID_TRANSPORT authentification object (0x7fff0200). It didn't work. I tried to check if the ID existed, and it didn't (what is curious considering what is said in the AN12514).

Then I opened a session with the RESERVED_ID_PLATFORM_SCP (0x7fff0207) that worked.

I processed the whole SCP03 authentification with success.

 But now that I'm working with fully ciphered ProcessSessionCommand APDU with CMAC and RMAC I noticed that some APDU where forbiden (0x69 0x82 statusword) like DF_Diversify, but not others, like checkIfObjectExist.

Even more strand: if I create a AES key with the auth object mask 0x40 it works, but if I remove it it does not.

I managed to generate AES keys authentification objects to authentify with, but once the authentification done, I had the same problems.

What is the correct way to distribute keys with a brand new SE050? How to connect first to distribute a specific SCP03 masterkey, and how to use the corresponding session key to have a full usage of the applet ?

Kind regards,

Antoine

0 Kudos
Reply
7 Replies

‎02-21-2020 04:32 AM
1,505 Views
antoine_provot
Contributor II

Hi,

Here's an example with Cipher_ One_Shot that works in clear but does not work in ciphered SCP03.

Could you tell us what we do wrong ? Is our object 0x41555448 wrongly created? Do we use the right key to authentify with? (Then how to change it ?) The documentation is a bit blurry concerning those subjects.

>>> Host->SE SoftReset
5A CF 00
<<< SE -> HOST ATR
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 54 50 4F
>>> Host->SE SelectApplication
00 A4 04 00 10 A0 00 00 03 96 54 53 00 00 00 01 03 00 00 00 00 00
<<< SE -> HOST R-APPDU
03 01 00 6F FF 01 0B 90 00
>>> Host->SE CheckObjectExist
80 04 00 27 06 41 04 41 55 54 48
<<< SE -> HOST R-APPDU
41 01 01 90 00
>>> Host->SE CreateSessions
80 04 00 1B 06 41 04 41 55 54 48 0A
<<< SE -> HOST R-APPDU
41 82 00 08 01 4A D9 97 76 2A E8 CE 90 00
>>> Host->SE SCPInitializeUpdate
80 05 00 00 19 10 08 01 4A D9 97 76 2A E8 CE 41 0D 80 50 00 00 08 00 00 00 00 00 00 00 00 00
<<< SE -> HOST R-APPDU
00 00 00 00 00 00 00 00 00 00 00 03 60 7F 28 8A 3B EC AB FE 60 48 91 9C 00 0B 3C C2 C8 90 00
>>> Host->SE SCPExternalAuthenticate
80 05 00 00 21 10 08 01 4A D9 97 76 2A E8 CE 41 15 84 82 33 00 10 4F 2F CD 70 94 C2 9A CB 55 75 01 E8 B7 06 B6 D0 00
<<< SE -> HOST R-APPDU
90 00
>>> Host->SE CipherOneShot
80 05 00 00 3A 10 08 01 4A D9 97 76 2A E8 CE 41 2E 84 03 0E 37 28 FC A3 55 12 63 1D A7 01 7D 2E 18 60 EC 6B FD 8D 8A 6C 79 86 F4 DF 09 0D FF 59 6D DF BB 21 25 45 E8 5D 46 47 1D E4 87 F8 00 00
<<< SE -> HOST R-APPDU
69 82

Thanks for your support.

Kind regards,

Antoine

0 Kudos
Reply

‎02-24-2020 12:57 AM
1,505 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

Thanks for the information! I am confused with the successful case on your side, do you mean if the following process was removed then CipherOneShot would have a 90 00 response?

>>> Host->SE SCPInitializeUpdate
80 05 00 00 19 10 08 01 4A D9 97 76 2A E8 CE 41 0D 80 50 00 00 08 00 00 00 00 00 00 00 00 00
<<< SE -> HOST R-APPDU
00 00 00 00 00 00 00 00 00 00 00 03 60 7F 28 8A 3B EC AB FE 60 48 91 9C 00 0B 3C C2 C8 90 00
>>> Host->SE SCPExternalAuthenticate
80 05 00 00 21 10 08 01 4A D9 97 76 2A E8 CE 41 15 84 82 33 00 10 4F 2F CD 70 94 C2 9A CB 55 75 01 E8 B7 06 B6 D0 00
<<< SE -> HOST R-APPDU
90 00

BTW, referring to CipherOneShot command as below:

80 05 00 00 3A 10 08 01 4A D9 97 76 2A E8 CE 41 2E 84 03 0E 37 28 FC A3 55 12 63 1D A7 01 7D 2E 18 60 EC 6B FD 8D 8A 6C 79 86 F4 DF 09 0D FF 59 6D DF BB 21 25 45 E8 5D 46 47 1D E4 87 F8 00 00

The part in bold is the  CipherOneShot command processed in the session, right? but referring to the spec, the command should be started with 0x80 indeed. Please kindly refer to the following for details.

pastedImage_2.png

Did you implement your application based on the MW for SE050? is it possible to have the application code for the above process?

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

‎01-13-2020 12:52 AM
1,505 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

Would you please specify the SE050 Variant?  I may help to check.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

‎01-13-2020 01:06 AM
1,505 Views
antoine_provot
Contributor II

Hi Kan. I have the problem with a an SE050C1.

Best regards,

Antoine.

0 Kudos
Reply

‎01-15-2020 02:24 AM
1,505 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

I checked on my SE050ARD with SE050C, the RESERVED_ID_TRANSPORT exists indeed. It is strange you didn't find it on your side. I tried with the demo of Get_Info  , how did you check it? Please kindly clarify.

pastedImage_3.png

pastedImage_1.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

‎02-06-2020 08:42 AM
1,505 Views
antoine_provot
Contributor II

Hi Kan,

thanks for your answer, but if you look at your result set, 41 01 02 means "object 0x7fff0200 does not exist".

0 Kudos
Reply

‎02-11-2020 08:21 PM
1,505 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine , 

Sorry, that is my fault, and I just checked with the expert, this ID is not set by default, so you have to create it manually.

Sorry for the inconvenience that might cause.

and for the 6982 error with DF_Diversify, do you have the log? so we may analyze and try to reproduce it here.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply