Hi Team,
I would like to know whether SE050 supports the following requirements,
1) The capability of storing ECDSA secp256k1 asymmetric key pairs
2) Signing messages with the private key of the asymmetric key pair
Hi @Kan_Li,
This sample code for the Plug and Trust middleware nano package se050_sign has been updated to support the curved type secp256k1 and it's been tested on OM-SEC050ARD-C2 Ardino board with no issues. When I test with the SE050-C1 secure chip, the same code fails.
The Se05x_API_WriteECKey returns "SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED" as an error code. Please let me know if I am missing anything.
Thanks,
Sureshkumar R
Hi @Kan_Li,
Thanks for the reply.
Hi @krsuresh ,
I am sorry, my bad! I forgot to mention that the key value used in this demo should also be updated according to the cipher type. When you change the kSSS_CipherType_EC_NIST_P to kSSS_CipherType_EC_NIST_K, please use the following key value instead.
const uint8_t keyPairData[] = {
0x30,0x74,0x02,0x01,0x01,0x04,0x20,0xEB,0x27,0x3D,0xBE,0x73,0x6D,0xD5,0x47,0xC8,0xCF,0xD4,0xCE,0x91,0xCC,0x2F,0x48,0x60,0x1A,0x12,0x8D,0xB0,0x34,0xE6,0x14,0x35,0x95,0x35,0x5C,0xDD,0x0A,0x32,0x5A,0xA0,0x07,0x06,0x05,0x2B,0x81,0x04,0x00,0x0A,0xA1,0x44,0x03,0x42,0x00,0x04,0x18,0x6A,0x85,0x20,0x98,0xA0,0x35,0x3F,0x5D,0x93,0x05,0x61,0x75,0x9E,0xE4,0x7D,0xA0,0xD4,0x8C,0x56,0xA1,0x24,0x33,0x4C,0xD0,0x38,0xC5,0x0F,0x12,0x38,0x7B,0x57,0x38,0xC0,0x55,0xE9,0xF1,0x39,0x40,0x10,0x87,0xFF,0x3F,0x39,0x4E,0x65,0xC9,0xB0,0x34,0x9F,0xE7,0xDC,0xB9,0xE7,0x1B,0x31,0xB3,0x8E,0x54,0xB7,0xA1,0x23,0x36,0x42
};
const uint8_t extPubKeyData[] = { 0x30,0x56,0x30,0x10,0x06,0x07,0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,0x06,0x05,0x2B,0x81,0x04,0x00,0x0A,0x03,0x42,0x00,0x04,0x18,0x6A,0x85,0x20,0x98,0xA0,0x35,0x3F,0x5D,0x93,0x05,0x61,0x75,0x9E,0xE4,0x7D,0xA0,0xD4,0x8C,0x56,0xA1,0x24,0x33,0x4C,0xD0,0x38,0xC5,0x0F,0x12,0x38,0x7B,0x57,0x38,0xC0,0x55,0xE9,0xF1,0x39,0x40,0x10,0x87,0xFF,0x3F,0x39,0x4E,0x65,0xC9,0xB0,0x34,0x9F,0xE7,0xDC,0xB9,0xE7,0x1B,0x31,0xB3,0x8E,0x54,0xB7,0xA1,0x23,0x36,0x42
};
Please kindly refer to the following for more details.
smCom :DEBUG:Get ATR (Len=4)
00 00 00 00
smCom :DEBUG:pAtr (Len=39)
00 00 00 23 01 A0 00 00 03 96 04 03 E8 00 FE 02
0B 03 E8 00 01 00 00 00 00 64 13 88 0A 00 65 53
45 30 35 31 00 00 00
smCom :DEBUG:H> (Len=4)
01 00 00 16
smCom :DEBUG:Tx> (Len=22)
00 A4 04 00 10 A0 00 00 03 96 54 53 00 00 00 01
03 00 00 00 00 00
smCom :DEBUG:<H (Len=4)
01 00 00 09
smCom :DEBUG:<Rx (Len=9)
06 00 00 3F FF FF FF 90 00
smCom :INFO :selectResponseData (Len=7)
06 00 00 3F FF FF FF
sss :INFO :atr (Len=35)
01 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 00
01 00 00 00 00 64 13 88 0A 00 65 53 45 30 35 31
00 00 00
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
APDU :DEBUG:ReadIDList []
APDU :DEBUG:kSE05x_TAG_1 [output offset] = 0x0
APDU :DEBUG:kSE05x_TAG_2 [filter] = 0xFF
smCom :DEBUG:H> (Len=4)
01 00 00 10
smCom :DEBUG:Tx> (Len=16)
80 02 00 25 00 00 07 41 02 00 00 42 01 FF 00 00
smCom :DEBUG:<H (Len=4)
01 00 00 A5
smCom :DEBUG:<Rx (Len=165)
41 01 01 42 82 00 9C EF 00 00 94 EF 00 00 74 7D
A0 00 04 7D A0 00 13 7D A0 00 03 7D A0 00 12 7D
A0 00 02 7F FF 02 0A 7D A0 00 11 7D A0 00 01 7F
FF 02 07 7F FF 02 05 F0 00 01 23 F0 00 01 21 F0
00 01 13 F0 00 01 11 F0 00 01 03 F0 00 01 01 F0
00 01 22 F0 00 01 20 F0 00 01 12 F0 00 01 10 F0
00 01 02 F0 00 01 00 F0 00 00 03 F0 00 00 01 F0
00 00 02 F0 00 00 00 F0 00 00 11 F0 00 00 10 F0
00 00 13 F0 00 00 12 F0 00 00 20 F0 00 33 94 7F
FF 02 0B 7F FF 02 04 7F FF 02 02 7F FF 02 01 7F
FF 02 06 90 00
APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000094
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 28 06 41 04 EF 00 00 94
smCom :DEBUG:<H (Len=4)
01 00 00 02
smCom :DEBUG:<Rx (Len=2)
90 00
APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000074
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 28 06 41 04 EF 00 00 74
smCom :DEBUG:<H (Len=4)
01 00 00 02
smCom :DEBUG:<Rx (Len=2)
90 00
APDU :DEBUG:ReadCryptoObjectList []
smCom :DEBUG:H> (Len=4)
01 00 00 05
smCom :DEBUG:Tx> (Len=5)
80 02 10 25 00
smCom :DEBUG:<H (Len=4)
01 00 00 06
smCom :DEBUG:<Rx (Len=6)
41 82 00 00 90 00
App :INFO :Running Elliptic Curve Cryptography Example ex_sss_ecc.c
APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000076
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 27 06 41 04 EF 00 00 76
smCom :DEBUG:<H (Len=4)
01 00 00 05
smCom :DEBUG:<Rx (Len=5)
41 01 02 90 00
sss :DEBUG:sss_key_store_set_key(@EF000076, cipherType=kSSS_CipherType_EC_NIST_K, keyBitLen=256)
APDU :DEBUG:ReadECCurveList []
smCom :DEBUG:H> (Len=4)
01 00 00 05
smCom :DEBUG:Tx> (Len=5)
80 02 0B 25 00
smCom :DEBUG:<H (Len=4)
01 00 00 17
smCom :DEBUG:<Rx (Len=23)
41 82 00 11 02 01 02 01 02 01 01 01 01 01 01 01
01 01 01 02 01 90 00
APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000076
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 27 06 41 04 EF 00 00 76
smCom :DEBUG:<H (Len=4)
01 00 00 05
smCom :DEBUG:<Rx (Len=5)
41 01 02 90 00
APDU :DEBUG:Se05x_API_WriteECKey_Ver []
APDU :INFO :Policy is NULL
APDU :DEBUG:kSE05x_TAG_MAX_ATTEMPTS [maxAttempt] = 0x0
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000076
APDU :DEBUG:kSE05x_TAG_2 [curveID] = 0x10
APDU :DEBUG:kSE05x_TAG_3 [privKey] (Len=32)
EB 27 3D BE 73 6D D5 47 C8 CF D4 CE 91 CC 2F 48
60 1A 12 8D B0 34 E6 14 35 95 35 5C DD 0A 32 5A
APDU :DEBUG:kSE05x_TAG_4 [pubKey] (Len=65)
04 18 6A 85 20 98 A0 35 3F 5D 93 05 61 75 9E E4
7D A0 D4 8C 56 A1 24 33 4C D0 38 C5 0F 12 38 7B
57 38 C0 55 E9 F1 39 40 10 87 FF 3F 39 4E 65 C9
B0 34 9F E7 DC B9 E7 1B 31 B3 8E 54 B7 A1 23 36
42
APDU :DEBUG:kSE05x_TAG_11 [version] = 0x0
smCom :DEBUG:H> (Len=4)
01 00 00 79
smCom :DEBUG:Tx> (Len=121)
80 01 61 00 74 41 04 EF 00 00 76 42 01 10 43 20
EB 27 3D BE 73 6D D5 47 C8 CF D4 CE 91 CC 2F 48
60 1A 12 8D B0 34 E6 14 35 95 35 5C DD 0A 32 5A
44 41 04 18 6A 85 20 98 A0 35 3F 5D 93 05 61 75
9E E4 7D A0 D4 8C 56 A1 24 33 4C D0 38 C5 0F 12
38 7B 57 38 C0 55 E9 F1 39 40 10 87 FF 3F 39 4E
65 C9 B0 34 9F E7 DC B9 E7 1B 31 B3 8E 54 B7 A1
23 36 42 4B 04 00 00 00 00
smCom :DEBUG:<H (Len=4)
01 00 00 02
smCom :DEBUG:<Rx (Len=2)
90 00
App :INFO :Do Signing
App :INFO :digest (Len=32)
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
APDU :DEBUG:ECDSASign []
APDU :DEBUG:kSE05x_TAG_1 [objectID] = 0xEF000076
APDU :DEBUG:kSE05x_TAG_2 [ecSignAlgo] = 0x21
APDU :DEBUG:kSE05x_TAG_3 [inputData] (Len=32)
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
smCom :DEBUG:H> (Len=4)
01 00 00 30
smCom :DEBUG:Tx> (Len=48)
80 03 0C 09 2B 41 04 EF 00 00 76 42 01 21 43 20
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
smCom :DEBUG:<H (Len=4)
01 00 00 4D
smCom :DEBUG:<Rx (Len=77)
41 82 00 47 30 45 02 20 7E A1 14 35 BF CA BE 3C
65 FB 91 23 4C E6 93 55 B2 5D 0B A4 F5 FC 15 F9
3C 1F B8 F2 BD 83 63 27 02 21 00 ED 0F 60 45 CD
2E 78 57 2C D9 F0 4F 51 45 E2 F5 F8 72 43 9E A1
7E 20 7E 55 C1 E1 3B 17 94 73 2D 90 00
App :INFO :signature (Len=71)
30 45 02 20 7E A1 14 35 BF CA BE 3C 65 FB 91 23
4C E6 93 55 B2 5D 0B A4 F5 FC 15 F9 3C 1F B8 F2
BD 83 63 27 02 21 00 ED 0F 60 45 CD 2E 78 57 2C
D9 F0 4F 51 45 E2 F5 F8 72 43 9E A1 7E 20 7E 55
C1 E1 3B 17 94 73 2D
App :INFO :Signing Successful !!!
APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000096
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 27 06 41 04 EF 00 00 96
smCom :DEBUG:<H (Len=4)
01 00 00 05
smCom :DEBUG:<Rx (Len=5)
41 01 02 90 00
sss :DEBUG:sss_key_store_set_key(@EF000096, cipherType=kSSS_CipherType_EC_NIST_K, keyBitLen=256)
APDU :DEBUG:ReadECCurveList []
smCom :DEBUG:H> (Len=4)
01 00 00 05
smCom :DEBUG:Tx> (Len=5)
80 02 0B 25 00
smCom :DEBUG:<H (Len=4)
01 00 00 17
smCom :DEBUG:<Rx (Len=23)
41 82 00 11 02 01 02 01 02 01 01 01 01 01 01 01
01 01 01 02 01 90 00
APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000096
smCom :DEBUG:H> (Len=4)
01 00 00 0B
smCom :DEBUG:Tx> (Len=11)
80 04 00 27 06 41 04 EF 00 00 96
smCom :DEBUG:<H (Len=4)
01 00 00 05
smCom :DEBUG:<Rx (Len=5)
41 01 02 90 00
APDU :DEBUG:Se05x_API_WriteECKey_Ver []
APDU :INFO :Policy is NULL
APDU :DEBUG:kSE05x_TAG_MAX_ATTEMPTS [maxAttempt] = 0x0
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xEF000096
APDU :DEBUG:kSE05x_TAG_2 [curveID] = 0x10
APDU :DEBUG:kSE05x_TAG_3 [privKey] (Len=0)
APDU :DEBUG:kSE05x_TAG_4 [pubKey] (Len=65)
04 18 6A 85 20 98 A0 35 3F 5D 93 05 61 75 9E E4
7D A0 D4 8C 56 A1 24 33 4C D0 38 C5 0F 12 38 7B
57 38 C0 55 E9 F1 39 40 10 87 FF 3F 39 4E 65 C9
B0 34 9F E7 DC B9 E7 1B 31 B3 8E 54 B7 A1 23 36
42
APDU :DEBUG:kSE05x_TAG_11 [version] = 0x0
smCom :DEBUG:H> (Len=4)
01 00 00 57
smCom :DEBUG:Tx> (Len=87)
80 01 21 00 52 41 04 EF 00 00 96 42 01 10 44 41
04 18 6A 85 20 98 A0 35 3F 5D 93 05 61 75 9E E4
7D A0 D4 8C 56 A1 24 33 4C D0 38 C5 0F 12 38 7B
57 38 C0 55 E9 F1 39 40 10 87 FF 3F 39 4E 65 C9
B0 34 9F E7 DC B9 E7 1B 31 B3 8E 54 B7 A1 23 36
42 4B 04 00 00 00 00
smCom :DEBUG:<H (Len=4)
01 00 00 02
smCom :DEBUG:<Rx (Len=2)
90 00
App :INFO :Do Verify
App :INFO :digest (Len=32)
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
App :INFO :signature (Len=71)
30 45 02 20 7E A1 14 35 BF CA BE 3C 65 FB 91 23
4C E6 93 55 B2 5D 0B A4 F5 FC 15 F9 3C 1F B8 F2
BD 83 63 27 02 21 00 ED 0F 60 45 CD 2E 78 57 2C
D9 F0 4F 51 45 E2 F5 F8 72 43 9E A1 7E 20 7E 55
C1 E1 3B 17 94 73 2D
APDU :DEBUG:ECDSAVerify []
APDU :DEBUG:kSE05x_TAG_1 [objectID] = 0xEF000096
APDU :DEBUG:kSE05x_TAG_2 [ecSignAlgo] = 0x21
APDU :DEBUG:kSE05x_TAG_3 [inputData] (Len=32)
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
APDU :DEBUG:kSE05x_TAG_5 [signature] (Len=71)
30 45 02 20 7E A1 14 35 BF CA BE 3C 65 FB 91 23
4C E6 93 55 B2 5D 0B A4 F5 FC 15 F9 3C 1F B8 F2
BD 83 63 27 02 21 00 ED 0F 60 45 CD 2E 78 57 2C
D9 F0 4F 51 45 E2 F5 F8 72 43 9E A1 7E 20 7E 55
C1 E1 3B 17 94 73 2D
smCom :DEBUG:H> (Len=4)
01 00 00 79
smCom :DEBUG:Tx> (Len=121)
80 03 0C 0A 74 41 04 EF 00 00 96 42 01 21 43 20
48 65 6C 6C 6F 20 57 6F 72 6C 64 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
45 47 30 45 02 20 7E A1 14 35 BF CA BE 3C 65 FB
91 23 4C E6 93 55 B2 5D 0B A4 F5 FC 15 F9 3C 1F
B8 F2 BD 83 63 27 02 21 00 ED 0F 60 45 CD 2E 78
57 2C D9 F0 4F 51 45 E2 F5 F8 72 43 9E A1 7E 20
7E 55 C1 E1 3B 17 94 73 2D
smCom :DEBUG:<H (Len=4)
01 00 00 05
smCom :DEBUG:<Rx (Len=5)
41 01 01 90 00
App :INFO :Verification Successful !!!
App :INFO :ex_sss_ecc Example Success !!!...
App :INFO :ex_sss Finished
APDU :DEBUG:CloseSession []
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @krsuresh ,
You may generate the key pair with openssl , just like below:
openssl ecparam -name secp256k1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
Please also note the input key format for SSS APIs should be passed DER encoded using PKCS #8. Please kindly refer to simw-top/doc/sss/doc/apis-sss_key-format.html for more details.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li,
Thanks for the reply, I am able to test ex_ecc sign-in with the new secp256k1 key.
Thanks,
Sureshkumar R
Hi @krsuresh ,
Yes, it supports, and you may verify this with the demo of ex_ecc out of the MW which can be downloaded from https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license . The quick start guide for imx platform can be found in https://www.nxp.com/docs/en/application-note/AN13027.pdf .
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------