SE050-E ssscli HMAC-SHA256 fails

psvz · ‎12-26-2022

I have a 256 bits HMAC secret injected:

root@raspberrypi:~ # ssscli se05x readidlist
sss   :INFO :atr (Len=35)
      01 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 00
      01 00 00 00    00 64 13 88    0A 00 65 53    45 30 35 31
      00 00 00
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
sss   :WARN :Error in Se05x_API_ReadType. Further use of object may fail
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
Key-Id: 0Xa12        HMAC                             Size(Bits): 256

It won't work:

root@raspberrypi:~ # ssscli sign --hashalgo SHA256 a12 input hmac
sss   :INFO :atr (Len=35)
      01 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 00
      01 00 00 00    00 64 13 88    0A 00 65 53    45 30 35 31
      00 00 00
sss   :WARN :nxEnsure:'macOperation != kSE05x_MACAlgo_NA' failed. At Line:6489 Function:sss_se05x_mac_one_go
ERROR:sss.symmetric:sss_mac_one_go FAILED
ERROR:sss.sign:Received signature data is empty
ERROR! Could not Sign from KeyID 0x00000A12

the input file:

root@raspberrypi:~ # cat input
1672057238

how do we fix it?

Kan_Li · ‎12-28-2022

Hi @psvz ,

Looks like ssscli tool just supports HMAC-SHA512 by default, you may refer to the demo of ex_sss_hmac instead.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Kan_Li · ‎12-26-2022

Hi @psvz ,

Please kindly make sure the input file has correct format as required.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

psvz · ‎12-27-2022

@Kan_Li - yes, I can confirm the input file is of binary format:

root@raspberrypi:~ # xxd input
00000000: 3136 3732 3035 3732 3338 0a

Kan_Li · ‎12-28-2022

Hi @psvz ,

Looks like ssscli tool just supports HMAC-SHA512 by default, you may refer to the demo of ex_sss_hmac instead.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

psvz · ‎12-28-2022

Thanks Kan. That python script is a real pain. I have now stopped using it. Chers.