- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
SE050 - OpenSSL don't work with SCP03 authentication
Hi all,
I'm working with OpenSSL Engine in a Embedded Linux. I'm following Plug and Trust Manual for MW, version 03.03.00 to build the library "libsss_engine.so" and openssl.cnf.
Attached to this message there is a log that shows a MD5 generation through OpenSSL Engine + SE050 without authentication in a file called "logMD5_noAuth.txt", another file called "logMD5_Auth.txt" shows MD5 generation with SCP03 enabled.
Also, attached there is a file called "openssl_engine_operation.txt" that shows a call from console to OpenSSL which open a private console to type commands directly to OpenSSL. With authentication and without authentication.
It seems like authentication process is concluded, but some step after that to work OpenSSL Engine is blocked, I need some help to understand this and to fix it because I need to work with SE050 + MW through OpenSSL Engine.
For operation WITHOUT the authentication it works, but WITH authentication don't, it stops in and release console only if CTRL + C command are sent.
I need SCP03 authentication to work, because random generator and RSA keys only are generated with SCP03 enabled.
Thanks.
Hi @ElielderBMelo ,
Actually openssl console should be entered successfully with or without SCP03 authentication. I am wondering if there is another processor access the SE050 in the same time, would you please clarify? otherwise you have to use the access manager for such kind of cases. Please kindly refer to "simw-top/doc/hostlib/hostLib/accessManager/doc/accessManager.html" for more details.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
No, there is only one process running and accessing SE050. I'm wondering that the authentication process is not working properly within the OpenSSL Engine. I affirm that because without authentication OpenSSL Engine runs without problem, but I need authentication to be enabled because of RSA key generation.
Are there some change that I need to inside MW or not?
In our recent talks I've shown you my cmake options and it is the same. I want OpenSSL Engine to work. I guess it is not a access manager problem, because there is only one process in Linux which talks to SE050.
Thanks.
Hi @ElielderBMelo ,
Thanks for the clarification! Actually I just tried to reproduce this issue here, but it works as expected.
Did you use the right config file for openssl? Please kindly clarify.
You may refer to "simw-top/doc/sss/plugin/openssl/scripts/readme.html" for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
Thank you for the quick answer.
I have more information for you, it concerns to the Linux and OpenSSL version. And is as follows:
Working with the below version, it works:
---> Linux beaglebone 4.19.94-ti-r42 #1buster SMP PREEMPT Tue Mar 31 19:38:29 UTC 2020 armv7l GNU/Linux
---> OpenSSL 1.1.1d 10 Sep 2019
But, working with below version, it does not work:
---> Linux am335x-evm 5.4.74-g9574bba32a #1 PREEMPT Wed Jul 21 08:43:46 UTC 2021 armv7l armv7l armv7l GNU/Linux
---> OpenSSL 1.1.1g 21 Apr 2020
Thanks.
Hi @ElielderBMelo ,
I just checked with the expert, and he used a SE051 for test, but for SE050 it has to be identical apart from the applet version config.
In the test , access manager is used as a bridge between SE and multiple clients as it is a usuall case for Linux application. The manager establishes a SCP03 channel with SE and clients talk with access manager in plain, so you better have two folders for building: one for access manager and the other for clients such as openssl engine. The openssl version is 1.1.1g here. Please kindly refer to the following for more details.
The client for the access manager:
pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am_client $ cmake -L .
-- BUILD_TYPE: Debug
-- Found: /usr/lib/arm-linux-gnueabihf/libssl.so/usr/lib/arm-linux-gnueabihf/libcrypto.so
-- CMAKE_CXX_COMPILER_ID = GNU
-- CMAKE_SYSTEM_NAME = Linux
-- PTMW_SE05X_Auth - None
-- CMake version: 3.13.4
-- CMake system name: Linux
-- Timestamp is 2021-12-21T20:24:56Z
-- FLOW_VERBOSE is ON!!!
-- Configuring done
-- Generating done
-- Build files have been written to: /home/pi/release/04.00.00_2/simw-top_build/am_client
-- Cache values
CMAKE_BUILD_TYPE:STRING=
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/arm-linux-gnueabihf/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=TRUE
PAHO_BUILD_STATIC:BOOL=FALSE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=Raspbian
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Verbose
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=SCP03_SSS
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=06_00
PTMW_SMCOM:STRING=JRCP_V1_AM
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=ON
pkgcfg_lib__OPENSSL_crypto:FILEPATH=/usr/lib/arm-linux-gnueabihf/libcrypto.so
pkgcfg_lib__OPENSSL_ssl:FILEPATH=/usr/lib/arm-linux-gnueabihf/libssl.so
the Access Manager:
pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am $ cmake -L .
-- BUILD_TYPE: Debug
-- Found: /usr/lib/arm-linux-gnueabihf/libssl.so/usr/lib/arm-linux-gnueabihf/libcrypto.so
-- CMAKE_CXX_COMPILER_ID = GNU
-- CMAKE_SYSTEM_NAME = Linux
-- PTMW_SE05X_Auth - None
-- CMake version: 3.13.4
-- CMake system name: Linux
-- Timestamp is 2021-12-21T20:25:30Z
-- FLOW_VERBOSE is ON!!!
accessManager is not copied to default binary directory upon install
-- Configuring done
-- Generating done
-- Build files have been written to: /home/pi/release/04.00.00_2/simw-top_build/am
-- Cache values
CMAKE_BUILD_TYPE:STRING=
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/arm-linux-gnueabihf/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=FALSE
PAHO_BUILD_STATIC:BOOL=TRUE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=Raspbian
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Verbose
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=SCP03_SSS
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=06_00
PTMW_SMCOM:STRING=T1oI2C
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=OFF
pkgcfg_lib__OPENSSL_crypto:FILEPATH=/usr/lib/arm-linux-gnueabihf/libcrypto.so
pkgcfg_lib__OPENSSL_ssl:FILEPATH=/usr/lib/arm-linux-gnueabihf/libssl.so
Start Access Manager, run example:
Log from Client:
pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am_client $ EX_SSS_BOOT_SSS_PORT=localhost:8040 openssl rand -hex 10
ssse-flw: EmbSe_Init(): Entry
App :INFO :Using PortName='localhost:8040' (ENV: EX_SSS_BOOT_SSS_PORT=localhost:8040)
smCom :WARN :nxEnsure:'nSuccess != 1' failed. At Line:130 Function:getSocketParams
Connection to secure element over socket to localhost:8040
smCom :DEBUG:ATRCmd (Len=8)
00 00 00 04 00 00 01 00
smCom :DEBUG:Enter: recv()
smCom :DEBUG:Exit: recv(). read_write_len=4
smCom :DEBUG:Enter: recv()
smCom :DEBUG:Exit: recv(). read_write_len=21
smCom :DEBUG:Atr (Len=21)
3B FB 18 00 00 81 31 FE 45 50 4C 41 43 45 48 4F
4C 44 45 52 AB
smCom :DEBUG:Cmd (Len=22)
00 A4 04 00 10 A0 00 00 03 96 54 53 00 00 00 01
03 00 00 00 00 00
smCom :DEBUG:Rsp (Len=9)
06 00 00 3F FF FF FF 90 00
smCom :INFO :selectResponseData (Len=7)
06 00 00 3F FF FF FF
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
ssse-flw: Version: 1.0.5
ssse-flw: EmbSe_Init(): Exit
ssse-flw: EmbSe_Rand invoked requesting 10 random bytes
sss :DEBUG:FN: sss_rng_context_init
sss :DEBUG:FN: sss_rng_get_random
APDU :DEBUG:GetRandom []
APDU :DEBUG:kSE05x_TAG_1 [size] = 0xA
smCom :DEBUG:Cmd (Len=13)
80 04 00 49 00 00 04 41 02 00 0A 00 00
smCom :DEBUG:Rsp (Len=16)
41 82 00 0A 4C AE 4B 4D 86 EB 23 B2 B2 9C 90 00
4cae4b4d86eb23b2b29c
ssse-flw: EmbSe_Finish(): Entry
APDU :DEBUG:CloseSession []
ssse-flw: EmbSe_Finish(): Exit
ssse-flw: EmbSe_Destroy(): Entry
Log from Access Manager, at the end you see the random returned to the client:
pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am $ bin/accessManager
Starting accessManager (Rev.1.0).
Protect Link between accessManager and SE: YES.
accessManager JRCPv1 (T1oI2C SE side)
******************************************************************************
Server: waiting for connections on port 8040.
Server: only localhost based processes can connect.
New client connection from 127.0.0.1. Client ID: 4
Command 0x00 from client 4
smCom :DEBUG:phPalEse_i2c_open_and_configure Opening port
smCom :DEBUG:I2C driver Initialized :: fd = [12]
smCom :DEBUG:phNxpEseProto7816_Open: First open completed
smCom :DEBUG:phNxpEse_clearReadBuffer Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 260 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:TransceiveProcess nextTransceiveState 4
smCom :DEBUG:S-Frame PCB: c0
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=5)
5A C0 00 FF FC
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:RAW Rx< (Len=5)
A5 E0 00 3F 19
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x5
smCom :DEBUG:Received CRC:0x3f19 Calculated CRC:0x3f19
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame S-Frame Received
smCom :DEBUG:TransceiveProcess nextTransceiveState 7
smCom :DEBUG:S-Frame PCB: c7
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=5)
5A C7 00 F7 B1
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 37 bytes
smCom :DEBUG:RAW Rx< (Len=40)
A5 E7 23 01 A0 00 00 03 96 04 03 E8 00 FE 02 0B
03 E8 00 01 00 00 00 00 64 13 88 0A 00 65 53 45
30 35 31 00 00 00 FF FD
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x28
smCom :DEBUG:Received CRC:0xfffd Calculated CRC:0xfffd
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame S-Frame Received
smCom :DEBUG:phNxpEseProto7816_DecodeSFrameData frameoffset=3 value=0x1
smCom :DEBUG:Data[0]=0x1 len=35 Data[34]=0x0 Data[0]=0x23
DUMMY_ATR=0x01.A0.00.00.03.96.04.03.E8.00.FE.02.0B.03.E8.00.01.00.00.00.00.64.13.88.0A.00.65.53.45.30.35.31.00.00.00.
Replacing *_ATR by default (pre-cooked) ATR.
ATR=0x3B.FB.18.00.00.81.31.FE.45.50.4C.41.43.45.48.4F.4C.44.45.52.AB.
Command 0x01 from client 4
smCom :DEBUG:APDU Tx> (Len=22)
00 A4 04 00 10 A0 00 00 03 96 54 53 00 00 00 01
03 00 00 00 00 00
smCom :DEBUG:Enter phNxpEseProto7816_Transceive
smCom :DEBUG:Transceive data ptr 0x0xbef08418 len:22
smCom :DEBUG:I-Frame Data Len: 22 Seq. no:0
smCom :DEBUG:TransceiveProcess nextTransceiveState 1
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=27)
5A 00 16 00 A4 04 00 10 A0 00 00 03 96 54 53 00
00 00 01 03 00 00 00 00 00 A8 C8
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 11 bytes
smCom :DEBUG:RAW Rx< (Len=14)
A5 00 09 06 00 00 3F FF FF FF 90 00 E3 91
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0xe
smCom :DEBUG:Received CRC:0xe391 Calculated CRC:0xe391
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0
smCom :DEBUG:Data[0]=0x6 len=9 Data[8]=0x90 Data[0]=0x9
smCom :DEBUG: phNxpEse_Transceive Exit status 0x0
smCom :DEBUG:APDU Rx< (Len=9)
06 00 00 3F FF FF FF 90 00
SM_EstablishPlatformSCP03Am (Entry)
App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
scp :DEBUG:FN: nxScp03_AuthenticateChannel
scp :DEBUG: Output: hostChallenge (Len=8)
58 DB 73 2F 4F 28 0A 07
scp :DEBUG:FN: nxScp03_GP_InitializeUpdate
scp :DEBUG:Input:keyVersion 0b
scp :DEBUG: Input: hostChallenge (Len=8)
58 DB 73 2F 4F 28 0A 07
scp :DEBUG:Sending GP Initialize Update Command !!!
smCom :DEBUG:APDU Tx> (Len=13)
80 50 0B 00 08 58 DB 73 2F 4F 28 0A 07
smCom :DEBUG:Enter phNxpEseProto7816_Transceive
smCom :DEBUG:Transceive data ptr 0x0xbef07068 len:13
smCom :DEBUG:I-Frame Data Len: 13 Seq. no:1
smCom :DEBUG:TransceiveProcess nextTransceiveState 1
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=18)
5A 40 0D 80 50 0B 00 08 58 DB 73 2F 4F 28 0A 07
91 26
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 33 bytes
smCom :DEBUG:RAW Rx< (Len=36)
A5 40 1F 90 03 02 26 10 28 23 99 59 80 0B 03 00
CE 83 6A E1 65 13 86 19 7C DA F6 D7 84 2E D3 E9
90 00 AA 2C
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x24
smCom :DEBUG:Received CRC:0xaa2c Calculated CRC:0xaa2c
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1
smCom :DEBUG:Data[0]=0x90 len=31 Data[30]=0x90 Data[0]=0x1f
smCom :DEBUG: phNxpEse_Transceive Exit status 0x0
smCom :DEBUG:APDU Rx< (Len=31)
90 03 02 26 10 28 23 99 59 80 0B 03 00 CE 83 6A
E1 65 13 86 19 7C DA F6 D7 84 2E D3 E9 90 00
scp :DEBUG: Output: keyDivData (Len=10)
90 03 02 26 10 28 23 99 59 80
scp :DEBUG: Output: keyInfo (Len=3)
0B 03 00
scp :DEBUG: Output: cardChallenge (Len=8)
CE 83 6A E1 65 13 86 19
scp :DEBUG: Output: cardCryptoGram (Len=8)
7C DA F6 D7 84 2E D3 E9
scp :DEBUG:FN: nxScp03_HostLocal_CalculateSessionKeys
scp :DEBUG: Input:hostChallenge (Len=8)
58 DB 73 2F 4F 28 0A 07
scp :DEBUG: Input:cardChallenge (Len=8)
CE 83 6A E1 65 13 86 19
scp :DEBUG:Set the Derviation data to generate Session ENC key
scp :DEBUG:FN: nxScp03_setDerivationData
scp :DEBUG:Input:ddConstant 04
scp :DEBUG:Input:ddL 80
scp :DEBUG:Input:iCounter 01
scp :DEBUG: Input: keyInfo (Len=16)
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:Output: KeyDivData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_Generate_SessionKey
scp :DEBUG: Input: inData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG: Output:outSignature (Len=16)
49 DB 86 54 88 8A D6 A5 6F 8C 32 8A 61 93 72 AF
scp :DEBUG: Output:sessionEncKey (Len=16)
49 DB 86 54 88 8A D6 A5 6F 8C 32 8A 61 93 72 AF
scp :DEBUG:Set the Derviation data to generate Session MAC key
scp :DEBUG:FN: nxScp03_setDerivationData
scp :DEBUG:Input:ddConstant 06
scp :DEBUG:Input:ddL 80
scp :DEBUG:Input:iCounter 01
scp :DEBUG: Input: keyInfo (Len=16)
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:Output: KeyDivData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 06 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_Generate_SessionKey
scp :DEBUG: Input: inData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 06 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG: Output:outSignature (Len=16)
9C 09 9E C8 FB 76 35 60 17 3D E6 2C 55 40 5D 34
scp :DEBUG: Output:sessionMacKey (Len=16)
9C 09 9E C8 FB 76 35 60 17 3D E6 2C 55 40 5D 34
scp :DEBUG:Set the Derviation data to generate Session RMAC key
scp :DEBUG:FN: nxScp03_setDerivationData
scp :DEBUG:Input:ddConstant 07
scp :DEBUG:Input:ddL 80
scp :DEBUG:Input:iCounter 01
scp :DEBUG: Input: keyInfo (Len=16)
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:Output: KeyDivData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 07 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_Generate_SessionKey
scp :DEBUG: Input: inData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 07 00 00 80 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG: Output:outSignature (Len=16)
53 E8 CC FE 0E 23 0D 90 33 84 5D 7E 06 DA 17 61
scp :DEBUG: Output:sessionRmacKey (Len=16)
53 E8 CC FE 0E 23 0D 90 33 84 5D 7E 06 DA 17 61
scp :DEBUG:FN: nxScp03_HostLocal_VerifyCardCryptogram
scp :DEBUG: Input:hostChallenge (Len=8)
58 DB 73 2F 4F 28 0A 07
scp :DEBUG: Input:cardChallenge (Len=8)
CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_setDerivationData
scp :DEBUG:Input:ddConstant 00
scp :DEBUG:Input:ddL 40
scp :DEBUG:Input:iCounter 01
scp :DEBUG: Input: keyInfo (Len=16)
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:Output: KeyDivData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_Generate_SessionKey
scp :DEBUG: Input: inData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG: Output:outSignature (Len=16)
7C DA F6 D7 84 2E D3 E9 71 BB 14 71 A5 37 7E 23
scp :DEBUG: Output:cardCryptogram (Len=16)
7C DA F6 D7 84 2E D3 E9 71 BB 14 71 A5 37 7E 23
scp :DEBUG:cardCryptoGram (Len=8)
7C DA F6 D7 84 2E D3 E9
scp :DEBUG:CardCryptogram verified successfully...Calculate HostCryptogram
scp :DEBUG:FN: nxScp03_HostLocal_CalculateHostCryptogram
scp :DEBUG: Input:hostChallenge (Len=8)
58 DB 73 2F 4F 28 0A 07
scp :DEBUG: Input:cardChallenge (Len=8)
CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_setDerivationData
scp :DEBUG:Input:ddConstant 01
scp :DEBUG:Input:ddL 40
scp :DEBUG:Input:iCounter 01
scp :DEBUG: Input: keyInfo (Len=16)
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:Output: KeyDivData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 01 00 00 40 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG:FN: nxScp03_Generate_SessionKey
scp :DEBUG: Input: inData (Len=32)
00 00 00 00 00 00 00 00 00 00 00 01 00 00 40 01
58 DB 73 2F 4F 28 0A 07 CE 83 6A E1 65 13 86 19
scp :DEBUG: Output:outSignature (Len=16)
EC 18 F7 71 CD F4 44 1D 94 8F CD 5D 2B B9 15 04
scp :DEBUG: Output:hostCryptogram (Len=16)
EC 18 F7 71 CD F4 44 1D 94 8F CD 5D 2B B9 15 04
scp :DEBUG:hostCryptogram (Len=8)
EC 18 F7 71 CD F4 44 1D
scp :DEBUG:FN: nxScp03_GP_ExternalAuthenticate
scp :DEBUG: Input: hostCryptogram (Len=8)
EC 18 F7 71 CD F4 44 1D
scp :DEBUG:Calculate the MAC on data
scp :DEBUG: Output: Calculated MAC (Len=8)
62 7A F1 81 03 B5 F2 D6
scp :DEBUG:Add calculated MAC Value to cmd Data
scp :DEBUG:Sending GP External Authenticate Command !!!
smCom :DEBUG:APDU Tx> (Len=21)
84 82 33 00 10 EC 18 F7 71 CD F4 44 1D 62 7A F1
81 03 B5 F2 D6
smCom :DEBUG:Enter phNxpEseProto7816_Transceive
smCom :DEBUG:Transceive data ptr 0x0xbef06c50 len:21
smCom :DEBUG:I-Frame Data Len: 21 Seq. no:0
smCom :DEBUG:TransceiveProcess nextTransceiveState 1
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=26)
5A 00 15 84 82 33 00 10 EC 18 F7 71 CD F4 44 1D
62 7A F1 81 03 B5 F2 D6 C9 CF
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 4 bytes
smCom :DEBUG:RAW Rx< (Len=7)
A5 00 02 90 00 02 AF
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x7
smCom :DEBUG:Received CRC:0x2af Calculated CRC:0x2af
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0
smCom :DEBUG:Data[0]=0x90 len=2 Data[1]=0x90 Data[0]=0x2
smCom :DEBUG: phNxpEse_Transceive Exit status 0x0
smCom :DEBUG:APDU Rx< (Len=2)
90 00
scp :DEBUG:Authentication Successful!!!
SE051 connected.
SM_EstablishPlatformSCP03Am (Exit); Status = 0x9000
Command 0x01 from client 4
scp :DEBUG:FN: nxSCP03_Encrypt_CommandAPDU
scp :DEBUG: Input:cmdBuf (Len=4)
41 02 00 0A
scp :DEBUG:FN: nxSCP03_PadCommandAPDU
scp :DEBUG:Input: cmdBuf (Len=4)
41 02 00 0A
scp :DEBUG:Ouput: cmdBuf (Len=16)
41 02 00 0A 80 00 00 00 00 00 00 00 00 00 00 00
scp :DEBUG:FN: nxSCP03_Calculate_CommandICV
scp :DEBUG: Output: (Len=8)
C1 FB DD 73 49 A5 8A 9F
scp :DEBUG:Encrypt CommandAPDU
scp :DEBUG:cmdBuf (Len=16)
4B 85 64 AE B4 0D 2B 28 B5 E4 23 74 B2 AA 1A 0F
scp :DEBUG:Output: EncryptedcmdBuf (Len=16)
4B 85 64 AE B4 0D 2B 28 B5 E4 23 74 B2 AA 1A 0F
scp :DEBUG:FN: nxpSCP03_CalculateMac_CommandAPDU
scp :DEBUG:Input: cmdBuf (Len=23)
84 04 00 49 00 00 18 4B 85 64 AE B4 0D 2B 28 B5
E4 23 74 B2 AA 1A 0F
scp :DEBUG:Output: mac (Len=8)
64 F2 C8 2B 01 07 1A 6A
smCom :DEBUG:APDU Tx> (Len=33)
84 04 00 49 00 00 18 4B 85 64 AE B4 0D 2B 28 B5
E4 23 74 B2 AA 1A 0F 64 F2 C8 2B 01 07 1A 6A 00
00
smCom :DEBUG:Enter phNxpEseProto7816_Transceive
smCom :DEBUG:Transceive data ptr 0x0xbef07620 len:33
smCom :DEBUG:I-Frame Data Len: 33 Seq. no:1
smCom :DEBUG:TransceiveProcess nextTransceiveState 1
smCom :DEBUG:phNxpEse_WriteFrame Enter ..
smCom :DEBUG:RAW Tx> (Len=38)
5A 40 21 84 04 00 49 00 00 18 4B 85 64 AE B4 0D
2B 28 B5 E4 23 74 B2 AA 1A 0F 64 F2 C8 2B 01 07
1A 6A 00 00 42 0A
smCom :DEBUG:phNxpEse_read Enter ..
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:_i2c_read() error : 13
smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF
smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms
smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes
smCom :DEBUG:phNxpEse_readPacket Read HDR
smCom :DEBUG:phNxpEse_readPacket SOF FOUND
smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes
smCom :DEBUG:poll_sof_chained_delay value is 0
smCom :DEBUG:phPalEse_i2c_read Read Requested 28 bytes
smCom :DEBUG:RAW Rx< (Len=31)
A5 40 1A E8 7F 06 06 DB E0 F9 20 A6 09 D7 34 F6
F9 2D 03 26 58 37 20 5F 90 2B 2E 90 00 6D F8
smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x1f
smCom :DEBUG:Received CRC:0x6df8 Calculated CRC:0x6df8
smCom :DEBUG:Retry Counter = 0
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received
smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1
smCom :DEBUG:Data[0]=0xe8 len=26 Data[25]=0x90 Data[0]=0x1a
smCom :DEBUG: phNxpEse_Transceive Exit status 0x0
smCom :DEBUG:APDU Rx< (Len=26)
E8 7F 06 06 DB E0 F9 20 A6 09 D7 34 F6 F9 2D 03
26 58 37 20 5F 90 2B 2E 90 00
scp :DEBUG:FN: nxpSCP03_Decrypt_ResponseAPDU
scp :DEBUG: Input:rspBuf (Len=26)
E8 7F 06 06 DB E0 F9 20 A6 09 D7 34 F6 F9 2D 03
26 58 37 20 5F 90 2B 2E 90 00
scp :DEBUG: Calculated RMAC : (Len=16)
26 58 37 20 5F 90 2B 2E 61 CE 37 D3 9E BD 0B 4A
scp :DEBUG:Verify MAC
scp :DEBUG:RMAC verified successfully...Decrypt Response Data
scp :DEBUG:Status Word: (Len=2)
90 00
scp :DEBUG:FN: nxpSCP03_Get_ResponseICV
scp :DEBUG: Input:Data (Len=16)
80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
scp :DEBUG: Output:RespICV (Len=16)
5C FC 67 8E 23 1D 19 6E F6 25 80 43 C4 D1 93 25
scp :DEBUG:Decrypt the response
scp :DEBUG:PlainText (Len=16)
41 82 00 0A 4C AE 4B 4D 86 EB 23 B2 B2 9C 80 00
scp :DEBUG:FN: nxpSCP03_RestoreSw_RAPDU
scp :DEBUG:PlainText+SW (Len=16)
41 82 00 0A 4C AE 4B 4D 86 EB 23 B2 B2 9C 90 00
scp :DEBUG:Inc_CommandCounter value (Len=16)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
SM_SendAPDUAm: smStatus = 0x9000
Received 0 byte from client 4 (Message Header Phase) .
Please also note the „auth“ setting only configures for examples the standard boot-up authentication. Still the application can create own secure channels as long as SCP in general is enabled using SCP=SSS.
Regarding the openssl versions so far I have not heard about compatibility issued of specific sub versions (the last letter in the version-string).
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @ElielderBMelo ,
Thanks for the information! The problem is you tried to establish a SCP03 channel between the client and access manager , while this channel should be in plain, and the access manager would establish the SCP03 channel if SCP=SSS is enabled.
You may use the same building folder for clients and access manager, but please build & install clients at first.
cmake –DPTMW_SE05X_Auth:STRING=None –DPTMW_SMCOM:STRING=JRCP_V1_AM .
cmake --build .
make install
//Here would not install all the applications except the access manager .
After that, in the same building folder, apply the cmake option for access manager as below:
cmake –DPTMW_SCP:STRING=SCP03_SSS -DPTMW_SMCOM:STRING=T1oI2C -DWithSharedLIB:BOOL=OFF \
-DPAHO_BUILD_SHARED:BOOL=FALSE -DPAHO_BUILD_STATIC:BOOL=TRUE .
cmake --build . --target accessManager
//Here just build access manager
Then just in the building folder, run command like below:
EX_SSS_BOOT_SCP03_PATH=/home/pi/plain_scp03.txt bin/accessManager
Finally, Start client(s) in a separate terminal:
EX_SSS_BOOT_SSS_PORT=127.0.0.1:8040 /usr/local/bin/ex_ecc
Then you would see logs from user application as well as access manager from different terminals.
Please kindly check the attached cmake option for clients and access manager for more details.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @ElielderBMelo ,
Did you build access manager and client applications in separated building folder or the same folder? I didn't find you had specified the path but just run them in local folder. In my test, I use the same folder to build them, I built clients at first and run "make install" to copy the application into /usr/local/bin, and then built for access manager only so you may find it in the local building folder/bin and run it from there.
BTW, is it possible to share your cmake options for clients and access manager?
Thanks for your patience!
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
I'm sending you the log files from Access Manager and ex_ecc Application. It went well, it was just fine the application running process.
Only se05x_GetInfo Application did not run as expected.
Thanks.
Hi @ElielderBMelo ,
Thanks for the clarification! I could reproduce your issue here, and after investigating the source code, I found GetInfo demo also uses JCOP4 commands which are not fully supported by AccessManager so far, such as cardManagerSelect command, but if your application just uses IoT Applet commands, there is no issue at all, please just go ahead.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
It was just a question, I dont need JCOP4 commands, it was only to run Get Info. I thought it was strange this application didn't run well.
I'm working with OpenSSL and Access Manager + libsss_engine.so ran just fine. I'm testing right now in my environment to check if all that I need is ok.
Thank you for the reply.
Hi @ElielderBMelo ,
Great to know! Thanks for the clarification! Please kindly let me know if there is any issue.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
I've generated the Access Manager and Client. I attached cmake options to this message and I ask you, please, to check it. I built both in the same directory, for Client I saved partially cmake option and for Access Manager another file.
I will send another message explaining the results of Access Manager + Client application.
Thanks.
Hi @ElielderBMelo ,
Thanks for the update! I am not sure if it is some kind of compatible issue, but will check with the expert regarding this topic.
I will let you know when I have any feedback from there.
Thanks for your patience!
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @Kan_Li
Thank you for the previous replies. I will try to apply here.
One more thing that I want you to check, please, it is regarding to Linux version. It works in Linux 4, but it doesn't in Linux 5. Please, could you check if is there any issue with Linux compatibility and SSS library for OpenSSL Engine?
Thanks.
Hi @ElielderBMelo ,
The latest feedback from the expert shows Linux 5 and openssl 1.1.1g still works with SE050. Please kindly refer to the following for details.
I tested now on i.MX6UL with AccessManager to achieve a platformSCP channel and openssl 1.1.1g : works!
Used openSSL version:
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# openssl version
OpenSSL 1.1.1g 21 Apr 2020
Configuration AccessManager:
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# cmake -L .
-- BUILD_TYPE: Debug
-- Found: /usr/lib/libssl.so/usr/lib/libcrypto.so
-- CMAKE_CXX_COMPILER_ID = GNU
-- CMAKE_SYSTEM_NAME = Linux
-- PTMW_SE05X_Auth - None
-- CMake version: 3.15.3
-- CMake system name: Linux
-- Timestamp is 2021-12-22T15:31:41Z
-- FLOW_VERBOSE is ON!!!
accessManager is not copied to default binary directory upon install
-- Configuring done
-- Generating done
-- Build files have been written to: /home/root/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server
-- Cache values
CMAKE_BUILD_TYPE:STRING=
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=FALSE
PAHO_BUILD_STATIC:BOOL=TRUE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=iMXLinux
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Verbose
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=SCP03_SSS
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=03_XX
PTMW_SMCOM:STRING=T1oI2C
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=OFF
Configuration Clients:
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client# cmake -L .
-- BUILD_TYPE: Debug
-- Found: /usr/lib/libssl.so/usr/lib/libcrypto.so
-- CMAKE_CXX_COMPILER_ID = GNU
-- CMAKE_SYSTEM_NAME = Linux
-- PTMW_SE05X_Auth - None
-- CMake version: 3.15.3
-- CMake system name: Linux
-- Timestamp is 2021-12-22T15:35:50Z
-- FLOW_VERBOSE is ON!!!
-- Configuring done
-- Generating done
-- Build files have been written to: /home/root/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client
-- Cache values
CMAKE_BUILD_TYPE:STRING=
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=FALSE
PAHO_BUILD_STATIC:BOOL=TRUE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=iMXLinux
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Verbose
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=None
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=03_XX
PTMW_SMCOM:STRING=JRCP_V1_AM
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=ON
Start AccessManager:
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# bin/accessManager
Start client:
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client/bin# EX_SSS_BOOT_SSS_PORT=localhost:8040 OPENSSL_CONF=/home/root/se05x_mw_v04.00.00_20211029_123928/simw-top/demos/linux/common/openssl11_sss_se050.cnf openssl rand -hex 10
ssse-flw: EmbSe_Init(): Entry
App :INFO :Using PortName='localhost:8040' (ENV: EX_SSS_BOOT_SSS_PORT=localhost:8040)
smCom :WARN :nxEnsure:'nSuccess != 1' failed. At Line:130 Function:getSocketParams
Connection to secure element over socket to localhost:8040
smCom :DEBUG:ATRCmd (Len=8)
00 00 00 04 00 00 01 00
smCom :DEBUG:Enter: recv()
smCom :DEBUG:Exit: recv(). read_write_len=4
smCom :DEBUG:Enter: recv()
smCom :DEBUG:Exit: recv(). read_write_len=21
smCom :DEBUG:Atr (Len=21)
3B FB 18 00 00 81 31 FE 45 50 4C 41 43 45 48 4F
4C 44 45 52 AB
smCom :DEBUG:Cmd (Len=22)
00 A4 04 00 10 A0 00 00 03 96 54 53 00 00 00 01
03 00 00 00 00 00
smCom :DEBUG:Rsp (Len=9)
03 01 00 6F FF 01 0B 90 00
smCom :INFO :selectResponseData (Len=7)
03 01 00 6F FF 01 0B
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
ssse-flw: Version: 1.0.5
ssse-flw: EmbSe_Init(): Exit
ssse-flw: EmbSe_Rand invoked requesting 10 random bytes
sss :DEBUG:FN: sss_rng_context_init
sss :DEBUG:FN: sss_rng_get_random
APDU :DEBUG:GetRandom []
APDU :DEBUG:kSE05x_TAG_1 [size] = 0xA
smCom :DEBUG:Cmd (Len=13)
80 04 00 49 00 00 04 41 02 00 0A 00 00
smCom :DEBUG:Rsp (Len=16)
41 82 00 0A 46 23 12 13 60 B0 1F B6 EB C1 90 00
4623121360b01fb6ebc1
ssse-flw: EmbSe_Finish(): Entry
APDU :DEBUG:CloseSession []
ssse-flw: EmbSe_Finish(): Exit
ssse-flw: EmbSe_Destroy(): Entry
--à Random comes from SE
AccessManager Log excerpt which shows the encrypted communication:
smCom :DEBUG:APDU Rx< (Len=26)
2A 6A E2 9F EA 8C 8E 8B 84 03 2B 9D A6 A0 20 E9
FC 32 F1 36 2E D2 5F 56 90 00
scp :DEBUG:FN: nxpSCP03_Decrypt_ResponseAPDU
scp :DEBUG: Input:rspBuf (Len=26)
2A 6A E2 9F EA 8C 8E 8B 84 03 2B 9D A6 A0 20 E9
FC 32 F1 36 2E D2 5F 56 90 00
scp :DEBUG: Calculated RMAC : (Len=16)
FC 32 F1 36 2E D2 5F 56 76 47 A6 D3 64 B1 D3 B2
scp :DEBUG:Verify MAC
scp :DEBUG:RMAC verified successfully...Decrypt Response Data
scp :DEBUG:Status Word: (Len=2)
90 00
scp :DEBUG:FN: nxpSCP03_Get_ResponseICV
scp :DEBUG: Input:Data (Len=16)
80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E
scp :DEBUG: Output:RespICV (Len=16)
3E A7 0E 76 0F D9 75 36 26 90 72 CC 2A 5B FC FC
scp :DEBUG:Decrypt the response
scp :DEBUG:PlainText (Len=16)
41 82 00 0A 46 23 12 13 60 B0 1F B6 EB C1 80 00
scp :DEBUG:FN: nxpSCP03_RestoreSw_RAPDU
scp :DEBUG:PlainText+SW (Len=16)
41 82 00 0A 46 23 12 13 60 B0 1F B6 EB C1 90 00
scp :DEBUG:Inc_CommandCounter value (Len=16)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F
root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build# cat /etc/iss
ue
NXP i.MX Release Distro 5.4-zeus \n \l
Would you please try the above settings as well on your side? Please kindly create two building folders for access manager and clients each.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
