SE050 - OpenSSL don't work with SCP03 authentication

Hi @Kan_Li 

No, there is only one process running and accessing SE050. I'm wondering that the authentication process is not working properly within the OpenSSL Engine. I affirm that because without authentication OpenSSL Engine runs without problem, but I need authentication to be enabled because of RSA key generation.

Are there some change that I need to inside MW or not?

In our recent talks I've shown you my cmake options and it is the same. I want OpenSSL Engine to work. I guess it is not a access manager problem, because there is only one process in Linux which talks to SE050.

 

Thanks.

Hi @ElielderBMelo ,

 

Thanks for the clarification! Actually I just tried to reproduce this issue here, but it works as expected.

Did you use the right config file for openssl?  Please kindly clarify.

 

You may refer to "simw-top/doc/sss/plugin/openssl/scripts/readme.html" for more details.

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

Hi @Kan_Li 

Thank you for the quick answer.

I have more information for you, it concerns to the Linux and OpenSSL version. And is as follows:

Working with the below version, it works:

---> Linux beaglebone 4.19.94-ti-r42 #1buster SMP PREEMPT Tue Mar 31 19:38:29 UTC 2020 armv7l GNU/Linux

---> OpenSSL 1.1.1d  10 Sep 2019

 

But, working with below version, it does not work:

---> Linux am335x-evm 5.4.74-g9574bba32a #1 PREEMPT Wed Jul 21 08:43:46 UTC 2021 armv7l armv7l armv7l GNU/Linux

---> OpenSSL 1.1.1g  21 Apr 2020

 

Thanks.

 

 

Hi @ElielderBMelo ,

 

I just checked with the expert, and he used a SE051 for test, but for SE050 it has to be identical apart from the applet version config.

In the test ,  access manager is used as a bridge between SE and multiple clients as it is a usuall case for Linux application. The manager establishes a SCP03 channel with SE and clients talk with access manager in plain, so you better have two folders for building: one for access manager and the other for clients such as openssl engine. The openssl version is 1.1.1g here. Please kindly refer to the following for more details.

The client for the access manager:

pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am_client $ cmake -L .

-- BUILD_TYPE: Debug

-- Found: /usr/lib/arm-linux-gnueabihf/libssl.so/usr/lib/arm-linux-gnueabihf/libcrypto.so

-- CMAKE_CXX_COMPILER_ID = GNU

-- CMAKE_SYSTEM_NAME = Linux

-- PTMW_SE05X_Auth - None

-- CMake version: 3.13.4

-- CMake system name: Linux

-- Timestamp is 2021-12-21T20:24:56Z

-- FLOW_VERBOSE is ON!!!

-- Configuring done

-- Generating done

-- Build files have been written to: /home/pi/release/04.00.00_2/simw-top_build/am_client

-- Cache values

CMAKE_BUILD_TYPE:STRING=

CMAKE_INSTALL_PREFIX:PATH=/usr/local

LIB_ANL:FILEPATH=/usr/lib/arm-linux-gnueabihf/libanl.so

NXPInternal:BOOL=OFF

OPENSSL_ROOT_DIR:PATH=

PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE

PAHO_BUILD_DOCUMENTATION:BOOL=FALSE

PAHO_BUILD_SAMPLES:BOOL=FALSE

PAHO_BUILD_SHARED:BOOL=TRUE

PAHO_BUILD_STATIC:BOOL=FALSE

PAHO_ENABLE_CPACK:BOOL=TRUE

PAHO_ENABLE_TESTING:BOOL=FALSE

PAHO_WITH_SSL:BOOL=TRUE

PTMW_A71CH_AUTH:STRING=None

PTMW_Applet:STRING=SE05X_C

PTMW_FIPS:STRING=None

PTMW_Host:STRING=Raspbian

PTMW_HostCrypto:STRING=OPENSSL

PTMW_Log:STRING=Verbose

PTMW_RTOS:STRING=Default

PTMW_SBL:STRING=None

PTMW_SCP:STRING=SCP03_SSS

PTMW_SE05X_Auth:STRING=None

PTMW_SE05X_Ver:STRING=06_00

PTMW_SMCOM:STRING=JRCP_V1_AM

PTMW_mbedTLS_ALT:STRING=None

SSSFTR_SE05X_AES:BOOL=ON

SSSFTR_SE05X_AuthECKey:BOOL=ON

SSSFTR_SE05X_AuthSession:BOOL=ON

SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON

SSSFTR_SE05X_ECC:BOOL=ON

SSSFTR_SE05X_KEY_GET:BOOL=ON

SSSFTR_SE05X_KEY_SET:BOOL=ON

SSSFTR_SE05X_RSA:BOOL=ON

SSSFTR_SW_AES:BOOL=ON

SSSFTR_SW_ECC:BOOL=ON

SSSFTR_SW_KEY_GET:BOOL=ON

SSSFTR_SW_KEY_SET:BOOL=ON

SSSFTR_SW_RSA:BOOL=ON

SSSFTR_SW_TESTCOUNTERPART:BOOL=ON

WithCodeCoverage:BOOL=OFF

WithExtCustomerTPMCode:BOOL=OFF

WithNXPNFCRdLib:BOOL=OFF

WithOPCUA_open62541:BOOL=OFF

WithSharedLIB:BOOL=ON

pkgcfg_lib__OPENSSL_crypto:FILEPATH=/usr/lib/arm-linux-gnueabihf/libcrypto.so

pkgcfg_lib__OPENSSL_ssl:FILEPATH=/usr/lib/arm-linux-gnueabihf/libssl.so

 

the Access Manager:

pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am $ cmake -L .

-- BUILD_TYPE: Debug

-- Found: /usr/lib/arm-linux-gnueabihf/libssl.so/usr/lib/arm-linux-gnueabihf/libcrypto.so

-- CMAKE_CXX_COMPILER_ID = GNU

-- CMAKE_SYSTEM_NAME = Linux

-- PTMW_SE05X_Auth - None

-- CMake version: 3.13.4

-- CMake system name: Linux

-- Timestamp is 2021-12-21T20:25:30Z

-- FLOW_VERBOSE is ON!!!

accessManager is not copied to default binary directory upon install

-- Configuring done

-- Generating done

-- Build files have been written to: /home/pi/release/04.00.00_2/simw-top_build/am

-- Cache values

CMAKE_BUILD_TYPE:STRING=

CMAKE_INSTALL_PREFIX:PATH=/usr/local

LIB_ANL:FILEPATH=/usr/lib/arm-linux-gnueabihf/libanl.so

NXPInternal:BOOL=OFF

OPENSSL_ROOT_DIR:PATH=

PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE

PAHO_BUILD_DOCUMENTATION:BOOL=FALSE

PAHO_BUILD_SAMPLES:BOOL=FALSE

PAHO_BUILD_SHARED:BOOL=FALSE

PAHO_BUILD_STATIC:BOOL=TRUE

PAHO_ENABLE_CPACK:BOOL=TRUE

PAHO_ENABLE_TESTING:BOOL=FALSE

PAHO_WITH_SSL:BOOL=TRUE

PTMW_A71CH_AUTH:STRING=None

PTMW_Applet:STRING=SE05X_C

PTMW_FIPS:STRING=None

PTMW_Host:STRING=Raspbian

PTMW_HostCrypto:STRING=OPENSSL

PTMW_Log:STRING=Verbose

PTMW_RTOS:STRING=Default

PTMW_SBL:STRING=None

PTMW_SCP:STRING=SCP03_SSS

PTMW_SE05X_Auth:STRING=None

PTMW_SE05X_Ver:STRING=06_00

PTMW_SMCOM:STRING=T1oI2C

PTMW_mbedTLS_ALT:STRING=None

SSSFTR_SE05X_AES:BOOL=ON

SSSFTR_SE05X_AuthECKey:BOOL=ON

SSSFTR_SE05X_AuthSession:BOOL=ON

SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON

SSSFTR_SE05X_ECC:BOOL=ON

SSSFTR_SE05X_KEY_GET:BOOL=ON

SSSFTR_SE05X_KEY_SET:BOOL=ON

SSSFTR_SE05X_RSA:BOOL=ON

SSSFTR_SW_AES:BOOL=ON

SSSFTR_SW_ECC:BOOL=ON

SSSFTR_SW_KEY_GET:BOOL=ON

SSSFTR_SW_KEY_SET:BOOL=ON

SSSFTR_SW_RSA:BOOL=ON

SSSFTR_SW_TESTCOUNTERPART:BOOL=ON

WithCodeCoverage:BOOL=OFF

WithExtCustomerTPMCode:BOOL=OFF

WithNXPNFCRdLib:BOOL=OFF

WithOPCUA_open62541:BOOL=OFF

WithSharedLIB:BOOL=OFF

pkgcfg_lib__OPENSSL_crypto:FILEPATH=/usr/lib/arm-linux-gnueabihf/libcrypto.so

pkgcfg_lib__OPENSSL_ssl:FILEPATH=/usr/lib/arm-linux-gnueabihf/libssl.so

 

Start Access Manager, run example:

 

Log from Client:

pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am_client $ EX_SSS_BOOT_SSS_PORT=localhost:8040 openssl rand -hex 10

ssse-flw: EmbSe_Init(): Entry

App   :INFO :Using PortName='localhost:8040' (ENV: EX_SSS_BOOT_SSS_PORT=localhost:8040)

smCom :WARN :nxEnsure:'nSuccess != 1' failed. At Line:130 Function:getSocketParams

Connection to secure element over socket to localhost:8040

smCom :DEBUG:ATRCmd (Len=8)

      00 00 00 04    00 00 01 00

smCom :DEBUG:Enter: recv()

smCom :DEBUG:Exit: recv(). read_write_len=4

smCom :DEBUG:Enter: recv()

smCom :DEBUG:Exit: recv(). read_write_len=21

smCom :DEBUG:Atr (Len=21)

      3B FB 18 00    00 81 31 FE    45 50 4C 41    43 45 48 4F

      4C 44 45 52    AB

smCom :DEBUG:Cmd (Len=22)

      00 A4 04 00    10 A0 00 00    03 96 54 53    00 00 00 01

      03 00 00 00    00 00

smCom :DEBUG:Rsp (Len=9)

      06 00 00 3F    FF FF FF 90    00

smCom :INFO :selectResponseData (Len=7)

      06 00 00 3F    FF FF FF

sss   :WARN :Communication channel is Plain.

sss   :WARN :!!!Not recommended for production use.!!!

ssse-flw: Version: 1.0.5

ssse-flw: EmbSe_Init(): Exit

ssse-flw: EmbSe_Rand invoked requesting 10 random bytes

sss   :DEBUG:FN: sss_rng_context_init

sss   :DEBUG:FN: sss_rng_get_random

 

APDU  :DEBUG:GetRandom []

APDU  :DEBUG:kSE05x_TAG_1 [size] = 0xA

smCom :DEBUG:Cmd (Len=13)

      80 04 00 49    00 00 04 41    02 00 0A 00    00

smCom :DEBUG:Rsp (Len=16)

      41 82 00 0A    4C AE 4B 4D    86 EB 23 B2    B2 9C 90 00

4cae4b4d86eb23b2b29c

ssse-flw: EmbSe_Finish(): Entry

 

APDU  :DEBUG:CloseSession []

ssse-flw: EmbSe_Finish(): Exit

ssse-flw: EmbSe_Destroy(): Entry

 

Log from Access Manager, at the end you see the random returned to the client:

pi@raspberrypi:~/release/04.00.00_2/simw-top_build/am $ bin/accessManager

Starting accessManager (Rev.1.0).

  Protect Link between accessManager and SE: YES.

accessManager JRCPv1 (T1oI2C SE side)

******************************************************************************

Server: waiting for connections on port 8040.

Server: only localhost based processes can connect.

New client connection from 127.0.0.1. Client ID: 4

Command 0x00 from client 4

smCom :DEBUG:phPalEse_i2c_open_and_configure Opening port

smCom :DEBUG:I2C driver Initialized :: fd = [12]

smCom :DEBUG:phNxpEseProto7816_Open: First open completed

smCom :DEBUG:phNxpEse_clearReadBuffer Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 260 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:TransceiveProcess nextTransceiveState 4

smCom :DEBUG:S-Frame PCB: c0

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=5)

      5A C0 00 FF    FC

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:RAW Rx< (Len=5)

      A5 E0 00 3F    19

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x5

smCom :DEBUG:Received CRC:0x3f19 Calculated CRC:0x3f19

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame S-Frame Received

smCom :DEBUG:TransceiveProcess nextTransceiveState 7

smCom :DEBUG:S-Frame PCB: c7

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=5)

      5A C7 00 F7    B1

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 37 bytes

smCom :DEBUG:RAW Rx< (Len=40)

      A5 E7 23 01    A0 00 00 03    96 04 03 E8    00 FE 02 0B

      03 E8 00 01    00 00 00 00    64 13 88 0A    00 65 53 45

      30 35 31 00    00 00 FF FD

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x28

smCom :DEBUG:Received CRC:0xfffd Calculated CRC:0xfffd

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame S-Frame Received

smCom :DEBUG:phNxpEseProto7816_DecodeSFrameData frameoffset=3 value=0x1

smCom :DEBUG:Data[0]=0x1 len=35 Data[34]=0x0 Data[0]=0x23

DUMMY_ATR=0x01.A0.00.00.03.96.04.03.E8.00.FE.02.0B.03.E8.00.01.00.00.00.00.64.13.88.0A.00.65.53.45.30.35.31.00.00.00.

Replacing *_ATR by default (pre-cooked) ATR.

ATR=0x3B.FB.18.00.00.81.31.FE.45.50.4C.41.43.45.48.4F.4C.44.45.52.AB.

Command 0x01 from client 4

smCom :DEBUG:APDU Tx> (Len=22)

      00 A4 04 00    10 A0 00 00    03 96 54 53    00 00 00 01

      03 00 00 00    00 00

smCom :DEBUG:Enter phNxpEseProto7816_Transceive

smCom :DEBUG:Transceive data ptr 0x0xbef08418 len:22

smCom :DEBUG:I-Frame Data Len: 22 Seq. no:0

smCom :DEBUG:TransceiveProcess nextTransceiveState 1

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=27)

      5A 00 16 00    A4 04 00 10    A0 00 00 03    96 54 53 00

      00 00 01 03    00 00 00 00    00 A8 C8

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 11 bytes

smCom :DEBUG:RAW Rx< (Len=14)

      A5 00 09 06    00 00 3F FF    FF FF 90 00    E3 91

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0xe

smCom :DEBUG:Received CRC:0xe391 Calculated CRC:0xe391

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0

smCom :DEBUG:Data[0]=0x6 len=9 Data[8]=0x90 Data[0]=0x9

smCom :DEBUG: phNxpEse_Transceive Exit status 0x0

smCom :DEBUG:APDU Rx< (Len=9)

      06 00 00 3F    FF FF FF 90    00

SM_EstablishPlatformSCP03Am (Entry)

App   :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH

scp   :DEBUG:FN: nxScp03_AuthenticateChannel

scp   :DEBUG: Output: hostChallenge (Len=8)

      58 DB 73 2F    4F 28 0A 07

scp   :DEBUG:FN: nxScp03_GP_InitializeUpdate

scp   :DEBUG:Input:keyVersion 0b

scp   :DEBUG: Input: hostChallenge (Len=8)

      58 DB 73 2F    4F 28 0A 07

scp   :DEBUG:Sending GP Initialize Update Command !!!

smCom :DEBUG:APDU Tx> (Len=13)

      80 50 0B 00    08 58 DB 73    2F 4F 28 0A    07

smCom :DEBUG:Enter phNxpEseProto7816_Transceive

smCom :DEBUG:Transceive data ptr 0x0xbef07068 len:13

smCom :DEBUG:I-Frame Data Len: 13 Seq. no:1

smCom :DEBUG:TransceiveProcess nextTransceiveState 1

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=18)

      5A 40 0D 80    50 0B 00 08    58 DB 73 2F    4F 28 0A 07

      91 26

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 33 bytes

smCom :DEBUG:RAW Rx< (Len=36)

      A5 40 1F 90    03 02 26 10    28 23 99 59    80 0B 03 00

      CE 83 6A E1    65 13 86 19    7C DA F6 D7    84 2E D3 E9

      90 00 AA 2C

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x24

smCom :DEBUG:Received CRC:0xaa2c Calculated CRC:0xaa2c

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1

smCom :DEBUG:Data[0]=0x90 len=31 Data[30]=0x90 Data[0]=0x1f

smCom :DEBUG: phNxpEse_Transceive Exit status 0x0

smCom :DEBUG:APDU Rx< (Len=31)

      90 03 02 26    10 28 23 99    59 80 0B 03    00 CE 83 6A

      E1 65 13 86    19 7C DA F6    D7 84 2E D3    E9 90 00

scp   :DEBUG: Output: keyDivData (Len=10)

      90 03 02 26    10 28 23 99    59 80

scp   :DEBUG: Output: keyInfo (Len=3)

      0B 03 00

scp   :DEBUG: Output: cardChallenge (Len=8)

      CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output: cardCryptoGram (Len=8)

      7C DA F6 D7    84 2E D3 E9

scp   :DEBUG:FN: nxScp03_HostLocal_CalculateSessionKeys

scp   :DEBUG: Input:hostChallenge (Len=8)

      58 DB 73 2F    4F 28 0A 07

scp   :DEBUG: Input:cardChallenge (Len=8)

      CE 83 6A E1    65 13 86 19

scp   :DEBUG:Set the Derviation data to generate Session ENC key

scp   :DEBUG:FN: nxScp03_setDerivationData

scp   :DEBUG:Input:ddConstant 04

scp   :DEBUG:Input:ddL 80

scp   :DEBUG:Input:iCounter 01

scp   :DEBUG: Input: keyInfo (Len=16)

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:Output: KeyDivData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 04    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_Generate_SessionKey

scp   :DEBUG: Input: inData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 04    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output:outSignature (Len=16)

      49 DB 86 54    88 8A D6 A5    6F 8C 32 8A    61 93 72 AF

scp   :DEBUG: Output:sessionEncKey (Len=16)

      49 DB 86 54    88 8A D6 A5    6F 8C 32 8A    61 93 72 AF

scp   :DEBUG:Set the Derviation data to generate Session MAC key

scp   :DEBUG:FN: nxScp03_setDerivationData

scp   :DEBUG:Input:ddConstant 06

scp   :DEBUG:Input:ddL 80

scp   :DEBUG:Input:iCounter 01

scp   :DEBUG: Input: keyInfo (Len=16)

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:Output: KeyDivData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 06    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_Generate_SessionKey

scp   :DEBUG: Input: inData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 06    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output:outSignature (Len=16)

      9C 09 9E C8    FB 76 35 60    17 3D E6 2C    55 40 5D 34

scp   :DEBUG: Output:sessionMacKey (Len=16)

      9C 09 9E C8    FB 76 35 60    17 3D E6 2C    55 40 5D 34

scp   :DEBUG:Set the Derviation data to generate Session RMAC key

scp   :DEBUG:FN: nxScp03_setDerivationData

scp   :DEBUG:Input:ddConstant 07

scp   :DEBUG:Input:ddL 80

scp   :DEBUG:Input:iCounter 01

scp   :DEBUG: Input: keyInfo (Len=16)

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:Output: KeyDivData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 07    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_Generate_SessionKey

scp   :DEBUG: Input: inData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 07    00 00 80 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output:outSignature (Len=16)

      53 E8 CC FE    0E 23 0D 90    33 84 5D 7E    06 DA 17 61

scp   :DEBUG: Output:sessionRmacKey (Len=16)

      53 E8 CC FE    0E 23 0D 90    33 84 5D 7E    06 DA 17 61

scp   :DEBUG:FN: nxScp03_HostLocal_VerifyCardCryptogram

scp   :DEBUG: Input:hostChallenge (Len=8)

      58 DB 73 2F    4F 28 0A 07

scp   :DEBUG: Input:cardChallenge (Len=8)

      CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_setDerivationData

scp   :DEBUG:Input:ddConstant 00

scp   :DEBUG:Input:ddL 40

scp   :DEBUG:Input:iCounter 01

scp   :DEBUG: Input: keyInfo (Len=16)

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:Output: KeyDivData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 00    00 00 40 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_Generate_SessionKey

scp   :DEBUG: Input: inData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 00    00 00 40 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output:outSignature (Len=16)

      7C DA F6 D7    84 2E D3 E9    71 BB 14 71    A5 37 7E 23

scp   :DEBUG: Output:cardCryptogram (Len=16)

      7C DA F6 D7    84 2E D3 E9    71 BB 14 71    A5 37 7E 23

scp   :DEBUG:cardCryptoGram (Len=8)

      7C DA F6 D7    84 2E D3 E9

scp   :DEBUG:CardCryptogram verified successfully...Calculate HostCryptogram

scp   :DEBUG:FN: nxScp03_HostLocal_CalculateHostCryptogram

scp   :DEBUG: Input:hostChallenge (Len=8)

      58 DB 73 2F    4F 28 0A 07

scp   :DEBUG: Input:cardChallenge (Len=8)

      CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_setDerivationData

scp   :DEBUG:Input:ddConstant 01

scp   :DEBUG:Input:ddL 40

scp   :DEBUG:Input:iCounter 01

scp   :DEBUG: Input: keyInfo (Len=16)

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:Output: KeyDivData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 01    00 00 40 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG:FN: nxScp03_Generate_SessionKey

scp   :DEBUG: Input: inData (Len=32)

      00 00 00 00    00 00 00 00    00 00 00 01    00 00 40 01

      58 DB 73 2F    4F 28 0A 07    CE 83 6A E1    65 13 86 19

scp   :DEBUG: Output:outSignature (Len=16)

      EC 18 F7 71    CD F4 44 1D    94 8F CD 5D    2B B9 15 04

scp   :DEBUG: Output:hostCryptogram (Len=16)

      EC 18 F7 71    CD F4 44 1D    94 8F CD 5D    2B B9 15 04

scp   :DEBUG:hostCryptogram (Len=8)

      EC 18 F7 71    CD F4 44 1D

scp   :DEBUG:FN: nxScp03_GP_ExternalAuthenticate

scp   :DEBUG: Input: hostCryptogram (Len=8)

      EC 18 F7 71    CD F4 44 1D

scp   :DEBUG:Calculate the MAC on data

scp   :DEBUG: Output: Calculated MAC (Len=8)

      62 7A F1 81    03 B5 F2 D6

scp   :DEBUG:Add calculated MAC Value to cmd Data

scp   :DEBUG:Sending GP External Authenticate Command !!!

smCom :DEBUG:APDU Tx> (Len=21)

      84 82 33 00    10 EC 18 F7    71 CD F4 44    1D 62 7A F1

      81 03 B5 F2    D6

smCom :DEBUG:Enter phNxpEseProto7816_Transceive

smCom :DEBUG:Transceive data ptr 0x0xbef06c50 len:21

smCom :DEBUG:I-Frame Data Len: 21 Seq. no:0

smCom :DEBUG:TransceiveProcess nextTransceiveState 1

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=26)

      5A 00 15 84    82 33 00 10    EC 18 F7 71    CD F4 44 1D

      62 7A F1 81    03 B5 F2 D6    C9 CF

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 4 bytes

smCom :DEBUG:RAW Rx< (Len=7)

      A5 00 02 90    00 02 AF

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x7

smCom :DEBUG:Received CRC:0x2af Calculated CRC:0x2af

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x0

smCom :DEBUG:Data[0]=0x90 len=2 Data[1]=0x90 Data[0]=0x2

smCom :DEBUG: phNxpEse_Transceive Exit status 0x0

smCom :DEBUG:APDU Rx< (Len=2)

      90 00

scp   :DEBUG:Authentication Successful!!!

SE051 connected.

SM_EstablishPlatformSCP03Am (Exit); Status = 0x9000

Command 0x01 from client 4

scp   :DEBUG:FN: nxSCP03_Encrypt_CommandAPDU

scp   :DEBUG: Input:cmdBuf (Len=4)

      41 02 00 0A

scp   :DEBUG:FN: nxSCP03_PadCommandAPDU

scp   :DEBUG:Input: cmdBuf (Len=4)

      41 02 00 0A

scp   :DEBUG:Ouput: cmdBuf (Len=16)

      41 02 00 0A    80 00 00 00    00 00 00 00    00 00 00 00

scp   :DEBUG:FN: nxSCP03_Calculate_CommandICV

scp   :DEBUG: Output: (Len=8)

      C1 FB DD 73    49 A5 8A 9F

scp   :DEBUG:Encrypt CommandAPDU

scp   :DEBUG:cmdBuf (Len=16)

      4B 85 64 AE    B4 0D 2B 28    B5 E4 23 74    B2 AA 1A 0F

scp   :DEBUG:Output: EncryptedcmdBuf (Len=16)

      4B 85 64 AE    B4 0D 2B 28    B5 E4 23 74    B2 AA 1A 0F

scp   :DEBUG:FN: nxpSCP03_CalculateMac_CommandAPDU

scp   :DEBUG:Input: cmdBuf (Len=23)

      84 04 00 49    00 00 18 4B    85 64 AE B4    0D 2B 28 B5

      E4 23 74 B2    AA 1A 0F

scp   :DEBUG:Output: mac (Len=8)

      64 F2 C8 2B    01 07 1A 6A

smCom :DEBUG:APDU Tx> (Len=33)

      84 04 00 49    00 00 18 4B    85 64 AE B4    0D 2B 28 B5

      E4 23 74 B2    AA 1A 0F 64    F2 C8 2B 01    07 1A 6A 00

      00

smCom :DEBUG:Enter phNxpEseProto7816_Transceive

smCom :DEBUG:Transceive data ptr 0x0xbef07620 len:33

smCom :DEBUG:I-Frame Data Len: 33 Seq. no:1

smCom :DEBUG:TransceiveProcess nextTransceiveState 1

smCom :DEBUG:phNxpEse_WriteFrame Enter ..

smCom :DEBUG:RAW Tx> (Len=38)

      5A 40 21 84    04 00 49 00    00 18 4B 85    64 AE B4 0D

      2B 28 B5 E4    23 74 B2 AA    1A 0F 64 F2    C8 2B 01 07

      1A 6A 00 00    42 0A

smCom :DEBUG:phNxpEse_read Enter ..

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:_i2c_read() error : 13

smCom :DEBUG:_i2c_read() [HDR]errno : 79 ret : FFFFFFFF

smCom :DEBUG:phNxpEse_readPacket Normal Pkt, delay read 1ms

smCom :DEBUG:phPalEse_i2c_read Read Requested 2 bytes

smCom :DEBUG:phNxpEse_readPacket Read HDR

smCom :DEBUG:phNxpEse_readPacket SOF FOUND

smCom :DEBUG:phPalEse_i2c_read Read Requested 1 bytes

smCom :DEBUG:poll_sof_chained_delay value is 0

smCom :DEBUG:phPalEse_i2c_read Read Requested 28 bytes

smCom :DEBUG:RAW Rx< (Len=31)

      A5 40 1A E8    7F 06 06 DB    E0 F9 20 A6    09 D7 34 F6

      F9 2D 03 26    58 37 20 5F    90 2B 2E 90    00 6D F8

smCom :DEBUG:phNxpEseProto7816_ProcessResponse p_data ----> 0x45c14 len ----> 0x1f

smCom :DEBUG:Received CRC:0x6df8 Calculated CRC:0x6df8

smCom :DEBUG:Retry Counter = 0

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame Received

smCom :DEBUG:phNxpEseProto7816_DecodeFrame I-Frame lastRcvdIframeInfo.seqNo:0x1

smCom :DEBUG:Data[0]=0xe8 len=26 Data[25]=0x90 Data[0]=0x1a

smCom :DEBUG: phNxpEse_Transceive Exit status 0x0

smCom :DEBUG:APDU Rx< (Len=26)

      E8 7F 06 06    DB E0 F9 20    A6 09 D7 34    F6 F9 2D 03

      26 58 37 20    5F 90 2B 2E    90 00

scp   :DEBUG:FN: nxpSCP03_Decrypt_ResponseAPDU

scp   :DEBUG: Input:rspBuf (Len=26)

      E8 7F 06 06    DB E0 F9 20    A6 09 D7 34    F6 F9 2D 03

      26 58 37 20    5F 90 2B 2E    90 00

scp   :DEBUG: Calculated RMAC : (Len=16)

      26 58 37 20    5F 90 2B 2E    61 CE 37 D3    9E BD 0B 4A

scp   :DEBUG:Verify MAC

scp   :DEBUG:RMAC verified successfully...Decrypt Response Data

scp   :DEBUG:Status Word:  (Len=2)

      90 00

scp   :DEBUG:FN: nxpSCP03_Get_ResponseICV

scp   :DEBUG: Input:Data (Len=16)

      80 00 00 00    00 00 00 00    00 00 00 00    00 00 00 01

scp   :DEBUG: Output:RespICV (Len=16)

      5C FC 67 8E    23 1D 19 6E    F6 25 80 43    C4 D1 93 25

scp   :DEBUG:Decrypt the response

scp   :DEBUG:PlainText (Len=16)

      41 82 00 0A    4C AE 4B 4D    86 EB 23 B2    B2 9C 80 00

scp   :DEBUG:FN: nxpSCP03_RestoreSw_RAPDU

scp   :DEBUG:PlainText+SW (Len=16)

      41 82 00 0A    4C AE 4B 4D    86 EB 23 B2    B2 9C 90 00

scp   :DEBUG:Inc_CommandCounter value  (Len=16)

      00 00 00 00    00 00 00 00    00 00 00 00    00 00 00 02

SM_SendAPDUAm: smStatus = 0x9000

Received 0 byte from client 4 (Message Header Phase) .

 

Please also note the „auth“ setting only configures for examples the standard boot-up authentication. Still the application can create own secure channels as long as SCP in general is enabled using SCP=SSS.

 

Regarding the openssl versions so far I have not heard about compatibility issued of specific sub versions (the last letter in the version-string).

 

Hope that helps,

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li 

I'm having issues with Access Manager and Client. They did not work, please could you check my log files from Client and Access Manager.

Thanks.

 

 

Hi @ElielderBMelo ,

 

Thanks for the information! The problem is you tried to establish a SCP03 channel between the client and access manager , while this channel should be in plain, and the access manager would establish the SCP03 channel if SCP=SSS is enabled.

You may use the same building folder for clients and access manager, but please build & install clients at first.

cmake –DPTMW_SE05X_Auth:STRING=None –DPTMW_SMCOM:STRING=JRCP_V1_AM .

cmake --build .

make install

//Here would not install all the applications except the access manager . 

 

After that, in the same building folder, apply the cmake option for access manager as below:

cmake –DPTMW_SCP:STRING=SCP03_SSS -DPTMW_SMCOM:STRING=T1oI2C -DWithSharedLIB:BOOL=OFF \
-DPAHO_BUILD_SHARED:BOOL=FALSE -DPAHO_BUILD_STATIC:BOOL=TRUE .

cmake --build . --target accessManager

//Here just build access manager

Then just in the building folder, run command like below:

EX_SSS_BOOT_SCP03_PATH=/home/pi/plain_scp03.txt bin/accessManager

 

Finally, Start client(s) in a separate terminal:

EX_SSS_BOOT_SSS_PORT=127.0.0.1:8040 /usr/local/bin/ex_ecc

 

Then you would see logs from user application as well as access manager from different terminals.

 

Please kindly check the attached cmake option for clients and access manager for more details.

 

Hope that helps,

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

Hi @Kan_Li 

I've implemented your cmake options and I got an error.

Please, could you check my log files?

 

Thanks.

Hi @ElielderBMelo ,

 

Did you build access manager and client applications in separated building folder or the same folder? I didn't find you had specified the path but just run them in local folder. In my test, I use the same folder to build them, I built clients at first and run "make install" to copy the application into /usr/local/bin, and then built for access manager only so you may find it in the local building folder/bin and run it from there. 

 

BTW, is it possible to share your cmake options for clients and access manager?

 

Thanks for your patience!

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li 

I'm sending you the log files from Access Manager and ex_ecc Application. It went well, it was just fine the application running process.

Only se05x_GetInfo Application did not run as expected.

 

Thanks.

Hi @ElielderBMelo ,

 

Thanks for the clarification! I could reproduce your issue here, and after investigating the source code, I found GetInfo demo also uses JCOP4 commands which are not fully supported by AccessManager so far, such as cardManagerSelect command, but if your application just uses IoT Applet commands, there is no issue at all, please just go ahead. 

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li 

It was just a question, I dont need JCOP4 commands, it was only to run Get Info. I thought it was strange this application didn't run well.

I'm working with OpenSSL and Access Manager + libsss_engine.so ran just fine. I'm testing right now in my environment to check if all that I need is ok.

 

Thank you for the reply.

Hi @ElielderBMelo ,

 

Great to know! Thanks for the clarification! Please kindly let me know if there is any issue.

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li 

I've generated the Access Manager and Client. I attached cmake options to this message and I ask you, please, to check it. I built both in the same directory, for Client I saved partially cmake option and for Access Manager another file.

I will send another message explaining the results of Access Manager + Client application.

 

Thanks.

Hi @ElielderBMelo ,

 

Thanks for the update! I am not sure if it is some kind of compatible issue, but will check with the expert regarding this topic.

 

I will let you know when I have any feedback from there.

 

Thanks for your patience!

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

Hi @Kan_Li 

Thank you for the previous replies. I will try to apply here.

One more thing that I want you to check, please, it is regarding to Linux version. It works in Linux 4, but it doesn't in Linux 5. Please, could you check if is there any issue with Linux compatibility and SSS library for OpenSSL Engine?

Thanks.

Hi @ElielderBMelo ,

 

The latest feedback from the expert shows Linux 5 and openssl 1.1.1g still works with SE050. Please kindly refer to the following for details.

 

I tested now on i.MX6UL with AccessManager to achieve a platformSCP channel and openssl 1.1.1g : works!

 

Used openSSL version:

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# openssl version

OpenSSL 1.1.1g  21 Apr 2020

 

Configuration AccessManager:

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# cmake -L .

-- BUILD_TYPE: Debug

-- Found: /usr/lib/libssl.so/usr/lib/libcrypto.so

-- CMAKE_CXX_COMPILER_ID = GNU

-- CMAKE_SYSTEM_NAME = Linux

-- PTMW_SE05X_Auth - None

-- CMake version: 3.15.3

-- CMake system name: Linux

-- Timestamp is 2021-12-22T15:31:41Z

-- FLOW_VERBOSE is ON!!!

accessManager is not copied to default binary directory upon install

-- Configuring done

-- Generating done

-- Build files have been written to: /home/root/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server

-- Cache values

CMAKE_BUILD_TYPE:STRING=

CMAKE_INSTALL_PREFIX:PATH=/usr/local

LIB_ANL:FILEPATH=/usr/lib/libanl.so

NXPInternal:BOOL=OFF

OPENSSL_ROOT_DIR:PATH=

PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE

PAHO_BUILD_DOCUMENTATION:BOOL=FALSE

PAHO_BUILD_SAMPLES:BOOL=FALSE

PAHO_BUILD_SHARED:BOOL=FALSE

PAHO_BUILD_STATIC:BOOL=TRUE

PAHO_ENABLE_CPACK:BOOL=TRUE

PAHO_ENABLE_TESTING:BOOL=FALSE

PAHO_WITH_SSL:BOOL=TRUE

PTMW_A71CH_AUTH:STRING=None

PTMW_Applet:STRING=SE05X_C

PTMW_FIPS:STRING=None

PTMW_Host:STRING=iMXLinux

PTMW_HostCrypto:STRING=OPENSSL

PTMW_Log:STRING=Verbose

PTMW_RTOS:STRING=Default

PTMW_SBL:STRING=None

PTMW_SCP:STRING=SCP03_SSS

PTMW_SE05X_Auth:STRING=None

PTMW_SE05X_Ver:STRING=03_XX

PTMW_SMCOM:STRING=T1oI2C

PTMW_mbedTLS_ALT:STRING=None

SSSFTR_SE05X_AES:BOOL=ON

SSSFTR_SE05X_AuthECKey:BOOL=ON

SSSFTR_SE05X_AuthSession:BOOL=ON

SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON

SSSFTR_SE05X_ECC:BOOL=ON

SSSFTR_SE05X_KEY_GET:BOOL=ON

SSSFTR_SE05X_KEY_SET:BOOL=ON

SSSFTR_SE05X_RSA:BOOL=ON

SSSFTR_SW_AES:BOOL=ON

SSSFTR_SW_ECC:BOOL=ON

SSSFTR_SW_KEY_GET:BOOL=ON

SSSFTR_SW_KEY_SET:BOOL=ON

SSSFTR_SW_RSA:BOOL=ON

SSSFTR_SW_TESTCOUNTERPART:BOOL=ON

WithCodeCoverage:BOOL=OFF

WithExtCustomerTPMCode:BOOL=OFF

WithNXPNFCRdLib:BOOL=OFF

WithOPCUA_open62541:BOOL=OFF

WithSharedLIB:BOOL=OFF

 

Configuration Clients:

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client# cmake -L .

-- BUILD_TYPE: Debug

-- Found: /usr/lib/libssl.so/usr/lib/libcrypto.so

-- CMAKE_CXX_COMPILER_ID = GNU

-- CMAKE_SYSTEM_NAME = Linux

-- PTMW_SE05X_Auth - None

-- CMake version: 3.15.3

-- CMake system name: Linux

-- Timestamp is 2021-12-22T15:35:50Z

-- FLOW_VERBOSE is ON!!!

-- Configuring done

-- Generating done

-- Build files have been written to: /home/root/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client

-- Cache values

CMAKE_BUILD_TYPE:STRING=

CMAKE_INSTALL_PREFIX:PATH=/usr/local

LIB_ANL:FILEPATH=/usr/lib/libanl.so

NXPInternal:BOOL=OFF

OPENSSL_ROOT_DIR:PATH=

PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE

PAHO_BUILD_DOCUMENTATION:BOOL=FALSE

PAHO_BUILD_SAMPLES:BOOL=FALSE

PAHO_BUILD_SHARED:BOOL=FALSE

PAHO_BUILD_STATIC:BOOL=TRUE

PAHO_ENABLE_CPACK:BOOL=TRUE

PAHO_ENABLE_TESTING:BOOL=FALSE

PAHO_WITH_SSL:BOOL=TRUE

PTMW_A71CH_AUTH:STRING=None

PTMW_Applet:STRING=SE05X_C

PTMW_FIPS:STRING=None

PTMW_Host:STRING=iMXLinux

PTMW_HostCrypto:STRING=OPENSSL

PTMW_Log:STRING=Verbose

PTMW_RTOS:STRING=Default

PTMW_SBL:STRING=None

PTMW_SCP:STRING=None

PTMW_SE05X_Auth:STRING=None

PTMW_SE05X_Ver:STRING=03_XX

PTMW_SMCOM:STRING=JRCP_V1_AM

PTMW_mbedTLS_ALT:STRING=None

SSSFTR_SE05X_AES:BOOL=ON

SSSFTR_SE05X_AuthECKey:BOOL=ON

SSSFTR_SE05X_AuthSession:BOOL=ON

SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON

SSSFTR_SE05X_ECC:BOOL=ON

SSSFTR_SE05X_KEY_GET:BOOL=ON

SSSFTR_SE05X_KEY_SET:BOOL=ON

SSSFTR_SE05X_RSA:BOOL=ON

SSSFTR_SW_AES:BOOL=ON

SSSFTR_SW_ECC:BOOL=ON

SSSFTR_SW_KEY_GET:BOOL=ON

SSSFTR_SW_KEY_SET:BOOL=ON

SSSFTR_SW_RSA:BOOL=ON

SSSFTR_SW_TESTCOUNTERPART:BOOL=ON

WithCodeCoverage:BOOL=OFF

WithExtCustomerTPMCode:BOOL=OFF

WithNXPNFCRdLib:BOOL=OFF

WithOPCUA_open62541:BOOL=OFF

WithSharedLIB:BOOL=ON

 

Start AccessManager:

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_server# bin/accessManager

 

Start client:

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build/am_client/bin# EX_SSS_BOOT_SSS_PORT=localhost:8040 OPENSSL_CONF=/home/root/se05x_mw_v04.00.00_20211029_123928/simw-top/demos/linux/common/openssl11_sss_se050.cnf openssl rand -hex 10

ssse-flw: EmbSe_Init(): Entry

App   :INFO :Using PortName='localhost:8040' (ENV: EX_SSS_BOOT_SSS_PORT=localhost:8040)

smCom :WARN :nxEnsure:'nSuccess != 1' failed. At Line:130 Function:getSocketParams

Connection to secure element over socket to localhost:8040

smCom :DEBUG:ATRCmd (Len=8)

      00 00 00 04    00 00 01 00

smCom :DEBUG:Enter: recv()

smCom :DEBUG:Exit: recv(). read_write_len=4

smCom :DEBUG:Enter: recv()

smCom :DEBUG:Exit: recv(). read_write_len=21

smCom :DEBUG:Atr (Len=21)

      3B FB 18 00    00 81 31 FE    45 50 4C 41    43 45 48 4F

      4C 44 45 52    AB

smCom :DEBUG:Cmd (Len=22)

      00 A4 04 00    10 A0 00 00    03 96 54 53    00 00 00 01

      03 00 00 00    00 00

smCom :DEBUG:Rsp (Len=9)

      03 01 00 6F    FF 01 0B 90    00

smCom :INFO :selectResponseData (Len=7)

      03 01 00 6F    FF 01 0B

sss   :WARN :Communication channel is Plain.

sss   :WARN :!!!Not recommended for production use.!!!

ssse-flw: Version: 1.0.5

ssse-flw: EmbSe_Init(): Exit

ssse-flw: EmbSe_Rand invoked requesting 10 random bytes

sss   :DEBUG:FN: sss_rng_context_init

sss   :DEBUG:FN: sss_rng_get_random

 

APDU  :DEBUG:GetRandom []

APDU  :DEBUG:kSE05x_TAG_1 [size] = 0xA

smCom :DEBUG:Cmd (Len=13)

      80 04 00 49    00 00 04 41    02 00 0A 00    00

smCom :DEBUG:Rsp (Len=16)

      41 82 00 0A    46 23 12 13    60 B0 1F B6    EB C1 90 00

4623121360b01fb6ebc1

ssse-flw: EmbSe_Finish(): Entry

 

APDU  :DEBUG:CloseSession []

ssse-flw: EmbSe_Finish(): Exit

ssse-flw: EmbSe_Destroy(): Entry

 

--à Random comes from SE

 

AccessManager Log excerpt which shows the encrypted communication:

smCom :DEBUG:APDU Rx< (Len=26)

      2A 6A E2 9F    EA 8C 8E 8B    84 03 2B 9D    A6 A0 20 E9

      FC 32 F1 36    2E D2 5F 56    90 00

scp   :DEBUG:FN: nxpSCP03_Decrypt_ResponseAPDU

scp   :DEBUG: Input:rspBuf (Len=26)

      2A 6A E2 9F    EA 8C 8E 8B    84 03 2B 9D    A6 A0 20 E9

      FC 32 F1 36    2E D2 5F 56    90 00

scp   :DEBUG: Calculated RMAC : (Len=16)

      FC 32 F1 36    2E D2 5F 56    76 47 A6 D3    64 B1 D3 B2

scp   :DEBUG:Verify MAC

scp   :DEBUG:RMAC verified successfully...Decrypt Response Data

scp   :DEBUG:Status Word:  (Len=2)

      90 00

scp   :DEBUG:FN: nxpSCP03_Get_ResponseICV

scp   :DEBUG: Input:Data (Len=16)

      80 00 00 00    00 00 00 00    00 00 00 00    00 00 00 0E

scp   :DEBUG: Output:RespICV (Len=16)

      3E A7 0E 76    0F D9 75 36    26 90 72 CC    2A 5B FC FC

scp   :DEBUG:Decrypt the response

scp   :DEBUG:PlainText (Len=16)

      41 82 00 0A    46 23 12 13    60 B0 1F B6    EB C1 80 00

scp   :DEBUG:FN: nxpSCP03_RestoreSw_RAPDU

scp   :DEBUG:PlainText+SW (Len=16)

      41 82 00 0A    46 23 12 13    60 B0 1F B6    EB C1 90 00

scp   :DEBUG:Inc_CommandCounter value  (Len=16)

      00 00 00 00    00 00 00 00    00 00 00 00    00 00 00 0F

 

root@imx6ulevk:~/se05x_mw_v04.00.00_20211029_123928/simw-top_build# cat /etc/iss
ue
NXP i.MX Release Distro 5.4-zeus \n \l

 

Would you please try the above settings as well on your side? Please kindly create two building folders for access manager and clients each.

 

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------