FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050: Overwritting UserID

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

SE050: Overwritting UserID

Jump to solution
‎08-14-2020 01:51 PM
2,481 Views
m_grand
Contributor II

Even if I create a UserID secure object with policy POLICY_OBJ_ALLOW_WRITE, i'm not able to overwrite it using WriteUserID command instead SE050 returns status word 0x6985. Does someone has a working example of such a use case ?

Labels (1)
Labels
Tags (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎09-03-2020 01:15 AM
2,375 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎08-19-2020 02:37 AM
2,384 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Did you build your application based on the MW? Is it possible to share your code for a review? Or just APDU commands sent to SE050? Please kindly clarify.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎08-19-2020 11:56 AM
2,384 Views
m_grand
Contributor II

Yes, my application is based on the MW. Hereafter the most simple example that illustrates my problem.

During first call of sss_se05x_write_user_id(), UserID is properly created.

However second call, where i attempt to overwrite UserID value, fails.

Policy is properly applied because EX_SSS_BOOT_DO_ERASE macro actually erases the UserID (which is not the case by default if can_Delete filed is not set to 1). 

#include <ex_sss.h>
#include <ex_sss_boot.h>
#include <fsl_sss_se05x_apis.h>
#include <fsl_sss_se05x_policy.h>
#include <nxLog_App.h>
#include <se05x_APDU.h>
#include <se05x_const.h>
#include <se05x_tlv.h>
#include <string.h>

#include "ex_sss_auth.h"

static ex_sss_boot_ctx_t sss_boot_ctx;

#define EX_SSS_BOOT_PCONTEXT (&sss_boot_ctx)
#define EX_SSS_BOOT_DO_ERASE 1
#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0

#include <ex_sss_main_inc.h>

static sss_status_t sss_se05x_write_user_id(sss_se05x_session_t *pSession,
        sss_policy_t *policies, SE05x_MaxAttemps_t maxAttempt, uint32_t objectID,
        const uint8_t *userId, size_t userIdLen,
        const SE05x_AttestationType_t attestation_type) {

    Se05xSession_t *pSe05xSession = &pSession->s_ctx;
    Se05xPolicy_t policySet;
    size_t valid_policy_buff_len = 0;
    uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE];

    if (policies) {
        if (kStatus_SSS_Success
                != sss_se05x_create_object_policy_buffer(policies,
                        &policies_buff[0], &valid_policy_buff_len)) {
            return kStatus_SSS_Fail;
        }
        policySet.value = policies_buff;
        policySet.value_len = valid_policy_buff_len;
    } else {
        policySet.value = NULL;
        policySet.value_len = 0;
    }
    smStatus_t sw_status;
    sw_status = Se05x_API_WriteUserID(pSe05xSession, &policySet, maxAttempt,
            objectID, userId, userIdLen, attestation_type);
    if(sw_status != SM_OK) {
        return kStatus_SSS_Fail;
    }
    return kStatus_SSS_Success;
}


sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) {
    sss_status_t status;
    sss_se05x_session_t *pSession = (sss_se05x_session_t*) &pCtx->session;

    const uint8_t userid_value[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
    const uint8_t userid_value2[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 };
    const uint32_t test_id = MAKE_TEST_ID(__LINE__);

    /* Common rules */
    const sss_policy_u userid_withPol = {
        .type = KPolicy_UserID,
        .auth_obj_id = 0,
        .policy = {
            .pin = {
                .can_Write = 1,
            }
        }
    };
    const sss_policy_u common = {
        .type = KPolicy_Common,
        /*Authentication object based on SE05X_AUTH*/
        .auth_obj_id = 0,
        .policy = {
            .common = {
                /*Secure Messaging*/
                .req_Sm = 0,
                /*Policy to Delete object*/
                .can_Delete = 1,
                /*Forbid all operations on object*/
                .forbid_All = 0,
            }
        }
    };

    sss_policy_t policy_for_userid = {
        .nPolicies = 2,
        .policies = {
                &userid_withPol, &common
        }
    };

    status = sss_se05x_write_user_id(pSession, &policy_for_userid,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value,
            sizeof(userid_value), kSE05x_AttestationType_AUTH);

    status = sss_se05x_write_user_id(pSession, NULL,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value2,
            sizeof(userid_value2), kSE05x_AttestationType_AUTH);


    if (kStatus_SSS_Success == status) {
        LOG_I("Example Success !!!...");
    } else {
        LOG_E("Example Failed !!!...");
    }
    return status;
}
0 Kudos
Reply

Jump to solution
‎09-03-2020 01:15 AM
2,376 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎08-21-2020 01:23 AM
2,384 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Thanks for the information! I will test it and let you know the result when I make any progress. Thanks for your patience!

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply