SE050: Overwritting UserID

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

SE050: Overwritting UserID

ソリューションへジャンプ
3,167件の閲覧回数
m_grand
Contributor II

Even if I create a UserID secure object with policy POLICY_OBJ_ALLOW_WRITE, i'm not able to overwrite it using WriteUserID command instead SE050 returns status word 0x6985. Does someone has a working example of such a use case ?

ラベル(1)
タグ(1)
0 件の賞賛
返信
1 解決策
3,061件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

元の投稿で解決策を見る

0 件の賞賛
返信
5 返答(返信)
3,070件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Did you build your application based on the MW? Is it possible to share your code for a review? Or just APDU commands sent to SE050? Please kindly clarify.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信
3,070件の閲覧回数
m_grand
Contributor II

Yes, my application is based on the MW. Hereafter the most simple example that illustrates my problem.

During first call of sss_se05x_write_user_id(), UserID is properly created.

However second call, where i attempt to overwrite UserID value, fails.

Policy is properly applied because EX_SSS_BOOT_DO_ERASE macro actually erases the UserID (which is not the case by default if can_Delete filed is not set to 1).

#include <ex_sss.h>
#include <ex_sss_boot.h>
#include <fsl_sss_se05x_apis.h>
#include <fsl_sss_se05x_policy.h>
#include <nxLog_App.h>
#include <se05x_APDU.h>
#include <se05x_const.h>
#include <se05x_tlv.h>
#include <string.h>

#include "ex_sss_auth.h"

static ex_sss_boot_ctx_t sss_boot_ctx;

#define EX_SSS_BOOT_PCONTEXT (&sss_boot_ctx)
#define EX_SSS_BOOT_DO_ERASE 1
#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0

#include <ex_sss_main_inc.h>

static sss_status_t sss_se05x_write_user_id(sss_se05x_session_t *pSession,
        sss_policy_t *policies, SE05x_MaxAttemps_t maxAttempt, uint32_t objectID,
        const uint8_t *userId, size_t userIdLen,
        const SE05x_AttestationType_t attestation_type) {

    Se05xSession_t *pSe05xSession = &pSession->s_ctx;
    Se05xPolicy_t policySet;
    size_t valid_policy_buff_len = 0;
    uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE];

    if (policies) {
        if (kStatus_SSS_Success
                != sss_se05x_create_object_policy_buffer(policies,
                        &policies_buff[0], &valid_policy_buff_len)) {
            return kStatus_SSS_Fail;
        }
        policySet.value = policies_buff;
        policySet.value_len = valid_policy_buff_len;
    } else {
        policySet.value = NULL;
        policySet.value_len = 0;
    }
    smStatus_t sw_status;
    sw_status = Se05x_API_WriteUserID(pSe05xSession, &policySet, maxAttempt,
            objectID, userId, userIdLen, attestation_type);
    if(sw_status != SM_OK) {
        return kStatus_SSS_Fail;
    }
    return kStatus_SSS_Success;
}


sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) {
    sss_status_t status;
    sss_se05x_session_t *pSession = (sss_se05x_session_t*) &pCtx->session;

    const uint8_t userid_value[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
    const uint8_t userid_value2[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 };
    const uint32_t test_id = MAKE_TEST_ID(__LINE__);

    /* Common rules */
    const sss_policy_u userid_withPol = {
        .type = KPolicy_UserID,
        .auth_obj_id = 0,
        .policy = {
            .pin = {
                .can_Write = 1,
            }
        }
    };
    const sss_policy_u common = {
        .type = KPolicy_Common,
        /*Authentication object based on SE05X_AUTH*/
        .auth_obj_id = 0,
        .policy = {
            .common = {
                /*Secure Messaging*/
                .req_Sm = 0,
                /*Policy to Delete object*/
                .can_Delete = 1,
                /*Forbid all operations on object*/
                .forbid_All = 0,
            }
        }
    };

    sss_policy_t policy_for_userid = {
        .nPolicies = 2,
        .policies = {
                &userid_withPol, &common
        }
    };

    status = sss_se05x_write_user_id(pSession, &policy_for_userid,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value,
            sizeof(userid_value), kSE05x_AttestationType_AUTH);

    status = sss_se05x_write_user_id(pSession, NULL,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value2,
            sizeof(userid_value2), kSE05x_AttestationType_AUTH);


    if (kStatus_SSS_Success == status) {
        LOG_I("Example Success !!!...");
    } else {
        LOG_E("Example Failed !!!...");
    }
    return status;
}
0 件の賞賛
返信
3,062件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信
288件の閲覧回数
HeikoT
Contributor I

Hi,

how can I delete an UserID?

Best regards,

Heiko

0 件の賞賛
返信
3,070件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Thanks for the information! I will test it and let you know the result when I make any progress. Thanks for your patience!

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信