SE050: Overwritting UserID

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

SE050: Overwritting UserID

跳至解决方案
3,166 次查看
m_grand
Contributor II

Even if I create a UserID secure object with policy POLICY_OBJ_ALLOW_WRITE, i'm not able to overwrite it using WriteUserID command instead SE050 returns status word 0x6985. Does someone has a working example of such a use case ?

标签 (1)
标记 (1)
0 项奖励
回复
1 解答
3,060 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
5 回复数
3,069 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Did you build your application based on the MW? Is it possible to share your code for a review? Or just APDU commands sent to SE050? Please kindly clarify.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复
3,069 次查看
m_grand
Contributor II

Yes, my application is based on the MW. Hereafter the most simple example that illustrates my problem.

During first call of sss_se05x_write_user_id(), UserID is properly created.

However second call, where i attempt to overwrite UserID value, fails.

Policy is properly applied because EX_SSS_BOOT_DO_ERASE macro actually erases the UserID (which is not the case by default if can_Delete filed is not set to 1).

#include <ex_sss.h>
#include <ex_sss_boot.h>
#include <fsl_sss_se05x_apis.h>
#include <fsl_sss_se05x_policy.h>
#include <nxLog_App.h>
#include <se05x_APDU.h>
#include <se05x_const.h>
#include <se05x_tlv.h>
#include <string.h>

#include "ex_sss_auth.h"

static ex_sss_boot_ctx_t sss_boot_ctx;

#define EX_SSS_BOOT_PCONTEXT (&sss_boot_ctx)
#define EX_SSS_BOOT_DO_ERASE 1
#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0

#include <ex_sss_main_inc.h>

static sss_status_t sss_se05x_write_user_id(sss_se05x_session_t *pSession,
        sss_policy_t *policies, SE05x_MaxAttemps_t maxAttempt, uint32_t objectID,
        const uint8_t *userId, size_t userIdLen,
        const SE05x_AttestationType_t attestation_type) {

    Se05xSession_t *pSe05xSession = &pSession->s_ctx;
    Se05xPolicy_t policySet;
    size_t valid_policy_buff_len = 0;
    uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE];

    if (policies) {
        if (kStatus_SSS_Success
                != sss_se05x_create_object_policy_buffer(policies,
                        &policies_buff[0], &valid_policy_buff_len)) {
            return kStatus_SSS_Fail;
        }
        policySet.value = policies_buff;
        policySet.value_len = valid_policy_buff_len;
    } else {
        policySet.value = NULL;
        policySet.value_len = 0;
    }
    smStatus_t sw_status;
    sw_status = Se05x_API_WriteUserID(pSe05xSession, &policySet, maxAttempt,
            objectID, userId, userIdLen, attestation_type);
    if(sw_status != SM_OK) {
        return kStatus_SSS_Fail;
    }
    return kStatus_SSS_Success;
}


sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) {
    sss_status_t status;
    sss_se05x_session_t *pSession = (sss_se05x_session_t*) &pCtx->session;

    const uint8_t userid_value[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
    const uint8_t userid_value2[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 };
    const uint32_t test_id = MAKE_TEST_ID(__LINE__);

    /* Common rules */
    const sss_policy_u userid_withPol = {
        .type = KPolicy_UserID,
        .auth_obj_id = 0,
        .policy = {
            .pin = {
                .can_Write = 1,
            }
        }
    };
    const sss_policy_u common = {
        .type = KPolicy_Common,
        /*Authentication object based on SE05X_AUTH*/
        .auth_obj_id = 0,
        .policy = {
            .common = {
                /*Secure Messaging*/
                .req_Sm = 0,
                /*Policy to Delete object*/
                .can_Delete = 1,
                /*Forbid all operations on object*/
                .forbid_All = 0,
            }
        }
    };

    sss_policy_t policy_for_userid = {
        .nPolicies = 2,
        .policies = {
                &userid_withPol, &common
        }
    };

    status = sss_se05x_write_user_id(pSession, &policy_for_userid,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value,
            sizeof(userid_value), kSE05x_AttestationType_AUTH);

    status = sss_se05x_write_user_id(pSession, NULL,
    SE05x_MaxAttemps_UNLIMITED, test_id, userid_value2,
            sizeof(userid_value2), kSE05x_AttestationType_AUTH);


    if (kStatus_SSS_Success == status) {
        LOG_I("Example Success !!!...");
    } else {
        LOG_E("Example Failed !!!...");
    }
    return status;
}
0 项奖励
回复
3,061 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

 

I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.

writeuserid.png

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复
287 次查看
HeikoT
Contributor I

Hi,

how can I delete an UserID?

Best regards,

Heiko

0 项奖励
回复
3,069 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Michael,

Thanks for the information! I will test it and let you know the result when I make any progress. Thanks for your patience!

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复