Even if I create a UserID secure object with policy POLICY_OBJ_ALLOW_WRITE, i'm not able to overwrite it using WriteUserID command instead SE050 returns status word 0x6985. Does someone has a working example of such a use case ?
解決済! 解決策の投稿を見る。
Hi Michael,
I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Michael,
Did you build your application based on the MW? Is it possible to share your code for a review? Or just APDU commands sent to SE050? Please kindly clarify.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Yes, my application is based on the MW. Hereafter the most simple example that illustrates my problem.
During first call of sss_se05x_write_user_id(), UserID is properly created.
However second call, where i attempt to overwrite UserID value, fails.
Policy is properly applied because EX_SSS_BOOT_DO_ERASE macro actually erases the UserID (which is not the case by default if can_Delete filed is not set to 1).
#include <ex_sss.h> #include <ex_sss_boot.h> #include <fsl_sss_se05x_apis.h> #include <fsl_sss_se05x_policy.h> #include <nxLog_App.h> #include <se05x_APDU.h> #include <se05x_const.h> #include <se05x_tlv.h> #include <string.h> #include "ex_sss_auth.h" static ex_sss_boot_ctx_t sss_boot_ctx; #define EX_SSS_BOOT_PCONTEXT (&sss_boot_ctx) #define EX_SSS_BOOT_DO_ERASE 1 #define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 #include <ex_sss_main_inc.h> static sss_status_t sss_se05x_write_user_id(sss_se05x_session_t *pSession, sss_policy_t *policies, SE05x_MaxAttemps_t maxAttempt, uint32_t objectID, const uint8_t *userId, size_t userIdLen, const SE05x_AttestationType_t attestation_type) { Se05xSession_t *pSe05xSession = &pSession->s_ctx; Se05xPolicy_t policySet; size_t valid_policy_buff_len = 0; uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE]; if (policies) { if (kStatus_SSS_Success != sss_se05x_create_object_policy_buffer(policies, &policies_buff[0], &valid_policy_buff_len)) { return kStatus_SSS_Fail; } policySet.value = policies_buff; policySet.value_len = valid_policy_buff_len; } else { policySet.value = NULL; policySet.value_len = 0; } smStatus_t sw_status; sw_status = Se05x_API_WriteUserID(pSe05xSession, &policySet, maxAttempt, objectID, userId, userIdLen, attestation_type); if(sw_status != SM_OK) { return kStatus_SSS_Fail; } return kStatus_SSS_Success; } sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) { sss_status_t status; sss_se05x_session_t *pSession = (sss_se05x_session_t*) &pCtx->session; const uint8_t userid_value[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const uint8_t userid_value2[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 }; const uint32_t test_id = MAKE_TEST_ID(__LINE__); /* Common rules */ const sss_policy_u userid_withPol = { .type = KPolicy_UserID, .auth_obj_id = 0, .policy = { .pin = { .can_Write = 1, } } }; const sss_policy_u common = { .type = KPolicy_Common, /*Authentication object based on SE05X_AUTH*/ .auth_obj_id = 0, .policy = { .common = { /*Secure Messaging*/ .req_Sm = 0, /*Policy to Delete object*/ .can_Delete = 1, /*Forbid all operations on object*/ .forbid_All = 0, } } }; sss_policy_t policy_for_userid = { .nPolicies = 2, .policies = { &userid_withPol, &common } }; status = sss_se05x_write_user_id(pSession, &policy_for_userid, SE05x_MaxAttemps_UNLIMITED, test_id, userid_value, sizeof(userid_value), kSE05x_AttestationType_AUTH); status = sss_se05x_write_user_id(pSession, NULL, SE05x_MaxAttemps_UNLIMITED, test_id, userid_value2, sizeof(userid_value2), kSE05x_AttestationType_AUTH); if (kStatus_SSS_Success == status) { LOG_I("Example Success !!!..."); } else { LOG_E("Example Failed !!!..."); } return status; }
Hi Michael,
I just got the confirmation from the expert, The UserID object cannot be updated, but only be deleted and created new. please kindly refer to the spec for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi,
how can I delete an UserID?
Best regards,
Heiko
Hi Michael,
Thanks for the information! I will test it and let you know the result when I make any progress. Thanks for your patience!
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------