SE050 Working

Dear Kan_Li

Yes. Platform is like this(S32K314(FreeRTOS+LWIP+MbedTLS+HSE) + SE050),  and use OM-SE050ARD-E. 

With MCU based platform, I do testing TLS1.3. (Handshake is sometimes ok. )

SE050 : ECC, ECDH, ECDSA, HKDF & Key mgmt

S32K314 HSE  : AES, CMAC, HMAC, AES GCM(AEAD) & Key mgmt

about Issues, 

1. memory related issue :   issue is happened in Key generation.(ECDHE)

2. Se05x_API_GetFreeMemory() : for debugging about issue number 1.

3. Sometimes, after MCU Reset, SE050 is returned as failed(I2C Arbitration lost)

Thank you.

Chang.

Hi @Changhawn ，

Thanks for the info! Can the getinfo demo work with this part on your platform? It looks like platformSCP03 was set mandatory while the controller still communicated with the SE in plain channel.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Dear Kan_Li.

For debugging, more information.

When I use Se05x_API_DeleteAll_Iterative() for deleting all object, error is returned in Se05x_API_ReadIDList() like below.

ReadIDList Failed=0x6985

// SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED = 0x6985,

Dear Kan_Li.

Thank you for your guide.

Getinfo demo(GetVersion) work well in our platform.

scp03 key and auth key was set like below API(GetInfo).

Is it(plain channel or secure channel) related to Issue 1, 2 ?

Thank you. 

Chang.

Dear Kan_Li.

Issue 3 is cleared. so debugging on Issue 1, 2.

Below log is applet version and config details. 

Thank you.

Chang.

< Log >

[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[INF][cli] Applet Major = 7

[INF][cli] Applet Minor = 2

[INF][cli] Applet patch = 0

[INF][cli] AppletConfig = 3F9F

[INF][cli] With ECDSA_ECDH_ECDHE
[INF][cli]

[INF][cli] With EDDSA
[INF][cli]

[INF][cli] With DH_MONT
[INF][cli]

[INF][cli] With HMAC
[INF][cli]

[INF][cli] WithOut RSA_PLAIN
[INF][cli]

[INF][cli] WithOut RSA_CRT
[INF][cli]

[INF][cli] With AES
[INF][cli]

[INF][cli] With DES
[INF][cli]

[INF][cli] With PBKDF
[INF][cli]

[INF][cli] With TLS
[INF][cli]

[INF][cli] With MIFARE
[INF][cli]

[INF][cli] With I2CM
[INF][cli]

[ERR][cli] Se05x_API_GetFreeMemory Failed(0x6a80)
[INF][cli] Persistent Memory 0x0000
[ERR][cli] Se05x_API_GetFreeMemory Failed(0x6a80)
[INF][cli] Transient Memory 0x0000

Hi @Changhawn ,

Thanks for the info! Is it possible to provide the APDU command log as well? Seems you are using the nano package, so you may build the package with SMLOG_DEBUG_MESSAGES definition to enable the debug log info.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Dear Kan_Li.

Yes , used some API of Nano version. also used Full version.

I have no SMLOG_DEBUG_MESSAGES definition. 

I can not enable any log feature, I2C has problem by log message.

If you need apdu of som API, please tell me the API. I can give you APDU of that API.

Thank you.

Chang.

Hi @Changhawn ,

Looks like the secure objects created in your SE consumed all the memory, so that you had such issue with readidlist, which needs extend APDU format to have a longer size for receiving the secure object list , Please kindly refer to https://community.nxp.com/t5/Secure-Authentication/SE050E-question-for-Se05x-API-GetFreeMemory-and-e... for more details regarding how to enable the extend APDU format in the nano package.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Dear Kan_Li.

Thank you for your support.

One more question about my issue.

With "WITH_PLATFORM_SCP03" and correct enc_key and mac_key,

I can confirm the memory status and deleting object.

Is it(below log 2) normal? ,

But when run the TLS 1.3 Handshake(writing key) , "SM_ERR_SECURITY_STATUS" is returned like log 1.  Could you give what's problem?

Thank you 

Chang.

< log 1 >

[INF][devtask] ECDH compute shared secret with SE050
[SE_APDU] Se05x_API_GetECCurveId is ok keyid(0xef0000ec) retObjectType(49) curveid(5) transientType(2)
[SE_APDU] sss_se05x_key_store_set_ecc_public_key KeyId(0xef000371) keybitlen(521), keyLen(133) ciphertype(40)
[SE_APDU] sss_se05x_key_store_set_ecc_public_key curve_id 5, key_part 32
[SE_APDU] WriteECKey_Ver Failed(0x6982)

SM_ERR_SECURITY_STATUS = 0x6982, // Security status not satisfied

< log 2 >

/* Memory status of SE050 */
show mem...
[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[INF][cli] Establish Secure Channel to SE05x !

[INF][cli] Created scp03 Session

[INF][cli] If 32768 bytes or more bytes are available, 32767 bytes free is reported.
[INF][cli] Persistent Memory 0x7fff
[INF][cli] Transient Memory 0x02bc

/* Run the Se05x_API_DeleteAll_Iterative API */
Delete Object...
[INF][cli] Open Session to SE05x

[INF][cli] Plug and Trust nano package - version: 1.5.4

[INF][cli] Establish Secure Channel to SE05x !

[INF][cli] Created scp03 Session

[INF][cli] Not erasing ObjId=0xF0000103 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000101 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000102 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000100 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000003 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000001 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000002 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000000 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000013 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000012 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0000020 (IoT Hub)
[INF][cli] Not erasing ObjId=0xF0003394 (IoT Hub)
[INF][cli] Not erasing ObjId=0x7FFF020B (Reserved)
[INF][cli] Not erasing ObjId=0x7FFF0204 (Reserved)
[INF][cli] Not erasing ObjId=0x7FFF0202 (Reserved)
[INF][cli] Not erasing ObjId=0x7FFF0201 (Reserved)
[INF][cli] Not erasing ObjId=0x7FFF0206 (Reserved)
SE050 Reset Success !!!
$

Hi @Changhawn ,

If you have successful result only when "WITH_PLATFORM_SCP03" and correct enc_key and mac_key, it means you have enabled platformSCP03 mandatory. 

from log1, I can not comment as no APDU log available, is it possible to open the debug info printing? 

Thanks for your patience!

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------