SE050 can't access Crypto Object after stuck in the middle of operation with it

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SE050 can't access Crypto Object after stuck in the middle of operation with it

2,247 Views
Moriya
Contributor I

Hi,

I need to encrypt and decrypt information using the AES CBC symmetric key. For this purpose, I'm using the SE050 with functions like: sss_se05x_cipher_init, sss_se05x_cipher_update, sss_se05x_cipher_finish. Everything works fine until at times, when I execute the code in the middle of the process before calling sss_se05x_cipher_finish, I encounter an error (usually at the I2C level where the command doesn't pass, resulting in an error and closing the session). The issue arises the next time I attempt to run the code; the crypto object , defined previously for the operation (kSE05x_CryptoObject_AES_CBC_NOPAD), still exists because I couldn't delete it before closing the session, and I didn't manage to access it. I'm unable to delete it, recreate it, or use it. The only solution that worked for me was changing its ID, allowing it to run smoothly until the next occurrence of the problem. Consequently, I'm essentially "burning" various IDs of the crypto object. I would appreciate hearing if there is a way to solve this issue and delete the crypto object even after the session has closed. I should note that 'delete all' did not succeed in deleting these crypto objects.

Thank you very much.

0 Kudos
Reply
10 Replies

2,224 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Moriya ,

 

Is it possible to have the APDU command log when you tried to delete/recreate/use this secure object after the issue happened? and it would be helpful if you also send us the log when you encounter this error.

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

2,180 Views
Moriya
Contributor I

Hi,

Thank you for your attention. I'm attaching the APDU command log for you. I don't have the log from the first occurrence of the issue. If I manage to retrieve it, I will send it to you.

 

Spoiler

sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :sss_se05x_session_open Success
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is with UserID (But Plain).
sss :WARN :!!!Not recommended for production use.!!!

APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xA9A0A0A9

APDU :DEBUG:CreateSession []
APDU :DEBUG:kSE05x_TAG_1 [auth] = 0xA9A0A0A9

APDU :DEBUG:VerifySessionUserID []
APDU :DEBUG:kSE05x_TAG_1 [userId] (Len=6)
31 32 33 34 35 36
App :INFO :sss_se05x_session_open Success

APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB9B1B0B9

APDU :DEBUG:ReadType []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB9B1B0B9

APDU :DEBUG:ReadCryptoObjectList []
Se05x_API_ReadCryptoObjectList found object!!!!: ObjectId: 0xf

APDU :DEBUG:DeleteCryptoObject [], id: 0xf
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xF
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
Failed to delete ObjectId: 0xf

APDU :DEBUG:CipherInit []
APDU :DEBUG:kSE05x_TAG_1 [objectID] = 0xB9B1B0B9
APDU :DEBUG:kSE05x_TAG_2 [cryptoObjectID] = 0xF
APDU :DEBUG:kSE05x_TAG_4 [IV] (Len=16)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
sss :WARN :nxEnsure:'status == SM_OK' failed. At Line:4635 Function:sss_se05x_cipher_init
App :WARN :nxEnsure:'sss_status == kStatus_SSS_Success' failed. At Line:418 Function:SymmetricDataActionMultiBlock
App :ERROR:SymmetricDataAction() Failed !!!: 1010565120
App :WARN :nxEnsure:'sss_status == kStatus_SSS_Success' failed. At Line:367 Function:SymmetricDataAction

APDU :DEBUG:ReadCryptoObjectList []

APDU :DEBUG:DeleteCryptoObject [], id: 0xf
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xF
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
App :ERROR:SymmetricDataAction() Failed !!!...

APDU :DEBUG:CloseSession []

Thank you very much

 

0 Kudos
Reply

2,210 Views
Moriya
Contributor I

Hi,

Thank you for your attention. I'm attaching the APDU command log for you. I don't have the log from the first occurrence of the issue. If I manage to retrieve it, I will send it to you.

 

Spoiler

sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :sss_se05x_session_open Success
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is with UserID (But Plain).
sss :WARN :!!!Not recommended for production use.!!!

APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xA9A0A0A9

APDU :DEBUG:CreateSession []
APDU :DEBUG:kSE05x_TAG_1 [auth] = 0xA9A0A0A9

APDU :DEBUG:VerifySessionUserID []
APDU :DEBUG:kSE05x_TAG_1 [userId] (Len=6)
31 32 33 34 35 36
App :INFO :sss_se05x_session_open Success

APDU :DEBUG:CheckObjectExists []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB9B1B0B9

APDU :DEBUG:ReadType []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB9B1B0B9

APDU :DEBUG:ReadCryptoObjectList []
Se05x_API_ReadCryptoObjectList found object!!!!: ObjectId: 0xf

APDU :DEBUG:DeleteCryptoObject [], id: 0xf
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xF
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
Failed to delete ObjectId: 0xf

APDU :DEBUG:CipherInit []
APDU :DEBUG:kSE05x_TAG_1 [objectID] = 0xB9B1B0B9
APDU :DEBUG:kSE05x_TAG_2 [cryptoObjectID] = 0xF
APDU :DEBUG:kSE05x_TAG_4 [IV] (Len=16)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
sss :WARN :nxEnsure:'status == SM_OK' failed. At Line:4635 Function:sss_se05x_cipher_init
App :WARN :nxEnsure:'sss_status == kStatus_SSS_Success' failed. At Line:418 Function:SymmetricDataActionMultiBlock
App :ERROR:SymmetricDataAction() Failed !!!: 1010565120
App :WARN :nxEnsure:'sss_status == kStatus_SSS_Success' failed. At Line:367 Function:SymmetricDataAction

APDU :DEBUG:ReadCryptoObjectList []

APDU :DEBUG:DeleteCryptoObject [], id: 0xf
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xF
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5722 Function:sss_se05x_TXn
App :ERROR:SymmetricDataAction() Failed !!!...

APDU :DEBUG:CloseSession []

Thank you very much

 

0 Kudos
Reply

2,202 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Moriya ,

 

Thanks for the information! Just wondering what the SE05x variant is on your hands, was it SE050E or SE050C? especially the applet version inside. Please kindly clarify.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

2,197 Views
Moriya
Contributor I

Hi,

I have OM-SE050ARD type.

I receive the following information when I send se05x_GetInfo:

sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :sss_se05x_session_open Success

APDU :DEBUG:GetVersion []
App :INFO :#####################################################

App :INFO :Applet Major = 3

App :INFO :Applet Minor = 1

App :INFO :Applet patch = 0

App :INFO :AppletConfig = 6FFF

 

Thanks,

Moriya

0 Kudos
Reply

2,118 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Moriya ,

 

From the log seems you use a UserID authentication. A crypto object created within an authenticated session can only be used from a session with the same ID as it was created. Was here maybe the authentication changed in between?

Can the object be deleted in the default session (without UserID authentication)? 

 

Please kindly clarify.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

2,104 Views
Moriya
Contributor I

Hi,

The object was created with a specific UserID, but when I attempt to connect with the same UserID, I'm unable to delete it if it wasn't deleted during its initial creation. Additionally, when I open a session without connecting using the UserID, I still cannot delete it.


sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :sss_se05x_session_open Success

APDU :DEBUG:ReadIDList []
APDU :DEBUG:kSE05x_TAG_1 [output offset] = 0x0
APDU :DEBUG:kSE05x_TAG_2 [filter] = 0xFF

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xD1D1D7D9
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xD1D1D7D9 (Others)

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB0B5B5B5
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xB0B5B5B5 (Others)

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB1B5B5B5
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xB1B5B5B5 (Others)

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xB2B5B5B5
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xB2B5B5B5 (Others)

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xD1D1D0D9
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xD1D1D0D9 (Others)

APDU :DEBUG:DeleteSecureObject []
APDU :DEBUG:kSE05x_TAG_1 [object id] = 0xD1D1D0D0
sss :ERROR:(0x6986) Command not allowed ▒ access denied based on object policy.At Line:661 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing ObjId=0xD1D1D0D0 (Others)
Not erasing ObjId=0x7FFF0209 (Reserved)
Not erasing ObjId=0xF0000030 (IoT Hub)
Not erasing ObjId=0xF0000003 (IoT Hub)
Not erasing ObjId=0xF0000001 (IoT Hub)
Not erasing ObjId=0xF0000002 (IoT Hub)
Not erasing ObjId=0xF0000000 (IoT Hub)
Not erasing ObjId=0xF0000012 (IoT Hub)
Not erasing ObjId=0xF0000020 (IoT Hub)
Not erasing ObjId=0x7FFF0204 (Reserved)
Not erasing ObjId=0x7FFF0202 (Reserved)
Not erasing ObjId=0x7FFF0201 (Reserved)
Not erasing ObjId=0x7FFF0206 (Reserved)
Not erasing ObjId=0xF0000123 (IoT Hub)
Not erasing ObjId=0xF0000121 (IoT Hub)
Not erasing ObjId=0xF0000113 (IoT Hub)
Not erasing ObjId=0xF0000111 (IoT Hub)
Not erasing ObjId=0xF0000103 (IoT Hub)
Not erasing ObjId=0xF0000101 (IoT Hub)
Not erasing ObjId=0xF0000122 (IoT Hub)
Not erasing ObjId=0xF0000120 (IoT Hub)
Not erasing ObjId=0xF0000112 (IoT Hub)
Not erasing ObjId=0xF0000110 (IoT Hub)
Not erasing ObjId=0xF0000102 (IoT Hub)
Not erasing ObjId=0xF0000100 (IoT Hub)
Not erasing ObjId=0xF0000011 (IoT Hub)
Not erasing ObjId=0xF0000010 (IoT Hub)
Not erasing ObjId=0xF0000013 (IoT Hub)

APDU :DEBUG:ReadCryptoObjectList []

APDU :DEBUG:DeleteCryptoObject [], id: 0x1c
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0x1C
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=001C
APDU :DEBUG:DeleteCryptoObject [], id: 0xab
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xAB
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=00AB
APDU :DEBUG:DeleteCryptoObject [], id: 0xddd3
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xDDD3
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=DDD3
APDU :DEBUG:DeleteCryptoObject [], id: 0xddd2
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xDDD2
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=DDD2
APDU :DEBUG:DeleteCryptoObject [], id: 0xddd1
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xDDD1
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=DDD1
APDU :DEBUG:DeleteCryptoObject [], id: 0xf
APDU :DEBUG:kSE05x_TAG_1 [cryptoObjectID] = 0xF
sss :ERROR:(0x6985) Conditions not satisfied .At Line:658 Function:se05x_DeCrypt
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:5723 Function:sss_se05x_TXn
Error in erasing CryptoObject=000F
App :ERROR:Failed Se05x_API_DeleteAll: 27013
sss_se05x_session_close

Thanks,

Moriya

0 Kudos
Reply

2,092 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Moriya ,

 

Have you tried to delete it without opening any user session?

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

2,049 Views
Moriya
Contributor I

Hi,

Yes, that's the example I sent you above. I marked the attempt to delete the specific crypto object that I need to remove

Thanks,

Moriya

0 Kudos
Reply

2,043 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @Moriya ,

 

How did you create the AES key in the UserID session? What about the policy you attached to this key? Does it allow to delete in both UserID session and the default session ? Please kindly clarify.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply