change read policy for shared secret

cancel
Showing results for 
Search instead for 
Did you mean: 

change read policy for shared secret

149 Views
ziml
Contributor I

Hi,

I am trying to implement the mbedtls_ecdh_compute_shared with the SE050. 
You can find the implementation in the attached file. I followed more or less the implementation in ecdh_alt_ax.c, except that I only covered the case for MBEDTLS_ECP_DP_SECP256R1.

Now on the last function call which is sss_key_store_get_key i get SM_ERR_ACCESS_DENIED_BASED_ON_POLICY using session-less access.

According to the APDU spec (SE050 APDU Specification - 3.7.1.4 Table 11) symmetric keys do not have the policy object POLICY_OBJ_ALLOW_READ but the implementation in the plug and trust MW in ecdh_alt_ax.c does read the shared secret anyways. (have not tried to run it though)

How can I read the key and write it to the mbedtls context?

Thank you!

Labels (1)
Tags (1)
0 Kudos
0 Replies