change read policy for shared secret

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

change read policy for shared secret

641 次查看
ziml
Contributor I

Hi,

I am trying to implement the mbedtls_ecdh_compute_shared with the SE050. 
You can find the implementation in the attached file. I followed more or less the implementation in ecdh_alt_ax.c, except that I only covered the case for MBEDTLS_ECP_DP_SECP256R1.

Now on the last function call which is sss_key_store_get_key i get SM_ERR_ACCESS_DENIED_BASED_ON_POLICY using session-less access.

According to the APDU spec (SE050 APDU Specification - 3.7.1.4 Table 11) symmetric keys do not have the policy object POLICY_OBJ_ALLOW_READ but the implementation in the plug and trust MW in ecdh_alt_ax.c does read the shared secret anyways. (have not tried to run it though)

How can I read the key and write it to the mbedtls context?

Thank you!

标签 (1)
标记 (1)
0 项奖励
0 回复数