Hi Team,
I tried to run TLSClient example according to the following document.
/simw-top/doc/demos/linux/tls_client/tls_client_demo.html
But I got the next error message.Could you give me some advice on what to do to resolve this?
My enviroment is
SE050:raspi3 + OM-SE050ARD-F
OpenSSL: v3.0.12
Plug and Trus Middleware V4.05.00
Error Message is
pi@raspberrypi:~/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts $ python3 provisionTlsClient.py --key_type rsa
loading library from path: /home/pi/Project/nxp/se_mw/simw-top/tools/libsssapisw.so
SE050 Key provisioning script (Rev.0.9).
Executing this script will insert keys in the attached SE050 secure element.
###############################################################
#
# SUBSYSTEM : se05x
# CONNECTION_TYPE : t1oi2c
# CONNECTION_PARAMETER : none
#
###############################################################
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
sss_session_open SUCCESS
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7837 Function:sss_se05x_TXn
client_key file: /home/pi/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client_key.pem
Injecting RSA key pair at key ID: 0x7dccbb30
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7837 Function:sss_se05x_TXn
sss :ERROR:Couldn't check if object id 0x7DCCBB30 exists
sss_key_object_allocate_handle FAILED
Traceback (most recent call last):
File "provisionTlsClient.py", line 365, in <module>
main()
File "provisionTlsClient.py", line 339, in main
status = set_rsa_pair(session, RSA_KEYPAIR_INDEX_CLIENT_PRIVATE, client_key)
File "provisionTlsClient.py", line 185, in set_rsa_pair
status = set_obj.do_set_rsa_key_pair(keyid, client_key, None)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/setkey.py", line 278, in do_set_rsa_key_pair
key_type, cypher_type, policy)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/setkey.py", line 442, in _set_key
self._key_object_mode)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/keyobject.py", line 71, in allocate_handle
raise Exception("sss_key_object_allocate_handle %s" % status_to_str(status))
Exception: sss_key_object_allocate_handle FAILED
Solved! Go to Solution.
Hi @A_Nawa ,
Was OM-SE050ARD-F still used in this test? As far as I know, OM-SE050ARD-F doesn't support ECC crypto schemes except ECDSA.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @A_Nawa ,
I noticed you use OM-SE050ARD-F in the test, did you enable platformSCP03 in the authentication type when you build the MW? Please note for SE050F SCP03 is mandatory. Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12436.pdf for details.
Please refer to chapter 5 in https://www.nxp.com.cn/docs/en/application-note/AN12570.pdf for more details.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kan_Li,
Thank you for you support.
Yes, I use OM-SE050ARD-F with raspi3. I enabled platformSCP03 when I build the MW.
The se05_Minimal command exuecution was success.
pi@raspberrypi:~/Project/nxp/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin $ ./se05x_Minimal
App :INFO :PlugAndTrust_v04.05.00_20231201
App :INFO :Running ./se05x_Minimal
App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :mem=29468
App :INFO :se05x_Minimal Example Success !!!...
App :INFO :ex_sss Finished
But I still got the next error when I run the provisionTlsClient.py.
sss :ERROR:Couldn't check if object id 0x7DCCBB30 exists
sss_key_object_allocate_handle FAILED
Hi @A_Nawa ,
For python scripts , you have to specify the auth type as well as the platform scp keys. Please kindly refer to the following for details.
ubuntu@ubuntu:~/simw-top/demos/linux/tls_client/scripts$ python3 provisionTlsClient.py --key_type rsa --auth_type PlatformSCP --scpkey ~/simw-top_build/simw-top-eclipse_jrcpv1/bin/se050F_scp_keys.txt
loading library from path: /home/ubuntu/simw-top/tools/libsssapisw.so
SE050 Key provisioning script (Rev.0.9).
Executing this script will insert keys in the attached SE050 secure element.
###############################################################
#
# SUBSYSTEM : se05x
# CONNECTION_TYPE : t1oi2c
# CONNECTION_PARAMETER : none
#
###############################################################
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss_session_open SUCCESS
client_key file: /home/ubuntu/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client_key.pem
Injecting RSA key pair at key ID: 0x7dccbb30
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss_key_object_allocate_handle SUCCESS
sss_key_store_set_key SUCCESS
sss_key_store_save SUCCESS
Successfully Injected RSA key pair.
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_get_handle SUCCESS
sss_key_store_get_key SUCCESS
Successfully Created reference key.
certificate file: /home/ubuntu/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client.cer
Injecting Certificate at key ID: 0x7dccbb31
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss_key_object_allocate_handle SUCCESS
sss_key_store_set_key SUCCESS
sss_key_store_save SUCCESS
Successfully Injected Certificate.
Closing port
##############################################################
# #
# Program Completed Successfully #
# #
##############################################################
ubuntu@ubuntu:~/simw-top/demos/linux/tls_client/scripts$
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kan_Li,
The provisionTlsClient.py executed successfully with --auth_type PlatformSCP.
Thank you for your support.
Next I try to run the ./tlsExtendedSeClient.sh. But I got the next error message,
Could you give me some advice on what to do?
Hi @A_Nawa ,
Was OM-SE050ARD-F still used in this test? As far as I know, OM-SE050ARD-F doesn't support ECC crypto schemes except ECDSA.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------