sss_key_object_allocate_handle

A_Nawa

Hi Team,

I tried to run TLSClient example according to the following document.

/simw-top/doc/demos/linux/tls_client/tls_client_demo.html

But I got the next error message.Could you give me some advice on what to do to resolve this?

My enviroment is

SE050:raspi3 + OM-SE050ARD-F
OpenSSL: v3.0.12
Plug and Trus Middleware V4.05.00

Error Message is

pi@raspberrypi:~/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts $ python3 provisionTlsClient.py --key_type rsa
loading library from path: /home/pi/Project/nxp/se_mw/simw-top/tools/libsssapisw.so
SE050 Key provisioning script (Rev.0.9).
Executing this script will insert keys in the attached SE050 secure element.
###############################################################
#
# SUBSYSTEM : se05x
# CONNECTION_TYPE : t1oi2c
# CONNECTION_PARAMETER : none
#
###############################################################
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
sss_session_open SUCCESS
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7837 Function:sss_se05x_TXn
client_key file: /home/pi/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client_key.pem
Injecting RSA key pair at key ID: 0x7dccbb30
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7837 Function:sss_se05x_TXn
sss :ERROR:Couldn't check if object id 0x7DCCBB30 exists
sss_key_object_allocate_handle FAILED
Traceback (most recent call last):
File "provisionTlsClient.py", line 365, in <module>
main()
File "provisionTlsClient.py", line 339, in main
status = set_rsa_pair(session, RSA_KEYPAIR_INDEX_CLIENT_PRIVATE, client_key)
File "provisionTlsClient.py", line 185, in set_rsa_pair
status = set_obj.do_set_rsa_key_pair(keyid, client_key, None)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/setkey.py", line 278, in do_set_rsa_key_pair
key_type, cypher_type, policy)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/setkey.py", line 442, in _set_key
self._key_object_mode)
File "/home/pi/Project/nxp/se_mw/simw-top/pycli/src/sss/keyobject.py", line 71, in allocate_handle
raise Exception("sss_key_object_allocate_handle %s" % status_to_str(status))
Exception: sss_key_object_allocate_handle FAILED

Kan_Li

Hi @A_Nawa ,

Was OM-SE050ARD-F still used in this test? As far as I know, OM-SE050ARD-F doesn't support ECC crypto schemes except ECDSA.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Kan_Li

Hi @A_Nawa ,

I noticed you use OM-SE050ARD-F in the test, did you enable platformSCP03 in the authentication type when you build the MW? Please note for SE050F SCP03 is mandatory. Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12436.pdf for details.

Please refer to chapter 5 in https://www.nxp.com.cn/docs/en/application-note/AN12570.pdf for more details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

A_Nawa

Hi Kan_Li,

Thank you for you support.

Yes, I use OM-SE050ARD-F with raspi3. I enabled platformSCP03 when I build the MW.

The se05_Minimal command exuecution was success.

pi@raspberrypi:~/Project/nxp/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin $ ./se05x_Minimal
App :INFO :PlugAndTrust_v04.05.00_20231201
App :INFO :Running ./se05x_Minimal
App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
App :INFO :mem=29468
App :INFO :se05x_Minimal Example Success !!!...
App :INFO :ex_sss Finished

But I still got the next error when I run the provisionTlsClient.py.

sss :ERROR:Couldn't check if object id 0x7DCCBB30 exists
sss_key_object_allocate_handle FAILED

Kan_Li

Hi @A_Nawa ,

For python scripts , you have to specify the auth type as well as the platform scp keys. Please kindly refer to the following for details.

ubuntu@ubuntu:~/simw-top/demos/linux/tls_client/scripts$ python3 provisionTlsClient.py --key_type rsa --auth_type PlatformSCP --scpkey ~/simw-top_build/simw-top-eclipse_jrcpv1/bin/se050F_scp_keys.txt
loading library from path: /home/ubuntu/simw-top/tools/libsssapisw.so
SE050 Key provisioning script (Rev.0.9).
Executing this script will insert keys in the attached SE050 secure element.
###############################################################
#
# SUBSYSTEM : se05x
# CONNECTION_TYPE : t1oi2c
# CONNECTION_PARAMETER : none
#
###############################################################
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41
54 50 4F
sss_session_open SUCCESS
client_key file: /home/ubuntu/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client_key.pem
Injecting RSA key pair at key ID: 0x7dccbb30
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss_key_object_allocate_handle SUCCESS
sss_key_store_set_key SUCCESS
sss_key_store_save SUCCESS
Successfully Injected RSA key pair.
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_get_handle SUCCESS
sss_key_store_get_key SUCCESS
Successfully Created reference key.
certificate file: /home/ubuntu/simw-top/demos/linux/tls_client/scripts/../credentials/RSA/tls_client.cer
Injecting Certificate at key ID: 0x7dccbb31
sss_key_store_context_init SUCCESS
sss_key_store_allocate SUCCESS
sss_key_object_init SUCCESS
sss_key_object_init SUCCESS
sss_key_object_allocate_handle SUCCESS
sss_key_store_set_key SUCCESS
sss_key_store_save SUCCESS
Successfully Injected Certificate.
Closing port
##############################################################
# #
# Program Completed Successfully #
# #
##############################################################
ubuntu@ubuntu:~/simw-top/demos/linux/tls_client/scripts$

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

A_Nawa

Hi Kan_Li,

The provisionTlsClient.py executed successfully with --auth_type PlatformSCP.

Thank you for your support.

Next I try to run the ./tlsExtendedSeClient.sh. But I got the next error message,

Could you give me some advice on what to do?

pi@raspberrypi:~/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts $ ./tlsExtendedSeClient.sh 192.168.121.15 EC

/home/pi/Project/nxp/se_mw/simw-top/demos/linux/tls_client/scripts

IOT_SE=se050

Config file is loaded in C example

Connecting to 192.168.121.15:8080

>> ../build/tlsSe050Client 192.168.121.15:8080 EC ../credentials/prime256v1/tls_rootca.cer nxp:0x7DCCBB10

../build/tlsSe050Client (Rev.0.9.2)

servername:port = 192.168.121.15:8080

keyType: EC

rootCA: ../credentials/prime256v1/tls_rootca.cer

clientKey: nxp:0x7DCCBB10

wrapConnectToSe: Open connection to secure element.

App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.

App :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH

sss :INFO :atr (Len=35)

00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08

01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41

54 50 4F

sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7837 Function:sss_se05x_TXn

sss :WARN :nxEnsure:'status == SM_OK' failed. At Line:4541 Function:sss_se05x_key_store_get_key

Fetching client certificate fails with status code: 0x3c3c0000.

Failed to retrieve client certificate.

******** TLS Client Example (Credentials in Secure Element) = Fail ********

"../build/tlsSe050Client 192.168.121.15:8080 EC ../credentials/prime256v1/tls_rootca.cer nxp:0x7DCCBB10" failed to run successfully, returned 1

Kan_Li

Hi @A_Nawa ,

Was OM-SE050ARD-F still used in this test? As far as I know, OM-SE050ARD-F doesn't support ECC crypto schemes except ECDSA.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------