Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / doc / hostlib / hostLib / accessManager / doc / accessManager.html
blob: 0b6944f55ed1f81fea76abb82fdfa07b7acff68c [file] [log] [blame]
<!DOCTYPE html>
<!--
Copyright 2019 NXP
This software is owned or controlled by NXP and may only be used
strictly in accordance with the applicable license terms. By expressly
accepting such terms or by downloading, installing, activating and/or
otherwise using the software, you are agreeing that you have read, and
that you agree to comply with and are bound by, such license terms. If
you do not agree to be bound by the applicable license terms, then you
may not retain, install, activate or otherwise use the software.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>5.4.3. Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet &#8212; Plug &amp; Trust MW v03.00.05 documentation</title>
<link rel="stylesheet" href="../../../../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../../../../_static/graphviz.css" />
<script id="documentation_options" data-url_root="../../../../" src="../../../../_static/documentation_options.js"></script>
<script src="../../../../_static/jquery.js"></script>
<script src="../../../../_static/underscore.js"></script>
<script src="../../../../_static/doctools.js"></script>
<script src="../../../../_static/language_data.js"></script>
<link rel="index" title="Index" href="../../../../genindex.html" />
<link rel="search" title="Search" href="../../../../search.html" />
<link rel="next" title="5.5.1. OPC UA (Open62541) Demo" href="../../../../demos/opc_ua/doc/readme.html" />
<link rel="prev" title="5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3" href="../../../../demos/linux/tls_client/tls_client_demo.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<script type="text/javascript" src="../../../../_static/js/jquery-1.11.0.min.js "></script>
<script type="text/javascript" src="../../../../_static/js/jquery-fix.js "></script>
<script type="text/javascript" src="../../../../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script>
<script type="text/javascript" src="../../../../_static/bootstrap-sphinx.js "></script>
</head><body>
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../../../../toc.html"><span><img src="../../../../_static/NXP_logo_JPG.jpg"></span>
MW</a>
<span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../../../../toc.html">TOC <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"><ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../../index.html">1. NXP Plug &amp; Trust Middleware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../organization-of-documentation.html">1.1. Organization of Documentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../folder-structure.html">1.2. Folder Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../changes/index.html">2. Changes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/pending.html">2.1. Pending Refactoring items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/pending.html#known-limitations">2.2. Known limitations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../stack/index.html">3. Plug &amp; Trust MW Stack</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/features.html">3.1. Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug &amp; Trust MW : Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss-apis.html">3.3. SSS APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/param_checks.html">3.5. Parameter Check &amp; Conventions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/logging.html">3.7. Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/auth/auth-objects.html">3.10. Auth Objects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../building/index.html">4. Building / Compiling</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/windows.html">4.1. Windows Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/imx6.html">4.4. i.MX Linux Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/rpi3.html">4.5. Raspberry Pi Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../building/cmake.html">4.6. CMake</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../scripts/cmake_options.html">4.7. CMake Options</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../../../../demos/index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../../../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../semslite/doc/index.html">7. SEMS Lite Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_api.html">7.6. APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../plugins/index.html">8. Plugins / Add-ins</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../plugins/akm.html">8.4. Android Key master</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../cli-tool.html">9. CLI Tool</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../a71ch.html">10. A71CH</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../a71ch/a71ch_sss.html">10.1. A71CH and SSS API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../a71ch/a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../a71ch/a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../a71ch/a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../a71ch/a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../appendix.html">11. Appendix</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/glossary.html">11.1. Glossary</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../dev-platforms.html">11.5. Development Platforms</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/version_info.html">11.7. Version Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../api/api_list.html">11.12. Plug &amp; Trust MW APIs</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li class="dropdown">
<a role="button"
id="dLabelLocalToc"
data-toggle="dropdown"
data-target="#"
href="#">Page <b class="caret"></b></a>
<ul class="dropdown-menu localtoc"
role="menu"
aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">5.4.3. Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet</a><ul>
<li><a class="reference internal" href="#summary">5.4.3.1. Summary</a></li>
<li><a class="reference internal" href="#usage">5.4.3.2. Usage</a></li>
<li><a class="reference internal" href="#build">5.4.3.3. Build</a></li>
<li><a class="reference internal" href="#demo-concurrent-access-from-2-processes-using-openssl-engine">5.4.3.4. Demo: concurrent access from 2 processes using OpenSSL engine</a></li>
<li><a class="reference internal" href="#example-programs-prepared-for-concurrent-access">5.4.3.5. Example programs prepared for concurrent access</a></li>
<li><a class="reference internal" href="#concepts-features">5.4.3.6. Concepts &amp; Features</a></li>
<li><a class="reference internal" href="#restrictions">5.4.3.7. Restrictions</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li>
<a href="../../../../demos/linux/tls_client/tls_client_demo.html" title="Previous Chapter: 5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">&laquo; 5.4.2. OpenSS...</span>
</a>
</li>
<li>
<a href="../../../../demos/opc_ua/doc/readme.html" title="Next Chapter: 5.5.1. OPC UA (Open62541) Demo"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">5.5.1. OPC UA... &raquo;</span>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-3">
<div id="sidebar" class="bs-sidenav" role="complementary">
<div class="sidebar-header">
<h3>Plug &amp; Trust MW</h3>
</div>
<div class="row">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../../index.html">1. NXP Plug &amp; Trust Middleware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../changes/index.html">2. Changes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../stack/index.html">3. Plug &amp; Trust MW Stack</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../building/index.html">4. Building / Compiling</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../../../demos/index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../../../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../../../demos/linux/sss_pkcs11/Readme.html">5.4.1. Greengrass Demo for Linux</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../../../demos/linux/tls_client/tls_client_demo.html">5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">5.4.3. Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../../demos/index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../semslite/doc/index.html">7. SEMS Lite Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../plugins/index.html">8. Plugins / Add-ins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../cli-tool.html">9. CLI Tool</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../a71ch.html">10. A71CH</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../appendix.html">11. Appendix</a></li>
</ul>
</div>
<div class="row">
<form class="form" action="../../../../search.html" method="get">
<div class="form-group">
<label for="Search">Search:</label>
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="body col-md-9 content" role="main">
<div class="section" id="access-manager-manage-access-from-multiple-linux-processes-to-an-se05x-iot-applet">
<span id="accessmanager"></span><h1><span class="section-number">5.4.3. </span>Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet<a class="headerlink" href="#access-manager-manage-access-from-multiple-linux-processes-to-an-se05x-iot-applet" title="Permalink to this headline"></a></h1>
<ul class="simple">
<li><p>DocRevision : 0.93</p></li>
<li><p>Date : 2020-10-20</p></li>
</ul>
<div class="section" id="summary">
<h2><span class="section-number">5.4.3.1. </span>Summary<a class="headerlink" href="#summary" title="Permalink to this headline"></a></h2>
<p>The Access Manager supports concurrent access from multiple linux processes to an
SE05x IoT applet.
The Access Manager can establish a connection to the SE05x either as a plain connection
or as an SCP03 platform connection.
Client processes connect over the JRCPv1 protocol to the accessManager.
Refer to <a class="reference internal" href="#accessmanager-concepts"><span class="std std-ref">Concepts &amp; Features</span></a> for more details.</p>
</div>
<div class="section" id="usage">
<span id="accessmanager-usage"></span><h2><span class="section-number">5.4.3.2. </span>Usage<a class="headerlink" href="#usage" title="Permalink to this headline"></a></h2>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>The accessManager takes two optional arguments &#39;plain&#39; &amp; &#39;any&#39;
&#39;accessManager&#39;:
Platform SCP03: ON.
Incoming connection: localhost.
&#39;accessManager plain&#39;:
Platform SCP03: OFF.
Incoming connection: localhost.
&#39;accessManager any&#39;:
Platform SCP03: ON.
Incoming connection: any supported address.
&#39;accessManager plain any&#39;:
Platform SCP03: OFF.
Incoming connection: any supported address.
Note:
Product Deployment =&gt; Enable Platform SCP03 &amp; restrict incoming connection to localhost
</pre></div>
</div>
<p>In case STREAM sockets are used (currently the only socket type supported) client processes must connect
to port 8040.</p>
<p>As an example:</p>
<ul>
<li><p>The Access Manager is running on iMX and opens a listening STREAMING socket. Incoming connections can be restricted
to client processes connecting over localhost.</p>
<p>Example invocation. Notice that the Platform SCP03 keys are passed through an environment variable:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx8mqevk:~/mnt/git/simw-top_build_imx8_5_4_24/imx_native_se050_t1oi2c# \
EX_SSS_BOOT_SCP03_PATH=/home/root/plain_scp03.txt bin/accessManager
Starting accessManager (Rev.0.9).
Protect Link between accessManager and SE: YES.
accessManager JRCPv1 (T1oI2C SE side)
******************************************************************************
Server: waiting for connections on port 8040.
Server: only localhost based processes can connect.
</pre></div>
</div>
</li>
<li><p>client process connects via JRCPv1 to 127.0.0.1:8040</p>
<p>Example invocation. Notice that the server address is set through an environment variable.
In a product deployment the default server:port address can also be hard-coded to the proper value:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx8mqevk:~/home/root# EX_SSS_BOOT_SSS_PORT=127.0.0.1:8040 se05x_ConcurrentEcc
</pre></div>
</div>
</li>
</ul>
</div>
<div class="section" id="build">
<span id="accessmanager-build"></span><h2><span class="section-number">5.4.3.3. </span>Build<a class="headerlink" href="#build" title="Permalink to this headline"></a></h2>
<ul>
<li><p>The Access Manager must be built as a statically linked executable as its communication and authentication layer is different from
the client processes that connect to it.</p>
<p>Build settings to support access to SE05x on iMX host platform (to be applied on top of a configured host build area):</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>cmake -DSCP:STRING=SCP03_SSS -DSE05X_Auth:STRING=PlatfSCP03 -DSMCOM:STRING=T1oI2C \
-DWithSharedLIB:BOOL=OFF -DPAHO_BUILD_SHARED:BOOL=FALSE -DPAHO_BUILD_STATIC:BOOL=TRUE .
cmake --build . --target accessManager
</pre></div>
</div>
</li>
<li><p>The client processes that connect to the Access Manager must be built in a separate build environment.
All session authentication mechanisms are supported, platform SCP03 must be off (platform SCP03 is handled by the Access Manager).</p>
<p>Build settings for client processes connecting via Access Manager, in the example no session authentication is used (to be applied on top of a configured host build area):</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>cmake -DSE05X_Auth:STRING=None -DSMCOM:STRING=JRCP_V1 .
cmake --build .
</pre></div>
</div>
</li>
</ul>
</div>
<div class="section" id="demo-concurrent-access-from-2-processes-using-openssl-engine">
<h2><span class="section-number">5.4.3.4. </span>Demo: concurrent access from 2 processes using OpenSSL engine<a class="headerlink" href="#demo-concurrent-access-from-2-processes-using-openssl-engine" title="Permalink to this headline"></a></h2>
<ul>
<li><p>The example requires an embedded Linux platform (e.g. an iMX8) with an attached SE05X. Interaction with the iMX8 is over 3 different
shells. These shells can e.g. be established via ssh from a PC on the same network.</p></li>
<li><p>Build the Access Manager in a dedicated workarea, follow build instructions as above. Select static linking, enable Platform SCP03
and use T1oI2C as communication protocol.</p></li>
<li><p>Build the Plug&amp;Trust package in a dedicated workarea, follow build instructions as above. Select None as authentication mode and
use JRCPv1 as communication protocol.</p></li>
<li><p>Start the Access Manager from a dedicated shell (to simplify the demo, Platform SCP03 is not enabled):</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>./accessManager plain
</pre></div>
</div>
</li>
<li><p>Open another shell and configure the attached Secure Element once using the ssscli tool
(ensure the installed ssscli tool uses JCRPv1 as communication protocol, refer to <a class="reference internal" href="../../../../pycli/doc/pre-steps.html#ssscli-interface"><span class="std std-ref">Communication interface (cmake SMCOM setting)</span></a>):</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>cd &lt;plug_and_trust&gt;/simw-top/sss/plugin/openssl/scripts
python3 openssl_provisionEC.py --key_type prime256v1 --connection_data 127.0.0.1:8040
</pre></div>
</div>
</li>
<li><p>From the same shell invoke the OpenSSL Engine to perform various sign/verify operations using the provisioned EC key pairs:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>python3 openssl_EccSign.py --key_type prime256v1 --connection_data 127.0.0.1:8040
</pre></div>
</div>
</li>
<li><p>Open another shell and invoke the OpenSSL Engine to perform various sign/verify operations using the provisioned EC key pairs:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>cd &lt;plug_and_trust&gt;/simw-top/sss/plugin/openssl/scripts
python3 openssl_EccSign.py --key_type prime256v1 --connection_data 127.0.0.1:8040 --output_dirname output3
</pre></div>
</div>
</li>
<li><p>The respective ‘openssl_EccSign.py’ invocations can be repeated, ensure both process invocations run in parallel.</p></li>
</ul>
</div>
<div class="section" id="example-programs-prepared-for-concurrent-access">
<h2><span class="section-number">5.4.3.5. </span>Example programs prepared for concurrent access<a class="headerlink" href="#example-programs-prepared-for-concurrent-access" title="Permalink to this headline"></a></h2>
<p>The demo folder of the Plug&amp;Trust MW package contains two SSS API based example programs that are compatible with concurrent access
requirements like:</p>
<ul class="simple">
<li><p>ability to select a specific (optional) authentication object ID</p></li>
<li><p>provisioned content of secure element is not erased at project start-up</p></li>
</ul>
<p>For more details on these examples refer to:</p>
<ul class="simple">
<li><p><a class="reference internal" href="../../../../demos/se05x/se05x_ConcurrentEcc/readme.html#se05x-concurrentecc"><span class="std std-numref">Section 5.7.27</span></a> <a class="reference internal" href="../../../../demos/se05x/se05x_ConcurrentEcc/readme.html#se05x-concurrentecc"><span class="std std-ref">ECC Concurrent Example</span></a></p></li>
<li><p><a class="reference internal" href="../../../../demos/se05x/se05x_ConcurrentSymm/readme.html#se05x-concurrentsymm"><span class="std std-numref">Section 5.7.28</span></a> <a class="reference internal" href="../../../../demos/se05x/se05x_ConcurrentSymm/readme.html#se05x-concurrentsymm"><span class="std std-ref">Symmetric Multi Step Concurrent Example</span></a></p></li>
</ul>
</div>
<div class="section" id="concepts-features">
<span id="accessmanager-concepts"></span><h2><span class="section-number">5.4.3.6. </span>Concepts &amp; Features<a class="headerlink" href="#concepts-features" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><p>The Access Manager uses plain communication or platform SCP03 in the communication with the SE. Select the mode at start-up.</p></li>
<li><p>Client processes connect to the accessManager using the JRCPv1 protocol</p></li>
<li><p>The user session authentication type is determined at the client build time.
User session authentication is transparent to the Access Manager.</p></li>
<li><p>The Access Manager ensures APDU command / response pairs associated with a client process are executed without interference
from another client process.</p></li>
<li><p>The Access Manager does not connect to the SE05x at start up. It waits until a client process initiates a connection.</p></li>
<li><p>When a client process selects the SE05x IoT applet the applet response is
cached by the Access Manager, a subsequent SE05x IoT applet select by a client process will simply return the cached
applet response.</p></li>
<li><p>A card manager select command is intercepted by the Access Manager and a pre-cooked response is provided to the
initiating client process. No interaction with the secure element takes place.</p></li>
</ul>
<p>The following figure illustrates the Access Manager is an independent process on the Embedded System
providing indirect access to the Secure Element for client processes.</p>
<img alt="../../../../_images/block_diagram.png" src="../../../../_images/block_diagram.png" />
<p>The following sequence diagram illustrates two processes connecting through the Access Manager to the Secure Element.</p>
<img alt="../../../../_images/0010_2clients_none.png" src="../../../../_images/0010_2clients_none.png" />
</div>
<div class="section" id="restrictions">
<h2><span class="section-number">5.4.3.7. </span>Restrictions<a class="headerlink" href="#restrictions" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><p>Each user session needs to have a different authentication object; i.e. one Authentication Object
cannot be used to open multiple sessions in parallel. This limitation is inherent to the SE05x user
session concept.</p></li>
<li><p>The SE05x does not support more than two active user sessions (based upon either a User ID, AES Key or EC Key
authentication object). The Access Manager does not and - conceptually - cannot monitor the number of active user sessions.</p></li>
<li><p>The Access Manager only supports concurrent access to the SE05x IoT applet. Do not access
other applets than the SE05x applet through the Access Manager.</p></li>
<li><p>The Access Manager does not attempt to re-establish a broken connection to the SE05x. To recognize and recover from a broken
connection, a system integrator must monitor failure to communicate to the Secure Element by the client processes.
As and if required the Access Manager must be restarted and the affected client processes must reconnect to the
Access Manager.</p></li>
<li><p>A client process establishing a user session with the SE05x applet must always close the user session prior to disconnecting
from the Access Manager.</p></li>
<li><p>Selecting another applet than the SE05x IoT applet is possible but strongly discouraged and not supported.</p></li>
<li><p>The Access Manager <strong>does not</strong> :</p>
<ul>
<li><p>Handle power management</p></li>
<li><p>Keep track of Secure Element resources</p></li>
</ul>
</li>
<li><p>In a typical deployment the Access Manager and client processes are controlled by
another – product specific - entity on the Embedded System:</p>
<ul>
<li><p>In case of an applet update, the Access Manager must be shut down and control of the
secure element must be handed over to the SEMS Lite update manager.</p></li>
<li><p>A credential update must be coordinated between the consuming processes and the
updating process. Such coordination is out-of-scope of the Access Manager</p></li>
</ul>
</li>
<li><p>Transparent usage of the OpenSSL Engine from different applications implies
either no user session (Auth=None) or using the OpenSSL Engine from
isolated environments (with different authentication settings).
This restriction does not apply to applications built directly on top of the SSS API.</p></li>
<li><p>The SSS layer’s implementation of multistep symmetric ciphers does
not allow concurrent execution of ciphers with the same cipher mode (e.g. twice kAlgorithm_SSS_AES_CBC).</p></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
&copy; Copyright 2018-2020, NXP.<br/>
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/>
</p>
</div>
</footer>
</body>
</html>