blob: be6eab39271d8d7ffcd39b4ff7d89c3a1d4f4ac2 [file] [log] [blame]
..
Copyright 2019,2020 NXP
.. highlight:: bat
.. _se05x_ConcurrentSymm:
=======================================================================
Symmetric Multi Step Concurrent Example
=======================================================================
This project demonstrates Symmetric Multi step operations.
using SSS APIs. On a multiprocess OS it can be run as multiple instances.
Before running an instance ensure the secure element.is properly provisioned.
The block cipher mode to apply (ECB or CBC) can be chosen by the user.
The utility :ref:`delete-and-test-provision` can be used to provision the authentication
objects used by this example. Invoke ``se05x_Delete_and_test_provision`` once during
the preparation of the demo.
The authentication objects are required for user sessions of
type UserID/AESKey/ECKey.
Building the Demo
=======================================================================
- Build Plug & Trust middleware stack. (Refer :ref:`building`)
- When used in combination with Access Manager compile for SMCOM = JRCPv1
Restrictions
=======================================================================
- Each user session needs to have a different authentication object
- The same block cipher mode cannot be used for two concurrent client processes.
If one process uses ECB the other must use CBC.
This is a restriction from the SSS layer.
Running the Example in combination with the Access Manager
=======================================================================
For additional information on the AccessManager refer to :ref:`accessManager`.
.. _se05x_ConcurrentSymm-usage:
Usage
========================================================
The client process opens an authenticated user session (None/UserID/AESkey/ECkey) configured at build time.
The user session must be without platform SCP03. Platform SCP03 is handled by the Access Manager.
The client process connects to the AccessManager over JRCPv1.
Two concurrent client processes (establishing a user session) can connect to the AccessManager.
This program takes 5 command line arguments:
- authid: Authentication object id with which the session can be opened. It can be of type UserID/AESkey/ECkey (or authentication type 'None').
In case the user session authentication is of type 'None' pass '0' as argument
- keyid: The id at which the symmetric key has to be stored, use a unique value per process.
- algo: Block cipher mode, use 1 for ECB and 2. for CBC
- count (optional argument): Number of times the crypto operation will be repeated.
- port: Connection port to AccessManager. e.g. 127.0.0.1:8040
An example invocation of the program is::
./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040
Concurrent Usage
==========================================================
The following command invocations illustrate how two processes connect to the AccessManger using different
Authentication Id's and (functional) key Id's.
The following Authentication Id's are provisioned in SE using the "delete & provision" utility
====== ========== ==========
AuthId 1 2
====== ========== ==========
UserID 0x7DA00001 0x7DA00011
------ ---------- ----------
AESkey 0x7DA00002 0x7DA00012
------ ---------- ----------
ECKey 0x7DA00003 0x7DA00013
====== ========== ==========
KeyId can be anything above 0xEF000000, choose a different value for each client process.
- ECB Enc/Dec CBC Enc/Dec Auth=ID Auth=AES
- ./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040
- ./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002235 -algo 2 -cnt 100 -port 127.0.0.1:8040
- ECB Enc/Dec CBC Enc/Dec Auth=ID_1 Auth=ID_2
- ./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002236 -algo 1 -cnt 100 -port 127.0.0.1:8040
- ./se05x_ConcurrentSymm -authid 0x7DA00011 -keyid 0xEF002237 -algo 2 -cnt 100 -port 127.0.0.1:8040
- ECB Enc/Dec; CBC Enc/Dec Auth=EC Auth=AES
- ./se05x_ConcurrentSymm -authid 0x7DA00003 -keyid 0xEF002238 -algo 1 -cnt 100 -port 127.0.0.1:8040
- ./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002239 -algo 2 -cnt 100 -port 127.0.0.1:8040