5.7.26. ECC Concurrent Example

This project demonstrates Elliptic Curve Cryptography sign and verify operations using SSS APIs. On a multiprocess OS it can be run as multiple instances. Before running an instance ensure the secure element is properly provisioned. The utility Delete and Test Provision can be used to provision the authentication objects used by this example. Invoke se05x_Delete_and_test_provision once during the preparation of the demo. The authentication objects are required for user sessions of type UserID/AESKey/ECKey.

5.7.26.1. Building the Demo

  • Build Plug & Trust middleware stack. (Refer Building / Compiling)

  • When used in combination with Access Manager compile for SMCOM = JRCPv1

5.7.26.2. Restrictions

  • Each user session needs to have a different authentication object

5.7.26.3. Running the Example in combination with the Access Manager

For additional information on the AccessManager refer to Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet.

5.7.26.4. Usage

The client process opens an authenticated user session (None/UserID/AESkey/ECkey) configured at build time. The user session must be without platform SCP03. Platform SCP03 is handled by the Access Manager.

The client process connects to the AccessManager over JRCPv1.

Two concurrent client processes (establishing a user session) can connect to the AccessManager.

This program takes 4 command line arguments:

  • authid: Authentication object id with which the session can be opened. It can be of type UserID/AESkey/ECkey (or authentication type ‘None’). In case the user session authentication is of type ‘None’ pass ‘0’ as argument

  • keyid: The id at which the functional Ec key pair will be stored, use a unique value per process.

  • count (optional argument): Number of times the Ec Sign Verify operation will be repeated

  • port: Connection port to AccessManager. e.g. 127.0.0.1:8040

An example invocation of the program (passing the Authentication Id of a UserID object) is:

./se05x_ConcurrentEcc -authid 0x7DA00001 -keyid 0xEF001234 -cnt 100 -port 127.0.0.1:8040

5.7.26.5. Concurrent Usage

The following command invocations illustrate how two processes connect to the AccessManger using different Authentication Id’s and (functional) key Id’s.

The following Authentication Id’s are provisioned in SE using the “delete & provision” utility

AuthId

1

2

UserID

0x7DA00001

0x7DA00011

AESkey

0x7DA00002

0x7DA00012

ECKey

0x7DA00003

0x7DA00013

KeyId can be anything above 0xEF000000, choose a different value for each client process.

  • Ec Sign / Verify Auth=ID_1 Auth=ID_2

    • ./se05x_ConcurrentEcc -authid 0x7DA00001 -keyid 0xEF001234 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentEcc -authid 0x7DA00011 -keyid 0xEF001244 -cnt 100 -port 127.0.0.1:8040

  • Ec Sign / Verify Auth=None Auth=EC

    • ./se05x_ConcurrentEcc -authid 0 -keyid 0xEF001236 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentEcc -authid 0x7DA00003 -keyid 0xEF001246 -cnt 100 -port 127.0.0.1:8040

  • Ec Sign / Verify Auth=AES_1 Auth=AES_2

    • ./se05x_ConcurrentEcc -authid 0x7DA00002 -keyid 0xEF001238 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentEcc -authid 0x7DA00012 -keyid 0xEF001248 -cnt 100 -port 127.0.0.1:8040