11.12.3.4.137. Function Se05x_API_WriteSymmKey

11.12.3.4.137.1. Function Documentation

smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, pSe05xPolicy_t policy, SE05x_MaxAttemps_t maxAttempt, uint32_t objectID, SE05x_KeyID_t kekID, const uint8_t *keyValue, size_t keyValueLen, const SE05x_INS_t ins_type, const SE05x_SymmKeyType_t type)

Se05x_API_WriteSymmKey

Creates or writes an AES key, DES key or HMAC key, indicated by P1:

  • P1_AES

  • P1_DES

  • P1_HMAC

Users can pass RFC3394 wrapped keys by indicating the KEK in TLV[TAG_2]. Note that RFC3394 required 8-byte aligned input, so this can only be used when the key has an 8-byte aligned length.

Command to Applet

Field

Value

Description

P1

See above

See SE05x_P1_t

P2

P2_DEFAULT

See SE05x_P2_t

Payload

TLV[TAG_POLICY]

Byte array containing the object policy. [Optional: default policy applies] [Conditional: only when the object identifier is not in use yet]

TLV[TAG_MAX_ATTEMPTS]

2-byte maximum number of attempts. If 0 is given, this means unlimited. [Optional: default unlimited] [Conditional: only when the object identifier is not in use yet and INS includes INS_AUTH_OBJECT; see AuthenticationObjectPolicies]

TLV[TAG_1]

4-byte object identifier

TLV[TAG_2]

4-byte KEK identifier [Conditional: only when the key value is RFC3394 wrapped]

TLV[TAG_3]

Key value, either plain or RFC3394 wrapped.

TLV[TAG_4]

Tag length for GCM/GMAC. Will only be used if the object is an AESKey. [Optional]

TLV[TAG_11]

4-byte version [Optional]

Return

The sm status.

Parameters
  • [in] session_ctx: The session context

  • [in] policy: The policy

  • [in] maxAttempt: The maximum attempt

  • [in] objectID: The object id

  • [in] kekID: The kek id

  • [in] keyValue: The key value

  • [in] keyValueLen: The key value length

  • [in] ins_type: The insert type

  • [in] type: The type