5.7.28. Delete and Test Provision

‘Delete and Test Provision’ is a utility that deletes a subset of the crypto objects stored on the secure element. Next it provisions different types of key objects (as documented in the table below). These key objects enable various use cases with the secure element. As an example: the authentication objects for session based authentication (UserID/AESkey/ECKey) are provisioned through this utility.

To enable concurrent (up to the maximum of two) authenticated user sessions, two authentication objects of each type (UserID/AESkey/ECKey) are provisioned.

Note

Authentication objects - of the same object type - are provisioned on Ids with an offset of +0x10.

Warning

This utility provisions the same value for both authentication object type instances. In a product deployment different values must be used, do not re-use any of the values provisioned by this test utility in a product deployment.

5.7.28.1. Object IDs provisioned

Object ID

Object Type

Usage

0x7DA00001

User ID

Allows the user to Open User ID Auth Session to SE.

0x7DA00002

Symm Key

Allows the user to Open AES Key Auth Session to SE.

0x7DA00003

EC Key

Allows the user to Open EC Key Auth Session to SE.

0x7DA00011

User ID

Allows the user to Open additional User ID Auth Session to SE.

0x7DA00012

Symm Key

Allows the user to Open additional AES Key Auth Session to SE.

0x7DA00013

EC Key

Allows the user to Open additional EC Key Auth Session to SE.

0x7FFF0200

Symm Key

Allows the user to switch transport LockState of the SE.

0x7FFF0201

EC Key

Provisions ECKA pair at SE for EC key Session Authentication.

0x7FFF0202

EC Key

Provisions ECKA pair at SE for EC key Session Authentication.

0x7FFF0203

EC Key

Provisions ECKA pair at SE for EC key Session Authentication.

0x7FFF0204

EC Key

Used for applet personalization.

0x7FFF0205

User ID

Allows the user to delete all objects. Except those provisioned by NXP.

0x7FFF0206

Binary

Holds the device unique ID.

0x7FFF0207

User ID

Allows the user to make platform SCP mandatory or not.

Warning

Some of the object Ids here are provisioned with same values. This is for test, example and demo purpose only.

5.7.28.2. Authentication Keys

Warning

These values are just for demonstration. The user MUST modify these values in the secure element and the application for real world use cases.

User ID

#define EX_SSS_AUTH_SE05X_UserID_AUTH_ID kEX_SSS_ObjID_UserID_Auth

#define EX_SSS_AUTH_SE05X_UserID_VALUE  \
    {                                    \
        0xC0, 0x01, 0x02, 0x03, 0x04     \
    } /* COOL 234*/

#define EX_SSS_AUTH_SE05X_UserID_VALUE2      \
    {                                        \
        0xC0, 0x01, 0x02, 0x03, 0x04, 0x05   \
    } /* COOL 2345*/

Applet SCP

#define EX_SSS_AUTH_SE05X_APPLETSCP_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth

#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE                                 \
    {                                                                     \
        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, \
        0x4B, 0x4C, 0x4D, 0x4E, 0x4F                                      \
    }

#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE2                                \
    {   0xea, 0x62, 0x04, 0x48, 0x0b, 0xf5, 0x19, 0xf6, 0xc2, 0xb7, 0x7f, \
        0xba, 0x8b, 0x2d, 0x57, 0x30                                      \
    }

EC Key

#define EX_SSS_AUTH_SE05X_ECKEY_ECDSA_AUTH_ID kEX_SSS_objID_ECKEY_Auth

#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY                              \
    {                                                                     \
        0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13,                   \
        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,                   \
        0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,                   \
        0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02,                   \
        0x01, 0x01, 0x04, 0x20,                                           \
        0x6D, 0x2F, 0x43, 0x2F, 0x8A, 0x2F, 0x45, 0xEC,                   \
        0xD5, 0x82, 0x84, 0x7E, 0xC0, 0x83, 0xBB, 0xEB,                   \
        0xC2, 0x3F, 0x1D, 0xF4, 0xF0, 0xDD, 0x2A, 0x6F,                   \
        0xB8, 0x1A, 0x24, 0xE7, 0xB6, 0xD5, 0x4C, 0x7F,                   \
        0xA1, 0x44, 0x03, 0x42, 0x00,                                     \
        0x04, 0x3C, 0x9E, 0x47, 0xED, 0xF0, 0x51, 0xA3,                   \
        0x58, 0x9F, 0x67, 0x30, 0x2D, 0x22, 0x56, 0x7C,                   \
        0x2E, 0x17, 0x22, 0x9E, 0x88, 0x83, 0x33, 0x8E,                   \
        0xC3, 0xB7, 0xD5, 0x27, 0xF9, 0xEE, 0x71, 0xD0,                   \
        0xA8, 0x1A, 0xAE, 0x7F, 0xE2, 0x1C, 0xAA, 0x66,                   \
        0x77, 0x78, 0x3A, 0xA8, 0x8D, 0xA6, 0xD6, 0xA8,                   \
        0xAD, 0x5E, 0xC5, 0x3B, 0x10, 0xBC, 0x0B, 0x11,                   \
        0x09, 0x44, 0x82, 0xF0, 0x4D, 0x24, 0xB5, 0xBE,                   \
        0xC4                                                              \
    }

#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY2                             \
    {                                                                     \
        0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13,                   \
        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,                   \
        0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,                   \
        0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02,                   \
        0x01, 0x01, 0x04, 0x20,                                           \
        0x12, 0xe2, 0xd3, 0xc7, 0x31, 0xa6, 0x7c, 0x32,                   \
        0xfb, 0xd7, 0x2f, 0xa9, 0xc4, 0xbb, 0xc2, 0xd0,                   \
        0x64, 0xad, 0x50, 0x99, 0xd3, 0x3d, 0x01, 0x4b,                   \
        0x4f, 0x36, 0x90, 0x9c, 0xba, 0xab, 0xbb, 0xda,                   \
        0xA1, 0x44, 0x03, 0x42, 0x00,                                     \
        0x04, 0x0d, 0x0e, 0x03, 0xdd, 0x40, 0x1e, 0x77,                   \
        0xff, 0xab, 0xa8, 0xb5, 0x79, 0xdb, 0x8a, 0xf4,                   \
        0x09, 0x7b, 0x59, 0x4e, 0xe8, 0xa0, 0xb8, 0x1c,                   \
        0xeb, 0xa8, 0x53, 0x96, 0xc6, 0x13, 0x96, 0x56,                   \
        0x13, 0x5e, 0x68, 0x75, 0xb9, 0xe9, 0x79, 0x29,                   \
        0x28, 0x8c, 0x7d, 0xa1, 0xf2, 0x78, 0x7b, 0x66,                   \
        0x86, 0xcc, 0x9e, 0x6b, 0xf6, 0x03, 0xc2, 0xfe,                   \
        0x59, 0x1b, 0xab, 0x4a, 0x40, 0x24, 0x70, 0xe4,                   \
        0x8b                                                              \
    }

5.7.28.3. Building the Demo

  • Build Plug & Trust middleware stack. (Refer Building / Compiling)

  • SE05X_Auth=None

  • Project: se05x_Delete_and_test_provision