5.7.27. Symmetric Multi Step Concurrent Example¶
This project demonstrates Symmetric Multi step operations.
using SSS APIs. On a multiprocess OS it can be run as multiple instances.
Before running an instance ensure the secure element.is properly provisioned.
The block cipher mode to apply (ECB or CBC) can be chosen by the user.
The utility Delete and Test Provision can be used to provision the authentication
objects used by this example. Invoke se05x_Delete_and_test_provision
once during
the preparation of the demo.
The authentication objects are required for user sessions of
type UserID/AESKey/ECKey.
5.7.27.1. Building the Demo¶
Build Plug & Trust middleware stack. (Refer Building / Compiling)
When used in combination with Access Manager compile for SMCOM = JRCPv1
5.7.27.2. Restrictions¶
Each user session needs to have a different authentication object
The same block cipher mode cannot be used for two concurrent client processes. If one process uses ECB the other must use CBC. This is a restriction from the SSS layer.
5.7.27.3. Running the Example in combination with the Access Manager¶
For additional information on the AccessManager refer to Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet.
5.7.27.4. Usage¶
The client process opens an authenticated user session (None/UserID/AESkey/ECkey) configured at build time. The user session must be without platform SCP03. Platform SCP03 is handled by the Access Manager.
The client process connects to the AccessManager over JRCPv1.
Two concurrent client processes (establishing a user session) can connect to the AccessManager.
This program takes 5 command line arguments:
authid: Authentication object id with which the session can be opened. It can be of type UserID/AESkey/ECkey (or authentication type ‘None’). In case the user session authentication is of type ‘None’ pass ‘0’ as argument
keyid: The id at which the symmetric key has to be stored, use a unique value per process.
algo: Block cipher mode, use 1 for ECB and 2. for CBC
count (optional argument): Number of times the crypto operation will be repeated.
port: Connection port to AccessManager. e.g. 127.0.0.1:8040
An example invocation of the program is:
./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040
5.7.27.5. Concurrent Usage¶
The following command invocations illustrate how two processes connect to the AccessManger using different Authentication Id’s and (functional) key Id’s.
The following Authentication Id’s are provisioned in SE using the “delete & provision” utility
AuthId |
1 |
2 |
---|---|---|
UserID |
0x7DA00001 |
0x7DA00011 |
AESkey |
0x7DA00002 |
0x7DA00012 |
ECKey |
0x7DA00003 |
0x7DA00013 |
KeyId can be anything above 0xEF000000, choose a different value for each client process.
ECB Enc/Dec CBC Enc/Dec Auth=ID Auth=AES
./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040
./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002235 -algo 2 -cnt 100 -port 127.0.0.1:8040
ECB Enc/Dec CBC Enc/Dec Auth=ID_1 Auth=ID_2
./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002236 -algo 1 -cnt 100 -port 127.0.0.1:8040
./se05x_ConcurrentSymm -authid 0x7DA00011 -keyid 0xEF002237 -algo 2 -cnt 100 -port 127.0.0.1:8040
ECB Enc/Dec; CBC Enc/Dec Auth=EC Auth=AES
./se05x_ConcurrentSymm -authid 0x7DA00003 -keyid 0xEF002238 -algo 1 -cnt 100 -port 127.0.0.1:8040
./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002239 -algo 2 -cnt 100 -port 127.0.0.1:8040