5.7.27. Symmetric Multi Step Concurrent Example

This project demonstrates Symmetric Multi step operations. using SSS APIs. On a multiprocess OS it can be run as multiple instances. Before running an instance ensure the secure element.is properly provisioned. The block cipher mode to apply (ECB or CBC) can be chosen by the user. The utility Delete and Test Provision can be used to provision the authentication objects used by this example. Invoke se05x_Delete_and_test_provision once during the preparation of the demo. The authentication objects are required for user sessions of type UserID/AESKey/ECKey.

5.7.27.1. Building the Demo

  • Build Plug & Trust middleware stack. (Refer Building / Compiling)

  • When used in combination with Access Manager compile for SMCOM = JRCPv1

5.7.27.2. Restrictions

  • Each user session needs to have a different authentication object

  • The same block cipher mode cannot be used for two concurrent client processes. If one process uses ECB the other must use CBC. This is a restriction from the SSS layer.

5.7.27.3. Running the Example in combination with the Access Manager

For additional information on the AccessManager refer to Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet.

5.7.27.4. Usage

The client process opens an authenticated user session (None/UserID/AESkey/ECkey) configured at build time. The user session must be without platform SCP03. Platform SCP03 is handled by the Access Manager.

The client process connects to the AccessManager over JRCPv1.

Two concurrent client processes (establishing a user session) can connect to the AccessManager.

This program takes 5 command line arguments:

  • authid: Authentication object id with which the session can be opened. It can be of type UserID/AESkey/ECkey (or authentication type ‘None’). In case the user session authentication is of type ‘None’ pass ‘0’ as argument

  • keyid: The id at which the symmetric key has to be stored, use a unique value per process.

  • algo: Block cipher mode, use 1 for ECB and 2. for CBC

  • count (optional argument): Number of times the crypto operation will be repeated.

  • port: Connection port to AccessManager. e.g. 127.0.0.1:8040

An example invocation of the program is:

./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040

5.7.27.5. Concurrent Usage

The following command invocations illustrate how two processes connect to the AccessManger using different Authentication Id’s and (functional) key Id’s.

The following Authentication Id’s are provisioned in SE using the “delete & provision” utility

AuthId

1

2

UserID

0x7DA00001

0x7DA00011

AESkey

0x7DA00002

0x7DA00012

ECKey

0x7DA00003

0x7DA00013

KeyId can be anything above 0xEF000000, choose a different value for each client process.

  • ECB Enc/Dec CBC Enc/Dec Auth=ID Auth=AES

    • ./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002234 -algo 1 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002235 -algo 2 -cnt 100 -port 127.0.0.1:8040

  • ECB Enc/Dec CBC Enc/Dec Auth=ID_1 Auth=ID_2

    • ./se05x_ConcurrentSymm -authid 0x7DA00001 -keyid 0xEF002236 -algo 1 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentSymm -authid 0x7DA00011 -keyid 0xEF002237 -algo 2 -cnt 100 -port 127.0.0.1:8040

  • ECB Enc/Dec; CBC Enc/Dec Auth=EC Auth=AES

    • ./se05x_ConcurrentSymm -authid 0x7DA00003 -keyid 0xEF002238 -algo 1 -cnt 100 -port 127.0.0.1:8040

    • ./se05x_ConcurrentSymm -authid 0x7DA00002 -keyid 0xEF002239 -algo 2 -cnt 100 -port 127.0.0.1:8040