Trouble Shooting & Sample Application
Trouble Shooting
| Problem seen | Cause | Action to take |
| Running hterm returns
i2c IO/1 set low failed
|
Interface chip has stopped responding | Unplug Trust Hub and plug it back in. |
Sample Application
A simple, example PKI application that will run on Trust Hub can be found in the workspace. It makes use of the template structure.
It demonstrates the use of the PIN management primitives, generation of RSA key pairs, RSA raw signatures and in-chip debugging.
Run the “debug with hsim” debug configuration to step through the code.
To load to a Trust Hub dongle (enabled with the Developer Community issuer-id)
- Load the application using load_chip.bat with the COM port number as a parameter e.g.
- load_chip.bat 5
- Select the application and run it, entering the APDU commands from debug_hsim.txt at the command line
- hterm -serial COM5:i2c -selectaid F00000FF -interact
Debugging in-chip can be tried by using either of the in-chip debug configurations.
Supported APDU Commands
Notes:
- The P1 and P2 APDU bytes are not used by any of the commands in this application.
- The class byte (CLA) must be one of the following:
a. 0xBB: Supported for the delete app command CLA=0xBB, INS=0x00
b. 0x80: An application command
c. 0x81: Debug application command in chip: Note that the debug in-chip feature should be removed before deployment of the completed application. - The following status words may be returned when executing any command:
a. 6700: The value of Lc and/or Le is/are not as defined by the command.
b. 6900: The initial PIN value must be set before the application can be used again.
c. 6982: Permission denied: the PIN must be verified.
d. 6983: The key storage has been corrupted: the application can no longer be used.
e. 6A80: The command data (Lc, Le, Data) is not consistent with the requirements for the command.
f. 6D00: INS not supported
g. 6E00: CLA not supported.
h. 9000: Success
i. 9Fxx: MULTOS abended, reason code xx
| INS | Lc | Data | Le | Description | Possible error status words |
| 0x10 | 0x0B | PIN data (8)
PIN length (1) PIN Try Counter (1) PIN Try Limit (1) |
n/a | Initialise PIN.
The value is given in “data” with the given length. This application uses a fixed PIN length of 5 bytes. The PIN can be changed by subsequent calls. Following this command completing successfully the PIN must be verified for future commands. |
6A00: PIN length doesn’t equal 5 bytes.
6F00: An unknown error occurred initialising the PIN. |
| 0x11 | 0x05 | PIN data | n/a | Verify PIN.
Attempt to verify the PIN with the given data. The PIN remains verified until the device is reset or the app is deselected. |
6A81: The PIN is blocked because there have been too many incorrect attempts.
6A82: PIN verification is not required yet. 6982: PIN verification failed. |
| 0x20 | n/a | n/a | 0x00 | Generate RSA Key Pair.
Generates a 2048 bit RSA key pair with an exponent of 0x03. The public modulus is returned by the command, the private key remains in the internal key storage. Following this command completing successfully the PIN must be verified for future commands. |
6F00: An unknown error occurred during key generation. |
| 0x21 | 0x000100 | Data to sign (256 bytes). Must be formatted according to the signature scheme being used. | 0x0000 | Generate RSA Signature.
Performs a modular exponentiation CRT with the private key over the given data and returns the result. |
6985: The RSA key pair has not been generated yet. |
