Skip to content

fix(api): stse_data_storage_change_read_access_condition fails due to…#62

Closed
Grolleau-Benjamin wants to merge 7 commits intoSTMicroelectronics:mainfrom
Grolleau-Benjamin:fix-61
Closed

fix(api): stse_data_storage_change_read_access_condition fails due to…#62
Grolleau-Benjamin wants to merge 7 commits intoSTMicroelectronics:mainfrom
Grolleau-Benjamin:fix-61

Conversation

@Grolleau-Benjamin
Copy link
Contributor

@Grolleau-Benjamin Grolleau-Benjamin commented Feb 4, 2026

Description

There is a functional regression or logic error in the stse_data_storage_change_read_access_condition function. Currently, this function calls stsafea_read_data_zone with a read_length set to 0x00.

However, stsafea_read_data_zone includes a parameter validation check that returns STSE_SERVICE_INVALID_PARAMETER if the length is zero, making it impossible to update the access conditions via this API function.

The current way to update read access condition is :

stsafea_read_option_t read_option = {0};
read_option.new_read_ac = STSE_AC_HOST;
read_option.new_read_ac_change_right = STSE_ACCR_ENABLE;
read_option.change_ac_indicator = STSE_AC_CHANGE;

PLAT_UI8 dummyBuffer[1] = {0};
ret = stsafea_read_data_zone(&stse_handler, zone_id, read_option, 0, dummyBuffer,
			     sizeof(dummyBuffer), STSE_NO_PROT);

After changes

This function now works correctly.

ret = stse_data_storage_change_read_access_condition(&stse_handler,
							   2,            // zone
							   STSE_AC_HOST, // new access condition
							   STSE_ACCR_ENABLE, // change right
							   STSE_NO_PROT      // protection
);
if (ret != STSE_OK) {
  printk("Failed to update READ AC to HOST: %d\n", ret);
  return -1;
}

Thanks @nils-cercariolo-st for advices. This PR closes #61

@Grolleau-Benjamin Grolleau-Benjamin mentioned this pull request Feb 4, 2026
Closed
@TofMassilia13320
Copy link
Contributor

TofMassilia13320 commented Feb 11, 2026
edited
Loading

@Grolleau-Benjamin,
Due to your branch out-of-date with the base branch, could you rebase and merge your branch and re-push?
NB: Auth AC is deprecated, only Auth + Host is authorized

TofMassilia13320 and others added 7 commits February 12, 2026 09:29
@TofMassilia13320 @Grolleau-Benjamin
[certificate] Update some prints for Linux miss alignment
c3740f4 
Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@dgarske @Grolleau-Benjamin
[platform/wolfssl] add wolfCrypt crypto platform support
40828ab 
Add platform abstraction layer implementation using wolfSSL/wolfCrypt
for cryptographic operations including:
- AES-ECB, AES-CBC, AES-CMAC encryption/decryption
- SHA-256/SHA-384 hash computation
- ECC key generation, signing, verification (NIST P-256/P-384, Brainpool)
- ECDH key exchange (including Curve25519)
- HMAC-SHA256 HKDF extract/expand (RFC 5869)
- NIST SP 800-38F AES Key Wrap

This enables STSELib integration on platforms using wolfSSL as the
cryptographic provider, providing an alternative to STM32 CMOX.

New files:
- examples/wolfssl/stse_platform_crypto_wolfssl.c: Complete implementation
- examples/wolfssl/user_settings.h: Sample wolfSSL configuration
- examples/wolfssl/README.md: Usage instructions
- doc/.../stse_platform_wolfssl.c.md: Porting guide documentation

Tested on STSAFE-A120 hardware with Raspberry Pi 5.

Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@Grolleau-Benjamin
fix(api): stse_data_storage_change_read_access_condition fails due to…
73bcd6c 
… zero-length read validation

Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@Grolleau-Benjamin
docs(api): document non-reversible Read/Update AC downgrades
552f362 
Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@TofMassilia13320 @Grolleau-Benjamin
[certificate] Update some prints for Linux miss alignment
7b2cf71 
Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@dgarske @Grolleau-Benjamin
[platform/wolfssl] add wolfCrypt crypto platform support
d885acb 
Add platform abstraction layer implementation using wolfSSL/wolfCrypt
for cryptographic operations including:
- AES-ECB, AES-CBC, AES-CMAC encryption/decryption
- SHA-256/SHA-384 hash computation
- ECC key generation, signing, verification (NIST P-256/P-384, Brainpool)
- ECDH key exchange (including Curve25519)
- HMAC-SHA256 HKDF extract/expand (RFC 5869)
- NIST SP 800-38F AES Key Wrap

This enables STSELib integration on platforms using wolfSSL as the
cryptographic provider, providing an alternative to STM32 CMOX.

New files:
- examples/wolfssl/stse_platform_crypto_wolfssl.c: Complete implementation
- examples/wolfssl/user_settings.h: Sample wolfSSL configuration
- examples/wolfssl/README.md: Usage instructions
- doc/.../stse_platform_wolfssl.c.md: Porting guide documentation

Tested on STSAFE-A120 hardware with Raspberry Pi 5.

Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@nils-cercariolo-st @Grolleau-Benjamin
[api/services] describe monotic policyon READ/UPDATE AC
207a825 
Signed-off-by: Benjamin Grolleau <benjamin.grolleau@outlook.com>
@Grolleau-Benjamin
Copy link
Contributor Author

Grolleau-Benjamin commented Feb 12, 2026

@TofMassilia13320
Just did my rebase, is it good for you now?

@TofMassilia13320
Copy link
Contributor

TofMassilia13320 commented Feb 12, 2026
edited
Loading

I don't know what's happening during your rebase; some commits are duplicated.
Anyway, I cherry pick your job into this commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: stse_data_storage_change_read_access_condition fails due to zero-length read validation

4 participants

@Grolleau-Benjamin @TofMassilia13320 @dgarske @nils-cercariolo-st