2.6. Release v04.00.00
¶
2.6.1. File/Folder relocation¶
2.6.2. Build system changes¶
Support for new applet version 7.x
2.6.3. APIs & enum/types Changes¶
- Policy changes for 7.x applet (Also refer - Policies)
- Below policies removed from
sss_policy_sym_key_u
for applet version 7.x. Allow key derivation policy (
can_KD
)Allow to write the object policy (
can_Write
)Allow to (re)generate policy (
can_Gen
)
- Below policies removed from
- Below policies are added for
sss_policy_sym_key_u
for applet version 7.x. Allow TLS PRF key derivation (
can_TLS_KDF
)Allow TLS PMS key derivation (
can_TLS_PMS_KD
)Allow HKDF (
can_HKDF
)Allow PBKDF (
can_PBKDF
)Allow Desfire key derivation (
can_Desfire_KD
)Forbid External iv (
forbid_external_iv
)Allow usage as hmac pepper (
can_usage_hmac_pepper
)
- Below policies are added for
- Below policies removed from
sss_policy_asym_key_u
for applet version 7.x. Allow to read the object policy (
can_Read
)Allow to write the object policy (
can_Write
)Allow key derivation policy (
can_KD
)Allow key wrapping policy (
can_Wrap
)
- Below policies removed from
- Below policies are added for
sss_policy_common_u
for applet version 7.x. Allow to read the object policy (
can_Read
)Allow to write the object policy (
can_Write
)
- Below policies are added for
Added new policy -
ALLOW_DESFIRE_CHANGEKEY
,sss_policy_desfire_changekey_authId_value_u
Added new policy -
ALLOW_DERIVED_INPUT
,sss_policy_key_drv_master_keyid_value_u
can_Read and can_Write polices are moved from symmetric and asymmetric object policy to common policy in applet 7.x. PLEASE UPDATE THE APPLICATIONS ACCORDINGLY.
- New attestation scheme for applet 7.x
Updated API
Se05x_API_TriggerSelfTest_W_Attst()
for applet version 7.x.Updated API
Se05x_i2c_master_attst_txn()
for applet version 7.x.Updated API
sss_se05x_key_store_get_key_attst()
for applet version 7.x.
New API added for PBKDF2 support:
Se05x_API_PBKDF2_extended()
. Supports optional salt object id and optional derived object id.New mode
kMode_SSS_Mac_Validate
added to support MAC validation feature insss_mac_one_go()
andsss_mac_*
multistep APIs.New API added for ECDH calulation with option to select ECDH algorithm:
Se05x_API_ECDHGenerateSharedSecret_InObject_extended()
. ECDH algorithms supported -EC_SVDP_DH
andEC_SVDP_DH_PLAIN
.New API added
sss_cipher_one_go_v2()
with different parameters for source and destination lengths to support ISO/IEC 9797-M2 padding.Internal IV generation supported added for AES CTR, AES CCM, AES GCM modes:
kAlgorithm_SSS_AES_GCM_INT_IV
,kAlgorithm_SSS_AES_CTR_INT_IV
,kAlgorithm_SSS_AES_CCM_INT_IV
.New MAC algorithm -
kAlgorithm_SSS_DES_CMAC8
supported.New api
Se05x_API_ECPointMultiply_InputObj()
added.New api
Se05x_API_WriteSymmKey_Ver_extended()
added to set key with minimun tag length for AEAD operationsRemoved all deprecated defines starting with
With
and replaced withSSS_HAVE_
2.6.4. Functional Changes¶
ECKey authentication is updated to read SE.ECKA public key with attestation using
Se05x_API_ReadObject_W_Attst_V2()
orSe05x_API_ReadObject_W_Attst()
(based on applet version) instead of GetData APDU. To authenicate the public key read with attestation, signature verification is performed on the data received from SE. See details ofSe05x_API_ReadObject_W_Attst_V2()
/Se05x_API_ReadObject_W_Attst()
.
2.6.5. New platform support¶
Section 11.5.7 MIMXRT1170 platform support added.
2.6.6. New feature support¶
2.6.7. SEMSLite¶
2.6.8. SSSCLI Changes¶
Python version 3.9 supported
Applet 7.x version policies updated
2.6.9. Documentation Changes¶
2.6.10. Examples / DEMO updates¶
Attestation examples updated to handle new attestation scheme of applet 7.x. See: Section 5.2.1.9 ECC NIST256 Key Attestation Example,
Section 5.2.1.10 ECC MONTGOMERY-25519 Key Attestation Example,
Example added to demonstrate FIDO protocol. Section 5.7.31 FIDO ECDAA Example
Example added Section 5.7.30 SE05X Allow Without SCP example
2.6.11. Communication Layer Changes¶
2.6.12. EdgeLock 2GO agent¶
2.6.13. User Interface Changes¶
2.6.14. External modules Changes¶
MCU-SDK updated to SDK version 2.10.0
mbedTLS updated to version 2.26.0
Amazon-FreeRTOS updated to version 202012.00
Openssl windows precompiled binaries updated to 1.1.1l
2.6.15. Other Miscellaneous Changes¶
sss_se05x_cipher_update() and sss_se05x_aead_update() APIs modified to use input buffer directly.