2.8. Release v04.00.00

2.8.1. File/Folder relocation

2.8.2. Build system changes

  • Support for new applet version 7.x

2.8.3. APIs & enum/types Changes

  • Policy changes for 7.x applet (Also refer - Policies)
    • Below policies removed from sss_policy_sym_key_u for applet version 7.x.
      • Allow key derivation policy (can_KD)

      • Allow to write the object policy (can_Write)

      • Allow to (re)generate policy (can_Gen)

    • Below policies are added for sss_policy_sym_key_u for applet version 7.x.
      • Allow TLS PRF key derivation (can_TLS_KDF)

      • Allow TLS PMS key derivation (can_TLS_PMS_KD)

      • Allow HKDF (can_HKDF)

      • Allow PBKDF (can_PBKDF)

      • Allow Desfire key derivation (can_Desfire_KD)

      • Forbid External iv (forbid_external_iv)

      • Allow usage as hmac pepper (can_usage_hmac_pepper)

    • Below policies removed from sss_policy_asym_key_u for applet version 7.x.
      • Allow to read the object policy (can_Read)

      • Allow to write the object policy (can_Write)

      • Allow key derivation policy (can_KD)

      • Allow key wrapping policy (can_Wrap)

    • Below policies are added for sss_policy_common_u for applet version 7.x.
      • Allow to read the object policy (can_Read)

      • Allow to write the object policy (can_Write)

    • Added new policy - ALLOW_DESFIRE_CHANGEKEY, sss_policy_desfire_changekey_authId_value_u

    • Added new policy - ALLOW_DERIVED_INPUT, sss_policy_key_drv_master_keyid_value_u

    • can_Read and can_Write polices are moved from symmetric and asymmetric object policy to common policy in applet 7.x. PLEASE UPDATE THE APPLICATIONS ACCORDINGLY.

  • New attestation scheme for applet 7.x
  • New API added for PBKDF2 support: Se05x_API_PBKDF2_extended(). Supports optional salt object id and optional derived object id.

  • New mode kMode_SSS_Mac_Validate added to support MAC validation feature in sss_mac_one_go() and sss_mac_* multistep APIs.

  • New API added for ECDH calulation with option to select ECDH algorithm: Se05x_API_ECDHGenerateSharedSecret_InObject_extended(). ECDH algorithms supported - EC_SVDP_DH and EC_SVDP_DH_PLAIN.

  • New API added sss_cipher_one_go_v2() with different parameters for source and destination lengths to support ISO/IEC 9797-M2 padding.

  • Internal IV generation supported added for AES CTR, AES CCM, AES GCM modes: kAlgorithm_SSS_AES_GCM_INT_IV, kAlgorithm_SSS_AES_CTR_INT_IV, kAlgorithm_SSS_AES_CCM_INT_IV.

  • New MAC algorithm - kAlgorithm_SSS_DES_CMAC8 supported.

  • New api Se05x_API_ECPointMultiply_InputObj() added.

  • New api Se05x_API_WriteSymmKey_Ver_extended() added to set key with minimun tag length for AEAD operations

  • Removed all deprecated defines starting with With and replaced with SSS_HAVE_

2.8.4. Functional Changes

2.8.5. New platform support

2.8.6. New feature support

2.8.7. SEMSLite

2.8.8. SSSCLI Changes

  • Python version 3.9 supported

  • Applet 7.x version policies updated

2.8.9. Documentation Changes

2.8.10. Examples / DEMO updates

2.8.11. Communication Layer Changes

2.8.12. EdgeLock 2GO agent

2.8.13. User Interface Changes

2.8.14. External modules Changes

  • MCU-SDK updated to SDK version 2.10.0

  • mbedTLS updated to version 2.26.0

  • Amazon-FreeRTOS updated to version 202012.00

  • Openssl windows precompiled binaries updated to 1.1.1l

2.8.15. Other Miscellaneous Changes

  • sss_se05x_cipher_update() and sss_se05x_aead_update() APIs modified to use input buffer directly.

  • Bugfix: Write of large binary files with policy fails on applet 3.x.