Skip to content

Commit

Permalink
Feature/update nxp hsm pake integration (#21414)
Browse files Browse the repository at this point in the history 
* updated nxp hsm pake integration layer

* updated key policies

* Enabled ecc by default

* K32w build fix

* restyled

Co-authored-by: Jagadish-NXP <78203265+Jagadish-NXP@users.noreply.github.com>
Co-authored-by: Jagadish B E <jagadish.eswaraprasad@nxp.com>
  • Loading branch information
@sujaygkulkarni-nxp @Jagadish-NXP @pull
3 people authored and pull[bot] committed Jul 21, 2023
1 parent e13b640 commit bf9488a
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 108 deletions.
4 changes: 2 additions & 2 deletions src/crypto/hsm/CHIPCryptoPALHsm.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,12 +130,12 @@ class P256KeypairHSM : public P256Keypair

virtual CHIP_ERROR Deserialize(P256SerializedKeypair & input) override;

virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) override;
virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const override;

virtual CHIP_ERROR ECDH_derive_secret(const P256PublicKey & remote_public_key,
P256ECDHDerivedSecret & out_secret) const override;

CHIP_ERROR NewCertificateSigningRequest(uint8_t * csr, size_t & csr_length) override;
CHIP_ERROR NewCertificateSigningRequest(uint8_t * csr, size_t & csr_length) const override;

const P256PublicKeyHSM & Pubkey() const override { return mPublicKeyHSM; }

Expand Down
12 changes: 6 additions & 6 deletions src/crypto/hsm/CHIPCryptoPALHsm_config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,17 @@
/*
* Enable HSM for SPAKE VERIFIER
*/
#define ENABLE_HSM_SPAKE_VERIFIER 1
#define ENABLE_HSM_SPAKE_VERIFIER 0

/*
* Enable HSM for SPAKE PROVER
*/
#define ENABLE_HSM_SPAKE_PROVER 1
#define ENABLE_HSM_SPAKE_PROVER 0

/*
* Enable HSM for Generate EC Key
*/
#define ENABLE_HSM_GENERATE_EC_KEY 0
#define ENABLE_HSM_GENERATE_EC_KEY 1

/*
* Enable HSM for PBKDF SHA256
Expand All @@ -45,12 +45,12 @@
/*
* Enable HSM for HKDF SHA256
*/
#define ENABLE_HSM_HKDF_SHA256 1
#define ENABLE_HSM_HKDF_SHA256 0

/*
* Enable HSM for HMAC SHA256
*/
#define ENABLE_HSM_HMAC_SHA256 1
#define ENABLE_HSM_HMAC_SHA256 0

#if ((CHIP_CRYPTO_HSM) && ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER)))
#define ENABLE_HSM_SPAKE
Expand All @@ -59,7 +59,7 @@
#if ((CHIP_CRYPTO_HSM) && (ENABLE_HSM_GENERATE_EC_KEY))
#define ENABLE_HSM_EC_KEY
#define ENABLE_HSM_CASE_EPHEMERAL_KEY
#define ENABLE_HSM_CASE_OPS_KEY
//#define ENABLE_HSM_CASE_OPS_KEY
//#define ENABLE_HSM_ECDSA_VERIFY
#endif

Expand Down
117 changes: 19 additions & 98 deletions src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,6 @@

#if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))

const uint32_t m_id = 0x2345;
const uint32_t n_id = 0x2346;

#if ENABLE_HSM_SPAKE_VERIFIER
const uint32_t w0in_id_v = 0x2347;
const uint32_t Lin_id_v = 0x2348;
Expand Down Expand Up @@ -58,15 +55,14 @@ void Spake2p_Finish_HSM(hsm_pake_context_t * phsm_pake_context)

CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake_context_t * phsm_pake_context)
{
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
smStatus_t smstatus = SM_NOT_OK;
SE05x_CryptoModeSubType_t subtype;

#if ENABLE_REENTRANCY
SE05x_CryptoObjectID_t spakeObjectId = getObjID();
#else
SE05x_CryptoObjectID_t spakeObjectId =
(role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER) ? kSE05x_CryptoObject_SPAKE_VERIFIER : kSE05x_CryptoObject_SPAKE_PROVER;
(role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER) ? kSE05x_CryptoObject_PAKE_TYPE_B : kSE05x_CryptoObject_PAKE_TYPE_A;
uint8_t list[1024] = {
0,
};
Expand All @@ -87,26 +83,15 @@ CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake
}

se05x_sessionOpen();

se05x_delete_key(m_id);
error = se05x_set_key(m_id, chip::Crypto::spake2p_M_p256, sizeof(chip::Crypto::spake2p_M_p256), kSSS_KeyPart_Public,
kSSS_CipherType_EC_NIST_P);
ReturnErrorOnFailure(error);

se05x_delete_key(n_id);
error = se05x_set_key(n_id, chip::Crypto::spake2p_N_p256, sizeof(chip::Crypto::spake2p_N_p256), kSSS_KeyPart_Public,
kSSS_CipherType_EC_NIST_P);
ReturnErrorOnFailure(error);

VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);

subtype.spakeAlgo = kSE05x_SpakeAlgo_P256_SHA256_HKDF_HMAC;
subtype.pakeMode = kSE05x_SPAKE2PLUS_P256_SHA256_HKDF_HMAC;

#if ENABLE_REENTRANCY
VerifyOrReturnError(spake_objects_created < LIMIT_CRYPTO_OBJECTS, CHIP_ERROR_INTERNAL);

smstatus = Se05x_API_CreateCryptoObject(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
kSE05x_CryptoContext_SPAKE, subtype);
kSE05x_CryptoContext_PAKE, subtype);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);

/* Increment number of crypto objects created */
Expand All @@ -126,28 +111,17 @@ CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake
if (create_crypto_obj)
{
smstatus = Se05x_API_CreateCryptoObject(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
kSE05x_CryptoContext_SPAKE, subtype);
kSE05x_CryptoContext_PAKE, subtype);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);
}
#endif

smstatus = Se05x_API_PAKEInitProtocol(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId, m_id, n_id);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2p_ComputeRoundOne_HSM(hsm_pake_context_t * phsm_pake_context, chip::Crypto::CHIP_SPAKE2P_ROLE role,
const uint8_t * pab, size_t pab_len, uint8_t * out, size_t * out_len)
{
#if SSS_HAVE_SE05X_VER_GTE_16_03
#else
uint8_t * prand = NULL;
size_t prand_len = 0;
uint8_t tempBuf[32] = {
0,
};
#endif
SE05x_CryptoObjectID_t spakeObjectId = phsm_pake_context->spake_objId;

ChipLogProgress(Crypto, "Using HSM for spake2p ComputeRoundOne \n");
Expand All @@ -165,35 +139,8 @@ CHIP_ERROR Spake2p_ComputeRoundOne_HSM(hsm_pake_context_t * phsm_pake_context, c
VerifyOrReturnError(pab != NULL, CHIP_ERROR_INVALID_ARGUMENT);
}

#if SSS_HAVE_SE05X_VER_GTE_16_03
#else
/* Generate random numbers from SE */
sss_status_t status = kStatus_SSS_Success;
sss_rng_context_t rng_ctx;

status = sss_rng_context_init(&rng_ctx, &gex_sss_chip_ctx.session);
VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

status = sss_rng_get_random(&rng_ctx, tempBuf, sizeof(tempBuf));
VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

sss_rng_context_free(&rng_ctx);

prand = tempBuf;
prand_len = sizeof(tempBuf);

#endif

VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);

#if SSS_HAVE_SE05X_VER_GTE_16_03
const smStatus_t smstatus = Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
spakeObjectId, (uint8_t *) pab, pab_len, out, out_len);
#else
const smStatus_t smstatus =
Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId, (uint8_t *) pab,
pab_len, out, out_len, prand, prand_len);
#endif
smStatus_t smstatus = Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
(uint8_t *) pab, pab_len, out, out_len);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand Down Expand Up @@ -310,33 +257,20 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginVerifier(const uint8_t * my_id
ReturnErrorOnFailure(FEWrite(w0, w0in_mod, w0in_mod_len));
ReturnErrorOnFailure(create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER, &hsm_pake_context));

#if SSS_HAVE_SE05X_VER_GTE_16_02
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_B,
hsm_pake_context.spake_objId);
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
SE05x_SPAKE2PLUS_DEVICE_TYPE_B);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));

ReturnErrorOnFailure(se05x_set_key(w0in_id_v, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
ReturnErrorOnFailure(se05x_set_key(Lin_id_v, Lin, Lin_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));

smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
(uint8_t *) hsm_pake_context.spake_context, hsm_pake_context.spake_context_len,
(uint8_t *) peer_identity, peer_identity_len, (uint8_t *) my_identity, my_identity_len);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
#else
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_B,
hsm_pake_context.spake_objId, (uint8_t *) hsm_pake_context.spake_context,
hsm_pake_context.spake_context_len, (uint8_t *) peer_identity, peer_identity_len,
(uint8_t *) my_identity, my_identity_len);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
#endif

ReturnErrorOnFailure(se05x_set_key(w0in_id_v, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));
ReturnErrorOnFailure(se05x_set_key(Lin_id_v, Lin, Lin_len, kSSS_KeyPart_Public, kSSS_CipherType_EC_NIST_P));

#if SSS_HAVE_SE05X_VER_GTE_16_02
smstatus = Se05x_API_PAKEInitCredentials(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
hsm_pake_context.spake_objId, w0in_id_v, 0, Lin_id_v);
#else
smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
w0in_id_v, 0, Lin_id_v);
#endif
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));

state = CHIP_SPAKE2P_STATE::STARTED;
Expand Down Expand Up @@ -383,33 +317,20 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginProver(const uint8_t * my_iden
ReturnErrorOnFailure(FEWrite(w1, w1in_mod, w1in_mod_len));
ReturnErrorOnFailure(create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER, &hsm_pake_context));

#if SSS_HAVE_SE05X_VER_GTE_16_02
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_A,
hsm_pake_context.spake_objId);
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
SE05x_SPAKE2PLUS_DEVICE_TYPE_A);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));

ReturnErrorOnFailure(se05x_set_key(w0in_id_p, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
ReturnErrorOnFailure(se05x_set_key(w1in_id_p, w1in_mod, w1in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));

smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
(uint8_t *) hsm_pake_context.spake_context, hsm_pake_context.spake_context_len,
(uint8_t *) my_identity, my_identity_len, (uint8_t *) peer_identity, peer_identity_len);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
#else
smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_A,
hsm_pake_context.spake_objId, (uint8_t *) hsm_pake_context.spake_context,
hsm_pake_context.spake_context_len, (uint8_t *) peer_identity, peer_identity_len,
(uint8_t *) my_identity, my_identity_len);
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
#endif

ReturnErrorOnFailure(se05x_set_key(w0in_id_p, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));
ReturnErrorOnFailure(se05x_set_key(w1in_id_p, w1in_mod, w1in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));

#if SSS_HAVE_SE05X_VER_GTE_16_02
smstatus = Se05x_API_PAKEInitCredentials(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
hsm_pake_context.spake_objId, w0in_id_p, w1in_id_p, 0);
#else
smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
w0in_id_p, w1in_id_p, 0);
#endif
VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));

state = CHIP_SPAKE2P_STATE::STARTED;
Expand All @@ -431,7 +352,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundOne(const uint8_t * pab
#endif

#if ((CHIP_CRYPTO_HSM) && (!ENABLE_HSM_SPAKE_PROVER))
const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
#else
constexpr bool sw_rollback_prover = false;
#endif
Expand Down Expand Up @@ -462,7 +383,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundTwo(const uint8_t * in,
#endif

#if !ENABLE_HSM_SPAKE_PROVER
const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
#else
constexpr bool sw_rollback_prover = false;
#endif
Expand Down Expand Up @@ -497,7 +418,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::KeyConfirm(const uint8_t * in, size
#endif

#if !ENABLE_HSM_SPAKE_PROVER
const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
#else
constexpr bool sw_rollback_prover = false;
#endif
Expand Down
23 changes: 22 additions & 1 deletion src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
*/

#include "CHIPCryptoPALHsm_SE05X_utils.h"
#include "fsl_sss_policy.h"

ex_sss_boot_ctx_t gex_sss_chip_ctx;

Expand Down Expand Up @@ -157,6 +158,25 @@ CHIP_ERROR se05x_set_key(uint32_t keyid, const uint8_t * key, size_t keylen, sss
0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00 };
size_t bitlen = 0;

static sss_policy_u commonPol;
commonPol.type = KPolicy_Common;
commonPol.auth_obj_id = 0;
commonPol.policy.common.req_Sm = 0;
commonPol.policy.common.can_Delete = 1;
commonPol.policy.common.can_Read = 0;
commonPol.policy.common.can_Write = 1;

static sss_policy_u hmac_withPol;
hmac_withPol.type = KPolicy_Asym_Key;
hmac_withPol.auth_obj_id = 0;
hmac_withPol.policy.asymmkey.can_Write = 1;
hmac_withPol.policy.asymmkey.can_KA = 1;

sss_policy_t policy_for_hmac_key;
policy_for_hmac_key.nPolicies = 2;
policy_for_hmac_key.policies[0] = &hmac_withPol;
policy_for_hmac_key.policies[1] = &commonPol;

if (cipherType == kSSS_CipherType_EC_NIST_P)
{
VerifyOrReturnError(keylen < (sizeof(keyBuf) - sizeof(header1)), CHIP_ERROR_INTERNAL);
Expand Down Expand Up @@ -184,7 +204,8 @@ CHIP_ERROR se05x_set_key(uint32_t keyid, const uint8_t * key, size_t keylen, sss
status = sss_key_object_allocate_handle(&keyObject, keyid, keyPart, cipherType, keyBufLen, kKeyObject_Mode_Persistent);
VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, keyBuf, keyBufLen, bitlen, NULL, 0);
status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, keyBuf, keyBufLen, bitlen, &policy_for_hmac_key,
sizeof(policy_for_hmac_key));
VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

return CHIP_NO_ERROR;
Expand Down
2 changes: 1 addition & 1 deletion third_party/simw-top-mini/repo
Submodule repo updated 64 files
+18 −0 ChangeLog.md
+1 −3 README.rst
+1 −1 SCR.txt
+61 −110 fsl_sss_ftr.h
+0 −16 hostlib/hostLib/inc/Applet_SE050_Ver.h
+6 −6 hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h
+8 −8 hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h
+4 −0 hostlib/hostLib/inc/se05x_const.h
+60 −49 hostlib/hostLib/inc/se05x_enums.h
+14 −5 hostlib/hostLib/inc/se05x_tlv.h
+8 −4 hostlib/hostLib/inc/sm_const.h
+11 −8 hostlib/hostLib/libCommon/infra/sm_connect.c
+1 −1 hostlib/hostLib/libCommon/infra/sm_printf.c
+7 −7 hostlib/hostLib/libCommon/log/nxLog.c
+19 −3 hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c
+1 −1 hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h
+7 −2 hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c
+5 −5 hostlib/hostLib/libCommon/smCom/smCom.c
+11 −3 hostlib/hostLib/platform/linux/i2c_a7.c
+1 −0 hostlib/hostLib/se05x/src/se05x_mw.c
+7 −4 hostlib/hostLib/se05x/src/se05x_tlv.c
+20 −12 hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h
+139 −130 hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h
+9 −9 hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c
+5 −3 hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h
+14 −7 hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h
+371 −371 hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h
+148 −0 hostlib/hostLib/se05x_03_xx_xx/se05x_pake_APDU_apis.h
+223 −273 hostlib/hostLib/se05x_03_xx_xx/se05x_pake_APDU_impl.h
+0 −163 hostlib/hostLib/se05x_03_xx_xx/se05x_spake_APDU_apis.h
+6 −5 mbedtls_cli_srv/CMakeLists.txt
+2 −4 sss/ex/ecc/ex_sss_ecc.c
+8 −20 sss/ex/inc/ex_sss_auth.h
+6 −1 sss/ex/inc/ex_sss_ports.h
+216 −139 sss/ex/inc/ex_sss_tp_scp03_keys.h
+1 −67 sss/ex/mbedtls/ex_sss_ssl2.c
+2 −2 sss/ex/src/ex_sss_boot.c
+6 −5 sss/ex/src/ex_sss_boot_connectstring.c
+1 −1 sss/ex/src/ex_sss_boot_int.h
+10 −0 sss/ex/src/ex_sss_scp03_auth.c
+3 −0 sss/ex/src/ex_sss_se05x.c
+49 −7 sss/inc/fsl_sss_api.h
+6 −8 sss/inc/fsl_sss_api_ver.h
+58 −20 sss/inc/fsl_sss_ftr_default.h
+11 −6 sss/inc/fsl_sss_policy.h
+29 −2 sss/inc/fsl_sss_se05x_types.h
+2 −0 sss/inc/fsl_sss_user_types.h
+6 −0 sss/inc/fsl_sss_util_rsa_sign_utils.h
+3 −2 sss/plugin/mbedtls/ecdh_alt_ax.c
+53 −0 sss/plugin/mbedtls/port/ksdk/ecp_alt.c
+25 −0 sss/port/default/fsl_sss_types.h
+80 −0 sss/src/fsl_sss_apis.c
+22 −5 sss/src/fsl_sss_util_asn1_der.c
+9 −3 sss/src/fsl_sss_util_rsa_sign_utils.c
+4 −0 sss/src/keystore/keystore_cmn.c
+4 −2 sss/src/keystore/keystore_openssl.c
+4 −2 sss/src/keystore/keystore_pc.c
+77 −22 sss/src/mbedtls/fsl_sss_mbedtls_apis.c
+122 −42 sss/src/openssl/fsl_sss_openssl_apis.c
+141 −35 sss/src/se05x/fsl_sss_se05x_apis.c
+9 −8 sss/src/se05x/fsl_sss_se05x_eckey.c
+3 −0 sss/src/se05x/fsl_sss_se05x_mw.c
+42 −1 sss/src/se05x/fsl_sss_se05x_policy.c
+11 −9 sss/src/se05x/fsl_sss_se05x_scp03.c

0 comments on commit bf9488a

Please sign in to comment.