Feature/update nxp hsm pake integration (project-chip#21414)

* updated nxp hsm pake integration layer * updated key policies * Enabled ecc by default * K32w build fix * restyled Co-authored-by: Jagadish-NXP <[email protected]> Co-authored-by: Jagadish B E <[email protected]>
isiu-apple · Sep 16, 2022 · 263a55b · 263a55b
1 parent a3522c7
commit 263a55b
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 108 deletions.
diff --git a/src/crypto/hsm/CHIPCryptoPALHsm.h b/src/crypto/hsm/CHIPCryptoPALHsm.h
@@ -130,12 +130,12 @@ class P256KeypairHSM : public P256Keypair
 
     virtual CHIP_ERROR Deserialize(P256SerializedKeypair & input) override;
 
-    virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) override;
+    virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const override;
 
     virtual CHIP_ERROR ECDH_derive_secret(const P256PublicKey & remote_public_key,
                                           P256ECDHDerivedSecret & out_secret) const override;
 
-    CHIP_ERROR NewCertificateSigningRequest(uint8_t * csr, size_t & csr_length) override;
+    CHIP_ERROR NewCertificateSigningRequest(uint8_t * csr, size_t & csr_length) const override;
 
     const P256PublicKeyHSM & Pubkey() const override { return mPublicKeyHSM; }
 

diff --git a/src/crypto/hsm/CHIPCryptoPALHsm_config.h b/src/crypto/hsm/CHIPCryptoPALHsm_config.h
@@ -25,17 +25,17 @@
 /*
  * Enable HSM for SPAKE VERIFIER
  */
-#define ENABLE_HSM_SPAKE_VERIFIER 1
+#define ENABLE_HSM_SPAKE_VERIFIER 0
 
 /*
  * Enable HSM for SPAKE PROVER
  */
-#define ENABLE_HSM_SPAKE_PROVER 1
+#define ENABLE_HSM_SPAKE_PROVER 0
 
 /*
  * Enable HSM for Generate EC Key
  */
-#define ENABLE_HSM_GENERATE_EC_KEY 0
+#define ENABLE_HSM_GENERATE_EC_KEY 1
 
 /*
  * Enable HSM for PBKDF SHA256
@@ -45,12 +45,12 @@
 /*
  * Enable HSM for HKDF SHA256
  */
-#define ENABLE_HSM_HKDF_SHA256 1
+#define ENABLE_HSM_HKDF_SHA256 0
 
 /*
  * Enable HSM for HMAC SHA256
  */
-#define ENABLE_HSM_HMAC_SHA256 1
+#define ENABLE_HSM_HMAC_SHA256 0
 
 #if ((CHIP_CRYPTO_HSM) && ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER)))
 #define ENABLE_HSM_SPAKE
@@ -59,7 +59,7 @@
 #if ((CHIP_CRYPTO_HSM) && (ENABLE_HSM_GENERATE_EC_KEY))
 #define ENABLE_HSM_EC_KEY
 #define ENABLE_HSM_CASE_EPHEMERAL_KEY
-#define ENABLE_HSM_CASE_OPS_KEY
+//#define ENABLE_HSM_CASE_OPS_KEY
 //#define ENABLE_HSM_ECDSA_VERIFY
 #endif
 

diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp
@@ -26,9 +26,6 @@
 
 #if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
 
-const uint32_t m_id = 0x2345;
-const uint32_t n_id = 0x2346;
-
 #if ENABLE_HSM_SPAKE_VERIFIER
 const uint32_t w0in_id_v = 0x2347;
 const uint32_t Lin_id_v  = 0x2348;
@@ -58,15 +55,14 @@ void Spake2p_Finish_HSM(hsm_pake_context_t * phsm_pake_context)
 
 CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake_context_t * phsm_pake_context)
 {
-    CHIP_ERROR error    = CHIP_ERROR_INTERNAL;
     smStatus_t smstatus = SM_NOT_OK;
     SE05x_CryptoModeSubType_t subtype;
 
 #if ENABLE_REENTRANCY
     SE05x_CryptoObjectID_t spakeObjectId = getObjID();
 #else
     SE05x_CryptoObjectID_t spakeObjectId =
-        (role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER) ? kSE05x_CryptoObject_SPAKE_VERIFIER : kSE05x_CryptoObject_SPAKE_PROVER;
+        (role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER) ? kSE05x_CryptoObject_PAKE_TYPE_B : kSE05x_CryptoObject_PAKE_TYPE_A;
     uint8_t list[1024] = {
         0,
     };
@@ -87,26 +83,15 @@ CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake
     }
 
     se05x_sessionOpen();
-
-    se05x_delete_key(m_id);
-    error = se05x_set_key(m_id, chip::Crypto::spake2p_M_p256, sizeof(chip::Crypto::spake2p_M_p256), kSSS_KeyPart_Public,
-                          kSSS_CipherType_EC_NIST_P);
-    ReturnErrorOnFailure(error);
-
-    se05x_delete_key(n_id);
-    error = se05x_set_key(n_id, chip::Crypto::spake2p_N_p256, sizeof(chip::Crypto::spake2p_N_p256), kSSS_KeyPart_Public,
-                          kSSS_CipherType_EC_NIST_P);
-    ReturnErrorOnFailure(error);
-
     VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);
 
-    subtype.spakeAlgo = kSE05x_SpakeAlgo_P256_SHA256_HKDF_HMAC;
+    subtype.pakeMode = kSE05x_SPAKE2PLUS_P256_SHA256_HKDF_HMAC;
 
 #if ENABLE_REENTRANCY
     VerifyOrReturnError(spake_objects_created < LIMIT_CRYPTO_OBJECTS, CHIP_ERROR_INTERNAL);
 
     smstatus = Se05x_API_CreateCryptoObject(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
-                                            kSE05x_CryptoContext_SPAKE, subtype);
+                                            kSE05x_CryptoContext_PAKE, subtype);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);
 
     /* Increment number of crypto objects created */
@@ -126,28 +111,17 @@ CHIP_ERROR create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE role, hsm_pake
     if (create_crypto_obj)
     {
         smstatus = Se05x_API_CreateCryptoObject(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
-                                                kSE05x_CryptoContext_SPAKE, subtype);
+                                                kSE05x_CryptoContext_PAKE, subtype);
         VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);
     }
 #endif
 
-    smstatus = Se05x_API_PAKEInitProtocol(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId, m_id, n_id);
-    VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);
-
     return CHIP_NO_ERROR;
 }
 
 CHIP_ERROR Spake2p_ComputeRoundOne_HSM(hsm_pake_context_t * phsm_pake_context, chip::Crypto::CHIP_SPAKE2P_ROLE role,
                                        const uint8_t * pab, size_t pab_len, uint8_t * out, size_t * out_len)
 {
-#if SSS_HAVE_SE05X_VER_GTE_16_03
-#else
-    uint8_t * prand     = NULL;
-    size_t prand_len    = 0;
-    uint8_t tempBuf[32] = {
-        0,
-    };
-#endif
     SE05x_CryptoObjectID_t spakeObjectId = phsm_pake_context->spake_objId;
 
     ChipLogProgress(Crypto, "Using HSM for spake2p ComputeRoundOne \n");
@@ -165,35 +139,8 @@ CHIP_ERROR Spake2p_ComputeRoundOne_HSM(hsm_pake_context_t * phsm_pake_context, c
         VerifyOrReturnError(pab != NULL, CHIP_ERROR_INVALID_ARGUMENT);
     }
 
-#if SSS_HAVE_SE05X_VER_GTE_16_03
-#else
-    /* Generate random numbers from SE */
-    sss_status_t status = kStatus_SSS_Success;
-    sss_rng_context_t rng_ctx;
-
-    status = sss_rng_context_init(&rng_ctx, &gex_sss_chip_ctx.session);
-    VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);
-
-    status = sss_rng_get_random(&rng_ctx, tempBuf, sizeof(tempBuf));
-    VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);
-
-    sss_rng_context_free(&rng_ctx);
-
-    prand     = tempBuf;
-    prand_len = sizeof(tempBuf);
-
-#endif
-
-    VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);
-
-#if SSS_HAVE_SE05X_VER_GTE_16_03
-    const smStatus_t smstatus = Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
-                                                              spakeObjectId, (uint8_t *) pab, pab_len, out, out_len);
-#else
-    const smStatus_t smstatus =
-        Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId, (uint8_t *) pab,
-                                      pab_len, out, out_len, prand, prand_len);
-#endif
+    smStatus_t smstatus = Se05x_API_PAKEComputeKeyShare(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, spakeObjectId,
+                                                        (uint8_t *) pab, pab_len, out, out_len);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR_INTERNAL);
 
     return CHIP_NO_ERROR;
@@ -310,33 +257,20 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginVerifier(const uint8_t * my_id
     ReturnErrorOnFailure(FEWrite(w0, w0in_mod, w0in_mod_len));
     ReturnErrorOnFailure(create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER, &hsm_pake_context));
 
-#if SSS_HAVE_SE05X_VER_GTE_16_02
-    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_B,
-                                          hsm_pake_context.spake_objId);
+    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
+                                          SE05x_SPAKE2PLUS_DEVICE_TYPE_B);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
 
+    ReturnErrorOnFailure(se05x_set_key(w0in_id_v, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
+    ReturnErrorOnFailure(se05x_set_key(Lin_id_v, Lin, Lin_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
+
     smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
                                         (uint8_t *) hsm_pake_context.spake_context, hsm_pake_context.spake_context_len,
                                         (uint8_t *) peer_identity, peer_identity_len, (uint8_t *) my_identity, my_identity_len);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
-#else
-    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_B,
-                                          hsm_pake_context.spake_objId, (uint8_t *) hsm_pake_context.spake_context,
-                                          hsm_pake_context.spake_context_len, (uint8_t *) peer_identity, peer_identity_len,
-                                          (uint8_t *) my_identity, my_identity_len);
-    VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
-#endif
-
-    ReturnErrorOnFailure(se05x_set_key(w0in_id_v, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));
-    ReturnErrorOnFailure(se05x_set_key(Lin_id_v, Lin, Lin_len, kSSS_KeyPart_Public, kSSS_CipherType_EC_NIST_P));
 
-#if SSS_HAVE_SE05X_VER_GTE_16_02
     smstatus = Se05x_API_PAKEInitCredentials(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
                                              hsm_pake_context.spake_objId, w0in_id_v, 0, Lin_id_v);
-#else
-    smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
-                                        w0in_id_v, 0, Lin_id_v);
-#endif
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
 
     state = CHIP_SPAKE2P_STATE::STARTED;
@@ -383,33 +317,20 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginProver(const uint8_t * my_iden
     ReturnErrorOnFailure(FEWrite(w1, w1in_mod, w1in_mod_len));
     ReturnErrorOnFailure(create_init_crypto_obj(chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER, &hsm_pake_context));
 
-#if SSS_HAVE_SE05X_VER_GTE_16_02
-    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_A,
-                                          hsm_pake_context.spake_objId);
+    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
+                                          SE05x_SPAKE2PLUS_DEVICE_TYPE_A);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
 
+    ReturnErrorOnFailure(se05x_set_key(w0in_id_p, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
+    ReturnErrorOnFailure(se05x_set_key(w1in_id_p, w1in_mod, w1in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_HMAC));
+
     smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
                                         (uint8_t *) hsm_pake_context.spake_context, hsm_pake_context.spake_context_len,
                                         (uint8_t *) my_identity, my_identity_len, (uint8_t *) peer_identity, peer_identity_len);
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
-#else
-    smstatus = Se05x_API_PAKEConfigDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, SE05x_SPAKEDevice_A,
-                                          hsm_pake_context.spake_objId, (uint8_t *) hsm_pake_context.spake_context,
-                                          hsm_pake_context.spake_context_len, (uint8_t *) peer_identity, peer_identity_len,
-                                          (uint8_t *) my_identity, my_identity_len);
-    VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
-#endif
 
-    ReturnErrorOnFailure(se05x_set_key(w0in_id_p, w0in_mod, w0in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));
-    ReturnErrorOnFailure(se05x_set_key(w1in_id_p, w1in_mod, w1in_mod_len, kSSS_KeyPart_Default, kSSS_CipherType_AES));
-
-#if SSS_HAVE_SE05X_VER_GTE_16_02
     smstatus = Se05x_API_PAKEInitCredentials(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx,
                                              hsm_pake_context.spake_objId, w0in_id_p, w1in_id_p, 0);
-#else
-    smstatus = Se05x_API_PAKEInitDevice(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, hsm_pake_context.spake_objId,
-                                        w0in_id_p, w1in_id_p, 0);
-#endif
     VerifyOrReturnError(smstatus == SM_OK, CHIP_ERROR(chip::ChipError::Range::kPlatform, smstatus));
 
     state = CHIP_SPAKE2P_STATE::STARTED;
@@ -431,7 +352,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundOne(const uint8_t * pab
 #endif
 
 #if ((CHIP_CRYPTO_HSM) && (!ENABLE_HSM_SPAKE_PROVER))
-    const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
+    const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
 #else
     constexpr bool sw_rollback_prover   = false;
 #endif
@@ -462,7 +383,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundTwo(const uint8_t * in,
 #endif
 
 #if !ENABLE_HSM_SPAKE_PROVER
-    const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
+    const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
 #else
     constexpr bool sw_rollback_prover   = false;
 #endif
@@ -497,7 +418,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::KeyConfirm(const uint8_t * in, size
 #endif
 
 #if !ENABLE_HSM_SPAKE_PROVER
-    const bool sw_roolback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
+    const bool sw_rollback_prover = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::PROVER);
 #else
     constexpr bool sw_rollback_prover   = false;
 #endif

diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp
@@ -23,6 +23,7 @@
  */
 
 #include "CHIPCryptoPALHsm_SE05X_utils.h"
+#include "fsl_sss_policy.h"
 
 ex_sss_boot_ctx_t gex_sss_chip_ctx;
 
@@ -157,6 +158,25 @@ CHIP_ERROR se05x_set_key(uint32_t keyid, const uint8_t * key, size_t keylen, sss
                           0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00 };
     size_t bitlen     = 0;
 
+    static sss_policy_u commonPol;
+    commonPol.type                     = KPolicy_Common;
+    commonPol.auth_obj_id              = 0;
+    commonPol.policy.common.req_Sm     = 0;
+    commonPol.policy.common.can_Delete = 1;
+    commonPol.policy.common.can_Read   = 0;
+    commonPol.policy.common.can_Write  = 1;
+
+    static sss_policy_u hmac_withPol;
+    hmac_withPol.type                      = KPolicy_Asym_Key;
+    hmac_withPol.auth_obj_id               = 0;
+    hmac_withPol.policy.asymmkey.can_Write = 1;
+    hmac_withPol.policy.asymmkey.can_KA    = 1;
+
+    sss_policy_t policy_for_hmac_key;
+    policy_for_hmac_key.nPolicies   = 2;
+    policy_for_hmac_key.policies[0] = &hmac_withPol;
+    policy_for_hmac_key.policies[1] = &commonPol;
+
     if (cipherType == kSSS_CipherType_EC_NIST_P)
     {
         VerifyOrReturnError(keylen < (sizeof(keyBuf) - sizeof(header1)), CHIP_ERROR_INTERNAL);
@@ -184,7 +204,8 @@ CHIP_ERROR se05x_set_key(uint32_t keyid, const uint8_t * key, size_t keylen, sss
     status = sss_key_object_allocate_handle(&keyObject, keyid, keyPart, cipherType, keyBufLen, kKeyObject_Mode_Persistent);
     VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);
 
-    status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, keyBuf, keyBufLen, bitlen, NULL, 0);
+    status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, keyBuf, keyBufLen, bitlen, &policy_for_hmac_key,
+                                   sizeof(policy_for_hmac_key));
     VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);
 
     return CHIP_NO_ERROR;

diff --git a/third_party/simw-top-mini/repo b/third_party/simw-top-mini/repo
+18 −0		ChangeLog.md
+1 −3		README.rst
+1 −1		SCR.txt
+61 −110		fsl_sss_ftr.h
+0 −16		hostlib/hostLib/inc/Applet_SE050_Ver.h
+6 −6		hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h
+8 −8		hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h
+4 −0		hostlib/hostLib/inc/se05x_const.h
+60 −49		hostlib/hostLib/inc/se05x_enums.h
+14 −5		hostlib/hostLib/inc/se05x_tlv.h
+8 −4		hostlib/hostLib/inc/sm_const.h
+11 −8		hostlib/hostLib/libCommon/infra/sm_connect.c
+1 −1		hostlib/hostLib/libCommon/infra/sm_printf.c
+7 −7		hostlib/hostLib/libCommon/log/nxLog.c
+19 −3		hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c
+1 −1		hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h
+7 −2		hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c
+5 −5		hostlib/hostLib/libCommon/smCom/smCom.c
+11 −3		hostlib/hostLib/platform/linux/i2c_a7.c
+1 −0		hostlib/hostLib/se05x/src/se05x_mw.c
+7 −4		hostlib/hostLib/se05x/src/se05x_tlv.c
+20 −12		hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h
+139 −130		hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h
+9 −9		hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c
+5 −3		hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h
+14 −7		hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h
+371 −371		hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h
+148 −0		hostlib/hostLib/se05x_03_xx_xx/se05x_pake_APDU_apis.h
+223 −273		hostlib/hostLib/se05x_03_xx_xx/se05x_pake_APDU_impl.h
+0 −163		hostlib/hostLib/se05x_03_xx_xx/se05x_spake_APDU_apis.h
+6 −5		mbedtls_cli_srv/CMakeLists.txt
+2 −4		sss/ex/ecc/ex_sss_ecc.c
+8 −20		sss/ex/inc/ex_sss_auth.h
+6 −1		sss/ex/inc/ex_sss_ports.h
+216 −139		sss/ex/inc/ex_sss_tp_scp03_keys.h
+1 −67		sss/ex/mbedtls/ex_sss_ssl2.c
+2 −2		sss/ex/src/ex_sss_boot.c
+6 −5		sss/ex/src/ex_sss_boot_connectstring.c
+1 −1		sss/ex/src/ex_sss_boot_int.h
+10 −0		sss/ex/src/ex_sss_scp03_auth.c
+3 −0		sss/ex/src/ex_sss_se05x.c
+49 −7		sss/inc/fsl_sss_api.h
+6 −8		sss/inc/fsl_sss_api_ver.h
+58 −20		sss/inc/fsl_sss_ftr_default.h
+11 −6		sss/inc/fsl_sss_policy.h
+29 −2		sss/inc/fsl_sss_se05x_types.h
+2 −0		sss/inc/fsl_sss_user_types.h
+6 −0		sss/inc/fsl_sss_util_rsa_sign_utils.h
+3 −2		sss/plugin/mbedtls/ecdh_alt_ax.c
+53 −0		sss/plugin/mbedtls/port/ksdk/ecp_alt.c
+25 −0		sss/port/default/fsl_sss_types.h
+80 −0		sss/src/fsl_sss_apis.c
+22 −5		sss/src/fsl_sss_util_asn1_der.c
+9 −3		sss/src/fsl_sss_util_rsa_sign_utils.c
+4 −0		sss/src/keystore/keystore_cmn.c
+4 −2		sss/src/keystore/keystore_openssl.c
+4 −2		sss/src/keystore/keystore_pc.c
+77 −22		sss/src/mbedtls/fsl_sss_mbedtls_apis.c
+122 −42		sss/src/openssl/fsl_sss_openssl_apis.c
+141 −35		sss/src/se05x/fsl_sss_se05x_apis.c
+9 −8		sss/src/se05x/fsl_sss_se05x_eckey.c
+3 −0		sss/src/se05x/fsl_sss_se05x_mw.c
+42 −1		sss/src/se05x/fsl_sss_se05x_policy.c
+11 −9		sss/src/se05x/fsl_sss_se05x_scp03.c