• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Intel(R) EPID SDK ChangeLog                                   {#ChangeLog}
2
3## [6.0.1] - 2018-05-04
4
5### Changed
6
7- Updated Intel(R) IPP Cryptography library to version 2018 (Update
8  2.1).
9
10### Fixed
11
12- The member library now includes the tpm2 subcomponent when built
13  using SCons, instead of requiring a separate member.tpm2 library.
14
15### Known Issues
16
17- Only the SHA-256 hash algorithm is supported when using the SDK with
18  the IBM TPM simulator due to a defect in version 532 of the
19  simulator.
20
21- Basenames are limited to 124 bytes in TPM mode.
22
23- Scons build will not work natively on ARM. You can still build using
24  `make` or cross compile.
25
26## [6.0.0] - 2017-12-15
27
28### Added
29
30- The member can now be built with a substantially reduced code size
31  using a compilation option.
32
33- New context lifetime management APIs have been added to member to
34  give callers more control of memory allocation.
35
36- New member API `EpidClearRegisteredBasenames` has been added to
37  clear registered basenames without recreating the member.
38
39### Changed
40
41- `EpidRegisterBaseName` was renamed to `EpidRegisterBasename` because
42  basename is a single word.
43
44- Command-line parsing library used by samples and tools has been
45  replaced by Argtable3.
46
47
48### Deprecated
49
50- `EpidMemberCreate` has been deprecated. This API has been superseded
51  by `EpidMemberGetSize` and `EpidMemberInit`.
52
53- `EpidMemberDelete` has been deprecated. This API has been superseded
54  by `EpidMemberDeinit`.
55
56### Removed
57
58- `size_optimized_release` build configuration has been removed.
59  Use the compilation option to build member with reduced code size.
60
61### Known Issues
62
63- Only the SHA-256 hash algorithm is supported when using the SDK with
64  the IBM TPM simulator due to a defect in version 532 of the
65  simulator.
66
67- Basenames are limited to 124 bytes in TPM mode.
68
69- Scons build will not work natively on ARM. You can still build using
70  `make` or cross compile.
71
72
73## [5.0.0] - 2017-09-15
74
75### Added
76
77- The member implementation now has the option to support signing
78  using a TPM, using the ECDAA capabilities of TPM 2.0.
79
80
81### Changed
82
83- Member API updated to unify HW and SW use cases.
84    - Added
85        - `ProvisionKey`
86        - `ProvisionCompressed`
87        - `ProvisionCredential`
88        - `Startup`
89    - Parameters changed
90        - `MemberCreate`
91        - `RequestJoin`
92    - Removed or made private
93        - `WritePrecomp`
94        - `SignBasic`
95        - `NrProve`
96        - `AssemblePrivKey`
97
98- `EpidRequestJoin` was renamed to `EpidCreateJoinRequest` to make it
99  clear that it is not directly communicating with the issuer.
100
101
102### Fixed
103
104- `EpidCreateJoinRequest` creates valid join requests. This fixes a
105  regression in `EpidRequestJoin` introduced in 4.0.0.
106
107
108### Known Issues
109
110- Only the SHA-256 hash algorithm is supported when using the
111  SDK with the IBM TPM simulator due to a defect in version
112  532 of the simulator.
113
114- Basenames are limited to 124 bytes in TPM mode.
115
116
117## [4.0.0] - 2017-04-25
118
119### Added
120
121- The member implementation now provides an internal interface that
122  gives guidance on partitioning member operations between highly
123  sensitive ones that use f value of the private key, and less
124  sensitive operations that can be performed in a host environment.
125
126- New member API `EpidAssemblePrivKey` was added to help assemble and
127  validate the new member private key that is created when a member
128  either joins a group (using the join protocol) or switches to a new
129  group (as the result of a performance rekey).
130
131
132### Changed
133
134- Updated Intel(R) IPP Cryptography library to version 2017 (Update 2).
135
136- The mechanism to set the signature based revocation list (SigRL)
137  used for signing was changed. `EpidMemberSetSigRl` must be used to
138  set the SigRL. The SigRL is no longer a parameter to `EpidSign`.
139  This better models typical use case where a device stores a
140  revocation list and updates it independently of signing operations.
141
142
143### Removed
144
145- Removed `EpidWritePreSigs` API. Serialization of pre-computed
146  signatures is a risky capability to provide, and simply expanding
147  the internal pool via `EpidAddPreSigs` still provides most of the
148  optimization benefits.
149
150- The `EpidIsPrivKeyInGroup` API is no longer exposed to clients. It
151  is no longer needed because the new member API `EpidAssemblePrivKey`
152  performs this check.
153
154
155### Fixed
156
157- When building with commercial version of the Intel(R) IPP
158  Cryptography library, optimized functions are now properly invoked,
159  making signing and verification operations ~2 times faster
160
161- SHA-512/256 hash algorithm is now supported.
162
163- README for compressed data now correctly documents the number of
164  entries in revocation lists.
165
166- The `verifysig` sample now reports a more clear error message for
167  mismatched SigRLs.
168
169- The default scons build will now build for a 32-bit target on a
170  32-bit platform.
171
172
173### Known Issues
174
175- Scons build will not work natively on ARM. You can still build using
176  `make` or cross compile.
177
178
179## [3.0.0] - 2016-11-22
180
181### Added
182
183- Support for verification of Intel(R) EPID 1.1 members.
184
185- Make-based build system support.
186
187- Sample material includes compressed keys.
188
189- Enhanced documentation, including step-by-step walkthroughs of
190  example applications.
191
192- Validated on additional IoT platforms.
193
194  - Ostro Linux
195
196  - Snappy Ubuntu Core
197
198
199### Changes
200
201- A new verifier API has been added to set the basename to be used for
202  verification. Verifier APIs that used to accept basenames now use
203  the basename set via `EpidVerifierSetBasename`.
204
205- The verifier pre-computation structure has been changed to include
206  the group ID to allow detection of errors that result from providing
207  a pre-computation blob from a different group to
208  `EpidVerifierCreate`.
209
210
211### Fixes
212
213- The kEpidxxxRevoked enums have been renamed to be consistent with
214  other result return values.
215
216
217### Known Issues
218
219- SHA-512/256 hash algorithm is not supported.
220
221
222## [2.0.0] - 2016-07-20
223
224### Added
225
226- Signed binary issuer material support.
227
228  - Binary issuer material validation APIs.
229
230  - Updated sample issuer material.
231
232  - Updated samples that parse signed binary issuer material.
233
234- Compressed member private key support.
235
236- Validated on additional IoT platforms.
237
238  - Windows 10 IoT Core
239
240  - WindRiver IDP
241
242
243### Changed
244
245- The default hash algorithm has changed. It is now SHA-512.
246
247- Functions that returned `EpidNullPtrErr` now return `EpidBadArgErr`
248  instead.
249
250
251### Fixed
252
253- Updated build flags to work around GCC 4.8.5 defect.
254
255
256## [1.0.0] - 2016-03-03
257
258### Added
259
260- Basic sign and verify functionality
261
262- Dynamic join support for member
263
264- Apache 2.0 License
265