blame | history | raw

Intel(R) EPID SDK ChangeLog {#ChangeLog}

[6.0.1] - 2018-05-04

Changed

Updated Intel(R) IPP Cryptography library to version 2018 (Update
2.1).

Fixed

The member library now includes the tpm2 subcomponent when built
using SCons, instead of requiring a separate member.tpm2 library.

Known Issues

Only the SHA-256 hash algorithm is supported when using the SDK with
the IBM TPM simulator due to a defect in version 532 of the
simulator.
Basenames are limited to 124 bytes in TPM mode.
Scons build will not work natively on ARM. You can still build using
make or cross compile.

[6.0.0] - 2017-12-15

Added

The member can now be built with a substantially reduced code size
using a compilation option.
New context lifetime management APIs have been added to member to
give callers more control of memory allocation.
New member API EpidClearRegisteredBasenames has been added to
clear registered basenames without recreating the member.

Changed

EpidRegisterBaseName was renamed to EpidRegisterBasename because
basename is a single word.
Command-line parsing library used by samples and tools has been
replaced by Argtable3.

Deprecated

EpidMemberCreate has been deprecated. This API has been superseded
by EpidMemberGetSize and EpidMemberInit.
EpidMemberDelete has been deprecated. This API has been superseded
by EpidMemberDeinit.

Removed

size_optimized_release build configuration has been removed.
Use the compilation option to build member with reduced code size.

Known Issues

Only the SHA-256 hash algorithm is supported when using the SDK with
the IBM TPM simulator due to a defect in version 532 of the
simulator.
Basenames are limited to 124 bytes in TPM mode.
Scons build will not work natively on ARM. You can still build using
make or cross compile.

[5.0.0] - 2017-09-15

Added

The member implementation now has the option to support signing
using a TPM, using the ECDAA capabilities of TPM 2.0.

Changed

Member API updated to unify HW and SW use cases.
- Added
  - ProvisionKey
  - ProvisionCompressed
  - ProvisionCredential
  - Startup
- Parameters changed
  - MemberCreate
  - RequestJoin
- Removed or made private
  - WritePrecomp
  - SignBasic
  - NrProve
  - AssemblePrivKey
EpidRequestJoin was renamed to EpidCreateJoinRequest to make it
clear that it is not directly communicating with the issuer.

Fixed

EpidCreateJoinRequest creates valid join requests. This fixes a
regression in EpidRequestJoin introduced in 4.0.0.

Known Issues

Only the SHA-256 hash algorithm is supported when using the
SDK with the IBM TPM simulator due to a defect in version
532 of the simulator.
Basenames are limited to 124 bytes in TPM mode.

[4.0.0] - 2017-04-25

Added

The member implementation now provides an internal interface that
gives guidance on partitioning member operations between highly
sensitive ones that use f value of the private key, and less
sensitive operations that can be performed in a host environment.
New member API EpidAssemblePrivKey was added to help assemble and
validate the new member private key that is created when a member
either joins a group (using the join protocol) or switches to a new
group (as the result of a performance rekey).

Changed

Updated Intel(R) IPP Cryptography library to version 2017 (Update 2).
The mechanism to set the signature based revocation list (SigRL)
used for signing was changed. EpidMemberSetSigRl must be used to
set the SigRL. The SigRL is no longer a parameter to EpidSign.
This better models typical use case where a device stores a
revocation list and updates it independently of signing operations.

Removed

Removed EpidWritePreSigs API. Serialization of pre-computed
signatures is a risky capability to provide, and simply expanding
the internal pool via EpidAddPreSigs still provides most of the
optimization benefits.
The EpidIsPrivKeyInGroup API is no longer exposed to clients. It
is no longer needed because the new member API EpidAssemblePrivKey
performs this check.

Fixed

When building with commercial version of the Intel(R) IPP
Cryptography library, optimized functions are now properly invoked,
making signing and verification operations ~2 times faster
SHA-512/256 hash algorithm is now supported.
README for compressed data now correctly documents the number of
entries in revocation lists.
The verifysig sample now reports a more clear error message for
mismatched SigRLs.
The default scons build will now build for a 32-bit target on a
32-bit platform.

Known Issues

Scons build will not work natively on ARM. You can still build using
make or cross compile.

[3.0.0] - 2016-11-22

Added

Support for verification of Intel(R) EPID 1.1 members.
Make-based build system support.
Sample material includes compressed keys.
Enhanced documentation, including step-by-step walkthroughs of
example applications.
Validated on additional IoT platforms.
Ostro Linux
Snappy Ubuntu Core

Changes

A new verifier API has been added to set the basename to be used for
verification. Verifier APIs that used to accept basenames now use
the basename set via EpidVerifierSetBasename.
The verifier pre-computation structure has been changed to include
the group ID to allow detection of errors that result from providing
a pre-computation blob from a different group to
EpidVerifierCreate.

Fixes

The kEpidxxxRevoked enums have been renamed to be consistent with
other result return values.

Known Issues

SHA-512/256 hash algorithm is not supported.

[2.0.0] - 2016-07-20

Added

Signed binary issuer material support.
Binary issuer material validation APIs.
Updated sample issuer material.
Updated samples that parse signed binary issuer material.
Compressed member private key support.
Validated on additional IoT platforms.
Windows 10 IoT Core
WindRiver IDP

Changed

The default hash algorithm has changed. It is now SHA-512.
Functions that returned EpidNullPtrErr now return EpidBadArgErr
instead.

Fixed

Updated build flags to work around GCC 4.8.5 defect.

[1.0.0] - 2016-03-03

Added

Basic sign and verify functionality
Dynamic join support for member
Apache 2.0 License