1 # Intel(R) EPID SDK ChangeLog {#ChangeLog} 2 3 ## [6.0.1] - 2018-05-04 4 5 ### Changed 6 7 - Updated Intel(R) IPP Cryptography library to version 2018 (Update 8 2.1). 9 10 ### Fixed 11 12 - The member library now includes the tpm2 subcomponent when built 13 using SCons, instead of requiring a separate member.tpm2 library. 14 15 ### Known Issues 16 17 - Only the SHA-256 hash algorithm is supported when using the SDK with 18 the IBM TPM simulator due to a defect in version 532 of the 19 simulator. 20 21 - Basenames are limited to 124 bytes in TPM mode. 22 23 - Scons build will not work natively on ARM. You can still build using 24 `make` or cross compile. 25 26 ## [6.0.0] - 2017-12-15 27 28 ### Added 29 30 - The member can now be built with a substantially reduced code size 31 using a compilation option. 32 33 - New context lifetime management APIs have been added to member to 34 give callers more control of memory allocation. 35 36 - New member API `EpidClearRegisteredBasenames` has been added to 37 clear registered basenames without recreating the member. 38 39 ### Changed 40 41 - `EpidRegisterBaseName` was renamed to `EpidRegisterBasename` because 42 basename is a single word. 43 44 - Command-line parsing library used by samples and tools has been 45 replaced by Argtable3. 46 47 48 ### Deprecated 49 50 - `EpidMemberCreate` has been deprecated. This API has been superseded 51 by `EpidMemberGetSize` and `EpidMemberInit`. 52 53 - `EpidMemberDelete` has been deprecated. This API has been superseded 54 by `EpidMemberDeinit`. 55 56 ### Removed 57 58 - `size_optimized_release` build configuration has been removed. 59 Use the compilation option to build member with reduced code size. 60 61 ### Known Issues 62 63 - Only the SHA-256 hash algorithm is supported when using the SDK with 64 the IBM TPM simulator due to a defect in version 532 of the 65 simulator. 66 67 - Basenames are limited to 124 bytes in TPM mode. 68 69 - Scons build will not work natively on ARM. You can still build using 70 `make` or cross compile. 71 72 73 ## [5.0.0] - 2017-09-15 74 75 ### Added 76 77 - The member implementation now has the option to support signing 78 using a TPM, using the ECDAA capabilities of TPM 2.0. 79 80 81 ### Changed 82 83 - Member API updated to unify HW and SW use cases. 84 - Added 85 - `ProvisionKey` 86 - `ProvisionCompressed` 87 - `ProvisionCredential` 88 - `Startup` 89 - Parameters changed 90 - `MemberCreate` 91 - `RequestJoin` 92 - Removed or made private 93 - `WritePrecomp` 94 - `SignBasic` 95 - `NrProve` 96 - `AssemblePrivKey` 97 98 - `EpidRequestJoin` was renamed to `EpidCreateJoinRequest` to make it 99 clear that it is not directly communicating with the issuer. 100 101 102 ### Fixed 103 104 - `EpidCreateJoinRequest` creates valid join requests. This fixes a 105 regression in `EpidRequestJoin` introduced in 4.0.0. 106 107 108 ### Known Issues 109 110 - Only the SHA-256 hash algorithm is supported when using the 111 SDK with the IBM TPM simulator due to a defect in version 112 532 of the simulator. 113 114 - Basenames are limited to 124 bytes in TPM mode. 115 116 117 ## [4.0.0] - 2017-04-25 118 119 ### Added 120 121 - The member implementation now provides an internal interface that 122 gives guidance on partitioning member operations between highly 123 sensitive ones that use f value of the private key, and less 124 sensitive operations that can be performed in a host environment. 125 126 - New member API `EpidAssemblePrivKey` was added to help assemble and 127 validate the new member private key that is created when a member 128 either joins a group (using the join protocol) or switches to a new 129 group (as the result of a performance rekey). 130 131 132 ### Changed 133 134 - Updated Intel(R) IPP Cryptography library to version 2017 (Update 2). 135 136 - The mechanism to set the signature based revocation list (SigRL) 137 used for signing was changed. `EpidMemberSetSigRl` must be used to 138 set the SigRL. The SigRL is no longer a parameter to `EpidSign`. 139 This better models typical use case where a device stores a 140 revocation list and updates it independently of signing operations. 141 142 143 ### Removed 144 145 - Removed `EpidWritePreSigs` API. Serialization of pre-computed 146 signatures is a risky capability to provide, and simply expanding 147 the internal pool via `EpidAddPreSigs` still provides most of the 148 optimization benefits. 149 150 - The `EpidIsPrivKeyInGroup` API is no longer exposed to clients. It 151 is no longer needed because the new member API `EpidAssemblePrivKey` 152 performs this check. 153 154 155 ### Fixed 156 157 - When building with commercial version of the Intel(R) IPP 158 Cryptography library, optimized functions are now properly invoked, 159 making signing and verification operations ~2 times faster 160 161 - SHA-512/256 hash algorithm is now supported. 162 163 - README for compressed data now correctly documents the number of 164 entries in revocation lists. 165 166 - The `verifysig` sample now reports a more clear error message for 167 mismatched SigRLs. 168 169 - The default scons build will now build for a 32-bit target on a 170 32-bit platform. 171 172 173 ### Known Issues 174 175 - Scons build will not work natively on ARM. You can still build using 176 `make` or cross compile. 177 178 179 ## [3.0.0] - 2016-11-22 180 181 ### Added 182 183 - Support for verification of Intel(R) EPID 1.1 members. 184 185 - Make-based build system support. 186 187 - Sample material includes compressed keys. 188 189 - Enhanced documentation, including step-by-step walkthroughs of 190 example applications. 191 192 - Validated on additional IoT platforms. 193 194 - Ostro Linux 195 196 - Snappy Ubuntu Core 197 198 199 ### Changes 200 201 - A new verifier API has been added to set the basename to be used for 202 verification. Verifier APIs that used to accept basenames now use 203 the basename set via `EpidVerifierSetBasename`. 204 205 - The verifier pre-computation structure has been changed to include 206 the group ID to allow detection of errors that result from providing 207 a pre-computation blob from a different group to 208 `EpidVerifierCreate`. 209 210 211 ### Fixes 212 213 - The kEpidxxxRevoked enums have been renamed to be consistent with 214 other result return values. 215 216 217 ### Known Issues 218 219 - SHA-512/256 hash algorithm is not supported. 220 221 222 ## [2.0.0] - 2016-07-20 223 224 ### Added 225 226 - Signed binary issuer material support. 227 228 - Binary issuer material validation APIs. 229 230 - Updated sample issuer material. 231 232 - Updated samples that parse signed binary issuer material. 233 234 - Compressed member private key support. 235 236 - Validated on additional IoT platforms. 237 238 - Windows 10 IoT Core 239 240 - WindRiver IDP 241 242 243 ### Changed 244 245 - The default hash algorithm has changed. It is now SHA-512. 246 247 - Functions that returned `EpidNullPtrErr` now return `EpidBadArgErr` 248 instead. 249 250 251 ### Fixed 252 253 - Updated build flags to work around GCC 4.8.5 defect. 254 255 256 ## [1.0.0] - 2016-03-03 257 258 ### Added 259 260 - Basic sign and verify functionality 261 262 - Dynamic join support for member 263 264 - Apache 2.0 License 265