Skip to content

0.7.0
Compare
Choose a tag to compare
@hug-dev hug-dev released this 23 Mar 13:56
0.7.0
5906812
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog

0.7.0 (2021-03-23)

Full Changelog

Main features and bugfixes delivered

  • Added support for admin clients in the service. Admins can perform two operations forbidden for other clients: ListClients (returns a list of clients with active data available in at least one provider), and DeleteClient (which removes all data stored by the service for a given client).
  • Updated our PKCS11 backend to use an improved, higher-level crate (cryptoki) that offers a safer interface.
  • Two new providers were added, one for ATECCx08 devices via CryptoAuthLib, and one for Trusted Services running in a Trusted Execution Environment. Both are under development and thus not ready for production deployments.
  • Fixed a bug where all keys reported by ListKeys were shown as MbedCryptoProvider keys.

Implemented enhancements:

  • Stop the duplication of key ID conversions #331
  • Add key management operations support #267
  • Enable TS context initialization #266
  • Create the Trusted Service bindings #265
  • Improve import key support in TPM provider #251
  • Investigate and define the work required for SPIFFE-based client identity management #232
  • Make existence of key info consistent with existence of key #149
  • Extract Docker images into own repo #124
  • Add version structures for better handling of versions #43
  • Rearrange modules for a more structured feel #32
  • Change CI to use published Docker image #357 (ionut-arm)
  • Improve coverage script #348 (ionut-arm)
  • Add coverage checking in nightly run #347 (ionut-arm)
  • Trusted service provider #330 (ionut-arm)
  • Add admin configuration #316 (ionut-arm)
  • Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
  • Improve error handling in builder #298 (ionut-arm)
  • Add Changelog file (#278) #280 (ionut-arm)
  • Remove PKCS11 single thread lock (#264) #277 (ionut-arm)

Fixed bugs:

  • Move the spiffe related features in its own branch #327
  • Resolve default implementation issue for list\_keys in Provide #312
  • ListKeys should only be callable on the Core provider #310
  • Service should not start if some components weren't built successfully #297
  • No changelog for the releases #278
  • PKCS11 multi-threading #264
  • Fix ImportKey to allow importing private key #126
  • PKCS 11 provider stress tests sometimes fail #116
  • Update docker registry for TPM2 images #356 (ionut-arm)
  • Run the Codecov script outside container #353 (ionut-arm)
  • Fix code coverage docker command #352 (ionut-arm)
  • Remove the spiffe-based authenticator #328 (hug-dev)

Security fixes:

  • Add a test for admin operations #309
  • Implement admin logic #308
  • Investigate admin role and admin-level operations #292
  • Add failure-counter mechanism #176

Closed issues:

  • Implement ListClients and DeleteClient in the core provider #311
  • Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
  • Investigate cross-compilation to Linux on Aarch64 #300
  • Investigate adding ListClients and DeleteClient operations #293
  • Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
  • Add a SPIFFE JWT-SVID multitenancy test #269
  • Add a JWT-SVID Authenticator #268
  • Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247

Merged pull requests:

Assets 3
Loading