0.8.1

Main features delivered

• ECC keys are now supported in the PKCS11 provider
• a SPIFFE based authenticator is now available
• New CryptoAuthLib provider operation support: generate/import/export keys, sign/verify
• The TPM provider can be set as optional depending on platform availability
• The slot_number field is now optional
• all-providers now contains the Trusted Service provider
• The TPM provider has been updated to store keys in a different format, with migration capability from the previous format.

See the changelog below to see all differences with previous release.

Changelog

0.8.1 (2021-09-17)

Full Changelog

Implemented enhancements:

• Add Unit Tests to SQLiteKeyInfoManager #510
• Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
• Update provider to use new version fo TransKeyCtx #515 (ionut-arm)

Fixed bugs:

• Decide and implement a new serialization format for KeyInfo #509
• Memory leak in TS context #501
• Disable broken workflows #525 (ionut-arm)

Closed issues:

• Make a Parsec Ockam Vault: investigation issue #506
• Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
• Add config tests for multiple provider names #496

Merged pull requests:

• Bump version for release #526 (ionut-arm)
• Use as_ptr for TS service name #524 (anta5010)
• Lower Hash algorithm #499 (hug-dev)
• Update CHANGELOG #498 (hug-dev)

0.8.0 (2021-08-05)

Full Changelog

Implemented enhancements:

• Add Provider Name Config Option #487
• Add PKCS11 provider export-attributes switch #462
• Refactor the all-providers workflow #455
• Adjust linking for TS provider #427
• Allow providers to be optional or conditional depending on platform feature availability #401
• Add cross-compilation tests for the TPM provider #382
• Make the slot_number field optional #375
• Design workflow and associated APIs for key attestation in Parsec #370
• Implement error handling for TS caller errors #332
• Add release-build tests to CI #163
• Add the possibility of changing key store location of Mbed Crypto provider #53
• Add TS provider to all-providers #482 (ionut-arm)
• Adjust TS provider linking #474 (ionut-arm)
• Add cargo-audit config #473 (ionut-arm)
• Update dependency on Trusted Services #467 (ionut-arm)
• Add import and export support for ECC for PKCS11 #452 (ionut-arm)
• Add a SPIFFE based authenticator #449 (hug-dev)
• Add ECC functionality to PKCS11 prov #446 (ionut-arm)
• Enable coverage testing for TS provider #434 (ionut-arm)
• Create SECURITY.md #414 (ionut-arm)
• Add TPM provider cross-compilation #403 (ionut-arm)
• Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)

Fixed bugs:

• If a response is an error, log it before sending it #417
• Fix ingress/egress trace logs #416
• Make KeyInfo a private type #400
• Unable to build 0.7.2 for i686 (and ppc64/ppc64le) #379
• Unable to build 0.7.2 for armv7 #378
• Document clearly how Mbed Crypto provider keys are stored #373
• Fix code coverage reports #495 (ionut-arm)
• Modify the git submodule command #490 (hug-dev)
• Do not login if no user pin was entered #489 (hug-dev)
• Fix git command and use Arm machine #485 (ionut-arm)
• Fix CircleCI config format. #484 (ionut-arm)
• Add submodule initialisation to CircleCI #483 (ionut-arm)
• Make cross-compilation run on release version #454 (ionut-arm)
• Bump picky crate versions #443 (ionut-arm)
• Remove the TS coverage computation #436 (ionut-arm)
• Fix nightly workflow #435 (ionut-arm)
• Fix ServiceConfig import in fuzz_service #433 (ionut-arm)
• Fix Contributing link #415 (ionut-arm)
• Fix ownership of ibmtpm folder #385 (ionut-arm)
• Fix CircleCI config #384 (ionut-arm)
• Implement a few fixes #374 (ionut-arm)

Security fixes:

• Resurrect fuzz testing framework #422
• Set up Github security policy #398
• Investigate testing of Cryptoauthlib provider #315
• rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
• rust-spiffe: provide a local validation of the JWT-SVID #289
• Revive the fuzz testing framework #429 (ionut-arm)

Closed issues:

• NXP PKCS#11 Parsec integration testing. #456
• Split the build tests on a different CI workflow #447
• Support ECC signing keys in the PKCS#11 provider #421
• Stability: Communication with backends #412
• Adopt CII Best Practices Badge from the LF #411
• Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
• Stability: Build toolchain #408
• Stability: Environment variables #405
• Stability: Dynamic libraries dependencies #397
• Stability: systemd communication #396
• Stability: OS signals #395
• Stability: Persistent state (key mappings) #394
• Stability: Configuration file #393
• Stability: CLI invocation #392
• Stability: Authenticators #391
• Stability: Communication with clients (listeners endpoint) #390
• Stability: Communication with clients (operation contracts) #389
• Stability: Communication with clients (requests/responses) #388
• Setup environment stability test #386
• Archive for 0.7.0 contains .cargo/ folder #377
• Add more Fixed Common header tests #351

Merged pull requests:

• Switch imports to crates.io #497 (ionut-arm)
• Add the Class attribute when generating key pairs #493 (hug-dev)
• Add tests checking absence of slot_number #492 (hug-dev)
• Split out the all-providers cargo check into its own CI job. #472 (MattDavis00)
• Make KeyInfo a private type Fix #400 #469 (Kakemone)
• Added psa_export_key & psa_generate_random to TS Provider #468 (MattDavis00)
• Add a allow_export flag to restrict exporting #466 (hug-dev)
• Added missing ingress logs to providers. #416 #465 (MattDavis00)
• #417 Added additional error logging to front end handle_request function. #464 (MattDavis00)
• Update the TS revision used #461 (ionut-arm)
• Add a way to allow providers to fail instantiation #451 (hug-dev)
• Randomly select the shutdown signal #448 (hug-dev)
• Execute e2e tests with an old version of client #445 (hug-dev)
• [CryptoAuthLib provider] Implementation of export key operation #442 (TomaszPawelecGL)
• Move CLI log into its own file #441 (hug-dev)
• Add various tests checking contracts #440 (hug-dev)
• Isolate config logic and add e2e config tests #432 (hug-dev)
• [CryptoAuthLib provider] Implementation of psa_export_public_key operation. #431 (RobertDrazkowskiGL)
• [CryptoAuthLib provider] Support for psa_sign_message and psa_verify_message. #425 (RobertDrazkowskiGL)
• Replace persistence tests with key mappings tests #420 (hug-dev)
• Add Codecov and cii badges #419 (ionut-arm)
• CryptoAuthentication Library provider - support for PsaSignHash and PsaVerifyHash operations. #413 (RobertDrazkowskiGL)
• Make it compile for Rust 1.43.1 #410 (hug-dev)
• PSA_IMPORT_KEY introduction. #399 (RobertDrazkowskiGL)
• CryptoAuthLib provider testability improvements: #387 (RobertDrazkowskiGL)
• Add CircleCI config #383 (ionut-arm)
• Import newest versions of cryptoki and tss-esapi #381 (hug-dev)
• Update CHANGELOG #367 (hug-dev)
• Implementation of PsaGenerateKey and PsaDestroyKey operations #354 (RobertDrazkowskiGL)

0.7.2 (2021-03-25)

Full Changelog

Merged pull requests:

• Prepare for 0.7.2 #368 (hug-dev)

0.7.1 (2021-03-25)

Full Changelog

Closed issues:

• Investigate calculating test coverage #342

Merged pull requests:

• Update tss-esapi dependency #366 (hug-dev)
• Add quickstart reference #365 (hug-dev)
• Update CHANGELOG #364 (hug-dev)