Skip to content

Releases: fido-device-onboard/release-fidoiot

v1.1.9

04 Jul 09:59
22d9d8c
Compare
Choose a tag to compare

v1.1.9

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.
  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

New Features

client-sdk-fidoiot: Support for sending device MAC addresses as part of Device Mfg Info.

Fixed Issues

client-sdk-fidoiot, epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated, few defect fixes.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

69e2e5a589bb7892a11e88e28452e5f223b6ed013449dbb6e9f2f15486c40132 - client-sdk-fidoiot-v1.1.9.tar.gz
5a45136fa1a59ef4da2e2db3f748e4c6ac9591cfd7cf629b2a6ae202a05c5210 - epid-verification-service-v1.1.9.tar.gz
1c8bf63fc13f9780839b3a733f0b42b7befa78e285d97c10c1ad1c42be4e9346 - pri-fidoiot-v1.1.9.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.9.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.9

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.8

22 Mar 09:04
b42afed
Compare
Choose a tag to compare

v1.1.8

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.
  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

New Features

client-sdk-fidoiot: Support for FIDO Service Info Module (FSIM) added.

Changes to existing features

client-sdk-fidoiot: Storage of credentials in TPM has been modified to be compliant with the TPM spec. Please note that the FIDO Alliance specification "Securing FDO Credentials in the TPM" has been published as a Review Draft by the FIDO Alliance, and is still subject to comment and change. With respect to section 4.2, Handles for FDO Credentials, Trusted Computing Group (TCG) has allocated the NVRAM addresses referenced, and is moving towards approval of the persistent object handles.

client-sdk-fidoiot, epid-verification-service, pri-fidoiot: Updated the required third party dependencies to be complaint with FIPS. The PRI FIDO IOT component uses Bouncy Castle FIPS as the primary security provider for all cryptographic operations within the project with the exception of the KDF. The KDF implementation is compliant with the FIDO specification and is not based on the Bouncy Castle FIPS.

pri-fidoiot: Added REST API support to update the replacement RV information.

Fixed Issues

client-sdk-fidoiot, epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

83aaad1b0c941b26c55cdc502036cc23df36ecf84094820fbb7dbfa110e5feba - client-sdk-fidoiot-v1.1.8.tar.gz
d45404f8a5bf57c44781f97b45cf2558902f4baa4c8a068ab5fc3514ad08e211 - epid-verification-service-v1.1.8.tar.gz
3f5c8d2eba14275b0a145a6c06aef9c8877845267a2bd4480e811797af51092e - pri-fidoiot-v1.1.8.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.8.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.8

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

V1.1.7

01 Dec 15:07
94d4bef
Compare
Choose a tag to compare

v1.1.7

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.

New Features

client-sdk-fidoiot: Option to update manufacturer address through command line argument during DI added.

client-sdk-fidoiot: Compile time option to fetch serial number of the device from BIOS added.

pri-fidoiot: Support for FIDO Service Info Module (FSIM) added. This is only a preview release.

Changes to existing features

client-sdk-fidoiot, pri-fidoiot: Changes to Owner Exec, Fetch now fetches file and enables saving on owner.

Fixed Issues

pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.
pri-fidoiot: Given this is a preview release of FSIM, we recommend enabling either FSIM or FDO_SYS at any time.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

87b2f0aebfe9fd3745945b5dc1247a72301b03cda8acdf6569b7aaa7a6a7b1c8 - client-sdk-fidoiot-v1.1.7.tar.gz
231439d8a3fddf33dd2f88eb12cd68fb3df99eae28deb6d649bf5e7e803623bb - pri-fidoiot-v1.1.7.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.7.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.7

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.6

28 Jul 08:59
6929908
Compare
Choose a tag to compare

v1.1.6

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.
  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

New Features

client-sdk-fidoiot, pri-fidoiot: Support for http2 has been added.

pri-fidoiot: Support added for Java 17.

Changes to existing features

client-sdk-fidoiot: SNI is now enabled by default and can be disabled based on compile time option.

Fixed Issues

epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

3a9ab8550b0d633b39d1c1cc289c8f9cbab598bac2821b33219477bf0ca60537 - client-sdk-fidoiot-v1.1.6.tar.gz
7e9a697805ccf815b660799631bba93c4179242e52a9d02fe989ca07ea11ec3e - pri-fidoiot-v1.1.6.tar.gz
edb8d6db725fa84cc646099539b3016f51bb9ea4706493bf953cc6091d9a92d3 - epid-verification-service-v1.1.6.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.6.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.6

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.5.1

02 Jun 11:37
6929908
Compare
Choose a tag to compare

v1.1.5.1

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.

New Features

client-sdk-fidoiot, pri-fidoiot: Documentation updated to refer to FDO GitHub - https://github.com/fido-device-onboard.
client-sdk-fidoiot: Support to enable SNI based on compile time option has been added.
pri-fidoiot: Support to include serial number in voucher management APIs has been added.

Fixed Issues

pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

1f33e3b3332d24fd3b322ca2546f26ab871553526cb5a1f89acc00b0563f5055 - client-sdk-fidoiot-v1.1.5.1.tar.gz
fcf0af695462f56a19ea4b0468695c09ef256811fbb6144499b93db42d03afb8 - pri-fidoiot-v1.1.5.1.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.5.1.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.5

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.5

05 May 12:32
c50f6fb
Compare
Choose a tag to compare

v1.1.5

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.

New Features

client-sdk-fidoiot: client-sdk-fidoiot now supports OpenSSL 3.x.

Fixed Issues

pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause.
This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

c52e6f2964ec42a5fe306fa5f199f57dfdb956f9530f6b94ee3b79bcd067289a - client-sdk-fidoiot-v1.1.5.tar.gz
7c1c2a747a7b98096e0a29d7837f674f78b8244e75ecd18ccee1fdfa6a2350a6 - pri-fidoiot-v1.1.5.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.5.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://secure-device-onboard.github.io/docs-fidoiot/1.1.5

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.4.1

28 Mar 10:41
09f69ea
Compare
Choose a tag to compare

v1.1.4.1

New Features

client-sdk-fidoiot: Support for Intel® CSE implementation has been added in addition to the existing clients.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

8bed5511872c4f08f8e5e4d52d64c6b016927ec452ef6b6e9c3da69e69aa826b - client-sdk-fidoiot-v1.1.4.1.tar.gz
59b44861642df6f93c88582f014bf874424b1755bfde3f6508f61649632e00b3 - NOTICES-v1.1.4.1.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://secure-device-onboard.github.io/docs-fidoiot/1.1.4

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.4

09 Dec 10:52
9eeca15
Compare
Choose a tag to compare

v1.1.4

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes 4 components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.
  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

  • Test: test-fidoiot implements a test-suite that gets executed as part of continuous integration pipeline.

New Features

pri-fidoiot: Support for additional databases - MySQL, PostgreSQL - have been implemented.

Security Enhancement

pri-fidoiot: pri-fdo-rv doesn't allow replacing redirect entry with a different owner key.

Known Issues

pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.

pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.

pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

87af7e5d1f257b509981b08e5dd5ed670e3278e52d3060acc94036ae14ed1c9e - client-sdk-fidoiot-v1.1.4.tar.gz
a147d5ae8606ca894ec5bc10c141517066e82adf151f01dd68a7979e36d2ac31 - pri-fidoiot-v1.1.4.tar.gz
59b44861642df6f93c88582f014bf874424b1755bfde3f6508f61649632e00b3 - NOTICES-v1.1.4.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://secure-device-onboard.github.io/docs-fidoiot/1.1.4

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.3.1

17 Nov 07:34
479ef44
Compare
Choose a tag to compare

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

Fixed Issues

client-sdk-fidoiot : Curl installation instructions are updated in linux.md and tpm.md to fix the issue with accessing hosted RV servers (https connections).

epid-verification-service : The versions of third-party dependencies are updated.

Known Issues

pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.

pri-fidoiot: Starting a component with an invalid port number or with a port already in use gives an exception.
This is tracked through the GitHub issue pri-fidoiot#467.

pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.

pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

94952b31877343254febfb2920300437e61437ea933274254ed47587dabe2887  client-sdk-fidoiot-v1.1.3.1.tar.gz
b4f0f026bda5aad2a0238f410c389f2d5a8ad01df1a001006a7ce73c90a65e03  epid-verification-service-v1.1.3.1.tar.gz
d058130cf45ea84728b6a5a3824d1cccd53c0ab9f5247e982c40070b91a16177  NOTICES-v1.1.3.tar.gz
5cf498b0d5ef3972bd645ed5e984ced08268e6220d5eead6652cd038405f5503  third-party-components.tar.gz

Documentation

https://secure-device-onboard.github.io/docs-fidoiot/1.1.3

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.

v1.1.3

30 Sep 11:35
63315a5
Compare
Choose a tag to compare

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes 4 components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.
  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.
  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

  • Test: test-fidoiot implements a test-suite that gets executed as part of continuous integration pipeline.

New Features

client-sdk-fidoiot, pri-fidoiot: Support for full X5 Chain public key support has been implemented

client-sdk-fidoiot, pri-fidoiot: Support for Mutual TLS has been implemented.

pri-fidoiot: There is an option for the users to create an Alpine image for the docker in addition to Ubuntu image

Changes to existing features

client-sdk-fidoiot, pri-fidoiot: The key stores can now be stored in database and file system. APIs are documented in the readme.

client-sdk-fidoiot, pri-fidoiot: The default database is now configured to be MariaDB. Users can switch to H2 with the steps provided in the readme.

client-sdk-fidoiot, pri-fidoiot: The solution is secure by default and allows only CA signed certificates by default. Workaround to enable self signed certificate has been documented in readme.

Known Issues

pri-fidoiot: Read permission needs to be added to server-key.pem file while configuring database secrets.
This is tracked through the GitHub issue pri-fidoiot#551.

pri-fidoiot: Starting a component with an invalid port number or with a port already in use gives an exception.
This is tracked through the GitHub issue pri-fidoiot#467.

pri-fidoiot: RVDelaySec is currently not considered during TO0 and TO1.
This is tracked through the GitHub issue pri-fidoiot#468.

pri-fidoiot: Proxy settings for owner to be set explicitly when using a proxy.
This is tracked through the GitHub issue pri-fidoiot#476.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

06fa4c6b7aa74160d3c2fb70e7ea60cc28d9fff71b51a60dd91b6c1182599776 - client-sdk-fidoiot-v1.1.3.tar.gz
22473ea112225928541307ae9766fa739c9a39b70502bfea85f4f269ad134587 - pri-fidoiot-v1.1.3.tar.gz
d058130cf45ea84728b6a5a3824d1cccd53c0ab9f5247e982c40070b91a16177 - NOTICES-v1.1.3.tar.gz
5cf498b0d5ef3972bd645ed5e984ced08268e6220d5eead6652cd038405f5503 - third-party-components.tar.gz

Documentation

https://secure-device-onboard.github.io/docs-fidoiot/1.1.3

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.