1.0.0
Main features delivered
- Added a new Key Info Manager - the SQLite KIM - which will serve as the default KIM from now on.
- Added and implemented a new operation,
CanDoCrypto, which allows clients to verify the capabilities of the various backends before performing any actual cryptographic operations. - Added and implemented two operations,
AttestKeyandPrepareKeyAttestation, in the TPM provider, backed byTPM2_ActivateCredential. - Added support for importing ECC public keys in the TPM provider.
For a more comprehensive view of the release see the changelog below.
Changelog
1.0.0 (2022-03-21)
1.0.0-rc3 (2022-03-21)
Fixed bugs:
- Cargo audit failing #544
Merged pull requests:
1.0.0-rc2 (2022-03-02)
Implemented enhancements:
Closed issues:
- Update the Parsec Book to include SQLiteKeyInfoManager #532
1.0.0-rc1 (2022-02-16)
Implemented enhancements:
parsec.servicehardening #569- Implement
CryptoCanDofor the Trusted Services and Mbed Crypto providers #543 - Implement CryptoCanDo for TPM provider #542
- Refactor the PKCS11 CryptoCanDo implementation #541
- Implement ActivateCredential key attestation #539
- Making the SQLiteKIM the default #531
- Create a new KeyInfoManager based on SQLite #424
- Add support for other cryptographic services in the Trusted Service provider #341
- Add system emulation tests for TS provider #304
- Add support for importing ECC public key in the TPM provider #170
- Add asymmetric encryption to TS provider #580 (ionut-arm)
- Change dependency revision for TSS crate #579 (ionut-arm)
- Add systemd hardening options #572 (ionut-arm)
- Make SQLite KIM default #570 (ionut-arm)
- Feature sqlite kim #566 (ionut-arm)
- Add error handling to ActivateCredential #562 (ionut-arm)
- Add ActivateCredential tests and fixes #560 (ionut-arm)
- Activate credential #558 (ionut-arm)
- Expand support for importing public keys for TPM #540 (ionut-arm)
- [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)
Fixed bugs:
- Disable test from old E2E suite #574
- Errors in validating ECC key bits in PKCS11 provider #545
- UnixDomainSocket connection returns error from server #528
- Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
- TPM Provider does not persist generated keys accross reboot #504
- Issue with PKCS11 backend with Nitrokey HSM #380
- Skip flakey test #577 (ionut-arm)
- Fix codecov build #573 (ionut-arm)
- Fix handling of
bitsin PKCS11 imports #546 (ionut-arm)
Closed issues:
- Align with stable TSS crate #567
- Stable 0.8.1 release depends on tss-esapi alpha #527
- Create E2E tests for SQLite KIM #516
- Switch to dynamic key names in tests #453
- Add capabilities discovery operations #426
Merged pull requests:
- Update Changelog and service version no. #583 (ionut-arm)
- Bump bindgen dependency version #582 (ionut-arm)
- Bump SQLite dependency #581 (ionut-arm)
- [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
- Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
- Add error message if submodule not initialised #564 (ionut-arm)
- [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
- Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
- Re-factor e2e tests to use common key attributes functions #556 (anta5010)
- Merge can-do-crypto branch into main #555 (anta5010)
- Merge main branch changes into can-do crypto #554 (anta5010)
- Jn9e9/issue453 #552 (jn9e9)
- e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
- Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
- Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
- Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
- Merge origin/main into can-do-crypto #547 (anta5010)
- Increase the MSRV to 1.53.0 #535 (hug-dev)
- Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
- Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)