Skip to content

Latest commit

 

History

History
51 lines (35 loc) · 3.18 KB

release-notes-v1.1.9.md

File metadata and controls

51 lines (35 loc) · 3.18 KB
Raw

v1.1.9

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.

  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.

  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

New Features

client-sdk-fidoiot: Support for sending device MAC addresses as part of Device Mfg Info.

Fixed Issues

client-sdk-fidoiot, epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated, few defect fixes.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause. This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

69e2e5a589bb7892a11e88e28452e5f223b6ed013449dbb6e9f2f15486c40132 - client-sdk-fidoiot-v1.1.9.tar.gz
5a45136fa1a59ef4da2e2db3f748e4c6ac9591cfd7cf629b2a6ae202a05c5210 - epid-verification-service-v1.1.9.tar.gz
1c8bf63fc13f9780839b3a733f0b42b7befa78e285d97c10c1ad1c42be4e9346 - pri-fidoiot-v1.1.9.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.9.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.9

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.