CHANGELOG.md

Changelog

1.4.1 (2024-05-14)

Full Changelog

Fixed bugs:

• e2e_tests: Ignore different key test for RSA in pkcs11 #764 (tgonzalezorlandoarm)

Merged pull requests:

• Minor CI pipeline fixes #766 (gowthamsk-arm)

1.4.1-rc1 (2024-05-10)

Full Changelog

Merged pull requests:

• Revert "Test patch for cross-compiler docker image" #767 (gowthamsk-arm)
• Use v1.0.0 release of trusted services #765 (gowthamsk-arm)
• Adds support to build and test the cross-compiler docker images. #762 (gowthamsk-arm)
• Minor fixes #760 (gowthamsk-arm)

1.4.0 (2024-03-28)

Full Changelog

1.4.0-rc2 (2024-03-28)

Full Changelog

Merged pull requests:

• tpm/tests: Ignore test_root_key_check case #755 (tgonzalezorlandoarm)

1.4.0-rc1 (2024-03-18)

Full Changelog

Implemented enhancements:

• Set up build to track dependency mismatches #360

Fixed bugs:

• e2e_tests/stress.rs: Add a workaround for spurious test failures #739 (tgonzalezorlandoarm)

Security fixes:

• TPM Provider: Check root key's name #751 (tgonzalezorlandoarm)

Closed issues:

• parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name #742
• Migrate away from using users crate #678
• Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist #666
• Vulnerability in SQLite #648

Merged pull requests:

• dependency_cross_matcher: Fix typo (missing comma) #754 (tgonzalezorlandoarm)
• structopt: Migrate to clap #753 (tgonzalezorlandoarm)
• Cargo.toml: Bump tss-esapi to 7.5.0 #750 (tgonzalezorlandoarm)
• nightly/audit: Temporary ignore RUSTSEC-2024-0006 #748 (tgonzalezorlandoarm)
• Use infallible conversion into instead of try_into #747 (gowthamsk-arm)
• .cargo/config.toml: remove #746 (billatarm)
• Dependency mismatcher Comparison option #745 (tgonzalezorlandoarm)
• dependency_cross_matcher job: Move to PR runs and minor refactoring #743 (tgonzalezorlandoarm)
• Cargo.lock: Update rustix and bitflags dependencies to latest version #741 (tgonzalezorlandoarm)
• cargo-check: Run with both stable and MSRV Compilers #737 (tgonzalezorlandoarm)
• ci.yml: Trigger docker image creation only on workflow_dispatch #736 (tgonzalezorlandoarm)
• ci.yml,deny.toml: Setup license testing #735 (tgonzalezorlandoarm)
• Cargo.toml: Specify rust-version=1.66.0 #733 (tgonzalezorlandoarm)
• Track and test dependencies' 'next' branch #732 (tgonzalezorlandoarm)
• Add dependency cross matching #731 (tgonzalezorlandoarm)
• e2e_tests/mangled_ping: Fix socket path #728 (tgonzalezorlandoarm)
• ci/coverage: Fix cargo-tarpaulin to its locked version #727 (tgonzalezorlandoarm)

1.3.0 (2023-10-25)

Full Changelog

1.3.0-rc2 (2023-10-19)

Full Changelog

Merged pull requests:

• e2e_tests/wrong_permitted_algorithm: Change used sha for hw compatibi… #723 (tgonzalezorlandoarm)

1.3.0-rc1 (2023-10-17)

Full Changelog

Closed issues:

• Update cryptoki version to 0.4.1 #668
• ansi_term is unmaintained #629

Merged pull requests:

• Bump psa-crypto and interface crates #718 (gowthamsk-arm)
• Update toml, env_logger and bindgen crates #716 (tgonzalezorlandoarm)
• Bump various crates #714 (tgonzalezorlandoarm)
• Update picky crates #711 (tgonzalezorlandoarm)
• Cargo.toml: Remove uuid crate #710 (tgonzalezorlandoarm)
• Bump sd-notify to 0.4.1 #708 (tgonzalezorlandoarm)
• fuzz: Bump bumpalo to 3.14.0 #706 (tgonzalezorlandoarm)
• Update the tss-esapi crate to version 7.3.0 #702 (tgonzalezorlandoarm)
• Fix cargo-tarpaulin version to 0.26.1 #701 (tgonzalezorlandoarm)
• Add a Security Vulnerability Reporting section in the README #700 (tgonzalezorlandoarm)
• Update maintainers list #699 (tgonzalezorlandoarm)
• ci: Fix coverage builds, nightly issues #698 (tgonzalezorlandoarm)
• Update cryptoki and cryptoki-sys crates #697 (tgonzalezorlandoarm)
• Use arrays instead of vec! when possible #696 (tgonzalezorlandoarm)
• Make wrong_permitted_algorithm test use a non-deprecated Hash #695 (tgonzalezorlandoarm)
• Fix coverage builds for different providers #694 (tgonzalezorlandoarm)
• Update MSRV to Rust 1.66.0 #692 (tgonzalezorlandoarm)
• Bump ASN1 crates dependencies #691 (anta5010)
• Minor fixes to changelog #690 (gowthamsk-arm)
• Upgrade proc-macro2 package #688 (tgonzalezorlandoarm)
• Update CONTRIBUTORS.md #687 (Firstyear)
• Disable the optional features for the 'structopt' crate #686 (tgonzalezorlandoarm)
• Upgrade enumflags2 crate #685 (tgonzalezorlandoarm)
• Remove unmaintained 'users' crate #684 (tgonzalezorlandoarm)
• Fix compilation issues #682 (tgonzalezorlandoarm)
• Bump base64 dependency to 0.21.0 #679 (ema)

1.2.0 (2023-04-05)

Full Changelog

Closed issues:

• Parsec 1.1 fails to build with meta-security master branch #663

1.2.0-rc1 (2023-03-21)

Full Changelog

Closed issues:

• Parsec fails to compile for arm32 #647

Merged pull requests:

• Update crates #671 (gowthamsk-arm)
• Update rusqlite to fix security issue #662 (gowthamsk-arm)
• Update MSRV to 1.58 #661 (gowthamsk-arm)
• Remove dependency on crate "version" #657 (ema)
• Update TPM TCTI configuration docs #656 (paulhowardarm)
• Add support for a Quickstart Docker image #654 (dennisgove)
• Update to remove const_err #653 (marcsvll)
• Fix Clippy warnings for rustc version 1.65 #652 (mohamedasaker-arm)
• Bump sd-notify to 0.3.0 #651 (stevecapperarm)

1.1.0 (2022-09-29)

Full Changelog

1.1.0-rc2 (2022-09-13)

Full Changelog

Merged pull requests:

• Update change log for release candidate 1.1.0-rc2 #639 (mohamedasaker-arm)
• Release candidate prep 1.1.0 rc2 #638 (mohamedasaker-arm)

1.1.0-rc1 (2022-09-07)

Full Changelog

Implemented enhancements:

• Update PKCS11 dependency #604
• Allow binary PIN values for PKCS11 providers #603
• Implement get_random in the PKCS11 provider #594
• Implement get_random in TPM provider #593
• Create script for Quickstart package #534
• Recognise a PKCS11 hardware token with its serial number instead of slot number #481
• Implement configurable exclusion of deprecated primitives #119

Fixed bugs:

• RSA padding oracle issue #619
• PKCS11 provider serial_number configuration #615
• Export of public EC key fails with PKCS#11 back-end on NXP Layerscape #599
• Wrong permissions on KIM files #598
• Send back PsaErrorInvalidPadding when needed #620 (ionut-arm)

Security fixes:

• Update Spiffe dependency #602

Closed issues:

• Add key persistence tests for TS provider #568
• Create stability tests for SQLite KIM #519
• Change default socket path for E2E tests #463

Merged pull requests:

• Update Change log and service version no. #637 (mohamedasaker-arm)
• Update maintainers list #636 (mohamedasaker-arm)
• Fix spiffy issue #635 (gowthamsk-arm)
• Add sqlite stability tests #634 (gowthamsk-arm)
• Feature/119 implement configurable exclusion of deprecated primitives #633 (mohamedasaker-arm)
• Feature/603 allow binary pin values for pkcs11 #631 (mohamedasaker-arm)
• Add Eq to the types with PartialEq #630 (ionut-arm)
• build and share docker image across jobs #628 (mohamedasaker-arm)
• Kim file permissions #627 (gowthamsk-arm)
• Testing/568 add key persistence tests for ts provider #625 (mohamedasaker-arm)
• Fix problem reported by Clippy (rust 1.62) #624 (mohamedasaker-arm)
• Validate hash sign operation before execution. #623 (gowthamsk-arm)
• Fix Hugues' email address #622 (hug-dev)
• Compare trimmed token serial numbers (PKCS11 provider) #621 (mohamedasaker-arm)
• Added some context to error messages. #618 (fredrik-jansson-se)
• Implement get_random in the PKCS11 provider #613 (gowthamsk-arm)
• Add a script to create the Quickstart package #612 (mohamedasaker-arm)
• Change default socket path for E2E tests #610 (gowthamsk-arm)
• Fix cargo-audit TOML config #609 (ionut-arm)
• Recognise a PKCS11 hardware token with its serial number instead of slot number #608 (mohamedasaker-arm)
• Bump version of cryptoki #605 (ionut-arm)
• Fix issue #599 - allow EC_POINT public key data to omit ASN.1 structure wrapping #600 (paulhowardarm)
• Add generate random support into TPM provider #595 (anta5010)

1.0.0 (2022-03-30)

Full Changelog

Security fixes:

• RUSTSEC-2022-0013 #587

Merged pull requests:

• Update Changelog file to include 1.0.0 #596 (ionut-arm)

1.0.0-rc3 (2022-03-21)

Full Changelog

Fixed bugs:

• Cargo audit failing #544

Merged pull requests:

• Prepare for Release Candidate 3 #592 (ionut-arm)

1.0.0-rc2 (2022-03-02)

Full Changelog

Implemented enhancements:

• Updates for Release Candidate 2 #584 (ionut-arm)

Closed issues:

• Update the Parsec Book to include SQLiteKeyInfoManager #532

1.0.0-rc1 (2022-02-16)

Full Changelog

Implemented enhancements:

• parsec.service hardening #569
• Implement CryptoCanDo for the Trusted Services and Mbed Crypto providers #543
• Implement CryptoCanDo for TPM provider #542
• Refactor the PKCS11 CryptoCanDo implementation #541
• Implement ActivateCredential key attestation #539
• Making the SQLiteKIM the default #531
• Create a new KeyInfoManager based on SQLite #424
• Add support for other cryptographic services in the Trusted Service provider #341
• Add system emulation tests for TS provider #304
• Add support for importing ECC public key in the TPM provider #170
• Add asymmetric encryption to TS provider #580 (ionut-arm)
• Change dependency revision for TSS crate #579 (ionut-arm)
• Add systemd hardening options #572 (ionut-arm)
• Make SQLite KIM default #570 (ionut-arm)
• Feature sqlite kim #566 (ionut-arm)
• Add error handling to ActivateCredential #562 (ionut-arm)
• Add ActivateCredential tests and fixes #560 (ionut-arm)
• Activate credential #558 (ionut-arm)
• Expand support for importing public keys for TPM #540 (ionut-arm)
• [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)

Fixed bugs:

• Disable test from old E2E suite #574
• Errors in validating ECC key bits in PKCS11 provider #545
• UnixDomainSocket connection returns error from server #528
• Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
• TPM Provider does not persist generated keys accross reboot #504
• Issue with PKCS11 backend with Nitrokey HSM #380
• Skip flakey test #577 (ionut-arm)
• Fix codecov build #573 (ionut-arm)
• Fix handling of bits in PKCS11 imports #546 (ionut-arm)

Closed issues:

• Align with stable TSS crate #567
• Stable 0.8.1 release depends on tss-esapi alpha #527
• Create E2E tests for SQLite KIM #516
• Switch to dynamic key names in tests #453
• Add capabilities discovery operations #426

Merged pull requests:

• Update Changelog and service version no. #583 (ionut-arm)
• Bump bindgen dependency version #582 (ionut-arm)
• Bump SQLite dependency #581 (ionut-arm)
• [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
• Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
• Add error message if submodule not initialised #564 (ionut-arm)
• [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
• Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
• Re-factor e2e tests to use common key attributes functions #556 (anta5010)
• Merge can-do-crypto branch into main #555 (anta5010)
• Merge main branch changes into can-do crypto #554 (anta5010)
• Jn9e9/issue453 #552 (jn9e9)
• e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
• Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
• Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
• Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
• Merge origin/main into can-do-crypto #547 (anta5010)
• Increase the MSRV to 1.53.0 #535 (hug-dev)
• Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
• Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)

0.8.1 (2021-09-17)

Full Changelog

Implemented enhancements:

• Add Unit Tests to SQLiteKeyInfoManager #510
• Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
• Update provider to use new version fo TransKeyCtx #515 (ionut-arm)

Fixed bugs:

• Decide and implement a new serialization format for KeyInfo #509
• Memory leak in TS context #501
• Disable broken workflows #525 (ionut-arm)

Closed issues:

• Make a Parsec Ockam Vault: investigation issue #506
• Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
• Add config tests for multiple provider names #496

Merged pull requests:

• Bump version for release #526 (ionut-arm)
• Use as_ptr for TS service name #524 (anta5010)
• Lower Hash algorithm #499 (hug-dev)
• Update CHANGELOG #498 (hug-dev)

0.8.0 (2021-08-05)

Full Changelog

Implemented enhancements:

• Add Provider Name Config Option #487
• Add PKCS11 provider export-attributes switch #462
• Refactor the all-providers workflow #455
• Adjust linking for TS provider #427
• Allow providers to be optional or conditional depending on platform feature availability #401
• Add cross-compilation tests for the TPM provider #382
• Make the slot_number field optional #375
• Design workflow and associated APIs for key attestation in Parsec #370
• Implement error handling for TS caller errors #332
• Add release-build tests to CI #163
• Add the possibility of changing key store location of Mbed Crypto provider #53
• Add TS provider to all-providers #482 (ionut-arm)
• Adjust TS provider linking #474 (ionut-arm)
• Add cargo-audit config #473 (ionut-arm)
• Update dependency on Trusted Services #467 (ionut-arm)
• Add import and export support for ECC for PKCS11 #452 (ionut-arm)
• Add a SPIFFE based authenticator #449 (hug-dev)
• Add ECC functionality to PKCS11 prov #446 (ionut-arm)
• Enable coverage testing for TS provider #434 (ionut-arm)
• Create SECURITY.md #414 (ionut-arm)
• Add TPM provider cross-compilation #403 (ionut-arm)
• Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)

Fixed bugs:

• If a response is an error, log it before sending it #417
• Fix ingress/egress trace logs #416
• Make KeyInfo a private type #400
• Unable to build 0.7.2 for i686 (and ppc64/ppc64le) #379
• Unable to build 0.7.2 for armv7 #378
• Document clearly how Mbed Crypto provider keys are stored #373
• Fix code coverage reports #495 (ionut-arm)
• Modify the git submodule command #490 (hug-dev)
• Do not login if no user pin was entered #489 (hug-dev)
• Fix git command and use Arm machine #485 (ionut-arm)
• Fix CircleCI config format. #484 (ionut-arm)
• Add submodule initialisation to CircleCI #483 (ionut-arm)
• Make cross-compilation run on release version #454 (ionut-arm)
• Bump picky crate versions #443 (ionut-arm)
• Remove the TS coverage computation #436 (ionut-arm)
• Fix nightly workflow #435 (ionut-arm)
• Fix ServiceConfig import in fuzz_service #433 (ionut-arm)
• Fix Contributing link #415 (ionut-arm)
• Fix ownership of ibmtpm folder #385 (ionut-arm)
• Fix CircleCI config #384 (ionut-arm)
• Implement a few fixes #374 (ionut-arm)

Security fixes:

• Resurrect fuzz testing framework #422
• Set up Github security policy #398
• Investigate testing of Cryptoauthlib provider #315
• rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
• rust-spiffe: provide a local validation of the JWT-SVID #289
• Revive the fuzz testing framework #429 (ionut-arm)

Closed issues:

• NXP PKCS#11 Parsec integration testing. #456
• Split the build tests on a different CI workflow #447
• Support ECC signing keys in the PKCS#11 provider #421
• Stability: Communication with backends #412
• Adopt CII Best Practices Badge from the LF #411
• Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
• Stability: Build toolchain #408
• Stability: Environment variables #405
• Stability: Dynamic libraries dependencies #397
• Stability: systemd communication #396
• Stability: OS signals #395
• Stability: Persistent state (key mappings) #394
• Stability: Configuration file #393
• Stability: CLI invocation #392
• Stability: Authenticators #391
• Stability: Communication with clients (listeners endpoint) #390
• Stability: Communication with clients (operation contracts) #389
• Stability: Communication with clients (requests/responses) #388
• Setup environment stability test #386
• Archive for 0.7.0 contains .cargo/ folder #377
• Add more Fixed Common header tests #351

Merged pull requests:

• Switch imports to crates.io #497 (ionut-arm)
• Add the Class attribute when generating key pairs #493 (hug-dev)
• Add tests checking absence of slot_number #492 (hug-dev)
• Split out the all-providers cargo check into its own CI job. #472 (MattDavis00)
• Make KeyInfo a private type Fix #400 #469 (Kakemone)
• Added psa_export_key & psa_generate_random to TS Provider #468 (MattDavis00)
• Add a allow_export flag to restrict exporting #466 (hug-dev)
• Added missing ingress logs to providers. #416 #465 (MattDavis00)
• #417 Added additional error logging to front end handle_request function. #464 (MattDavis00)
• Update the TS revision used #461 (ionut-arm)
• Add a way to allow providers to fail instantiation #451 (hug-dev)
• Randomly select the shutdown signal #448 (hug-dev)
• Execute e2e tests with an old version of client #445 (hug-dev)
• [CryptoAuthLib provider] Implementation of export key operation #442 (TomaszPawelecGL)
• Move CLI log into its own file #441 (hug-dev)
• Add various tests checking contracts #440 (hug-dev)
• Isolate config logic and add e2e config tests #432 (hug-dev)
• [CryptoAuthLib provider] Implementation of psa_export_public_key operation. #431 (RobertDrazkowskiGL)
• [CryptoAuthLib provider] Support for psa_sign_message and psa_verify_message. #425 (RobertDrazkowskiGL)
• Replace persistence tests with key mappings tests #420 (hug-dev)
• Add Codecov and cii badges #419 (ionut-arm)
• CryptoAuthentication Library provider - support for PsaSignHash and PsaVerifyHash operations. #413 (RobertDrazkowskiGL)
• Make it compile for Rust 1.43.1 #410 (hug-dev)
• PSA_IMPORT_KEY introduction. #399 (RobertDrazkowskiGL)
• CryptoAuthLib provider testability improvements: #387 (RobertDrazkowskiGL)
• Add CircleCI config #383 (ionut-arm)
• Import newest versions of cryptoki and tss-esapi #381 (hug-dev)
• Update CHANGELOG #367 (hug-dev)
• Implementation of PsaGenerateKey and PsaDestroyKey operations #354 (RobertDrazkowskiGL)

0.7.2 (2021-03-25)

Full Changelog

Merged pull requests:

• Prepare for 0.7.2 #368 (hug-dev)

0.7.1 (2021-03-25)

Full Changelog

Closed issues:

• Investigate calculating test coverage #342

Merged pull requests:

• Update tss-esapi dependency #366 (hug-dev)
• Add quickstart reference #365 (hug-dev)
• Update CHANGELOG #364 (hug-dev)

0.7.0 (2021-03-23)

Full Changelog

Implemented enhancements:

• Stop the duplication of key ID conversions #331
• Add key management operations support #267
• Enable TS context initialization #266
• Create the Trusted Service bindings #265
• Improve import key support in TPM provider #251
• Investigate and define the work required for SPIFFE-based client identity management #232
• Make existence of key info consistent with existence of key #149
• Extract Docker images into own repo #124
• Add version structures for better handling of versions #43
• Rearrange modules for a more structured feel #32
• Change CI to use published Docker image #357 (ionut-arm)
• Improve coverage script #348 (ionut-arm)
• Add coverage checking in nightly run #347 (ionut-arm)
• Trusted service provider #330 (ionut-arm)
• Add admin configuration #316 (ionut-arm)
• Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
• Improve error handling in builder #298 (ionut-arm)
• Add Changelog file (#278) #280 (ionut-arm)
• Remove PKCS11 single thread lock (#264) #277 (ionut-arm)

Fixed bugs:

• Move the spiffe related features in its own branch #327
• Resolve default implementation issue for list_keys in Provide #312
• ListKeys should only be callable on the Core provider #310
• Service should not start if some components weren't built successfully #297
• No changelog for the releases #278
• PKCS11 multi-threading #264
• Fix ImportKey to allow importing private key #126
• PKCS 11 provider stress tests sometimes fail #116
• Update docker registry for TPM2 images #356 (ionut-arm)
• Run the Codecov script outside container #353 (ionut-arm)
• Fix code coverage docker command #352 (ionut-arm)
• Remove the spiffe-based authenticator #328 (hug-dev)

Security fixes:

• Add a test for admin operations #309
• Implement admin logic #308
• Investigate admin role and admin-level operations #292
• Add failure-counter mechanism #176

Closed issues:

• Implement ListClients and DeleteClient in the core provider #311
• Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
• Investigate cross-compilation to Linux on Aarch64 #300
• Investigate adding ListClients and DeleteClient operations #293
• Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
• Add a SPIFFE JWT-SVID multitenancy test #269
• Add a JWT-SVID Authenticator #268
• Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247

Merged pull requests:

• Prepare for 0.7.0 release #363 (hug-dev)
• Update to latest TSS crate version #362 (ionut-arm)
• Enable code coverage for PKCS11, disable for TS #361 (ionut-arm)
• Add Edmund to Contributors list #359 (ionut-arm)
• Add myself to contributors, re. rust-cryptoki #358 (nickray)
• Add some cross-compilation tests #355 (hug-dev)
• Upgrade all dependencies to their latest version #345 (hug-dev)
• Create KeyInfoManagerClient #343 (ionut-arm)
• Parsec PsaHashCompare operation implementation for CryptoAuthLib provider #333 (akazimierskigl)
• Parsec PsaGenerateRandom operation implementation for CryptoAuthLib provider #325 (RobertDrazkowskiGL)
• Add consistency in key creation/deletion #324 (hug-dev)
• Make the authenticators their own features #322 (puiterwijk)
• Improve mandatory Provide methods #321 (ionut-arm)
• Use newest TSS crate #320 (ionut-arm)
• Add ListClients and DeleteClient operations #318 (hug-dev)
• Added support for PsaHashCompute to CryptoAuthLib provider. #317 (RobertDrazkowskiGL)
• Update service dependencies #314 (ionut-arm)
• Add a test checking ListKeys provider target #313 (hug-dev)
• Fix lint warning #306 (ionut-arm)
• Return correct key provider id in list_keys #302 (jn9e9)
• Use the new abstraction on the PKCS11 interface #301 (hug-dev)
• Switch Travis CI build to cron-only #299 (ionut-arm)
• Add a JWT-SVID authenticator #283 (hug-dev)
• Add Patrick to the contributor list #281 (puiterwijk)

0.6.0 (2020-10-20)

Full Changelog

Implemented enhancements:

• Add multitenancy testing infrastructure 👩‍🔧 #245
• Delete "Provider" suffix out of provider names #134
• Improve error message on service startup #260 (ionut-arm)

Fixed bugs:

• Limit key imports in TPM provider #255 (ionut-arm)

Closed issues:

• Add authenticator configuration #270
• Assemble a PR checklist for code reviewers #258
• Adjust README disclaimer wording #231

Merged pull requests:

• Add multitenancy tests #276 (hug-dev)
• Put config tests in all_providers #275 (hug-dev)
• Remove warnings about parsec and parsec-clients #274 (hug-dev)
• Add authentication configuration #273 (hug-dev)
• Refactored provider names #263 (Swell61)
• Add list keys #261 (joechrisellis)

0.5.0 (2020-10-02)

Full Changelog

Implemented enhancements:

• Creating a build-time configuration file #256
• Merge integration tests in E2E test suite #228
• Support dbus-parsec with NXP secureobj library #223
• Verify which dependencies can/should be updated #158
• Add more test cases #151
• Test Parsec installation as a systemd daemon #49
• Improve E2E testing #253 (ionut-arm)
• Upgrade and clean dependencies #246 (hug-dev)
• Import private key support for TPM provider #243 (joechrisellis)
• Allow software operations in PKCS11 provider #241 (ionut-arm)
• Improve key metadata handling #240 (ionut-arm)
• Add support for psa_generate_random operation for MbedCrypto provider #208 (joechrisellis)

Fixed bugs:

• Memory cleanup of sensitive data #122
• Fix attribute conversion in PKCS11 provider #254 (ionut-arm)
• Fix sign attribute in PKCS11 #252 (ionut-arm)
• Add Uuid from the interface directly #242 (hug-dev)
• Add buffer_size_limit config option for providers #233 (joechrisellis)

Security fixes:

• Add memory zeroizing when needed #239 (hug-dev)

Closed issues:

• Implement ListAuthenticators #216
• Better error message when file not found #210
• Implement an authenticator based on the domain socket peer credential #200

Merged pull requests:

• Add Unix peer credentials authenticator #214 (joechrisellis)

0.4.0 (2020-09-01)

Full Changelog

Implemented enhancements:

• Implement asymmetric encrypt/decrypt in the PKCS#11 provider #224
• Implement asymmetric encrypting/decrypting for TPM provider #217
• Create a Parsec Command Line Interface Client #202
• Create a mechanism for the listener to pass system-level data to the authenticator #199
• Auto create /tmp/parsec with correct permissions on startup #195
• Update attribute handling in PKCS11 provider #227 (ionut-arm)
• Add asymmetric encryption support to TPM provider #225 (ionut-arm)
• Improve error message when config file is not found #211 (ionut-arm)

Fixed bugs:

• Update Adam Parco email address in maintainers files #230
• Update email address #235 (hug-dev)
• Bugfix: fix off-by-one error (default body length limit) #234 (joechrisellis)
• Fix clippy errors #206 (ionut-arm)

Closed issues:

• Add an option to pass a path to a build-config file #174

Merged pull requests:

• Add missing_docs lint and missing docs #236 (hug-dev)
• Added aead encrypt decrypt, hash compute compare and raw key agreement #229 (sbailey-arm)
• Fix test and enable Travis #221 (ionut-arm)
• Add implementation for ListAuthenticators operation #220 (joechrisellis)
• Add check to prevent the Parsec service from running as root #219 (joechrisellis)
• CoreProvider can query the other providers #215 (ionut-arm)
• Rebase on new tss_esapi #213 (puiterwijk)
• Add Asymmetric Encrypt/Decrypt to mbed supported opcodes #212 (puiterwijk)
• Create Connection abstraction for client communication #207 (joechrisellis)
• Added user and group checks. Auto create socket dir. #205 (sbailey-arm)

0.3.0 (2020-07-16)

Full Changelog

Implemented enhancements:

• Create a Mbed Crypto Secure Element driver calling Parsec Rust Client #128
• Threat model of Parsec #89
• Precise the providers' order importance #203 (hug-dev)
• Keep list_providers order; add cfg tests #197 (ionut-arm)

Merged pull requests:

• Added PsaExportKey #204 (sbailey-arm)
• Migrated uses of a locally declared RsaPublic key to new create picky-asn1-x509 #201 (sbailey-arm)
• Added asymmetric encrypt and decrypt to Mbed Crypto provider #196 (sbailey-arm)

0.2.0 (2020-07-02)

Full Changelog

Implemented enhancements:

• Further simplification of the Mbed Crypto provider #187
• Create config "service" #181
• Use psa-crypto crate in the Mbed Crypto Provider #177
• Have a real integration test example #161
• Separate provider code into modules #133
• Update with PSA Crypto 1.0.0 interface #129
• Create a Parsec Rust Client #127
• TPM provider should establish most-secure primitives for itself #121
• Improvements for tests/ci.sh #108
• Split out ProviderConfig #103
• Check clippy::pedantic lints #100
• Modify configuration to have provider-specific table #70
• Create a PSA Crypto Rust wrapper crate #62
• Add TCTI configuration functionality #194 (ionut-arm)
• Updated Parsec to use latest parsec-interface (0.17.0) #193 (sbailey-arm)
• Modify socket path #192 (hug-dev)
• Changed local_ids for Atomic counter and removed key_slot_semaphore. #191 (sbailey-arm)
• Removed duplicate macros for sign output size and export pub key size. #190 (sbailey-arm)
• Move Parsec over to psa-crypto #186 (sbailey-arm)
• Add trace logging on Provide method calls #185 (hug-dev)
• Update fuzz target #184 (ionut-arm)
• Improve log security #183 (ionut-arm)
• Add GlobalConfig #182 (ionut-arm)
• Add community repo link #180 (hug-dev)
• Use crates.io version of the interface #179 (hug-dev)
• Import the newest Parsec interface #178 (hug-dev)
• Improve handling of list_opcodes #173 (ionut-arm)
• Add default context cipher selection for TPM provider #172 (ionut-arm)
• Add ECDSA support for TPM provider #171 (ionut-arm)
• Improve TPM provider #168 (ionut-arm)
• Improve digest handling in PKCS11 provider #167 (ionut-arm)
• Split provider code into separate modules #165 (ionut-arm)
• Add integration test #162 (ionut-arm)
• Move end to end tests to own crate #160 (ionut-arm)
• Move test client back in the Parsec repo #150 (ionut-arm)
• Remove stress test on Travis CI for PKCS 11 #145 (hug-dev)
• Add tests checking if key attributes are respected #135 (hug-dev)
• Add Contributors file #132 (ionut-arm)
• Update with the latest interface #131 (hug-dev)
• Improvments for tests/ci.sh #117 (anta5010)

Fixed bugs:

• Integration tests should be isolated in their crate #155
• Key should be deleted from the KIM if generation/import fails #139
• Fixed PKCS#11 provieder failing failed_created_key_should_be_removed test #188 (sbailey-arm)
• Replace calendar iframe with URL #166 (ionut-arm)
• Fix clippy errors #157 (ionut-arm)
• Allow PKCS11 tests to fail on Travis #154 (ionut-arm)

Security fixes:

• Implement mitigation 4 of TM #189 (hug-dev)

Closed issues:

• Allow TPM owner hierarchy auth to be non-string #120

Merged pull requests:

• Update partners file with web links and logos #159 (paulhowardarm)
• Update CONTRIBUTORS.md #143 (Superhepper)
• A few more README updates including fixes for broken doc links #141 (paulhowardarm)
• README enhancements, PARTNERS file and new visual style for the project #136 (paulhowardarm)

0.1.2 (2020-02-27)

Full Changelog

Implemented enhancements:

• Modify configuration to have provider-specific structs #114 (anta5010)
• Improve code documentation #113 (ionut-arm)

0.1.1 (2020-02-21)

Full Changelog

Implemented enhancements:

• Check for more Clippy lints #91
• Switch to picky-asn1-der for ASN.1-DER parsing #84
• Have all the providers dynamically loadable #79
• Pass config.toml path as command-line argument #78
• Convert Key ID Manager String errors to ResponseStatus in the KIM itself #77
• Test strategy for our providers on the CI #69
• Add a PKCS 11 Provider #66
• Add a Trusted Platform Module Provider #65
• Assess the contents of unsafe blocks in Mbed Provider #63
• Drop key handles implicitly #57
• Add cross-compilation to Aarch64 logic and investigate CI testing #55
• Add fuzz tests #54
• Update to Mbed Crypto v2.0.0 #38
• Improve logging message structure #36
• Make PARSEC a daemon #35
• Improve builders for service components #31
• Implement a thread pool #29
• Use dynamically-sized buffers in Mbed provider #27
• Implement configuration #26
• Prepare for upload to crates io #109 (ionut-arm)
• Add cargo clippy lints to the CI #99 (hug-dev)
• Implement fuzz testing #97 (ionut-arm)
• Add body length limit #96 (ionut-arm)
• Ensure the safety of unsafe blocks #93 (hug-dev)
• Replace most panicking behaviours with Result #92 (hug-dev)
• Modify Travis CI test script #90 (hug-dev)
• Deny compilation for some rustc lints #87 (hug-dev)
• Switch crates to use picky-asn1-der #85 (hug-dev)
• Modify tests directory structure #83 (hug-dev)
• Allow optional providers and key ID managers #82 (hug-dev)
• Add a command-line option to select configuration #81 (hug-dev)
• Add a TPM provider #75 (hug-dev)
• Add SIGHUP signal handling to reload configuration #71 (hug-dev)
• Add a PKCS 11 provider #68 (hug-dev)
• Simplify the README.md file #67 (hug-dev)
• Add cross compilation tests to the CI with cross #64 (hug-dev)
• Add cross-compilation logic for Mbed Crypto #61 (hug-dev)
• Make key slot release implicit #59 (ionut-arm)
• Make buffers dynamically sized in Mbed Provider #58 (ionut-arm)
• Upgrade dependency on Mbed Crypto to v2.0.0 #56 (ionut-arm)
• Add provider configuration #51 (ionut-arm)
• Improve handling of systemd activation #50 (lnicola)
• Replace println calls with log crate #48 (hug-dev)
• Add a compile-time option for a daemon binary #46 (hug-dev)
• Add service builder and configuration #44 (ionut-arm)
• Add stress test to the suite #42 (ionut-arm)
• Add SIGTERM handler for a graceful shutdown #39 (hug-dev)
• Add a GitHub Actions workflow for CI #34 (hug-dev)
• Add and improve component builders #33 (ionut-arm)

Fixed bugs:

• TPM provider must support Owner Hierarchy authentication #102
• Audit our use of panicking #74
• Audit our use of unsafe code #73
• Review response codes returned by providers #72
• Warning during compilation about llvm-config --prefix #60
• Key handle manipulation is not thread-safe in Mbed Crypto #40
• Add owner hierarchy auth param #104 (ionut-arm)
• Add a verify-only integration test #88 (hug-dev)
• Add sign to ASN.1 Integer types for RSAPublicKey #86 (hug-dev)
• Make sure Cargo features work #76 (hug-dev)
• Make UnixStreams block on read/write #47 (ionut-arm)
• Keep key ID within bounds for Mbed provider #45 (ionut-arm)
• Add locking around key handle operations in mbed provider #41 (ionut-arm)
• Use new version of test client to fix CI #37 (hug-dev)

Closed issues:

• Deny compilation if there is any warning #80

Merged pull requests:

• Remove references to key lifetime #52 (hug-dev)
• Use thread pool instead of new thread per request #30 (ionut-arm)
• Add the integration tests in the parsec repository #28 (hug-dev)

0.1.0 (2019-10-09)

Full Changelog

Closed issues:

• Building/running PARSEC #4
• Add Jenkins, CI/CD, unit testing, and code coverage #3
• Implement stubbed server API for client testing #2
• Create PASL golang client API #1

Merged pull requests:

• Add versioning requirement on the interface #25 (hug-dev)
• Fixed Ionut's email address #24 (robdimond-arm)
• Remove Go client from PARSEC service #22 (hug-dev)
• Add documentation updates #21 (hug-dev)
• Docs: Update documentation to reflect the source code state #20 (ionut-arm)
• Add support for ListProviders operation update #19 (hug-dev)
• Add a MAINTAINERS file #18 (hug-dev)
• Merge Integration into Master #17 (ionut-arm)
• Update conn and key interfaces for initialization #16 (jamesonhyde-docker)
• Update response to handle a mis-aligned header and response test #15 (jamesonhyde-docker)
• Various improvements of the service internals #14 (hug-dev)
• Go client implementations #12 (jamesonhyde-docker)
• update logo from plasma to parsec #11 (adamparco)
• Initial go client interface for signing keys #10 (jamesonhyde-docker)
• Provide minimal software solution based on Mbed Crypto #9 (hug-dev)
• Add API landing page #8 (ionut-arm)
• Adding doc fragments. #7 (ionut-arm)
• update name from PASL to PLASMA #6 (adamparco)

* This Changelog was automatically generated by github_changelog_generator