Releases: MicrochipTech/cryptoauthlib
Releases · MicrochipTech/cryptoauthlib
Release v3.7.6 (20240926)
New Features
- Add support for RSA key types, certificates and algorithms
- Add SHA384 and SHA512 support for host side software crypto (lib/crypto/) operations
- Modified WPC application to support ECC204 and TA010 devices
Fixes
- Shared library build (libcryptoauth.so) sets ABI version number (libcryptoauth.so.x)
- Fix atcacert_read_cert() API failure while using ECC204 and TA010 devices
- Resolve kit protocol compilation failure for PIC18 device (XC8) builds
- Fix PKCS#11 layer C_DestroyObject failure when deleting a key pair
- Fix PKCS#11 layer C_DeriveKey API usage sequence
Release v3.5.1 (20230320)
New Features
- Add support for SHA104, SHA105, & SHA106 devices
Release v3.5.0 (20230314)
New Features
- Add support for ECC204, TA010 and framework for future devices of the same generation
Release v3.4.1 (20221114)
Hotfixes
- Update test_atcacert_build_start_signer to verify the structure fields since the structure is no longer packed
- Update Python ctypes_to_bytes routine to work for all python versions
- Add pkcs11 signature rule verification function to check mechanism and input parameters per section 5.2 of the specification
- Fix compilation error when PKCS11 monotonic counter is enabled
- Fix compilation error when no HALs are specified during configuration
Release v3.4.0 (20221104)
New Features
- Added framework for fine grain library configuration including configuration check
header files<api>_config_check.h
see lib/atca_config_check.h for the top level
header - Added WPC application files with reference message generation/parsing and library
configuration file to optimize to the smallest footprint - TA100 read/write apis updated to segment incoming buffer into partial read/write
operations if it exceeds the maximum supported packet size - Added PKCS7 padding algorithm for use with AES-CBC
- Expose PKCS11 configuration options to CMake configuration
Fixes
- Improve ECC204 apis to match cryptoauthlib apis and abstract the device differences
- Support for strict C99 compliance and clean up warnings from -Wall and pedantic levels
- Add rsa2048 key size support to talib_rsaenc command
- Fix for ta100 devupdate to set the proper auth session exit flags so the library will
properly reconnect when the ta100 reboots - Fix ECC608 verify failure when ReqRandom bit is set for a stored public key by using
tempkey in this situation rather than the message digest buffer. See the ECC608
datasheet for more details of this special condition - Improve ta100 auth session handling of long messages by reporting the message size
exceeds the wrapped message limit earlier in the packet creation process - Fixes and Improvements for PKCS11 interface based on compliance testing
- Add missing include for atca_device.h by @mickeprag in #264
- Fix no member named 'address' errors when using ATCA_ENABLE_DEPRECATED by @rashedtalukder in #273
- Fix undefined type error and ESP32 RTOS timer function call by @rashedtalukder in #277
- Fix model number for ATECC608 by @AndreyLalaev in #282
- Don't attempt to pack structures with pointers - should fix aarch64 issues by @bryan-hunt in #283
- Add fixes to cryptoauthlib to support Java PKCS11 requirements, to support Greengrass V2 by @JamieHunter in #290
- CKA_ID support to enable Java / Greengrass V2 by @JamieHunter in #291
New Contributors
- @mickeprag made their first contribution in #264
- @rashedtalukder made their first contribution in #273
- @AndreyLalaev made their first contribution in #282
- @JamieHunter made their first contribution in #290
Full Changelog: v3.3.3...v3.4.0
Release v3.3.3 (20211006)
New features
- Added Zephyr support and zephyr driver api HALs for I2C & SPI. Adding cryptoauthlib to a zephyr project CMakeLists.txt is now possible - use subdirectory(cryptoauthlib/lib). One can also include the repo in the west manifest
- Added SWI device support for linux platforms using hardware uarts
- Added contributing guidelines and PR process documentation
- SWI bitbang driver for harmony - supports Atmel SWI and ECC204 protocols
Fixes
- Wolfssl build errors when generating MHC projects containing wolfssl
- Removed zero length aad limitation in CCM implementation
- Changed ECC204 zone identifiers and slot types to align with cryptoauthlib standard forms
- XC8/XC16 build warnings
- Several pkcs11 fixes - token_init deadlock, null num_in for private key writes, secret key length parsing, object_create failing, etc
- Null pointer access violation in atcab_release when using a native hal and double free in openssl implementation of atcac_pk_verify
Release v3.3.2 (20210620)
New features
- All memory allocations now go through the hal_ platform definitions. In harmony these are the OSAL_ fuctions which work with any of the supported RTOS'.
- Enable multiple intefaces in the Harmony 3 test project through the user interface.
- Kit protocol over UART has been added. This can be paired with the included hosting application
- Simple kit protocol hosting application has been added. It is available in app/kit_host and through Harmony 3. This is a preview release of the application.
Fixes
- Enable ATSHA206A api in the python extension
- Made the linux i2c configuration default to 100khz so they should work again without having to make modifications to the baud rate field.
- Fix pkcs11 static configuration option when used with the trust platform configuration file
- Fix PKCS11 ec_point return value when pValue is null (libp11 checks the size in this manner before requesting
Release v3.3.1 (20210423)
New features
- Core support for kit protocol over serial ports (i.e. tty/COM ports)
- PKCS11 support for TA100 auth sessions
Fixes
- Fix mbedtls integration combinations that would produce unexpected behavior. All variations of sign/verify _ALT now work as expected given a configured key (for example if a key is configured as a stored public and VERIFY_ALT is enabled then library will perform a stored key verify rather than an external public key load and verify)
- Added mbedtls integration tests to confirm that integrations are working on a target platform as expected. These generally bootstrap using NIST example vectors before using the validated functions/algorithms to test the remaining integration.
- Clean up warnings when run with very strict settings (-Wall -Wextra -pedantic -Werror)
- Fix false wake errors when baud rate switching for I2C
- Fix for I2C errors that could be created on the bus when there are devices on the bus that support general calls - this fix should also correct linux zero length kernel messages when enabled.
- Fix ESP32 HAL to work with the updated HAL structure.
Release v3.3.0 (20210126)
API Updates
- HAL API has been signifiantly revised to improve portability. This update simplies the requirements of each HAL to only the physical transport mechanisms. Please see the hal porting and library upgrading notes
- Internal structures have been updated by removing obsolete elements and combining mandatory fields. This saves significant memory in both program and data regions.
- Inclusive language update: all remaining legacy language elements have been updated. Where this impacts the external API there is the option ATCA_ENABLE_DEPRECATED to use the previous names.
New features
- ECC204 support has been added with one wire HAL support.
- ECC204, SHA206, one wire and single wire (uart and gpio) hals have been added to the Harmony 3 configurator.
- PKCS11 support for symmetric (AES & HMAC) keys has been added and enabled for additional mechanisms such as HMAC signing and AES encrypt/decrypt
Fixes
- pkcs11_token_init had several conditions that were corrected
- fix to detect differences in i2c clock rate specifications between flexcom and sercom configurators in Harmony 3 and the emit the correct value for the cryptoauthlib interface config structure.
Release v3.2.5 (20201130)
New features
- Converted from travis-ci and appveyor to github actions workflows
- AES CCM & CBC-MAC upper layer API using AES-ECB primitives
- Additional software crypto library interface functions for asymmetric cryptography (sign, verify, ecdh, etc) for mbedtls integrations
- XC8 & XC16 compiler support
Fixes
- PKCS11 Pin length check rejecting valid pin lengths
- aes-gcm nist vector test failed with mbedtls crypto backend due to aad update not being executed when aad length was zero