-
Marc A. Valle authored
Added * The member implementation now provides an internal interface that gives guidance on partitioning member operations between highly sensitive ones that use f value of the private key, and less sensitive operations that can be performed in a host environment. * New member API `EpidAssemblePrivKey` was added to help assemble and validate the new member private key that is created when a member either joins a group (using the join protocol) or switches to a new group (as the result of a performance rekey). Changed * Updated Intel(R) IPP Cryptography library to version 2017 (Update 2). * The mechanism to set the signature based revocation list (SigRL) used for signing was changed. `EpidMemberSetSigRl` must be used to set the SigRL. The SigRL is no longer a parameter to `EpidSign`. This better models typical use case where a device stores a revocation list and updates it independently of signing operations. Removed * Removed `EpidWritePreSigs` API. Serialization of pre-computed signatures is a risky capability to provide, and simply expanding the internal pool via `EpidAddPreSigs` still provides most of the optimization benefits. * The `EpidIsPrivKeyInGroup` API is no longer exposed to clients. It is no longer needed because the new member API `EpidAssemblePrivKey` performs this check. Fixed * When building with commercial version of the Intel(R) IPP Cryptography library, optimized functions are now properly invoked, making signing and verification operations ~2 times faster * SHA-512/256 hash algorithm is now supported. * README for compressed data now correctly documents the number of entries in revocation lists. * The `verifysig` sample now reports a more clear error message for mismatched SigRLs. * The default scons build will now build for a 32-bit target on a 32-bit platform. Known Issues * Scons build will not work natively on ARM. You can still build using `make` or cross compile.
7d315f0c