Skip to content

Releases: DMTF/libspdm

2.3.1

10 Jan 18:16
Compare
Choose a tag to compare

Tag 2.3.1 fixes two implementation defects present in tag 2.3.0. #1608. If a Requester sets (CERT_CAP=0, PUB_KEY_ID_CAP=0, KEY_EX_CAP=1) in its GET_CAPABILITIES request, then a 2.3.0 Responder will incorrectly send an InvalidRequest error response to the Requester. Similarly, if a Requester sets (KEY_EX_CAP=0, PSK_CAP=0, MUT_AUTH_CAP=1), then a 2.3.0 Responder will incorrectly send an InvalidRequest error response to the Requester.

2.3.0

04 Jan 05:31
Compare
Choose a tag to compare

Tag 2.3.0 fixes an implementation defect present in tags 2.2.0 and previous. #1424. According to the SPDM specification, the session ID should be Concatenate (ReqSessionID, RspSessionID). In tags 2.2.0 and previous, libspdm calculated the session ID as Concatenate (RspSessionID, ReqSessionID). While tag 2.3.0 has corrected this defect it means that a tag 2.3.0 endpoint will not be able to establish a secure session with a tag 2.2.0 and previous endpoint.

In addition the MDEPKG_NDEBUG macro has been deprecated and replaced with the LIBSPDM_DEBUG_ENABLE macro.

This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.3.0 for further development.

2.2.0

04 Oct 00:39
Compare
Choose a tag to compare

Tag 2.2.0 fixes an implementation defect present in tags 2.1.0 and previous. #1136. According to the SPDM specification, the ResponderVerifyData / RequesterVerifyData during secure session establishment should be calculated based on HMAC(finished_key, hash(transcript)). In tags 2.1.0 and previous, the libspdm calculated ResponderVerifyData / RequesterVerifyData as HMAC(finished_key, transcript). While tag 2.2.0 has corrected this defect it means that a tag 2.2.0 endpoint will not be able to establish a secure session with a tag 2.1.0 and previous endpoint.

This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.2.0 for further development.

Major feature:

  1. Align to SPDM 1.2.1 spec https://www.dmtf.org/dsp/DSP0274

2.1.0

04 Jul 14:08
Compare
Choose a tag to compare

Tag 2.1.0 fixes an implementation defect present in tags 1.0.0 and 2.0.0. #987. According to the SPDM specification, during secure session establishment the Handshake-Secret is derived as HMAC-Hash(Salt_0, Secret) where Secret is either the DHE Secret or the Pre-shared Key. In tags 1.0.0 and 2.0.0 libspdm swapped these two parameters as HMAC-Hash(Secret, Salt_0). While tag 2.1.0 has corrected this defect it means that a tag 2.1.0 endpoint will not be able to establish a secure session with a tag 1.0.0 or 2.0.0 endpoint.

This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.1.0 for further development.

Major feature:

  1. Align to SPDM 1.2.1 spec https://www.dmtf.org/dsp/DSP0274
  2. Finish all SPDM 1.2.1 new features, including identity provisioning and chunking.