Changelog

Version 1.12.0

Date:

June 12, 2026

  • @kamil-kielbasa : Memory backend:

    • The library can now obtain its internal working buffers from one of three interchangeable memory backends, chosen at build time. The default keeps the previous behaviour, so existing integrations are unaffected:

      • Stack (default) — buffers live on the call stack, exactly as before.

      • Heap — buffers come from the system heap (calloc on hosted builds, k_calloc on Zephyr), removing the deep per-handshake stack usage on constrained targets.

      • Custom — the application provides its own edhoc_mem_alloc / edhoc_mem_free at link time, e.g. to serve buffers from a dedicated pool.

      The backend is chosen by the integer CONFIG_LIBEDHOC_MEM_BACKEND: on Zephyr it is derived from the LIBEDHOC_MEM_BACKEND_CHOICE Kconfig choice, and on every other build it is passed directly (-DCONFIG_LIBEDHOC_MEM_BACKEND=N, where N is 0 stack, 1 heap or 2 custom; default 0).

    • Out-of-memory conditions are now reported to the caller. The new EDHOC_ERROR_NOT_ENOUGH_MEMORY (-106) error code is returned by the affected message and exporter APIs when a non-stack backend cannot satisfy an allocation, and the failing call leaves no buffers leaked behind.

    • Working buffers handed to the library are guaranteed to be zero-initialised on every backend.

    • The behaviour is verified for all three backends, including a tracking, fault-injecting custom allocator that exercises every out-of-memory path, and the heap backend additionally under ASan/LSan.

  • @kamil-kielbasa : Fix:

    • Message 1 processing now rejects an empty peer cipher suite list (SUITES_I). The responder previously read the list’s last entry at count - 1; for an empty list that index underflowed to SIZE_MAX and caused an out-of-bounds read. An empty list is now reported as a wrong selected cipher suite error.

Version 1.11.2

Date:

June 11, 2026

  • @kamil-kielbasa : Docs:

    • Removed the stale hardcoded “Release” admonition from doc/index.rst; the project version is maintained in doc/conf.py.

Version 1.11.1

Date:

June 11, 2026

  • @kamil-kielbasa : CI:

    • Added a reusable .github/actions/retry composite action and wrapped the submodule checkout. Transient GitHub network failures are retried instead of failing the job.

  • @kamil-kielbasa : Fix:

    • Replaced the dynamic shields.io release badge in README.md with a GitHub Pages-hosted endpoint badge, so it no longer renders “Unable to select next GitHub token from pool” when the shields.io GitHub token pool is exhausted.

Version 1.11.0

Date:

June 10, 2026

  • @kamil-kielbasa : Helpers / cipher suites:

    • Added the cipher suite 24 reference helper: A256GCM, SHA-384, P-384 (secp384r1) and ES384.

    • Added tests/unit/test_cipher_suite_24.c covering the full crypto surface.

    • Documented cipher suite 24.

    • Moved the suite length macros (EDHOC_CIPHER_SUITE_<n>_*, suites 0/2/24) out of the public headers into each edhoc_cipher_suite_<n>.c, where they seed the descriptor.

    • Renamed test_crypto_suite{0,2}.c to test_cipher_suite_{0,2}.c (groups cipher_suite_{0,2}) and sized their buffers from the _get_suite() descriptors.

    • Extended tests/unit/test_cipher_suite_{0,2}.c with signature/AEAD tamper-detection and an additional HKDF-SHA-256 KAT.

    • Removed the per-test descriptive comments across tests/unit/test_cipher_suite_{0,2,24}.c in favour of self-descriptive test names.

    • Hardened tests/unit/test_cipher_suite_{0,2,24}.c.

  • @kamil-kielbasa : Tests / integration:

    • Added tests/integration/test_handshake_x5chain_sig_suite24.c — a full EDHOC handshake over an X.509 certificate chain using cipher suite 24 (P-384 / ES384), with the P-384 test vector tests/include/test_vector_x5chain_sign_keys_suite_24.h.

    • Raised CONFIG_LIBEDHOC_MAX_LEN_OF_ECC_KEY and CONFIG_LIBEDHOC_MAX_LEN_OF_MAC to 48 in scripts/ci.sh so the shared test build accommodates P-384 keys and SHA-384 transcript hashes.

    • Relaxed the X25519 make_key_pair buffer-size check in edhoc_cipher_suite_0.c to accept context buffers larger than the key (only undersized buffers are rejected).

    • Updated the coverage mock crypto in tests/unit/test_coverage.c to report fixed cipher suite 2 key/hash lengths (32) regardless of the buffer size.

    • Fixed the message 2 ECDH-secret known-answer checks in tests/integration/test_rfc9529_chapter{2,3}.c to compare dh_secret_len bytes instead of the whole buffer (sizeof).

  • @kamil-kielbasa : Fix:

    • Helpers: corrected the cipher suite 2 descriptor MAC length (Static DH) from 32 to 8 bytes to match RFC 9528 (edhoc_cipher_suite_2_get_suite).

Version 1.10.3

Date:

June 5, 2026

  • @orbisai0security : Security:

    • Helpers: fixed buffer overread in P-256 public-key decompression — an oversized compressed peer key could write past the decompressed-key buffer; keys longer than the curve field size are now rejected before copying (V-001).

  • @kamil-kielbasa : Coverage / docs:

    • Helpers: documented the P-256 decompression bounds check as defensive and unreachable through the public API.

    • Tests: clarified that key_agreement_peer_key_oversized_33 exercises the key_agreement length guard rather than the mbedtls_ecp_decompress bounds check.

Version 1.10.2

Date:

June 2, 2026

  • @kamil-kielbasa : CI / contributing:

    • Added the CI / Format GitHub Actions workflow that runs clang-format --dry-run --Werror over every tracked *.c / *.h file (excluding the zcbor-generated backends/cbor/ tree).

    • Reformatted to satisfy the new check.

    • Documented in CONTRIBUTING.md that every PR must update CHANGELOG.rst with a matching entry.

Version 1.10.1

Date:

June 2, 2026

  • @kamil-kielbasa : Library:

    • Added edhoc_cipher_suite_0_get_suite() and edhoc_cipher_suite_2_get_suite() returning a pointer to a pre-initialized canonical struct edhoc_cipher_suite (mirrors the existing _get_keys / _get_crypto getters).

    • Migrated all callers to the new getters and removed the now-redundant tests/common/{include,src}/test_cipher_suites.{h,c} (and their CMake entries).

  • @kamil-kielbasa : Doxygen cleanup:

    • Removed stale \version and \date tags from all library, helper, port, sample and test file headers.

Version 1.10.0

Date:

June 2, 2026

  • @kamil-kielbasa : Documentation overhaul:

    • Restructured Sphinx docs into getting_started/, guide/, api/, reference/ and project/ sections; switched to the Furo theme.

    • Split the monolithic API page into per-topic pages (context, messages, credentials, crypto, exporters, EAD, helpers, internals).

    • Added a glossary, an error-code reference, a values reference and a links page.

    • Refreshed README.md (two-row badge layout) and rewrote CONTRIBUTING.md with the unified scripts/ci.sh workflow and shallow west update.

Version 1.9.0

Date:

June 1, 2026

  • @kamil-kielbasa : Library / helpers (log footprint):

    • Shortened EDHOC_LOG_* message literals across library/*.c and helpers/src/*.c to reduce flash footprint when logging is enabled.

Version 1.8.0

Date:

June 1, 2026

  • @kamil-kielbasa : Library (edhoc_macros.h):

    • Added EDHOC_ASSERT_FREE_STACK_SIZE: on Zephyr expands to a runtime free-stack check via k_thread_stack_space_get + __ASSERT, otherwise no-op.

    • VLA_ALLOC now calls EDHOC_ASSERT_FREE_STACK_SIZE on Linux/Zephyr.

    • Reorganized Doxygen for platform-dependent macros using the __DOXYGEN__ stub pattern.

Version 1.7.1

Date:

March 23, 2026

  • @kamil-kielbasa : Testing:

    • Cipher suite 2 (tests/unit/test_crypto_suite2.c): invalid key material for import; HKDF extract/expand when psa_key_derivation_set_capacity rejects oversized output; AEAD encrypt/decrypt with zero-length plaintext (null message buffers where PSA allows for AES-CCM).

  • @kamil-kielbasa : Documentation:

    • Updated Sphinx conf.py version to v1.7.1.

Version 1.7.0

Date:

March 20, 2026

  • @kamil-kielbasa : Cipher suite 2 reference helper (helpers/src/edhoc_cipher_suite_2.c):

    • ES256: edhoc_cipher_suite_2_hash then psa_sign_hash / psa_verify_hash (was psa_sign_message / psa_verify_message); equivalent to PSA_ALG_ECDSA(PSA_ALG_SHA_256) on the full message.

    • Hash-then-sign lowers I/O for large sign payloads (e.g. secure elements). Callback input is unchanged: full byte string from the library.

  • @kamil-kielbasa : Documentation:

    • Cipher suite 2 Doxygen and api.rst note.

    • Updated Sphinx conf.py version to v1.7.0.

  • @kamil-kielbasa : Library (volatile key handles):

    • memset local key_id after destroy_key in edhoc_message_{1,2,3}.c (aligned with the rest of the library).

Version 1.6.0

Date:

March 1, 2026

  • @kamil-kielbasa : API symbol corrections (deprecated aliases preserved):

    • Renamed EDHOC_SM_RECEVIED_M4EDHOC_SM_RECEIVED_M4.

    • Renamed EDHOC_EXTRACT_PRK_INFO_LABEL_KEYSTERAM_2EDHOC_EXTRACT_PRK_INFO_LABEL_KEYSTREAM_2.

  • @kamil-kielbasa : API documentation audit:

    • Standardized all \retval descriptions in edhoc.h for clarity and consistency.

    • Added missing \retval #EDHOC_ERROR_BUFFER_TOO_SMALL for edhoc_message_1_compose and edhoc_export_oscore_session.

    • Corrected \param directions and descriptions in edhoc_crypto.h (e.g. public_key_length, hash output direction).

    • Fixed process function message_N_length descriptions (length of message, not buffer size).

    • Fixed grammar and CBOR capitalization in edhoc_credentials.h and edhoc_context.h.

    • Added comprehensive Doxygen for all macros in edhoc_macros.h (\defgroup edhoc-macros).

    • Added \author to edhoc_test_hooks.h.

    • Fixed duplicate \defgroup in edhoc_helpers.h.

    • Unified \return / \retval style across all callback typedefs and internal functions.

    • Corrected \ref\see for external URLs in Doxygen.

    • Fixed #error message for CONFIG_LIBEDHOC_MAX_LEN_OF_MAC.

  • @kamil-kielbasa : Spelling corrections across all headers:

    • psuedorandompseudorandom, crypographicscryptographic.

    • Diffie-HelmannDiffie-Hellman, registeryregistry.

    • conatinscontains, definitionesdefinitions.

    • identiferidentifier, bufforbuffer.

    • Renamed psuedo_random_keypseudo_random_key in cipher suite header declarations.

    • Corrected \file tag in Zephyr log backend to match actual filename.

  • @kamil-kielbasa : Added Doxygen for internal modules:

    • Added \defgroup edhoc-log with documentation for all log levels and log macros.

    • Added Doxygen for Linux log backend: edhoc_log_get_timestamp, edhoc_log_hexdump_impl, ANSI color defines.

    • Added Doxygen for Zephyr log backend macro wrappers.

    • Added \defgroup edhoc-test-hooks with \brief for all 40+ test hook functions.

  • @kamil-kielbasa : Documentation improvements:

    • Added “Lifecycle” section to api.rst with context initialization call order and code examples.

    • Added “Error handling” section to api.rst with error code retrieval guidance.

    • Fixed edhoc_set_conn_id()edhoc_set_connection_id() in API flow diagram.

    • Fixed cipher suite 0 algorithm description: ECDSA → EdDSA in testing.rst.

    • Fixed west build path for benchmark sample in configuration.rst.

    • Updated Sphinx conf.py version to v1.6.0.

Version 1.5.0

Date:

February 27, 2026

  • @kamil-kielbasa : CI/CD pipeline overhaul:

    • Consolidated all CI logic into a single scripts/ci.sh entry point for local reproducibility.

    • Added code coverage measurement with gcov/lcov and Codecov integration.

    • Added ASan + UBSan sanitizer CI job (GCC).

    • Added LibFuzzer-based fuzz testing CI job (Clang).

    • Added weekly scheduled CI workflow with extended fuzzing.

  • @kamil-kielbasa : Compiler flags hardening:

    • Unified GCC and Clang warning flags (~25 shared flags).

    • Added GCC-specific warnings: -Wformat-overflow=2, -Wformat-truncation=2, -Wswitch-enum, -Wjump-misses-init, -Wduplicated-cond, -Wduplicated-branches, -Wlogical-op.

    • Added -fstack-protector-strong for non-sanitizer builds.

  • @kamil-kielbasa : Resolved all 538 clang-tidy warnings across the library.

  • @kamil-kielbasa : Zephyr benchmark application (sample/benchmark/):

    • Full EDHOC handshake benchmark for native_sim (cipher suite 2, P-256/ES256, X.509 chain).

    • Per-phase handshake timing with JSON output.

    • Library flash footprint analysis (~20 KiB).

    • NSI two-stage linking solved by providing mbedTLS archives to RUNNER_LINK_LIBRARIES.

    • CI uploads flash_report.txt and benchmark_timing.json as artifacts.

  • @kamil-kielbasa : Test improvements:

    • Restructured tests into 3-tier architecture: unit, integration, and fuzz.

    • Extracted shared test helpers (test_cipher_suites, test_credentials, test_ead).

    • Added negative test scenarios for edhoc_export_oscore_session and edhoc_message_1_compose/process.

    • Added mock-based failure injection tests for internal error paths.

    • Consolidated fuzz targets from fuzz/ into tests/fuzz/.

    • Achieved 92.8% line coverage and 100% function coverage (635+ tests).

  • @kamil-kielbasa : Bug fixes:

    • Fixed out-of-bounds write in test_internals.c (alg_bstr array).

    • Fixed GCC extension usage (non-constant struct initializers) for Clang compatibility.

    • Fixed -Wformat-truncation in log backend timestamp formatting.

    • Fixed -gdwarf-4 for Valgrind compatibility with GCC 11+.

Version 1.4.2

Date:

January 30, 2026

Version 1.4.1

Date:

January 30, 2026

  • @tgujda : Added log module declaration for EDHOC helpers.

Version 1.4.0

Date:

January 30, 2026

  • @tgujda : Added cmake install target for library installation.

  • @magdalena-szumny : Added extra logs for EDHOC helpers module

Version 1.3.0

Date:

January 27, 2026

  • @magdalena-szumny :

    • Added EDHOC helpers module with connection ID and buffer utilities.

    • Renamed cipher suite files and functions to edhoc_cipher_suite_X for consistency.

    • Refactored cipher suite implementations to expose struct edhoc_crypto and struct edhoc_keys.

  • @kamil-kielbasa : Fixed Zephyr logging backend.

Version 1.2.0

Date:

January 27, 2026

  • @kamil-kielbasa : Added new logging module:

    • Logging module has the same signatures to the Zephyr logging module.

    • Added logging backends for Linux and Zephyr platforms.

    • Added EDHOC_LOG_ERR for the entire library.

    • Replaced context.logger with new logging hexdump functionlike-macros.

Version 1.1.1

Date:

January 8, 2026

Version 1.1.0

Date:

January 7, 2026

Version 1.0.0

Date:

April 14, 2025

Version 0.6.0

Date:

October 31, 2024

Version 0.5.0

Date:

August 5, 2024

  • @kamil-kielbasa : Changed build system from Make to CMake.

  • @kamil-kielbasa : Added building library code with clang compiler.

  • @kamil-kielbasa : Added new module test for scenario:

    • X.509 chain, cipher suite 2, static DH keys, single EAD token.

  • @marek-serafin : Fixed setting correct cases for static dh methods.

  • @kamil-kielbasa : Refactored message_2 and message_3 for common code:

    • CBOR utilities.

    • MAC 2/3 context generation.

    • MAC 2/3 computation.

    • Signature_or_MAC 2/3 computation and verification.

  • @kamil-kielbasa : Fixed setting correct cases for methods for message_3.

  • @kamil-kielbasa : Added any cborised authentication credentials option.

  • @kamil-kielbasa : Fixed end entity certificate according to COSE X.509 chain.

  • @kamil-kielbasa : Fixed wrong MAC length for static DH in test suite.

  • @kamil-kielbasa : Refactored EDHOC API and EDHOC interfaces.

  • @kamil-kielbasa : Added library zephyrization.

  • @kamil-kielbasa : Refactored function edhoc_set_methods for more flexibility.

  • @kamil-kielbasa : Added support for MSVC _alloca (lack of VLA).

Version 0.4.0

Date:

July 5, 2024

  • @marek-serafin : Fixed typo in setting peer_cid while processing message 1.

  • @marek-serafin : Fixed zcbor. Added a method to avoid generation of duplicated types.

  • @kamil-kielbasa : Added EDHOC error message compose & process with unit tests.

  • @kamil-kielbasa : Added EDHOC PRK exporter with unit test.

  • @kamil-kielbasa : Fixed CDDL models for COSE X.509 chain and COSE X.509 hash.

    • added unit test with two certificates for X.509 chain for cipher suite 0.

    • added unit test with one certificate for X.509 chain for cipher suite 2 with multiple EAD tokens.

    • added unit test for X.509 hash for cipher suite 2 with single EAD token.

  • @kamil-kielbasa : Changed licence from GPL-2.0 to MIT.

  • @kamil-kielbasa : Forbidden passing empty byte string for connection identifier.

  • @kamil-kielbasa : Added EDHOC error getters for: error code and cipher suites.

    • added test scenarios according to RFC 9528: 6.3.2. Examples. Covered figures 8 and 9.

Version 0.3.0

Date:

May 20, 2024

  • @kamil-kielbasa : Full support of RFC 9528 (EDHOC).

    • add missing static diffie hellman keys authentication method.

  • @kamil-kielbasa : Implementation is verified with RFC 9529 (EDHOC traces) for chapter 3.

  • @kamil-kielbasa : Create documentation for sphinx including:

    • move README to sphinx.

    • move ChangeLog to sphinx.

    • create API documentation and fix header files.

  • @kamil-kielbasa : Add documentation deployment step for github actions.

Version 0.2.0

Date:

April 28, 2024

  • @kamil-kielbasa : Update implementation for RFC 9528 (EDHOC) including:

    • external authorization data aligned with RFC.

    • add message 4 compose & process.

    • keyUpdate method.

  • @kamil-kielbasa : Separate interface for EAD.

  • @kamil-kielbasa : Implementation is verified with RFC 9529 (EDHOC traces) for chapter 2.

    • extended unit tests with EAD single/multiple tokens.

    • used RFC 9529 certificates to verify authentication identified by ‘x5chain’.

  • @kamil-kielbasa : Example implementation of cipher suite 2.

  • @kamil-kielbasa : EDHOC context structure with private members.

  • @kamil-kielbasa : Fix connection identifiers encoding option.

  • @kamil-kielbasa : Fix authentication credentials encoding option.

  • @kamil-kielbasa : Fix CBOR memory requirements for integer, byte string and text string.

  • @kamil-kielbasa : Add build, run unit tests and verification by cppcheck and valgrind for github actions.

  • @kamil-kielbasa : Update README.

Version 0.1.0

Date:

April 01, 2024

  • @kamil-kielbasa : EDHOC implementation for version 16:

    • limited support for authentication methods only via signatures.

    • support EAD encoded as byte string.

    • support authentication identified by: ‘kid’, ‘x5chain’, ‘x5t’.

  • @kamil-kielbasa : CoAP friendly EDHOC API.

  • @kamil-kielbasa : Separate interfaces for:

    • cryptographics keys.

    • cryptographics operations.

    • authentication credentials.

  • @kamil-kielbasa : Authentication credentials fetch callback accept only private key identifier.

  • @kamil-kielbasa : Example implementation of cipher suite 0 with PSA.

  • @kamil-kielbasa : Unit test with test vectors for authentication with signatures, X.509 identified by ‘kid’, ‘x5chain’ and ‘x5t’.