v1.3.0

What's Changed

• Add COSE_Key support by @setrofim in #146
• Retract v1.2.0 release by @setrofim in #153
• fix: typo UnataggedSign1Message -> UntaggedSign1Message by @spennymac in #148
• Key fixes by @setrofim in #154
• Remove unnecessary cbor marshal methods by @qmuntal in #155
• Centralize key validations and check more invalid cases by @qmuntal in #156
• Convert key tests to tabular tests by @qmuntal in #157
• Refactor Key to support custom parameters by @qmuntal in #158
• Validate key sizes and allow signing with empty public keys by @qmuntal in #159
• Deprecate AlgorithmEd25519 and provide AlgorithmEdDSA instead by @qmuntal in #160
• Make built-in types implement the new DigestSigner and DigestVerify interface by @qmuntal in #144
• Consolidate API names related to Key by @qmuntal in #161
• Rewrite interface{} to any by @qmuntal in #162
• Add support for RS256, RS384, RS512 constants by @hslatman in #163
• Improve Algorithm.String() message for unknown values by @qmuntal in #167
• Upgrade fxamacker/cbor to v2.5.0 by @qmuntal in #166
• Add support to COSE_Countersignature (RFC 9338) by @balena in #172
• Validate content type header parameter by @qmuntal in #176
• chore: fix duplicated import in the example by @shizhMSFT in #179
• docs: fix the syntax of CODEOWNERS by @shizhMSFT in #180
• Update Readme for the latest release by @SteveLasker in #182
• refactor!: deprecate crypto elliptic by @shizhMSFT in #187
• Document the Release Process by @SteveLasker in #188
• Add support for CWT Claims & Type in Protected Headers by @SteveLasker in #189
• docs: update docs for release process by @shizhMSFT in #193

New Contributors

• @spennymac made their first contribution in #148
• @hslatman made their first contribution in #163
• @balena made their first contribution in #172

Full Changelog: v1.1.0...v1.3.0

v1.3.0-rc.1

Cutting rc.1 based on no changes to alpha.1
https://github.com/veraison/go-cose/blob/main/release-management.md#pre-release

Full Changelog: v1.3.0-alpha.1...v1.3.0-rc.1

v1.3.0-alpha.1

What's Changed

• Add COSE_Key support by @setrofim in #146
• Retract v1.2.0 release by @setrofim in #153
• fix: typo UnataggedSign1Message -> UntaggedSign1Message by @spennymac in #148
• Key fixes by @setrofim in #154
• Remove unnecessary cbor marshal methods by @qmuntal in #155
• Centralize key validations and check more invalid cases by @qmuntal in #156
• Convert key tests to tabular tests by @qmuntal in #157
• Refactor Key to support custom parameters by @qmuntal in #158
• Validate key sizes and allow signing with empty public keys by @qmuntal in #159
• Deprecate AlgorithmEd25519 and provide AlgorithmEdDSA instead by @qmuntal in #160
• Make built-in types implement the new DigestSigner and DigestVerify interface by @qmuntal in #144
• Consolidate API names related to Key by @qmuntal in #161
• Rewrite interface{} to any by @qmuntal in #162
• Add support for RS256, RS384, RS512 constants by @hslatman in #163
• Improve Algorithm.String() message for unknown values by @qmuntal in #167
• Upgrade fxamacker/cbor to v2.5.0 by @qmuntal in #166
• Add support to COSE_Countersignature (RFC 9338) by @balena in #172
• Validate content type header parameter by @qmuntal in #176
• chore: fix duplicated import in the example by @shizhMSFT in #179
• docs: fix the syntax of CODEOWNERS by @shizhMSFT in #180
• Update Readme for latest release by @SteveLasker in #182
• refactor!: deprecate crypto elliptic by @shizhMSFT in #187
• Document the Release Process by @SteveLasker in #188
• Add support for CWT Claims & Type in Protected Headers by @SteveLasker in #189
• docs: update docs for release process by @shizhMSFT in #193

New Contributors

• @spennymac made their first contribution in #148
• @hslatman made their first contribution in #163
• @balena made their first contribution in #172

Full Changelog: v1.1.0...v1.3.0-alpha.1

v1.1.0

Add untagged COSE_Sign1 message support.

What's Changed

• Correct return error code when key cannot be decoded by @yogeshbdeshpande in #130
• Add precise error conditions to verifier unit tests by @yogeshbdeshpande in #136
• fix: deterministic encode cose_sign / cose_sign1 sig_signature by @shizhMSFT in #135
• Add untagged COSE_Sign1 support by @setrofim in #143

New Contributors

• @lachie83 made their first contribution in #129
• @toddysm made their first contribution in #132

Full Changelog: v1.0.0...v1.1.0

1.0.0

📘Documentation
go-cose readme

What's Changed

• Sign1 by @thomas-fossati in #1
• Sign1 bells and whistles by @thomas-fossati in #2
• add license check by @thomas-fossati in #3
• Add gluecose conformance tests by @qmuntal in #19
• Fix CI and add first fuzz test by @qmuntal in #20
• Add PS256 conformance tests by @qmuntal in #21
• Remote Signing by @shizhMSFT in #51
• add Sign1Message benchmarks by @qmuntal in #54
• Mark COSE Sign as experimental by @thomas-fossati in #58
• Remove design.md as remote signing has merged by @SteveLasker in #57
• Documentation cleanup by @qmuntal in #61
• Guard against race conditions in RegisterAlgorithm by @qmuntal in #62
• Use curve modulo instead of field size to calculate ECDSA signature length by @qmuntal in #60
• Fix integer range rendering by @qmuntal in #63
• Update readme with release info by @SteveLasker in #65
• Remove cose.Verify1 and update cose.Sign1 by @qmuntal in #67
• Ensure IV and Partial IV are not both present by @qmuntal in #66
• Correct README to reflect the defork from mozilla/go-cose by @yogeshbdeshpande in #69
• Create Reports folder under go-cose by @yogeshbdeshpande in #70
• Upload NCC Public Report by @kevin-henry-ncc in #77
• Fail-safe check on RSA by @shizhMSFT in #72
• Ensure critical header contains valid labels by @qmuntal in #78
• Error if unprotected header contains crit param by @qmuntal in #81
• Add baseline security process by @SteveLasker in #4
• Improve Sign1Message.Sign1() docs by @qmuntal in #85
• upload coverage to codecov.io by @qmuntal in #84
• Validate generic headers by @qmuntal in #87
• Increase headers type validation coverage by @qmuntal in #89
• Update README.md and SECURITY.md from alpha.1 to rc.1 by @FeynmanZhou in #91
• Enhance reports folder README.md and also top level README.md by @yogeshbdeshpande in #93
• Upload the Trail of Bits public security assessment report by @ESultanik in #94
• Add Trail of Bits Security Review by @SteveLasker in #96
• refactor!: accept message content instead of digest for sign and verify by @shizhMSFT in #101
• chore: upgrade ci to go 1.18 and go 1.19 by @shizhMSFT in #103
• Reduce FuzzSign1 memory consumption by @qmuntal in #104
• Update cose-spec from draft to RFC 9052 by @fxamacker in #109
• Improve README.md examples by @qmuntal in #111
• Use cbor.SortCoreDeterministic for CBOR encoding by @qmuntal in #113
• fix example in the readme by @thomas-fossati in #114
• Check EC point is on curve at Verifier instantiation by @thomas-fossati in #116

New Contributors

• @thomas-fossati made their first contribution in #1
• @SteveLasker made their first contribution in #57
• @yogeshbdeshpande made their first contribution in #69
• @kevin-henry-ncc made their first contribution in #77
• @FeynmanZhou made their first contribution in #91
• @ESultanik made their first contribution in #94
• @fxamacker made their first contribution in #109

Full Changelog: v1...v1.0.0

v1.0.0-rc.2

📘Documentation

go-cose readme

What's Changed

• Update README.md and SECURITY.md from alpha.1 to rc.1 by @FeynmanZhou in #91
• Enhance reports folder README.md and also top level README.md by @yogeshbdeshpande in #93
• Upload the Trail of Bits public security assessment report by @ESultanik in #94
• Add Trail of Bits Security Review by @SteveLasker in #96
• refactor!: accept message content instead of digest for sign and verify by @shizhMSFT in #101
• chore: upgrade ci to go 1.18 and go 1.19 by @shizhMSFT in #103
• Reduce FuzzSign1 memory consumption by @qmuntal in #104
• Update cose-spec from draft to RFC 9052 by @fxamacker in #109
• Improve README.md examples by @qmuntal in #111
• Use cbor.SortCoreDeterministic for CBOR encoding by @qmuntal in #113

New Contributors

• @FeynmanZhou made their first contribution in #91
• @ESultanik made their first contribution in #94
• @fxamacker made their first contribution in #109

Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2

v1.0.0-rc.1

📘Documentation

go-cose readme

Security Reviews

ncc group go-cose Security Assessment

What's Changed

• Documentation cleanup by @qmuntal in #61
• Guard against race conditions in RegisterAlgorithm by @qmuntal in #62
• Use curve modulo instead of field size to calculate ECDSA signature length by @qmuntal in #60
• Fix integer range rendering by @qmuntal in #63
• Update readme with release info by @SteveLasker in #65
• Remove cose.Verify1 and update cose.Sign1 by @qmuntal in #67
• Ensure IV and Partial IV are not both present by @qmuntal in #66
• Correct README to reflect the defork from mozilla/go-cose by @yogeshbdeshpande in #69
• Create Reports folder under go-cose by @yogeshbdeshpande in #70
• Upload NCC Public Report by @kevin-henry-ncc in #77
• Fail-safe check on RSA by @shizhMSFT in #72
• Ensure critical header contains valid labels by @qmuntal in #78
• Error if unprotected header contains crit param by @qmuntal in #81
• Add baseline security process by @SteveLasker in #4
• Improve Sign1Message.Sign1() docs by @qmuntal in #85
• upload coverage to codecov.io by @qmuntal in #84
• Validate generic headers by @qmuntal in #87
• Increase headers type validation coverage by @qmuntal in #89

New Contributors

• @yogeshbdeshpande made their first contribution in #69
• @kevin-henry-ncc made their first contribution in #77

Full Changelog: v1.0.0-alpha.1...v1.0.0-rc.1

v1.0.0-alpha.1

Documentation 📘

go-cose readme

What's Changed

• Sign1 by @thomas-fossati in #1
• Sign1 bells and whistles by @thomas-fossati in #2
• add license check by @thomas-fossati in #3
• Add gluecose conformance tests by @qmuntal in #19
• Fix CI and add first fuzz test by @qmuntal in #20
• Add PS256 conformance tests by @qmuntal in #21
• Remote Signing by @shizhMSFT in #51
• add Sign1Message benchmarks by @qmuntal in #54
• Mark COSE Sign as experimental by @thomas-fossati in #58
• Remove design.md as remote signing has merged by @SteveLasker in #57

New Contributors

• @thomas-fossati made their first contribution in #1
• @SteveLasker made their first contribution in #57

Full Changelog: https://github.com/veraison/go-cose/commits/v1.0.0-alpha.1