chore: Release v0.7.0-rc.4

CHANGELOG.md

@@ -7,6 +7,51 @@ Platform support legends:
     * Note: the papercuts will majorly be with the build process. Things might be very rough to integrate as no polish at all has been given yet.
 * ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work.
 
+## [0.7.0-rc.4] - 2023-03-28
+
+<details>
+    <summary>git-conventional changelog</summary>
+
+### Bug Fixes
+
+- [**breaking**] Tweak WASM API
+- Use schnellru fork for GroupStore faillible inserts
+- Fixed GroupStore memory limiter behavior
+
+### Features
+
+- Remove any transitive crate using ring. As a consequence supports EcDSA on WASM
+- Copy/modify kotlin wrapper from Kalium ([#284](https://github.com/wireapp/core-crypto/issues/284))
+- [**breaking**] Support creating a MLS client from an e2e identity certificate
+
+### Miscellaneous Tasks
+
+- Update interop runner `dirs` dep
+- Appease clippy
+
+</details>
+
+* Updated UniFFI to 0.23
+    * Might or might not contain breaking changes depending on your use case, please refer to [UniFFI's documentation](https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md)
+* Fixed a small bug in the new GroupStore internals that was a bit too eager in limiting memory usage
+* **[BREAKING]**: Renamed the WASM `strongRefCount(): number` API to `isLocked(): boolean`.
+    * This essentially hides the implementation details across the FFI and should minimize brittleness
+* Removed our dependency on [ring](https://github.com/briansmith/ring), an external crypto library. It was mostly used for validating x509 certificates and crafting Certificate Signing Request
+    * By removing `ring`, we now support the following MLS Ciphersuites using NIST elliptic curves / ECDSA on WASM:
+        * `MLS_128_DHKEMP256_AES128GCM_SHA256_P256` (`0x0002`)
+        * `MLS_256_DHKEMP384_AES256GCM_SHA384_P384` (`0x0007`)
+* **[BREAKING]**: Overhauled parts of the E2EI implementation
+      * Moved from a stateless API to a stateful one. As a consequence, methods have less parameters, less structs need to be exposed. All of this is wrapped under Rust's safe sync primitives in order to be able to perform the ACME enrollment in parallel.
+      * The new API allows creating a MLS group from the enrollment process.
+        * ~~`certificateResponse()`~~ has been removed
+        * `e2eiMlsInit()` has been introduced and permits ending the enrollment flow and use the x509 certificate to initialize a MLS client.
+      * `ClientId` is now a string as per [RFC8555](https://www.rfc-editor.org/rfc/rfc8555). It does not anymore require to be prefixed (by `impp:wireapp=`) and is exactly the same as the one used for MLS
+      * X509 SAN URIs are now prefixed by `im:wireapp=` instead of `impp:wireapp=`
+      * This release has been tested against a real OIDC provider ([Dex](https://dexidp.io/)), federating identity from a LDAP server. The OAuth2 flow used for testing is [Authorization Code with PKCE](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-proof-key-for-code-exchange-pkce)
+      * Private key materials are now properly zeroized
+
+
+
 ## [0.7.0-rc.3] - 2023-03-16
 
 <details>
@@ -16,6 +61,10 @@ Platform support legends:
 
 - Proteus auto prekey ids not incrementing
 
+### Miscellaneous Tasks
+
+- Release v0.7.0-rc.3
+
 </details>
 
 * Fixed a bug where `proteus_new_prekey_auto` returning the same prekey ID in particular cases

CHANGELOG.tpl

@@ -7,11 +7,39 @@ Platform support legends:
     * Note: the papercuts will majorly be with the build process. Things might be very rough to integrate as no polish at all has been given yet.
 * ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work.
 
+## [0.7.0-rc.4] - 2023-03-28
+
+<details>
+    <summary>git-conventional changelog</summary>
+{{git-cliff tag="v0.7.0-rc.4" unreleased=true}}
+</details>
+
+* Updated UniFFI to 0.23
+    * Might or might not contain breaking changes depending on your use case, please refer to [UniFFI's documentation](https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md)
+* Fixed a small bug in the new GroupStore internals that was a bit too eager in limiting memory usage
+* **[BREAKING]**: Renamed the WASM `strongRefCount(): number` API to `isLocked(): boolean`.
+    * This essentially hides the implementation details across the FFI and should minimize brittleness
+* Removed our dependency on [ring](https://github.com/briansmith/ring), an external crypto library. It was mostly used for validating x509 certificates and crafting Certificate Signing Request
+    * By removing `ring`, we now support the following MLS Ciphersuites using NIST elliptic curves / ECDSA on WASM:
+        * `MLS_128_DHKEMP256_AES128GCM_SHA256_P256` (`0x0002`)
+        * `MLS_256_DHKEMP384_AES256GCM_SHA384_P384` (`0x0007`)
+* **[BREAKING]**: Overhauled parts of the E2EI implementation
+      * Moved from a stateless API to a stateful one. As a consequence, methods have less parameters, less structs need to be exposed. All of this is wrapped under Rust's safe sync primitives in order to be able to perform the ACME enrollment in parallel.
+      * The new API allows creating a MLS group from the enrollment process.
+        * ~~`certificateResponse()`~~ has been removed
+        * `e2eiMlsInit()` has been introduced and permits ending the enrollment flow and use the x509 certificate to initialize a MLS client.
+      * `ClientId` is now a string as per [RFC8555](https://www.rfc-editor.org/rfc/rfc8555). It does not anymore require to be prefixed (by `impp:wireapp=`) and is exactly the same as the one used for MLS
+      * X509 SAN URIs are now prefixed by `im:wireapp=` instead of `impp:wireapp=`
+      * This release has been tested against a real OIDC provider ([Dex](https://dexidp.io/)), federating identity from a LDAP server. The OAuth2 flow used for testing is [Authorization Code with PKCE](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-proof-key-for-code-exchange-pkce)
+      * Private key materials are now properly zeroized
+
+
+
 ## [0.7.0-rc.3] - 2023-03-16
 
 <details>
     <summary>git-conventional changelog</summary>
-{{git-cliff tag="v0.7.0-rc.3" unreleased=true}}
+{{git-cliff tag="v0.7.0-rc.3"}}
 </details>
 
 * Fixed a bug where `proteus_new_prekey_auto` returning the same prekey ID in particular cases

crypto-attributes/Cargo.toml

@@ -2,7 +2,7 @@
 name = "core-crypto-attributes"
 description = "Macros for core-crypto"
 repository = "https://github.com/wireapp/core-crypto"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2021"
 license = "GPL-3.0-only"
 

crypto-ffi/Cargo.toml

@@ -2,7 +2,7 @@
 name = "core-crypto-ffi"
 description = "Platform-specific bindings (Android, iOS, WASM) for CoreCrypto"
 repository = "https://github.com/wireapp/core-crypto"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2021"
 license = "GPL-3.0-only"
 publish = false
@@ -17,7 +17,7 @@ proteus = ["core-crypto/proteus", "core-crypto/cryptobox-migrate"]
 mobile = ["uniffi", "uniffi_macros", "uniffi_build", "uniffi_bindgen"]
 
 [dependencies]
-core-crypto = { version = "^0.7.0-rc.3", path = "../crypto" }
+core-crypto = { version = "^0.7.0-rc.4", path = "../crypto" }
 thiserror = "1.0"
 cfg-if = "1.0"
 futures-util = "0.3"

crypto/Cargo.toml

@@ -2,7 +2,7 @@
 name = "core-crypto"
 description = "Abstraction over OpenMLS with persistent keystore"
 repository = "https://github.com/wireapp/core-crypto"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2021"
 license = "GPL-3.0-only"
 publish = false
@@ -64,13 +64,13 @@ rexie = { version = "0.4", optional = true }
 base64 = { version = "0.21", optional = true }
 
 [target.'cfg(not(target_os = "ios"))'.dependencies]
-core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore" }
+core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore" }
 
 [target.'cfg(target_os = "ios")'.dependencies]
-core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore", features = ["ios-wal-compat"] }
+core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore", features = ["ios-wal-compat"] }
 
 [dependencies.mls-crypto-provider]
-version = "^0.7.0-rc.3"
+version = "^0.7.0-rc.4"
 path = "../mls-provider"
 
 [dev-dependencies]
@@ -91,7 +91,7 @@ proteus-traits = "2.0"
 async-trait = "0.1"
 
 [dev-dependencies.core-crypto-keystore]
-version = "^0.7.0-rc.3"
+version = "^0.7.0-rc.4"
 path = "../keystore"
 features = ["dummy-entity"]
 
@@ -104,7 +104,7 @@ version = "0.3"
 features = ["async_futures", "html_reports"]
 
 [dev-dependencies.core-crypto-attributes]
-version = "^0.7.0-rc.3"
+version = "^0.7.0-rc.4"
 path = "../crypto-attributes"
 
 [package.metadata.wasm-pack.profile.release]

interop/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "interop"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2021"
 license = "GPL-3.0-only"
 

keystore/Cargo.toml

@@ -2,7 +2,7 @@
 name = "core-crypto-keystore"
 description = "Encrypted keystore with support for OpenMLS and Proteus"
 repository = "https://github.com/wireapp/core-crypto"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2021"
 license = "GPL-3.0-only"
 publish = false

kotlin/android/build.gradle.kts

@@ -112,7 +112,7 @@ afterEvaluate {
             create<MavenPublication>("maven") {
                 groupId = "com.wire"
                 artifactId = "core-crypto-android"
-                version = "0.7.0-rc.3"
+                version = "0.7.0-rc.4"
                 from(components["release"])
                 pom {
                     name.set("core-crypto-android")

kotlin/jvm/build.gradle.kts

@@ -116,7 +116,7 @@ afterEvaluate {
             create<MavenPublication>("maven") {
                 groupId = "com.wire"
                 artifactId = "core-crypto-jvm"
-                version = "0.7.0-rc.3"
+                version = "0.7.0-rc.4"
 
                 from(components["java"])
 

mls-provider/Cargo.toml

@@ -2,7 +2,7 @@
 name = "mls-crypto-provider"
 description = "MLS Crypto Provider wrapping core-crypto-keystore"
 repository = "https://github.com/wireapp/core-crypto"
-version = "0.7.0-rc.3"
+version = "0.7.0-rc.4"
 edition = "2018"
 license = "GPL-3.0-only"
 publish = false
@@ -38,10 +38,10 @@ zeroize = "1.5"
 thiserror = "1.0"
 
 [target.'cfg(not(target_os = "ios"))'.dependencies]
-core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore" }
+core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore" }
 
 [target.'cfg(target_os = "ios")'.dependencies]
-core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore", features = ["ios-wal-compat"] }
+core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore", features = ["ios-wal-compat"] }
 
 [dev-dependencies]
 wasm-bindgen-test = "0.3"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "0.7.0-rc.3",
+  "version": "0.7.0-rc.4",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",