From edfd98ec53cb119eb89918e7414e7a6890a87cd3 Mon Sep 17 00:00:00 2001 From: Mathieu Amiot Date: Tue, 28 Mar 2023 14:57:46 +0200 Subject: [PATCH] chore: Release v0.7.0-rc.4 --- CHANGELOG.md | 49 +++++++++++++++++++++++++++++++++ CHANGELOG.tpl | 30 +++++++++++++++++++- crypto-attributes/Cargo.toml | 2 +- crypto-ffi/Cargo.toml | 4 +-- crypto/Cargo.toml | 12 ++++---- interop/Cargo.toml | 2 +- keystore/Cargo.toml | 2 +- kotlin/android/build.gradle.kts | 2 +- kotlin/jvm/build.gradle.kts | 2 +- mls-provider/Cargo.toml | 6 ++-- package.json | 2 +- 11 files changed, 95 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2ee34a153..922df79e7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,51 @@ Platform support legends: * Note: the papercuts will majorly be with the build process. Things might be very rough to integrate as no polish at all has been given yet. * ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work. +## [0.7.0-rc.4] - 2023-03-28 + +
+ git-conventional changelog + +### Bug Fixes + +- [**breaking**] Tweak WASM API +- Use schnellru fork for GroupStore faillible inserts +- Fixed GroupStore memory limiter behavior + +### Features + +- Remove any transitive crate using ring. As a consequence supports EcDSA on WASM +- Copy/modify kotlin wrapper from Kalium ([#284](https://github.com/wireapp/core-crypto/issues/284)) +- [**breaking**] Support creating a MLS client from an e2e identity certificate + +### Miscellaneous Tasks + +- Update interop runner `dirs` dep +- Appease clippy + +
+ +* Updated UniFFI to 0.23 + * Might or might not contain breaking changes depending on your use case, please refer to [UniFFI's documentation](https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md) +* Fixed a small bug in the new GroupStore internals that was a bit too eager in limiting memory usage +* **[BREAKING]**: Renamed the WASM `strongRefCount(): number` API to `isLocked(): boolean`. + * This essentially hides the implementation details across the FFI and should minimize brittleness +* Removed our dependency on [ring](https://github.com/briansmith/ring), an external crypto library. It was mostly used for validating x509 certificates and crafting Certificate Signing Request + * By removing `ring`, we now support the following MLS Ciphersuites using NIST elliptic curves / ECDSA on WASM: + * `MLS_128_DHKEMP256_AES128GCM_SHA256_P256` (`0x0002`) + * `MLS_256_DHKEMP384_AES256GCM_SHA384_P384` (`0x0007`) +* **[BREAKING]**: Overhauled parts of the E2EI implementation + * Moved from a stateless API to a stateful one. As a consequence, methods have less parameters, less structs need to be exposed. All of this is wrapped under Rust's safe sync primitives in order to be able to perform the ACME enrollment in parallel. + * The new API allows creating a MLS group from the enrollment process. + * ~~`certificateResponse()`~~ has been removed + * `e2eiMlsInit()` has been introduced and permits ending the enrollment flow and use the x509 certificate to initialize a MLS client. + * `ClientId` is now a string as per [RFC8555](https://www.rfc-editor.org/rfc/rfc8555). It does not anymore require to be prefixed (by `impp:wireapp=`) and is exactly the same as the one used for MLS + * X509 SAN URIs are now prefixed by `im:wireapp=` instead of `impp:wireapp=` + * This release has been tested against a real OIDC provider ([Dex](https://dexidp.io/)), federating identity from a LDAP server. The OAuth2 flow used for testing is [Authorization Code with PKCE](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-proof-key-for-code-exchange-pkce) + * Private key materials are now properly zeroized + + + ## [0.7.0-rc.3] - 2023-03-16
@@ -16,6 +61,10 @@ Platform support legends: - Proteus auto prekey ids not incrementing +### Miscellaneous Tasks + +- Release v0.7.0-rc.3 +
* Fixed a bug where `proteus_new_prekey_auto` returning the same prekey ID in particular cases diff --git a/CHANGELOG.tpl b/CHANGELOG.tpl index e8bf0779ab..0b6bd44af2 100644 --- a/CHANGELOG.tpl +++ b/CHANGELOG.tpl @@ -7,11 +7,39 @@ Platform support legends: * Note: the papercuts will majorly be with the build process. Things might be very rough to integrate as no polish at all has been given yet. * ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work. +## [0.7.0-rc.4] - 2023-03-28 + +
+ git-conventional changelog +{{git-cliff tag="v0.7.0-rc.4" unreleased=true}} +
+ +* Updated UniFFI to 0.23 + * Might or might not contain breaking changes depending on your use case, please refer to [UniFFI's documentation](https://github.com/mozilla/uniffi-rs/blob/main/CHANGELOG.md) +* Fixed a small bug in the new GroupStore internals that was a bit too eager in limiting memory usage +* **[BREAKING]**: Renamed the WASM `strongRefCount(): number` API to `isLocked(): boolean`. + * This essentially hides the implementation details across the FFI and should minimize brittleness +* Removed our dependency on [ring](https://github.com/briansmith/ring), an external crypto library. It was mostly used for validating x509 certificates and crafting Certificate Signing Request + * By removing `ring`, we now support the following MLS Ciphersuites using NIST elliptic curves / ECDSA on WASM: + * `MLS_128_DHKEMP256_AES128GCM_SHA256_P256` (`0x0002`) + * `MLS_256_DHKEMP384_AES256GCM_SHA384_P384` (`0x0007`) +* **[BREAKING]**: Overhauled parts of the E2EI implementation + * Moved from a stateless API to a stateful one. As a consequence, methods have less parameters, less structs need to be exposed. All of this is wrapped under Rust's safe sync primitives in order to be able to perform the ACME enrollment in parallel. + * The new API allows creating a MLS group from the enrollment process. + * ~~`certificateResponse()`~~ has been removed + * `e2eiMlsInit()` has been introduced and permits ending the enrollment flow and use the x509 certificate to initialize a MLS client. + * `ClientId` is now a string as per [RFC8555](https://www.rfc-editor.org/rfc/rfc8555). It does not anymore require to be prefixed (by `impp:wireapp=`) and is exactly the same as the one used for MLS + * X509 SAN URIs are now prefixed by `im:wireapp=` instead of `impp:wireapp=` + * This release has been tested against a real OIDC provider ([Dex](https://dexidp.io/)), federating identity from a LDAP server. The OAuth2 flow used for testing is [Authorization Code with PKCE](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-proof-key-for-code-exchange-pkce) + * Private key materials are now properly zeroized + + + ## [0.7.0-rc.3] - 2023-03-16
git-conventional changelog -{{git-cliff tag="v0.7.0-rc.3" unreleased=true}} +{{git-cliff tag="v0.7.0-rc.3"}}
* Fixed a bug where `proteus_new_prekey_auto` returning the same prekey ID in particular cases diff --git a/crypto-attributes/Cargo.toml b/crypto-attributes/Cargo.toml index 33e3ee2c62..c400589a33 100644 --- a/crypto-attributes/Cargo.toml +++ b/crypto-attributes/Cargo.toml @@ -2,7 +2,7 @@ name = "core-crypto-attributes" description = "Macros for core-crypto" repository = "https://github.com/wireapp/core-crypto" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2021" license = "GPL-3.0-only" diff --git a/crypto-ffi/Cargo.toml b/crypto-ffi/Cargo.toml index 5ed51392ab..70f7827071 100644 --- a/crypto-ffi/Cargo.toml +++ b/crypto-ffi/Cargo.toml @@ -2,7 +2,7 @@ name = "core-crypto-ffi" description = "Platform-specific bindings (Android, iOS, WASM) for CoreCrypto" repository = "https://github.com/wireapp/core-crypto" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2021" license = "GPL-3.0-only" publish = false @@ -17,7 +17,7 @@ proteus = ["core-crypto/proteus", "core-crypto/cryptobox-migrate"] mobile = ["uniffi", "uniffi_macros", "uniffi_build", "uniffi_bindgen"] [dependencies] -core-crypto = { version = "^0.7.0-rc.3", path = "../crypto" } +core-crypto = { version = "^0.7.0-rc.4", path = "../crypto" } thiserror = "1.0" cfg-if = "1.0" futures-util = "0.3" diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml index 83c12c98a0..d1d4e1f64b 100644 --- a/crypto/Cargo.toml +++ b/crypto/Cargo.toml @@ -2,7 +2,7 @@ name = "core-crypto" description = "Abstraction over OpenMLS with persistent keystore" repository = "https://github.com/wireapp/core-crypto" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2021" license = "GPL-3.0-only" publish = false @@ -64,13 +64,13 @@ rexie = { version = "0.4", optional = true } base64 = { version = "0.21", optional = true } [target.'cfg(not(target_os = "ios"))'.dependencies] -core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore" } +core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore" } [target.'cfg(target_os = "ios")'.dependencies] -core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore", features = ["ios-wal-compat"] } +core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore", features = ["ios-wal-compat"] } [dependencies.mls-crypto-provider] -version = "^0.7.0-rc.3" +version = "^0.7.0-rc.4" path = "../mls-provider" [dev-dependencies] @@ -91,7 +91,7 @@ proteus-traits = "2.0" async-trait = "0.1" [dev-dependencies.core-crypto-keystore] -version = "^0.7.0-rc.3" +version = "^0.7.0-rc.4" path = "../keystore" features = ["dummy-entity"] @@ -104,7 +104,7 @@ version = "0.3" features = ["async_futures", "html_reports"] [dev-dependencies.core-crypto-attributes] -version = "^0.7.0-rc.3" +version = "^0.7.0-rc.4" path = "../crypto-attributes" [package.metadata.wasm-pack.profile.release] diff --git a/interop/Cargo.toml b/interop/Cargo.toml index ee1c27a634..862e582d1b 100644 --- a/interop/Cargo.toml +++ b/interop/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "interop" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2021" license = "GPL-3.0-only" diff --git a/keystore/Cargo.toml b/keystore/Cargo.toml index c44c9acc32..a5ae7d8de8 100644 --- a/keystore/Cargo.toml +++ b/keystore/Cargo.toml @@ -2,7 +2,7 @@ name = "core-crypto-keystore" description = "Encrypted keystore with support for OpenMLS and Proteus" repository = "https://github.com/wireapp/core-crypto" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2021" license = "GPL-3.0-only" publish = false diff --git a/kotlin/android/build.gradle.kts b/kotlin/android/build.gradle.kts index 3d548c24af..8f883796a1 100644 --- a/kotlin/android/build.gradle.kts +++ b/kotlin/android/build.gradle.kts @@ -112,7 +112,7 @@ afterEvaluate { create("maven") { groupId = "com.wire" artifactId = "core-crypto-android" - version = "0.7.0-rc.3" + version = "0.7.0-rc.4" from(components["release"]) pom { name.set("core-crypto-android") diff --git a/kotlin/jvm/build.gradle.kts b/kotlin/jvm/build.gradle.kts index 64658d1741..0f79082f46 100644 --- a/kotlin/jvm/build.gradle.kts +++ b/kotlin/jvm/build.gradle.kts @@ -116,7 +116,7 @@ afterEvaluate { create("maven") { groupId = "com.wire" artifactId = "core-crypto-jvm" - version = "0.7.0-rc.3" + version = "0.7.0-rc.4" from(components["java"]) diff --git a/mls-provider/Cargo.toml b/mls-provider/Cargo.toml index 730831a3a7..50ab3b32f9 100644 --- a/mls-provider/Cargo.toml +++ b/mls-provider/Cargo.toml @@ -2,7 +2,7 @@ name = "mls-crypto-provider" description = "MLS Crypto Provider wrapping core-crypto-keystore" repository = "https://github.com/wireapp/core-crypto" -version = "0.7.0-rc.3" +version = "0.7.0-rc.4" edition = "2018" license = "GPL-3.0-only" publish = false @@ -38,10 +38,10 @@ zeroize = "1.5" thiserror = "1.0" [target.'cfg(not(target_os = "ios"))'.dependencies] -core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore" } +core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore" } [target.'cfg(target_os = "ios")'.dependencies] -core-crypto-keystore = { version = "^0.7.0-rc.3", path = "../keystore", features = ["ios-wal-compat"] } +core-crypto-keystore = { version = "^0.7.0-rc.4", path = "../keystore", features = ["ios-wal-compat"] } [dev-dependencies] wasm-bindgen-test = "0.3" diff --git a/package.json b/package.json index 7722a8935e..0ff0d612d1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@wireapp/core-crypto", - "version": "0.7.0-rc.3", + "version": "0.7.0-rc.4", "description": "CoreCrypto bindings for the Web", "type": "module", "module": "platforms/web/corecrypto.js",