Releases: samuel-lucas6/Geralt
Releases Β· samuel-lucas6/Geralt
v3.3.0
Please install Geralt via NuGet.
Added
- A
SecureMemory
class that contains methods for zeroing byte arrays, char arrays, and strings as well as locking/unlocking byte arrays. Note that arrays must be pinned for these methods to work properly. - Guarded heap allocations, which can be used instead of regular allocations for additional security. However, there's a performance penalty, and this functionality shouldn't be used for large amounts of variables/data due to system limits. Make sure you read the new documentation.
- A
Validation.MultipleOfSize()
method to check that an integer is a multiple of another integer.
Changed
- Every method in all the incremental classes now checks whether the object has been disposed, throwing
ObjectDisposedException
if so. - The test packages have been updated.
Fixed
- A bug with
SecureRandom.GetPassphrase()
returning passphrases containing'\r'
characters on Windows. This wasn't a problem in .NET 6 and wasn't detectable in a library context, only in a CLI application. - The libsodium package has been updated, which fixes
win-arm64
support not working.
v3.2.0
Please install Geralt via NuGet.
Added
- The
IncrementalBLAKE2b
state can now be cached. This means static data at the beginning (e.g., the same key) can be processed just once for repeated calls, improving performance. Note thatCacheState()
can only cache the state once. Each subsequent call will overwrite the previously cached state. This was done for backwards compatibility, to allow zeroing the cached state, and because you shouldn't be able to cache the state withIncrementalPoly1305
, for example.
Changed
- Now using some new language features, like LibraryImport.
- The state in incremental classes now gets zeroed if there's an exception/
Dispose()
is manually called. - The byte array buffers in
Encodings.ToHex()
andEncodings.ToBase64()
now get zeroed after a string is returned. BLAKE2b.ComputeHash()
with a stream now throwsInvalidOperationException
if the stream can't be read. Previously, this would've been aNotSupportedException
from the .NET API.- Tests are now run on .NET 9 as well as .NET 8.
- The test packages have been updated.
Fixed
stackalloc
is no longer used forEncodings.ToHex()
andEncodings.ToBase64()
, which could've resulted in aStackOverflowException
with large enough inputs.
Removed
- .NET 6 is no longer targeted since it's out of support.
v3.1.0
Please install Geralt via NuGet.
Added
- A
Reinitialize()
function for theIncremental
classes. This saves you having to create anotherusing
statement in some scenarios.
Changed
- Added support for iOS, tvOS, and Mac Catalyst. Help is wanted to test this (#7).
- No longer targeting .NET 7 as it's out of support.
- Updated the libsodium version to 1.0.20.
- Minor test improvements.
Deprecated
- .NET 6 support will be dropped in November 2024, which will allow some newer language features to be used.
v3.0.1
v3.0.0
Please install Geralt via NuGet.
Warning
This release contains breaking changes to public constants, function/class renaming, and more validation to improve the API. Please update your code accordingly. Updates to the documentation are in progress.
Added
- AEGIS-128L and AEGIS-256, which are fast, key committing AES-based AEAD schemes that were finalists in the CAESAR competition. They are both preferable to AES-GCM and AES-OCB. The implementations also don't require hardware support to work, although performance will be affected and side-channels may exist.
FinalizeAndVerify()
methods forIncrementalBLAKE2b
andIncrementalPoly1305
. These are like the non-incrementalVerifyTag()
methods.- Validation to prevent updating the state after finalizing or finalizing twice in Incremental classes. This includes after specifying
ChunkFlag.Final
inIncrementalXChaCha20Poly1305
. - Validation that encoded password hash strings are for Argon2id, not Argon2i/Argon2d.
- A check for counter overflows with
XChaCha20
to matchChaCha20
. - A
NotGreaterThanMax()
validation function. - A link to the release notes on NuGet.
- GitHub Actions tests on
linux-musl-x64
.
Changed
- Updated to libsodium v1.0.19.
- The following constants have been changed:
BLAKE2b.HashSize
,BLAKE2b.MinKeySize
,IncrementalBLAKE2b.HashSize
,IncrementalBLAKE2b.MinKeySize
,X25519.MinPreSharedKeySize
,Argon2id.MinKeySize
, andArgon2id.MinMemorySize
.Argon2id.HashPrefix
has also been made private. IncrementalEd25519
has been renamed toIncrementalEd25519ph
.IncrementalEd25519ph.Verify()
has been renamed toIncrementalEd25519ph.FinalizeAndVerify()
.- Hyphenated words have been removed from the passphrase wordlist.
- Various exception messages have been rephrased.
- Code/test improvements.
v2.1.0
Please install Geralt via NuGet.
Added
IncrementalEd25519
, which uses Ed25519ph.- Support for an empty salt with
BLAKE2b.DeriveKey()
. This is equivalent to a 128-bit all-zero salt. This makes sense when you only need to derive a single key or when there's no need for salting (e.g. ephemeral keys are involved in a key exchange). - Preparations to support iOS in the future.
Changed
- American spellings (initialize, finalize, personalization, capitalize, etc) are now used for consistency.
- More thorough testing.
- Code improvements.
An upcoming release will likely change some constants (e.g. BLAKE2b.HashSize
) to be consistent with libsodium. This will be a breaking change.
v2.0.0
Please install Geralt via NuGet.
Added
IncrementalXChaCha20Poly1305
, which is a wrapper around crypto_secretstream_*() for chunked stream/file encryption. You can read the Geralt documentation here.- Constants for
IncrementalBLAKE2b
andIncrementalPoly1305
, which are identical to theBLAKE2b
andPoly1305
constants. - Support for .NET 7.
Changed
DeriveSenderSharedSecret()
has been renamed toDeriveSenderSharedKey()
for clarity.DeriveRecipientSharedSecret()
has been renamed toDeriveRecipientSharedKey()
.ComputeXCoordinate()
has been renamed toComputeSharedSecret()
. The above functions should still be preferred to prevent accidental vulnerabilities.- The
Validation
class has been made public because it's useful for custom constructions without having to have hideous if statements everywhere.
Removed
- The
BLAKE2bHashAlgorithm
class because it returned a byte array. It has been replaced with aBLAKE2b.ComputeHash()
function that takes aStream
andIncrementalBLAKE2b
for keyed hashing.
v1.3.0
v1.2.0
v1.1.0
Please install Geralt via NuGet.
Added
- The internal counter for ChaCha20 and XChaCha20 can now be accessed. Overflow checking is done for the ChaCha20 counter.
Changed
Spans.Concat()
now accepts empty spans likeArrays.Concat()
did.- The incremental BLAKE2b state handling now matches libsodium-core.
Removed
- The
Arrays
class because spans andSpans.Concat()
should be used instead.