Releases: a-sit-plus/signum
Releases · a-sit-plus/signum
3.10.1 (Supreme 0.5.1) Hotfiix
This release fixes #195
3.10.0 (Supreme 0.5.0)
More cowbell targets!
A new artifact, minor breaking changes and a lot more targets ahead!
The public API remains almost unchanged. Breaking API changes are:
- Some parsing methods migrating from a
ByteIterator
to kotlinx-ioSource
- Move
ensureSize
from packageasn1
tomisc
- Change CSR to take an actual
CryptoSignature
instead of a ByteArray - Remove Legacy iOS Attestation
- Add type parameter to
JwsSigned
for its payload - Add type parameter to
JweDecrypted
for its payload JwsSigned.prepareSignatureInput
now returns a raw ByteArray- Move
BitSet
fromio
toasn1
package
The internals have changed substantially, however, and some fixes lead to behavioural changes.
Therefore, be sure to match Signum versions if multiple libraries pull it in as transitive dependency.
Better safe than sorry!
The full list of changes is:
- Discrete ASN.1 module
indispensable-asn1
supporting the following platforms:- JVM
- Android
- iOS
- watchOS
- tvOS
- JS
- wasm/JS
- Linux X64
- Linux AARCH64
- MinGw X64
- More targets for
indispensable
,indispensable-josef
,indispensable-cosef
- JVM
- Android
- iOS
- watchOS
- tvOS
- JS
- wasm/JS
- Linux X64
- Linux AARCH64
- MinGw X64
- KmmResult 1.9.0
- Multibase 1.2.1
- Introduce generic tag assertion to
Asn1Element
- Change CSR to take an actual
CryptoSignature
instead of a ByteArray - Introduce shorthand to create CSR from TbsCSR
- Introduce shorthand to create certificate from TbsCertificate
- Remove requirement from CSR to have certificate extensions
- Fix CoseSigned equals
- Base OIDs on unsigned varint instead of UInt
- Directly support UUID-based OID creation
- Implement hash-to-curve and hash-to-scalar as per RFC9380
- Rename
decodeFromDerHexString
toparseFromDerHexString
- Move
ensureSize
from packageasn1
tomisc
- Move
BitSet
fromio
toasn1
package - Use kotlinx-io as primary source for parsing
- Base number encoding/decoding on kotlinx-io
- Remove parsing from iterator
- Base ASN.1 encoding and decoding on kotlinx-io
- Remove single element decoding from Iterator
- Base number encoding/decoding on kotlinx-io
- Introduce
prepareDigestInput()
toIosHomebrewAttestation
- Remove Legacy iOS Attestation
- Add type parameter to
JwsSigned
for its payload - Add type parameter to
JweDecrypted
for its payload JwsSigned.prepareSignatureInput
now returns a raw ByteArray- Tests that do not depend on BouncyCastle/JCA are now performed for all targets
- Remove Napier dependency
3.9.0 (Supreme 0.4.0)
- Shiny new documentation based on Material for MkDocs
- Move
Attestation
from Supreme to Indispensable - Rename
parse()
todeserialize()
inJwsSigned
andJweEncrypted
to align with COSE - Rename
CryptoPublicKey.Rsa
->CryptoPublicKey.RSA
for consistency reasons - Add HMAC JCA names, properties used in JSON Web Encryption
3.8.2 Hotfix
3.8.2 (Supreme 0.3.2)
- Less destructive Hotfix for for KT-71650
- Re-enables export of
Asn1Element.Tag
class to ObjC.
3.8.1 (Supreme 0.3.1)
- Hotfix for KT-71650
- Disables export of
Asn1Element.Tag
class to ObjC. Signum remains usable for KMP projects,
the Tag class just cannot be directly accessed from Swift and ObjC any more.
3.8.0 (Supreme 0.3.0) Breaking Changes Ahead!
- Completely revamped ASN.1 Tag Handling
- Properly handle multi-byte tags
- Introduce a new data structure
TLV.Tag
with an accompanyingTagClass
enum and aconstructed
flag to accurately represent arbitrary tags up toULong.MAX_VALUE
- Make all
tag
parametersULong
to reflect support for multi-byte tags - Remove
DERTags
- Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
- Refactor
Int.Companion.decodeFromDer
->Int.Companion.decodeFromDerValue()
- Refactor
Long.Companion.decodeFromDer
->Long.Companion.decodeFromDerValue()
- Introduce
ULong.Companion.decodeFromDer
which can handle overlong inputs, as long as they start with a valid ULong encoding - Changed return type of
Verifier::verify
fromKmmResult<Unit>
toKmmResult<Success>
. Usage is unchanged. - Add
ConfirmationClaim
to represent Proof-of-Possesion Key Semantics for JWTs - Add claims to
JsonWebToken
to implement Demonstrating Proof of Possession - Replace
JsonWebToken.confirmationKey
byJsonWebToken.confirmationClaim
, the implementation was wrong - Introduce
ULong.toAsn1VarInt()
to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
multi^2_base'sUVarInt
!) - Introduce
decodeAsn1VarULong()
anddecodeAsn1VarUInt()
which can handle overlong inputs, as long as they start with a valid unsigned number encoding.- Comes in three ULong flavours:
Iterator<Byte>.decodeAsn1VarULong()
Iterable<Byte>.decodeAsn1VarULong()
ByteArray.decodeAsn1VarULong()
- and three UInt flavours:
Iterator<Byte>.decodeAsn1VarUInt()
Iterable<Byte>.decodeAsn1VarUInt()
ByteArray.decodeAsn1VarUInt()
- Comes in three ULong flavours:
- Revamp implicit tagging
- Revamp
Asn1Element.parse()
, introducing new variants. This yields:Asn1Element.parse()
with the same semantics as beforeAsn1Element.parse()
alternative introduced, which takes aByteIterator
instead of aByteArray
Asn1Element.parseAll()
introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)- Variant 1 takes a
ByteIterator
- Variant 2 takes a
ByteArray
- Variant 1 takes a
Asn1Element.parseFirst()
introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.- Variant 1 takes a
ByteIterator
and returns the element; theByteIterator
is advanced accordingly - Variant 2 takes a
ByteArray
and returns aPair
of(element, remainingBytes)
- Variant 1 takes a
- More consistent low-level encoding and decoding function names:
encodeToAsn1Primitive
to produce anAsn1Primitive
that can directly be DER-encodedencodeToAsn1ContentBytes
to produce the content bytes of a TLV primitive (the V in TLV)decodeToXXX
to be invoked on anAsn1Primitive
to decode a DER-encoded primitive into the target typedecodeFromAsn1ContentBytes
to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
- Update conventions -> Coroutines 1.9.0
- replace
runCatching
withcatching
to be extra-safe
3.8.1 (0.3.1 Supreme) Hotfix
3.8.1 (Supreme 0.3.1)
- Hotfix for KT-71650
- Disables export of
Asn1Element.Tag
class to ObjC. Signum remains usable for KMP projects,
the Tag class just cannot be directly accessed from Swift and ObjC any more.
3.8.0 (Supreme 0.3.0) Breaking Changes Ahead!
- Completely revamped ASN.1 Tag Handling
- Properly handle multi-byte tags
- Introduce a new data structure
TLV.Tag
with an accompanyingTagClass
enum and aconstructed
flag to accurately represent arbitrary tags up toULong.MAX_VALUE
- Make all
tag
parametersULong
to reflect support for multi-byte tags - Remove
DERTags
- Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
- Refactor
Int.Companion.decodeFromDer
->Int.Companion.decodeFromDerValue()
- Refactor
Long.Companion.decodeFromDer
->Long.Companion.decodeFromDerValue()
- Introduce
ULong.Companion.decodeFromDer
which can handle overlong inputs, as long as they start with a valid ULong encoding - Changed return type of
Verifier::verify
fromKmmResult<Unit>
toKmmResult<Success>
. Usage is unchanged. - Add
ConfirmationClaim
to represent Proof-of-Possesion Key Semantics for JWTs - Add claims to
JsonWebToken
to implement Demonstrating Proof of Possession - Replace
JsonWebToken.confirmationKey
byJsonWebToken.confirmationClaim
, the implementation was wrong - Introduce
ULong.toAsn1VarInt()
to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
multi^2_base'sUVarInt
!) - Introduce
decodeAsn1VarULong()
anddecodeAsn1VarUInt()
which can handle overlong inputs, as long as they start with a valid unsigned number encoding.- Comes in three ULong flavours:
Iterator<Byte>.decodeAsn1VarULong()
Iterable<Byte>.decodeAsn1VarULong()
ByteArray.decodeAsn1VarULong()
- and three UInt flavours:
Iterator<Byte>.decodeAsn1VarUInt()
Iterable<Byte>.decodeAsn1VarUInt()
ByteArray.decodeAsn1VarUInt()
- Comes in three ULong flavours:
- Revamp implicit tagging
- Revamp
Asn1Element.parse()
, introducing new variants. This yields:Asn1Element.parse()
with the same semantics as beforeAsn1Element.parse()
alternative introduced, which takes aByteIterator
instead of aByteArray
Asn1Element.parseAll()
introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)- Variant 1 takes a
ByteIterator
- Variant 2 takes a
ByteArray
- Variant 1 takes a
Asn1Element.parseFirst()
introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.- Variant 1 takes a
ByteIterator
and returns the element; theByteIterator
is advanced accordingly - Variant 2 takes a
ByteArray
and returns aPair
of(element, remainingBytes)
- Variant 1 takes a
- More consistent low-level encoding and decoding function names:
encodeToAsn1Primitive
to produce anAsn1Primitive
that can directly be DER-encodedencodeToAsn1ContentBytes
to produce the content bytes of a TLV primitive (the V in TLV)decodeToXXX
to be invoked on anAsn1Primitive
to decode a DER-encoded primitive into the target typedecodeFromAsn1ContentBytes
to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
- Update conventions -> Coroutines 1.9.0
- replace
runCatching
withcatching
to be extra-safe
3.8.0 (Supreme 0.3.0)
Breaking Changes Ahead!
- Completely revamped ASN.1 Tag Handling
- Properly handle multi-byte tags
- Introduce a new data structure
TLV.Tag
with an accompanyingTagClass
enum and aconstructed
flag to accurately represent arbitrary tags up toULong.MAX_VALUE
- Make all
tag
parametersULong
to reflect support for multi-byte tags - Remove
DERTags
- Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
- Refactor
Int.Companion.decodeFromDer
->Int.Companion.decodeFromDerValue()
- Refactor
Long.Companion.decodeFromDer
->Long.Companion.decodeFromDerValue()
- Introduce
ULong.Companion.decodeFromDer
which can handle overlong inputs, as long as they start with a valid ULong encoding - Changed return type of
Verifier::verify
fromKmmResult<Unit>
toKmmResult<Success>
. Usage is unchanged. - Add
ConfirmationClaim
to represent Proof-of-Possesion Key Semantics for JWTs - Add claims to
JsonWebToken
to implement Demonstrating Proof of Possession - Replace
JsonWebToken.confirmationKey
byJsonWebToken.confirmationClaim
, the implementation was wrong - Introduce
ULong.toAsn1VarInt()
to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
multi^2_base'sUVarInt
!) - Introduce
decodeAsn1VarULong()
anddecodeAsn1VarUInt()
which can handle overlong inputs, as long as they start with a valid unsigned number encoding.- Comes in three ULong flavours:
Iterator<Byte>.decodeAsn1VarULong()
Iterable<Byte>.decodeAsn1VarULong()
ByteArray.decodeAsn1VarULong()
- and three UInt flavours:
Iterator<Byte>.decodeAsn1VarUInt()
Iterable<Byte>.decodeAsn1VarUInt()
ByteArray.decodeAsn1VarUInt()
- Comes in three ULong flavours:
- Revamp implicit tagging
- Revamp
Asn1Element.parse()
, introducing new variants. This yields:Asn1Element.parse()
with the same semantics as beforeAsn1Element.parse()
alternative introduced, which takes aByteIterator
instead of aByteArray
Asn1Element.parseAll()
introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)- Variant 1 takes a
ByteIterator
- Variant 2 takes a
ByteArray
- Variant 1 takes a
Asn1Element.parseFirst()
introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.- Variant 1 takes a
ByteIterator
and returns the element; theByteIterator
is advanced accordingly - Variant 2 takes a
ByteArray
and returns aPair
of(element, remainingBytes)
- Variant 1 takes a
- More consistent low-level encoding and decoding function names:
encodeToAsn1Primitive
to produce anAsn1Primitive
that can directly be DER-encodedencodeToAsn1ContentBytes
to produce the content bytes of a TLV primitive (the V in TLV)decodeToXXX
to be invoked on anAsn1Primitive
to decode a DER-encoded primitive into the target typedecodeFromAsn1ContentBytes
to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
- Update conventions -> Coroutines 1.0.9
- replace
runCatching
withcatching
to be extra-safe
Closed Issues:
3.7.0 (Supreme 0.2.0)
- Remove Swift verifier logic to obtain a general speed-up
- Implement supreme signing capabilities
- Introduce Attestation Data Structure
- Dependency Updates:
- Kotlin 2.0.20
- kotlinx.serialization 1.7.2 stable (bye, bye unofficial snapshot dependency!)
- kotlinx-datetime 0.6.1
3.6.1
Externalise UVarInt
3.6.0: Signum
- Rebranding to Signum
- maven coordinates:
at.asitplus.signum:$module
- modules
- datatypes -> indispensable
- datatypes-jws -> indispensable-josef
- datatypes-cose -> indispensable-cosef
- provider -> supreme
- package renames
crypto
->signum
datatypes
->indispensable
jws
->josef
cose
->cosef
provider
->supreme
- maven coordinates:
3.5.1
** Fixes **
- Publish provider pre-release to maven central
** Changes **
- Depend on newer conventions, which don't pull serialization snapshots in:
datatypes
,datatypes-jws
, andprovider
depend on stable serialization WITHOUT COSE SUPPORTdatatypes-cose
pulls in latest 1.8.0 serialization SNAPSHOT from upstream
ByteStringWrapper
is not part of upstream snapshot cose serialization anymore,
but implemented as part ofdatatypes-cose
in packageat.asitplus.crypto.datatypes.cose.io