Releases: nd1012/wan24-Crypto-BC
Version 3.5.1
Changes
- Fixed method name
BouncyCastle.RegisterNetalgrithms->RegisterNetAlgorithms
Full Changelog: v3.5.0...v3.5.1
Version 3.5.0
Changes
- Added
BouncyCastle.RegisterNetAlgrithms - Added
HashBcSha3_256.SHA3_256 - Added
HashBcSha3_384.SHA3_384 - Added
HashBcSha3_512.SHA3_512 - Added
MacBcHmacSha3_256.HMACSHA3_256 - Added
MacBcHmacSha3_384.HMACSHA3_384 - Added
MacBcHmacSha3_512.HMACSHA3_512 BouncyCastleHashAlgorithmis unsealed nowBouncyCastleHmacAlgorithmis unsealed now
Full Changelog: v3.4.0...v3.5.0
Version 3.4.0
Changes
Additions
- Added
BcEllipticCurves.IsCurveAllowedandBcEllipticCurves.DenyCurve - Added checks for allowed algorithms and elliptic curves
Fixed bugs
- Fixed Ed25519, Ed448, X448, XEd25519 and XEd448 algorithms didn't check for PQC requirement
- Fixed non-PQC signature algorithms didn't check for PQC requirement
Full Changelog: v3.3.0...v3.4.0
Version 3.3.0
Changes
Additions
- Updated references
Fixed bugs
- Fixed XEd25519/448, SPHINCS+, Streamlined NTRU Prime and NTRUEncrypt public key serialization caused key ID change on a new serializer version (old key data needs to be converted!)
Full Changelog: v3.2.0...v3.3.0
Version 3.2.0
Version 3.1.0
Changes
Additions
- Added
ExportBcandImportBcmethods andIsBcImportExportImplementedto asymmetric keys which support ex-/import using a key info object - Added constructor to asymmetric private keys which accepts a Bouncy Castle private key, if the public key can be generated from that private key
- Added
BouncyCastleAsymmetricAlgorithmBasewhich supports any key generator type - Added Streamlined NTRU Prime asymmetric PQC key exchange algorithm
- Added BIKE asymmetric PQC key exchange algorithm
- Added HQC asymmetric PQC key exchange algorithm
- Added Picnic asymmetric PQC signature algorithm
Fixed bugs
- Fixed Falcon, FrodoKEM, CRYSTALS-Kyber, NTRUEncrypt and SPHINCS+ asymmetric public key
Bitsproperty
Full Changelog: v3.0.0...v3.1.0
Version 3.0.0
Important release notes
The Bouncy Castle NuGet package was updated to version 2.3.0. This brings some incompatibility issues from fixed bugs, new bugs and deprecations, which made me releasing wan24-Crypto-BC version 3.0.0 right after version 2.0.0, because those versions are sadly incompatible in too many cases. A version 4(+).0.0 will be released, if some bugs in a new Bouncy Castle NuGet package version have been fixed. All incompatibilities affect PQC keys only. Plase read the following information carefully, if you've used PQC algorithms with earlier versions of wan24-Crypto-BC.
FrodoKEM key serialization
The FrodoKEM key serialization was broken in earlier Bouncy Castle library NuGet package versions. With version 2.3.0 it was fixed.
wan24-Crypto-BC version 3.0.0 uses the serialization from Bouncy Castle now (previously a custom serialization has been used). But it's incompatible with previously seriaized keys.
You'll need to convert the keys from wan24-Crypto-BC version <3 manually to become compatible with version 3. In the first step, use the old version to load the key and create compatible serialization data:
// For a private key
using AsymmetricFrodoKemPrivateKey key = ...;// Load the private key
byte[] privateKey = key.PrivateKey.GetPrivateKey();
byte[] publicKey = key.PublicKey.PublicKey.GetPublickey();
// For a public key
using AsymmetricFrodoKemPublicKey key = ...;// Load the public key
byte[] publicKey = key.PublicKey.GetPublickey();Store privateKey and publicKey to convert them with wan24-Crypto-BC version 3.0.0 later:
// Private key
FrodoPrivateKeyParameters privateKeyParameters = new(FrodoParameters.[UsedParameterSet], privateKey);
FrodoPublicKeyParameters publicKeyParameters = new(FrodoParameters.[UsedParameterSet], publicKey);
AsymmetricCipherKeyPair keys = new(publicKeyParameters, privateKeyParameters);
using AsymmetricFrodoKemPrivateKey key = new(keys);
// Public key
FrodoPublicKeyParameters publicKeyParameters = new(FrodoParameters.[UsedParameterSet], publicKey);
using AsymmetricFrodoKemPublicKey key = new(publicKeyParameters);WARNING: Previously used parameter sets are deprecated and removed from wan24-Crypto-BC version 3 - that's another issue to pay attention to! Anyway, you'll be able to work temporary with the converted AsymmetricFrodoKemPrivateKey and AsymmetricFrodoKemPublicKey, but you shouldn't store them, or you'll run into issues! Re-create them using the currently supported parameter sets instead.
SPHINCS+ key serialization
The SPHINCS+ key serialization worked in earlier Bouncy Castle library NuGet package versions. With version 2.3.0 the serialization is now broken.
wan24-Crypto-BC version 3.0.0 uses a custom serialization to fix the broken Bouncy Castle serialization now.
You'll need to convert the keys from wan24-Crypto-BC version <3 manually to become compatible with version 3. In the first step, use the old version to load the key and create compatible serialization data:
// For a private key
using AsymmetricSphincsPlusPrivateKey key = ...;// Load the private key
byte[] privateKey = key.PrivateKey.GetEncoded();
byte[] publicKey = key.PublicKey.PublicKey.GetEncoded();
// For a public key
using AsymmetricSphincsPlusPublicKey key = ...;// Load the public key
byte[] publicKey = key.PublicKey.PublicKey.GetEncoded();Store privateKey and publicKey to convert them with wan24-Crypto-BC version 3.0.0 later:
// Private key
SphincsPlusPrivateKeyParameters privateKeyParameters = new(SphincsPlusParameters.[UsedParameterSet], privateKey);
SphincsPlusPublicKeyParameters publicKeyParameters = new(SphincsPlusParameters.[UsedParameterSet], publicKey);
AsymmetricCipherKeyPair keys = new(publicKeyParameters, privateKeyParameters);
using AsymmetricSphincsPlusPrivateKey key = new(keys);
// Public key
SphincsPlusPublicKeyParameters publicKeyParameters = new(SphincsPlusParameters.[UsedParameterSet], publicKey);
using AsymmetricSphincsPlusPublicKey key = new(publicKeyParameters);WARNING: Previously used parameter sets are deprecated and removed from wan24-Crypto-BC version 3 - that's another issue to pay attention to! Anyway, you'll be able to work temporary with the converted AsymmetricSphincsPlusPrivateKey and AsymmetricSphincsPlusPublicKey, but you shouldn't store them, or you'll run into issues! Re-create them using the currently supported parameter sets instead.
NOTE: Since wan24-Crypto-BC version 3 implements only a work-around, another conversion will be required with future versions, as soon as the Bouncy Castle library was fixed!
Deprecated PQC key parameter sets
The current Bouncy Castle NuGet package version 2.3.0 deprecated the following key parameter sets, which have been used from wan24-Crypto-BC version <3:
- CRYSTALS-Kyber AES
- CRYSTALS-Dillithium AES
- FrodoKEM r3
- SPHINCS+ robust
Those parameter sets aren't usable with wan24-Crypto-BC version 3 anymore. So all
- CRYSTALS-Kyber
- CRYSTALS-Dillithium
- FrodoKEM
- SPHINCS+
keys, which have been created with a wan24-Crypto-BC version <3, can't be used with wan24-Crypto-BC version 3 anymore.
Any attempt to load a key with wan24-Crypto-BC version 3, which has previously been serialized by wan24-Crypto-BC version <3, will fail.
There's no work-around for that issue, you'll have to re-create the keys using the new parameter sets, as soon as you switch to wan24-Crypto-BC version 3.
NTRUEncrypt and FALCON key parameter sets are not affected from this issue. Those keys from wan24-Crypto-BC version <3 are fully compatible with wan24-Crypto-BC version 3. So if it's possible, you should re-create all affected keys using NTRUEncrypt and FALCON, before you switch to wan24-Crypto-BC version 3, finally.
Changes
Breaking changes
- CRYSTALS-Kyber and -Dilithium AES parameter sets are deprecated and removed - using non-AES parameter sets instead
- FrodoKEM r3 parameter sets are deprecated and removed - using AES parameter sets instead
- SPHINCS+ robust parameter sets are deprecated and removed - using haraka simple parameter sets instead
- SPHINCS+ key serialization is broken in the updated Bouncy Castle's NuGet package version 2.3.0, so the key serialization of
wan24-Crypto-BChad to be updated to use a custom serialization - FrodoKEM key serialization was fixed with the latest Bouncy Castle NuGet package version 2.3.0, so this algorithm will now be enabled per default - but custom key serialization is still required for the private key, 'cause the public key needs to be embedded
Additions
- Added XEd25519/448 algorithms which support signature and key exchange by converting a Ed25519/448 key to a X25519/448 key
BouncyCastleAsymmetricPrivateKeyBase.PublicKeycan be overridden now- Added
ToX25519/448PrivateKeyextensions forEd25519/448PrivateKeyParameters
Full Changelog: v2.0.0...v3.0.0
Version 2.0.0
Changes
Breaking changes
- Build target is .NET 8 now
- SHA3 hash/MAC algorithms are now not the default anymore and being used as .NET replacements only
- Separated base classes for asymmetric algorithms in PQC and non-PQC implementations (which have different serialization helpers)
- Asymmetric key data is PKCS#8 now
- Using AES-256-GCM AEAD (128 bit MAC) as default crypto algorithm for PAKE now
- Default key exchange algorithm is NTRU now
Additions
- Added Shake128/256 hash algorithms as .NET replacements
- Added Ed25519 and Ed448 asymmetric signature algorithms
- Added
BouncyCastleAsymmetricNonPqcPrivate/PublicSignatureKeyBase2to support a signer which requires a context constructor parameter - Added ECDH algorithm as replacement for the .NET variant from wan24-Crypto
- Added ECDSA algorithm as replacement for the .NET variant from wan24-Crypto
- Added
BcEllipticCurvesECDH and ECDSA elliptic curve helper - Added X25519 and X448 asymmetric key exchange algorithms
- Added own serialization logic for FrodoKEM and NTRU and enabled the algorithms to be available per default
- Added
CryptoEnvironment.(UpdateDefaultOptionsAfter)RemoveUnsupportedAlgorithms
Fixed bugs
- Fixed all SHA3 algorithms are considered to be post-quantum-safe
- Fixed wrong asymmetric PQC key data serialization
- Fixed PQC key exchange derive key from encapsulated secret methods had to clone the provided information (they'll be cleared from Bouncy Castle)
Full Changelog: v1.19.3...v2.0.0