Release 2.0.0
· 3 min read
Version 2.0.0
- The ECL library's implementations of AES, SHA, and DRBGs is now used instead of MTE's original implementation.
- The ECL library's ESP32 implementation uses the ESP32's hardware cryptographic modules instead of software to the extent possible.
- The MTE algorithm has changed to add additional security. MTE 2.x outputs are not compatible with MTE 1.x outputs.
- The developer's guides have been updated extensively.
- The ARM64 functions and classes have been removed. The ARM64 PAA is now automatically enabled when available.
- The self-test functions have been removed.
- A new global init function is now required to be called in all cases. The language interfaces other than C take care of this automatically.
- The status codes have been rearranged to align with ECL. Some new codes were added as well.
- Save/restore state functions now return status which should be checked like all other status returns. The status may return an error when certain DRBG implementations are used.
- The language interfaces no longer claim to zeroize the nonce, since that never happened and was never a requirement.
- The language interfaces now zeroize the entropy in all cases where the language allows it for consistent security and to avoid confusion about when it happens or doesn't. The languages that do not allow it are commented to warn you about it not being zeroized.
- The core and fixed-length limited input range feature has been removed. All APIs that took the input byte range have changed to remove those options. All possible inputs are now supported in all cases.
- The MKE interface has been changed to remove the minToEncrypt option and always do encryption.
- MKE encrypt and decrypt chunk now return a status which must be checked.
- The MKE encrypt chunk interface changed to use state like decrypt.
- The Base64 state restore API has been improved to not overwrite the input.
- The entropy, nonce, and timestamp callbacks are no longer virtual (or equivalent). There are now callback interfaces to allow you to use a plugin to override any or all of the callbacks instead of deriving from an encoder or decoder class. This allows for more reuse and is easier to use.
- The jailbreak detection classes have been condensed down to use the new nonce plugin.
- There are now Node.js command line WASM demos in addition to the browser demos.
- Language interfaces have added default constructors/initializers/factory methods which should be used in most cases. The default constructors take care of build-time options and will default to reasonable runtime options. Only in cases where you have runtime options you need to control fully should you use the constructors/initializers that take all options.
- Language interfaces are now versioned to match the MTE version and check for a match against the library to ensure compatibility.
- The C# language interface has been tweaked to support older .NET versions. The developer's guide lists the supported versions.
- Added additional documentation files describing how to set up MTE-capable projects in Android Studio and Xcode.