83 lines
3.5 KiB
Markdown
83 lines
3.5 KiB
Markdown
# Changelog
|
|
|
|
## 2026-03-17
|
|
|
|
---
|
|
|
|
### Added
|
|
|
|
- Added AES-XTS and SM4-XTS APIs in `symm` and root wrappers:
|
|
- bytes APIs: `Encrypt*/Decrypt*XTS`
|
|
- data-unit indexed APIs: `Encrypt*/Decrypt*XTSAt`
|
|
- stream APIs: `Encrypt*/Decrypt*XTSStream`
|
|
- stream + data-unit indexed APIs: `Encrypt*/Decrypt*XTSStreamAt`
|
|
- Added XTS master-key split helpers:
|
|
- `SplitXTSMasterKey`
|
|
- `SplitAesXTSMasterKey`
|
|
- `SplitSM4XTSMasterKey`
|
|
- Added XTS parameter validation and explicit no-CTS behavior:
|
|
- dual keys must be non-empty and equal length
|
|
- `dataUnitSize` must be a positive multiple of 16
|
|
- non-stream input must be 16-byte aligned
|
|
- stream tail must be 16-byte aligned
|
|
- Added key-derivation APIs in `hashx` and root wrappers:
|
|
- `DerivePBKDF2SHA256Key` (`crypto/pbkdf2`, stdlib)
|
|
- `DerivePBKDF2SHA512Key` (`crypto/pbkdf2`, stdlib)
|
|
- `DeriveArgon2idKey` / `DeriveArgon2iKey` (`golang.org/x/crypto/argon2`)
|
|
- `Argon2Params` + `DefaultArgon2idParams`
|
|
- Added benchmark coverage for symmetric hot paths:
|
|
- AES/SM4 `GCM`, `CCM`, `XTS`
|
|
- AES/SM4 `XTS` stream path
|
|
- Added file random fill APIs:
|
|
- `FillWithRandom` (math/rand pseudo-random)
|
|
- `FillWithCryptoRandom` (crypto/rand secure random, may be slower)
|
|
- Added HMAC verify APIs (bytes + hex wrappers) in `macx` and root package.
|
|
- Added XTS standard-vector tests (IEEE P1619 subset) and XTS fuzz tests.
|
|
- Added CCM/XTS related test coverage for root wrappers and `symm`.
|
|
|
|
### Changed
|
|
|
|
- Refactored XTS internals to reduce duplication via shared factory/path.
|
|
- Switched AEAD options behavior to require explicit `Nonce` (no `IV` fallback in GCM/CCM paths).
|
|
- Reworked CFB-8 register update to ring-buffer state handling.
|
|
- Refined `README.md` structure and added:
|
|
- XTS usage/constraints documentation
|
|
- AEAD nonce non-reuse requirement
|
|
- AEAD `CipherOptions` nonce-only behavior note
|
|
- legacy GCM/CCM stream decryption memory warning
|
|
- `FillWithRandom` vs `FillWithCryptoRandom` guidance
|
|
- XTS `dataUnitIndex` mapping consistency note
|
|
|
|
## Unreleased
|
|
|
|
### Added
|
|
- Introduced subpackages and root wrappers:
|
|
- `asymm`, `symm`, `hashx`, `encodingx`, `paddingx`, `filex`, `legacy`, `macx`.
|
|
- Added Chinese `README.md` and Apache-2.0 `LICENSE`.
|
|
- Added `SM9` support in asymmetric APIs.
|
|
- Added `ChaCha20` and `ChaCha20-Poly1305` APIs (memory + stream wrappers where applicable).
|
|
- Added unified symmetric cipher options API:
|
|
- `CipherOptions{Mode, Padding, IV, Nonce, AAD}`.
|
|
- Added AEAD APIs and wrappers:
|
|
- `AES-GCM`, `SM4-GCM`, `AES-CCM`, `SM4-CCM` (bytes + chunk + stream helper APIs).
|
|
- Added more symmetric mode coverage for SM4:
|
|
- `ECB/CBC/CFB/OFB/CTR` (bytes + stream derived APIs).
|
|
- Added comprehensive tests across packages and root wrappers.
|
|
- Added fuzz tests for `paddingx`, `encodingx`, and `symm` round-trip invariants.
|
|
|
|
### Changed
|
|
- Refactored monolithic implementation to subpackage architecture while preserving root-package convenience APIs.
|
|
- AES mode APIs now support generic mode selection and derived mode helpers.
|
|
- Stream APIs expanded across AES/SM4/DES/3DES and ChaCha20.
|
|
- Updated docs to include a security-first recommendation and algorithm capability matrix.
|
|
- Updated dependencies and modules for current code paths (`gmsm`, `x/crypto`).
|
|
|
|
### Fixed
|
|
- Fixed Base128 encode/decode round-trip bug in `encodingx`.
|
|
- Corrected CRC32A test expectations and clarified CRC32A variant comments.
|
|
- Corrected default padding behavior for AES-CBC to PKCS7.
|
|
|
|
### Notes
|
|
- Legacy/insecure algorithms and modes remain available for compatibility.
|
|
- Production recommendations now explicitly prefer AEAD schemes.
|