Release Notes

0.2.2

  • Fixes vulnerability to prevent output shared key (OSK) to be set or written again on a responder receiving the same InitConf message during a handshake.
  • This release has no impact for majority of users using Rosenpass with Wireguard

0.2.1

  • Improved code quality by applying clippy lints
  • Removed unnecessary unsafe keyword instances
  • Addressed stack overflow based test failure using the stacker crate
  • Added fix to reap lingering wireguard child-processes
  • Updated manpage
  • Split code into subcrates, added cargo workspace
  • Repaired benchmark code
  • Added a couple more unit tests

0.2.0

  • Refined CI for pre-release vs draft vs release artifacts
  • Added licensing information: MIT and Apache 2.0
  • Refined artwork
  • Refined whitepaper
  • Improved consistency of whitepaper by removing synonyms for Key Encapsulation Methods
  • Renamed protocol::Server to protocol::CryptoServer
  • Added examples for keyexchange and CryptoServer usage into code
  • Renamed EKEM/SKEM to EphermeralKEM/StaticKEM
  • Introduced consistent code formatting using cargo-fmt style hints
  • Further documentation improvements
  • Fixed crash on empty message handling
  • Added manpage
  • Moved from nixpkgs’ rustPlatform to naersk + fenix in the nix flake
  • Reworked CI target platforms (removed i686 Linux)
  • Rewrote Application server, introduced new CLI, added support for configuration files, added support for multiple listen sockets
  • Improved consistency: banned the usage of “private” to describe keys. It is now either “secret” or “public”. This avoids the potential for confusion between “pk” (public key) and “pk” (private key) by renaming “private key” to “secret key” (sk).
  • Added support for dualstack and non-dualstack IPv4 + IPv6 configurations
  • Added QC CI code independent of Nix (dissimalar redundancy, yay!)
  • Updated crate dependencies
  • Fixed race condition of concurrent handshakes
  • Added private-key legacy support to CLI parser (as outlined above, we strongly recommend that you define them as secret keys!!!1!)
  • Introduced Cachix for CI Nix caching (finally bearable feedack in time for more eager contributors)
  • Added the i686-linux back in, as the respective OQS bug was resolved
  • Updated flake.lock
  • Added autogenerated CI Nix workflow and its generator script
  • Added Mac OS CI build jobs
  • Added .gitlab-ci.yaml for mirroring to gitlab.com (also add mirror to https://gitlab.com/rosenpass/rosenpass )
  • Added dualstack support to rp script
  • Belatedly updated from liboqs-0.7.2 to liboqs-0.8.0
  • Added shellcheck to CI
  • Updated rust/Cargo.lock dependencies
  • Added freebsd support to rp script, prepared for other BSDs

0.1.1

  • Initial publication of the rosenpass tool, including associated whitepaper and artwork.
  • Proof-read the whitepaper
  • Added the nix-based development environment and CI
  • Disabled CI for Windows and aarch64-linux
  • Added automated release workflow