From dec5fd8843e7dbe8f27b9c9556dac7c23d7a5bbf Mon Sep 17 00:00:00 2001 From: Amir Vakili Date: Mon, 13 Feb 2023 15:49:11 +0000 Subject: [PATCH] ACCP 2.0.0 release --- CHANGELOG.md | 12 +++++------- README.md | 29 ++++++++++++++--------------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a464fae1..76f91498 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 2.0.0 (Unreleased) +## 2.0.0 ### Overview This is a new major release of ACCP. We provide build artifacts for Linux-x86 @@ -20,15 +20,13 @@ This version is not backward compatible and the differences may affect your application. Some major features, such as non-EC DSA and non-EC DH key exchange algorithms, are removed. Other minor changes include, the implementation of the SecureRandom relies on AWS-LC’s DRBG and the name is changed from -`NIST800-90A/AES-CTR-256` to `LibCryptoRng`. - - -This is a major release that includes some breaking changes. ACCP has switched to using [AWS-LC](https://github.com/awslabs/aws-lc/) instead of OpenSSL as the backing native crypto engine. This transition has improved the performance of ACCP. We have tried to keep the breaking changes minimal, but they have been deemed necessary. [Optimized assembly implementation of algorithms and the usage of formal verification in AWS-LC](https://github.com/awslabs/aws-lc/blob/main/README.md) are among the reasons for ACCP to switch from OpenSSL to AWS-LC. Some of these examples include dropping the support for non-EC DSA and DH key exchange algorithms; moreover, AWS-LC and OpenSSL are not 100% compatible. We have tried to keep the incompatibilities hidden from ACCP users, and we will deal with such scenarios case by case in the future. - +`NIST800-90A/AES-CTR-256` to `LibCryptoRng`. AWS-LC and OpenSSL are not 100% compatible. +We have tried to keep the incompatibilities hidden from ACCP users, and we will deal +with such scenarios case by case in the future. ### Major changes * Support build and releases for Linux x86 and Linux aarch64 -* Use [AWS-LC](https://github.com/awslabs/aws-lc/) as the as the underlying cryptographic library +* Use [AWS-LC](https://github.com/awslabs/aws-lc/), [v1.4.0](https://github.com/awslabs/aws-lc/tree/v1.4.0), as the underlying cryptographic library * Drop support for (non-EC) DSA signatures * Drop support for (non-EC) Diffie-Hellman key exchange * Drop support for `secp192r1`, as well as most other non-NIST "legacy" curves diff --git a/README.md b/README.md index 21dc1baf..b3350d47 100644 --- a/README.md +++ b/README.md @@ -83,15 +83,10 @@ KeyFactory algorithms: # Compatibility & Requirements ACCP has the following requirements: * JDK8 or newer (This includes both OracleJDK and [Amazon Corretto](https://aws.amazon.com/corretto/)) -* 64-bit Linux or MacOs running on x86_64 (also known as x64 or AMD64) +* Linux (x86-64 or arm64) or MacOs running on x86_64 (also known as x64 or AMD64) If ACCP is used/installed on a system it does not support, it will disable itself and the JVM will behave as if ACCP weren't installed at all. -**Experimental** support for aarch64 (64-bit ARM) Linux systems was added in version 1.4.0. -(This is as an alternative to fully supported 64-bit Linux on x86_64.) -aarch64 support is still **experimental** and is not yet distributed via Maven. -If you want to experiment with ACCP on aarch64 platforms you will need to build it yourself as described later in this document. - # Using the provider ## Installation Installing via Maven or Gradle is the easiest way to get ACCP and ensure you @@ -99,28 +94,28 @@ will always have the most recent version. We strongly recommend you always pull in the latest version for best performance and bug-fixes. Whether you're using Maven, Gradle, or some other build system that also pulls -packages from Maven Central, it's important to specify `linux-x86_64` as the -classifier. You'll get an empty package otherwise. Note that ACCP will not be -available for MacOS on Maven Central until 2.0 is released. +packages from Maven Central, it's important to specify `linux-x86_64` or `linux-aarch64` as the +classifier. You'll get an empty package otherwise. Note that ACCP is not +available for MacOS on Maven Central yet. Regardless of how you acquire ACCP (Maven, manual build, etc.) you will still need to follow the guidance in the [Configuration section](#configuration) to enable ACCP in your application. ### Maven Add the following to your `pom.xml` or wherever you configure your Maven dependencies. -This will instruct it to use the most recent 1.x version of ACCP. +This will instruct it to use the latest `2.x` version of ACCP for Linux x86-64 platform. For more information, please see [VERSIONING.rst](https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/VERSIONING.rst). -The below snippet will pull in all versions of ACCP prior to the 2.0.0 release. Once 2.0.0 is released, we recommend that everyone switch to a specifier of `[2.0,3.0)`. - ```xml software.amazon.cryptools AmazonCorrettoCryptoProvider - [1.0,2.0) + [2.0, 3.0) linux-x86_64 ``` +The classifier attribute could be set to `linux-aarch64` to use ACCP on Linux ARM64 platforms. + ACCP artifacts on Maven can be verified using the following PGP keys: | ACCP Version | PGP Key ID | Key Server | @@ -133,15 +128,19 @@ ACCP artifacts on Maven can be verified using the following PGP keys: Add the following to your `build.gradle` file. If you already have a `dependencies` block in your `build.gradle`, you can add the ACCP line to your existing block. -This will instruct it to use the most recent 1.x version of ACCP. For more information, please see [VERSIONING.rst](https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/VERSIONING.rst). ```groovy dependencies { - implementation 'software.amazon.cryptools:AmazonCorrettoCryptoProvider:1.+:linux-x86_64' + implementation 'software.amazon.cryptools:AmazonCorrettoCryptoProvider:2.+:linux-x86_64' } ``` +For Gradle builds, the [os-detector plugin](https://github.com/google/osdetector-gradle-plugin) +could be used so that one does not have to explicitly specify the platform. +[Here](https://github.com/corretto/amazon-corretto-crypto-provider/blob/f1d54b34cf4765789314941dbeefdafd35a4da58/examples/gradle-kt-dsl/lib/build.gradle.kts#L30) +is an example. + ### Manual Manual installation requires acquiring the provider and adding it to your classpath. You can either download a prebuilt version of the provider or build it yourself.