Releases: signalapp/libsignal
Releases · signalapp/libsignal
v0.19.3
- attest: CDS2 verification now checks that the quote collateral is valid at some point in the future (currently 24h) rather than now, mainly to address clock skew on the local device. - attest: An API has been added for libsignal-server to extract attestation metrics from serialized evidence and endorsements.
v0.19.2
- device-transfer: Encoded private keys once again use PKCS#8 DER. - Node: Restored compatibility with Apple Silicon Macs on NPM. - Node: Restored compatibility with Ubuntu 16 on NPM.
v0.19.1
Fix the Docker build, and remove the dependency on the cargo-ndk tool. No functionality change in libsignal itself.
v0.19.0
Intel DCAP-based attestation is now fully implemented for CDS2! The "NOT_FOR_PRODUCTION" static methods on CdsiClient have been replaced by normal constructors in Java and Swift and a plain 'new' method in TypeScript. Additional changes: - attest and device-transfer now depend on the 'boring' crate, which wraps BoringSSL. This may complicate cross-compilation; only Signal's supported platforms have been tested, plus light testing of Arm64 Windows and Linux. - Node: Expose missing IdentityKeyPair.deserialize(). - zkgroup: the generate-server-params binary target allows updating your private server parameters in a backwards-compatible way. Only useful if you run your own group server. - Rust: in libsignal-protocol, device IDs and pre-key IDs now use strongly-typed wrapper structs rather than plain integers.
v0.18.1
- Deprecate zkgroup methods operating on PniCredentials - node: Expose AuthCredentialWithPni and ExpiringProfileKeyCredential through '@signalapp/libsignal/zkgroup'.
v0.18.0: This release introduces two new credentials in zkgroup,
ExpiringProfileKeyCredential and AuthCredentialWithPni. Both credentials have presentations usable with the existing ProfileKeyPresentation and AuthCredentialPresentation variant types, respectively. There have been some corresponding changes to existing APIs: - zkgroup's RedemptionTime type has been renamed to CoarseRedemptionTime, and ReceiptExpirationTime to plain Timestamp. These fields were previously treated opaquely, but are now expected to be days and seconds since the Unix epoch, respectively. (This matches how they're used in Signal.) - Node: ReceiptCredential.getReceiptExpirationTime() and ReceiptCredentialPresentation.getReceiptExpirationTime() now return a number rather than a bigint, since any valid expiration time fits within MAX_SAFE_INTEGER. - AuthCredentialPresentation.getRedemptionTime() now returns Instant (Java), Date (Swift), Date (TypeScript), or zkgroup::Timestamp (Rust). Previously it returned a 32-bit integer. Likewise, verifyAuthCredentialPresentation() now takes an Instant/Date/Date/Timestamp to represent the current time. - AuthCredentialPresentation.getPniCiphertext() has been added, returning null for older credential versions. - verifyProfileKeyCredentialPresentation() now takes an Instant (Java), Date (Swift), Date (TypeScript), or zkgroup::Timestamp (Rust) representing the current time. This is an optional parameter in every language but Rust; if omitted, the current time will be used. - getStructurallyValidV1PresentationBytes() has been added to ProfileKeyCredentialPresentation to smooth over a use case where presentations are read by other clients and not just the server. - The server "zkgroup parameters" have grown and will need updating. The new parameters are backwards-compatible with the old parameters as long as the values for existing keys are not changed. Other changes: - The 'needsPniSignature' field in SessionRecords has been removed. - Node: zkgroup "ByteArray" types are now correctly distinguished by the TypeScript compiler instead of being treated as interchangeable.
v0.17.0
Introduces initial, not-for-production client bindings for CDS2, the upcoming version of Signal’s Contact Discovery Service. CDS2 runs on Intel SGX over a Noise channel, similar to how HsmEnclave runs on HSMs over a Noise channel. The existing ‘hsm-enclave’ crate has been merged into the new ‘attest’ crate. Additional changes: - Node: Test with plain 'mocha' instead of 'electron-mocha' - Java: Fix Dockerfile for an actually-reproducible build - Rust: Update our fork of curve25519-dalek to match upstream 3.2.1
v0.16.0
The format of the zkgroup credential presentations has changed (AuthCredentialPresentation, ProfileKeyCredentialPresentation, PniCredentialPresentation). The server will accept v1 or v2 presentations, but clients will always produce v2. Other changes: - zkgroup: Several operations sped up through caching the "system params". - Java: A ProGuard file is included in the jars for libsignal-client and libsignal-server to ensure that ProGuard and R8 do not strip declarations used via JNI. - Java: InvalidSenderKeySessionException is now correctly packaged in the jar. - Java: The published artifacts for libsignal-client and libsignal-server will now include native M1 Mac support.
v0.15.1
- Java: update reproducible build to Debian Buster (from Stretch), and ensure compatibility with glibc 2.28
v0.15.0
A reorganizational release with many breaking changes. Swift: - **Renamed the CocoaPod to LibSignalClient** - Removed SignalError.invalidCiphertext in favor of 'invalidMessage' - Added SignalError.invalidSession and SignalError.invalidSenderKeySession - Removed SenderKeyRecord.init() Node: - **Renamed the NPM package to @signalapp/libsignal-client** - Removed SenderKeyRecord.new() - Renamed SignalClientError* to LibSignalError* - Added InvalidSessionError and InvalidSenderKeySessionError Java: - **Renamed the artifacts on Sonatype** under org.signal - org.whispersystems:signal-client-java -> org.signal:libsignal-client - org.whispersystems:signal-client-android -> org.signal:libsignal-android - org.whispersystems:libsignal-server -> org.signal:libsignal-server - **Renamed several packages** so everything is org.signal.libsignal: - org.whispersystems.libsignal -> org.signal.libsignal.protocol - org.whispersystems.libsignal.protocol -> org.signal.libsignal.protocol.message - org.whispersystems.libsignal.util.AndroidSignalProtocolLogger -> org.signal.libsignal.logging.AndroidSignalProtocolLogger - org.signal.zkgroup -> org.signal.libsignal.zkgroup - Re-enabled support for building the non-Android jars with JDK 8 - Fixed several incorrect exception specifications - Added InvalidSessionException and InvalidSenderKeySessionException - Removed SenderKeyRecord's no-argument constructor - 64-bit Android: Enabled run-time detection of CPU support for cryptographic operations Rust: - Overhaul of SignalProtocolError: - Removed ProtobufDecodingError, ProtobufEncodingError, InvalidCiphertext, and InternalError cases - Added InvalidSenderKeySession - Added a message to InvalidSessionStructure - Added distribution ID to NoSenderKeyState - Changed SessionNotFound's payload to a ProtocolAddress rather than a String - Added the message type to InvalidMessage