v8.0.2

This is only relevant to Android and has no impact on other platforms.

Adds MLSKeyPackage.copyBytes().

v8.0.1

This release is relevant only for Kotlin. It adds several pseudo-constructors and accessors for newtypes around byte vectors.

For other platforms, no relevant changes are included.

v8.0.0

Highlights

This release contains the complete API necessary for history sharing in conversations. We've improved
the generated types in bindings to be more typesafe, and we've added the feature to rotate the key used
for the core crypto database.

Breaking changes

• Removed canClose(), and isLocked().

  Affected platforms: Web

  Migration: Only needed if you were relying on the output of canClose() before calling close():

  Call close() directly. Instead of handling the false case of canClose(), catch the error that
  close() may throw: Cannot close as multiple strong refs exist, then try again.

  The behavior of close() was adjusted, so that it waits for any running transaction to finish,
  instead of throwing an error.

• Removed mlsInitWithClientId, mlsGenerateKeypairs, e2eiDumpPKIEnv, deleteKeypackages,
  getCredentialInUse

  Affected platforms: Web, Android, iOS

  Migration: not needed, no client is using these functions.

• Changed the location of the Wasm bytecode file

  Affected platforms: Web

  The Wasm bytecode file, core-crypto-ffi_bg.wasm, has been moved to a
  subdirectory named autogenerated. While this is an internal change
  and should normally not be breaking, in reality it may break the Web
  client, which assumes the location of that internal file.

  Migration: update relevant paths in the Web client to point to the new
  location, under autogenerated, including in any calls to initWasmModule.

• Added a parameter refreshToken to newOidcChallengeRequest

  Affected platforms: Web

  This fixes an inconsistency between Web and other platforms.

  Migration: pass the refresh token received from the identity provider when
  calling newOidcChallengeRequest.

• Added a parameter context to newOidcChallengeResponse

  Affected platforms: Web

  Migration: pass the transaction context when calling newOidcChallengeResponse.

• Added encryptedMessage field to CommitBundle

  Affected platforms: Web, Android, iOS

  This field is used to bundle encrypted history secrets with a commit that adds a new
  history client.

  Migration: update any pattern-matching or other code that depends on the structure of
  MlsCommitBundle to include the new field. Also, make sure to update your implementation of the
  MlsTransport protocol/interface to include this field in the payload sent to the Delivery Service.

• ClientId is a newtype, not a bare byte array.

  Affected platforms: Web, Swift

  Migration: call new ClientId(id) to construct a ClientId, and id.copyBytes() to get a byte array out.

• ClientId wrapper accepts a byte array, not a string.

  Affected platforms: Android

  Migration: call .toByteArray() on the input.

• Ciphersuite is an exported public enum, not an integer

  Affected platforms: all

  Migration: use the relevant enum variant instead of an integer.

• SecretKey, ExternalSenderKey, GroupInfo, ConversationId, KeyPackage, Welcome are now newtypes

  Affected items:

  • CoreCryptoContext.exportSecretKey (aka CoreCryptoContext.deriveAvsSecret) now returns a SecretKey
  • (kotlin) AvsSecret newtype removed in favor of SecretKey
  • CoreCryptoContext.getExternalSender now returns an ExternalSenderKey
  • ConversationConfiguration::external_senders now accepts ExternalSenderKeys
  • CoreCryptoContext.joinByExternalCommit now accepts a GroupInfo
  • GroupInfoBundle now contains a GroupInfo
  • Many CoreCryptoContext methods now accept a ConversationId newtype instead of a byte array
  • HistoryObserver and EpochObserver now produce ConversationId instances instead of byte arrays
  • CoreCryptoContext.clientKeypackages now produces KeyPackages
  • CoreCryptoContext.addClientsToConversation now accepts KeyPackages
  • CommitBundle now might contain a Welcome
  • CoreCryptoContext.processWelcomeMessage now accepts a Welcome

  Affected platforms: all

  Migration: call .copyBytes() on the newtype to get access to the raw byte vector. To construct the newtype from a byte array, just use the appropriate constructor.

  In the past, Android (but only Android) had newtypes in these instances; other clients needed to work with a raw byte vector.
  We've decided to expand the use of newtypes around byte vectors in the FFI interface. This has several benefits:

  • Increased consistency between client FFI libraries
  • Reduced thickness of the high-level FFI wrappers
  • In some cases, we can avoid bidirectional data transfers across the FFI boundary, and just move pointers around instead.

• Removed PlaintextMessage, MlsMessage and SignaturePublicKey newtypes in favor of ByteArray

  Affected platforms: Android

  The Message newtypes were only used in CoreCryptoContext.encryptMessage and CoreCryptoContext.decryptMessage.
  SignaturePublicKey was used only for the return value of fun getPublicKey. The only usage we found was an immediate access of the byte vector.

  These types appear to provide no type safety benefits, instead only adding a bit of friction.

Features

• Support Android environments with 16k page size
• Added a module-level function updateDatabaseKey, to update the key of an existing CoreCrypto database
• Support for history sharing which can be enabled by calling enableHistorySharing() and disabled again by calling disableHistorySharing().

---

Features

• crypto-ffi: add updateDatabaseKey to JS bindings [WPB-18538] (e35f1a5)
• crypto-ffi: add updateDatabaseKey to Kotlin bindings [WPB-18538] (373fc4e)
• crypto-ffi: add updateDatabaseKey to bindings [WPB-18538] (f682a15)
• keystore: add a way to rekey the db on Wasm [WPB-18538] (a62cfb5)
• keystore: add a way to rekey the db on non-Wasm platforms [WPB-18538] (54d5fd1)
• [breaking] remove can_close() and isLocked() [WPB-17633] (58b4aa2)
• update history client on member remove [WPB-17096] (714ff73)
• update Android NDK to 28.1 [WPB-18293] (6101eb8)
• implement enabling and disabling history sharing [WPB-17106] (b036967)
• add is_history_sharing_enabled() [WPB-17106] (0b9eedf)
• [breaking] add field to MlsCommitBundle [WPB-17106] (eb30ab6)
• [breaking] crypto-ffi: remove deleteKeypackages (4c5def3)
• introduce HistoryObserver (43ceb73)
• [breaking] crypto: remove e2ei_dump_pki_env and related code (7927ebb)
• [breaking] crypto-ffi: remove e2eiDumpPKIEnv and related functions (b444f13)
• introduce Metabuilder (f556fc7)
• support instantiating sessions with mixed credential types (c8471b2)
• allow session instantiation with test chain and basic credentials (c700f04)
• add all required abstactions (a59c587)
• [breaking] crypto-ffi: remove wasmFilePath (92e6dad)
• [breaking] crypto-ffi: bindings: remove getCredentialInUse (81a75a8)
• crypto: remove generate_raw_keypairs (1ea2b76)
• [breaking] crypto-ffi: remove mls_generate_keypairs (5d5cdc1)
• [breaking] crypto-ffi: bindings: remove mlsGenerateKeypairs (ad9a6b8)
• [breaking] crypto: remove init_with_external_client_id (625cbec)
• [breaking] crypto-ffi: remove mls_init_with_client_id (40bbbeb)
• [breaking] crypto-ffi: bindings: remove mlsInitWithClientId (10a80ca)
• add remove_guarded() (6733dad)
• add `update_guard...

v7.0.2

Highlights

Upgrade OpenMLS to fix a bug where the ratchet tree would sometimes become corrupt leading to broken MLS groups.

Bug Fixes

• update openmls [WPB-18569] (7ca7ba7)

v7.0.1

Bug Fixes

• initWasm was being called with the wrong property field. (ca1706d)
• allow registering epoch observer before calling mls_init (3f0605a)

v7.0.0

Breaking changes

The typescript bindings no longer implicitly load the wasm module when importing the core crypto module. To replace
this behaviour the async initWasmModule() function has been added, which must be called before any other core crypto
function.

Features

• remove top level await and expose async init method instead (ce6e566)
• expose historyClient constructor to swift (22d98de)
• expose historyClient constructor to kotlin (b16839d)
• expose historyClient constructor to wasm (3c2531a)
• expose history_client constructor publicly (c24fcc3)
• restore history secrets (5643e87)
• add fn history_client(HistorySecret) -> CoreCrypto (8b7b7d4)
• add fn generate_history_secret (a998dec)

Bug Fixes

• crypto-ffi: fix naming and attributes of WelcomeBundle fields on Wasm (1b2e88b)
• prevent cancellations during transactions (Kotlin) (75217d5)
• prevent cancellations during transactions (Kotlin) (ae621b7)

Testing

• add TestConversation::remove (70c2c26)
• add TestConversation::transport (67a76fd)
• add TestConversation::external_join (b332e79)
• add TestConversation struct (d3401b8)
• support x509 scenarios in test case sessions (7e2eef9)
• add case for communication x509 -> history client (b1f9216)
• add a test that ephemeral clients can be created and used (48b8915)

v5.4.0

What's Changed

Highlights

Kotlin bindings only: transactions are now NonCancellable,
as required by Uniffi. This prevents a category of bug where Kotlin thinks a transaction
has been cancelled, while Rust thinks it is still running.

Full Changelog: v5.3.0...v5.4.0

v6.0.1

Bug Fixes

• swift publishing CI action (d1030e1)

v6.0.0

Highlights

• Changed the core crypto database key format, to enable validation of the same and ensure consistency between platforms
• Added a function for each platform to migrate from the old to the new key type
• Several more bug fixes, including prevention of the pending commit error

Breaking changes

• Changed the core crypto database key format

  Affected platforms: Web, Android, iOS

  Migration: before instantiating this version of core crypto for the first time, call migrateDatabaseKeyTypeToBytes()
  with the appropiate arguments (old key and your new key) exactly once.
  Then, instantiate core crypto with the new key.

  Note: Make sure the new key is not based on a string, and provide full 256 bits of entropy.

  Note: Instantiating this version of core crypto will fail before you call the migration function.

Bug Fixes

• clear pending commit before creating a new one [WPB-17356] (a937c9d)
• re-throw inner error which cancelled the transaction (840bc10)
• add registerEpochObserver to CoreCryptoProtocol (6e4ffc7)
• create an interface for ConversationConfiguration (f18d3e8)
• handle pending conversation when getting conversation (931b4d4)
• fix ffi incompatibilities in high-level swift wrapper (1576bd8)
• fix ffi incompatibilities in high-level kotlin wrapper (09bf52f)
• ensure that we don't change the interface of WireIdentity (35d348d)
• duck types are not trait objects (4d91669)
• fix ffi incompatibilities in high-level ts wrapper (f892f42)
• broken swift bindings by publishing uniffi framework separately (bed051d)
• don't refer to the internal uniffi EpochObserver type in the public API (b959576)
• re-expose proteus_reload_session which removed by mistake (08f3e34)
• [breaking] add a swift function to migrate the database key (390e5c8)
• crypto-ffi: add a Kotlin migration function for database key type change (842aeb4)
• keystore: add a key type migration function for non-Wasm platforms (0442812)
• crypto-ffi: add a JS migration function for database key type change (ff1c7b9)
• keystore: add a key type migration function for Wasm (2b323b3)
• [breaking] crypto-ffi: update Kotlin wrapper to use the DatabaseKey type (4192311)
• [breaking] crypto-ffi: update JS wrapper to use the DatabaseKey type (a655618)
• [breaking] crypto-ffi: use DatabaseKey instead of string for the database key (2dff46a)
• [breaking] mls-provider: use DatabaseKey instead of string for the database key (7538805)
• [breaking] crypto: use DatabaseKey instead of string for the database key (05782fa)
• [breaking] keystore: introduce a DatabaseKey newtype and move away from strings (6307183)
• swift publishing failing due to not running on latest macos runner (385f031)

Documentation

• update Readme.md (562d59f)
• update CHANGELOG with v3.1.1 info (415c290)
• fix doc warnings in js bindings (5c0ef34)

Testing

• add test reproducing pending commit bug [WPB-17356] (9b84901)
• Kotlin: extend epoch observer test (0039d6f)
• port tests of static functions to bun (5519022)
• port web test utils to bun test utils (dbdc6f2)
• add bun test infrastructure (59d9f69)
• crypto-ffi: add a Swift test for migrating the db key type (c507512)
• crypto-ffi: add a Kotlin test for migrating the db key type (821f016)
• crypto-ffi: add a JS test for migrating the db key type (9fcd942)
• fix constant interop http server test port (f7bbf6f)

v5.3.0

Bug Fixes

• re-throw inner error which cancelled the transaction (Swift) (0c282b2)