v8.0.0

Highlights

This release contains the complete API necessary for history sharing in conversations. We've improved
the generated types in bindings to be more typesafe, and we've added the feature to rotate the key used
for the core crypto database.

Breaking changes

• Removed canClose(), and isLocked().

  Affected platforms: Web

  Migration: Only needed if you were relying on the output of canClose() before calling close():

  Call close() directly. Instead of handling the false case of canClose(), catch the error that
  close() may throw: Cannot close as multiple strong refs exist, then try again.

  The behavior of close() was adjusted, so that it waits for any running transaction to finish,
  instead of throwing an error.

• Removed mlsInitWithClientId, mlsGenerateKeypairs, e2eiDumpPKIEnv, deleteKeypackages,
  getCredentialInUse

  Affected platforms: Web, Android, iOS

  Migration: not needed, no client is using these functions.

• Changed the location of the Wasm bytecode file

  Affected platforms: Web

  The Wasm bytecode file, core-crypto-ffi_bg.wasm, has been moved to a
  subdirectory named autogenerated. While this is an internal change
  and should normally not be breaking, in reality it may break the Web
  client, which assumes the location of that internal file.

  Migration: update relevant paths in the Web client to point to the new
  location, under autogenerated, including in any calls to initWasmModule.

• Added a parameter refreshToken to newOidcChallengeRequest

  Affected platforms: Web

  This fixes an inconsistency between Web and other platforms.

  Migration: pass the refresh token received from the identity provider when
  calling newOidcChallengeRequest.

• Added a parameter context to newOidcChallengeResponse

  Affected platforms: Web

  Migration: pass the transaction context when calling newOidcChallengeResponse.

• Added encryptedMessage field to CommitBundle

  Affected platforms: Web, Android, iOS

  This field is used to bundle encrypted history secrets with a commit that adds a new
  history client.

  Migration: update any pattern-matching or other code that depends on the structure of
  MlsCommitBundle to include the new field. Also, make sure to update your implementation of the
  MlsTransport protocol/interface to include this field in the payload sent to the Delivery Service.

• ClientId is a newtype, not a bare byte array.

  Affected platforms: Web, Swift

  Migration: call new ClientId(id) to construct a ClientId, and id.copyBytes() to get a byte array out.

• ClientId wrapper accepts a byte array, not a string.

  Affected platforms: Android

  Migration: call .toByteArray() on the input.

• Ciphersuite is an exported public enum, not an integer

  Affected platforms: all

  Migration: use the relevant enum variant instead of an integer.

• SecretKey, ExternalSenderKey, GroupInfo, ConversationId, KeyPackage, Welcome are now newtypes

  Affected items:

  • CoreCryptoContext.exportSecretKey (aka CoreCryptoContext.deriveAvsSecret) now returns a SecretKey
  • (kotlin) AvsSecret newtype removed in favor of SecretKey
  • CoreCryptoContext.getExternalSender now returns an ExternalSenderKey
  • ConversationConfiguration::external_senders now accepts ExternalSenderKeys
  • CoreCryptoContext.joinByExternalCommit now accepts a GroupInfo
  • GroupInfoBundle now contains a GroupInfo
  • Many CoreCryptoContext methods now accept a ConversationId newtype instead of a byte array
  • HistoryObserver and EpochObserver now produce ConversationId instances instead of byte arrays
  • CoreCryptoContext.clientKeypackages now produces KeyPackages
  • CoreCryptoContext.addClientsToConversation now accepts KeyPackages
  • CommitBundle now might contain a Welcome
  • CoreCryptoContext.processWelcomeMessage now accepts a Welcome

  Affected platforms: all

  Migration: call .copyBytes() on the newtype to get access to the raw byte vector. To construct the newtype from a byte array, just use the appropriate constructor.

  In the past, Android (but only Android) had newtypes in these instances; other clients needed to work with a raw byte vector.
  We've decided to expand the use of newtypes around byte vectors in the FFI interface. This has several benefits:

  • Increased consistency between client FFI libraries
  • Reduced thickness of the high-level FFI wrappers
  • In some cases, we can avoid bidirectional data transfers across the FFI boundary, and just move pointers around instead.

• Removed PlaintextMessage, MlsMessage and SignaturePublicKey newtypes in favor of ByteArray

  Affected platforms: Android

  The Message newtypes were only used in CoreCryptoContext.encryptMessage and CoreCryptoContext.decryptMessage.
  SignaturePublicKey was used only for the return value of fun getPublicKey. The only usage we found was an immediate access of the byte vector.

  These types appear to provide no type safety benefits, instead only adding a bit of friction.

Features

• Support Android environments with 16k page size
• Added a module-level function updateDatabaseKey, to update the key of an existing CoreCrypto database
• Support for history sharing which can be enabled by calling enableHistorySharing() and disabled again by calling disableHistorySharing().

---

Features

• crypto-ffi: add updateDatabaseKey to JS bindings [WPB-18538] (e35f1a5)
• crypto-ffi: add updateDatabaseKey to Kotlin bindings [WPB-18538] (373fc4e)
• crypto-ffi: add updateDatabaseKey to bindings [WPB-18538] (f682a15)
• keystore: add a way to rekey the db on Wasm [WPB-18538] (a62cfb5)
• keystore: add a way to rekey the db on non-Wasm platforms [WPB-18538] (54d5fd1)
• [breaking] remove can_close() and isLocked() [WPB-17633] (58b4aa2)
• update history client on member remove [WPB-17096] (714ff73)
• update Android NDK to 28.1 [WPB-18293] (6101eb8)
• implement enabling and disabling history sharing [WPB-17106] (b036967)
• add is_history_sharing_enabled() [WPB-17106] (0b9eedf)
• [breaking] add field to MlsCommitBundle [WPB-17106] (eb30ab6)
• [breaking] crypto-ffi: remove deleteKeypackages (4c5def3)
• introduce HistoryObserver (43ceb73)
• [breaking] crypto: remove e2ei_dump_pki_env and related code (7927ebb)
• [breaking] crypto-ffi: remove e2eiDumpPKIEnv and related functions (b444f13)
• introduce Metabuilder (f556fc7)
• support instantiating sessions with mixed credential types (c8471b2)
• allow session instantiation with test chain and basic credentials (c700f04)
• add all required abstactions (a59c587)
• [breaking] crypto-ffi: remove wasmFilePath (92e6dad)
• [breaking] crypto-ffi: bindings: remove getCredentialInUse (81a75a8)
• crypto: remove generate_raw_keypairs (1ea2b76)
• [breaking] crypto-ffi: remove mls_generate_keypairs (5d5cdc1)
• [breaking] crypto-ffi: bindings: remove mlsGenerateKeypairs (ad9a6b8)
• [breaking] crypto: remove init_with_external_client_id (625cbec)
• [breaking] crypto-ffi: remove mls_init_with_client_id (40bbbeb)
• [breaking] crypto-ffi: bindings: remove mlsInitWithClientId (10a80ca)
• add remove_guarded() (6733dad)
• add update_guarded_with() (8d98ef2)
• add advance_epoch() API (f2c2592)

Bug Fixes

• no emitted warning on wasm_bindgen errors [WPB-15468] (124356d)
• proteus error type mapping (2ec2fa9)
• add missing API to CoreCryptoProtocol [WPB-18634] (a816979)
• Error::ConversationAlreadyExists has a byte vector not handle (1660757)
• use new types where appropriate (19b1ffa)
• use appropriate types in observer indirectors (a04259f)
• document SecretKey (366a1e9)
• ciphersuite not cipherSuite (6594972)
• epoch observer observes a proper ConversationId type (77036e1)
• use proper ClientId in bun test utils (59db6f8)
• use proper ConversationId type in web bench (ba264f5)
• history observers observe ConversationId (102359e)
• do not store the signature key when instantiating a history client (b3f7720)
• invalid API Docs link in README.md (500c36f)
• building android bindings on a mac (67125cd)
• unreleased changes generation had an extra token (bc56760)
• crypto-ffi: fix field names in X509Identity on wasm (6481d8c)
• initWasm was being called with the wrong property field. (ca52dbf)
• allow registering epoch observer before calling mls_init (0cad9a3)

Documentation

• upload swift docs into the right folder (902d8f2)
• build swift documentation in CI (a2f910f)
• update changelog: info about new field in MLsCommitBundle (d1431a3)
• include hyperlink to commit in git cliff output (6e209f5)
• publish unreleased changes to github pages (6c33a70)
• add internal links to high-level documents (0ca52eb)
• simplify docs directory structure (e9a7c2f)
• eliminate fake docs module / submodules (a459167)

Testing

• crypto-ffi: add a test for updateDatabaseKey in Swift bindings [WPB-18538] (a2160d8)
• crypto-ffi: add a test for updateDatabaseKey in JS bindings [WPB-18538] (7528b2a)
• crypto-ffi: add a test for updateDatabaseKey in Kotlin bindings [WPB-18538] (9111a32)
• error builds correctly when coming from cc or wasm_bindgen (aab8d60)
• proteus session not found maps to correct error type (0a481ef)
• re-add database tests which were accidentally omitted (185e90f)
• test history client update on remove (f2aa941)
• test history sharing [WPB-17106] (79025cd)
• remove leaf node validation tests [WPB-18083] (c2ae76d)
• fix: TestContext::sessions_x509() should always create x509 sessions (49ee4e6)
• add test handling self-commit after failed transaction [WPB-17464] (01a6d46)

Other Breaking Changes

• [breaking] crypto-ffi: tell wasm-bindgen to output files into a separate dir (e34b944)
• [breaking] eliminate certain wasm-specific discrepancies from core-crypto-ffi (1143d11)