v0.19.0

Intel DCAP-based attestation is now fully implemented for CDS2! The
"NOT_FOR_PRODUCTION" static methods on CdsiClient have been replaced
by normal constructors in Java and Swift and a plain 'new' method in
TypeScript.

Additional changes:

- attest and device-transfer now depend on the 'boring' crate, which
  wraps BoringSSL. This may complicate cross-compilation; only
  Signal's supported platforms have been tested, plus light testing
  of Arm64 Windows and Linux.

- Node: Expose missing IdentityKeyPair.deserialize().

- zkgroup: the generate-server-params binary target allows updating
  your private server parameters in a backwards-compatible way. Only
  useful if you run your own group server.

- Rust: in libsignal-protocol, device IDs and pre-key IDs now use
  strongly-typed wrapper structs rather than plain integers.

v0.18.1

- Deprecate zkgroup methods operating on PniCredentials
- node: Expose AuthCredentialWithPni and ExpiringProfileKeyCredential
  through '@signalapp/libsignal/zkgroup'.

v0.18.0: This release introduces two new credentials in zkgroup,

ExpiringProfileKeyCredential and AuthCredentialWithPni. Both
credentials have presentations usable with the existing
ProfileKeyPresentation and AuthCredentialPresentation variant types,
respectively. There have been some corresponding changes to existing
APIs:

- zkgroup's RedemptionTime type has been renamed to
  CoarseRedemptionTime, and ReceiptExpirationTime to plain Timestamp.
  These fields were previously treated opaquely, but are now expected
  to be days and seconds since the Unix epoch, respectively. (This
  matches how they're used in Signal.)

- Node: ReceiptCredential.getReceiptExpirationTime() and
  ReceiptCredentialPresentation.getReceiptExpirationTime() now return
  a number rather than a bigint, since any valid expiration time fits
  within MAX_SAFE_INTEGER.

- AuthCredentialPresentation.getRedemptionTime() now returns
  Instant (Java), Date (Swift), Date (TypeScript), or
  zkgroup::Timestamp (Rust). Previously it returned a 32-bit integer.
  Likewise, verifyAuthCredentialPresentation() now takes an
  Instant/Date/Date/Timestamp to represent the current time.

- AuthCredentialPresentation.getPniCiphertext() has been added,
  returning null for older credential versions.

- verifyProfileKeyCredentialPresentation() now takes an
  Instant (Java), Date (Swift), Date (TypeScript), or
  zkgroup::Timestamp (Rust) representing the current time. This is an
  optional parameter in every language but Rust; if omitted, the
  current time will be used.

- getStructurallyValidV1PresentationBytes() has been added to
  ProfileKeyCredentialPresentation to smooth over a use case where
  presentations are read by other clients and not just the server.

- The server "zkgroup parameters" have grown and will need updating.
  The new parameters are backwards-compatible with the old parameters
  as long as the values for existing keys are not changed.

Other changes:

- The 'needsPniSignature' field in SessionRecords has been removed.

- Node: zkgroup "ByteArray" types are now correctly distinguished by
  the TypeScript compiler instead of being treated as interchangeable.

v0.17.0

Introduces initial, not-for-production client bindings for CDS2, the upcoming version of Signal’s Contact Discovery Service. CDS2 runs on Intel SGX over a Noise channel, similar to how HsmEnclave runs on HSMs over a Noise channel. The existing ‘hsm-enclave’ crate has been merged into the new ‘attest’ crate.

Additional changes:
- Node: Test with plain 'mocha' instead of 'electron-mocha'
- Java: Fix Dockerfile for an actually-reproducible build
- Rust: Update our fork of curve25519-dalek to match upstream 3.2.1

v0.16.0

The format of the zkgroup credential presentations has changed
(AuthCredentialPresentation, ProfileKeyCredentialPresentation,
PniCredentialPresentation). The server will accept v1 or v2
presentations, but clients will always produce v2.

Other changes:

- zkgroup: Several operations sped up through caching the "system
  params".

- Java: A ProGuard file is included in the jars for libsignal-client
  and libsignal-server to ensure that ProGuard and R8 do not strip
  declarations used via JNI.

- Java: InvalidSenderKeySessionException is now correctly packaged
  in the jar.

- Java: The published artifacts for libsignal-client and
  libsignal-server will now include native M1 Mac support.

v0.15.1

- Java: update reproducible build to Debian Buster (from Stretch),
  and ensure compatibility with glibc 2.28

v0.15.0

A reorganizational release with many breaking changes.

Swift:
- **Renamed the CocoaPod to LibSignalClient**
- Removed SignalError.invalidCiphertext in favor of 'invalidMessage'
- Added SignalError.invalidSession and
  SignalError.invalidSenderKeySession
- Removed SenderKeyRecord.init()

Node:
- **Renamed the NPM package to @signalapp/libsignal-client**
- Removed SenderKeyRecord.new()
- Renamed SignalClientError* to LibSignalError*
- Added InvalidSessionError and InvalidSenderKeySessionError

Java:
- **Renamed the artifacts on Sonatype** under org.signal
  - org.whispersystems:signal-client-java ->
      org.signal:libsignal-client
  - org.whispersystems:signal-client-android ->
      org.signal:libsignal-android
  - org.whispersystems:libsignal-server ->
      org.signal:libsignal-server
- **Renamed several packages** so everything is org.signal.libsignal:
  - org.whispersystems.libsignal ->
      org.signal.libsignal.protocol
  - org.whispersystems.libsignal.protocol ->
      org.signal.libsignal.protocol.message
  - org.whispersystems.libsignal.util.AndroidSignalProtocolLogger ->
      org.signal.libsignal.logging.AndroidSignalProtocolLogger
  - org.signal.zkgroup ->
      org.signal.libsignal.zkgroup
- Re-enabled support for building the non-Android jars with JDK 8
- Fixed several incorrect exception specifications
- Added InvalidSessionException and InvalidSenderKeySessionException
- Removed SenderKeyRecord's no-argument constructor
- 64-bit Android: Enabled run-time detection of CPU support for
  cryptographic operations

Rust:
- Overhaul of SignalProtocolError:
  - Removed ProtobufDecodingError, ProtobufEncodingError,
    InvalidCiphertext, and InternalError cases
  - Added InvalidSenderKeySession
  - Added a message to InvalidSessionStructure
  - Added distribution ID to NoSenderKeyState
  - Changed SessionNotFound's payload to a ProtocolAddress rather than
    a String
  - Added the message type to InvalidMessage

v0.14.0

New: the Java build produces an additional 'libsignal-server'
artifact, intended for use with the Signal chat and storage servers.
At this time this is mostly an updated delivery vehicle for the
ZKGroup APIs, but may include additional APIs in the future.

Breaking changes

- Java: Removed local copies of Guava library classes in favor of
  standard Java classes, specifically java.util.Optional.
- Java: SignalMessage::verifyMac can now throw InvalidKeyException
  if the provided MAC key is invalid. (In general users of
  SignalMessage should not need to call this directly.)

Other changes

- Java: Published signal-client-java artifacts now include Mac and
  Windows JNI libraries as well. Previously only the "testable"
  variant included these libraries.
- Java: update to Gradle 7.4
- Node: update to Neon 0.10.0
- Node: update to node-gyp 8.4.1 for MSVS 2022 support

v0.13.0

- Swift and Node now take a buffer for HsmEnclaveClient's public key
  instead of a public key object, matching the Java API.
- Swift: Fix HsmEnclaveClient's decryption to actually decrypt.
- Node: Build the NPM package for arm64 Linux as well.

No changes for Java compared to the 0.12.x series.

v0.12.4

- Node: Improve compatibility with plain JavaScript and esbuild