This release fixes a bug in the TypeScript bindings where the commit delay could in some situations be undefined when receiving a proposal.

Bug Fixes

• in js 0 is falsy, which messes with ternary logic (e7b73c0)

This release fixes the issue where libcore_crypto_ffi.so had segments aligned on 4k instead of 16k on Android platforms.

Bug Fixes

• ci: use the correct NDK when building and packaging for Android [WPB-21347] (ce433fe)

Documentation

• README: add a note about ANDROID_NDK_HOME (5c98d7f)

• added typescript structured errors
• fix the message rejected reason not being propagated on web
• improvements to logs when epochs advance

As usual, the changelog contains most of the relevant details.

Breaking Changes

• v9.0.0 had erroneously renamed migrateDatabaseKeyTypeToBytes to migrateDbKeyTypeToBytes.
  This has been fixed, and migrateDatabaseKeyTypeToBytes is usable again on all platforms.

  Affected platforms: Android

Bug Fixes

• Kotlin documentation is now correctly generated and deployed.

Bug Fixes

• crypto-ffi: use the old parameter name (8d18b71)
• crypto-ffi: use the correct name, migrateDatabaseKeyTypeToBytes, for uniffi (870aaae)

Documentation

• eliminate :nodoc: by writing proper docs (f85d9fb)

Testing

• crypto-ffi: fix Kotlin test to use the correct API (b1d5509)

v9.0.0

Highlights

• we're now tying the Kotlin wrapper more closely to the generated bindings which allows for greater velocity
  when making changes in code that affects our API - this causes most of the breaking changes in this release
• removed cryptobox migration API
• in Swift, added protection against concurrent access from multiple core crypto instances
• added implicit obfuscation of sensitive data in logs
• reworked the entire build system and CI

For more details, see our changelog.

This is only relevant for Kotlin.

Fixes page size alignment for all supported linkers.

Adds ClientId.copyBytes().

Adds ClientId.toString().

Changes ClientId.value from ByteArray to the generated FFI type com.wire.crypto.uniffi.ClientId

This is only relevant to Android and has no impact on other platforms.

Adds MLSKeyPackage.copyBytes().

This release is relevant only for Kotlin. It adds several pseudo-constructors and accessors for newtypes around byte vectors.

For other platforms, no relevant changes are included.

Highlights

This release contains the complete API necessary for history sharing in conversations. We've improved
the generated types in bindings to be more typesafe, and we've added the feature to rotate the key used
for the core crypto database.

Breaking changes

• Removed canClose(), and isLocked().

  Affected platforms: Web

  Migration: Only needed if you were relying on the output of canClose() before calling close():

  Call close() directly. Instead of handling the false case of canClose(), catch the error that
  close() may throw: Cannot close as multiple strong refs exist, then try again.

  The behavior of close() was adjusted, so that it waits for any running transaction to finish,
  instead of throwing an error.

• Removed mlsInitWithClientId, mlsGenerateKeypairs, e2eiDumpPKIEnv, deleteKeypackages,
  getCredentialInUse

  Affected platforms: Web, Android, iOS

  Migration: not needed, no client is using these functions.

• Changed the location of the Wasm bytecode file

  Affected platforms: Web

  The Wasm bytecode file, core-crypto-ffi_bg.wasm, has been moved to a
  subdirectory named autogenerated. While this is an internal change
  and should normally not be breaking, in reality it may break the Web
  client, which assumes the location of that internal file.

  Migration: update relevant paths in the Web client to point to the new
  location, under autogenerated, including in any calls to initWasmModule.

• Added a parameter refreshToken to newOidcChallengeRequest

  Affected platforms: Web

  This fixes an inconsistency between Web and other platforms.

  Migration: pass the refresh token received from the identity provider when
  calling newOidcChallengeRequest.

• Added a parameter context to newOidcChallengeResponse

  Affected platforms: Web

  Migration: pass the transaction context when calling newOidcChallengeResponse.

• Added encryptedMessage field to CommitBundle

  Affected platforms: Web, Android, iOS

  This field is used to bundle encrypted history secrets with a commit that adds a new
  history client.

  Migration: update any pattern-matching or other code that depends on the structure of
  MlsCommitBundle to include the new field. Also, make sure to update your implementation of the
  MlsTransport protocol/interface to include this field in the payload sent to the Delivery Service.

• ClientId is a newtype, not a bare byte array.

  Affected platforms: Web, Swift

  Migration: call new ClientId(id) to construct a ClientId, and id.copyBytes() to get a byte array out.

• ClientId wrapper accepts a byte array, not a string.

  Affected platforms: Android

  Migration: call .toByteArray() on the input.

• Ciphersuite is an exported public enum, not an integer

  Affected platforms: all

  Migration: use the relevant enum variant instead of an integer.

• SecretKey, ExternalSenderKey, GroupInfo, ConversationId, KeyPackage, Welcome are now newtypes

  Affected items:

  • CoreCryptoContext.exportSecretKey (aka CoreCryptoContext.deriveAvsSecret) now returns a SecretKey
  • (kotlin) AvsSecret newtype removed in favor of SecretKey
  • CoreCryptoContext.getExternalSender now returns an ExternalSenderKey
  • ConversationConfiguration::external_senders now accepts ExternalSenderKeys
  • CoreCryptoContext.joinByExternalCommit now accepts a GroupInfo
  • GroupInfoBundle now contains a GroupInfo
  • Many CoreCryptoContext methods now accept a ConversationId newtype instead of a byte array
  • HistoryObserver and EpochObserver now produce ConversationId instances instead of byte arrays
  • CoreCryptoContext.clientKeypackages now produces KeyPackages
  • CoreCryptoContext.addClientsToConversation now accepts KeyPackages
  • CommitBundle now might contain a Welcome
  • CoreCryptoContext.processWelcomeMessage now accepts a Welcome

  Affected platforms: all

  Migration: call .copyBytes() on the newtype to get access to the raw byte vector. To construct the newtype from a byte array, just use the appropriate constructor.

  In the past, Android (but only Android) had newtypes in these instances; other clients needed to work with a raw byte vector.
  We've decided to expand the use of newtypes around byte vectors in the FFI interface. This has several benefits:

  • Increased consistency between client FFI libraries
  • Reduced thickness of the high-level FFI wrappers
  • In some cases, we can avoid bidirectional data transfers across the FFI boundary, and just move pointers around instead.

• Removed PlaintextMessage, MlsMessage and SignaturePublicKey newtypes in favor of ByteArray

  Affected platforms: Android

  The Message newtypes were only used in CoreCryptoContext.encryptMessage and CoreCryptoContext.decryptMessage.
  SignaturePublicKey was used only for the return value of fun getPublicKey. The only usage we found was an immediate access of the byte vector.

  These types appear to provide no type safety benefits, instead only adding a bit of friction.

Features

• Support Android environments with 16k page size
• Added a module-level function updateDatabaseKey, to update the key of an existing CoreCrypto database
• Support for history sharing which can be enabled by calling enableHistorySharing() and disabled again by calling disableHistorySharing().

Features

• crypto-ffi: add updateDatabaseKey to JS bindings [WPB-18538] (e35f1a5)
• crypto-ffi: add updateDatabaseKey to Kotlin bindings [WPB-18538] (373fc4e)
• crypto-ffi: add updateDatabaseKey to bindings [WPB-18538] (f682a15)
• keystore: add a way to rekey the db on Wasm [WPB-18538] (a62cfb5)
• keystore: add a way to rekey the db on non-Wasm platforms [WPB-18538] (54d5fd1)
• [breaking] remove can_close() and isLocked() [WPB-17633] (58b4aa2)
• update history client on member remove [WPB-17096] (714ff73)
• update Android NDK to 28.1 [WPB-18293] (6101eb8)
• implement enabling and disabling history sharing [WPB-17106] (b036967)
• add is_history_sharing_enabled() [WPB-17106] (0b9eedf)
• [breaking] add field to MlsCommitBundle [WPB-17106] (eb30ab6)
• [breaking] crypto-ffi: remove deleteKeypackages (4c5def3)
• introduce HistoryObserver (43ceb73)
• [breaking] crypto: remove e2ei_dump_pki_env and related code (7927ebb)
• [breaking] crypto-ffi: remove e2eiDumpPKIEnv and related functions (b444f13)
• introduce Metabuilder (f556fc7)
• support instantiating sessions with mixed credential types (c8471b2)
• allow session instantiation with test chain and basic credentials (c700f04)
• add all required abstactions (a59c587)
• [breaking] crypto-ffi: remove wasmFilePath (92e6dad)
• [breaking] crypto-ffi: bindings: remove getCredentialInUse (81a75a8)
• crypto: remove generate_raw_keypairs (1ea2b76)
• [breaking] crypto-ffi: remove mls_generate_keypairs (5d5cdc1)
• [breaking] crypto-ffi: bindings: remove mlsGenerateKeypairs (ad9a6b8)
• [breaking] crypto: remove init_with_external_client_id (625cbec)
• [breaking] crypto-ffi: remove mls_init_with_client_id (40bbbeb)
• [breaking] crypto-ffi: bindings: remove mlsInitWithClientId (10a80ca)
• add remove_guarded() (6733dad)
• add `update_guard...

Highlights

Upgrade OpenMLS to fix a bug where the ratchet tree would sometimes become corrupt leading to broken MLS groups.

Bug Fixes

• update openmls [WPB-18569] (7ca7ba7)