Propagating the mp4san new feature through all the layers of libsignal.
The feature allows seamless handling of transcoded MP4 files on Android, where multiple MDAT boxes (one per chunk of A/V streams) are first compounded and then passed to mp4san for format correction.
And expose an explicit setInvalidProxy, both for testing and in case
apps want to do their own connection-poisoning.
This makes it easier to be consistent about "if you try to set a proxy
that turns out not to be valid, the ConnectionManager should end up in
the invalid state until explicitly cleared", whether the validation is
done on the Rust side of the bridge or the app language side.
This takes a full set of components describing the connection to a
proxy: a scheme, a host, and optionally a port and auth information.
The previous `setProxy(String, u16)` signature is still available for
Signal TLS proxies in particular, but now we have the flexibility to
support other kinds of proxies as well.
This takes a full URL (as a string) to use as a proxy. The previous
`setProxy(String, int)` signature is still available for Signal TLS
proxies in particular, but now we have the flexibility to support
other kinds of proxies as well.
This is necessarily a breaking change because the EC key operations
can no longer return SignalProtocolError. However, the types are still
exported through libsignal_protocol, and SignalProtocolError
implements From<CurveError>, so hopefully any clients will be guided
to update to the new usage.
Other changes:
- PublicKey::public_key_bytes no longer uses Result; any future curve
types will also need to keep their public key in a borrowable form.
- PublicKey::verify_signature also no longer uses Result; if a future
curve type does not support verifying a signature, or if the
signature is structurally invalid, that should be treated the same
as a verification failure. (This is already how structurally invalid
Curve25519 signatures were being treated.)
This change allows other crates to depend on the smaller
libsignal_core rather than all of libsignal_protocol (though it also
means libsignal_core is no longer as small as it used to be).
Validates a backup frame-by-frame, bypassing the encryption,
compression, and integrity-checking layers. Intended for use during an
export the user is waiting for, such as linking a new device.
Rename BackupLevel::{Messages, Media} to {Free, Paid}, then add
BackupCredentialType::{Messages, Media}.
This is a breaking change for apps and the server, both because of the
new names, and because the credential attributes have changed (both
what's in a serialized credential, and what's included in the
signature).
This matches the split that has already happened in the TypeScript and
Swift APIs. For now, both AuthChat and UnauthChat are wrappers around
the same type, a fully general chat::Chat, but we expect to eventually
split that into authenticated and unauthenticated variants as well. At
that point we can consider whether the common implementation here is
still pulling its weight.
The class loader is a rare process-wide variable for us. When the
testing crates are compiled into the same .so as the main bridge
crates, they all use the same variable, but when we build for Android
we have two separate native library files that get loaded, and so we
need to initialize both.
This means they'll be shipped to clients, but still filtered out of
the device builds on Android (via having two separate libraries on
disk) and iOS (by not being included in non-simulator builds). The
biggest benefit of this is dropping the :android:makeTestJniLibraries
step for running libsignal's Android tests.
