Convert the *Key and keyPair properties on *PreKeyRecord to throwing
methods.
Since the usual constructor is strongly typed, these should only throw
when the serialized data is corrupted. But that is a possibility.
This follows Node in splitting out a base protocol for "disconnected"
events that the existing ChatListener protocol extends. It's a bit
more involved because of the helper class that keeps track of both the
listener and the ChatService, which can't be made generic because
Swift generics aren't monomorphized (and thus won't work as C function
pointers).
This is a breaking change in practice because the name of the callback
has changed (from chatServiceConnectionWasInterrupted to just
connectionWasInterrupted).
Use a similar strategy as for Node, but with an additional crate that serves as
the target for running cbindgen. The expectation is that since iOS links with
the native signal_ffi statically, the linker will be able to prune out the
unsued test-only code.
Remove the special handling code that detects EOF now that the upstream crate
has fixed the bug that was being worked around. This also fixes a bug where EOF
was being incorrectly detected when the provided buffer was empty. Add a test
case to prevent regression in the future.
...and pass that struct by reference.
This has some benefits and some drawbacks:
+ Type inference is (usually) more reliable; invokeAsyncFunction no
longer needs a "returning:" parameter for disambiguation.
+ We can add more fields to the promise structs as needed.
+ We can use the same argument for input and output.
- Before, every promise that produced an OpaquePointer could share one
protocol implementation on the Swift side. Now, they're separate.
- The manual type erasure code in the implementation of Completer has
gotten worse.
- Using the same argument for input and output may be confusing.
This ensures that if there's an error setting a proxy, the previous
settings won't continue to be used for new connections.
This only applies to the Java, Swift, and TypeScript layers; the Rust
layer's set_proxy isn't a fallible API in the first place today. The
Java API now explicitly throws a checked IOException instead of
IllegalArgumentException.
And adjust the existing ENCLAVE_SECRET tests and examples to use this
(including Rust and Node's).
This also requires adding an AndroidManifest.xml that notes the tests
might use the network.
Treat the first 16 bytes of the stream as the IV for the AES block cipher. This
is incompatible with the previous scheme, where the IV was derived from the
master key.
getPreKeyId was returning an incorrect value, and the Kyber fields
were missing altogether. None of this affected security of the iOS app
because the iOS app only constructed PreKeyBundles for libsignal to
process, and never read any of these fields. If it did, it would have
failed to establish a session due to the incorrect pre-key ID.
Caught by @dtimoshenko99; thank you!
The enclave interactions have internal progress monitoring in the form of
websocket PING/PONG frames, so the timeout parameters aren't necessary for
broken connection detection.