Adjust the attributes so that git will treat the generated acknowledgment files
as binary for the purposes of merging. This will ensure that a merge of two
branches that both alter the acknowledgments will require manual resolution
(ideally by re-running the generation script).
The new version introduced a couple changes that are reflected here:
- Rename override_git_commit -> override-git-commit in about.toml since
that's now the canonical spelling.
- Regenerate the license list since a bug was fixed that changed the
semantics of the count.
Also pin the version in our documentation and in the script to prevent
differences in behavior depending on when cargo-about was installed on
developer machines.
...as well as related types Aci, Pni, ServiceId,
ServiceIdFixedWidthBinaryBytes, ServiceIdKind, and DeviceId.
...so that zkgroup and libsignal-net don't have to depend on
libsignal-protocol (and indirectly on Kyber).
The types are still exported from libsignal-protocol, so this is not a
source-breaking change.
ProtocolAddress is still defined as a (String, DeviceId) pair; a
switch to (ServiceId, DeviceId) will probably still happen in the
future, but not in this commit.
This credential is issued by the group server and presented to the
chat server to prove that the holder is a member of *some* group with
a known list of people. This can be used to replace the access key
requirement for multi-recipient sealed sender sends.
This uses the Rayon library to perform a MapReduce-like operation of
computing key material on recipients and folding them together into
intermediate buffers, with one final collection step at the end. As
written this uses Rayon's default thread pool, which will be lazily
initialized with one worker thread per logical core. We're not trying
to share thread pools with either libsignal-net's tokio contexts,
RingRTC's dedicated threads, or a platform-specific work queue like
iOS's Dispatch; let's keep things simple for now.
As a downside, the code now has to fetch all of the recipients'
identity keys up front, since it's not guaranteed that loading from
the IdentityKeyStore is thread-safe. However, the significant
improvement in wall time spent generating key material for large
recipient lists on even a dual-core system makes this worth it.
This takes advantage of the fact that multiple devices for the same
user will have the same identity key and therefore will use the same
per-recipient SSv2 data anyway.
This commit also enforces (on the client send side) that device IDs
are in the range 1..=127 for destinations of a SSv2 message.
- Ensure positive, unique (signed_)pre_key_id values.
- Limit archiving more strictly based on sum of me/them.archive_count.
Co-authored-by: Jonathan Moody <103143855+moodyjon@users.noreply.github.com>
While neither Oracle's JRE nor Android's misbehaves if you go over
your limit of local references, it may result in the local frame
growing arbitrarily large. We don't want that.
Rust's usize serves the same purpose as both size_t and uintptr_t in
C, but for our uses it's always a buffer length or capacity rather
than something specifically the same size as a pointer or machine
register, so size_t is more accurate.
Swift, then, imports size_t as its currency type Int, even though
size_t is unsigned in C, because no buffer can actually fill up all of
memory. Swift, like Rust, doesn't have implicit numeric conversions,
so importing size_t as Int was deemed more useful in practice.
And use usize for size_t:
- They're always equivalent in practice.
- When we're actually using it as a memory size, we're talking about
the size of Rust objects, so usize is more accurate anyway.
This eliminates the use of the libc crate in the bridge layer. We
still use libc for time_t in attest and device_transfer, to interact
with BoringSSL.
Fix an existing issue caught by the linter and exclude files generated during
build from linting (since some of them are missing header comments required by
the linter).
Split the libsignal-net implementation of CDSI lookup into two parts: one that
does the initial handshake and token acquisition, and the other to acknowledge
the token and then parse results. Expose the token in Java via the same Consumer
type used in the Android codebase.
Fix the behavior of CompletableFuture.thenApply so that if the applied function
throws an exception, the pending future receives the exception (instead of never
completing). Add tests.
Use the path within the directory specified by srcDir without the common
prefix. Verified with ./gradlew test :android:connectedDebugAndroidTest
locally.