`cargo update` performed with Cargo 1.72 to avoid advancing our MSRV. assert_cmd, clap, protobuf, and protobuf-json-mapping needed to be manually held back.
Plus, explicit bumps for
- env_logger 0.11
- heck 0.5
- itertools 0.13
- num_enum 0.7
- prost 0.13
- tungstenite 0.23
And disallowing downgrading curve25519-dalek below the security update in 4.1.3.
Add a type with a canonical serialized form that, for the same logical backup
contents (even with frame reorderings), will always serialize to the same value.
This replaces the recipient ID, which is a weak logical reference to external
data, with one of two types, depending on the mode. For streaming validation,
only the minimal data is kept. For validation via the CLI or (soon) for
canonicalization, the full data is kept behind an Arc.
When converting account data and call-related protobuf messages into in-memory
forms, retain the values of all fields instead of discarding some. This is the
first step in making it possible to compare the in-memory versions of backups
for testing.
Major changes:
- addition of call links
- split of Call message into IndividualCall, GroupCall, AdHocCall
- moving AdHocCall back to top-level frame type
Call identifiers are not required to be unique across a client, and unlike chat
IDs and recipient IDs, call IDs are not used as foreign keys elsewhere in a
backup file. Calls shouldn't be checked for uniqueness and therefore don't need
to be tracked at the top level.
Add a new crate, libsignal-message-backup-io, and move the existing code that
handles backup decryption, deframing, and protobuf deserialization there. Keep
the actual validation of the protobuf contents in the libsignal-message-backup
crate.
This allows the existing example binproto<->json binaries to be built with
local modifications to the backup.proto file without also requiring all the
validation code to be modified.
Treat the first 16 bytes of the stream as the IV for the AES block cipher. This
is incompatible with the previous scheme, where the IV was derived from the
master key.
Handle encrypted & compressed message backup files with additional padding
after the compressed contents (the padding bytes are encrypted, but not
compressed). Update the example encrypter binary to add padding by default.
Use https://github.com/tamasfe/taplo to auto-format TOML files. Add a config
file to force reordering of dependencies in Cargo.toml files. Run taplo in CI
to check formatting.
Add a flag to the CLI validation tool and an argument to the bridged validation
functions so users can specify whether a provided message backup should be
validated according to the rules for device-to-device transfers or backups
intended for remote storage.
Prevent a TOC/TOU bug by checking the MAC of the backup reader before
validating contents, and then again after reading the contents. This makes sure
that if the file contents change between the first and second read, that will
be detected.