v0.22.0

- usernames: A new library to support Signal’s opaque “username hashes”
- attest: Add a new enclave, with support for v4 of the DCAP PCS API

Android + Server

- Support for Android KitKat has been dropped
- Testing on Windows should now work

iOS

Use as a CocoaPod now depends on prebuilt Rust binaries that can be fetched from build-artifacts.signal.org. This requires adding

    ENV['LIBSIGNAL_FFI_PREBUILD_CHECKSUM'] = '...'

to the consuming Podfile. The referenced archives are downloaded to ~/Library/Caches/org.signal.libsignal, and are unarchived as part of the build.

- ScannableFingerprint.compare now correctly takes an opaque collection of bytes to compare against rather than another fingerprint object (which could only be created on the current device)
- APIs for AES-256-CTR and AES-256-GCM have been added
- The API for AES-256-GCM-SIV is now more idiomatic

Desktop

- Building for 32-bit ARM Linux should work again

v0.21.1

- attest: add INTEL-SA-00657 to acceptable advisories
- Java: Change SenderCertificate#getSender to always return UUID

v0.21.0

- attest: Reject reports, even if valid, that contain all zeros in
  report data
- zkgroup: Removed v1 presentations
- iOS: Bump minimum supported iOS version to 12.2

v0.20.0

- Fix Android 4.4 compatibility
- attest: require dcap enclaves to not be in debug mode
- zkgroup: Move AuthCredential redemption time checking down to Rust.
  Only affects the server APIs
  - Java: removes zkgroup's InvalidRedemptionTimeException
  - Swift/Node: AuthCredential redemption times were not checked before
    by the Swift/Node zkgroup server APIs; now they are.

v0.19.3

- attest: CDS2 verification now checks that the quote collateral is
  valid at some point in the future (currently 24h) rather than now,
  mainly to address clock skew on the local device.

- attest: An API has been added for libsignal-server to extract
  attestation metrics from serialized evidence and endorsements.

v0.19.2

- device-transfer: Encoded private keys once again use PKCS#8 DER.
- Node: Restored compatibility with Apple Silicon Macs on NPM.
- Node: Restored compatibility with Ubuntu 16 on NPM.

v0.19.1

Fix the Docker build, and remove the dependency on the cargo-ndk tool.
No functionality change in libsignal itself.

v0.19.0

Intel DCAP-based attestation is now fully implemented for CDS2! The
"NOT_FOR_PRODUCTION" static methods on CdsiClient have been replaced
by normal constructors in Java and Swift and a plain 'new' method in
TypeScript.

Additional changes:

- attest and device-transfer now depend on the 'boring' crate, which
  wraps BoringSSL. This may complicate cross-compilation; only
  Signal's supported platforms have been tested, plus light testing
  of Arm64 Windows and Linux.

- Node: Expose missing IdentityKeyPair.deserialize().

- zkgroup: the generate-server-params binary target allows updating
  your private server parameters in a backwards-compatible way. Only
  useful if you run your own group server.

- Rust: in libsignal-protocol, device IDs and pre-key IDs now use
  strongly-typed wrapper structs rather than plain integers.

v0.18.1

- Deprecate zkgroup methods operating on PniCredentials
- node: Expose AuthCredentialWithPni and ExpiringProfileKeyCredential
  through '@signalapp/libsignal/zkgroup'.

v0.18.0: This release introduces two new credentials in zkgroup,

ExpiringProfileKeyCredential and AuthCredentialWithPni. Both
credentials have presentations usable with the existing
ProfileKeyPresentation and AuthCredentialPresentation variant types,
respectively. There have been some corresponding changes to existing
APIs:

- zkgroup's RedemptionTime type has been renamed to
  CoarseRedemptionTime, and ReceiptExpirationTime to plain Timestamp.
  These fields were previously treated opaquely, but are now expected
  to be days and seconds since the Unix epoch, respectively. (This
  matches how they're used in Signal.)

- Node: ReceiptCredential.getReceiptExpirationTime() and
  ReceiptCredentialPresentation.getReceiptExpirationTime() now return
  a number rather than a bigint, since any valid expiration time fits
  within MAX_SAFE_INTEGER.

- AuthCredentialPresentation.getRedemptionTime() now returns
  Instant (Java), Date (Swift), Date (TypeScript), or
  zkgroup::Timestamp (Rust). Previously it returned a 32-bit integer.
  Likewise, verifyAuthCredentialPresentation() now takes an
  Instant/Date/Date/Timestamp to represent the current time.

- AuthCredentialPresentation.getPniCiphertext() has been added,
  returning null for older credential versions.

- verifyProfileKeyCredentialPresentation() now takes an
  Instant (Java), Date (Swift), Date (TypeScript), or
  zkgroup::Timestamp (Rust) representing the current time. This is an
  optional parameter in every language but Rust; if omitted, the
  current time will be used.

- getStructurallyValidV1PresentationBytes() has been added to
  ProfileKeyCredentialPresentation to smooth over a use case where
  presentations are read by other clients and not just the server.

- The server "zkgroup parameters" have grown and will need updating.
  The new parameters are backwards-compatible with the old parameters
  as long as the values for existing keys are not changed.

Other changes:

- The 'needsPniSignature' field in SessionRecords has been removed.

- Node: zkgroup "ByteArray" types are now correctly distinguished by
  the TypeScript compiler instead of being treated as interchangeable.