# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Changed
- `sas_verify_mac/4` now returns `{:error, reason}` with a binary `reason`
  naming the specific failure (`"bad_mac"` for a MAC mismatch, `"bad_tag"`
  for an undecodable tag, `"bad_*_utf8"` for non-UTF-8 args) instead of the
  catch-all `{:error, :bad_message}`. This makes SAS MAC-interop failures
  diagnosable (tag base64-decode vs an actual MAC mismatch). `verify_ed25519/3`
  is unchanged and still returns `{:error, :bad_message}`.
- Upgraded the bundled `vodozemac` Rust crate `0.9` → `0.10`. The Elixir
  NIF API is unchanged; internal adaptations to 0.10's breaking changes:
  - Olm sessions now use `SessionConfig::version_1` (0.10 moved `version_2`
    behind an experimental feature flag and defaults to v1). Existing
    v2-pickled sessions still unpickle and operate normally — the config
    travels with each pickle, so no migration is required.
  - `Account::create_inbound_session` now takes a `SessionConfig` argument.
  - `Account::create_outbound_session`, `Session::encrypt`, and
    `Curve25519SecretKey::diffie_hellman` are now fallible; the NIF returns
    `{:error, ...}` (`outbound_session_failed` / `encrypt_failed` /
    `ecdh_failed`) instead of panicking on the rare contributory-behaviour
    failure.
  - 0.10 makes strict Ed25519 signature verification mandatory (the
    `strict-signatures` feature was removed); honestly-generated signatures
    are unaffected.

## [0.1.5] - 2026-05-13

### Fixed
- Package the precompiled `.so` inside the tarball with the same
  suffixed filename `rustler_precompiled` dlopens at load time
  (`libvodozemac_nif-v<ver>-nif-<nif>-<target>.so`). 0.1.4 packed it
  as the bare cargo output name (`libvodozemac_nif.so`), so
  `:erl_tar.extract` produced a file at the wrong path and
  `@on_load` failed with "no such file". 0.1.4 is unusable; consumers
  must move directly to 0.1.5.

## [0.1.4] - 2026-05-13

### Added
- Precompiled NIF artifacts for `aarch64-apple-darwin`,
  `x86_64-apple-darwin`, `aarch64-unknown-linux-gnu`,
  `x86_64-unknown-linux-gnu`, and `x86_64-unknown-freebsd`. Consumers
  on these targets no longer need a Rust toolchain on `mix deps.get`.

### Fixed
- Set a `User-Agent` header on NIF downloads. sr.ht sits behind the
  `go-away` anti-scraper proxy, which 403s any request with an empty
  UA — Erlang's `:httpc` (used by `rustler_precompiled`) sends none
  by default, so 0.1.2/0.1.3 consumers would have hit the proxy.

## [0.1.0] - 2026-05-13

### Added
- Initial public release: Olm + Megolm primitives for Matrix
  end-to-end encryption, built on Element's
  [vodozemac](https://github.com/matrix-org/vodozemac) (Rust) via
  Rustler. Surface covers account / one-time-keys, inbound and
  outbound Megolm group sessions, Olm pairwise sessions, raw Ed25519
  + Curve25519 helpers, and SAS short-authentication-string
  verification.

### Known limitations
- **Source-only release.** Consumers need a Rust toolchain
  (`rustup install stable`) on `mix deps.get`; the NIF compiles
  from source via Rustler. Precompiled binaries for the four major
  macOS + Linux targets are scheduled for 0.1.1.
- Pickle bytes are wrapped with vodozemac's default zero-key — no
  confidentiality at rest. Callers must apply their own at-rest
  encryption until a `pickle_key` parameter lands in a later release.