import { KeyObject } from 'crypto';
import { CipherInfo, Context, KeyStore } from './context';
import { Slice } from './util';
/**
 * standard gcm for use with GBCS - sets the cipher size and fixes the iv
 *
 * @param cipherInfo - originator/target/counter from grouping header
 * @param plainText - text to encrypt - set as empty buffer if none
 * @param aad - additional auth data - set as empty buffer if none
 * @param aesKey - output from createSecretKey
 * @param authTagLength - tag length in bytes - default is 12
 * @returns
 */
export declare function gcm(cipherInfo: CipherInfo, plainText: Uint8Array, aad: Uint8Array, aesKey: KeyObject, authTagLength?: number): {
    cipherText: Uint8Array;
    tag: Uint8Array;
};
/**
 * standard gcm decrypt for use with GBCS - sets the cipher size and fixes the iv
 *
 * @param cipherInfo - originator/target/counter from grouping header
 * @param cipherText - text to decrypt - set as empty buffer if none
 * @param aad - additional auth data - set as empty buffer if none
 * @param aesKey - output from createSecretKey
 * @param tag - auth tag - default is 12
 * @returns plainText or throws error in case of auth fail
 */
export declare function ungcm(cipherInfo: CipherInfo, cipherText: Uint8Array, aad: Uint8Array, aesKey: KeyObject, tag: Uint8Array): Uint8Array;
export declare function decryptPayloadWithKey(cipherInfo: CipherInfo, ciphertextTag: Uint8Array, aesKey: KeyObject, doneCb: (x: Slice) => void): void;
/**
 * performs kdf as described in section 4 of GBCS
 *
 * @param privkey
 * @param pubkey
 * @param cipherInfo
 * @param mode tweaks the otherInfo field, if omitted "encryption"
 * @returns
 */
export declare function deriveKeyFromPair(privkey: string | KeyObject, pubkey: string | KeyObject, cipherInfo: CipherInfo, mode: 'command' | 'response' | 'alert' | 'encryption'): KeyObject;
export declare function decryptGbcsData(ctx: Context, ciphertextAndTag: Uint8Array, okCallback: (x: Slice) => void): void;
/**
 * Sign the output of transform, result is a base64 encoded string.
 *
 * @param originatorId originator id used to lookup key
 * @param payload base64 encoded gbcs message
 * @param keyStore
 * @
 */
export declare function signGroupingHeader(originatorId: string, payload: string, keyStore: KeyStore): Promise<string>;
//# sourceMappingURL=crypto.d.ts.map