// Generated by dts-bundle-generator v9.5.1 /* tslint:disable */ /* eslint-disable */ /** * Get an instance of the default ciphersuite. */ export function ciphersuiteDefault(): Ciphersuite; /** * Construct a ciphersuite enum instance from its discriminant. */ export function ciphersuiteFromU16(discriminant: number): Ciphersuite; /** * Open or create a [Database]. */ export function openDatabase(name: string, key: DatabaseKey): Promise; /** * Updates the key of the CoreCrypto database. * To be used only once, when moving from CoreCrypto <= 5.x to CoreCrypto 6.x. */ export function migrateDatabaseKeyTypeToBytes(path: string, old_key: string, new_key: DatabaseKey): Promise; /** * Updates the key of the CoreCrypto database. */ export function updateDatabaseKey(name: string, old_key: DatabaseKey, new_key: DatabaseKey): Promise; /** * MLS ciphersuites. */ export enum Ciphersuite { /** * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1, /** * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256 */ MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2, /** * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3, /** * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4, /** * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521 */ MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5, /** * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6, /** * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384 */ MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7 } /** * Type of Credential */ export enum CredentialType { /** * Basic credential i.e. a KeyPair */ Basic = 1, /** * A x509 certificate generally obtained through e2e identity enrollment process */ X509 = 2 } /** * Indicates the standalone status of a device Credential in a MLS group at a moment T. * * This does not represent the states where a device is not using MLS or is not using end-to-end identity */ export enum DeviceStatus { /** * All is fine */ Valid = 1, /** * The Credential's certificate is expired */ Expired = 2, /** * The Credential's certificate is revoked (not implemented yet) */ Revoked = 3 } declare enum E2eiConversationState { /** * All clients have a valid E2EI certificate */ Verified = 1, /** * Some clients are either still Basic or their certificate is expired */ NotVerified = 2, /** * All clients are still Basic. If all client have expired certificates, [E2eiConversationState::NotVerified] is returned. */ NotEnabled = 3 } declare enum MlsGroupInfoEncryptionType { /** * Unencrypted `GroupInfo` */ Plaintext = 1, /** * `GroupInfo` encrypted in a JWE */ JweEncrypted = 2 } declare enum MlsRatchetTreeType { /** * Plain old and complete `GroupInfo` */ Full = 1, /** * Contains `GroupInfo` changes since previous epoch (not yet implemented) * (see [draft](https://github.com/rohan-wire/ietf-drafts/blob/main/mahy-mls-ratchet-tree-delta/draft-mahy-mls-ratchet-tree-delta.md)) */ Delta = 2, ByRef = 3 } /** * See [core_crypto::prelude::MlsWirePolicy] */ export enum WirePolicy { /** * Handshake messages are never encrypted */ Plaintext = 1, /** * Handshake messages are always encrypted */ Ciphertext = 2 } /** * For creating a challenge. * * - See * - See [core_crypto::e2e_identity::types::E2eiAcmeChallenge] */ export class AcmeChallenge { private constructor(); free(): void; [Symbol.dispose](): void; /** * Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed */ readonly delegate: Uint8Array; /** * URL of this challenge */ readonly url: string; /** * Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof. * Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge */ readonly target: string; } declare class AcmeDirectory { private constructor(); free(): void; [Symbol.dispose](): void; /** * URL for fetching a new nonce. Use this only for creating a new account. */ readonly newNonce: string; /** * URL for creating a new account. */ readonly newAccount: string; /** * URL for creating a new order. */ readonly newOrder: string; /** * Revocation URL */ readonly revokeCert: string; } declare class BufferedDecryptedMessage { private constructor(); free(): void; [Symbol.dispose](): void; /** * Decrypted plaintext */ readonly message: Uint8Array | undefined; /** * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit */ readonly isActive: boolean; /** * Commit delay in seconds. * * When set, clients must delay this long before processing a commit. * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients simultaneously. */ readonly commitDelay: bigint | undefined; /** * [ClientId] of the sender of the message being decrypted. Only present for application messages. */ readonly senderClientId: ClientId | undefined; /** * true when the decrypted message resulted in an epoch change i.e. it was a commit * * Deprecated: this member will be removed in the future. Prefer using the `EpochObserver` interface. */ readonly hasEpochChanged: boolean; /** * Identity claims present in the sender credential */ readonly identity: WireIdentity; /** * New CRL distribution points that appeared by the introduction of a new credential */ readonly crlNewDistributionPoints: string[] | undefined; } /** * Metadata describing the conditions of the build of this software. */ export class BuildMetadata { private constructor(); /** ** Return copy of self without private attributes. */ toJSON(): Object; /** * Return stringified version of self. */ toString(): string; free(): void; [Symbol.dispose](): void; /** * Build Timestamp */ readonly timestamp: string; /** * Whether this build was in Debug mode (true) or Release mode (false) */ readonly cargoDebug: string; /** * Features enabled for this build */ readonly cargoFeatures: string; /** * Optimization level */ readonly optLevel: string; /** * Build target triple */ readonly targetTriple: string; /** * Git branch */ readonly gitBranch: string; /** * Output of `git describe` */ readonly gitDescribe: string; /** * Hash of current git commit */ readonly gitSha: string; /** * `true` when the source code differed from the commit at the most recent git hash */ readonly gitDirty: string; } /** * A Client identifier * * A unique identifier for clients. A client is an identifier for each App a user is using, such as desktop, * mobile, etc. Users can have multiple clients. * More information [here](https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients) */ export class ClientId { free(): void; [Symbol.dispose](): void; /** * Copy the id into a new byte array. */ copyBytes(): Uint8Array; /** * Instantiate a client id from a byte array. */ constructor(bytes: Uint8Array); } declare class ConversationConfiguration { free(): void; [Symbol.dispose](): void; /** * Construct a `ConversationConfiguration` from its parts. */ constructor(ciphersuite?: Ciphersuite | null, external_senders?: ExternalSenderKey[] | null, key_rotation_span?: number | null, wire_policy?: WirePolicy | null); /** * The ciphersuite used in the group */ readonly ciphersuite: Ciphersuite | undefined; /** * Delivery service public signature key and credential */ readonly externalSenders: ExternalSenderKey[]; /** * Implementation specific configuration */ readonly custom: CustomConfiguration; } /** * r" A unique identifier for a single conversation. * r" * r" The backend provides an opaque string identifying a new conversation. * r" Construct an instance of this newtype to pass that identifier to Rust. */ export class ConversationId { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } declare class CoreCryptoContext { private constructor(); free(): void; [Symbol.dispose](): void; /** * See [core_crypto::prelude::Session::random_bytes]. */ random_bytes(len: number): Promise; /** * See [core_crypto::transaction_context::TransactionContext::get_data] */ get_data(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::set_data] */ set_data(data: Uint8Array): Promise; /** * See [core_crypto::mls::conversation::Conversation::get_client_ids] */ get_client_ids(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::decrypt_message] */ decrypt_message(conversation_id: ConversationId, payload: Uint8Array): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::encrypt_message] */ encrypt_message(conversation_id: ConversationId, message: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::client_public_key] */ client_public_key(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise; /** * See [core_crypto::mls::conversation::Conversation::export_secret_key] */ export_secret_key(conversation_id: ConversationId, key_length: number): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::wipe] */ wipe_conversation(conversation_id: ConversationId): Promise; /** * See [core_crypto::transaction_context::TransactionContext::get_or_create_client_keypackages] */ client_keypackages(ciphersuite: Ciphersuite, credential_type: CredentialType, amount_requested: number): Promise; /** * See [core_crypto::mls::conversation::Conversation::epoch] */ conversation_epoch(conversation_id: ConversationId): Promise; /** * See [core_crypto::prelude::Session::conversation_exists] */ conversation_exists(conversation_id: ConversationId): Promise; /** * See [core_crypto::transaction_context::TransactionContext::new_conversation] */ create_conversation(conversation_id: ConversationId, creator_credential_type: CredentialType, config: ConversationConfiguration): Promise; /** * See [core_crypto::mls::conversation::Conversation::get_external_sender] */ get_external_sender(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::enable_history_sharing] */ enable_history_sharing(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::update_key_material] */ update_keying_material(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::disable_history_sharing] */ disable_history_sharing(conversation_id: ConversationId): Promise; /** * See [core_crypto::transaction_context::TransactionContext::join_by_external_commit] */ join_by_external_commit(group_info: GroupInfo, custom_configuration: CustomConfiguration, credential_type: CredentialType): Promise; /** * See [core_crypto::transaction_context::TransactionContext::process_raw_welcome_message] */ process_welcome_message(welcome_message: Welcome, custom_configuration: CustomConfiguration): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::commit_pending_proposals] */ commit_pending_proposals(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::Conversation::ciphersuite] */ conversation_ciphersuite(conversation_id: ConversationId): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::add_members] */ add_clients_to_conversation(conversation_id: ConversationId, key_packages: KeyPackage[]): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::mark_as_child_of] */ mark_conversation_as_child_of(child_id: ConversationId, parent_id: ConversationId): Promise; /** * See [core_crypto::transaction_context::TransactionContext::client_valid_key_packages_count] */ client_valid_keypackages_count(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::remove_members] */ remove_clients_from_conversation(conversation_id: ConversationId, clients: ClientId[]): Promise; /** * See [core_crypto::transaction_context::TransactionContext::mls_init] */ mls_init(client_id: ClientId, ciphersuites: any[], nb_key_package?: number | null): Promise; /** * See [core_crypto::mls::conversation::ConversationGuard::e2ei_rotate] */ e2ei_rotate(conversation_id: ConversationId): Promise; /** * See [core_crypto::prelude::Session::e2ei_is_enabled] */ e2ei_is_enabled(ciphersuite: Ciphersuite): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_register_crl] */ e2ei_register_crl(crl_dp: string, crl_der: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_mls_init_only] */ e2ei_mls_init_only(enrollment: FfiWireE2EIdentity, certificate_chain: string, nb_key_package?: number | null): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_new_enrollment] */ e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise; /** * See [core_crypto::mls::conversation::Conversation::get_user_identities] */ get_user_identities(conversation_id: ConversationId, user_ids: string[]): Promise>; /** * See [core_crypto::transaction_context::TransactionContext::save_x509_credential] */ save_x509_credential(enrollment: FfiWireE2EIdentity, certificate_chain: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_enrollment_stash] * * Note that this can only succeed if the enrollment is unique and there are no other hard refs to it. */ e2ei_enrollment_stash(enrollment: FfiWireE2EIdentity): Promise; /** * See [core_crypto::prelude::Session::e2ei_is_pki_env_setup] */ e2ei_is_pki_env_setup(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_register_acme_ca] */ e2ei_register_acme_ca(trust_anchor_pem: string): Promise; /** * See [core_crypto::mls::conversation::Conversation::get_device_identities] */ get_device_identities(conversation_id: ConversationId, device_ids: ClientId[]): Promise; /** * See [core_crypto::mls::conversation::Conversation::e2ei_conversation_state] */ e2ei_conversation_state(conversation_id: ConversationId): Promise; /** * See [core_crypto::transaction_context::TransactionContext::delete_stale_key_packages] */ delete_stale_key_packages(ciphersuite: Ciphersuite): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_enrollment_stash_pop] */ e2ei_enrollment_stash_pop(handle: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_new_rotate_enrollment] */ e2ei_new_rotate_enrollment(display_name: string | null | undefined, handle: string | null | undefined, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_register_intermediate_ca_pem] */ e2ei_register_intermediate_ca(cert_pem: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::e2ei_new_activation_enrollment] */ e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise; /** * See [core_crypto::proteus::ProteusCentral::try_new] */ proteus_init(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_decrypt] */ proteus_decrypt(session_id: string, ciphertext: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_encrypt] */ proteus_encrypt(session_id: string, plaintext: Uint8Array): Promise; /** * Creates a new Proteus prekey with the given id and returns the CBOR-serialized version of the prekey bundle * * Warning: The Proteus client **MUST** be initialized with `proteus_init` first or an error will be returned * * See [core_crypto::transaction_context::TransactionContext::proteus_new_prekey] */ proteus_new_prekey(prekey_id: number): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_fingerprint] */ proteus_fingerprint(): Promise; /** * Decrypt a message whether or not the proteus session already exists, and saves the session. * * This is intended to replace simple usages of `proteusDecrypt`. * * However, when decrypting large numbers of messages in a single session, the existing methods * may be more efficient. */ proteus_decrypt_safe(session_id: string, ciphertext: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_session_save] * * **Note**: This isn't usually needed as persisting sessions happens automatically when * decrypting/encrypting messages and initializing Sessions */ proteus_session_save(session_id: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_session_delete] */ proteus_session_delete(session_id: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_session_exists] */ proteus_session_exists(session_id: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_encrypt_batched] */ proteus_encrypt_batched(sessions: string[], plaintext: Uint8Array): Promise>; /** * Creates a new Proteus prekey with an automatically incremented ID and returns the CBOR-serialized version of the prekey bundle * * Warning: The Proteus client **MUST** be initialized with `proteus_init` first or an error will be returned * * See [core_crypto::transaction_context::TransactionContext::proteus_new_prekey_auto] */ proteus_new_prekey_auto(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_reload_sessions] */ proteus_reload_sessions(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_fingerprint_local] */ proteus_fingerprint_local(session_id: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_fingerprint_remote] */ proteus_fingerprint_remote(session_id: string): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_last_resort_prekey] */ proteus_last_resort_prekey(): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_session_from_prekey] */ proteus_session_from_prekey(session_id: string, prekey: Uint8Array): Promise; /** * See [core_crypto::transaction_context::TransactionContext::proteus_session_from_message] */ proteus_session_from_message(session_id: string, envelope: Uint8Array): Promise; /** * See [core_crypto::proteus::ProteusCentral::last_resort_prekey_id] */ static proteus_last_resort_prekey_id(): number; /** * See [core_crypto::proteus::ProteusCentral::fingerprint_prekeybundle] */ static proteus_fingerprint_prekeybundle(prekey: Uint8Array): string; } declare class CrlRegistration { free(): void; [Symbol.dispose](): void; /** * Contstruct a CRL registration from its fields */ constructor(dirty: boolean, expiration?: bigint | null); /** * Whether this CRL modifies the old CRL (i.e. has a different revocated cert list) */ dirty: boolean; /** * Optional expiration timestamp */ get expiration(): bigint | undefined; /** * Optional expiration timestamp */ set expiration(value: bigint | null | undefined); } /** * see [core_crypto::prelude::MlsCustomConfiguration] */ export class CustomConfiguration { free(): void; [Symbol.dispose](): void; /** * Construct a `CustomConfiguration` from its parts. */ constructor(key_rotation_span?: number | null, wire_policy?: WirePolicy | null); /** * Duration in seconds after which we will automatically force a self-update commit * Note: This isn't currently implemented */ get keyRotationSpan(): number | undefined; /** * Duration in seconds after which we will automatically force a self-update commit * Note: This isn't currently implemented */ set keyRotationSpan(value: number | null | undefined); /** * Defines if handshake messages are encrypted or not * Note: encrypted handshake messages are not supported by wire-server */ get wirePolicy(): WirePolicy | undefined; /** * Defines if handshake messages are encrypted or not * Note: encrypted handshake messages are not supported by wire-server */ set wirePolicy(value: WirePolicy | null | undefined); } /** * The database acting as a core crypto keystore. */ export class Database { private constructor(); free(): void; [Symbol.dispose](): void; } /** * The key used to encrypt the database. */ export class DatabaseKey { free(): void; [Symbol.dispose](): void; /** * Construct a new instance from a byte vector. */ constructor(buf: Uint8Array); } declare class DecryptedMessage { private constructor(); free(): void; [Symbol.dispose](): void; /** * Decrypted plaintext */ readonly message: Uint8Array | undefined; /** * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit */ readonly isActive: boolean; /** * Commit delay in seconds. * * When set, clients must delay this long before processing a commit. * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients simultaneously. */ readonly commitDelay: bigint | undefined; /** * [ClientId] of the sender of the message being decrypted. Only present for application messages. */ readonly senderClientId: ClientId | undefined; /** * true when the decrypted message resulted in an epoch change i.e. it was a commit * * Deprecated: this member will be removed in the future. Prefer using the `EpochObserver` interface. */ readonly hasEpochChanged: boolean; /** * Identity claims present in the sender credential */ readonly identity: WireIdentity; /** * Only set when the decrypted message is a commit. * * Contains buffered messages for next epoch which were received before the commit creating the epoch * because the DS did not fan them out in order. */ readonly bufferedMessages: BufferedDecryptedMessage[] | undefined; /** * New CRL distribution points that appeared by the introduction of a new credential */ readonly crlNewDistributionPoints: string[] | undefined; } /** * r" The raw public key of an external sender. * r" * r" This can be used to initialize a subconversation. */ export class ExternalSenderKey { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } declare class FfiWireE2EIdentity { private constructor(); free(): void; [Symbol.dispose](): void; /** * See [core_crypto::prelude::E2eiEnrollment::finalize_request] */ finalize_request(previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::create_dpop_token] */ create_dpop_token(expiry_secs: number, backend_nonce: string): Promise; /** * See [core_crypto::prelude::E2eiEnrollment::finalize_response] */ finalize_response(finalize: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_authz_request] */ new_authz_request(url: string, previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_order_request] */ new_order_request(previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::directory_response] */ directory_response(directory: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_authz_response] */ new_authz_response(authz: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_order_response] */ new_order_response(order: Uint8Array): Promise; /** * See [core_crypto::prelude::E2eiEnrollment::certificate_request] */ certificate_request(previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::check_order_request] */ check_order_request(order_url: string, previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_account_request] */ new_account_request(previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::check_order_response] */ check_order_response(order: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_account_response] */ new_account_response(account: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_dpop_challenge_request] */ new_dpop_challenge_request(access_token: string, previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_oidc_challenge_request] */ new_oidc_challenge_request(id_token: string, previous_nonce: string): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_dpop_challenge_response] */ new_dpop_challenge_response(challenge: Uint8Array): Promise; /** * See [core_crypto::e2e_identity::E2eiEnrollment::new_oidc_challenge_response] */ new_oidc_challenge_response(challenge: Uint8Array): Promise; } /** * r" MLS Group Information * r" * r" This is used when joining by external commit. * r" It can be found within the `GroupInfoBundle` within a `CommitBundle`. */ export class GroupInfo { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } declare class KeyPackage { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } /** * An entity / data which has been packaged by the application to be encrypted * and transmitted in an application message. */ export class MlsTransportData { free(): void; [Symbol.dispose](): void; /** * Construct `MlsTransportData` by providing data */ constructor(buf: Uint8Array); /** * The specific data which has been packaged to be encrypted/transmitted. */ readonly data: Uint8Array; } /** * Result of an authorization creation. * * - See * - See [core_crypto::e2e_identity::types::E2eiNewAcmeAuthz] */ export class NewAcmeAuthz { private constructor(); free(): void; [Symbol.dispose](): void; /** * DNS entry associated with those challenge */ readonly identifier: string; /** * ACME challenge + ACME key thumbprint */ readonly keyauth: string | undefined; /** * Associated ACME Challenge */ readonly challenge: AcmeChallenge; } /** * Result of an order creation. * * - See * - See [core_crypto::e2e_identity::types::E2eiNewAcmeOrder] */ export class NewAcmeOrder { private constructor(); free(): void; [Symbol.dispose](): void; /** * Opaque raw json value */ readonly delegate: Uint8Array; /** * Authorizations to create with `new_authz_request` */ readonly authorizations: string[]; } declare class ProteusAutoPrekeyBundle { private constructor(); free(): void; [Symbol.dispose](): void; /** * Prekey id (automatically incremented) */ readonly id: number; /** * CBOR serialization of prekey */ readonly pkb: Uint8Array; } /** * r" A secret key derived from the group secret. * r" * r" This is intended to be used for AVS. */ export class SecretKey { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } /** * r" A TLS-serialized Welcome message. * r" * r" This structure is defined in RFC 9420: * r" . */ export class Welcome { free(): void; [Symbol.dispose](): void; /** * Get the raw bytes from this type, transferring data from Rust to the client layer. * * This does not consume the newtype, instead copying the internal data across the FFI boundary. */ copyBytes(): Uint8Array; /** * Construct a new instance, transferring data from the client layer to Rust. */ constructor(bytes: Uint8Array); } /** * see [core_crypto::prelude::WelcomeBundle] */ export class WelcomeBundle { private constructor(); free(): void; [Symbol.dispose](): void; /** * Identifier of the joined conversation */ readonly id: ConversationId; /** * New CRL Distribution of members of this group */ readonly crlNewDistributionPoints: string[] | undefined; } /** * Represents the identity claims identifying a client * Those claims are verifiable by any member in the group */ export class WireIdentity { private constructor(); free(): void; [Symbol.dispose](): void; /** * Unique client identifier e.g. `T4Coy4vdRzianwfOgXpn6A:6add501bacd1d90e@whitehouse.gov` */ readonly clientId: string; /** * Status of the Credential at the moment this object is created */ readonly status: DeviceStatus; /** * MLS thumbprint */ readonly thumbprint: string; /** * Indicates whether the credential is Basic or X509 */ credentialType: CredentialType; /** * In case 'credential_type' is [CredentialType::X509] this is populated */ readonly x509Identity: X509Identity | undefined; } /** * Represents the parts of [WireIdentity][crate::WireIdentity] that are specific to a X509 certificate (and not a Basic one). * * We don't use an enum here since the sole purpose of this is to be exposed through the FFI (and * union types are impossible to carry over the FFI boundary) */ export class X509Identity { private constructor(); free(): void; [Symbol.dispose](): void; /** * user handle e.g. `john_wire` */ readonly handle: string; /** * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy` */ readonly displayName: string; /** * DNS domain for which this identity proof was generated e.g. `whitehouse.gov` */ readonly domain: string; /** * X509 certificate identifying this client in the MLS group ; PEM encoded */ readonly certificate: string; /** * X509 certificate serial number */ readonly serialNumber: string; /** * X509 certificate not before as Unix timestamp */ readonly notBefore: bigint; /** * X509 certificate not after as Unix timestamp */ readonly notAfter: bigint; } interface ConversationConfiguration$1 { /** * The ciphersuite which should be used to encrypt this conversation. */ ciphersuite?: Ciphersuite; /** * List of client IDs that are allowed to be external senders */ externalSenders?: ExternalSenderKey[]; /** * Duration in seconds after which we will automatically force a self-update commit * Note: This isn't currently implemented */ keyRotationSpan?: number; /** * Defines if handshake messages are encrypted or not * Note: encrypted handshake messages are not supported by wire-server */ wirePolicy?: WirePolicy; } /** * The error structure produced by our rust code. **/ export interface CoreCryptoRichError { message: string; error_name?: string; error_stack?: string[]; type?: T; context?: ErrorContext[T]; } /** * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing) * * Whenever you're supposed to get this class (that extends `Error`) you might end up with a base `Error` * in case the parsing of the message structure fails. This is unlikely but the case is still covered and fall backs automatically. * More information will be found in the base `Error.cause` to inform you why the parsing has failed. * * Please note that in this case the extra properties will not be available. */ export declare class CoreCryptoError extends Error { errorStack: string[]; context?: ErrorContext[T]; type?: T; private constructor(); private static fallback; static build(msg: string, ...params: unknown[]): CoreCryptoError; static fromStdError(e: Error): CoreCryptoError; static asyncMapErr(p: Promise): Promise; } /** * Helper type to ensure that error contexts match their type */ export type ErrorTypeWithContext = { [K in keyof T]: { type: K; context: T[K]; }; }[keyof T]; /** * Variants of core crypto errors */ export declare enum ErrorType { Mls = "Mls", Proteus = "Proteus", E2ei = "E2ei", TransactionFailed = "TransactionFailed", Other = "Other" } export declare function isCcError(error: unknown, errorType: E): error is CoreCryptoError; /** * Structured core crypto error */ export interface ErrorContext { [ErrorType.Mls]: ErrorTypeWithContext; [ErrorType.Proteus]: ErrorTypeWithContext; [ErrorType.E2ei]: { e2eiError: string; }; [ErrorType.TransactionFailed]: { error: string; }; [ErrorType.Other]: { msg: string; }; } export declare function isE2eiError(error: unknown): error is CoreCryptoError; export declare function isTransactionFailedError(error: unknown): error is CoreCryptoError; export declare function isOtherError(error: unknown): error is CoreCryptoError; /** * Variants of core crypto mls errors */ export declare enum MlsErrorType { ConversationAlreadyExists = "ConversationAlreadyExists", DuplicateMessage = "DuplicateMessage", BufferedFutureMessage = "BufferedFutureMessage", WrongEpoch = "WrongEpoch", BufferedCommit = "BufferedCommit", MessageEpochTooOld = "MessageEpochTooOld", SelfCommitIgnored = "SelfCommitIgnored", UnmergedPendingGroup = "UnmergedPendingGroup", StaleProposal = "StaleProposal", StaleCommit = "StaleCommit", /** * This happens when the DS cannot flag KeyPackages as claimed or not. In this scenario, a client * requests their old KeyPackages to be deleted but one has already been claimed by another client to create a Welcome. * In that case the only solution is that the client receiving such a Welcome tries to join the group * with an External Commit instead */ OrphanWelcome = "OrphanWelcome", MessageRejected = "MessageRejected", Other = "Other" } /** * Structured core crypto mls error (embedded in a core crypto error) */ export interface MlsErrorContext { [MlsErrorType.ConversationAlreadyExists]: { conversationId: Array; }; [MlsErrorType.DuplicateMessage]: Record; [MlsErrorType.BufferedFutureMessage]: Record; [MlsErrorType.WrongEpoch]: Record; [MlsErrorType.BufferedCommit]: Record; [MlsErrorType.MessageEpochTooOld]: Record; [MlsErrorType.SelfCommitIgnored]: Record; [MlsErrorType.UnmergedPendingGroup]: Record; [MlsErrorType.StaleProposal]: Record; [MlsErrorType.StaleCommit]: Record; [MlsErrorType.OrphanWelcome]: Record; [MlsErrorType.MessageRejected]: { reason: string; }; [MlsErrorType.Other]: { msg: string; }; } export declare function isMlsError(error: unknown, errorType: E): error is CoreCryptoError & { context: Extract; }; export declare function isMlsConversationAlreadyExistsError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsDuplicateMessageError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsBufferedFutureMessageError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsWrongEpochError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsBufferedCommitError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsSelfCommitIgnoredError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsUnmergedPendingGroupError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsStaleProposalError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsStaleCommitError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsOrphanWelcomeError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsMessageRejectedError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isMlsOtherError(error: unknown): error is CoreCryptoError & { context: Extract; }; /** * Variants of core crypto proteus errors */ export declare enum ProteusErrorType { SessionNotFound = "SessionNotFound", DuplicateMessage = "DuplicateMessage", RemoteIdentityChanged = "RemoteIdentityChanged", Other = "Other" } /** * Structured core crypto proteus error (embedded in a core crypto error) */ export interface ProteusErrorContext { [ProteusErrorType.SessionNotFound]: { errorCode: number; }; [ProteusErrorType.DuplicateMessage]: { errorCode: number; }; [ProteusErrorType.RemoteIdentityChanged]: { errorCode: number; }; [ProteusErrorType.Other]: { errorCode: number; }; } export declare function isProteusError(error: unknown, errorType: E): error is CoreCryptoError & { context: Extract; }; export declare function isProteusSessionNotFoundError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isProteusDuplicateMessageError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isProteusRemoteIdentityChangedError(error: unknown): error is CoreCryptoError & { context: Extract; }; export declare function isProteusOtherError(error: unknown): error is CoreCryptoError & { context: Extract; }; /** * Alias for proposal reference. It is a byte array of size 16. */ export type ProposalRef = Uint8Array; /** * A `HistorySecret` encodes sufficient client state that it can be used to instantiate an * ephemeral client. */ export interface HistorySecret { clientId: ClientId; data: Uint8Array; } /** * Data shape for a MLS generic commit + optional bundle (aka stapled commit & welcome) */ export interface CommitBundle { /** * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation * * @readonly */ commit: Uint8Array; /** * Optional TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation * * @readonly */ welcome?: Welcome; /** * MLS GroupInfo which is required for joining a group by external commit * * @readonly */ groupInfo: GroupInfoBundle; /** * An encrypted message to fan out to all other conversation members in the new epoch * @readonly */ encryptedMessage?: Uint8Array; } /** * Wraps a GroupInfo in order to efficiently upload it to the Delivery Service. * This is not part of MLS protocol but parts might be standardized at some point. */ export interface GroupInfoBundle { /** * see {@link GroupInfoEncryptionType} */ encryptionType: MlsGroupInfoEncryptionType; /** * see {@link RatchetTreeType} */ ratchetTreeType: MlsRatchetTreeType; /** * TLS-serialized GroupInfo */ payload: GroupInfo; } /** * This is a wrapper for all the possible outcomes you can get after decrypting a message */ interface DecryptedMessage$1 { /** * Raw decrypted application message, if the decrypted MLS message is an application message */ message?: Uint8Array; /** * It is set to false if ingesting this MLS message has resulted in the client being removed from the group (i.e. a Remove commit) */ isActive: boolean; /** * Commit delay hint (in milliseconds) to prevent clients from hammering the server with epoch changes */ commitDelay?: number; /** * Client identifier of the sender of the message being decrypted. Only present for application messages. */ senderClientId?: ClientId; /** * true when the decrypted message resulted in an epoch change i.e. it was a commit */ hasEpochChanged: boolean; /** * Identity claims present in the sender credential * Only present when the credential is a x509 certificate * Present for all messages */ identity?: WireIdentity; /** * Only set when the decrypted message is a commit. * Contains buffered messages for next epoch which were received before the commit creating the epoch * because the DS did not fan them out in order. */ bufferedMessages?: BufferedDecryptedMessage$1[]; /** * New CRL distribution points that appeared by the introduction of a new credential */ crlNewDistributionPoints?: string[]; } /** * Almost same as {@link DecryptedMessage} but avoids recursion */ interface BufferedDecryptedMessage$1 { /** * see {@link DecryptedMessage.message} */ message?: Uint8Array; /** * see {@link DecryptedMessage.isActive} */ isActive: boolean; /** * see {@link DecryptedMessage.commitDelay} */ commitDelay?: number; /** * see {@link DecryptedMessage.senderClientId} */ senderClientId?: ClientId; /** * see {@link DecryptedMessage.hasEpochChanged} */ hasEpochChanged: boolean; /** * see {@link DecryptedMessage.identity} */ identity?: WireIdentity; /** * see {@link DecryptedMessage.crlNewDistributionPoints} */ crlNewDistributionPoints?: string[]; } /** * Returned by {@link MlsTransport} callbacks. */ export type MlsTransportResponse = "success" | "retry" | { /** * The message was rejected by the delivery service and there's no recovery. */ abort: { reason: string; }; }; /** * An interface that must be implemented and provided to CoreCrypto via * {@link CoreCrypto.provideTransport}. */ export interface MlsTransport { /** * This callback is called by CoreCrypto to send a commit bundle to the delivery service. * * @param commitBundle - the commit bundle * @returns a promise resolving to a {@link MlsTransportResponse} */ sendCommitBundle: (commitBundle: CommitBundle) => Promise; /** * This callback is called by CoreCrypto to send a regular message to the delivery service. * @param message * @returns a promise resolving to a {@link MlsTransportResponse} */ sendMessage: (message: Uint8Array) => Promise; /** * This callback is called by CoreCrypto to prepare a history secret to be sent to the delivery service. * @param secret * @returns a promise resolving to a {@link MlsTransportData} */ prepareForTransport: (secret: HistorySecret) => Promise; } /** * Supporting struct for CRL registration result */ export interface CRLRegistration { /** * Whether this CRL modifies the old CRL (i.e. has a different revocated cert list) * * @readonly */ dirty: boolean; /** * Optional expiration timestamp * * @readonly */ expiration?: number; } interface AcmeDirectory$1 { /** * URL for fetching a new nonce. Use this only for creating a new account. */ newNonce: string; /** * URL for creating a new account. */ newAccount: string; /** * URL for creating a new order. */ newOrder: string; /** * Revocation URL */ revokeCert: string; } /** * Returned by APIs whose code paths potentially discover new certificate revocation list distribution URLs. */ export type NewCrlDistributionPoints = string[] | undefined; export type JsonRawData = Uint8Array; export declare class E2eiEnrollment { #private; /** @hidden */ constructor(e2ei: FfiWireE2EIdentity); free(): void; /** * Should only be used internally */ inner(): unknown; /** * Parses the response from `GET /acme/{provisioner-name}/directory`. * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use * {@link AcmeDirectory.newNonce}. * * @param directory HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1 */ directoryResponse(directory: JsonRawData): Promise; /** * For creating a new acme account. This returns a signed JWS-alike request body to send to * `POST /acme/{provisioner-name}/new-account`. * * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3 */ newAccountRequest(previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/new-account`. * @param account HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3 */ newAccountResponse(account: JsonRawData): Promise; /** * Creates a new acme order for the handle (userId + display name) and the clientId. * * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ newOrderRequest(previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/new-order`. * * @param order HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ newOrderResponse(order: JsonRawData): Promise; /** * Creates a new authorization request. * * @param url one of the URL in new order's authorizations from {@link newOrderResponse}) * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the * previous to this method if you are creating the second authorization) * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5 */ newAuthzRequest(url: string, previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}` * * @param authz HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5 */ newAuthzResponse(authz: JsonRawData): Promise; /** * Generates a new client Dpop JWT token. It demonstrates proof of possession of the nonces * (from wire-server & acme server) and will be verified by the acme server when verifying the * challenge (in order to deliver a certificate). * * Then send it to `POST /clients/{id}/access-token` * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server. * * @param expirySecs of the client Dpop JWT. This should be equal to the grace period set in Team Management * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce} */ createDpopToken(expirySecs: number, backendNonce: string): Promise; /** * Creates a new challenge request for Wire Dpop challenge. * * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newDpopChallengeRequest(accessToken: string, previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the DPoP challenge. * * @param challenge HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newDpopChallengeResponse(challenge: JsonRawData): Promise; /** * Creates a new challenge request for Wire Oidc challenge. * * @param idToken you get back from Identity Provider * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newOidcChallengeRequest(idToken: string, previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the OIDC challenge. * * @param challenge HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newOidcChallengeResponse(challenge: JsonRawData): Promise; /** * Verifies that the previous challenge has been completed. * * @param orderUrl `location` header from http response you got from {@link newOrderResponse} * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ checkOrderRequest(orderUrl: string, previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`. * * @param order HTTP response body * @return finalize url to use with {@link finalizeRequest} * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ checkOrderResponse(order: JsonRawData): Promise; /** * Final step before fetching the certificate. * * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ finalizeRequest(previousNonce: string): Promise; /** * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`. * * @param finalize HTTP response body * @return the certificate url to use with {@link certificateRequest} * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ finalizeResponse(finalize: JsonRawData): Promise; /** * Creates a request for finally fetching the x509 certificate. * * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2 */ certificateRequest(previousNonce: string): Promise; } /** * Indicates the state of a Conversation regarding end-to-end identity. * Note: this does not check pending state (pending commit, pending proposals) so it does not * consider members about to be added/removed */ declare enum E2eiConversationState$1 { /** * All clients have a valid E2EI certificate */ Verified = 1, /** * Some clients are either still Basic or their certificate is expired */ NotVerified = 2, /** * All clients are still Basic. If all client have expired certificates, NotVerified is returned. */ NotEnabled = 3 } /** * Data shape for proteusNewPrekeyAuto() call returns. */ interface ProteusAutoPrekeyBundle$1 { /** * Proteus PreKey id * * @readonly */ id: number; /** * CBOR-serialized Proteus PreKeyBundle * * @readonly */ pkb: Uint8Array; } declare class CoreCryptoContext$1 { #private; /** @hidden */ private constructor(); /** @hidden */ static fromFfiContext(ctx: CoreCryptoContext): CoreCryptoContext$1; /** * Set arbitrary data to be retrieved by {@link getData}. * This is meant to be used as a check point at the end of a transaction. * The data should be limited to a reasonable size. */ setData(data: Uint8Array): Promise; /** * Get data if it has previously been set by {@link setData}, or `undefined` otherwise. * This is meant to be used as a check point at the end of a transaction. */ getData(): Promise; /** * Use this after {@link CoreCrypto.deferredInit} when you have a clientId. It initializes MLS. * * @param clientId - {@link CoreCryptoParams#clientId} but required * @param ciphersuites - All the ciphersuites supported by this MLS client * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client */ mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise; /** * Checks if the Client is member of a given conversation and if the MLS Group is loaded up * * @returns Whether the given conversation ID exists * * @example * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * const encoder = new TextEncoder(); * if (await cc.conversationExists(encoder.encode("my super chat"))) { * // Do something * } else { * // Do something else * } * ``` */ conversationExists(conversationId: ConversationId): Promise; /** * Marks a conversation as child of another one * This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled) * * @param childId - conversation identifier of the child conversation * @param parentId - conversation identifier of the parent conversation */ markConversationAsChildOf(childId: ConversationId, parentId: ConversationId): Promise; /** * Returns the current epoch of a conversation * * @returns the epoch of the conversation * * @example * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * const encoder = new TextEncoder(); * console.log(await cc.conversationEpoch(encoder.encode("my super chat"))) * ``` */ conversationEpoch(conversationId: ConversationId): Promise; /** * Returns the ciphersuite of a conversation * * @returns the ciphersuite of the conversation */ conversationCiphersuite(conversationId: ConversationId): Promise; /** * Wipes and destroys the local storage of a given conversation / MLS group * * @param conversationId - The ID of the conversation to remove */ wipeConversation(conversationId: ConversationId): Promise; /** * Creates a new conversation with the current client being the sole member * You will want to use {@link addClientsToConversation} afterwards to add clients to this conversation * * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs * @param creatorCredentialType - kind of credential the creator wants to create the group with * @param configuration - configuration of the MLS group * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group */ createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType, configuration?: ConversationConfiguration$1): Promise; /** * Decrypts a message for a given conversation. * * Note: you should catch & ignore the following error reasons: * * "We already decrypted this message once" * * "You tried to join with an external commit but did not merge it yet. We will reapply this message for you when you merge your external commit" * * "Incoming message is for a future epoch. We will buffer it until the commit for that epoch arrives" * * @param conversationId - The ID of the conversation * @param payload - The encrypted message buffer * * @returns a {@link DecryptedMessage}. Note that {@link DecryptedMessage#message} is `undefined` when the encrypted payload contains a system message such a proposal or commit */ decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise; /** * Encrypts a message for a given conversation * * @param conversationId - The ID of the conversation * @param message - The plaintext message to encrypt * * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group. */ encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise; /** * Ingest a TLS-serialized MLS welcome message to join an existing MLS group * * You have to catch the error with this reason "Although this Welcome seems valid, the local KeyPackage * it references has already been deleted locally. Join this group with an external commit", ignore it and then * join this group via {@link CoreCryptoContext.joinByExternalCommit}. * * @param welcomeMessage - TLS-serialized MLS Welcome message * @param configuration - configuration of the MLS group * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages */ processWelcomeMessage(welcomeMessage: Welcome, configuration?: Partial): Promise; /** * Get the client's public signature key. To upload to the DS for further backend side validation * * @param ciphersuite - of the signature key to get * @param credentialType - of the public key to look for * @returns the client's public signature key */ clientPublicKey(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise; /** * * @param ciphersuite - of the KeyPackages to count * @param credentialType - of the KeyPackages to count * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage */ clientValidKeypackagesCount(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise; /** * Fetches a requested amount of keypackages * * @param ciphersuite - of the KeyPackages to generate * @param credentialType - of the KeyPackages to generate * @param amountRequested - The amount of keypackages requested * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages */ clientKeypackages(ciphersuite: Ciphersuite, credentialType: CredentialType, amountRequested: number): Promise>; /** * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} and merges it if the call is successful. * * @param conversationId - The ID of the conversation * @param keyPackages - KeyPackages of the new clients to add * * @returns Potentially a list of newly discovered crl distribution points */ addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise; /** * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed * to do so, otherwise this operation does nothing. * * @param conversationId - The ID of the conversation * @param clientIds - Array of Client IDs to remove. */ removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise; /** * Update the keying material of the conversation. * * @param conversationId - The ID of the conversation */ updateKeyingMaterial(conversationId: ConversationId): Promise; /** * Commits the local pending proposals. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} * and merges it if the call is successful. * * @param conversationId - The ID of the conversation */ commitPendingProposals(conversationId: ConversationId): Promise; /** * "Apply" to join a group through its GroupInfo. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} * and creates the group if the call is successful. * * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service * @param credentialType - kind of Credential to use for joining this group. If {@link CredentialType.Basic} is * chosen and no Credential has been created yet for it, a new one will be generated. * @param configuration - configuration of the MLS group * When {@link CredentialType.X509} is chosen, it fails when no Credential has been created for the given {@link Ciphersuite}. * * @return see {@link WelcomeBundle} */ joinByExternalCommit(groupInfo: GroupInfo, credentialType: CredentialType, configuration?: Partial): Promise; /** * Enable history sharing by generating a history client and adding it to the conversation. */ enableHistorySharing(conversationId: ConversationId): Promise; /** * Disable history sharing by removing histroy clients from the conversation. */ disableHistorySharing(conversationId: ConversationId): Promise; /** * Derives a new key from the group * * @param conversationId - The group's ID * @param keyLength - the length of the key to be derived. If the value is higher than the * bounds of `u16` or the context hash * 255, an error will be returned * * @returns A `Uint8Array` representing the derived key */ exportSecretKey(conversationId: ConversationId, keyLength: number): Promise; /** * Returns the raw public key of the single external sender present in this group. * This should be used to initialize a subconversation * * @param conversationId - The group's ID * * @returns A `Uint8Array` representing the external sender raw public key */ getExternalSender(conversationId: ConversationId): Promise; /** * Returns all clients from group's members * * @param conversationId - The group's ID * * @returns A list of clients from the members of the group */ getClientIds(conversationId: ConversationId): Promise; /** * Allows {@link CoreCryptoContext} to act as a CSPRNG provider * * The underlying CSPRNG algorithm is ChaCha20 and takes in account the external seed provider. * * @param length - The number of bytes to be returned in the `Uint8Array` * * @returns A `Uint8Array` buffer that contains `length` cryptographically-secure random bytes */ randomBytes(length: number): Promise; /** * Initializes the proteus client */ proteusInit(): Promise; /** * Create a Proteus session using a prekey * * @param sessionId - ID of the Proteus session * @param prekey - CBOR-encoded Proteus prekey of the other client */ proteusSessionFromPrekey(sessionId: string, prekey: Uint8Array): Promise; /** * Create a Proteus session from a handshake message * * @param sessionId - ID of the Proteus session * @param envelope - CBOR-encoded Proteus message * * @returns A `Uint8Array` containing the message that was sent along with the session handshake */ proteusSessionFromMessage(sessionId: string, envelope: Uint8Array): Promise; /** * Locally persists a session to the keystore * * **Note**: This isn't usually needed as persisting sessions happens automatically when decrypting/encrypting messages and initializing Sessions * * @param sessionId - ID of the Proteus session */ proteusSessionSave(sessionId: string): Promise; /** * Deletes a session * Note: this also deletes the persisted data within the keystore * * @param sessionId - ID of the Proteus session */ proteusSessionDelete(sessionId: string): Promise; /** * Checks if a session exists * * @param sessionId - ID of the Proteus session * * @returns whether the session exists or not */ proteusSessionExists(sessionId: string): Promise; /** * Decrypt an incoming message for an existing Proteus session * * @param sessionId - ID of the Proteus session * @param ciphertext - CBOR encoded, encrypted proteus message * @returns The decrypted payload contained within the message */ proteusDecrypt(sessionId: string, ciphertext: Uint8Array): Promise; /** * Encrypt a message for a given Proteus session * * @param sessionId - ID of the Proteus session * @param plaintext - payload to encrypt * @returns The CBOR-serialized encrypted message */ proteusEncrypt(sessionId: string, plaintext: Uint8Array): Promise; /** * Batch encryption for proteus messages * This is used to minimize FFI roundtrips when used in the context of a multi-client session (i.e. conversation) * * @param sessions - List of Proteus session IDs to encrypt the message for * @param plaintext - payload to encrypt * @returns A map indexed by each session ID and the corresponding CBOR-serialized encrypted message for this session */ proteusEncryptBatched(sessions: string[], plaintext: Uint8Array): Promise>; /** * Creates a new prekey with the requested ID. * * @param prekeyId - ID of the PreKey to generate. This cannot be bigger than a u16 * @returns: A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey */ proteusNewPrekey(prekeyId: number): Promise; /** * Creates a new prekey with an automatically generated ID.. * * @returns A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey accompanied by its ID */ proteusNewPrekeyAuto(): Promise; /** * Proteus last resort prekey stuff * * @returns A CBOR-serialize version of the PreKeyBundle associated with the last resort PreKey (holding the last resort prekey id) */ proteusLastResortPrekey(): Promise; /** * @returns The last resort PreKey id */ static proteusLastResortPrekeyId(): number; /** * Proteus public key fingerprint * It's basically the public key encoded as an hex string * * @returns Hex-encoded public key string */ proteusFingerprint(): Promise; /** * Proteus session local fingerprint * * @param sessionId - ID of the Proteus session * @returns Hex-encoded public key string */ proteusFingerprintLocal(sessionId: string): Promise; /** * Proteus session remote fingerprint * * @param sessionId - ID of the Proteus session * @returns Hex-encoded public key string */ proteusFingerprintRemote(sessionId: string): Promise; /** * Hex-encoded fingerprint of the given prekey * * @param prekey - the prekey bundle to get the fingerprint from * @returns Hex-encoded public key string **/ static proteusFingerprintPrekeybundle(prekey: Uint8Array): string; /** * Creates an enrollment instance with private key material you can use in order to fetch * a new x509 certificate from the acme server. * * @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com` * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)` * @param handle - user handle e.g. `alice.smith.qa@example.com` * @param expirySec - generated x509 certificate expiry * @param ciphersuite - for generating signing key material * @param team - name of the Wire team a user belongs to * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiMlsInitOnly} */ e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise; /** * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI. * Once the enrollment is finished, use {@link CoreCryptoContext.e2eiRotate} to do key rotation. * * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)` * @param handle - user handle e.g. `alice.smith.qa@example.com` * @param expirySec - generated x509 certificate expiry * @param ciphersuite - for generating signing key material * @param team - name of the Wire team a user belongs to * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotate} */ e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise; /** * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) * having to change/rotate their credential, either because the former one is expired or it * has been revoked. It lets you change the DisplayName or the handle * if you need to. Once the enrollment is finished, use {@link CoreCryptoContext.e2eiRotate} * to do key rotation. * * @param expirySec - generated x509 certificate expiry * @param ciphersuite - for generating signing key material * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)` * @param handle - user handle e.g. `alice.smith.qa@example.com` * @param team - name of the Wire team a user belongs to * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotate} */ e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string, team?: string): Promise; /** * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; * that means he cannot initialize with a Basic credential * * @param enrollment - the enrollment instance used to fetch the certificates * @param certificateChain - the raw response from ACME server * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client * @returns a MlsClient initialized with only a x509 credential */ e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise; /** * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs) */ e2eiIsPKIEnvSetup(): Promise; /** * Registers a Root Trust Anchor CA for the use in E2EI processing. * * Please note that without a Root Trust Anchor, all validations *will* fail; * So this is the first step to perform after initializing your E2EI client * * @param trustAnchorPEM - PEM certificate to anchor as a Trust Root */ e2eiRegisterAcmeCA(trustAnchorPEM: string): Promise; /** * Registers an Intermediate CA for the use in E2EI processing. * * Please note that a Root Trust Anchor CA is needed to validate Intermediate CAs; * You **need** to have a Root CA registered before calling this * * @param certPEM - PEM certificate to register as an Intermediate CA */ e2eiRegisterIntermediateCA(certPEM: string): Promise; /** * Registers a CRL for the use in E2EI processing. * * Please note that a Root Trust Anchor CA is needed to validate CRLs; * You **need** to have a Root CA registered before calling this * * @param crlDP - CRL Distribution Point; Basically the URL you fetched it from * @param crlDER - DER representation of the CRL * * @returns a {@link CRLRegistration} with the dirty state of the new CRL (see struct) and its expiration timestamp */ e2eiRegisterCRL(crlDP: string, crlDER: Uint8Array): Promise; /** * Creates an update commit which replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation. * * NOTE: you can only call this after you've completed the enrollment for an end-to-end identity, and saved the * resulting credential with {@link CoreCryptoContext.saveX509Credential}. * Calling this without a valid end-to-end identity will result in an error. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} and merges it if the call is successful. * * @param conversationId - The ID of the conversation */ e2eiRotate(conversationId: ConversationId): Promise; /** * Saves a new X509 credential. Requires first * having enrolled a new X509 certificate with either {@link CoreCryptoContext.e2eiNewActivationEnrollment} * or {@link CoreCryptoContext.e2eiNewRotateEnrollment} * * # Expected actions to perform after this function (in this order) * 1. Rotate credentials for each conversation using {@link CoreCryptoContext.e2eiRotate} * 2. Generate new key packages with {@link CoreCryptoContext.clientKeypackages} * 3. Use these to replace the stale ones the in the backend * 4. Delete the stale ones locally using {@link CoreCryptoContext.deleteStaleKeyPackages} * * This is the last step because you might still need the old key packages to avoid * an orphan welcome message * * @param enrollment - the enrollment instance used to fetch the certificates * @param certificateChain - the raw response from ACME server * @returns Potentially a list of new crl distribution points discovered in the certificate chain */ saveX509Credential(enrollment: E2eiEnrollment, certificateChain: string): Promise; /** * Deletes all key packages whose credential does not match the most recently * saved x509 credential and the provided signature scheme. * @param ciphersuite */ deleteStaleKeyPackages(ciphersuite: Ciphersuite): Promise; /** * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume * it later with {@link e2eiEnrollmentStashPop} * * @param enrollment the enrollment instance to persist * @returns a handle to fetch the enrollment later with {@link e2eiEnrollmentStashPop} */ e2eiEnrollmentStash(enrollment: E2eiEnrollment): Promise; /** * Fetches the persisted enrollment and deletes it from the keystore * * @param handle returned by {@link e2eiEnrollmentStash} * @returns the persisted enrollment instance */ e2eiEnrollmentStashPop(handle: Uint8Array): Promise; /** * Indicates when to mark a conversation as not verified i.e. when not all its members have a X509. * Credential generated by Wire's end-to-end identity enrollment * * @param conversationId The group's ID * @returns the conversation state given current members */ e2eiConversationState(conversationId: ConversationId): Promise; /** * Returns true when end-to-end-identity is enabled for the given Ciphersuite * * @param ciphersuite of the credential to check * @returns true if end-to-end identity is enabled for the given ciphersuite */ e2eiIsEnabled(ciphersuite: Ciphersuite): Promise; /** * From a given conversation, get the identity of the members supplied. Identity is only present for members with a * Certificate Credential (after turning on end-to-end identity). * * @param conversationId - identifier of the conversation * @param deviceIds - identifiers of the devices * @returns identities or if no member has a x509 certificate, it will return an empty List */ getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise; /** * From a given conversation, get the identity of the users (device holders) supplied. * Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity). * If no member has a x509 certificate, it will return an empty Vec. * * @param conversationId - identifier of the conversation * @param userIds - user identifiers hyphenated UUIDv4 e.g. 'bd4c7053-1c5a-4020-9559-cd7bf7961954' * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user. */ getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise>; } /** * Params for CoreCrypto deferred initialization * Please note that the `entropySeed` parameter MUST be exactly 32 bytes */ export interface CoreCryptoDeferredParams { /** * Name of the IndexedDB database */ databaseName: string; /** * Encryption master key * This should be appropriately stored in a secure location (i.e. WebCrypto private key storage) */ key: DatabaseKey; /** * External PRNG entropy pool seed. * This **must** be exactly 32 bytes */ entropySeed?: Uint8Array; } /** * Params for CoreCrypto initialization * Please note that the `entropySeed` parameter MUST be exactly 32 bytes */ export interface CoreCryptoParams extends CoreCryptoDeferredParams { /** * MLS Client ID. * This should stay consistent as it will be verified against the stored signature & identity to validate the persisted credential */ clientId: ClientId; /** * All the ciphersuites this MLS client can support */ ciphersuites: Ciphersuite[]; /** * Number of initial KeyPackage to create when initializing the client */ nbKeyPackage?: number; } export interface EpochObserver { epochChanged(conversationId: ConversationId, epoch: number): Promise; } export interface HistoryObserver { historyClientCreated(conversationId: ConversationId, secret: HistorySecret): Promise; } /** * Initializes the global logger for Core Crypto and registers the callback. * * **NOTE:** you must call this after `await CoreCrypto.init(params)` or `await CoreCrypto.deferredInit(params)`. * * @param logger - the interface to be called when something is going to be logged **/ export declare function setLogger(logger: CoreCryptoLogger): void; /** * An interface to register a logger in CoreCrypto **/ export interface CoreCryptoLogger { /** * This method will be called by Core Crypto to log messages. It is up to the implementer to decide how to handle the message and where to actually log it. * @param level - the level of the logged message. it will also be present in the json message * @param message - log message * @param context - additional context captured when the log was made. **/ log: (level: CoreCryptoLogLevel, message: string, context: string) => void; } /** * Defines the maximum log level for the logs from Core Crypto **/ export declare enum CoreCryptoLogLevel { Off = 1, Trace = 2, Debug = 3, Info = 4, Warn = 5, Error = 6 } /** * Sets maximum log level for logs forwarded to the logger, defaults to `Warn`. * * @param level - the max level that should be logged */ export declare function setMaxLogLevel(level: CoreCryptoLogLevel): void; /** * Returns build metadata for the {@link CoreCrypto} libary. * * @returns varous build metadata for `core-crypto`. */ export declare function buildMetadata(): BuildMetadata; /** * Returns the current version of {@link CoreCrypto} * * @returns the CoreCrypto version as a string (e.g. "3.1.2") */ export declare function version(): string; /** * Wrapper for the WASM-compiled version of CoreCrypto */ export declare class CoreCrypto { #private; /** * Should only be used internally */ inner(): unknown; static setLogger(logger: CoreCryptoLogger): void; static setMaxLogLevel(level: CoreCryptoLogLevel): void; /** * This is your entrypoint to initialize {@link CoreCrypto}! * * @param params - {@link CoreCryptoParams} * * @example * ## Simple init * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * // Do the rest with `cc` * ``` * * ## Custom Entropy seed init * ```ts * // FYI, this is the IETF test vector #1 * const entropySeed = Uint32Array.from([ * 0xade0b876, 0x903df1a0, 0xe56a5d40, 0x28bd8653, * 0xb819d2bd, 0x1aed8da0, 0xccef36a8, 0xc70d778b, * 0x7c5941da, 0x8d485751, 0x3fe02477, 0x374ad8b8, * 0xf4b8436a, 0x1ca11815, 0x69b687c3, 0x8665eeb2, * ]); * * const cc = await CoreCrypto.init({ * databaseName: "test", * key: "test", * clientId: "test", * entropySeed, * }); * ```` */ static init({ databaseName, key, clientId, ciphersuites, entropySeed, nbKeyPackage, }: CoreCryptoParams): Promise; /** * Almost identical to {@link CoreCrypto.init} but allows a 2 phase initialization of MLS. * First, calling this will set up the keystore and will allow generating proteus prekeys. * Then, those keys can be traded for a clientId. * Use this clientId to initialize MLS with {@link CoreCryptoContext.mlsInit}. * @param params - {@link CoreCryptoDeferredParams} */ static deferredInit({ databaseName, key, entropySeed, }: CoreCryptoDeferredParams): Promise; /** * Instantiate a history client. * * This client exposes the full interface of `CoreCrypto`, but it should only be used to decrypt messages. * Other use is a logic error. */ static historyClient(historySecret: HistorySecret): Promise; /** * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed, * otherwise, every operation performed with the context will be discarded. * * @param callback - The callback to execute within the transaction * * @returns the result of the callback will be returned from this call */ transaction(callback: (ctx: CoreCryptoContext$1) => Promise): Promise; /** @hidden */ private constructor(); /** * Waits for any transaction that is currently in progress, then closes this {@link CoreCrypto} * instance and deallocates all loaded resources * * **CAUTION**: This {@link CoreCrypto} instance won't be usable after a call to this method, * but there's no way to express this requirement in TypeScript, so you'll get errors instead! */ close(): Promise; /** * Registers the transport callbacks for core crypto to give it access to backend endpoints for sending * a commit bundle or a message, respectively. * * @param transportProvider - Any implementor of the {@link MlsTransport} interface * @param _ctx - unused */ provideTransport(transportProvider: MlsTransport, _ctx?: unknown): Promise; /** * See {@link CoreCryptoContext.conversationExists}. */ conversationExists(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.conversationEpoch}. * * @returns the epoch of the conversation * * @example * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * const encoder = new TextEncoder(); * console.log(await cc.conversationEpoch(encoder.encode("my super chat"))) * ``` */ conversationEpoch(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.conversationCiphersuite}. * * @returns the ciphersuite of the conversation */ conversationCiphersuite(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.clientPublicKey}. * * @param ciphersuite - of the signature key to get * @param credentialType - of the public key to look for * @returns the client's public signature key */ clientPublicKey(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise; /** * See {@link CoreCryptoContext.exportSecretKey}. * * @param conversationId - The group's ID * @param keyLength - the length of the key to be derived. If the value is higher than the * bounds of `u16` or the context hash * 255, an error will be returned * * @returns A `Uint8Array` representing the derived key */ exportSecretKey(conversationId: ConversationId, keyLength: number): Promise; /** * Check if history sharing is enabled, i.e., if any of the conversation members have a {@link ClientId} starting * with the history client id prefix. * * @param conversationId - The group's ID * * @returns Whether history sharing is enabled */ isHistorySharingEnabled(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.getExternalSender}. * * @param conversationId - The group's ID * * @returns A `Uint8Array` representing the external sender raw public key */ getExternalSender(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.getClientIds}. * * @param conversationId - The group's ID * * @returns A list of clients from the members of the group */ getClientIds(conversationId: ConversationId): Promise; /** * See {@link CoreCryptoContext.randomBytes}. * * @param length - The number of bytes to be returned in the `Uint8Array` * * @returns A `Uint8Array` buffer that contains `length` cryptographically-secure random bytes */ randomBytes(length: number): Promise; /** * Allows to reseed {@link CoreCrypto}'s internal CSPRNG with a new seed. * * @param seed - **exactly 32** bytes buffer seed */ reseedRng(seed: Uint8Array): Promise; /** * Checks if a session exists * * @param sessionId - ID of the Proteus session * * @returns whether the session exists or not */ proteusSessionExists(sessionId: string): Promise; /** * @returns The last resort PreKey id */ static proteusLastResortPrekeyId(): number; /** * Proteus public key fingerprint * It's basically the public key encoded as an hex string * * @returns Hex-encoded public key string */ proteusFingerprint(): Promise; /** * Proteus session local fingerprint * * @param sessionId - ID of the Proteus session * @returns Hex-encoded public key string */ proteusFingerprintLocal(sessionId: string): Promise; /** * Proteus session remote fingerprint * * @param sessionId - ID of the Proteus session * @returns Hex-encoded public key string */ proteusFingerprintRemote(sessionId: string): Promise; /** * Hex-encoded fingerprint of the given prekey * * @param prekey - the prekey bundle to get the fingerprint from * @returns Hex-encoded public key string **/ static proteusFingerprintPrekeybundle(prekey: Uint8Array): string; /** * See {@link CoreCryptoContext.e2eiIsPKIEnvSetup}. * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs) */ e2eiIsPKIEnvSetup(): Promise; /** * See {@link CoreCryptoContext.e2eiIsEnabled}. * * @param ciphersuite of the credential to check * @returns true if end-to-end identity is enabled for the given ciphersuite */ e2eiIsEnabled(ciphersuite: Ciphersuite): Promise; /** * See {@link CoreCryptoContext.getDeviceIdentities}. * * @param conversationId - identifier of the conversation * @param deviceIds - identifiers of the devices * @returns identities or if no member has a x509 certificate, it will return an empty List */ getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise; /** * See {@link CoreCryptoContext.getUserIdentities}. * * @param conversationId - identifier of the conversation * @param userIds - user identifiers hyphenated UUIDv4 e.g. 'bd4c7053-1c5a-4020-9559-cd7bf7961954' * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user. */ getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise>; /** * Registers an epoch observer, which will then be notified every time a conversation's epoch changes. * * @param observer must conform to the {@link EpochObserver} interface * @returns nothing */ registerEpochObserver(observer: EpochObserver): Promise; /** * Registers a history observer, which will then be notified every time a history client is created. * * @param observer must conform to the {@link HistoryObserver} interface * @returns nothing */ registerHistoryObserver(observer: HistoryObserver): Promise; } /** * Initialises the wasm module necessary for running core crypto. * * @param location path where the wasm module is located. If omitted the module is assumed be located at the root of the core crypto module. */ export declare function initWasmModule(location?: string | undefined): Promise; export { AcmeDirectory$1 as AcmeDirectory, BufferedDecryptedMessage$1 as BufferedDecryptedMessage, ConversationConfiguration$1 as ConversationConfiguration, CoreCryptoContext$1 as CoreCryptoContext, DecryptedMessage$1 as DecryptedMessage, E2eiConversationState$1 as E2eiConversationState, MlsGroupInfoEncryptionType as GroupInfoEncryptionType, MlsRatchetTreeType as RatchetTreeType, ProteusAutoPrekeyBundle$1 as ProteusAutoPrekeyBundle, }; export {};