export declare class EdhocError extends Error {
    constructor(message: string);
}
export declare class EdhocCipherSuiteError extends EdhocError {
    readonly peerCipherSuites: number[];
    constructor(message: string, peerCipherSuites: number[]);
}
export declare enum EdhocCredentialsFormat {
    kid = 4,
    x5chain = 33,
    x5t = 34
}
export interface EdhocCredentials {
    format: EdhocCredentialsFormat;
    privateKey?: Buffer;
    publicKey?: Buffer;
}
export interface EdhocCredentialsKID extends EdhocCredentials {
    format: EdhocCredentialsFormat.kid;
    kid: {
        kid: number | Buffer;
        credentials?: Buffer;
        isCBOR?: boolean;
    };
}
export interface EdhocCredentialsCertificateChain extends EdhocCredentials {
    format: EdhocCredentialsFormat.x5chain;
    x5chain: {
        certificates: Buffer[];
    };
}
export interface EdhocCredentialsCertificateHash extends EdhocCredentials {
    format: EdhocCredentialsFormat.x5t;
    x5t: {
        certificate?: Buffer;
        hash: Buffer;
        hashAlgorithm: EdhocCredentialsCertificateHashAlgorithm;
    };
}
export declare enum EdhocCredentialsCertificateHashAlgorithm {
    Sha256 = -16,
    Sha256_64 = -15
}
export interface EdhocCredentialManager {
    fetch(edhoc: EDHOC): Promise<EdhocCredentials> | EdhocCredentials | never;
    verify(edhoc: EDHOC, credentials: EdhocCredentials): Promise<EdhocCredentials> | EdhocCredentials | never;
}
export type EdhocPublicKey = Buffer;
export type EdhocPrivateKey = Buffer;
export interface PublicPrivateTuple {
    publicKey: EdhocPublicKey;
    privateKey: EdhocPrivateKey;
}
export interface EdhocCryptoManager {
    generateKeyPair(edhoc: EDHOC): Promise<PublicPrivateTuple> | PublicPrivateTuple | never;
    keyAgreement(edhoc: EDHOC, privateKey: Buffer, peerPublicKey: Buffer): Promise<Buffer> | Buffer | never;
    sign(edhoc: EDHOC, privateKey: Buffer, input: Buffer): Promise<Buffer> | Buffer | never;
    verify(edhoc: EDHOC, publicKey: Buffer, input: Buffer, signature: Buffer): Promise<boolean> | boolean | never;
    hkdfExtract(edhoc: EDHOC, ikm: Buffer, salt: Buffer): Promise<Buffer> | Buffer | never;
    hkdfExpand(edhoc: EDHOC, prk: Buffer, info: Buffer, length: number): Promise<Buffer> | Buffer | never;
    encrypt(edhoc: EDHOC, key: Buffer, nonce: Buffer, aad: Buffer, plaintext: Buffer): Promise<Buffer> | Buffer | never;
    decrypt(edhoc: EDHOC, key: Buffer, nonce: Buffer, aad: Buffer, ciphertext: Buffer): Promise<Buffer> | Buffer | never;
    hash(edhoc: EDHOC, input: Buffer): Promise<Buffer> | Buffer | never;
}
export type EdhocConnectionID = number | Buffer;
export declare enum EdhocMethod {
    Method0 = 0,
    Method1 = 1,
    Method2 = 2,
    Method3 = 3
}
export declare enum EdhocSuite {
    Suite0 = 0,
    Suite1 = 1,
    Suite2 = 2,
    Suite3 = 3,
    Suite4 = 4,
    Suite5 = 5,
    Suite6 = 6,
    Suite24 = 24,
    Suite25 = 25
}
export interface EdhocEAD {
    label: number;
    value: Buffer;
}
export interface EdhocOscoreContext {
    masterSecret: Buffer;
    masterSalt: Buffer;
    senderId: Buffer;
    recipientId: Buffer;
}
export declare class EDHOC {
    connectionID: EdhocConnectionID;
    get peerConnectionID(): EdhocConnectionID;
    methods: EdhocMethod[];
    get selectedMethod(): EdhocMethod;
    set selectedMethod(v: EdhocMethod);
    cipherSuites: EdhocSuite[];
    get selectedSuite(): EdhocSuite;
    set selectedSuite(v: EdhocSuite);
    logger: (name: string, data: Buffer) => void;
    private readonly credMgr;
    private readonly crypto;
    private _state;
    private _role;
    private _method;
    private _suite;
    private _suiteParams;
    private _peerCid;
    private _ephPrivateKey;
    private _ephPub;
    private _peerEphPub;
    private _th;
    private _prk2e;
    private _prk3e2m;
    private _prk4e3m;
    private _prkOut;
    private _prkExporter;
    private _peerCredentials;
    constructor(connectionID: EdhocConnectionID, methods: EdhocMethod[], suites: EdhocSuite[], credentials: EdhocCredentialManager, crypto: EdhocCryptoManager);
    reset(): void;
    composeMessage1(ead?: EdhocEAD[]): Promise<Buffer>;
    processMessage1(message: Buffer): Promise<EdhocEAD[]>;
    composeMessage2(ead?: EdhocEAD[]): Promise<Buffer>;
    processMessage2(message: Buffer): Promise<EdhocEAD[]>;
    composeMessage3(ead?: EdhocEAD[]): Promise<Buffer>;
    processMessage3(message: Buffer): Promise<EdhocEAD[]>;
    composeMessage4(ead?: EdhocEAD[]): Promise<Buffer>;
    processMessage4(message: Buffer): Promise<EdhocEAD[]>;
    exportOSCORE(): Promise<EdhocOscoreContext>;
    exportKey(exporterLabel: number, length: number): Promise<Buffer>;
    exportUsedPeerCredentials(): EdhocCredentials | null;
    keyUpdate(context: Buffer): Promise<void>;
    /** EDHOC-KDF(PRK, label, context, length) = HKDF-Expand(PRK, info, length)
     *  info is a CBOR sequence: label, context, length (NOT array-wrapped) */
    private kdf;
    /** HKDF-Extract(IKM, salt) */
    private hkdfExtract;
    /** Hash */
    private hash;
    /** PRK_3e2m: Methods 0,2 → PRK_2e; Methods 1,3 → Extract(SALT_3e2m, G_RX) */
    private derivePrk3e2m;
    /** PRK_4e3m: Methods 0,1 → PRK_3e2m; Methods 2,3 → Extract(SALT_4e3m, G_IX) */
    private derivePrk4e3m;
    private generateEphemeralKey;
    private destroyEphemeralKey;
    /** Determine MAC length based on role and method.
     *  Responder signature methods (0, 2): tag length; otherwise hash length.
     *  Initiator signature methods (0, 1): tag length; otherwise hash length. */
    private macLength;
    /** Build context bytes: << [C_R,] ID_CRED_x, TH, CRED_x, ?EAD >> */
    private buildContext;
    /** Build Enc_structure external_aad for CIPHERTEXT_3/4: ["Encrypt0", h'', TH] */
    private buildEncAad;
    /** Compute Signature_or_MAC for the local party */
    private signOrMac;
    /** Verify Signature_or_MAC from the peer */
    private verifySignatureOrMac;
    /** Build the external_aad bstr for Sig_structure: concatenation of CBOR items */
    private buildSigExternalAad;
    private aeadEncrypt;
    private aeadDecrypt;
    private xor;
    private log;
    private assertState;
}
//# sourceMappingURL=edhoc.d.ts.map