@wireapp/core-crypto

// Generated by dts-bundle-generator v9.5.1 export interface CoreCryptoRichError { message: string; error_name?: string; error_stack?: string[]; proteus_error_code?: number; } /** * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing) * * Whenever you're supposed to get this class (that extends `Error`) you might end up with a base `Error` * in case the parsing of the message structure fails. This is unlikely but the case is still covered and fall backs automatically. * More information will be found in the base `Error.cause` to inform you why the parsing has failed. * * Please note that in this case the extra properties will not be available. */ export declare class CoreCryptoError extends Error { errorStack: string[]; proteusErrorCode: number | null; private constructor(); private static fallback; static build(msg: string, ...params: unknown[]): CoreCryptoError | Error; static fromStdError(e: Error): CoreCryptoError | Error; static asyncMapErr<T>(p: Promise<T>): Promise<T>; } declare enum Ciphersuite { /** * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1, /** * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256 */ MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2, /** * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3, /** * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4, /** * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521 */ MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5, /** * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6, /** * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384 */ MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7 } declare enum CredentialType { /** * Just a KeyPair */ Basic = 1, /** * A certificate obtained through e2e identity enrollment process */ X509 = 2 } declare enum WirePolicy { /** * Handshake messages are never encrypted */ Plaintext = 1, /** * Handshake messages are always encrypted */ Ciphertext = 2 } declare class AcmeChallenge { private constructor(); free(): void; /** * Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed */ readonly delegate: Uint8Array; /** * URL of this challenge */ readonly url: string; /** * Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof. * Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge */ readonly target: string; } /** * Metadata describing the conditions of the build of this software. */ export class BuildMetadata { private constructor(); /** ** Return copy of self without private attributes. */ toJSON(): Object; /** * Return stringified version of self. */ toString(): string; free(): void; /** * Build Timestamp */ readonly timestamp: string; /** * Whether this build was in Debug mode (true) or Release mode (false) */ readonly cargoDebug: string; /** * Features enabled for this build */ readonly cargoFeatures: string; /** * Optimization level */ readonly optLevel: string; /** * Build target triple */ readonly targetTriple: string; /** * Git branch */ readonly gitBranch: string; /** * Output of `git describe` */ readonly gitDescribe: string; /** * Hash of current git commit */ readonly gitSha: string; /** * `true` when the source code differed from the commit at the most recent git hash */ readonly gitDirty: string; } /** * Configuration object for new conversations * see [core_crypto::prelude::MlsConversationConfiguration] */ export class ConversationConfiguration { free(): void; constructor(ciphersuite?: Ciphersuite, external_senders?: (Uint8Array)[], key_rotation_span?: number, wire_policy?: WirePolicy); /** * List of client IDs that are allowed to be external senders */ readonly externalSenders: Array<any>; /** * Conversation ciphersuite */ readonly ciphersuite: Ciphersuite | undefined; /** * Additional configuration */ readonly custom: CustomConfiguration; } declare class CoreCryptoContext { private constructor(); free(): void; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::context::CentralContext::set_data] */ set_data(data: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Option<js_sys::Uint8Array>>`] * * see [core_crypto::context::CentralContext::get_data] */ get_data(): Promise<any>; /** * see [core_crypto::mls::context::CentralContext::mls_init] */ mls_init(client_id: Uint8Array, ciphersuites: Uint16Array, nb_key_package?: number): Promise<any>; /** * Returns [`WasmCryptoResult<Vec<u8>>`] * * See [core_crypto::mls::context::CentralContext::mls_generate_keypairs] */ mls_generate_keypair(ciphersuites: Uint16Array): Promise<any>; /** * Returns [`WasmCryptoResult<()>`] * * See [core_crypto::mls::context::CentralContext::mls_init_with_client_id] */ mls_init_with_client_id(client_id: Uint8Array, signature_public_keys: (Uint8Array)[], ciphersuites: Uint16Array): Promise<any>; /** * Returns:: [`WasmCryptoResult<js_sys::Uint8Array>`] * * see [core_crypto::mls::context::CentralContext::client_public_key] */ client_public_key(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>; /** * Returns: [`WasmCryptoResult<js_sys::Array<js_sys::Uint8Array>>`] * * see [core_crypto::mls::context::CentralContext::get_or_create_client_keypackages] */ client_keypackages(ciphersuite: Ciphersuite, credential_type: CredentialType, amount_requested: number): Promise<any>; /** * Returns: [`WasmCryptoResult<usize>`] * * see [core_crypto::mls::context::CentralContext::client_valid_key_packages_count] */ client_valid_keypackages_count(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>; /** * Returns: [`WasmCryptoResult<usize>`] * * see [core_crypto::mls::context::CentralContext::delete_keypackages] */ delete_keypackages(refs: (Uint8Array)[]): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::mls::context::CentralContext::new_conversation] */ create_conversation(conversation_id: Uint8Array, creator_credential_type: CredentialType, config: ConversationConfiguration): Promise<any>; /** * Returns [`WasmCryptoResult<u64>`] * * see [core_crypto::mls::conversation::ConversationGuard::epoch] */ conversation_epoch(conversation_id: Uint8Array): Promise<any>; /** * Returns [`WasmCryptoResult<Ciphersuite>`] * * see [core_crypto::mls::context::CentralContext::conversation_ciphersuite] */ conversation_ciphersuite(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`bool`] * * see [core_crypto::mls::context::CentralContext::conversation_exists] */ conversation_exists(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Uint8Array>`] * * see [core_crypto::mls::context::CentralContext::process_raw_welcome_message] */ process_welcome_message(welcome_message: Uint8Array, custom_configuration: CustomConfiguration): Promise<any>; /** * Returns: [`WasmCryptoResult<Option<Vec<String>>>`] * * see [core_crypto::mls::conversation::conversation_guard::ConversationGuard::add_members] */ add_clients_to_conversation(conversation_id: Uint8Array, key_packages: (Uint8Array)[]): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::mls::context::CentralContext::remove_members_from_conversation] */ remove_clients_from_conversation(conversation_id: Uint8Array, clients: (Uint8Array)[]): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::mls::conversation::ConversationGuard::mark_as_child_of] */ mark_conversation_as_child_of(child_id: Uint8Array, parent_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult()`] * * see [core_crypto::mls::context::CentralContext::update_keying_material] */ update_keying_material(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult()`] * * see [core_crypto::mls::context::CentralContext::commit_pending_proposals] */ commit_pending_proposals(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::mls::context::CentralContext::wipe_conversation] */ wipe_conversation(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<DecryptedMessage>`] * * see [core_crypto::mls::conversation::conversation_guard::ConversationGuard::decrypt_message] */ decrypt_message(conversation_id: Uint8Array, payload: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Uint8Array>`] * * see [core_crypto::mls::conversation::conversation_guard::ConversationGuard::encrypt_message] */ encrypt_message(conversation_id: Uint8Array, message: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<WelcomeBundle>`] * * see [core_crypto::mls::context::CentralContext::join_by_external_commit] */ join_by_external_commit(group_info: Uint8Array, custom_configuration: CustomConfiguration, credential_type: CredentialType): Promise<any>; /** * Returns: [`WasmCryptoResult<js_sys::Uint8Array>`] * * see [core_crypto::mls::context::CentralContext::random_bytes] */ random_bytes(len: number): Promise<any>; /** * Returns: [`WasmCryptoResult<Vec<u8>>`] * * see [core_crypto::mls::conversation::ImmutableConversation::export_secret_key] */ export_secret_key(conversation_id: Uint8Array, key_length: number): Promise<any>; /** * Returns: [`WasmCryptoResult<Vec<u8>>`] * * see [core_crypto::mls::conversation::ImmutableConversation::get_external_sender] */ get_external_sender(id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Box<[js_sys::Uint8Array]>`] * * see [core_crypto::conversation::ImmutableConversation::get_client_ids] */ get_client_ids(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::proteus::ProteusCentral::try_new] */ proteus_init(): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * See [core_crypto::context::CentralContext::proteus_session_from_prekey] */ proteus_session_from_prekey(session_id: string, prekey: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Vec<u8>>`] * * See [core_crypto::context::CentralContext::proteus_session_from_message] */ proteus_session_from_message(session_id: string, envelope: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * /// **Note**: This isn't usually needed as persisting sessions happens automatically when decrypting/encrypting messages and initializing Sessions * * See [core_crypto::context::CentralContext::proteus_session_save] */ proteus_session_save(session_id: string): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * See [core_crypto::context::CentralContext::proteus_session_delete] */ proteus_session_delete(session_id: string): Promise<any>; /** * Returns: [`WasmCryptoResult<bool>`] * * See [core_crypto::context::CentralContext::proteus_session_exists] */ proteus_session_exists(session_id: string): Promise<any>; /** * Returns: [`WasmCryptoResult<Vec<u8>>`] * * See [core_crypto::context::CentralContext::proteus_decrypt] */ proteus_decrypt(session_id: string, ciphertext: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<js_sys::Uint8Array>`] * * See [core_crypto::context::CentralContext::proteus_encrypt] */ proteus_encrypt(session_id: string, plaintext: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<js_sys::Map<string, Uint8Array>>`] * * See [core_crypto::context::CentralContext::proteus_encrypt_batched] */ proteus_encrypt_batched(sessions: (string)[], plaintext: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Uint8Array>`] * * See [core_crypto::context::CentralContext::proteus_new_prekey] */ proteus_new_prekey(prekey_id: number): Promise<any>; /** * Returns: [`WasmCryptoResult<ProteusAutoPrekeyBundle>`] * * See [core_crypto::context::CentralContext::proteus_new_prekey_auto] */ proteus_new_prekey_auto(): Promise<any>; /** * Returns [`WasmCryptoResult<Uint8Array>`] * * See [core_crypto::context::CentralContext::proteus_last_resort_prekey] */ proteus_last_resort_prekey(): Promise<any>; /** * Returns: [`WasmCryptoResult<u16>`] * * See [core_crypto::context::CentralContext::proteus_last_resort_prekey_id] */ static proteus_last_resort_prekey_id(): number; /** * Returns: [`WasmCryptoResult<String>`] * * See [core_crypto::context::CentralContext::proteus_fingerprint] */ proteus_fingerprint(): Promise<string>; /** * Returns: [`WasmCryptoResult<String>`] * * see [core_crypto::proteus::ProteusCentral::fingerprint_local] */ proteus_fingerprint_local(session_id: string): Promise<string>; /** * Returns: [`WasmCryptoResult<String>`] * * See [core_crypto::context::CentralContext::proteus_fingerprint_remote] */ proteus_fingerprint_remote(session_id: string): Promise<string>; /** * Returns: [`WasmCryptoResult<String>`] * * See [core_crypto::proteus::ProteusCentral::fingerprint_prekeybundle] */ static proteus_fingerprint_prekeybundle(prekey: Uint8Array): string; /** * Returns: [`WasmCryptoResult<()>`] * * See [core_crypto::context::CentralContext::proteus_cryptobox_migrate] */ proteus_cryptobox_migrate(path: string): Promise<any>; /** * Returns: [`WasmCryptoResult<E2eiEnrollment>`] * * see [core_crypto::mls::context::CentralContext::e2ei_new_enrollment] */ e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>; /** * Returns: [`WasmCryptoResult<E2eiEnrollment>`] * * see [core_crypto::mls::context::CentralContext::e2ei_new_activation_enrollment] */ e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>; /** * Returns: [`WasmCryptoResult<E2eiEnrollment>`] * * see [core_crypto::mls::context::CentralContext::e2ei_new_rotate_enrollment] */ e2ei_new_rotate_enrollment(display_name: string | undefined, handle: string | undefined, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>; /** * See [core_crypto::mls::context::CentralContext::e2ei_dump_pki_env] */ e2ei_dump_pki_env(): Promise<Promise<any>>; /** * See [core_crypto::mls::context::CentralContext::e2ei_is_pki_env_setup] */ e2ei_is_pki_env_setup(): Promise<Promise<any>>; /** * See [core_crypto::mls::context::CentralContext::e2ei_register_acme_ca] */ e2ei_register_acme_ca(trust_anchor_pem: string): Promise<Promise<any>>; /** * See [core_crypto::mls::context::CentralContext::e2ei_register_intermediate_ca] */ e2ei_register_intermediate_ca(cert_pem: string): Promise<Promise<any>>; /** * See [core_crypto::mls::context::CentralContext::e2ei_register_crl] */ e2ei_register_crl(crl_dp: string, crl_der: Uint8Array): Promise<Promise<any>>; /** * see [core_crypto::mls::context::CentralContext::e2ei_mls_init_only] */ e2ei_mls_init_only(enrollment: FfiWireE2EIdentity, certificate_chain: string, nb_key_package?: number): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * See [core_crypto::mls::conversation::ConversationGuard::e2ei_rotate] */ e2ei_rotate(conversation_id: Uint8Array): Promise<any>; /** * Returns: [`WasmCryptoResult<Option<Vec<String>>>`] * * see [core_crypto::mls::context::CentralContext::save_x509_credential] */ save_x509_credential(enrollment: FfiWireE2EIdentity, certificate_chain: string): Promise<any>; /** * Returns: [`WasmCryptoResult<()>`] * * see [core_crypto::context::CentralContext::delete_stale_key_packages] */ delete_stale_key_packages(cipher_suite: Ciphersuite): Promise<any>; /** * see [core_crypto::mls::context::CentralContext::e2ei_enrollment_stash] */ e2ei_enrollment_stash(enrollment: FfiWireE2EIdentity): Promise<any>; /** * see [core_crypto::mls::context::CentralContext::e2ei_enrollment_stash_pop] */ e2ei_enrollment_stash_pop(handle: Uint8Array): Promise<any>; /** * Returns [`WasmCryptoResult<u8>`] * * see [core_crypto::mls::conversation::ImmutableConversation::e2ei_conversation_state] */ e2ei_conversation_state(conversation_id: Uint8Array): Promise<any>; /** * Returns [`WasmCryptoResult<bool>`] * * see [core_crypto::mls::context::CentralContext::e2ei_is_enabled] */ e2ei_is_enabled(ciphersuite: Ciphersuite): Promise<any>; /** * Returns [`WasmCryptoResult<Vec<WireIdentity>>`] * * see [core_crypto::mls::context::CentralContext::get_device_identities] */ get_device_identities(conversation_id: Uint8Array, device_ids: (Uint8Array)[]): Promise<any>; /** * Returns [`WasmCryptoResult<HashMap<String, Vec<WireIdentity>>>`] * * see [core_crypto::mls::context::CentralContext::get_user_identities] */ get_user_identities(conversation_id: Uint8Array, user_ids: (string)[]): Promise<any>; /** * Returns: [`WasmCryptoResult<u8>`] * * see [core_crypto::mls::context::CentralContext::get_credential_in_use] */ get_credential_in_use(group_info: Uint8Array, credential_type: CredentialType): Promise<any>; } declare class CoreCryptoWasmLogger { free(): void; constructor(logger: Function, ctx: any); } /** * see [core_crypto::prelude::MlsCustomConfiguration] */ export class CustomConfiguration { free(): void; constructor(key_rotation_span?: number, wire_policy?: WirePolicy); /** * Duration in seconds after which we will automatically force a self-update commit * Note: This isn't currently implemented */ keyRotationSpan?: number; /** * Defines if handshake messages are encrypted or not * Note: encrypted handshake messages are not supported by wire-server */ wirePolicy?: WirePolicy; } declare class E2eiDumpedPkiEnv { private constructor(); free(): void; /** * Root CA in use (i.e. Trust Anchor) */ readonly root_ca: string; /** * Intermediate CAs that are loaded */ readonly intermediates: (string)[]; /** * CRLs registered in the PKI env */ readonly crls: (string)[]; } declare class FfiWireE2EIdentity { private constructor(); free(): void; /** * See [core_crypto::e2e_identity::WireE2eIdentity::directory_response] */ directory_response(directory: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_request] */ new_account_request(previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_response] */ new_account_response(account: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_request] */ new_order_request(previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_response] */ new_order_response(order: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_request] */ new_authz_request(url: string, previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_response] */ new_authz_response(authz: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::create_dpop_token] */ create_dpop_token(expiry_secs: number, backend_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_dpop_challenge_request] */ new_dpop_challenge_request(access_token: string, previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_dpop_challenge_response] */ new_dpop_challenge_response(challenge: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_oidc_challenge_request] */ new_oidc_challenge_request(id_token: string, previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::new_oidc_challenge_response] */ new_oidc_challenge_response(challenge: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_request] */ check_order_request(order_url: string, previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_response] */ check_order_response(order: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request] */ finalize_request(previous_nonce: string): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_response] */ finalize_response(finalize: Uint8Array): Promise<any>; /** * See [core_crypto::e2e_identity::WireE2eIdentity::certificate_request] */ certificate_request(previous_nonce: string): Promise<any>; } declare class NewAcmeAuthz { private constructor(); free(): void; /** * DNS entry associated with those challenge */ readonly identifier: string; /** * ACME challenge + ACME key thumbprint */ readonly keyauth: string | undefined; /** * Associated ACME Challenge */ readonly challenge: AcmeChallenge; } declare class NewAcmeOrder { private constructor(); free(): void; readonly authorizations: (Uint8Array)[]; /** * Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed */ readonly delegate: Uint8Array; } export class WelcomeBundle { private constructor(); free(): void; /** * Identifier of the joined conversation */ readonly id: Uint8Array; /** * New CRL Distribution of members of this group */ readonly crlNewDistributionPoints: Array<any> | undefined; } /** * Represents the identity claims identifying a client * Those claims are verifiable by any member in the group */ export class WireIdentity { private constructor(); free(): void; /** * Unique client identifier e.g. `T4Coy4vdRzianwfOgXpn6A:6add501bacd1d90e@whitehouse.gov` */ readonly clientId: string; /** * Status of the Credential at the moment this object is created */ readonly status: number; /** * MLS thumbprint */ readonly thumbprint: string; readonly credentialType: number; readonly x509Identity: X509Identity | undefined; } /** * Represents the identity claims identifying a client * Those claims are verifiable by any member in the group */ export class X509Identity { private constructor(); free(): void; /** * user handle e.g. `john_wire` */ readonly handle: string; /** * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy` */ readonly displayName: string; /** * DNS domain for which this identity proof was generated e.g. `whitehouse.gov` */ readonly domain: string; /** * X509 certificate identifying this client in the MLS group ; PEM encoded */ readonly certificate: string; /** * X509 certificate serial number */ readonly serialNumber: string; /** * X509 certificate not before as Unix timestamp */ readonly notBefore: bigint; /** * X509 certificate not after as Unix timestamp */ readonly notAfter: bigint; } /** * see [core_crypto::prelude::CiphersuiteName] */ declare enum Ciphersuite$1 { /** * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1, /** * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256 */ MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2, /** * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519 */ MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3, /** * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4, /** * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521 */ MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5, /** * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448 */ MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6, /** * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384 */ MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7 } declare enum CredentialType$1 { /** * Just a KeyPair */ Basic = 1, /** * A certificate obtained through e2e identity enrollment process */ X509 = 2 } /** * see [core_crypto::prelude::MlsWirePolicy] */ declare enum WirePolicy$1 { /** * Handshake messages are never encrypted */ Plaintext = 1, /** * Handshake messages are always encrypted */ Ciphertext = 2 } /** * Alias for conversation IDs. * This is a freeform, uninspected buffer. */ export type ConversationId = Uint8Array; /** * Alias for client identifier. * This is a freeform, uninspected buffer. */ export type ClientId = Uint8Array; /** * Alias for proposal reference. It is a byte array of size 16. */ export type ProposalRef = Uint8Array; /** * Data shape for a MLS generic commit + optional bundle (aka stapled commit & welcome) */ export interface CommitBundle { /** * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation * * @readonly */ commit: Uint8Array; /** * Optional TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation * * @readonly */ welcome?: Uint8Array; /** * MLS GroupInfo which is required for joining a group by external commit * * @readonly */ groupInfo: GroupInfoBundle; } /** * Wraps a GroupInfo in order to efficiently upload it to the Delivery Service. * This is not part of MLS protocol but parts might be standardized at some point. */ export interface GroupInfoBundle { /** * see {@link GroupInfoEncryptionType} */ encryptionType: GroupInfoEncryptionType; /** * see {@link RatchetTreeType} */ ratchetTreeType: RatchetTreeType; /** * TLS-serialized GroupInfo */ payload: Uint8Array; } /** * Informs whether the GroupInfo is confidential * see [core_crypto::mls::conversation::group_info::GroupInfoEncryptionType] */ export declare enum GroupInfoEncryptionType { /** * Unencrypted */ Plaintext = 1, /** * Encrypted in a JWE (not yet implemented) */ JweEncrypted = 2 } /** * Represents different ways of carrying the Ratchet Tree with some optimizations to save some space * see [core_crypto::mls::conversation::group_info::RatchetTreeType] */ export declare enum RatchetTreeType { /** * Complete GroupInfo */ Full = 1, /** * Contains the difference since previous epoch (not yet implemented) */ Delta = 2, /** * To define (not yet implemented) */ ByRef = 3 } /** * This is a wrapper for all the possible outcomes you can get after decrypting a message */ export interface DecryptedMessage { /** * Raw decrypted application message, if the decrypted MLS message is an application message */ message?: Uint8Array; /** * Only when decrypted message is a commit, CoreCrypto will renew local proposal which could not make it in the commit. * This will contain either: * * local pending proposal not in the accepted commit * * If there is a pending commit, its proposals which are not in the accepted commit */ proposals: ProposalBundle[]; /** * It is set to false if ingesting this MLS message has resulted in the client being removed from the group (i.e. a Remove commit) */ isActive: boolean; /** * Commit delay hint (in milliseconds) to prevent clients from hammering the server with epoch changes */ commitDelay?: number; /** * Client identifier of the sender of the message being decrypted. Only present for application messages. */ senderClientId?: ClientId; /** * true when the decrypted message resulted in an epoch change i.e. it was a commit */ hasEpochChanged: boolean; /** * Identity claims present in the sender credential * Only present when the credential is a x509 certificate * Present for all messages */ identity?: WireIdentity; /** * Only set when the decrypted message is a commit. * Contains buffered messages for next epoch which were received before the commit creating the epoch * because the DS did not fan them out in order. */ bufferedMessages?: BufferedDecryptedMessage[]; /** * New CRL distribution points that appeared by the introduction of a new credential */ crlNewDistributionPoints?: string[]; } /** * Almost same as {@link DecryptedMessage} but avoids recursion */ export interface BufferedDecryptedMessage { /** * see {@link DecryptedMessage.message} */ message?: Uint8Array; /** * see {@link DecryptedMessage.proposals} */ proposals: ProposalBundle[]; /** * see {@link DecryptedMessage.isActive} */ isActive: boolean; /** * see {@link DecryptedMessage.commitDelay} */ commitDelay?: number; /** * see {@link DecryptedMessage.senderClientId} */ senderClientId?: ClientId; /** * see {@link DecryptedMessage.hasEpochChanged} */ hasEpochChanged: boolean; /** * see {@link DecryptedMessage.identity} */ identity?: WireIdentity; /** * see {@link DecryptedMessage.crlNewDistributionPoints} */ crlNewDistributionPoints?: string[]; } /** * Indicates the standalone status of a device Credential in a MLS group at a moment T. * This does not represent the states where a device is not using MLS or is not using end-to-end identity */ export declare enum DeviceStatus { /** * All is fine */ Valid = 1, /** * The Credential's certificate is expired */ Expired = 2, /** * The Credential's certificate is revoked */ Revoked = 3 } /** * Returned by all methods creating proposals. Contains a proposal message and an identifier to roll back the proposal */ export interface ProposalBundle { /** * TLS-serialized MLS proposal that needs to be fanned out to other (existing) members of the conversation * * @readonly */ proposal: Uint8Array; /** * Unique identifier of a proposal. * * @readonly */ proposalRef: ProposalRef; /** * New CRL Distribution of members of this group * * @readonly */ crlNewDistributionPoints?: string[]; } /** * Returned by {@link MlsTransport} callbacks. */ export type MlsTransportResponse = "success" | "retry" | { /** * The message was rejected by the delivery service and there's no recovery. */ abort: { reason: string; }; }; /** * An interface that must be implemented and provided to CoreCrypto via * {@link CoreCrypto.provideTransport}. */ export interface MlsTransport { /** * This callback is called by CoreCrypto to send a commit bundle to the delivery service. * * @param commitBundle - the commit bundle * @returns a promise resolving to a {@link MlsTransportResponse} */ sendCommitBundle: (commitBundle: CommitBundle) => Promise<MlsTransportResponse>; /** * This callback is called by CoreCrypto to send a regular message to the delivery service. * @param message * @returns a promise resolving to a {@link MlsTransportResponse} */ sendMessage: (message: Uint8Array) => Promise<MlsTransportResponse>; } /** * Supporting struct for CRL registration result */ export interface CRLRegistration { /** * Whether this CRL modifies the old CRL (i.e. has a different revocated cert list) * * @readonly */ dirty: boolean; /** * Optional expiration timestamp * * @readonly */ expiration?: number; } export interface AcmeDirectory { /** * URL for fetching a new nonce. Use this only for creating a new account. */ newNonce: string; /** * URL for creating a new account. */ newAccount: string; /** * URL for creating a new order. */ newOrder: string; /** * Revocation URL */ revokeCert: string; } /** * Returned by APIs whose code paths potentially discover new certificate revocation list distribution URLs. */ export type NewCrlDistributionPoints = string[] | undefined; export type JsonRawData = Uint8Array; export declare class E2eiEnrollment { #private; /** @hidden */ constructor(e2ei: unknown); free(): void; /** * Should only be used internally */ inner(): unknown; /** * Parses the response from `GET /acme/{provisioner-name}/directory`. * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use * {@link AcmeDirectory.newNonce}. * * @param directory HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1 */ directoryResponse(directory: JsonRawData): Promise<AcmeDirectory>; /** * For creating a new acme account. This returns a signed JWS-alike request body to send to * `POST /acme/{provisioner-name}/new-account`. * * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3 */ newAccountRequest(previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/new-account`. * @param account HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3 */ newAccountResponse(account: JsonRawData): Promise<void>; /** * Creates a new acme order for the handle (userId + display name) and the clientId. * * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ newOrderRequest(previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/new-order`. * * @param order HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ newOrderResponse(order: JsonRawData): Promise<NewAcmeOrder>; /** * Creates a new authorization request. * * @param url one of the URL in new order's authorizations from {@link newOrderResponse}) * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the * previous to this method if you are creating the second authorization) * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5 */ newAuthzRequest(url: string, previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}` * * @param authz HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5 */ newAuthzResponse(authz: JsonRawData): Promise<NewAcmeAuthz>; /** * Generates a new client Dpop JWT token. It demonstrates proof of possession of the nonces * (from wire-server & acme server) and will be verified by the acme server when verifying the * challenge (in order to deliver a certificate). * * Then send it to `POST /clients/{id}/access-token` * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server. * * @param expirySecs of the client Dpop JWT. This should be equal to the grace period set in Team Management * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce} */ createDpopToken(expirySecs: number, backendNonce: string): Promise<Uint8Array>; /** * Creates a new challenge request for Wire Dpop challenge. * * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newDpopChallengeRequest(accessToken: string, previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the DPoP challenge. * * @param challenge HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newDpopChallengeResponse(challenge: JsonRawData): Promise<void>; /** * Creates a new challenge request for Wire Oidc challenge. * * @param idToken you get back from Identity Provider * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newOidcChallengeRequest(idToken: string, previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the OIDC challenge. * * @param challenge HTTP response body * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1 */ newOidcChallengeResponse(challenge: JsonRawData): Promise<void>; /** * Verifies that the previous challenge has been completed. * * @param orderUrl `location` header from http response you got from {@link newOrderResponse} * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ checkOrderRequest(orderUrl: string, previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`. * * @param order HTTP response body * @return finalize url to use with {@link finalizeRequest} * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ checkOrderResponse(order: JsonRawData): Promise<string>; /** * Final step before fetching the certificate. * * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ finalizeRequest(previousNonce: string): Promise<JsonRawData>; /** * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`. * * @param finalize HTTP response body * @return the certificate url to use with {@link certificateRequest} * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 */ finalizeResponse(finalize: JsonRawData): Promise<string>; /** * Creates a request for finally fetching the x509 certificate. * * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize` * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2 */ certificateRequest(previousNonce: string): Promise<JsonRawData>; } /** * Indicates the state of a Conversation regarding end-to-end identity. * Note: this does not check pending state (pending commit, pending proposals) so it does not * consider members about to be added/removed */ export declare enum E2eiConversationState { /** * All clients have a valid E2EI certificate */ Verified = 1, /** * Some clients are either still Basic or their certificate is expired */ NotVerified = 2, /** * All clients are still Basic. If all client have expired certificates, NotVerified is returned. */ NotEnabled = 3 } /** * Data shape for proteusNewPrekeyAuto() call returns. */ export interface ProteusAutoPrekeyBundle { /** * Proteus PreKey id * * @readonly */ id: number; /** * CBOR-serialized Proteus PreKeyBundle * * @readonly */ pkb: Uint8Array; } declare class CoreCryptoContext$1 { #private; /** @hidden */ private constructor(); /** @hidden */ static fromFfiContext(ctx: CoreCryptoContext): CoreCryptoContext$1; /** * Set arbitrary data to be retrieved by {@link getData}. * This is meant to be used as a check point at the end of a transaction. * The data should be limited to a reasonable size. */ setData(data: Uint8Array): Promise<void>; /** * Get data if it has previously been set by {@link setData}, or `undefined` otherwise. * This is meant to be used as a check point at the end of a transaction. */ getData(): Promise<Uint8Array | undefined>; /** * Use this after {@link CoreCrypto.deferredInit} when you have a clientId. It initializes MLS. * * @param clientId - {@link CoreCryptoParams#clientId} but required * @param ciphersuites - All the ciphersuites supported by this MLS client * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client */ mlsInit(clientId: ClientId, ciphersuites: Ciphersuite$1[], nbKeyPackage?: number): Promise<void>; /** * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID. * This method is designed to be used in conjunction with {@link CoreCryptoContext.mlsInitWithClientId} and represents the first step in this process * * @param ciphersuites - All the ciphersuites supported by this MLS client * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key) */ mlsGenerateKeypair(ciphersuites: Ciphersuite$1[]): Promise<Uint8Array[]>; /** * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process * * Important: This is designed to be called after {@link CoreCryptoContext.mlsGenerateKeypair} * * @param clientId - The newly-allocated client ID by the MLS Authentication Service * @param signaturePublicKeys - The public key you were given at the first step; This is for authentication purposes * @param ciphersuites - All the ciphersuites supported by this MLS client */ mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite$1[]): Promise<void>; /** * Checks if the Client is member of a given conversation and if the MLS Group is loaded up * * @returns Whether the given conversation ID exists * * @example * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * const encoder = new TextEncoder(); * if (await cc.conversationExists(encoder.encode("my super chat"))) { * // Do something * } else { * // Do something else * } * ``` */ conversationExists(conversationId: ConversationId): Promise<boolean>; /** * Marks a conversation as child of another one * This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled) * * @param childId - conversation identifier of the child conversation * @param parentId - conversation identifier of the parent conversation */ markConversationAsChildOf(childId: ConversationId, parentId: ConversationId): Promise<void>; /** * Returns the current epoch of a conversation * * @returns the epoch of the conversation * * @example * ```ts * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" }); * const encoder = new TextEncoder(); * console.log(await cc.conversationEpoch(encoder.encode("my super chat"))) * ``` */ conversationEpoch(conversationId: ConversationId): Promise<number>; /** * Returns the ciphersuite of a conversation * * @returns the ciphersuite of the conversation */ conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite$1>; /** * Wipes and destroys the local storage of a given conversation / MLS group * * @param conversationId - The ID of the conversation to remove */ wipeConversation(conversationId: ConversationId): Promise<void>; /** * Creates a new conversation with the current client being the sole member * You will want to use {@link addClientsToConversation} afterwards to add clients to this conversation * * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs * @param creatorCredentialType - kind of credential the creator wants to create the group with * @param configuration - configuration of the MLS group * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group * @param configuration.custom - {@link CustomConfiguration} */ createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType$1, configuration?: Partial<ConversationConfiguration>): Promise<any>; /** * Decrypts a message for a given conversation. * * Note: you should catch & ignore the following error reasons: * * "We already decrypted this message once" * * "You tried to join with an external commit but did not merge it yet. We will reapply this message for you when you merge your external commit" * * "Incoming message is for a future epoch. We will buffer it until the commit for that epoch arrives" * * @param conversationId - The ID of the conversation * @param payload - The encrypted message buffer * * @returns a {@link DecryptedMessage}. Note that {@link DecryptedMessage#message} is `undefined` when the encrypted payload contains a system message such a proposal or commit */ decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>; /** * Encrypts a message for a given conversation * * @param conversationId - The ID of the conversation * @param message - The plaintext message to encrypt * * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group. */ encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>; /** * Ingest a TLS-serialized MLS welcome message to join an existing MLS group * * You have to catch the error with this reason "Although this Welcome seems valid, the local KeyPackage * it references has already been deleted locally. Join this group with an external commit", ignore it and then * join this group via {@link CoreCryptoContext.joinByExternalCommit}. * * @param welcomeMessage - TLS-serialized MLS Welcome message * @param configuration - configuration of the MLS group * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages */ processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: Partial<CustomConfiguration>): Promise<WelcomeBundle>; /** * Get the client's public signature key. To upload to the DS for further backend side validation * * @param ciphersuite - of the signature key to get * @param credentialType - of the public key to look for * @returns the client's public signature key */ clientPublicKey(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<Uint8Array>; /** * * @param ciphersuite - of the KeyPackages to count * @param credentialType - of the KeyPackages to count * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage */ clientValidKeypackagesCount(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<number>; /** * Fetches a requested amount of keypackages * * @param ciphersuite - of the KeyPackages to generate * @param credentialType - of the KeyPackages to generate * @param amountRequested - The amount of keypackages requested * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages */ clientKeypackages(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1, amountRequested: number): Promise<Array<Uint8Array>>; /** * Prunes local KeyPackages after making sure they also have been deleted on the backend side * You should only use this after calling {@link CoreCryptoContext.e2eiRotate} on all conversations. * * @param refs - KeyPackage references to delete obtained from a {RotateBundle} */ deleteKeypackages(refs: Uint8Array[]): Promise<void>; /** * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} and merges it if the call is successful. * * @param conversationId - The ID of the conversation * @param keyPackages - KeyPackages of the new clients to add * * @returns Potentially a list of newly discovered crl distribution points */ addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise<NewCrlDistributionPoints>; /** * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed * to do so, otherwise this operation does nothing. * * @param conversationId - The ID of the conversation * @param clientIds - Array of Client IDs to remove. */ removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<void>; /** * Update the keying material of the conversation. * * @param conversationId - The ID of the conversation */ updateKeyingMaterial(conversationId: ConversationId): Promise<void>; /** * Commits the local pending proposals. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} * and merges it if the call is successful. * * @param conversationId - The ID of the conversation */ commitPendingProposals(conversationId: ConversationId): Promise<void>; /** * "Apply" to join a group through its GroupInfo. * * Sends the corresponding commit via {@link MlsTransport.sendCommitBundle} * and creates the group if the call is successful. * * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service * @param credentialType - kind of Credential to use for joining this group. If {@link CredentialType.Basic} is * chosen and no Credential has been created yet for it, a new one will be generated. * @param configuration - configuration of the MLS group * When {@link CredentialType.X509} is chosen, it fails when no Credentia