@signalapp/libsignal-client 0.40.0 → 0.41.0

package/Native.d.ts

@@ -21,6 +21,24 @@ interface LookupResponseEntry {
   readonly pni: string | undefined;
 }
 
+interface Response {
+  status: number;
+  message: string | undefined;
+  headers: ReadonlyArray<[string, string]>;
+  body: Buffer | undefined;
+}
+
+interface DebugInfo {
+  connectionReused: boolean;
+  reconnectCount: number;
+  ipType: number;
+}
+
+interface ResponseAndDebugInfo {
+  response: Response;
+  debugInfo: DebugInfo;
+}
+
 interface SealedSenderMultiRecipientMessageRecipient {
   deviceIds: number[];
   registrationIds: number[];
@@ -126,9 +144,9 @@ export function BackupAuthCredentialPresentation_Verify(presentationBytes: Buffe
 export function BackupAuthCredentialRequestContext_CheckValidContents(contextBytes: Buffer): void;
 export function BackupAuthCredentialRequestContext_GetRequest(contextBytes: Buffer): Buffer;
 export function BackupAuthCredentialRequestContext_New(backupKey: Buffer, uuid: Uuid): Buffer;
-export function BackupAuthCredentialRequestContext_ReceiveResponse(contextBytes: Buffer, responseBytes: Buffer, paramsBytes: Buffer, expectedReceiptLevel: Buffer): Buffer;
+export function BackupAuthCredentialRequestContext_ReceiveResponse(contextBytes: Buffer, responseBytes: Buffer, paramsBytes: Buffer, expectedReceiptLevel: bigint): Buffer;
 export function BackupAuthCredentialRequest_CheckValidContents(requestBytes: Buffer): void;
-export function BackupAuthCredentialRequest_IssueDeterministic(requestBytes: Buffer, redemptionTime: Timestamp, receiptLevel: Buffer, paramsBytes: Buffer, randomness: Buffer): Buffer;
+export function BackupAuthCredentialRequest_IssueDeterministic(requestBytes: Buffer, redemptionTime: Timestamp, receiptLevel: bigint, paramsBytes: Buffer, randomness: Buffer): Buffer;
 export function BackupAuthCredentialResponse_CheckValidContents(responseBytes: Buffer): void;
 export function BackupAuthCredential_CheckValidContents(paramsBytes: Buffer): void;
 export function BackupAuthCredential_GetBackupId(credentialBytes: Buffer): Buffer;
@@ -150,6 +168,10 @@ export function Cds2ClientState_New(mrenclave: Buffer, attestationMsg: Buffer, c
 export function CdsiLookup_complete(asyncRuntime: Wrapper<TokioAsyncContext>, lookup: Wrapper<CdsiLookup>): Promise<LookupResponse>;
 export function CdsiLookup_new(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, request: Wrapper<LookupRequest>, timeoutMillis: number): Promise<CdsiLookup>;
 export function CdsiLookup_token(lookup: Wrapper<CdsiLookup>): Buffer;
+export function ChatService_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<Chat>): Promise<void>;
+export function ChatService_new(connectionManager: Wrapper<ConnectionManager>, username: string, password: string): Chat;
+export function ChatService_unauth_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<Chat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<Response>;
+export function ChatService_unauth_send_and_debug(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<Chat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<ResponseAndDebugInfo>;
 export function CiphertextMessage_FromPlaintextContent(m: Wrapper<PlaintextContent>): CiphertextMessage;
 export function CiphertextMessage_Serialize(obj: Wrapper<CiphertextMessage>): Buffer;
 export function CiphertextMessage_Type(msg: Wrapper<CiphertextMessage>): number;
@@ -165,6 +187,8 @@ export function CreateCallLinkCredentialRequest_IssueDeterministic(requestBytes:
 export function CreateCallLinkCredentialResponse_CheckValidContents(responseBytes: Buffer): void;
 export function CreateCallLinkCredential_CheckValidContents(paramsBytes: Buffer): void;
 export function CreateCallLinkCredential_PresentDeterministic(credentialBytes: Buffer, roomId: Buffer, userId: Buffer, serverParamsBytes: Buffer, callLinkParamsBytes: Buffer, randomness: Buffer): Buffer;
+export function CreateOTP(username: string, secret: Buffer): string;
+export function CreateOTPFromBase64(username: string, secret: string): string;
 export function DecryptionErrorMessage_Deserialize(data: Buffer): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ExtractFromSerializedContent(bytes: Buffer): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ForOriginalMessage(originalBytes: Buffer, originalType: number, originalTimestamp: Timestamp, originalSenderDeviceId: number): DecryptionErrorMessage;
@@ -213,6 +237,8 @@ export function HsmEnclaveClient_EstablishedRecv(cli: Wrapper<HsmEnclaveClient>,
 export function HsmEnclaveClient_EstablishedSend(cli: Wrapper<HsmEnclaveClient>, plaintextToSend: Buffer): Buffer;
 export function HsmEnclaveClient_InitialRequest(obj: Wrapper<HsmEnclaveClient>): Buffer;
 export function HsmEnclaveClient_New(trustedPublicKey: Buffer, trustedCodeHashes: Buffer): HsmEnclaveClient;
+export function HttpRequest_add_header(request: Wrapper<HttpRequest>, name: string, value: string): void;
+export function HttpRequest_new(method: string, path: string, bodyAsSlice: Buffer | null): HttpRequest;
 export function IdentityKeyPair_Deserialize(buffer: Buffer): {publicKey:PublicKey,privateKey:PrivateKey};
 export function IdentityKeyPair_Serialize(publicKey: Wrapper<PublicKey>, privateKey: Wrapper<PrivateKey>): Buffer;
 export function IdentityKeyPair_SignAlternateIdentity(publicKey: Wrapper<PublicKey>, privateKey: Wrapper<PrivateKey>, otherIdentity: Wrapper<PublicKey>): Buffer;
@@ -245,9 +271,9 @@ export function LookupRequest_new(): LookupRequest;
 export function LookupRequest_setReturnAcisWithoutUaks(request: Wrapper<LookupRequest>, returnAcisWithoutUaks: boolean): void;
 export function LookupRequest_setToken(request: Wrapper<LookupRequest>, token: Buffer): void;
 export function MessageBackupKey_New(masterKey: Buffer, aci: Buffer): MessageBackupKey;
-export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: Buffer): Promise<MessageBackupValidationOutcome>;
+export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: bigint, purpose: number): Promise<MessageBackupValidationOutcome>;
 export function MinidumpToJSONString(buffer: Buffer): string;
-export function Mp4Sanitizer_Sanitize(input: InputStream, len: Buffer): Promise<SanitizedMetadata>;
+export function Mp4Sanitizer_Sanitize(input: InputStream, len: bigint): Promise<SanitizedMetadata>;
 export function PlaintextContent_Deserialize(data: Buffer): PlaintextContent;
 export function PlaintextContent_FromDecryptionErrorMessage(m: Wrapper<DecryptionErrorMessage>): PlaintextContent;
 export function PlaintextContent_GetBody(obj: Wrapper<PlaintextContent>): Buffer;
@@ -306,7 +332,7 @@ export function PublicKey_Serialize(obj: Wrapper<PublicKey>): Buffer;
 export function PublicKey_Verify(key: Wrapper<PublicKey>, message: Buffer, signature: Buffer): boolean;
 export function ReceiptCredentialPresentation_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredentialPresentation_GetReceiptExpirationTime(presentation: Serialized<ReceiptCredentialPresentation>): Timestamp;
-export function ReceiptCredentialPresentation_GetReceiptLevel(presentation: Serialized<ReceiptCredentialPresentation>): Buffer;
+export function ReceiptCredentialPresentation_GetReceiptLevel(presentation: Serialized<ReceiptCredentialPresentation>): bigint;
 export function ReceiptCredentialPresentation_GetReceiptSerial(presentation: Serialized<ReceiptCredentialPresentation>): Buffer;
 export function ReceiptCredentialRequestContext_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredentialRequestContext_GetRequest(requestContext: Serialized<ReceiptCredentialRequestContext>): Serialized<ReceiptCredentialRequest>;
@@ -314,9 +340,9 @@ export function ReceiptCredentialRequest_CheckValidContents(buffer: Buffer): voi
 export function ReceiptCredentialResponse_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredential_CheckValidContents(buffer: Buffer): void;
 export function ReceiptCredential_GetReceiptExpirationTime(receiptCredential: Serialized<ReceiptCredential>): Timestamp;
-export function ReceiptCredential_GetReceiptLevel(receiptCredential: Serialized<ReceiptCredential>): Buffer;
-export function SanitizedMetadata_GetDataLen(sanitized: Wrapper<SanitizedMetadata>): Buffer;
-export function SanitizedMetadata_GetDataOffset(sanitized: Wrapper<SanitizedMetadata>): Buffer;
+export function ReceiptCredential_GetReceiptLevel(receiptCredential: Serialized<ReceiptCredential>): bigint;
+export function SanitizedMetadata_GetDataLen(sanitized: Wrapper<SanitizedMetadata>): bigint;
+export function SanitizedMetadata_GetDataOffset(sanitized: Wrapper<SanitizedMetadata>): bigint;
 export function SanitizedMetadata_GetMetadata(sanitized: Wrapper<SanitizedMetadata>): Buffer;
 export function ScannableFingerprint_Compare(fprint1: Buffer, fprint2: Buffer): boolean;
 export function SealedSenderDecryptionResult_GetDeviceId(obj: Wrapper<SealedSenderDecryptionResult>): number;
@@ -387,7 +413,7 @@ export function ServerSecretParams_IssueAuthCredentialDeterministic(serverSecret
 export function ServerSecretParams_IssueAuthCredentialWithPniAsAciDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, aci: Buffer, pni: Buffer, redemptionTime: Timestamp): Serialized<AuthCredentialWithPniResponse>;
 export function ServerSecretParams_IssueAuthCredentialWithPniAsServiceIdDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, aci: Buffer, pni: Buffer, redemptionTime: Timestamp): Serialized<AuthCredentialWithPniResponse>;
 export function ServerSecretParams_IssueExpiringProfileKeyCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, userId: Buffer, commitment: Serialized<ProfileKeyCommitment>, expirationInSeconds: Timestamp): Serialized<ExpiringProfileKeyCredentialResponse>;
-export function ServerSecretParams_IssueReceiptCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ReceiptCredentialRequest>, receiptExpirationTime: Timestamp, receiptLevel: Buffer): Serialized<ReceiptCredentialResponse>;
+export function ServerSecretParams_IssueReceiptCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ReceiptCredentialRequest>, receiptExpirationTime: Timestamp, receiptLevel: bigint): Serialized<ReceiptCredentialResponse>;
 export function ServerSecretParams_SignDeterministic(params: Serialized<ServerSecretParams>, randomness: Buffer, message: Buffer): Buffer;
 export function ServerSecretParams_VerifyAuthCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer, currentTimeInSeconds: Timestamp): void;
 export function ServerSecretParams_VerifyProfileKeyCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer, currentTimeInSeconds: Timestamp): void;
@@ -428,8 +454,17 @@ export function SignedPreKeyRecord_GetSignature(obj: Wrapper<SignedPreKeyRecord>
 export function SignedPreKeyRecord_GetTimestamp(obj: Wrapper<SignedPreKeyRecord>): Timestamp;
 export function SignedPreKeyRecord_New(id: number, timestamp: Timestamp, pubKey: Wrapper<PublicKey>, privKey: Wrapper<PrivateKey>, signature: Buffer): SignedPreKeyRecord;
 export function SignedPreKeyRecord_Serialize(obj: Wrapper<SignedPreKeyRecord>): Buffer;
+export function Svr3Backup(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, secret: Buffer, password: string, maxTries: number, username: string, enclavePassword: string, opTimeoutMs: number): Promise<Buffer>;
+export function Svr3Restore(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, password: string, shareSet: Buffer, username: string, enclavePassword: string, opTimeoutMs: number): Promise<Buffer>;
 export function TESTING_CdsiLookupErrorConvert(): void;
-export function TESTING_CdsiLookupResponseConvert(): LookupResponse;
+export function TESTING_CdsiLookupResponseConvert(asyncRuntime: Wrapper<TokioAsyncContext>): Promise<LookupResponse>;
+export function TESTING_ChatRequestGetBody(request: Wrapper<HttpRequest>): Buffer | null;
+export function TESTING_ChatRequestGetHeaderValue(request: Wrapper<HttpRequest>, headerName: string): string;
+export function TESTING_ChatRequestGetMethod(request: Wrapper<HttpRequest>): string;
+export function TESTING_ChatRequestGetPath(request: Wrapper<HttpRequest>): string;
+export function TESTING_ChatServiceDebugInfoConvert(): DebugInfo;
+export function TESTING_ChatServiceErrorConvert(): void;
+export function TESTING_ChatServiceResponseConvert(bodyPresent: boolean): Response;
 export function TESTING_ErrorOnBorrowAsync(_input: null): Promise<void>;
 export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): Promise<void>;
 export function TESTING_ErrorOnBorrowSync(_input: null): void;
@@ -484,6 +519,7 @@ interface AuthCredentialResponse { readonly __type: unique symbol; }
 interface AuthCredentialWithPni { readonly __type: unique symbol; }
 interface AuthCredentialWithPniResponse { readonly __type: unique symbol; }
 interface CdsiLookup { readonly __type: unique symbol; }
+interface Chat { readonly __type: unique symbol; }
 interface CiphertextMessage { readonly __type: unique symbol; }
 interface ConnectionManager { readonly __type: unique symbol; }
 interface DecryptionErrorMessage { readonly __type: unique symbol; }
@@ -494,6 +530,7 @@ interface GroupMasterKey { readonly __type: unique symbol; }
 interface GroupPublicParams { readonly __type: unique symbol; }
 interface GroupSecretParams { readonly __type: unique symbol; }
 interface HsmEnclaveClient { readonly __type: unique symbol; }
+interface HttpRequest { readonly __type: unique symbol; }
 interface IncrementalMac { readonly __type: unique symbol; }
 interface KyberKeyPair { readonly __type: unique symbol; }
 interface KyberPreKeyRecord { readonly __type: unique symbol; }

package/dist/Address.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="node" />
 import * as Native from '../Native';
-declare enum ServiceIdKind {
+export declare enum ServiceIdKind {
     Aci = 0,
     Pni = 1
 }
@@ -46,4 +46,3 @@ export declare class ProtocolAddress {
     deviceId(): number;
     toString(): string;
 }
-export {};

package/dist/Address.js

@@ -4,14 +4,14 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProtocolAddress = exports.Pni = exports.Aci = exports.ServiceId = void 0;
+exports.ProtocolAddress = exports.Pni = exports.Aci = exports.ServiceId = exports.ServiceIdKind = void 0;
 const Native = require("../Native");
 const uuid = require("uuid");
 var ServiceIdKind;
 (function (ServiceIdKind) {
     ServiceIdKind[ServiceIdKind["Aci"] = 0] = "Aci";
     ServiceIdKind[ServiceIdKind["Pni"] = 1] = "Pni";
-})(ServiceIdKind || (ServiceIdKind = {}));
+})(ServiceIdKind = exports.ServiceIdKind || (exports.ServiceIdKind = {}));
 const SERVICE_ID_FIXED_WIDTH_BINARY_LEN = 17;
 class ServiceId extends Object {
     // This has to be public for `InstanceType<T>`, which we use below.

package/dist/Errors.d.ts

@@ -27,7 +27,10 @@ export declare enum ErrorCode {
     InputDataTooLong = 23,
     InvalidEntropyDataLength = 24,
     InvalidUsernameLinkEncryptedData = 25,
-    RateLimitedError = 26
+    RateLimitedError = 26,
+    SvrDataMissing = 27,
+    SvrRequestFailed = 28,
+    SvrRestoreFailed = 29
 }
 export declare class LibSignalErrorBase extends Error {
     readonly code: ErrorCode;
@@ -122,4 +125,13 @@ export type RateLimitedError = LibSignalErrorBase & {
     code: ErrorCode.RateLimitedError;
     readonly retryAfterSecs: number;
 };
-export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | InvalidMediaInputError | UnsupportedMediaInputError;
+export type SvrDataMissingError = LibSignalErrorBase & {
+    code: ErrorCode.SvrDataMissing;
+};
+export type SvrRequestFailedError = LibSignalErrorCommon & {
+    code: ErrorCode.SvrRequestFailed;
+};
+export type SvrRestoreFailedError = LibSignalErrorCommon & {
+    code: ErrorCode.SvrRestoreFailed;
+};
+export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | UnsupportedMediaInputError;

package/dist/Errors.js

@@ -35,6 +35,9 @@ var ErrorCode;
     ErrorCode[ErrorCode["InvalidEntropyDataLength"] = 24] = "InvalidEntropyDataLength";
     ErrorCode[ErrorCode["InvalidUsernameLinkEncryptedData"] = 25] = "InvalidUsernameLinkEncryptedData";
     ErrorCode[ErrorCode["RateLimitedError"] = 26] = "RateLimitedError";
+    ErrorCode[ErrorCode["SvrDataMissing"] = 27] = "SvrDataMissing";
+    ErrorCode[ErrorCode["SvrRequestFailed"] = 28] = "SvrRequestFailed";
+    ErrorCode[ErrorCode["SvrRestoreFailed"] = 29] = "SvrRestoreFailed";
 })(ErrorCode = exports.ErrorCode || (exports.ErrorCode = {}));
 class LibSignalErrorBase extends Error {
     constructor(message, name, operation, extraProps) {

package/dist/MessageBackup.d.ts

@@ -41,13 +41,18 @@ export declare class MessageBackupKey {
      */
     constructor(masterKeyBytes: Buffer, aci: Aci);
 }
+export declare enum Purpose {
+    DeviceTransfer = 0,
+    RemoteBackup = 1
+}
 /**
  * Validate a backup file
  *
  * @param backupKey The key to use to decrypt the backup contents.
+ * @param purpose Whether the backup is intended for device-to-device transfer or remote storage.
  * @param inputFactory A function that returns new input streams that read the backup contents.
  * @param length The exact length of the input stream.
  * @returns The outcome of validation, including any errors and warnings.
  * @throws IoError If an IO error on the input occurs.
  */
-export declare function validate(backupKey: MessageBackupKey, inputFactory: InputStreamFactory, length: bigint): Promise<ValidationOutcome>;
+export declare function validate(backupKey: MessageBackupKey, purpose: Purpose, inputFactory: InputStreamFactory, length: bigint): Promise<ValidationOutcome>;

package/dist/MessageBackup.js

@@ -4,14 +4,13 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validate = exports.MessageBackupKey = exports.ValidationOutcome = void 0;
+exports.validate = exports.Purpose = exports.MessageBackupKey = exports.ValidationOutcome = void 0;
 /**
  * Message backup validation routines.
  *
  * @module MessageBackup
  */
 const Native = require("../Native");
-const BigIntUtil_1 = require("./zkgroup/internal/BigIntUtil");
 /**
  * Result of validating a message backup bundle.
  */
@@ -45,19 +44,26 @@ class MessageBackupKey {
     }
 }
 exports.MessageBackupKey = MessageBackupKey;
+// This must match the Rust version of the enum.
+var Purpose;
+(function (Purpose) {
+    Purpose[Purpose["DeviceTransfer"] = 0] = "DeviceTransfer";
+    Purpose[Purpose["RemoteBackup"] = 1] = "RemoteBackup";
+})(Purpose = exports.Purpose || (exports.Purpose = {}));
 /**
  * Validate a backup file
  *
  * @param backupKey The key to use to decrypt the backup contents.
+ * @param purpose Whether the backup is intended for device-to-device transfer or remote storage.
  * @param inputFactory A function that returns new input streams that read the backup contents.
  * @param length The exact length of the input stream.
  * @returns The outcome of validation, including any errors and warnings.
  * @throws IoError If an IO error on the input occurs.
  */
-async function validate(backupKey, inputFactory, length) {
+async function validate(backupKey, purpose, inputFactory, length) {
     const firstStream = inputFactory();
     const secondStream = inputFactory();
-    return new ValidationOutcome(await Native.MessageBackupValidator_Validate(backupKey, firstStream, secondStream, (0, BigIntUtil_1.bufferFromBigUInt64BE)(length)));
+    return new ValidationOutcome(await Native.MessageBackupValidator_Validate(backupKey, firstStream, secondStream, length, purpose));
 }
 exports.validate = validate;
 //# sourceMappingURL=MessageBackup.js.map

package/dist/Mp4Sanitizer.d.ts

@@ -34,7 +34,7 @@ export declare class SanitizedMetadata {
     static _fromNativeHandle(handle: Native.SanitizedMetadata): SanitizedMetadata;
     /**
      * Get the sanitized metadata, if any.
-     * @returns The sanitized metadata, or {@code null} if it didn't need to be sanitized.
+     * @returns The sanitized metadata, or `null` if it didn't need to be sanitized.
      */
     getMetadata(): Buffer | null;
     /**
@@ -52,10 +52,10 @@ export declare class SanitizedMetadata {
  * Sanitize an MP4 input.
  *
  * @param input An MP4 format input stream.
- * @param length The exact length of the input stream.
+ * @param len The exact length of the input stream.
  * @returns The sanitized metadata.
- * @throws IoError If an IO error on the input occurs.
- * @throws InvalidMediaInputError If the input could not be parsed because it was invalid.
- * @throws UnsupportedMediaInputError If the input could not be parsed because it's unsupported in some way.
+ * @throws {IoError} If an IO error on the input occurs.
+ * @throws {InvalidMediaInputError} If the input could not be parsed because it was invalid.
+ * @throws {UnsupportedMediaInputError} If the input could not be parsed because it's unsupported in some way.
  */
 export declare function sanitize(input: InputStream, len: bigint): Promise<SanitizedMetadata>;

package/dist/Mp4Sanitizer.js

@@ -33,7 +33,6 @@ exports.sanitize = exports.SanitizedMetadata = void 0;
  * @module Mp4Sanitizer
  */
 const Native = require("../Native");
-const BigIntUtil_1 = require("./zkgroup/internal/BigIntUtil");
 class SanitizedMetadata {
     constructor(handle) {
         this._nativeHandle = handle;
@@ -43,7 +42,7 @@ class SanitizedMetadata {
     }
     /**
      * Get the sanitized metadata, if any.
-     * @returns The sanitized metadata, or {@code null} if it didn't need to be sanitized.
+     * @returns The sanitized metadata, or `null` if it didn't need to be sanitized.
      */
     getMetadata() {
         const metadata = Native.SanitizedMetadata_GetMetadata(this);
@@ -57,16 +56,14 @@ class SanitizedMetadata {
      * @returns The offset of the media data in the processed input.
      */
     getDataOffset() {
-        const buffer = Native.SanitizedMetadata_GetDataOffset(this);
-        return buffer.readBigUInt64BE();
+        return Native.SanitizedMetadata_GetDataOffset(this);
     }
     /**
      * Get the length of the media data in the processed input.
      * @returns The length of the media data in the processed input.
      */
     getDataLen() {
-        const buffer = Native.SanitizedMetadata_GetDataLen(this);
-        return buffer.readBigUInt64BE();
+        return Native.SanitizedMetadata_GetDataLen(this);
     }
 }
 exports.SanitizedMetadata = SanitizedMetadata;
@@ -74,14 +71,14 @@ exports.SanitizedMetadata = SanitizedMetadata;
  * Sanitize an MP4 input.
  *
  * @param input An MP4 format input stream.
- * @param length The exact length of the input stream.
+ * @param len The exact length of the input stream.
  * @returns The sanitized metadata.
- * @throws IoError If an IO error on the input occurs.
- * @throws InvalidMediaInputError If the input could not be parsed because it was invalid.
- * @throws UnsupportedMediaInputError If the input could not be parsed because it's unsupported in some way.
+ * @throws {IoError} If an IO error on the input occurs.
+ * @throws {InvalidMediaInputError} If the input could not be parsed because it was invalid.
+ * @throws {UnsupportedMediaInputError} If the input could not be parsed because it's unsupported in some way.
  */
 async function sanitize(input, len) {
-    const sanitizedMetadataNativeHandle = await Native.Mp4Sanitizer_Sanitize(input, (0, BigIntUtil_1.bufferFromBigUInt64BE)(len));
+    const sanitizedMetadataNativeHandle = await Native.Mp4Sanitizer_Sanitize(input, len);
     return SanitizedMetadata._fromNativeHandle(sanitizedMetadataNativeHandle);
 }
 exports.sanitize = sanitize;

package/dist/WebpSanitizer.d.ts

@@ -3,9 +3,8 @@
  * Sanitize a WebP input.
  *
  * @param input A WebP format input stream.
- * @param length The exact length of the input stream.
- * @throws IoError If an IO error on the input occurs.
- * @throws InvalidMediaInputError If the input could not be parsed because it was invalid.
- * @throws UnsupportedMediaInputError If the input could not be parsed because it's unsupported in some way.
+ * @throws {IoError} If an IO error on the input occurs.
+ * @throws {InvalidMediaInputError} If the input could not be parsed because it was invalid.
+ * @throws {UnsupportedMediaInputError} If the input could not be parsed because it's unsupported in some way.
  */
 export declare function sanitize(input: Buffer): void;

package/dist/WebpSanitizer.js

@@ -18,10 +18,9 @@ const Native = require("../Native");
  * Sanitize a WebP input.
  *
  * @param input A WebP format input stream.
- * @param length The exact length of the input stream.
- * @throws IoError If an IO error on the input occurs.
- * @throws InvalidMediaInputError If the input could not be parsed because it was invalid.
- * @throws UnsupportedMediaInputError If the input could not be parsed because it's unsupported in some way.
+ * @throws {IoError} If an IO error on the input occurs.
+ * @throws {InvalidMediaInputError} If the input could not be parsed because it was invalid.
+ * @throws {UnsupportedMediaInputError} If the input could not be parsed because it's unsupported in some way.
  */
 function sanitize(input) {
     Native.WebpSanitizer_Sanitize(input);

package/dist/acknowledgments.md

@@ -669,7 +669,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
 
 ```
 
-## attest 0.1.0, device-transfer 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-core 0.1.0, libsignal-ffi 0.40.0, libsignal-jni 0.40.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-node 0.40.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, poksho 0.7.0, signal-crypto 0.1.0, signal-media 0.1.0, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, signal-pin 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
+## attest 0.1.0, device-transfer 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-core 0.1.0, libsignal-ffi 0.41.0, libsignal-jni 0.41.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-node 0.41.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, poksho 0.7.0, signal-crypto 0.1.0, signal-media 0.1.0, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, signal-pin 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
 
 ```
 GNU AFFERO GENERAL PUBLIC LICENSE
@@ -2395,7 +2395,7 @@ express Statement of Purpose.
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 ```
 
-## libloading 0.6.7, libloading 0.8.1
+## libloading 0.8.1
 
 ```
 Copyright © 2015, Simonas Kazlauskas
@@ -2805,7 +2805,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## bitflags 1.3.2, bitflags 2.4.2, glob 0.3.1, log 0.4.20, num-derive 0.4.2, num-integer 0.1.45, num-traits 0.2.17, range-map 0.2.0, regex 1.10.3, regex-automata 0.4.4, regex-syntax 0.8.2, semver 0.9.0
+## bitflags 1.3.2, bitflags 2.4.2, glob 0.3.1, log 0.4.20, num-derive 0.4.2, num-integer 0.1.45, num-traits 0.2.17, range-map 0.2.0, regex 1.10.3, regex-automata 0.4.4, regex-syntax 0.8.2
 
 ```
 Copyright (c) 2014 The Rust Project Developers
@@ -3007,7 +3007,7 @@ THE SOFTWARE.
 
 ```
 
-## neon 0.10.1, neon-build 0.10.1, neon-macros 0.10.1, neon-runtime 0.10.1
+## neon-macros 1.0.0
 
 ```
 Copyright (c) 2015 David Herman
@@ -3150,6 +3150,31 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
+## procfs-core 0.16.0
+
+```
+Copyright (c) 2015 The procfs Developers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+```
+
 ## jni-sys 0.3.0
 
 ```
@@ -3602,37 +3627,6 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## semver-parser 0.7.0
-
-```
-Copyright (c) 2016 Steve Klabnik
-
-Permission is hereby granted, free of charge, to any
-person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the
-Software without restriction, including without
-limitation the rights to use, copy, modify, merge,
-publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software
-is furnished to do so, subject to the following
-conditions:
-
-The above copyright notice and this permission notice
-shall be included in all copies or substantial portions
-of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
-ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
-TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
-PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
-SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
-IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
-```
-
 ## lock_api 0.4.11, parking_lot 0.12.1, parking_lot_core 0.9.9, rustc_version 0.4.0
 
 ```
@@ -4686,7 +4680,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## protobuf 3.3.0, protobuf-codegen 3.3.0
+## protobuf 3.3.0, protobuf-codegen 3.3.0, protobuf-json-mapping 3.3.0, protobuf-parse 3.3.0, protobuf-support 3.3.0
 
 ```
 Copyright (c) 2019 Stepan Koltsov
@@ -5760,6 +5754,33 @@ SOFTWARE.
 
 ```
 
+## strum 0.26.1, strum_macros 0.26.1
+
+```
+MIT License
+
+Copyright (c) 2019 Peter Glotfelty
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+```
+
 ## fslock 0.2.1
 
 ```
@@ -5841,6 +5862,32 @@ SOFTWARE.
 
 ```
 
+## const-str 0.5.6
+
+```
+MIT License
+
+Copyright (c) 2020 Nugine
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+```
+
 ## tinyvec_macros 0.1.1
 
 ```
@@ -5949,7 +5996,7 @@ SOFTWARE.
 
 ```
 
-## cesu8 1.1.0, const-str 0.5.6, curve25519-dalek-derive 0.1.0, half 1.8.2, pqcrypto-internals 0.2.5, pqcrypto-kyber 0.7.9, pqcrypto-kyber 0.8.0, pqcrypto-traits 0.3.5, procfs-core 0.16.0, protobuf-parse 3.3.0, protobuf-support 3.3.0
+## cesu8 1.1.0, curve25519-dalek-derive 0.1.0, half 1.8.2, neon 1.0.0, pqcrypto-internals 0.2.5, pqcrypto-kyber 0.7.9, pqcrypto-kyber 0.8.0, pqcrypto-traits 0.3.5
 
 ```
 MIT License
@@ -6063,7 +6110,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## adler 1.0.2, anyhow 1.0.79, async-trait 0.1.77, dyn-clone 1.0.16, fastrand 2.0.1, home 0.5.9, itoa 1.0.10, linkme 0.3.22, linkme-impl 0.3.22, linux-raw-sys 0.4.13, minimal-lexical 0.2.1, num_enum 0.6.1, num_enum_derive 0.6.1, once_cell 1.19.0, paste 1.0.14, pin-project-lite 0.2.13, prettyplease 0.2.16, proc-macro-crate 1.3.1, proc-macro2 1.0.78, quote 1.0.35, rustc-hash 1.1.0, rustix 0.38.30, semver 1.0.21, serde 1.0.195, serde_derive 1.0.195, serde_json 1.0.111, syn 1.0.109, syn 2.0.48, syn-mid 0.5.4, syn-mid 0.6.0, thiserror 1.0.56, thiserror-impl 1.0.56, unicode-ident 1.0.12, utf-8 0.7.6
+## adler 1.0.2, anyhow 1.0.79, async-trait 0.1.77, dyn-clone 1.0.16, fastrand 2.0.1, home 0.5.9, itoa 1.0.10, linkme 0.3.22, linkme-impl 0.3.22, linux-raw-sys 0.4.13, minimal-lexical 0.2.1, num_enum 0.6.1, num_enum_derive 0.6.1, once_cell 1.19.0, paste 1.0.14, pin-project-lite 0.2.13, prettyplease 0.2.16, proc-macro-crate 1.3.1, proc-macro2 1.0.78, quote 1.0.35, rustc-hash 1.1.0, rustix 0.38.30, rustversion 1.0.14, semver 1.0.21, send_wrapper 0.6.0, serde 1.0.195, serde_derive 1.0.195, serde_json 1.0.111, syn 1.0.109, syn 2.0.48, syn-mid 0.6.0, thiserror 1.0.56, thiserror-impl 1.0.56, unicode-ident 1.0.12, utf-8 0.7.6
 
 ```
 Permission is hereby granted, free of charge, to any
@@ -6865,3 +6912,7 @@ written authorization of the copyright holder.
 
 ```
 
+
+## Kyber Patent License
+
+<https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/selected-algos-2022/nist-pqc-license-summary-and-excerpts.pdf>

package/dist/index.d.ts

@@ -349,7 +349,7 @@ export declare class SealedSenderDecryptionResult {
     senderAci(): Aci | null;
     deviceId(): number;
 }
-interface CiphertextMessageConvertible {
+export interface CiphertextMessageConvertible {
     asCiphertextMessage(): CiphertextMessage;
 }
 export declare class CiphertextMessage {
@@ -387,7 +387,7 @@ export declare function signalDecrypt(message: SignalMessage, address: ProtocolA
 export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<Buffer>;
 export declare function sealedSenderEncryptMessage(message: Buffer, address: ProtocolAddress, senderCert: SenderCertificate, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise<Buffer>;
 export declare function sealedSenderEncrypt(content: UnidentifiedSenderMessageContent, address: ProtocolAddress, identityStore: IdentityKeyStore): Promise<Buffer>;
-type SealedSenderMultiRecipientEncryptOptions = {
+export type SealedSenderMultiRecipientEncryptOptions = {
     content: UnidentifiedSenderMessageContent;
     recipients: ProtocolAddress[];
     excludedRecipients?: ServiceId[];

package/dist/net.d.ts

@@ -1,9 +1,11 @@
+/// <reference types="node" />
 import type { ReadonlyDeep } from 'type-fest';
+import * as Native from '../Native';
 export declare enum Environment {
     Staging = 0,
     Production = 1
 }
-export type CDSAuthType = {
+export type ServiceAuth = {
     username: string;
     password: string;
 };
@@ -25,9 +27,122 @@ export interface CDSResponseType<Aci, Pni> {
     entries: CDSResponseEntries<Aci, Pni>;
     debugPermitsUsed: number;
 }
+export type ChatRequest = Readonly<{
+    verb: string;
+    path: string;
+    headers: ReadonlyArray<[string, string]>;
+    body?: Uint8Array;
+    timeoutMillis?: number;
+}>;
 export declare class Net {
     private readonly _asyncContext;
+    private readonly _chatService;
     private readonly _connectionManager;
+    /**
+     * Instance of the {@link Svr3Client} to access SVR3.
+     */
+    svr3: Svr3Client;
     constructor(env: Environment);
-    cdsiLookup({ username, password }: Readonly<CDSAuthType>, { e164s, acisAndAccessKeys, timeout, returnAcisWithoutUaks, }: ReadonlyDeep<CDSRequestOptionsType>): Promise<CDSResponseType<string, string>>;
+    disconnectChatService(): Promise<void>;
+    unauthenticatedFetchAndDebug(chatRequest: ChatRequest): Promise<Native.ResponseAndDebugInfo>;
+    unauthenticatedFetch(chatRequest: ChatRequest): Promise<Native.Response>;
+    static buildHttpRequest(chatRequest: ChatRequest): {
+        _nativeHandle: Native.HttpRequest;
+    };
+    cdsiLookup({ username, password }: Readonly<ServiceAuth>, { e164s, acisAndAccessKeys, timeout, returnAcisWithoutUaks, }: ReadonlyDeep<CDSRequestOptionsType>): Promise<CDSResponseType<string, string>>;
+}
+/**
+ * This interface provides functionality for communicating with SVR3
+ *
+ * Its instance can be obtained from an {@link Net#svr3} property
+ * of the {@link Net} class.
+ *
+ * Example usage:
+ *
+ * @example
+ * ```ts
+ * import { Environment, Net } from '../net';
+ * // Obtain an instance
+ * const SVR3 = new Net(Environment.Staging).svr3;
+ * // Instantiate ServiceAuth with the username and password obtained from the Chat Server.
+ * const auth = { username: USERNAME, password: ENCLAVE_PASSWORD };
+ * // Store a value in SVR3. Here 10 is the number of permitted restore attempts.
+ * const shareSet = await SVR3.backup(SECRET_TO_BE_STORED, PASSWORD, 10, auth, TIMEOUT);
+ * const restoredSecret = await SVR3.restore( PASSWORD, shareSet, auth, TIMEOUT);
+ * ```
+ */
+export interface Svr3Client {
+    /**
+     * Backup a secret to SVR3.
+     *
+     * Error messages are expected to be log-safe and not contain any sensitive
+     *   data.
+     *
+     * @param what - The secret to be stored. Must be 32 bytes long.
+     * @param password - User-provided password that will be used to derive the
+     * encryption key for the secret.
+     * @param maxTries - Number of times the secret will be allowed to be guessed.
+     * Each call to {@link Svr3Client#restore} that has reached the server will
+     * decrement the counter. Must be positive.
+     * @param auth - An instance of {@link ServiceAuth} containing the username
+     * and password obtained from the Chat Server. The password is an OTP which is
+     * generally good for about 15 minutes, therefore it can be reused for the
+     * subsequent calls to either backup or restore that are not too far apart in
+     * time.
+     * @param opTimeoutMs - The maximum wall time libsignal is allowed to spend
+     * communicating with SVR3 service.
+     * @returns A `Promise` which--when awaited--will return a byte array with a
+     * serialized masked share set. It is supposed to be an opaque blob for the
+     * clients and therefore no assumptions should be made about its contents.
+     * This byte array should be stored by the clients and used to restore the
+     * secret along with the password. Please note that masked share set does not
+     * have to be treated as secret.
+     *
+     * The returned `Promise` can also fail due to the network issues (including the
+     * timeout), problems establishing the Noise connection to the enclaves, or
+     * invalid arguments' values. {@link IoError} errors can, in general, be
+     * retried, although there is already a retry-with-backoff mechanism inside
+     * libsignal used to connect to the SVR3 servers. Other exceptions are caused
+     * by the bad input or data missing on the server. They are therefore
+     * non-actionable and are guaranteed to be thrown again when retried.
+     */
+    backup(what: Buffer, password: string, maxTries: number, auth: Readonly<ServiceAuth>, opTimeoutMs: number): Promise<Buffer>;
+    /**
+     * Restore a secret from SVR3.
+     *
+     * Error messages are expected to be log-safe and not contain any sensitive
+     * data.
+     *
+     * @param password - User-provided password that will be used to derive the
+     * decryption key for the secret.
+     * @param shareSet - a serialized masked share set returned by a call to
+     * {@link Svr3Client#backup}.
+     * @param auth - An instance of {@link ServiceAuth} containing the username
+     * and password obtained from the Chat Server. The password is an OTP which is
+     * generally good for about 15 minutes, therefore it can be reused for the
+     * subsequent calls to either backup or restore that are not too far apart in
+     * time.
+     * @param opTimeoutMs - The maximum wall time libsignal is allowed to spend
+     * communicating with SVR3 service.
+     * @returns A `Promise` which--when awaited--will return a byte array with the
+     * restored secret.
+     *
+     * The returned `Promise` can also fail due to the network issues (including the
+     * timeout), problems establishing the Noise connection to the enclaves, or
+     * invalid arguments' values. {@link IoError} errors can, in general, be
+     * retried, although there is already a retry-with-backoff mechanism inside
+     * libsignal used to connect to the SVR3 servers. Other exceptions are caused
+     * by the bad input or data missing on the server. They are therefore
+     * non-actionable and are guaranteed to be thrown again when retried.
+     *
+     * - {@link SvrDataMissingError} is returned when the maximum restore attempts
+     * number has been exceeded or if the value has never been backed up.
+     * - {@link SvrRestoreFailedError} is returned when the combination of the
+     * password and masked share set does not result in successful restoration
+     * of the secret.
+     * - {@link SvrRequestFailedError} is returned when the de-serialization of a
+     * masked share set fails, or when the server requests fail for reasons
+     * other than "maximum attempts exceeded".
+     */
+    restore(password: string, shareSet: Buffer, auth: Readonly<ServiceAuth>, opTimeoutMs: number): Promise<Buffer>;
 }

package/dist/net.js

@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Net = exports.Environment = void 0;
 const Native = require("../Native");
 const Address_1 = require("./Address");
+const DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS = 5000;
 // This must match the libsignal-bridge Rust enum of the same name.
 var Environment;
 (function (Environment) {
@@ -15,8 +16,35 @@ var Environment;
 })(Environment = exports.Environment || (exports.Environment = {}));
 class Net {
     constructor(env) {
-        this._asyncContext = Native.TokioAsyncContext_new();
-        this._connectionManager = Native.ConnectionManager_new(env);
+        this._asyncContext = { _nativeHandle: Native.TokioAsyncContext_new() };
+        this._connectionManager = {
+            _nativeHandle: Native.ConnectionManager_new(env),
+        };
+        this._chatService = {
+            _nativeHandle: Native.ChatService_new(this._connectionManager, '', ''),
+        };
+        this.svr3 = new Svr3ClientImpl(this._asyncContext, this._connectionManager);
+    }
+    async disconnectChatService() {
+        await Native.ChatService_disconnect(this._asyncContext, this._chatService);
+    }
+    async unauthenticatedFetchAndDebug(chatRequest) {
+        return await Native.ChatService_unauth_send_and_debug(this._asyncContext, this._chatService, Net.buildHttpRequest(chatRequest), chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS);
+    }
+    async unauthenticatedFetch(chatRequest) {
+        return await Native.ChatService_unauth_send(this._asyncContext, this._chatService, Net.buildHttpRequest(chatRequest), chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS);
+    }
+    static buildHttpRequest(chatRequest) {
+        const { verb, path, body, headers } = chatRequest;
+        const bodyBuffer = body !== undefined ? Buffer.from(body) : null;
+        const httpRequest = {
+            _nativeHandle: Native.HttpRequest_new(verb, path, bodyBuffer),
+        };
+        headers.forEach((header) => {
+            const [name, value] = header;
+            Native.HttpRequest_add_header(httpRequest, name, value);
+        });
+        return httpRequest;
     }
     async cdsiLookup({ username, password }, { e164s, acisAndAccessKeys, timeout, returnAcisWithoutUaks, }) {
         const request = { _nativeHandle: Native.LookupRequest_new() };
@@ -27,9 +55,23 @@ class Net {
             Native.LookupRequest_addAciAndAccessKey(request, Address_1.Aci.parseFromServiceIdString(aciStr).getServiceIdFixedWidthBinary(), Buffer.from(accessKeyStr, 'base64'));
         });
         Native.LookupRequest_setReturnAcisWithoutUaks(request, returnAcisWithoutUaks);
-        const lookup = await Native.CdsiLookup_new({ _nativeHandle: this._asyncContext }, { _nativeHandle: this._connectionManager }, username, password, request, timeout);
-        return await Native.CdsiLookup_complete({ _nativeHandle: this._asyncContext }, { _nativeHandle: lookup });
+        const lookup = await Native.CdsiLookup_new(this._asyncContext, this._connectionManager, username, password, request, timeout);
+        return await Native.CdsiLookup_complete(this._asyncContext, {
+            _nativeHandle: lookup,
+        });
     }
 }
 exports.Net = Net;
+class Svr3ClientImpl {
+    constructor(_asyncContext, _connectionManager) {
+        this._asyncContext = _asyncContext;
+        this._connectionManager = _connectionManager;
+    }
+    async backup(what, password, maxTries, auth, opTimeoutMs) {
+        return Native.Svr3Backup(this._asyncContext, this._connectionManager, what, password, maxTries, auth.username, auth.password, opTimeoutMs);
+    }
+    async restore(password, shareSet, auth, opTimeoutMs) {
+        return Native.Svr3Restore(this._asyncContext, this._connectionManager, password, shareSet, auth.username, auth.password, opTimeoutMs);
+    }
+}
 //# sourceMappingURL=net.js.map

package/dist/zkgroup/backups/BackupAuthCredentialRequest.js

@@ -9,7 +9,6 @@ const Native = require("../../../Native");
 const ByteArray_1 = require("../internal/ByteArray");
 const Constants_1 = require("../internal/Constants");
 const BackupAuthCredentialResponse_1 = require("./BackupAuthCredentialResponse");
-const BigIntUtil_1 = require("../internal/BigIntUtil");
 class BackupAuthCredentialRequest extends ByteArray_1.default {
     constructor(contents) {
         super(contents, Native.BackupAuthCredentialRequest_CheckValidContents);
@@ -19,7 +18,7 @@ class BackupAuthCredentialRequest extends ByteArray_1.default {
         return this.issueCredentialWithRandom(timestamp, receiptLevel, params, random);
     }
     issueCredentialWithRandom(timestamp, receiptLevel, params, random) {
-        return new BackupAuthCredentialResponse_1.default(Native.BackupAuthCredentialRequest_IssueDeterministic(this.contents, timestamp, (0, BigIntUtil_1.bufferFromBigUInt64BE)(receiptLevel), params.contents, random));
+        return new BackupAuthCredentialResponse_1.default(Native.BackupAuthCredentialRequest_IssueDeterministic(this.contents, timestamp, receiptLevel, params.contents, random));
     }
 }
 exports.default = BackupAuthCredentialRequest;

package/dist/zkgroup/backups/BackupAuthCredentialRequestContext.js

@@ -9,7 +9,6 @@ const ByteArray_1 = require("../internal/ByteArray");
 const Native = require("../../../Native");
 const BackupAuthCredentialRequest_1 = require("./BackupAuthCredentialRequest");
 const BackupAuthCredential_1 = require("./BackupAuthCredential");
-const BigIntUtil_1 = require("../internal/BigIntUtil");
 class BackupAuthCredentialRequestContext extends ByteArray_1.default {
     constructor(contents) {
         super(contents, Native.BackupAuthCredentialRequestContext_CheckValidContents);
@@ -21,7 +20,7 @@ class BackupAuthCredentialRequestContext extends ByteArray_1.default {
         return new BackupAuthCredentialRequest_1.default(Native.BackupAuthCredentialRequestContext_GetRequest(this.contents));
     }
     receive(response, params, expectedReceiptLevel) {
-        return new BackupAuthCredential_1.default(Native.BackupAuthCredentialRequestContext_ReceiveResponse(this.contents, response.contents, params.contents, (0, BigIntUtil_1.bufferFromBigUInt64BE)(expectedReceiptLevel)));
+        return new BackupAuthCredential_1.default(Native.BackupAuthCredentialRequestContext_ReceiveResponse(this.contents, response.contents, params.contents, expectedReceiptLevel));
     }
 }
 exports.default = BackupAuthCredentialRequestContext;

package/dist/zkgroup/receipts/ReceiptCredential.js

@@ -14,7 +14,7 @@ class ReceiptCredential extends ByteArray_1.default {
         return Native.ReceiptCredential_GetReceiptExpirationTime(this.contents);
     }
     getReceiptLevel() {
-        return Native.ReceiptCredential_GetReceiptLevel(this.contents).readBigUInt64BE();
+        return Native.ReceiptCredential_GetReceiptLevel(this.contents);
     }
 }
 exports.default = ReceiptCredential;

package/dist/zkgroup/receipts/ReceiptCredentialPresentation.js

@@ -15,7 +15,7 @@ class ReceiptCredentialPresentation extends ByteArray_1.default {
         return Native.ReceiptCredentialPresentation_GetReceiptExpirationTime(this.contents);
     }
     getReceiptLevel() {
-        return Native.ReceiptCredentialPresentation_GetReceiptLevel(this.contents).readBigUInt64BE();
+        return Native.ReceiptCredentialPresentation_GetReceiptLevel(this.contents);
     }
     getReceiptSerialBytes() {
         return new ReceiptSerial_1.default(Native.ReceiptCredentialPresentation_GetReceiptSerial(this.contents));

package/dist/zkgroup/receipts/ServerZkReceiptOperations.js

@@ -7,7 +7,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const crypto_1 = require("crypto");
 const Native = require("../../../Native");
 const Constants_1 = require("../internal/Constants");
-const BigIntUtil_1 = require("../internal/BigIntUtil");
 const ReceiptCredentialResponse_1 = require("./ReceiptCredentialResponse");
 class ServerZkReceiptOperations {
     constructor(serverSecretParams) {
@@ -18,7 +17,7 @@ class ServerZkReceiptOperations {
         return this.issueReceiptCredentialWithRandom(random, receiptCredentialRequest, receiptExpirationTime, receiptLevel);
     }
     issueReceiptCredentialWithRandom(random, receiptCredentialRequest, receiptExpirationTime, receiptLevel) {
-        return new ReceiptCredentialResponse_1.default(Native.ServerSecretParams_IssueReceiptCredentialDeterministic(this.serverSecretParams.getContents(), random, receiptCredentialRequest.getContents(), receiptExpirationTime, (0, BigIntUtil_1.bufferFromBigUInt64BE)(receiptLevel)));
+        return new ReceiptCredentialResponse_1.default(Native.ServerSecretParams_IssueReceiptCredentialDeterministic(this.serverSecretParams.getContents(), random, receiptCredentialRequest.getContents(), receiptExpirationTime, receiptLevel));
     }
     verifyReceiptCredentialPresentation(receiptCredentialPresentation) {
         Native.ServerSecretParams_VerifyReceiptCredentialPresentation(this.serverSecretParams.getContents(), receiptCredentialPresentation.getContents());

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.40.0",
+  "version": "0.41.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/dist/zkgroup/internal/BigIntUtil.d.ts

@@ -1,2 +0,0 @@
-/// <reference types="node" />
-export declare function bufferFromBigUInt64BE(value: bigint): Buffer;

package/dist/zkgroup/internal/BigIntUtil.js

@@ -1,18 +0,0 @@
-"use strict";
-//
-// Copyright 2021 Signal Messenger, LLC.
-// SPDX-License-Identifier: AGPL-3.0-only
-//
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.bufferFromBigUInt64BE = void 0;
-const UINT64_MAX = 0xffffffffffffffffn;
-function bufferFromBigUInt64BE(value) {
-    if (value < 0 || value > UINT64_MAX) {
-        throw new RangeError(`value ${value} isn't representable as a u64`);
-    }
-    const result = Buffer.alloc(8);
-    result.writeBigUInt64BE(value);
-    return result;
-}
-exports.bufferFromBigUInt64BE = bufferFromBigUInt64BE;
-//# sourceMappingURL=BigIntUtil.js.map