@signalapp/libsignal-client 0.41.1 → 0.42.0

package/dist/zkgroup/groupsend/GroupSendDerivedKeyPair.js

@@ -0,0 +1,34 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+/**
+ * The key pair used to issue and verify group send endorsements.
+ *
+ * Group send endorsements use a different key pair depending on the endorsement's expiration (but
+ * not the user ID being endorsed). The server may cache these keys to avoid the (small) cost of
+ * deriving them from the root key in {@link ServerSecretParams}. The key object stores the
+ * expiration so that it doesn't need to be provided again when issuing endorsements.
+ *
+ * @see {@link GroupSendEndorsementsResponse.issue}
+ * @see {@link GroupSendFullToken#verify}
+ */
+class GroupSendDerivedKeyPair extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.GroupSendDerivedKeyPair_CheckValidContents);
+    }
+    /**
+     * Derives a new key for group send endorsements that expire at `expiration`.
+     *
+     * `expiration` must be day-aligned as a protection against fingerprinting by the issuing server.
+     */
+    static forExpiration(expiration, params) {
+        return new GroupSendDerivedKeyPair(Native.GroupSendDerivedKeyPair_ForExpiration(Math.floor(expiration.getTime() / 1000), params.contents));
+    }
+}
+exports.default = GroupSendDerivedKeyPair;
+//# sourceMappingURL=GroupSendDerivedKeyPair.js.map

package/dist/zkgroup/groupsend/GroupSendEndorsement.d.ts

@@ -0,0 +1,68 @@
+/// <reference types="node" />
+import ByteArray, { UNCHECKED_AND_UNCLONED } from '../internal/ByteArray';
+import GroupSecretParams from '../groups/GroupSecretParams';
+import GroupSendFullToken from './GroupSendFullToken';
+import GroupSendToken from './GroupSendToken';
+/**
+ * An endorsement for a user or set of users in a group.
+ *
+ * GroupSendEndorsements provide a form of authorization by demonstrating that the holder of the
+ * endorsement is in a group with a particular user or set of users. They can be
+ * [combined]{@link #combine} and [removed]{@link #byRemoving} in a set-like fashion.
+ *
+ * The endorsement "flow" starts with receiving a {@link GroupSendEndorsementsResponse} from the
+ * group server, which contains endorsements for all members in a group (including the local user).
+ * The response object provides the single expiration for all the endorsements. From there, the
+ * `receive` method produces a {@link ReceivedEndorsements}, which exposes the individual
+ * endorsements as well as a combined endorsement for everyone but the local user. Clients should
+ * save these endorsements and the expiration with the group state.
+ *
+ * When it comes time to send a message to an individual user, clients should check to see if they
+ * have a {@link GroupSendToken} for that user, and generate and cache one using
+ * {@link GroupSendEndorsement#toToken} if not. The token should then be converted to a full token
+ * using {@link GroupSendToken#toFullToken}, providing the expiration saved previously. Finally, the
+ * serialized full token can be used as authorization in a request to the chat server.
+ *
+ * Similarly, when it comes time to send a message to the group, clients should start by
+ * [removing]{@link #byRemoving} the endorsements of any users they are excluding (say, because they
+ * need a Sender Key Distribution Message first), and then converting the resulting endorsement to a
+ * token. From there, the token can be converted to a full token and serialized as for an individual
+ * send. (Saving the repeated work of converting to a token is left to the clients here; worst case,
+ * it's still cheaper than a usual zkgroup presentation.)
+ */
+export default class GroupSendEndorsement extends ByteArray {
+    constructor(contents: Buffer, marker?: typeof UNCHECKED_AND_UNCLONED);
+    /**
+     * Combines several endorsements into one.
+     *
+     * For example, if you have endorsements to send to Meredith and Aruna individually, then you can
+     * combine them to produce an endorsement to send a multi-recipient message to the two of them.
+     */
+    static combine(endorsements: GroupSendEndorsement[]): GroupSendEndorsement;
+    /**
+     * Removes an endorsement (individual or combined) from this combined endorsement.
+     *
+     * If `this` is *not* a combined endorsement, or `toRemove` includes endorsements that were not
+     * combined into `this`, the result will not generate valid tokens.
+     */
+    byRemoving(toRemove: GroupSendEndorsement): GroupSendEndorsement;
+    /**
+     * Generates a cacheable token used to authenticate sends.
+     *
+     * The token is no longer associated with the group; it merely identifies the user or set of users
+     * referenced by this endorsement. (Of course, a set of users is a pretty good stand-in for a
+     * group.)
+     *
+     * @see {@link GroupSendToken}
+     */
+    toToken(groupParams: GroupSecretParams): GroupSendToken;
+    /**
+     * Generates a token used to authenticate sends, ready to put in an auth header.
+     *
+     * `expiration` must be the same expiration that was in the original {@link
+     * GroupSendEndorsementsResponse}, or the resulting token will fail to verify.
+     *
+     * Equivalent to {@link #toToken} followed by {@link GroupSendToken#toFullToken}.
+     */
+    toFullToken(groupParams: GroupSecretParams, expiration: Date): GroupSendFullToken;
+}

package/dist/zkgroup/groupsend/GroupSendEndorsement.js

@@ -0,0 +1,84 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+const GroupSendToken_1 = require("./GroupSendToken");
+/**
+ * An endorsement for a user or set of users in a group.
+ *
+ * GroupSendEndorsements provide a form of authorization by demonstrating that the holder of the
+ * endorsement is in a group with a particular user or set of users. They can be
+ * [combined]{@link #combine} and [removed]{@link #byRemoving} in a set-like fashion.
+ *
+ * The endorsement "flow" starts with receiving a {@link GroupSendEndorsementsResponse} from the
+ * group server, which contains endorsements for all members in a group (including the local user).
+ * The response object provides the single expiration for all the endorsements. From there, the
+ * `receive` method produces a {@link ReceivedEndorsements}, which exposes the individual
+ * endorsements as well as a combined endorsement for everyone but the local user. Clients should
+ * save these endorsements and the expiration with the group state.
+ *
+ * When it comes time to send a message to an individual user, clients should check to see if they
+ * have a {@link GroupSendToken} for that user, and generate and cache one using
+ * {@link GroupSendEndorsement#toToken} if not. The token should then be converted to a full token
+ * using {@link GroupSendToken#toFullToken}, providing the expiration saved previously. Finally, the
+ * serialized full token can be used as authorization in a request to the chat server.
+ *
+ * Similarly, when it comes time to send a message to the group, clients should start by
+ * [removing]{@link #byRemoving} the endorsements of any users they are excluding (say, because they
+ * need a Sender Key Distribution Message first), and then converting the resulting endorsement to a
+ * token. From there, the token can be converted to a full token and serialized as for an individual
+ * send. (Saving the repeated work of converting to a token is left to the clients here; worst case,
+ * it's still cheaper than a usual zkgroup presentation.)
+ */
+class GroupSendEndorsement extends ByteArray_1.default {
+    constructor(contents, marker) {
+        super(contents, marker ?? Native.GroupSendEndorsement_CheckValidContents);
+    }
+    /**
+     * Combines several endorsements into one.
+     *
+     * For example, if you have endorsements to send to Meredith and Aruna individually, then you can
+     * combine them to produce an endorsement to send a multi-recipient message to the two of them.
+     */
+    static combine(endorsements) {
+        return new GroupSendEndorsement(Native.GroupSendEndorsement_Combine(endorsements.map((next) => next.contents)));
+    }
+    /**
+     * Removes an endorsement (individual or combined) from this combined endorsement.
+     *
+     * If `this` is *not* a combined endorsement, or `toRemove` includes endorsements that were not
+     * combined into `this`, the result will not generate valid tokens.
+     */
+    byRemoving(toRemove) {
+        return new GroupSendEndorsement(Native.GroupSendEndorsement_Remove(this.contents, toRemove.contents));
+    }
+    /**
+     * Generates a cacheable token used to authenticate sends.
+     *
+     * The token is no longer associated with the group; it merely identifies the user or set of users
+     * referenced by this endorsement. (Of course, a set of users is a pretty good stand-in for a
+     * group.)
+     *
+     * @see {@link GroupSendToken}
+     */
+    toToken(groupParams) {
+        return new GroupSendToken_1.default(Native.GroupSendEndorsement_ToToken(this.contents, groupParams.contents));
+    }
+    /**
+     * Generates a token used to authenticate sends, ready to put in an auth header.
+     *
+     * `expiration` must be the same expiration that was in the original {@link
+     * GroupSendEndorsementsResponse}, or the resulting token will fail to verify.
+     *
+     * Equivalent to {@link #toToken} followed by {@link GroupSendToken#toFullToken}.
+     */
+    toFullToken(groupParams, expiration) {
+        return this.toToken(groupParams).toFullToken(expiration);
+    }
+}
+exports.default = GroupSendEndorsement;
+//# sourceMappingURL=GroupSendEndorsement.js.map

package/dist/zkgroup/groupsend/GroupSendEndorsementsResponse.d.ts

@@ -0,0 +1,73 @@
+/// <reference types="node" />
+import ByteArray from '../internal/ByteArray';
+import GroupSecretParams from '../groups/GroupSecretParams';
+import ServerPublicParams from '../ServerPublicParams';
+import UuidCiphertext from '../groups/UuidCiphertext';
+import { Aci, ServiceId } from '../../Address';
+import GroupSendDerivedKeyPair from './GroupSendDerivedKeyPair';
+import GroupSendEndorsement from './GroupSendEndorsement';
+/**
+ * A collection of endorsements known to be valid.
+ *
+ * The result of the `receive` operations on {@link GroupSendEndorsementsResponse}. Contains an
+ * endorsement for each member of the group, in the same order they were originally provided, plus a
+ * combined endorsement for "everyone but me", intended for multi-recipient sends.
+ */
+export type ReceivedEndorsements = {
+    endorsements: GroupSendEndorsement[];
+    combinedEndorsement: GroupSendEndorsement;
+};
+/**
+ * A set of endorsements of the members in a group, along with a proof of their validity.
+ *
+ * Issued by the group server based on the group's member ciphertexts. The endorsements will
+ * eventually be verified by the chat server in the form of {@link GroupSendFullToken}s. See
+ * {@link GroupSendEndorsement} for a full description of the endorsement flow from the client's
+ * perspective.
+ */
+export default class GroupSendEndorsementsResponse extends ByteArray {
+    constructor(contents: Buffer);
+    /**
+     * Issues a new set of endorsements for `groupMembers`.
+     *
+     * `groupMembers` should include `requestingUser` as well.
+     */
+    static issue(groupMembers: UuidCiphertext[], keyPair: GroupSendDerivedKeyPair): GroupSendEndorsementsResponse;
+    /**
+     * Issues a new set of endorsements for `groupMembers`, with an explicity-chosen expiration and
+     * source of randomness.
+     *
+     * Should only be used for testing purposes.
+     *
+     * @see {@link GroupSendEndorsementsResponse#issue}
+     */
+    static issueWithRandom(groupMembers: UuidCiphertext[], keyPair: GroupSendDerivedKeyPair, random: Buffer): GroupSendEndorsementsResponse;
+    /** Returns the expiration for the contained endorsements. */
+    getExpiration(): Date;
+    /**
+     * Receives, validates, and extracts the endorsements from a response.
+     *
+     * Note that the `receive` operation is provided for both {@link ServiceId}s and {@link
+     * UuidCiphertext}s. If you already have the ciphertexts for the group members available, {@link
+     * #receiveWithCiphertexts} should be faster; if you don't, this method is faster than generating
+     * the ciphertexts and throwing them away afterwards.
+     *
+     * `localUser` should be included in `groupMembers`.
+     *
+     * @throws {VerificationFailedError} if the endorsements are not valid for any reason
+     */
+    receiveWithServiceIds(groupMembers: ServiceId[], localUser: Aci, groupParams: GroupSecretParams, serverParams: ServerPublicParams, now?: Date): ReceivedEndorsements;
+    /**
+     * Receives, validates, and extracts the endorsements from a response.
+     *
+     * Note that the `receive` operation is provided for both {@link ServiceId}s and {@link
+     * UuidCiphertext}s. If you already have the ciphertexts for the group members available, this
+     * method should be faster; if you don't, {@link #receiveWithServiceIds} is faster than generating
+     * the ciphertexts and throwing them away afterwards.
+     *
+     * `localUser` should be included in `groupMembers`.
+     *
+     * @throws {VerificationFailedError} if the endorsements are not valid for any reason
+     */
+    receiveWithCiphertexts(groupMembers: UuidCiphertext[], localUser: UuidCiphertext, serverParams: ServerPublicParams, now?: Date): ReceivedEndorsements;
+}

package/dist/zkgroup/groupsend/GroupSendEndorsementsResponse.js

@@ -0,0 +1,102 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = require("crypto");
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+const Constants_1 = require("../internal/Constants");
+const UuidCiphertext_1 = require("../groups/UuidCiphertext");
+const Address_1 = require("../../Address");
+const GroupSendEndorsement_1 = require("./GroupSendEndorsement");
+/**
+ * A set of endorsements of the members in a group, along with a proof of their validity.
+ *
+ * Issued by the group server based on the group's member ciphertexts. The endorsements will
+ * eventually be verified by the chat server in the form of {@link GroupSendFullToken}s. See
+ * {@link GroupSendEndorsement} for a full description of the endorsement flow from the client's
+ * perspective.
+ */
+class GroupSendEndorsementsResponse extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.GroupSendEndorsementsResponse_CheckValidContents);
+    }
+    /**
+     * Issues a new set of endorsements for `groupMembers`.
+     *
+     * `groupMembers` should include `requestingUser` as well.
+     */
+    static issue(groupMembers, keyPair) {
+        const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
+        return this.issueWithRandom(groupMembers, keyPair, random);
+    }
+    /**
+     * Issues a new set of endorsements for `groupMembers`, with an explicity-chosen expiration and
+     * source of randomness.
+     *
+     * Should only be used for testing purposes.
+     *
+     * @see {@link GroupSendEndorsementsResponse#issue}
+     */
+    static issueWithRandom(groupMembers, keyPair, random) {
+        return new GroupSendEndorsementsResponse(Native.GroupSendEndorsementsResponse_IssueDeterministic(UuidCiphertext_1.default.serializeAndConcatenate(groupMembers), keyPair.contents, random));
+    }
+    /** Returns the expiration for the contained endorsements. */
+    getExpiration() {
+        return new Date(1000 * Native.GroupSendEndorsementsResponse_GetExpiration(this.contents));
+    }
+    /**
+     * Receives, validates, and extracts the endorsements from a response.
+     *
+     * Note that the `receive` operation is provided for both {@link ServiceId}s and {@link
+     * UuidCiphertext}s. If you already have the ciphertexts for the group members available, {@link
+     * #receiveWithCiphertexts} should be faster; if you don't, this method is faster than generating
+     * the ciphertexts and throwing them away afterwards.
+     *
+     * `localUser` should be included in `groupMembers`.
+     *
+     * @throws {VerificationFailedError} if the endorsements are not valid for any reason
+     */
+    receiveWithServiceIds(groupMembers, localUser, groupParams, serverParams, now = new Date()) {
+        const endorsementContents = Native.GroupSendEndorsementsResponse_ReceiveAndCombineWithServiceIds(this.contents, Address_1.ServiceId.toConcatenatedFixedWidthBinary(groupMembers), localUser.getServiceIdFixedWidthBinary(), Math.floor(now.getTime() / 1000), groupParams.contents, serverParams.contents);
+        const endorsements = endorsementContents.map((next) => {
+            // Normally we don't notice the cost of validating just-created zkgroup objects,
+            // but in this case we may have up to 1000 of these. Let's assume they're created correctly.
+            return new GroupSendEndorsement_1.default(next, ByteArray_1.UNCHECKED_AND_UNCLONED);
+        });
+        const combinedEndorsement = endorsements.pop();
+        if (!combinedEndorsement) {
+            throw new Error("GroupSendEndorsementsResponse_ReceiveAndCombineWithServiceIds didn't produce a combined endorsement");
+        }
+        return { endorsements, combinedEndorsement };
+    }
+    /**
+     * Receives, validates, and extracts the endorsements from a response.
+     *
+     * Note that the `receive` operation is provided for both {@link ServiceId}s and {@link
+     * UuidCiphertext}s. If you already have the ciphertexts for the group members available, this
+     * method should be faster; if you don't, {@link #receiveWithServiceIds} is faster than generating
+     * the ciphertexts and throwing them away afterwards.
+     *
+     * `localUser` should be included in `groupMembers`.
+     *
+     * @throws {VerificationFailedError} if the endorsements are not valid for any reason
+     */
+    receiveWithCiphertexts(groupMembers, localUser, serverParams, now = new Date()) {
+        const endorsementContents = Native.GroupSendEndorsementsResponse_ReceiveAndCombineWithCiphertexts(this.contents, UuidCiphertext_1.default.serializeAndConcatenate(groupMembers), localUser.contents, Math.floor(now.getTime() / 1000), serverParams.contents);
+        const endorsements = endorsementContents.map((next) => {
+            // Normally we don't notice the cost of validating just-created zkgroup objects,
+            // but in this case we may have up to 1000 of these. Let's assume they're created correctly.
+            return new GroupSendEndorsement_1.default(next, ByteArray_1.UNCHECKED_AND_UNCLONED);
+        });
+        const combinedEndorsement = endorsements.pop();
+        if (!combinedEndorsement) {
+            throw new Error("GroupSendEndorsementsResponse_ReceiveAndCombineWithCiphertexts didn't produce a combined endorsement");
+        }
+        return { endorsements, combinedEndorsement };
+    }
+}
+exports.default = GroupSendEndorsementsResponse;
+//# sourceMappingURL=GroupSendEndorsementsResponse.js.map

package/dist/zkgroup/groupsend/GroupSendFullToken.d.ts

@@ -0,0 +1,23 @@
+/// <reference types="node" />
+import ByteArray from '../internal/ByteArray';
+import { ServiceId } from '../../Address';
+import GroupSendDerivedKeyPair from './GroupSendDerivedKeyPair';
+/**
+ * A token representing a particular {@link GroupSendEndorsement}, along with the endorsement's
+ * expiration.
+ *
+ * Generated by {@link GroupSendToken#toFullToken}, and verified by the chat server.
+ */
+export default class GroupSendFullToken extends ByteArray {
+    constructor(contents: Buffer);
+    /** Gets the expiration embedded in the token. */
+    getExpiration(): Date;
+    /**
+     * Verifies that this token was generated from an endorsement of `userIds` by `keyPair`.
+     *
+     * The correct `keyPair` must be selected based on {@link #getExpiration}.
+     *
+     * @throws {VerificationFailedError} if the token is invalid.
+     */
+    verify(userIds: ServiceId[], keyPair: GroupSendDerivedKeyPair, now?: Date): void;
+}

package/dist/zkgroup/groupsend/GroupSendFullToken.js

@@ -0,0 +1,36 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+const Address_1 = require("../../Address");
+/**
+ * A token representing a particular {@link GroupSendEndorsement}, along with the endorsement's
+ * expiration.
+ *
+ * Generated by {@link GroupSendToken#toFullToken}, and verified by the chat server.
+ */
+class GroupSendFullToken extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.GroupSendFullToken_CheckValidContents);
+    }
+    /** Gets the expiration embedded in the token. */
+    getExpiration() {
+        return new Date(1000 * Native.GroupSendFullToken_GetExpiration(this.contents));
+    }
+    /**
+     * Verifies that this token was generated from an endorsement of `userIds` by `keyPair`.
+     *
+     * The correct `keyPair` must be selected based on {@link #getExpiration}.
+     *
+     * @throws {VerificationFailedError} if the token is invalid.
+     */
+    verify(userIds, keyPair, now = new Date()) {
+        Native.GroupSendFullToken_Verify(this.contents, Address_1.ServiceId.toConcatenatedFixedWidthBinary(userIds), Math.floor(now.getTime() / 1000), keyPair.contents);
+    }
+}
+exports.default = GroupSendFullToken;
+//# sourceMappingURL=GroupSendFullToken.js.map

package/dist/zkgroup/groupsend/GroupSendToken.d.ts

@@ -0,0 +1,22 @@
+/// <reference types="node" />
+import ByteArray from '../internal/ByteArray';
+import GroupSendFullToken from './GroupSendFullToken';
+/**
+ * A minimal cacheable representation of an endorsement.
+ *
+ * This contains the minimal information needed to represent this specific endorsement; it must be
+ * converted to a {@link GroupSendFullToken} before sending to the chat server. (It is valid to do
+ * this immediately; it just uses up extra space.)
+ *
+ * Generated by {@link GroupSendEndorsement#toToken}.
+ */
+export default class GroupSendToken extends ByteArray {
+    constructor(contents: Buffer);
+    /**
+     * Converts this token to a "full token", which can be sent to the chat server as authentication.
+     *
+     * {@code expiration} must be the same expiration that was in the original
+     * {@link GroupSendEndorsementsResponse}, or the resulting token will fail to verify.
+     */
+    toFullToken(expiration: Date): GroupSendFullToken;
+}

package/dist/zkgroup/groupsend/GroupSendToken.js

@@ -0,0 +1,34 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const ByteArray_1 = require("../internal/ByteArray");
+const Native = require("../../../Native");
+const GroupSendFullToken_1 = require("./GroupSendFullToken");
+/**
+ * A minimal cacheable representation of an endorsement.
+ *
+ * This contains the minimal information needed to represent this specific endorsement; it must be
+ * converted to a {@link GroupSendFullToken} before sending to the chat server. (It is valid to do
+ * this immediately; it just uses up extra space.)
+ *
+ * Generated by {@link GroupSendEndorsement#toToken}.
+ */
+class GroupSendToken extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, Native.GroupSendToken_CheckValidContents);
+    }
+    /**
+     * Converts this token to a "full token", which can be sent to the chat server as authentication.
+     *
+     * {@code expiration} must be the same expiration that was in the original
+     * {@link GroupSendEndorsementsResponse}, or the resulting token will fail to verify.
+     */
+    toFullToken(expiration) {
+        return new GroupSendFullToken_1.default(Native.GroupSendToken_ToFullToken(this.contents, Math.floor(expiration.getTime() / 1000)));
+    }
+}
+exports.default = GroupSendToken;
+//# sourceMappingURL=GroupSendToken.js.map

package/dist/zkgroup/index.d.ts

@@ -5,8 +5,6 @@ export { default as GenericServerSecretParams } from './GenericServerSecretParam
 export { default as NotarySignature } from './NotarySignature';
 export { default as ClientZkAuthOperations } from './auth/ClientZkAuthOperations';
 export { default as ServerZkAuthOperations } from './auth/ServerZkAuthOperations';
-export { default as AuthCredential } from './auth/AuthCredential';
-export { default as AuthCredentialResponse } from './auth/AuthCredentialResponse';
 export { default as AuthCredentialPresentation } from './auth/AuthCredentialPresentation';
 export { default as AuthCredentialWithPni } from './auth/AuthCredentialWithPni';
 export { default as AuthCredentialWithPniResponse } from './auth/AuthCredentialWithPniResponse';
@@ -50,6 +48,8 @@ export { default as BackupAuthCredentialPresentation } from './backups/BackupAut
 export { default as BackupAuthCredentialRequest } from './backups/BackupAuthCredentialRequest';
 export { default as BackupAuthCredentialRequestContext } from './backups/BackupAuthCredentialRequestContext';
 export { default as BackupAuthCredentialResponse } from './backups/BackupAuthCredentialResponse';
-export { default as GroupSendCredential } from './groupsend/GroupSendCredential';
-export { default as GroupSendCredentialPresentation } from './groupsend/GroupSendCredentialPresentation';
-export { default as GroupSendCredentialResponse } from './groupsend/GroupSendCredentialResponse';
+export { default as GroupSendDerivedKeyPair } from './groupsend/GroupSendDerivedKeyPair';
+export { default as GroupSendEndorsement } from './groupsend/GroupSendEndorsement';
+export { default as GroupSendEndorsementsResponse } from './groupsend/GroupSendEndorsementsResponse';
+export { default as GroupSendFullToken } from './groupsend/GroupSendFullToken';
+export { default as GroupSendToken } from './groupsend/GroupSendToken';

package/dist/zkgroup/index.js

@@ -4,8 +4,8 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BackupAuthCredentialRequest = exports.BackupAuthCredentialPresentation = exports.BackupAuthCredential = exports.CreateCallLinkCredentialResponse = exports.CreateCallLinkCredentialRequestContext = exports.CreateCallLinkCredentialRequest = exports.CreateCallLinkCredentialPresentation = exports.CreateCallLinkCredential = exports.CallLinkAuthCredentialResponse = exports.CallLinkAuthCredentialPresentation = exports.CallLinkAuthCredential = exports.CallLinkSecretParams = exports.CallLinkPublicParams = exports.ReceiptSerial = exports.ReceiptCredentialResponse = exports.ReceiptCredentialRequestContext = exports.ReceiptCredentialRequest = exports.ReceiptCredentialPresentation = exports.ReceiptCredential = exports.ServerZkReceiptOperations = exports.ClientZkReceiptOperations = exports.ExpiringProfileKeyCredentialResponse = exports.ExpiringProfileKeyCredential = exports.ProfileKeyVersion = exports.ProfileKeyCredentialRequestContext = exports.ProfileKeyCredentialRequest = exports.ProfileKeyCredentialPresentation = exports.ProfileKeyCommitment = exports.ProfileKey = exports.ServerZkProfileOperations = exports.ClientZkProfileOperations = exports.UuidCiphertext = exports.ProfileKeyCiphertext = exports.GroupSecretParams = exports.GroupPublicParams = exports.GroupMasterKey = exports.GroupIdentifier = exports.ClientZkGroupCipher = exports.AuthCredentialWithPniResponse = exports.AuthCredentialWithPni = exports.AuthCredentialPresentation = exports.AuthCredentialResponse = exports.AuthCredential = exports.ServerZkAuthOperations = exports.ClientZkAuthOperations = exports.NotarySignature = exports.GenericServerSecretParams = exports.GenericServerPublicParams = exports.ServerSecretParams = exports.ServerPublicParams = void 0;
-exports.GroupSendCredentialResponse = exports.GroupSendCredentialPresentation = exports.GroupSendCredential = exports.BackupAuthCredentialResponse = exports.BackupAuthCredentialRequestContext = void 0;
+exports.BackupAuthCredentialResponse = exports.BackupAuthCredentialRequestContext = exports.BackupAuthCredentialRequest = exports.BackupAuthCredentialPresentation = exports.BackupAuthCredential = exports.CreateCallLinkCredentialResponse = exports.CreateCallLinkCredentialRequestContext = exports.CreateCallLinkCredentialRequest = exports.CreateCallLinkCredentialPresentation = exports.CreateCallLinkCredential = exports.CallLinkAuthCredentialResponse = exports.CallLinkAuthCredentialPresentation = exports.CallLinkAuthCredential = exports.CallLinkSecretParams = exports.CallLinkPublicParams = exports.ReceiptSerial = exports.ReceiptCredentialResponse = exports.ReceiptCredentialRequestContext = exports.ReceiptCredentialRequest = exports.ReceiptCredentialPresentation = exports.ReceiptCredential = exports.ServerZkReceiptOperations = exports.ClientZkReceiptOperations = exports.ExpiringProfileKeyCredentialResponse = exports.ExpiringProfileKeyCredential = exports.ProfileKeyVersion = exports.ProfileKeyCredentialRequestContext = exports.ProfileKeyCredentialRequest = exports.ProfileKeyCredentialPresentation = exports.ProfileKeyCommitment = exports.ProfileKey = exports.ServerZkProfileOperations = exports.ClientZkProfileOperations = exports.UuidCiphertext = exports.ProfileKeyCiphertext = exports.GroupSecretParams = exports.GroupPublicParams = exports.GroupMasterKey = exports.GroupIdentifier = exports.ClientZkGroupCipher = exports.AuthCredentialWithPniResponse = exports.AuthCredentialWithPni = exports.AuthCredentialPresentation = exports.ServerZkAuthOperations = exports.ClientZkAuthOperations = exports.NotarySignature = exports.GenericServerSecretParams = exports.GenericServerPublicParams = exports.ServerSecretParams = exports.ServerPublicParams = void 0;
+exports.GroupSendToken = exports.GroupSendFullToken = exports.GroupSendEndorsementsResponse = exports.GroupSendEndorsement = exports.GroupSendDerivedKeyPair = void 0;
 // Root
 var ServerPublicParams_1 = require("./ServerPublicParams");
 Object.defineProperty(exports, "ServerPublicParams", { enumerable: true, get: function () { return ServerPublicParams_1.default; } });
@@ -22,10 +22,6 @@ var ClientZkAuthOperations_1 = require("./auth/ClientZkAuthOperations");
 Object.defineProperty(exports, "ClientZkAuthOperations", { enumerable: true, get: function () { return ClientZkAuthOperations_1.default; } });
 var ServerZkAuthOperations_1 = require("./auth/ServerZkAuthOperations");
 Object.defineProperty(exports, "ServerZkAuthOperations", { enumerable: true, get: function () { return ServerZkAuthOperations_1.default; } });
-var AuthCredential_1 = require("./auth/AuthCredential");
-Object.defineProperty(exports, "AuthCredential", { enumerable: true, get: function () { return AuthCredential_1.default; } });
-var AuthCredentialResponse_1 = require("./auth/AuthCredentialResponse");
-Object.defineProperty(exports, "AuthCredentialResponse", { enumerable: true, get: function () { return AuthCredentialResponse_1.default; } });
 var AuthCredentialPresentation_1 = require("./auth/AuthCredentialPresentation");
 Object.defineProperty(exports, "AuthCredentialPresentation", { enumerable: true, get: function () { return AuthCredentialPresentation_1.default; } });
 var AuthCredentialWithPni_1 = require("./auth/AuthCredentialWithPni");
@@ -118,10 +114,14 @@ Object.defineProperty(exports, "BackupAuthCredentialRequestContext", { enumerabl
 var BackupAuthCredentialResponse_1 = require("./backups/BackupAuthCredentialResponse");
 Object.defineProperty(exports, "BackupAuthCredentialResponse", { enumerable: true, get: function () { return BackupAuthCredentialResponse_1.default; } });
 // Group Send
-var GroupSendCredential_1 = require("./groupsend/GroupSendCredential");
-Object.defineProperty(exports, "GroupSendCredential", { enumerable: true, get: function () { return GroupSendCredential_1.default; } });
-var GroupSendCredentialPresentation_1 = require("./groupsend/GroupSendCredentialPresentation");
-Object.defineProperty(exports, "GroupSendCredentialPresentation", { enumerable: true, get: function () { return GroupSendCredentialPresentation_1.default; } });
-var GroupSendCredentialResponse_1 = require("./groupsend/GroupSendCredentialResponse");
-Object.defineProperty(exports, "GroupSendCredentialResponse", { enumerable: true, get: function () { return GroupSendCredentialResponse_1.default; } });
+var GroupSendDerivedKeyPair_1 = require("./groupsend/GroupSendDerivedKeyPair");
+Object.defineProperty(exports, "GroupSendDerivedKeyPair", { enumerable: true, get: function () { return GroupSendDerivedKeyPair_1.default; } });
+var GroupSendEndorsement_1 = require("./groupsend/GroupSendEndorsement");
+Object.defineProperty(exports, "GroupSendEndorsement", { enumerable: true, get: function () { return GroupSendEndorsement_1.default; } });
+var GroupSendEndorsementsResponse_1 = require("./groupsend/GroupSendEndorsementsResponse");
+Object.defineProperty(exports, "GroupSendEndorsementsResponse", { enumerable: true, get: function () { return GroupSendEndorsementsResponse_1.default; } });
+var GroupSendFullToken_1 = require("./groupsend/GroupSendFullToken");
+Object.defineProperty(exports, "GroupSendFullToken", { enumerable: true, get: function () { return GroupSendFullToken_1.default; } });
+var GroupSendToken_1 = require("./groupsend/GroupSendToken");
+Object.defineProperty(exports, "GroupSendToken", { enumerable: true, get: function () { return GroupSendToken_1.default; } });
 //# sourceMappingURL=index.js.map

package/dist/zkgroup/internal/ByteArray.d.ts

@@ -1,7 +1,8 @@
 /// <reference types="node" />
+export declare const UNCHECKED_AND_UNCLONED: unique symbol;
 export default class ByteArray {
     contents: Buffer;
-    constructor(contents: Buffer, checkValid: (contents: Buffer) => void);
+    constructor(contents: Buffer, checkValid: ((contents: Buffer) => void) | typeof UNCHECKED_AND_UNCLONED);
     protected static checkLength(expectedLength: number): (contents: Buffer) => void;
     getContents(): Buffer;
     serialize(): Buffer;

package/dist/zkgroup/internal/ByteArray.js

@@ -4,11 +4,18 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.UNCHECKED_AND_UNCLONED = void 0;
 const Errors_1 = require("../../Errors");
+exports.UNCHECKED_AND_UNCLONED = Symbol();
 class ByteArray {
     constructor(contents, checkValid) {
-        checkValid(contents);
-        this.contents = Buffer.from(contents);
+        if (checkValid === exports.UNCHECKED_AND_UNCLONED) {
+            this.contents = contents;
+        }
+        else {
+            checkValid(contents);
+            this.contents = Buffer.from(contents);
+        }
     }
     static checkLength(expectedLength) {
         return (contents) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.41.1",
+  "version": "0.42.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -32,6 +32,7 @@
     "uuid": "^8.3.0"
   },
   "devDependencies": {
+    "@indutny/bencher": "^1.2.0",
     "@types/bindings": "^1.3.0",
     "@types/chai": "^4.3.1",
     "@types/chai-as-promised": "^7.1.3",

package/dist/zkgroup/auth/AuthCredential.d.ts

@@ -1,6 +0,0 @@
-/// <reference types="node" />
-import ByteArray from '../internal/ByteArray';
-export default class AuthCredential extends ByteArray {
-    private readonly __type?;
-    constructor(contents: Buffer);
-}

package/dist/zkgroup/auth/AuthCredential.js

@@ -1,15 +0,0 @@
-"use strict";
-//
-// Copyright 2020-2021 Signal Messenger, LLC.
-// SPDX-License-Identifier: AGPL-3.0-only
-//
-Object.defineProperty(exports, "__esModule", { value: true });
-const ByteArray_1 = require("../internal/ByteArray");
-const Native = require("../../../Native");
-class AuthCredential extends ByteArray_1.default {
-    constructor(contents) {
-        super(contents, Native.AuthCredential_CheckValidContents);
-    }
-}
-exports.default = AuthCredential;
-//# sourceMappingURL=AuthCredential.js.map