@signalapp/libsignal-client 0.59.0 → 0.60.0

package/Native.d.ts

@@ -156,17 +156,19 @@ export function AuthCredentialWithPni_CheckValidContents(bytes: Buffer): void;
 export function BackupAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function BackupAuthCredentialPresentation_GetBackupId(presentationBytes: Buffer): Buffer;
 export function BackupAuthCredentialPresentation_GetBackupLevel(presentationBytes: Buffer): number;
+export function BackupAuthCredentialPresentation_GetType(presentationBytes: Buffer): number;
 export function BackupAuthCredentialPresentation_Verify(presentationBytes: Buffer, now: Timestamp, serverParamsBytes: Buffer): void;
 export function BackupAuthCredentialRequestContext_CheckValidContents(contextBytes: Buffer): void;
 export function BackupAuthCredentialRequestContext_GetRequest(contextBytes: Buffer): Buffer;
 export function BackupAuthCredentialRequestContext_New(backupKey: Buffer, uuid: Uuid): Buffer;
 export function BackupAuthCredentialRequestContext_ReceiveResponse(contextBytes: Buffer, responseBytes: Buffer, expectedRedemptionTime: Timestamp, paramsBytes: Buffer): Buffer;
 export function BackupAuthCredentialRequest_CheckValidContents(requestBytes: Buffer): void;
-export function BackupAuthCredentialRequest_IssueDeterministic(requestBytes: Buffer, redemptionTime: Timestamp, backupLevel: number, paramsBytes: Buffer, randomness: Buffer): Buffer;
+export function BackupAuthCredentialRequest_IssueDeterministic(requestBytes: Buffer, redemptionTime: Timestamp, backupLevel: number, credentialType: number, paramsBytes: Buffer, randomness: Buffer): Buffer;
 export function BackupAuthCredentialResponse_CheckValidContents(responseBytes: Buffer): void;
 export function BackupAuthCredential_CheckValidContents(paramsBytes: Buffer): void;
 export function BackupAuthCredential_GetBackupId(credentialBytes: Buffer): Buffer;
 export function BackupAuthCredential_GetBackupLevel(credentialBytes: Buffer): number;
+export function BackupAuthCredential_GetType(credentialBytes: Buffer): number;
 export function BackupAuthCredential_PresentDeterministic(credentialBytes: Buffer, serverParamsBytes: Buffer, randomness: Buffer): Buffer;
 export function CallLinkAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function CallLinkAuthCredentialPresentation_GetUserId(presentationBytes: Buffer): Serialized<UuidCiphertext>;
@@ -309,7 +311,9 @@ export function LookupRequest_addPreviousE164(request: Wrapper<LookupRequest>, e
 export function LookupRequest_new(): LookupRequest;
 export function LookupRequest_setReturnAcisWithoutUaks(request: Wrapper<LookupRequest>, returnAcisWithoutUaks: boolean): void;
 export function LookupRequest_setToken(request: Wrapper<LookupRequest>, token: Buffer): void;
-export function MessageBackupKey_New(masterKey: Buffer, aci: Buffer): MessageBackupKey;
+export function MessageBackupKey_FromAccountEntropyPool(accountEntropy: string, aci: Buffer): MessageBackupKey;
+export function MessageBackupKey_FromBackupKeyAndBackupId(backupKey: Buffer, backupId: Buffer): MessageBackupKey;
+export function MessageBackupKey_FromMasterKey(masterKey: Buffer, aci: Buffer): MessageBackupKey;
 export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: bigint, purpose: number): Promise<MessageBackupValidationOutcome>;
 export function MinidumpToJSONString(buffer: Buffer): string;
 export function Mp4Sanitizer_Sanitize(input: InputStream, len: bigint): Promise<SanitizedMetadata>;

package/dist/MessageBackup.d.ts

@@ -29,17 +29,37 @@ export declare class ValidationOutcome {
     get ok(): boolean;
     constructor(outcome: Native.MessageBackupValidationOutcome);
 }
+export type MessageBackupKeyInput = Readonly<{
+    accountEntropy: string;
+    aci: Aci;
+} | {
+    backupKey: Buffer;
+    backupId: Buffer;
+}>;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
  */
 export declare class MessageBackupKey {
     readonly _nativeHandle: Native.MessageBackupKey;
     /**
-     * Create a public key from the given master key and ACI.
+     * Create a backup bundle key from the given master key and ACI.
      *
      * `masterKeyBytes` should contain exactly 32 bytes.
+     *
+     * @deprecated Use AccountEntropyPool instead.
      */
     constructor(masterKeyBytes: Buffer, aci: Aci);
+    /**
+     * Create a backup bundle key from an account entropy pool and ACI.
+     *
+     * ...or from a backup key and ID, used when reading from a local backup, which may have been
+     * created with a different ACI. This still uses AccountEntropyPool-based key derivation rules; it
+     * cannot be used to read a backup created from a master key.
+     *
+     * The account entropy pool must be **validated**; passing an arbitrary string here is considered
+     * a programmer error. Similarly, passing a backup key or ID of the wrong length is also an error.
+     */
+    constructor(input: MessageBackupKeyInput);
 }
 export declare enum Purpose {
     DeviceTransfer = 0,

package/dist/MessageBackup.js

@@ -34,13 +34,20 @@ exports.ValidationOutcome = ValidationOutcome;
  * Key used to encrypt and decrypt a message backup bundle.
  */
 class MessageBackupKey {
-    /**
-     * Create a public key from the given master key and ACI.
-     *
-     * `masterKeyBytes` should contain exactly 32 bytes.
-     */
-    constructor(masterKeyBytes, aci) {
-        this._nativeHandle = Native.MessageBackupKey_New(masterKeyBytes, aci.getServiceIdFixedWidthBinary());
+    constructor(inputOrMasterKeyBytes, maybeAci) {
+        if (inputOrMasterKeyBytes instanceof Buffer) {
+            if (maybeAci === undefined)
+                throw new Error('missing ACI parameter');
+            this._nativeHandle = Native.MessageBackupKey_FromMasterKey(inputOrMasterKeyBytes, maybeAci.getServiceIdFixedWidthBinary());
+        }
+        else if ('accountEntropy' in inputOrMasterKeyBytes) {
+            const { accountEntropy, aci } = inputOrMasterKeyBytes;
+            this._nativeHandle = Native.MessageBackupKey_FromAccountEntropyPool(accountEntropy, aci.getServiceIdFixedWidthBinary());
+        }
+        else {
+            const { backupKey, backupId } = inputOrMasterKeyBytes;
+            this._nativeHandle = Native.MessageBackupKey_FromBackupKeyAndBackupId(backupKey, backupId);
+        }
     }
 }
 exports.MessageBackupKey = MessageBackupKey;

package/dist/acknowledgments.md

@@ -669,7 +669,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
 
 ```
 
-## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.59.0, libsignal-jni 0.59.0, libsignal-jni-testing 0.59.0, libsignal-node 0.59.0, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
+## libsignal-account-keys 0.1.0, attest 0.1.0, libsignal-ffi 0.60.0, libsignal-jni 0.60.0, libsignal-jni-testing 0.60.0, libsignal-node 0.60.0, signal-neon-futures 0.1.0, signal-neon-futures-tests 0.1.0, libsignal-bridge 0.1.0, libsignal-bridge-macros 0.1.0, libsignal-bridge-testing 0.1.0, libsignal-bridge-types 0.1.0, libsignal-core 0.1.0, signal-crypto 0.1.0, device-transfer 0.1.0, libsignal-keytrans 0.0.1, signal-media 0.1.0, libsignal-message-backup 0.1.0, libsignal-message-backup-macros 0.1.0, libsignal-net 0.1.0, libsignal-net-infra 0.1.0, poksho 0.7.0, libsignal-protocol 0.1.0, libsignal-svr3 0.1.0, usernames 0.1.0, zkcredential 0.1.0, zkgroup 0.9.0
 
 ```
 GNU AFFERO GENERAL PUBLIC LICENSE
@@ -2171,7 +2171,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ```
 
-## bindgen 0.68.1
+## bindgen 0.70.1
 
 ```
 BSD 3-Clause License
@@ -3300,7 +3300,7 @@ THE SOFTWARE.
 
 ```
 
-## either 1.13.0, itertools 0.13.0, petgraph 0.6.5
+## either 1.13.0, itertools 0.10.5, itertools 0.13.0, petgraph 0.6.5
 
 ```
 Copyright (c) 2015
@@ -3443,7 +3443,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## gimli 0.31.0, heck 0.5.0, peeking_take_while 0.1.2, unicode-bidi 0.3.15, unicode-normalization 0.1.23
+## gimli 0.31.0, heck 0.5.0, unicode-bidi 0.3.15, unicode-normalization 0.1.23
 
 ```
 Copyright (c) 2015 The Rust Project Developers
@@ -6845,38 +6845,6 @@ SOFTWARE.
 
 ```
 
-## lazycell 1.3.0
-
-```
-Original work Copyright (c) 2014 The Rust Project Developers
-Modified work Copyright (c) 2016-2018 Nikita Pekin and lazycell contributors
-
-Permission is hereby granted, free of charge, to any
-person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the
-Software without restriction, including without
-limitation the rights to use, copy, modify, merge,
-publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software
-is furnished to do so, subject to the following
-conditions:
-
-The above copyright notice and this permission notice
-shall be included in all copies or substantial portions
-of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
-ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
-TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
-PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
-SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
-IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-
-```
-
 ## curve25519-dalek-derive 0.1.1, adler2 2.0.0, anyhow 1.0.88, async-trait 0.1.82, atomic-waker 1.1.2, displaydoc 0.2.5, dyn-clone 1.0.17, fastrand 2.1.1, home 0.5.9, itoa 1.0.11, linkme-impl 0.3.28, linkme 0.3.28, linux-raw-sys 0.4.14, minimal-lexical 0.2.1, num_enum 0.7.3, num_enum_derive 0.7.3, once_cell 1.19.0, paste 1.0.15, pin-project-internal 1.1.5, pin-project-lite 0.2.14, pin-project 1.1.5, prettyplease 0.2.22, proc-macro-crate 3.2.0, proc-macro2 1.0.86, quote 1.0.37, rustc-hash 1.1.0, rustix 0.38.37, rustversion 1.0.17, semver 1.0.23, send_wrapper 0.6.0, serde 1.0.210, serde_derive 1.0.210, serde_json 1.0.128, syn-mid 0.6.0, syn 1.0.109, syn 2.0.77, thiserror-impl 1.0.63, thiserror 1.0.63, unicode-ident 1.0.13, utf-8 0.7.6
 
 ```

package/dist/zkgroup/backups/BackupAuthCredential.d.ts

@@ -3,6 +3,7 @@ import ByteArray from '../internal/ByteArray';
 import GenericServerPublicParams from '../GenericServerPublicParams';
 import BackupAuthCredentialPresentation from './BackupAuthCredentialPresentation';
 import BackupLevel from './BackupLevel';
+import BackupCredentialType from './BackupCredentialType';
 export default class BackupAuthCredential extends ByteArray {
     private readonly __type?;
     constructor(contents: Buffer);
@@ -10,4 +11,5 @@ export default class BackupAuthCredential extends ByteArray {
     presentWithRandom(serverParams: GenericServerPublicParams, random: Buffer): BackupAuthCredentialPresentation;
     getBackupId(): Buffer;
     getBackupLevel(): BackupLevel;
+    getType(): BackupCredentialType;
 }

package/dist/zkgroup/backups/BackupAuthCredential.js

@@ -10,6 +10,7 @@ const ByteArray_1 = require("../internal/ByteArray");
 const Constants_1 = require("../internal/Constants");
 const BackupAuthCredentialPresentation_1 = require("./BackupAuthCredentialPresentation");
 const BackupLevel_1 = require("./BackupLevel");
+const BackupCredentialType_1 = require("./BackupCredentialType");
 class BackupAuthCredential extends ByteArray_1.default {
     constructor(contents) {
         super(contents, Native.BackupAuthCredential_CheckValidContents);
@@ -31,6 +32,13 @@ class BackupAuthCredential extends ByteArray_1.default {
         }
         return n;
     }
+    getType() {
+        const n = Native.BackupAuthCredential_GetType(this.contents);
+        if (!(n in BackupCredentialType_1.default)) {
+            throw new TypeError(`Invalid BackupCredentialType ${n}`);
+        }
+        return n;
+    }
 }
 exports.default = BackupAuthCredential;
 //# sourceMappingURL=BackupAuthCredential.js.map

package/dist/zkgroup/backups/BackupAuthCredentialPresentation.d.ts

@@ -2,10 +2,12 @@
 import ByteArray from '../internal/ByteArray';
 import GenericServerSecretParams from '../GenericServerSecretParams';
 import BackupLevel from './BackupLevel';
+import BackupCredentialType from './BackupCredentialType';
 export default class BackupAuthCredentialPresentation extends ByteArray {
     private readonly __type?;
     constructor(contents: Buffer);
     verify(serverParams: GenericServerSecretParams, now?: Date): void;
     getBackupId(): Buffer;
     getBackupLevel(): BackupLevel;
+    getType(): BackupCredentialType;
 }

package/dist/zkgroup/backups/BackupAuthCredentialPresentation.js

@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const ByteArray_1 = require("../internal/ByteArray");
 const Native = require("../../../Native");
 const BackupLevel_1 = require("./BackupLevel");
+const BackupCredentialType_1 = require("./BackupCredentialType");
 class BackupAuthCredentialPresentation extends ByteArray_1.default {
     constructor(contents) {
         super(contents, Native.BackupAuthCredentialPresentation_CheckValidContents);
@@ -24,6 +25,13 @@ class BackupAuthCredentialPresentation extends ByteArray_1.default {
         }
         return n;
     }
+    getType() {
+        const n = Native.BackupAuthCredentialPresentation_GetType(this.contents);
+        if (!(n in BackupCredentialType_1.default)) {
+            throw new TypeError(`Invalid BackupCredentialType ${n}`);
+        }
+        return n;
+    }
 }
 exports.default = BackupAuthCredentialPresentation;
 //# sourceMappingURL=BackupAuthCredentialPresentation.js.map

package/dist/zkgroup/backups/BackupAuthCredentialRequest.d.ts

@@ -3,9 +3,10 @@ import ByteArray from '../internal/ByteArray';
 import GenericServerSecretParams from '../GenericServerSecretParams';
 import BackupAuthCredentialResponse from './BackupAuthCredentialResponse';
 import BackupLevel from './BackupLevel';
+import BackupCredentialType from './BackupCredentialType';
 export default class BackupAuthCredentialRequest extends ByteArray {
     private readonly __type?;
     constructor(contents: Buffer);
-    issueCredential(timestamp: number, backupLevel: BackupLevel, params: GenericServerSecretParams): BackupAuthCredentialResponse;
-    issueCredentialWithRandom(timestamp: number, backupLevel: BackupLevel, params: GenericServerSecretParams, random: Buffer): BackupAuthCredentialResponse;
+    issueCredential(timestamp: number, backupLevel: BackupLevel, type: BackupCredentialType, params: GenericServerSecretParams): BackupAuthCredentialResponse;
+    issueCredentialWithRandom(timestamp: number, backupLevel: BackupLevel, type: BackupCredentialType, params: GenericServerSecretParams, random: Buffer): BackupAuthCredentialResponse;
 }

package/dist/zkgroup/backups/BackupAuthCredentialRequest.js

@@ -13,12 +13,12 @@ class BackupAuthCredentialRequest extends ByteArray_1.default {
     constructor(contents) {
         super(contents, Native.BackupAuthCredentialRequest_CheckValidContents);
     }
-    issueCredential(timestamp, backupLevel, params) {
+    issueCredential(timestamp, backupLevel, type, params) {
         const random = (0, crypto_1.randomBytes)(Constants_1.RANDOM_LENGTH);
-        return this.issueCredentialWithRandom(timestamp, backupLevel, params, random);
+        return this.issueCredentialWithRandom(timestamp, backupLevel, type, params, random);
     }
-    issueCredentialWithRandom(timestamp, backupLevel, params, random) {
-        return new BackupAuthCredentialResponse_1.default(Native.BackupAuthCredentialRequest_IssueDeterministic(this.contents, timestamp, backupLevel, params.contents, random));
+    issueCredentialWithRandom(timestamp, backupLevel, type, params, random) {
+        return new BackupAuthCredentialResponse_1.default(Native.BackupAuthCredentialRequest_IssueDeterministic(this.contents, timestamp, backupLevel, type, params.contents, random));
     }
 }
 exports.default = BackupAuthCredentialRequest;

package/dist/zkgroup/backups/BackupCredentialType.d.ts

@@ -0,0 +1,5 @@
+declare enum BackupCredentialType {
+    Messages = 1,
+    Media = 2
+}
+export default BackupCredentialType;

package/dist/zkgroup/backups/BackupCredentialType.js

@@ -0,0 +1,14 @@
+"use strict";
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+// This must match the Rust version of the enum.
+var BackupCredentialType;
+(function (BackupCredentialType) {
+    BackupCredentialType[BackupCredentialType["Messages"] = 1] = "Messages";
+    BackupCredentialType[BackupCredentialType["Media"] = 2] = "Media";
+})(BackupCredentialType || (BackupCredentialType = {}));
+exports.default = BackupCredentialType;
+//# sourceMappingURL=BackupCredentialType.js.map

package/dist/zkgroup/backups/BackupLevel.d.ts

@@ -1,5 +1,5 @@
 declare enum BackupLevel {
-    Messages = 200,
-    Media = 201
+    Free = 200,
+    Paid = 201
 }
 export default BackupLevel;

package/dist/zkgroup/backups/BackupLevel.js

@@ -7,8 +7,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 // This must match the Rust version of the enum.
 var BackupLevel;
 (function (BackupLevel) {
-    BackupLevel[BackupLevel["Messages"] = 200] = "Messages";
-    BackupLevel[BackupLevel["Media"] = 201] = "Media";
+    BackupLevel[BackupLevel["Free"] = 200] = "Free";
+    BackupLevel[BackupLevel["Paid"] = 201] = "Paid";
 })(BackupLevel || (BackupLevel = {}));
 exports.default = BackupLevel;
 //# sourceMappingURL=BackupLevel.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.59.0",
+  "version": "0.60.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",