@signalapp/libsignal-client 0.76.6 → 0.77.0

package/Native.d.ts

@@ -228,6 +228,9 @@ export function BackupKey_DeriveLocalBackupMetadataKey(backupKey: Uint8Array): U
 export function BackupKey_DeriveMediaEncryptionKey(backupKey: Uint8Array, mediaId: Uint8Array): Uint8Array;
 export function BackupKey_DeriveMediaId(backupKey: Uint8Array, mediaName: string): Uint8Array;
 export function BackupKey_DeriveThumbnailTransitEncryptionKey(backupKey: Uint8Array, mediaId: Uint8Array): Uint8Array;
+export function BackupResponse_GetForwardSecrecyToken(response: Wrapper<BackupResponse>): Uint8Array;
+export function BackupResponse_GetNextBackupSecretData(response: Wrapper<BackupResponse>): Uint8Array;
+export function BackupResponse_GetOpaqueMetadata(response: Wrapper<BackupResponse>): Uint8Array;
 export function BridgedStringMap_insert(map: Wrapper<BridgedStringMap>, key: string, value: string): void;
 export function BridgedStringMap_new(initialCapacity: number): BridgedStringMap;
 export function CallLinkAuthCredentialPresentation_CheckValidContents(presentationBytes: Uint8Array): void;
@@ -373,8 +376,8 @@ export function LookupRequest_addE164(request: Wrapper<LookupRequest>, e164: str
 export function LookupRequest_addPreviousE164(request: Wrapper<LookupRequest>, e164: string): void;
 export function LookupRequest_new(): LookupRequest;
 export function LookupRequest_setToken(request: Wrapper<LookupRequest>, token: Uint8Array): void;
-export function MessageBackupKey_FromAccountEntropyPool(accountEntropy: AccountEntropyPool, aci: Uint8Array): MessageBackupKey;
-export function MessageBackupKey_FromBackupKeyAndBackupId(backupKey: Uint8Array, backupId: Uint8Array): MessageBackupKey;
+export function MessageBackupKey_FromAccountEntropyPool(accountEntropy: AccountEntropyPool, aci: Uint8Array, forwardSecrecyToken: Uint8Array | null): MessageBackupKey;
+export function MessageBackupKey_FromBackupKeyAndBackupId(backupKey: Uint8Array, backupId: Uint8Array, forwardSecrecyToken: Uint8Array | null): MessageBackupKey;
 export function MessageBackupKey_GetAesKey(key: Wrapper<MessageBackupKey>): Uint8Array;
 export function MessageBackupKey_GetHmacKey(key: Wrapper<MessageBackupKey>): Uint8Array;
 export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: bigint, purpose: number): Promise<MessageBackupValidationOutcome>;
@@ -498,6 +501,9 @@ export function SealedSender_DecryptToUsmc(ctext: Uint8Array, identityStore: Ide
 export function SealedSender_Encrypt(destination: Wrapper<ProtocolAddress>, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientEncrypt(recipients: Wrapper<ProtocolAddress>[], recipientSessions: Wrapper<SessionRecord>[], excludedRecipients: Uint8Array, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientMessageForSingleRecipient(encodedMultiRecipientMessage: Uint8Array): Uint8Array;
+export function SecureValueRecoveryForBackups_CreateStoreArgs(backupKey: Uint8Array, previousSecretData: Uint8Array, environment: number): StoreArgs;
+export function SecureValueRecoveryForBackups_RestoreBackupFromServer(asyncRuntime: Wrapper<TokioAsyncContext>, backupKey: Uint8Array, metadata: Uint8Array, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<Uint8Array>;
+export function SecureValueRecoveryForBackups_StoreBackup(asyncRuntime: Wrapper<TokioAsyncContext>, store: Wrapper<StoreArgs>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<BackupResponse>;
 export function SenderCertificate_Deserialize(data: Uint8Array): SenderCertificate;
 export function SenderCertificate_GetCertificate(obj: Wrapper<SenderCertificate>): Uint8Array;
 export function SenderCertificate_GetDeviceId(obj: Wrapper<SenderCertificate>): number;
@@ -609,7 +615,7 @@ export function TESTING_ChatRequestGetPath(request: Wrapper<HttpRequest>): strin
 export function TESTING_ChatResponseConvert(bodyPresent: boolean): ChatResponse;
 export function TESTING_ChatSendErrorConvert(errorDescription: string): void;
 export function TESTING_ConnectionManager_isUsingProxy(manager: Wrapper<ConnectionManager>): number;
-export function TESTING_ConnectionManager_newLocalOverride(userAgent: string, chatPort: number, cdsiPort: number, svr2Port: number, rootCertificateDer: Uint8Array): ConnectionManager;
+export function TESTING_ConnectionManager_newLocalOverride(userAgent: string, chatPort: number, cdsiPort: number, svr2Port: number, svrBPort: number, rootCertificateDer: Uint8Array): ConnectionManager;
 export function TESTING_ConvertOptionalUuid(present: boolean): Uuid | null;
 export function TESTING_ErrorOnBorrowAsync(_input: null): Promise<void>;
 export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
@@ -714,6 +720,7 @@ export function initLogger(maxLevel: LogLevel, callback: (level: LogLevel, targe
 export function test_only_fn_returns_123(): number;
 interface Aes256GcmSiv { readonly __type: unique symbol; }
 interface AuthenticatedChatConnection { readonly __type: unique symbol; }
+interface BackupResponse { readonly __type: unique symbol; }
 interface BridgedStringMap { readonly __type: unique symbol; }
 interface CdsiLookup { readonly __type: unique symbol; }
 interface ChatConnectionInfo { readonly __type: unique symbol; }
@@ -782,6 +789,7 @@ interface SessionRecord { readonly __type: unique symbol; }
 interface SgxClientState { readonly __type: unique symbol; }
 interface SignalMessage { readonly __type: unique symbol; }
 interface SignedPreKeyRecord { readonly __type: unique symbol; }
+interface StoreArgs { readonly __type: unique symbol; }
 interface TestingFutureCancellationCounter { readonly __type: unique symbol; }
 interface TestingHandleType { readonly __type: unique symbol; }
 interface TestingSemaphore { readonly __type: unique symbol; }

package/dist/AccountKeys.d.ts

@@ -99,3 +99,14 @@ export declare class BackupKey extends ByteArray {
      */
     deriveThumbnailTransitEncryptionKey(mediaId: Uint8Array): Uint8Array;
 }
+/**
+ * A forward secrecy token used for deriving message backup keys.
+ *
+ * This token is retrieved from the server when restoring a backup and is used together
+ * with the backup key to derive the actual encryption keys for message backups.
+ */
+export declare class BackupForwardSecrecyToken extends ByteArray {
+    private readonly __type?;
+    static SIZE: number;
+    constructor(contents: Uint8Array);
+}

package/dist/AccountKeys.js

@@ -4,7 +4,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BackupKey = exports.AccountEntropyPool = void 0;
+exports.BackupForwardSecrecyToken = exports.BackupKey = exports.AccountEntropyPool = void 0;
 /**
  * Cryptographic hashing, randomness generation, etc. related to SVR/Backup Keys.
  *
@@ -140,4 +140,17 @@ class BackupKey extends ByteArray_1.default {
 }
 exports.BackupKey = BackupKey;
 BackupKey.SIZE = 32;
+/**
+ * A forward secrecy token used for deriving message backup keys.
+ *
+ * This token is retrieved from the server when restoring a backup and is used together
+ * with the backup key to derive the actual encryption keys for message backups.
+ */
+class BackupForwardSecrecyToken extends ByteArray_1.default {
+    constructor(contents) {
+        super(contents, BackupForwardSecrecyToken.checkLength(BackupForwardSecrecyToken.SIZE));
+    }
+}
+exports.BackupForwardSecrecyToken = BackupForwardSecrecyToken;
+BackupForwardSecrecyToken.SIZE = 32;
 //# sourceMappingURL=AccountKeys.js.map

package/dist/Errors.d.ts

@@ -35,15 +35,17 @@ export declare enum ErrorCode {
     SvrDataMissing = 31,
     SvrRequestFailed = 32,
     SvrRestoreFailed = 33,
-    ChatServiceInactive = 34,
-    AppExpired = 35,
-    DeviceDelinked = 36,
-    ConnectionInvalidated = 37,
-    ConnectedElsewhere = 38,
-    BackupValidation = 39,
-    Cancelled = 40,
-    KeyTransparencyError = 41,
-    KeyTransparencyVerificationFailed = 42
+    SvrMultipleErrors = 34,
+    SvrAttestationError = 35,
+    ChatServiceInactive = 36,
+    AppExpired = 37,
+    DeviceDelinked = 38,
+    ConnectionInvalidated = 39,
+    ConnectedElsewhere = 40,
+    BackupValidation = 41,
+    Cancelled = 42,
+    KeyTransparencyError = 43,
+    KeyTransparencyVerificationFailed = 44
 }
 export declare class LibSignalErrorBase extends Error {
     readonly code: ErrorCode;
@@ -186,6 +188,12 @@ export type SvrRestoreFailedError = LibSignalErrorCommon & {
     code: ErrorCode.SvrRestoreFailed;
     readonly triesRemaining: number;
 };
+export type SvrMultipleErrorsError = LibSignalErrorCommon & {
+    code: ErrorCode.SvrMultipleErrors;
+};
+export type SvrAttestationError = LibSignalErrorCommon & {
+    code: ErrorCode.SvrAttestationError;
+};
 export type BackupValidationError = LibSignalErrorCommon & {
     code: ErrorCode.BackupValidation;
     readonly unknownFields: ReadonlyArray<string>;
@@ -199,4 +207,4 @@ export type KeyTransparencyError = LibSignalErrorCommon & {
 export type KeyTransparencyVerificationFailed = LibSignalErrorCommon & {
     code: ErrorCode.KeyTransparencyVerificationFailed;
 };
-export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed;
+export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | SvrMultipleErrorsError | SvrAttestationError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed;

package/dist/Errors.js

@@ -42,15 +42,17 @@ var ErrorCode;
     ErrorCode[ErrorCode["SvrDataMissing"] = 31] = "SvrDataMissing";
     ErrorCode[ErrorCode["SvrRequestFailed"] = 32] = "SvrRequestFailed";
     ErrorCode[ErrorCode["SvrRestoreFailed"] = 33] = "SvrRestoreFailed";
-    ErrorCode[ErrorCode["ChatServiceInactive"] = 34] = "ChatServiceInactive";
-    ErrorCode[ErrorCode["AppExpired"] = 35] = "AppExpired";
-    ErrorCode[ErrorCode["DeviceDelinked"] = 36] = "DeviceDelinked";
-    ErrorCode[ErrorCode["ConnectionInvalidated"] = 37] = "ConnectionInvalidated";
-    ErrorCode[ErrorCode["ConnectedElsewhere"] = 38] = "ConnectedElsewhere";
-    ErrorCode[ErrorCode["BackupValidation"] = 39] = "BackupValidation";
-    ErrorCode[ErrorCode["Cancelled"] = 40] = "Cancelled";
-    ErrorCode[ErrorCode["KeyTransparencyError"] = 41] = "KeyTransparencyError";
-    ErrorCode[ErrorCode["KeyTransparencyVerificationFailed"] = 42] = "KeyTransparencyVerificationFailed";
+    ErrorCode[ErrorCode["SvrMultipleErrors"] = 34] = "SvrMultipleErrors";
+    ErrorCode[ErrorCode["SvrAttestationError"] = 35] = "SvrAttestationError";
+    ErrorCode[ErrorCode["ChatServiceInactive"] = 36] = "ChatServiceInactive";
+    ErrorCode[ErrorCode["AppExpired"] = 37] = "AppExpired";
+    ErrorCode[ErrorCode["DeviceDelinked"] = 38] = "DeviceDelinked";
+    ErrorCode[ErrorCode["ConnectionInvalidated"] = 39] = "ConnectionInvalidated";
+    ErrorCode[ErrorCode["ConnectedElsewhere"] = 40] = "ConnectedElsewhere";
+    ErrorCode[ErrorCode["BackupValidation"] = 41] = "BackupValidation";
+    ErrorCode[ErrorCode["Cancelled"] = 42] = "Cancelled";
+    ErrorCode[ErrorCode["KeyTransparencyError"] = 43] = "KeyTransparencyError";
+    ErrorCode[ErrorCode["KeyTransparencyVerificationFailed"] = 44] = "KeyTransparencyVerificationFailed";
 })(ErrorCode || (exports.ErrorCode = ErrorCode = {}));
 class LibSignalErrorBase extends Error {
     constructor(message, name, operation, extraProps) {

package/dist/MessageBackup.d.ts

@@ -4,7 +4,7 @@
  * @module MessageBackup
  */
 import * as Native from '../Native';
-import { BackupKey } from './AccountKeys';
+import { BackupForwardSecrecyToken, BackupKey } from './AccountKeys';
 import { Aci } from './Address';
 import { InputStream } from './io';
 export type InputStreamFactory = () => InputStream;
@@ -32,9 +32,11 @@ export declare class ValidationOutcome {
 export type MessageBackupKeyInput = Readonly<{
     accountEntropy: string;
     aci: Aci;
+    forwardSecrecyToken?: BackupForwardSecrecyToken;
 } | {
     backupKey: BackupKey | Uint8Array;
     backupId: Uint8Array;
+    forwardSecrecyToken?: BackupForwardSecrecyToken;
 }>;
 /**
  * Key used to encrypt and decrypt a message backup bundle.
@@ -47,8 +49,7 @@ export declare class MessageBackupKey {
      * Create a backup bundle key from an account entropy pool and ACI.
      *
      * ...or from a backup key and ID, used when reading from a local backup, which may have been
-     * created with a different ACI. This still uses AccountEntropyPool-based key derivation rules; it
-     * cannot be used to read a backup created from a master key.
+     * created with a different ACI.
      *
      * The account entropy pool must be **validated**; passing an arbitrary string here is considered
      * a programmer error. Similarly, passing a backup key or ID of the wrong length is also an error.

package/dist/MessageBackup.js

@@ -41,24 +41,23 @@ class MessageBackupKey {
      * Create a backup bundle key from an account entropy pool and ACI.
      *
      * ...or from a backup key and ID, used when reading from a local backup, which may have been
-     * created with a different ACI. This still uses AccountEntropyPool-based key derivation rules; it
-     * cannot be used to read a backup created from a master key.
+     * created with a different ACI.
      *
      * The account entropy pool must be **validated**; passing an arbitrary string here is considered
      * a programmer error. Similarly, passing a backup key or ID of the wrong length is also an error.
      */
     constructor(input) {
         if ('accountEntropy' in input) {
-            const { accountEntropy, aci } = input;
-            this._nativeHandle = Native.MessageBackupKey_FromAccountEntropyPool(accountEntropy, aci.getServiceIdFixedWidthBinary());
+            const { accountEntropy, aci, forwardSecrecyToken } = input;
+            this._nativeHandle = Native.MessageBackupKey_FromAccountEntropyPool(accountEntropy, aci.getServiceIdFixedWidthBinary(), forwardSecrecyToken?.contents ?? null);
         }
         else {
-            const { backupId } = input;
+            const { backupId, forwardSecrecyToken } = input;
             let { backupKey } = input;
             if (backupKey instanceof AccountKeys_1.BackupKey) {
                 backupKey = backupKey.contents;
             }
-            this._nativeHandle = Native.MessageBackupKey_FromBackupKeyAndBackupId(backupKey, backupId);
+            this._nativeHandle = Native.MessageBackupKey_FromBackupKeyAndBackupId(backupKey, backupId, forwardSecrecyToken?.contents ?? null);
         }
     }
     /** An HMAC key used to sign a backup file. */

package/dist/acknowledgments.md

@@ -2,7 +2,7 @@
 
 libsignal makes use of the following open source projects.
 
-## spqr 0.1.0, partial-default-derive 0.1.0, partial-default 0.1.0
+## spqr 1.2.0, partial-default-derive 0.1.0, partial-default 0.1.0
 
 ```
                     GNU AFFERO GENERAL PUBLIC LICENSE
@@ -2007,7 +2007,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ```
 
-## libcrux-intrinsics 0.0.2, libcrux-intrinsics 0.0.3, libcrux-ml-kem 0.0.2, libcrux-platform 0.0.2, libcrux-sha3 0.0.2, libcrux-sha3 0.0.3
+## libcrux-hacl-rs 0.0.2, libcrux-hkdf 0.0.2, libcrux-hmac 0.0.2, libcrux-intrinsics 0.0.2, libcrux-intrinsics 0.0.3, libcrux-macros 0.0.2, libcrux-ml-kem 0.0.2, libcrux-platform 0.0.2, libcrux-sha2 0.0.2, libcrux-sha3 0.0.2, libcrux-sha3 0.0.3, libcrux-traits 0.0.2
 
 ```
                                  Apache License
@@ -2591,85 +2591,6 @@ limitations under the License.
 
 ```
 
-## libcrux-hacl-rs 0.0.2, libcrux-hkdf 0.0.2, libcrux-hmac 0.0.2, libcrux-macros 0.0.2, libcrux-sha2 0.0.2, libcrux-traits 0.0.2
-
-```
-Apache License
-Version 2.0, January 2004
-http://www.apache.org/licenses/
-
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-1. Definitions.
-
-"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
-
-"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
-
-"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
-
-"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
-
-"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
-
-"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
-
-"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
-
-"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
-
-"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
-
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
-
-2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
-
-3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
-
-4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
-
-     (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
-
-     (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
-
-     (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
-
-     (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
-
-     You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
-
-5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
-
-6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
-
-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
-
-8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
-
-9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
-
-END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work.
-
-To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!)  The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
-
-Copyright [yyyy] [name of copyright owner]
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-```
-
 ## boring 4.15.0
 
 ```

package/dist/net/SvrB.d.ts

@@ -0,0 +1,155 @@
+import * as Native from '../../Native';
+import { TokioAsyncContext, Environment } from '../net';
+import { BackupKey, BackupForwardSecrecyToken } from '../AccountKeys';
+type ConnectionManager = Native.Wrapper<Native.ConnectionManager>;
+/**
+ * The result of preparing a backup to be stored with forward secrecy guarantees.
+ *
+ * This context contains all the necessary components to encrypt and store a backup using a
+ * key derived from both the user's Account Entropy Pool and the SVR-B-protected
+ * Forward Secrecy Token.
+ *
+ * @see {@link BackupForwardSecrecyToken}
+ */
+export type StoreBackupResponse = {
+    /**
+     * The forward secrecy token used to derive MessageBackupKey instances.
+     *
+     * This token provides forward secrecy guarantees by ensuring that compromise of the backup key
+     * alone is insufficient to decrypt backups. Each backup is protected by a value stored on
+     * the SVR-B server that must be retrieved during restoration.
+     */
+    forwardSecrecyToken: BackupForwardSecrecyToken;
+    /**
+     * Opaque metadata that must be stored in the backup file.
+     *
+     * This metadata contains the encrypted forward secrecy token and other information required
+     * to restore the backup. It must be retrievable when restoring the backup, as it's required
+     * to fetch the forward secrecy token from SVR-B. This is currently stored in the header of
+     * the backup file.
+     */
+    metadata: Uint8Array;
+    /**
+     * Opaque value that must be persisted and provided to the next call to {@link SvrB#storeBackup}.
+     *
+     * See the {@link SvrB} documentation for lifecycle and persistence handling
+     * for this value.
+     */
+    nextBackupSecretData: Uint8Array;
+};
+/**
+ * Service for Secure Value Recovery for Backups (SVR-B) operations.
+ *
+ * This service provides forward secrecy for Signal backups using SVR-B. Forward secrecy ensures
+ * that even if the user's Account Entropy Pool or Backup Key is compromised, the attacker can
+ * decrypt a very small number of past backups. This is achieved by storing a token
+ * in a secure enclave inside the SVR-B server, which provably attests that it
+ * only stores a single token at a time for each user.
+ *
+ * ## Overview
+ *
+ * To achieve these properties, a secret token is required to derive the actual encryption
+ * keys for the backup. At backup time, this token must be stored in the SVR-B server, overwriting the
+ * previous token. At restore time, the token must be retrieved from the SVR-B server, and used to
+ * derive the encryption keys for the backup.
+ *
+ * ## Storage Flow
+ *
+ * 1. Create a {@link Net} instance and get the {@link SvrB} service via {@link Net#svrB}
+ * 2. Call {@link SvrB#storeBackup}
+ *    - Pass the secret data from the last **successful** {@link SvrB#storeBackup} call
+ *    - If no previous backup exists or the secret data is unavailable, pass `undefined`
+ * 3. Use the returned forward secrecy token to derive encryption keys
+ * 4. Encrypt and upload the backup data to the user's remote, off-device storage location, including the
+ *    returned {@link StoreBackupResponse#metadata}. The upload **must succeed**
+ *    before proceeding or the previous backup might become unretrievable.
+ * 5. Store the {@link StoreBackupResponse#nextBackupSecretData} locally, overwriting any previously-saved value.
+ *
+ * ## Secret handling
+ *
+ * When calling {@link SvrB#storeBackup}, the `previousSecretData` parameter
+ * must be from the last call to {@link SvrB#storeBackup} that
+ * succeeded. The returned secret from a successful `storeBackup()` call should
+ * be persisted until it is overwritten by the value from a subsequent
+ * successful call. The caller should pass `undefined` as `previousSecretData`
+ * only for the very first backup from a device.
+ *
+ * ## Restore Flow
+ *
+ * 1. Create a {@link Net} instance and get the {@link SvrB} service via {@link Net#svrB}
+ * 2. Fetch the backup metadata from storage
+ * 3. Call {@link SvrB#fetchForwardSecrecyTokenFromServer} to get the forward secrecy token
+ * 4. Use the token to derive decryption keys
+ * 5. Decrypt and restore the backup data
+ *
+ * ## Usage
+ * ```typescript
+ * const net = new Net({ env: Environment.Production, userAgent: 'MyApp' });
+ * const auth = { username: 'myUsername', password: 'myPassword' };
+ * const svrB = net.svrB(auth);
+ *
+ * // Prepare a backup
+ * const stored = await svrB.storeBackup(myKey, previousSecretData);
+ * // ... store backup with stored.forwardSecrecyToken remotely ...
+ * // Securely persist stored.nextBackupSecretData for the next backup
+ * ```
+ *
+ * @see {@link BackupKey}, {@link MessageBackupKey}, {@link BackupForwardSecrecyToken}
+ */
+export declare class SvrB {
+    private readonly asyncContext;
+    private readonly connectionManager;
+    private readonly auth;
+    private readonly environment;
+    constructor(asyncContext: TokioAsyncContext, connectionManager: ConnectionManager, auth: Readonly<{
+        username: string;
+        password: string;
+    }>, environment: Environment);
+    /**
+     * Prepares a backup for storage with forward secrecy guarantees.
+     *
+     * This makes a network call to the SVR-B server to store the forward secrecy token
+     * and returns a {@link StoreBackupResponse}. See its fields' documentation and {@link SvrB}
+     * for how to continue persisting the backup on success.
+     *
+     * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
+     * @param previousSecretData Optional secret data from the most recent previous backup.
+     * **Critical**: This MUST be the {@link StoreBackupResponse#nextBackupSecretData} data
+     * from the last {@link #storeBackup} whose returned {@link StoreBackupResponse#metadata} was
+     * successfully uploaded, and whose `nextBackupSecretData` was persisted.
+     * If `undefined`, starts a new chain and renders any prior backups unretrievable; this should
+     * only be used for the very first backup from a device.
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @returns a {@link StoreBackupResponse} containing the forward secrecy token, metadata, and secret data.
+     * @throws Error if the previous secret data is malformed, or if  processing or upload fail.
+     */
+    storeBackup(backupKey: BackupKey, previousSecretData?: Uint8Array, options?: {
+        abortSignal?: AbortSignal;
+    }): Promise<StoreBackupResponse>;
+    /**
+     * Fetches the forward secrecy token needed to decrypt a backup.
+     *
+     * This function makes a network call to the SVR-B server to retrieve the forward secrecy token
+     * associated with a specific backup. The token is required to derive the message backup keys
+     * for decryption.
+     *
+     * The typical restore flow:
+     * 1. Fetch the backup metadata (stored in a header in the backup file)
+     * 2. Call this function to retrieve the forward secrecy token from SVR-B
+     * 3. Use the token to derive message backup keys
+     * 4. Decrypt and restore the backup data
+     *
+     * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
+     * @param metadata The metadata that was stored in a header in the backup file during backup creation.
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @returns The forward secrecy token needed to derive keys for decrypting the backup.
+     * @throws Error if the metadata is invalid, the network operation fails, or the
+     *   backup cannot be found.
+     */
+    fetchForwardSecrecyTokenFromServer(backupKey: BackupKey, metadata: Uint8Array, options?: {
+        abortSignal?: AbortSignal;
+    }): Promise<BackupForwardSecrecyToken>;
+}
+export {};

package/dist/net/SvrB.js

@@ -0,0 +1,146 @@
+"use strict";
+//
+// Copyright 2025 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SvrB = void 0;
+const Native = require("../../Native");
+const AccountKeys_1 = require("../AccountKeys");
+const internal_1 = require("../internal");
+class StoreBackupResponseImpl {
+    constructor(handle) {
+        this._nativeHandle = handle;
+    }
+    get forwardSecrecyToken() {
+        const tokenBytes = Native.BackupResponse_GetForwardSecrecyToken(this);
+        return new AccountKeys_1.BackupForwardSecrecyToken(tokenBytes);
+    }
+    get metadata() {
+        return Native.BackupResponse_GetOpaqueMetadata(this);
+    }
+    get nextBackupSecretData() {
+        return Native.BackupResponse_GetNextBackupSecretData(this);
+    }
+}
+/**
+ * Service for Secure Value Recovery for Backups (SVR-B) operations.
+ *
+ * This service provides forward secrecy for Signal backups using SVR-B. Forward secrecy ensures
+ * that even if the user's Account Entropy Pool or Backup Key is compromised, the attacker can
+ * decrypt a very small number of past backups. This is achieved by storing a token
+ * in a secure enclave inside the SVR-B server, which provably attests that it
+ * only stores a single token at a time for each user.
+ *
+ * ## Overview
+ *
+ * To achieve these properties, a secret token is required to derive the actual encryption
+ * keys for the backup. At backup time, this token must be stored in the SVR-B server, overwriting the
+ * previous token. At restore time, the token must be retrieved from the SVR-B server, and used to
+ * derive the encryption keys for the backup.
+ *
+ * ## Storage Flow
+ *
+ * 1. Create a {@link Net} instance and get the {@link SvrB} service via {@link Net#svrB}
+ * 2. Call {@link SvrB#storeBackup}
+ *    - Pass the secret data from the last **successful** {@link SvrB#storeBackup} call
+ *    - If no previous backup exists or the secret data is unavailable, pass `undefined`
+ * 3. Use the returned forward secrecy token to derive encryption keys
+ * 4. Encrypt and upload the backup data to the user's remote, off-device storage location, including the
+ *    returned {@link StoreBackupResponse#metadata}. The upload **must succeed**
+ *    before proceeding or the previous backup might become unretrievable.
+ * 5. Store the {@link StoreBackupResponse#nextBackupSecretData} locally, overwriting any previously-saved value.
+ *
+ * ## Secret handling
+ *
+ * When calling {@link SvrB#storeBackup}, the `previousSecretData` parameter
+ * must be from the last call to {@link SvrB#storeBackup} that
+ * succeeded. The returned secret from a successful `storeBackup()` call should
+ * be persisted until it is overwritten by the value from a subsequent
+ * successful call. The caller should pass `undefined` as `previousSecretData`
+ * only for the very first backup from a device.
+ *
+ * ## Restore Flow
+ *
+ * 1. Create a {@link Net} instance and get the {@link SvrB} service via {@link Net#svrB}
+ * 2. Fetch the backup metadata from storage
+ * 3. Call {@link SvrB#fetchForwardSecrecyTokenFromServer} to get the forward secrecy token
+ * 4. Use the token to derive decryption keys
+ * 5. Decrypt and restore the backup data
+ *
+ * ## Usage
+ * ```typescript
+ * const net = new Net({ env: Environment.Production, userAgent: 'MyApp' });
+ * const auth = { username: 'myUsername', password: 'myPassword' };
+ * const svrB = net.svrB(auth);
+ *
+ * // Prepare a backup
+ * const stored = await svrB.storeBackup(myKey, previousSecretData);
+ * // ... store backup with stored.forwardSecrecyToken remotely ...
+ * // Securely persist stored.nextBackupSecretData for the next backup
+ * ```
+ *
+ * @see {@link BackupKey}, {@link MessageBackupKey}, {@link BackupForwardSecrecyToken}
+ */
+class SvrB {
+    constructor(asyncContext, connectionManager, auth, environment) {
+        this.asyncContext = asyncContext;
+        this.connectionManager = connectionManager;
+        this.auth = auth;
+        this.environment = environment;
+    }
+    /**
+     * Prepares a backup for storage with forward secrecy guarantees.
+     *
+     * This makes a network call to the SVR-B server to store the forward secrecy token
+     * and returns a {@link StoreBackupResponse}. See its fields' documentation and {@link SvrB}
+     * for how to continue persisting the backup on success.
+     *
+     * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
+     * @param previousSecretData Optional secret data from the most recent previous backup.
+     * **Critical**: This MUST be the {@link StoreBackupResponse#nextBackupSecretData} data
+     * from the last {@link #storeBackup} whose returned {@link StoreBackupResponse#metadata} was
+     * successfully uploaded, and whose `nextBackupSecretData` was persisted.
+     * If `undefined`, starts a new chain and renders any prior backups unretrievable; this should
+     * only be used for the very first backup from a device.
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @returns a {@link StoreBackupResponse} containing the forward secrecy token, metadata, and secret data.
+     * @throws Error if the previous secret data is malformed, or if  processing or upload fail.
+     */
+    async storeBackup(backupKey, previousSecretData, options) {
+        const secretData = previousSecretData ?? new Uint8Array(0);
+        const handle = (0, internal_1.newNativeHandle)(Native.SecureValueRecoveryForBackups_CreateStoreArgs(backupKey.serialize(), secretData, this.environment));
+        const promise = Native.SecureValueRecoveryForBackups_StoreBackup(this.asyncContext, handle, this.connectionManager, this.auth.username, this.auth.password);
+        const response = await this.asyncContext.makeCancellable(options?.abortSignal, promise);
+        return new StoreBackupResponseImpl(response);
+    }
+    /**
+     * Fetches the forward secrecy token needed to decrypt a backup.
+     *
+     * This function makes a network call to the SVR-B server to retrieve the forward secrecy token
+     * associated with a specific backup. The token is required to derive the message backup keys
+     * for decryption.
+     *
+     * The typical restore flow:
+     * 1. Fetch the backup metadata (stored in a header in the backup file)
+     * 2. Call this function to retrieve the forward secrecy token from SVR-B
+     * 3. Use the token to derive message backup keys
+     * 4. Decrypt and restore the backup data
+     *
+     * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
+     * @param metadata The metadata that was stored in a header in the backup file during backup creation.
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @returns The forward secrecy token needed to derive keys for decrypting the backup.
+     * @throws Error if the metadata is invalid, the network operation fails, or the
+     *   backup cannot be found.
+     */
+    async fetchForwardSecrecyTokenFromServer(backupKey, metadata, options) {
+        const promise = Native.SecureValueRecoveryForBackups_RestoreBackupFromServer(this.asyncContext, backupKey.serialize(), metadata, this.connectionManager, this.auth.username, this.auth.password);
+        const tokenBytes = await this.asyncContext.makeCancellable(options?.abortSignal, promise);
+        return new AccountKeys_1.BackupForwardSecrecyToken(tokenBytes);
+    }
+}
+exports.SvrB = SvrB;
+//# sourceMappingURL=SvrB.js.map

package/dist/net.d.ts

@@ -3,9 +3,11 @@ import * as Native from '../Native';
 import { CDSRequestOptionsType, CDSResponseType } from './net/CDSI';
 import { ConnectionEventsListener, UnauthenticatedChatConnection, AuthenticatedChatConnection, ChatServiceListener } from './net/Chat';
 import { RegistrationService } from './net/Registration';
+import { SvrB } from './net/SvrB';
 export * from './net/CDSI';
 export * from './net/Chat';
 export * from './net/Registration';
+export * from './net/SvrB';
 export declare enum Environment {
     Staging = 0,
     Production = 1
@@ -39,6 +41,7 @@ export type NetConstructorOptions = Readonly<{
     TESTING_localServer_chatPort: number;
     TESTING_localServer_cdsiPort: number;
     TESTING_localServer_svr2Port: number;
+    TESTING_localServer_svrBPort: number;
     TESTING_localServer_rootCertificateDer: Uint8Array;
 }>;
 /** See {@link Net.setProxy()}. */
@@ -214,4 +217,18 @@ export declare class Net {
      */
     onNetworkChange(): void;
     cdsiLookup(auth: Readonly<ServiceAuth>, options: ReadonlyDeep<CDSRequestOptionsType>): Promise<CDSResponseType<string, string>>;
+    /**
+     * Get the SVR-B (Secure Value Recovery for Backups) service for this network instance.
+     *
+     * SVR-B provides forward secrecy for Signal backups, ensuring that even if the user's
+     * Account Entropy Pool or Backup Key is compromised, the attacker cannot
+     * compromise all past backups. This is achieved by storing the forward
+     * secrecy token in a secure enclave inside the SVR-B server, which provably
+     * attests that it only stores a single token at a time for each user.
+     *
+     * @param auth The authentication credentials to use when connecting to the SVR-B server.
+     * @returns An SvrB service instance configured for this network environment
+     * @see {@link SvrB}
+     */
+    svrB(auth: Readonly<ServiceAuth>): SvrB;
 }

package/dist/net.js

@@ -23,10 +23,12 @@ const Native = require("../Native");
 const CDSI_1 = require("./net/CDSI");
 const Chat_1 = require("./net/Chat");
 const Registration_1 = require("./net/Registration");
+const SvrB_1 = require("./net/SvrB");
 const internal_1 = require("./internal");
 __exportStar(require("./net/CDSI"), exports);
 __exportStar(require("./net/Chat"), exports);
 __exportStar(require("./net/Registration"), exports);
+__exportStar(require("./net/SvrB"), exports);
 // This must match the libsignal-bridge Rust enum of the same name.
 var Environment;
 (function (Environment) {
@@ -62,7 +64,7 @@ class Net {
         this.options = options;
         this.asyncContext = new TokioAsyncContext(Native.TokioAsyncContext_new());
         if (options.localTestServer) {
-            this._connectionManager = (0, internal_1.newNativeHandle)(Native.TESTING_ConnectionManager_newLocalOverride(options.userAgent, options.TESTING_localServer_chatPort, options.TESTING_localServer_cdsiPort, options.TESTING_localServer_svr2Port, options.TESTING_localServer_rootCertificateDer));
+            this._connectionManager = (0, internal_1.newNativeHandle)(Native.TESTING_ConnectionManager_newLocalOverride(options.userAgent, options.TESTING_localServer_chatPort, options.TESTING_localServer_cdsiPort, options.TESTING_localServer_svr2Port, options.TESTING_localServer_svrBPort, options.TESTING_localServer_rootCertificateDer));
         }
         else {
             this._connectionManager = (0, internal_1.newNativeHandle)(Native.ConnectionManager_new(options.env, options.userAgent, new internal_1.BridgedStringMap(options.remoteConfig || new Map())));
@@ -282,6 +284,25 @@ class Net {
             connectionManager: this._connectionManager,
         }, auth, options);
     }
+    /**
+     * Get the SVR-B (Secure Value Recovery for Backups) service for this network instance.
+     *
+     * SVR-B provides forward secrecy for Signal backups, ensuring that even if the user's
+     * Account Entropy Pool or Backup Key is compromised, the attacker cannot
+     * compromise all past backups. This is achieved by storing the forward
+     * secrecy token in a secure enclave inside the SVR-B server, which provably
+     * attests that it only stores a single token at a time for each user.
+     *
+     * @param auth The authentication credentials to use when connecting to the SVR-B server.
+     * @returns An SvrB service instance configured for this network environment
+     * @see {@link SvrB}
+     */
+    svrB(auth) {
+        const env = this.options.localTestServer
+            ? Environment.Staging
+            : this.options.env;
+        return new SvrB_1.SvrB(this.asyncContext, this._connectionManager, auth, env);
+    }
 }
 exports.Net = Net;
 //# sourceMappingURL=net.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.76.6",
+  "version": "0.77.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",