@signalapp/libsignal-client 0.78.1 → 0.78.3

package/Native.d.ts

@@ -282,8 +282,6 @@ export function CreateCallLinkCredentialRequest_IssueDeterministic(requestBytes:
 export function CreateCallLinkCredentialResponse_CheckValidContents(responseBytes: Uint8Array): void;
 export function CreateCallLinkCredential_CheckValidContents(paramsBytes: Uint8Array): void;
 export function CreateCallLinkCredential_PresentDeterministic(credentialBytes: Uint8Array, roomId: Uint8Array, userId: Uint8Array, serverParamsBytes: Uint8Array, callLinkParamsBytes: Uint8Array, randomness: Uint8Array): Uint8Array;
-export function CreateOTP(username: string, secret: Uint8Array): string;
-export function CreateOTPFromBase64(username: string, secret: string): string;
 export function DecryptionErrorMessage_Deserialize(data: Uint8Array): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ExtractFromSerializedContent(bytes: Uint8Array): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ForOriginalMessage(originalBytes: Uint8Array, originalType: number, originalTimestamp: Timestamp, originalSenderDeviceId: number): DecryptionErrorMessage;
@@ -353,7 +351,7 @@ export function IncrementalMac_Update(mac: Wrapper<IncrementalMac>, bytes: Uint8
 export function KeyTransparency_AciSearchKey(aci: Uint8Array): Uint8Array;
 export function KeyTransparency_Distinguished(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, lastDistinguishedTreeHead: Uint8Array | null): CancellablePromise<Uint8Array>;
 export function KeyTransparency_E164SearchKey(e164: string): Uint8Array;
-export function KeyTransparency_Monitor(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array): CancellablePromise<Uint8Array>;
+export function KeyTransparency_Monitor(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array, isSelfMonitor: boolean): CancellablePromise<Uint8Array>;
 export function KeyTransparency_Search(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array): CancellablePromise<Uint8Array>;
 export function KeyTransparency_UsernameHashSearchKey(hash: Uint8Array): Uint8Array;
 export function KyberKeyPair_Generate(): KyberKeyPair;
@@ -504,6 +502,7 @@ export function SealedSender_Encrypt(destination: Wrapper<ProtocolAddress>, cont
 export function SealedSender_MultiRecipientEncrypt(recipients: Wrapper<ProtocolAddress>[], recipientSessions: Wrapper<SessionRecord>[], excludedRecipients: Uint8Array, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientMessageForSingleRecipient(encodedMultiRecipientMessage: Uint8Array): Uint8Array;
 export function SecureValueRecoveryForBackups_CreateNewBackupChain(environment: number, backupKey: Uint8Array): Uint8Array;
+export function SecureValueRecoveryForBackups_RemoveBackup(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<void>;
 export function SecureValueRecoveryForBackups_RestoreBackupFromServer(asyncRuntime: Wrapper<TokioAsyncContext>, backupKey: Uint8Array, metadata: Uint8Array, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<BackupRestoreResponse>;
 export function SecureValueRecoveryForBackups_StoreBackup(asyncRuntime: Wrapper<TokioAsyncContext>, backupKey: Uint8Array, previousSecretData: Uint8Array, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<BackupStoreResponse>;
 export function SenderCertificate_Deserialize(data: Uint8Array): SenderCertificate;
@@ -619,6 +618,8 @@ export function TESTING_ChatSendErrorConvert(errorDescription: string): void;
 export function TESTING_ConnectionManager_isUsingProxy(manager: Wrapper<ConnectionManager>): number;
 export function TESTING_ConnectionManager_newLocalOverride(userAgent: string, chatPort: number, cdsiPort: number, svr2Port: number, svrBPort: number, rootCertificateDer: Uint8Array): ConnectionManager;
 export function TESTING_ConvertOptionalUuid(present: boolean): Uuid | null;
+export function TESTING_CreateOTP(username: string, secret: Uint8Array): string;
+export function TESTING_CreateOTPFromBase64(username: string, secret: string): string;
 export function TESTING_ErrorOnBorrowAsync(_input: null): Promise<void>;
 export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
 export function TESTING_ErrorOnBorrowSync(_input: null): void;
@@ -686,6 +687,8 @@ export function TESTING_RoundTripU8(input: number): number;
 export function TESTING_ServerMessageAck_Create(): ServerMessageAck;
 export function TESTING_SignedPublicPreKey_CheckBridgesCorrectly(sourcePublicKey: Wrapper<PublicKey>, signedPreKey: SignedPublicPreKey): void;
 export function TESTING_TestingHandleType_getValue(handle: Wrapper<TestingHandleType>): number;
+export function TESTING_TokioAsyncContext_FutureSuccessBytes(asyncRuntime: Wrapper<TokioAsyncContext>, count: number): CancellablePromise<Uint8Array>;
+export function TESTING_TokioAsyncContext_NewSingleThreaded(): TokioAsyncContext;
 export function TESTING_TokioAsyncFuture(asyncRuntime: Wrapper<TokioAsyncContext>, input: number): CancellablePromise<number>;
 export function TestingSemaphore_AddPermits(semaphore: Wrapper<TestingSemaphore>, permits: number): void;
 export function TestingSemaphore_New(initial: number): TestingSemaphore;

package/dist/Errors.d.ts

@@ -35,8 +35,8 @@ export declare enum ErrorCode {
     SvrDataMissing = 31,
     SvrRequestFailed = 32,
     SvrRestoreFailed = 33,
-    SvrMultipleErrors = 34,
-    SvrAttestationError = 35,
+    SvrAttestationError = 34,
+    SvrInvalidData = 35,
     ChatServiceInactive = 36,
     AppExpired = 37,
     DeviceDelinked = 38,
@@ -188,12 +188,12 @@ export type SvrRestoreFailedError = LibSignalErrorCommon & {
     code: ErrorCode.SvrRestoreFailed;
     readonly triesRemaining: number;
 };
-export type SvrMultipleErrorsError = LibSignalErrorCommon & {
-    code: ErrorCode.SvrMultipleErrors;
-};
 export type SvrAttestationError = LibSignalErrorCommon & {
     code: ErrorCode.SvrAttestationError;
 };
+export type SvrInvalidDataError = LibSignalErrorCommon & {
+    code: ErrorCode.SvrInvalidData;
+};
 export type BackupValidationError = LibSignalErrorCommon & {
     code: ErrorCode.BackupValidation;
     readonly unknownFields: ReadonlyArray<string>;
@@ -207,4 +207,4 @@ export type KeyTransparencyError = LibSignalErrorCommon & {
 export type KeyTransparencyVerificationFailed = LibSignalErrorCommon & {
     code: ErrorCode.KeyTransparencyVerificationFailed;
 };
-export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | SvrMultipleErrorsError | SvrAttestationError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed;
+export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | SvrAttestationError | SvrInvalidDataError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed;

package/dist/Errors.js

@@ -42,8 +42,8 @@ var ErrorCode;
     ErrorCode[ErrorCode["SvrDataMissing"] = 31] = "SvrDataMissing";
     ErrorCode[ErrorCode["SvrRequestFailed"] = 32] = "SvrRequestFailed";
     ErrorCode[ErrorCode["SvrRestoreFailed"] = 33] = "SvrRestoreFailed";
-    ErrorCode[ErrorCode["SvrMultipleErrors"] = 34] = "SvrMultipleErrors";
-    ErrorCode[ErrorCode["SvrAttestationError"] = 35] = "SvrAttestationError";
+    ErrorCode[ErrorCode["SvrAttestationError"] = 34] = "SvrAttestationError";
+    ErrorCode[ErrorCode["SvrInvalidData"] = 35] = "SvrInvalidData";
     ErrorCode[ErrorCode["ChatServiceInactive"] = 36] = "ChatServiceInactive";
     ErrorCode[ErrorCode["AppExpired"] = 37] = "AppExpired";
     ErrorCode[ErrorCode["DeviceDelinked"] = 38] = "DeviceDelinked";

package/dist/net/KeyTransparency.d.ts

@@ -41,12 +41,30 @@ export type E164Info = {
  *
  */
 export type Request = {
-    /** ACI and ACI Identity Key for the account. Required. */
+    /** ACI information for the request. Required. */
     aciInfo: AciInfo;
     /** Unidentified access key associated with the account. Optional. */
     e164Info?: E164Info;
     usernameHash?: Readonly<Uint8Array>;
 };
+/**
+ *  Mode of the monitor operation.
+ *
+ *  If the newer version of account data is found in the key transparency
+ *  log, self-monitor will terminate with an error, but monitor for other
+ *  account will fall back to a full search and update the locally stored
+ *  data.
+ */
+export declare enum MonitorMode {
+    Self = 0,
+    Other = 1
+}
+/**
+ * An extension of the {@link Request} for the monitor operation.
+ */
+export type MonitorRequest = Request & {
+    mode: MonitorMode;
+};
 /**
  * Typed API to access the key transparency subsystem using an existing
  * unauthenticated chat connection.
@@ -104,7 +122,7 @@ export interface Client {
      * verify the data in key transparency server response, such as an incorrect proof or a
      * wrong signature.
      * @throws {ChatServiceInactive} if the chat connection has been closed.
-     * @throws {IoError} if an error occurred while commuicating with the
+     * @throws {IoError} if an error occurred while communicating with the
      * server.
      * */
     search(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
@@ -131,12 +149,14 @@ export interface Client {
      * different result.
      * @throws {KeyTransparencyVerificationFailed} when it fails to
      * verify the data in key transparency server response, such as an incorrect proof or a
-     * wrong signature.
+     * wrong signature. This is also the error thrown when new version
+     * of account data is found in the key transparency log when
+     * self-monitoring. See {@link MonitorMode}.
      * @throws {ChatServiceInactive} if the chat connection has been closed.
-     * @throws {IoError} if an error occurred while commuicating with the
+     * @throws {IoError} if an error occurred while communicating with the
      * server.
      */
-    monitor(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
+    monitor(request: MonitorRequest, store: Store, options?: Readonly<Options>): Promise<void>;
 }
 export declare class ClientImpl implements Client {
     private readonly asyncContext;
@@ -144,7 +164,7 @@ export declare class ClientImpl implements Client {
     private readonly env;
     constructor(asyncContext: TokioAsyncContext, chatService: Native.Wrapper<Native.UnauthenticatedChatConnection>, env: Environment);
     search(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
-    monitor(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
+    monitor(request: MonitorRequest, store: Store, options?: Readonly<Options>): Promise<void>;
     private updateDistinguished;
     private getLatestDistinguished;
 }

package/dist/net/KeyTransparency.js

@@ -4,8 +4,21 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ClientImpl = void 0;
+exports.ClientImpl = exports.MonitorMode = void 0;
 const Native = require("../../Native");
+/**
+ *  Mode of the monitor operation.
+ *
+ *  If the newer version of account data is found in the key transparency
+ *  log, self-monitor will terminate with an error, but monitor for other
+ *  account will fall back to a full search and update the locally stored
+ *  data.
+ */
+var MonitorMode;
+(function (MonitorMode) {
+    MonitorMode[MonitorMode["Self"] = 0] = "Self";
+    MonitorMode[MonitorMode["Other"] = 1] = "Other";
+})(MonitorMode || (exports.MonitorMode = MonitorMode = {}));
 class ClientImpl {
     constructor(asyncContext, chatService, env) {
         this.asyncContext = asyncContext;
@@ -26,12 +39,12 @@ class ClientImpl {
     async monitor(request, store, options) {
         const distinguished = await this.getLatestDistinguished(store, options ?? {});
         const { abortSignal } = options ?? {};
-        const { aciInfo: { aci, identityKey: aciIdentityKey }, e164Info, usernameHash, } = request;
+        const { aciInfo: { aci, identityKey: aciIdentityKey }, e164Info, usernameHash, mode, } = request;
         const { e164, unidentifiedAccessKey } = e164Info ?? {
             e164: null,
             unidentifiedAccessKey: null,
         };
-        const accountData = await this.asyncContext.makeCancellable(abortSignal, Native.KeyTransparency_Monitor(this.asyncContext, this.env, this.chatService, aci.getServiceIdFixedWidthBinary(), aciIdentityKey, e164, unidentifiedAccessKey, usernameHash ?? null, await store.getAccountData(aci), distinguished));
+        const accountData = await this.asyncContext.makeCancellable(abortSignal, Native.KeyTransparency_Monitor(this.asyncContext, this.env, this.chatService, aci.getServiceIdFixedWidthBinary(), aciIdentityKey, e164, unidentifiedAccessKey, usernameHash ?? null, await store.getAccountData(aci), distinguished, mode === MonitorMode.Self));
         await store.setAccountData(aci, accountData);
     }
     async updateDistinguished(store, { abortSignal }) {

package/dist/net/SvrB.d.ts

@@ -96,10 +96,13 @@ export type RestoreBackupResponse = {
  * ## Secret handling
  *
  * When calling {@link SvrB#store}, the `previousSecretData` parameter must be from the last call to
- * {@link SvrB#store} or {@link SvrB#restore} that succeeded. The returned secret from a successful
- * store or restore should be persisted until it is overwritten by the value from a subsequent
- * successful call. The caller should use {@link SvrB#createNewBackupChain} only for the very first
- * backup with a particular backup key.
+ * {@link SvrB#store} or {@link SvrB#restore} that succeeded. This "chaining" is used to construct
+ * each backup file so that it can be decrypted with either the *previous* token stored in SVR-B, or
+ * the *next* one, which is important in case the overall backup upload is ever interrupted.
+ *
+ * The returned secret from a successful store or restore should be persisted until it is
+ * overwritten by the value from a subsequent successful call. The caller should use
+ * {@link SvrB#createNewBackupChain} only for the very first backup with a particular backup key.
  *
  * ## Restore Flow
  *
@@ -159,7 +162,15 @@ export declare class SvrB {
      * @param options.abortSignal An AbortSignal that will cancel the request.
      * @returns a {@link StoreBackupResponse} containing the forward secrecy token, metadata, and
      * secret data.
-     * @throws Error if the previous secret data is malformed, or if processing or upload fail.
+     * @throws {SvrInvalidDataError} if the previous secret data is malformed. There's no choice here
+     * but to **start a new chain**.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
      */
     store(backupKey: BackupKey, previousSecretData: Uint8Array, options?: {
         abortSignal?: AbortSignal;
@@ -168,8 +179,8 @@ export declare class SvrB {
      * Fetches the forward secrecy token needed to decrypt a backup.
      *
      * This function makes a network call to the SVR-B server to retrieve the forward secrecy token
-     * associated with a specific backup. The token is required to derive the message backup keys
-     * for decryption.
+     * associated with a specific backup. The token is required to derive the message backup keys for
+     * decryption.
      *
      * The typical restore flow:
      * 1. Fetch the backup metadata (stored in a header in the backup file)
@@ -179,15 +190,51 @@ export declare class SvrB {
      * 5. Store the returned {@link RestoreBackupResponse#nextBackupSecretData} locally.
      *
      * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
-     * @param metadata The metadata that was stored in a header in the backup file during backup creation.
+     * @param metadata The metadata that was stored in a header in the backup file during backup
+     * creation.
      * @param options Optional configuration.
      * @param options.abortSignal An AbortSignal that will cancel the request.
      * @returns The forward secrecy token needed to derive keys for decrypting the backup.
-     * @throws Error if the metadata is invalid, the network operation fails, or the
-     *   backup cannot be found.
+     * @throws {SvrInvalidDataError} if the previous secret data is malformed. In this case the user's
+     * data is **not recoverable**.
+     * @throws {SvrRestoreFailedError} if restoration fails (with remaining tries count). This should
+     * never happen but if it does the user's data is **not recoverable**.
+     * @throws {SvrDataMissingError} if the backup data is not found on the server, indicating an
+     * **incorrect backup key** (which may in turn imply the user's data is not recoverable).
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
      */
     restore(backupKey: BackupKey, metadata: Uint8Array, options?: {
         abortSignal?: AbortSignal;
     }): Promise<RestoreBackupResponse>;
+    /**
+     * Attempts to remove the info stored with SVR-B for this particular username/password pair.
+     *
+     * This is a best-effort operation; a successful return means the data has been removed from (or
+     * never was present in) the current SVR-B enclaves, but may still be present in previous ones
+     * that have yet to be decommissioned. Conversely, a thrown error may still have removed
+     * information from previous enclaves.
+     *
+     * This should not typically be needed; rather than explicitly removing an entry, the client
+     * should generally overwrite with a new {@link #store} instead.
+     *
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
+     */
+    remove(options?: {
+        abortSignal?: AbortSignal;
+    }): Promise<void>;
 }
 export {};

package/dist/net/SvrB.js

@@ -67,10 +67,13 @@ class RestoreBackupResponseImpl {
  * ## Secret handling
  *
  * When calling {@link SvrB#store}, the `previousSecretData` parameter must be from the last call to
- * {@link SvrB#store} or {@link SvrB#restore} that succeeded. The returned secret from a successful
- * store or restore should be persisted until it is overwritten by the value from a subsequent
- * successful call. The caller should use {@link SvrB#createNewBackupChain} only for the very first
- * backup with a particular backup key.
+ * {@link SvrB#store} or {@link SvrB#restore} that succeeded. This "chaining" is used to construct
+ * each backup file so that it can be decrypted with either the *previous* token stored in SVR-B, or
+ * the *next* one, which is important in case the overall backup upload is ever interrupted.
+ *
+ * The returned secret from a successful store or restore should be persisted until it is
+ * overwritten by the value from a subsequent successful call. The caller should use
+ * {@link SvrB#createNewBackupChain} only for the very first backup with a particular backup key.
  *
  * ## Restore Flow
  *
@@ -130,7 +133,15 @@ class SvrB {
      * @param options.abortSignal An AbortSignal that will cancel the request.
      * @returns a {@link StoreBackupResponse} containing the forward secrecy token, metadata, and
      * secret data.
-     * @throws Error if the previous secret data is malformed, or if processing or upload fail.
+     * @throws {SvrInvalidDataError} if the previous secret data is malformed. There's no choice here
+     * but to **start a new chain**.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
      */
     async store(backupKey, previousSecretData, options) {
         const promise = Native.SecureValueRecoveryForBackups_StoreBackup(this.asyncContext, backupKey.serialize(), previousSecretData, this.connectionManager, this.auth.username, this.auth.password);
@@ -141,8 +152,8 @@ class SvrB {
      * Fetches the forward secrecy token needed to decrypt a backup.
      *
      * This function makes a network call to the SVR-B server to retrieve the forward secrecy token
-     * associated with a specific backup. The token is required to derive the message backup keys
-     * for decryption.
+     * associated with a specific backup. The token is required to derive the message backup keys for
+     * decryption.
      *
      * The typical restore flow:
      * 1. Fetch the backup metadata (stored in a header in the backup file)
@@ -152,18 +163,55 @@ class SvrB {
      * 5. Store the returned {@link RestoreBackupResponse#nextBackupSecretData} locally.
      *
      * @param backupKey The backup key derived from the Account Entropy Pool (AEP).
-     * @param metadata The metadata that was stored in a header in the backup file during backup creation.
+     * @param metadata The metadata that was stored in a header in the backup file during backup
+     * creation.
      * @param options Optional configuration.
      * @param options.abortSignal An AbortSignal that will cancel the request.
      * @returns The forward secrecy token needed to derive keys for decrypting the backup.
-     * @throws Error if the metadata is invalid, the network operation fails, or the
-     *   backup cannot be found.
+     * @throws {SvrInvalidDataError} if the previous secret data is malformed. In this case the user's
+     * data is **not recoverable**.
+     * @throws {SvrRestoreFailedError} if restoration fails (with remaining tries count). This should
+     * never happen but if it does the user's data is **not recoverable**.
+     * @throws {SvrDataMissingError} if the backup data is not found on the server, indicating an
+     * **incorrect backup key** (which may in turn imply the user's data is not recoverable).
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
      */
     async restore(backupKey, metadata, options) {
         const promise = Native.SecureValueRecoveryForBackups_RestoreBackupFromServer(this.asyncContext, backupKey.serialize(), metadata, this.connectionManager, this.auth.username, this.auth.password);
         const response = await this.asyncContext.makeCancellable(options?.abortSignal, promise);
         return new RestoreBackupResponseImpl(response);
     }
+    /**
+     * Attempts to remove the info stored with SVR-B for this particular username/password pair.
+     *
+     * This is a best-effort operation; a successful return means the data has been removed from (or
+     * never was present in) the current SVR-B enclaves, but may still be present in previous ones
+     * that have yet to be decommissioned. Conversely, a thrown error may still have removed
+     * information from previous enclaves.
+     *
+     * This should not typically be needed; rather than explicitly removing an entry, the client
+     * should generally overwrite with a new {@link #store} instead.
+     *
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
+     */
+    async remove(options) {
+        const promise = Native.SecureValueRecoveryForBackups_RemoveBackup(this.asyncContext, this.connectionManager, this.auth.username, this.auth.password);
+        await this.asyncContext.makeCancellable(options?.abortSignal, promise);
+    }
 }
 exports.SvrB = SvrB;
 //# sourceMappingURL=SvrB.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.78.1",
+  "version": "0.78.3",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",