@signalapp/libsignal-client 0.78.2 → 0.78.3

package/Native.d.ts

@@ -282,8 +282,6 @@ export function CreateCallLinkCredentialRequest_IssueDeterministic(requestBytes:
 export function CreateCallLinkCredentialResponse_CheckValidContents(responseBytes: Uint8Array): void;
 export function CreateCallLinkCredential_CheckValidContents(paramsBytes: Uint8Array): void;
 export function CreateCallLinkCredential_PresentDeterministic(credentialBytes: Uint8Array, roomId: Uint8Array, userId: Uint8Array, serverParamsBytes: Uint8Array, callLinkParamsBytes: Uint8Array, randomness: Uint8Array): Uint8Array;
-export function CreateOTP(username: string, secret: Uint8Array): string;
-export function CreateOTPFromBase64(username: string, secret: string): string;
 export function DecryptionErrorMessage_Deserialize(data: Uint8Array): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ExtractFromSerializedContent(bytes: Uint8Array): DecryptionErrorMessage;
 export function DecryptionErrorMessage_ForOriginalMessage(originalBytes: Uint8Array, originalType: number, originalTimestamp: Timestamp, originalSenderDeviceId: number): DecryptionErrorMessage;
@@ -353,7 +351,7 @@ export function IncrementalMac_Update(mac: Wrapper<IncrementalMac>, bytes: Uint8
 export function KeyTransparency_AciSearchKey(aci: Uint8Array): Uint8Array;
 export function KeyTransparency_Distinguished(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, lastDistinguishedTreeHead: Uint8Array | null): CancellablePromise<Uint8Array>;
 export function KeyTransparency_E164SearchKey(e164: string): Uint8Array;
-export function KeyTransparency_Monitor(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array): CancellablePromise<Uint8Array>;
+export function KeyTransparency_Monitor(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array, isSelfMonitor: boolean): CancellablePromise<Uint8Array>;
 export function KeyTransparency_Search(asyncRuntime: Wrapper<TokioAsyncContext>, environment: number, chatConnection: Wrapper<UnauthenticatedChatConnection>, aci: Uint8Array, aciIdentityKey: Wrapper<PublicKey>, e164: string | null, unidentifiedAccessKey: Uint8Array | null, usernameHash: Uint8Array | null, accountData: Uint8Array | null, lastDistinguishedTreeHead: Uint8Array): CancellablePromise<Uint8Array>;
 export function KeyTransparency_UsernameHashSearchKey(hash: Uint8Array): Uint8Array;
 export function KyberKeyPair_Generate(): KyberKeyPair;
@@ -504,6 +502,7 @@ export function SealedSender_Encrypt(destination: Wrapper<ProtocolAddress>, cont
 export function SealedSender_MultiRecipientEncrypt(recipients: Wrapper<ProtocolAddress>[], recipientSessions: Wrapper<SessionRecord>[], excludedRecipients: Uint8Array, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientMessageForSingleRecipient(encodedMultiRecipientMessage: Uint8Array): Uint8Array;
 export function SecureValueRecoveryForBackups_CreateNewBackupChain(environment: number, backupKey: Uint8Array): Uint8Array;
+export function SecureValueRecoveryForBackups_RemoveBackup(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<void>;
 export function SecureValueRecoveryForBackups_RestoreBackupFromServer(asyncRuntime: Wrapper<TokioAsyncContext>, backupKey: Uint8Array, metadata: Uint8Array, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<BackupRestoreResponse>;
 export function SecureValueRecoveryForBackups_StoreBackup(asyncRuntime: Wrapper<TokioAsyncContext>, backupKey: Uint8Array, previousSecretData: Uint8Array, connectionManager: Wrapper<ConnectionManager>, username: string, password: string): CancellablePromise<BackupStoreResponse>;
 export function SenderCertificate_Deserialize(data: Uint8Array): SenderCertificate;
@@ -619,6 +618,8 @@ export function TESTING_ChatSendErrorConvert(errorDescription: string): void;
 export function TESTING_ConnectionManager_isUsingProxy(manager: Wrapper<ConnectionManager>): number;
 export function TESTING_ConnectionManager_newLocalOverride(userAgent: string, chatPort: number, cdsiPort: number, svr2Port: number, svrBPort: number, rootCertificateDer: Uint8Array): ConnectionManager;
 export function TESTING_ConvertOptionalUuid(present: boolean): Uuid | null;
+export function TESTING_CreateOTP(username: string, secret: Uint8Array): string;
+export function TESTING_CreateOTPFromBase64(username: string, secret: string): string;
 export function TESTING_ErrorOnBorrowAsync(_input: null): Promise<void>;
 export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
 export function TESTING_ErrorOnBorrowSync(_input: null): void;
@@ -686,6 +687,8 @@ export function TESTING_RoundTripU8(input: number): number;
 export function TESTING_ServerMessageAck_Create(): ServerMessageAck;
 export function TESTING_SignedPublicPreKey_CheckBridgesCorrectly(sourcePublicKey: Wrapper<PublicKey>, signedPreKey: SignedPublicPreKey): void;
 export function TESTING_TestingHandleType_getValue(handle: Wrapper<TestingHandleType>): number;
+export function TESTING_TokioAsyncContext_FutureSuccessBytes(asyncRuntime: Wrapper<TokioAsyncContext>, count: number): CancellablePromise<Uint8Array>;
+export function TESTING_TokioAsyncContext_NewSingleThreaded(): TokioAsyncContext;
 export function TESTING_TokioAsyncFuture(asyncRuntime: Wrapper<TokioAsyncContext>, input: number): CancellablePromise<number>;
 export function TestingSemaphore_AddPermits(semaphore: Wrapper<TestingSemaphore>, permits: number): void;
 export function TestingSemaphore_New(initial: number): TestingSemaphore;

package/dist/net/KeyTransparency.d.ts

@@ -41,12 +41,30 @@ export type E164Info = {
  *
  */
 export type Request = {
-    /** ACI and ACI Identity Key for the account. Required. */
+    /** ACI information for the request. Required. */
     aciInfo: AciInfo;
     /** Unidentified access key associated with the account. Optional. */
     e164Info?: E164Info;
     usernameHash?: Readonly<Uint8Array>;
 };
+/**
+ *  Mode of the monitor operation.
+ *
+ *  If the newer version of account data is found in the key transparency
+ *  log, self-monitor will terminate with an error, but monitor for other
+ *  account will fall back to a full search and update the locally stored
+ *  data.
+ */
+export declare enum MonitorMode {
+    Self = 0,
+    Other = 1
+}
+/**
+ * An extension of the {@link Request} for the monitor operation.
+ */
+export type MonitorRequest = Request & {
+    mode: MonitorMode;
+};
 /**
  * Typed API to access the key transparency subsystem using an existing
  * unauthenticated chat connection.
@@ -104,7 +122,7 @@ export interface Client {
      * verify the data in key transparency server response, such as an incorrect proof or a
      * wrong signature.
      * @throws {ChatServiceInactive} if the chat connection has been closed.
-     * @throws {IoError} if an error occurred while commuicating with the
+     * @throws {IoError} if an error occurred while communicating with the
      * server.
      * */
     search(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
@@ -131,12 +149,14 @@ export interface Client {
      * different result.
      * @throws {KeyTransparencyVerificationFailed} when it fails to
      * verify the data in key transparency server response, such as an incorrect proof or a
-     * wrong signature.
+     * wrong signature. This is also the error thrown when new version
+     * of account data is found in the key transparency log when
+     * self-monitoring. See {@link MonitorMode}.
      * @throws {ChatServiceInactive} if the chat connection has been closed.
-     * @throws {IoError} if an error occurred while commuicating with the
+     * @throws {IoError} if an error occurred while communicating with the
      * server.
      */
-    monitor(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
+    monitor(request: MonitorRequest, store: Store, options?: Readonly<Options>): Promise<void>;
 }
 export declare class ClientImpl implements Client {
     private readonly asyncContext;
@@ -144,7 +164,7 @@ export declare class ClientImpl implements Client {
     private readonly env;
     constructor(asyncContext: TokioAsyncContext, chatService: Native.Wrapper<Native.UnauthenticatedChatConnection>, env: Environment);
     search(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
-    monitor(request: Request, store: Store, options?: Readonly<Options>): Promise<void>;
+    monitor(request: MonitorRequest, store: Store, options?: Readonly<Options>): Promise<void>;
     private updateDistinguished;
     private getLatestDistinguished;
 }

package/dist/net/KeyTransparency.js

@@ -4,8 +4,21 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ClientImpl = void 0;
+exports.ClientImpl = exports.MonitorMode = void 0;
 const Native = require("../../Native");
+/**
+ *  Mode of the monitor operation.
+ *
+ *  If the newer version of account data is found in the key transparency
+ *  log, self-monitor will terminate with an error, but monitor for other
+ *  account will fall back to a full search and update the locally stored
+ *  data.
+ */
+var MonitorMode;
+(function (MonitorMode) {
+    MonitorMode[MonitorMode["Self"] = 0] = "Self";
+    MonitorMode[MonitorMode["Other"] = 1] = "Other";
+})(MonitorMode || (exports.MonitorMode = MonitorMode = {}));
 class ClientImpl {
     constructor(asyncContext, chatService, env) {
         this.asyncContext = asyncContext;
@@ -26,12 +39,12 @@ class ClientImpl {
     async monitor(request, store, options) {
         const distinguished = await this.getLatestDistinguished(store, options ?? {});
         const { abortSignal } = options ?? {};
-        const { aciInfo: { aci, identityKey: aciIdentityKey }, e164Info, usernameHash, } = request;
+        const { aciInfo: { aci, identityKey: aciIdentityKey }, e164Info, usernameHash, mode, } = request;
         const { e164, unidentifiedAccessKey } = e164Info ?? {
             e164: null,
             unidentifiedAccessKey: null,
         };
-        const accountData = await this.asyncContext.makeCancellable(abortSignal, Native.KeyTransparency_Monitor(this.asyncContext, this.env, this.chatService, aci.getServiceIdFixedWidthBinary(), aciIdentityKey, e164, unidentifiedAccessKey, usernameHash ?? null, await store.getAccountData(aci), distinguished));
+        const accountData = await this.asyncContext.makeCancellable(abortSignal, Native.KeyTransparency_Monitor(this.asyncContext, this.env, this.chatService, aci.getServiceIdFixedWidthBinary(), aciIdentityKey, e164, unidentifiedAccessKey, usernameHash ?? null, await store.getAccountData(aci), distinguished, mode === MonitorMode.Self));
         await store.setAccountData(aci, accountData);
     }
     async updateDistinguished(store, { abortSignal }) {

package/dist/net/SvrB.d.ts

@@ -167,7 +167,8 @@ export declare class SvrB {
      * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
      * after waiting the designated delay.
      * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
-     * These are **retryable**, but some may indicate a possible bug in libsignal or in the enclave.
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
      * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
      * libsignal or in the enclave.
      */
@@ -203,12 +204,37 @@ export declare class SvrB {
      * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
      * after waiting the designated delay.
      * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
-     * These are **retryable**, but some may indicate a possible bug in libsignal or in the enclave.
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
      * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
      * libsignal or in the enclave.
      */
     restore(backupKey: BackupKey, metadata: Uint8Array, options?: {
         abortSignal?: AbortSignal;
     }): Promise<RestoreBackupResponse>;
+    /**
+     * Attempts to remove the info stored with SVR-B for this particular username/password pair.
+     *
+     * This is a best-effort operation; a successful return means the data has been removed from (or
+     * never was present in) the current SVR-B enclaves, but may still be present in previous ones
+     * that have yet to be decommissioned. Conversely, a thrown error may still have removed
+     * information from previous enclaves.
+     *
+     * This should not typically be needed; rather than explicitly removing an entry, the client
+     * should generally overwrite with a new {@link #store} instead.
+     *
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
+     */
+    remove(options?: {
+        abortSignal?: AbortSignal;
+    }): Promise<void>;
 }
 export {};

package/dist/net/SvrB.js

@@ -138,7 +138,8 @@ class SvrB {
      * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
      * after waiting the designated delay.
      * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
-     * These are **retryable**, but some may indicate a possible bug in libsignal or in the enclave.
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
      * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
      * libsignal or in the enclave.
      */
@@ -176,7 +177,8 @@ class SvrB {
      * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
      * after waiting the designated delay.
      * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
-     * These are **retryable**, but some may indicate a possible bug in libsignal or in the enclave.
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
      * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
      * libsignal or in the enclave.
      */
@@ -185,6 +187,31 @@ class SvrB {
         const response = await this.asyncContext.makeCancellable(options?.abortSignal, promise);
         return new RestoreBackupResponseImpl(response);
     }
+    /**
+     * Attempts to remove the info stored with SVR-B for this particular username/password pair.
+     *
+     * This is a best-effort operation; a successful return means the data has been removed from (or
+     * never was present in) the current SVR-B enclaves, but may still be present in previous ones
+     * that have yet to be decommissioned. Conversely, a thrown error may still have removed
+     * information from previous enclaves.
+     *
+     * This should not typically be needed; rather than explicitly removing an entry, the client
+     * should generally overwrite with a new {@link #store} instead.
+     *
+     * @param options Optional configuration.
+     * @param options.abortSignal An AbortSignal that will cancel the request.
+     * @throws {RateLimitedError} if the server is rate limiting this client. This is **retryable**
+     * after waiting the designated delay.
+     * @throws {IoError} if the network operation fails (connection, service, or timeout errors).
+     * These can be **automatically retried** (backoff recommended), but some may indicate a possible
+     * bug in libsignal or in the enclave.
+     * @throws {SvrAttestationError} if enclave attestation fails. This indicates a possible bug in
+     * libsignal or in the enclave.
+     */
+    async remove(options) {
+        const promise = Native.SecureValueRecoveryForBackups_RemoveBackup(this.asyncContext, this.connectionManager, this.auth.username, this.auth.password);
+        await this.asyncContext.makeCancellable(options?.abortSignal, promise);
+    }
 }
 exports.SvrB = SvrB;
 //# sourceMappingURL=SvrB.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.78.2",
+  "version": "0.78.3",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",