@signalapp/libsignal-client 0.79.0 → 0.80.0

package/Native.d.ts

@@ -516,7 +516,7 @@ export function SenderCertificate_GetSerialized(obj: Wrapper<SenderCertificate>)
 export function SenderCertificate_GetServerCertificate(cert: Wrapper<SenderCertificate>): ServerCertificate;
 export function SenderCertificate_GetSignature(obj: Wrapper<SenderCertificate>): Uint8Array;
 export function SenderCertificate_New(senderUuid: string, senderE164: string | null, senderDeviceId: number, senderKey: Wrapper<PublicKey>, expiration: Timestamp, signerCert: Wrapper<ServerCertificate>, signerKey: Wrapper<PrivateKey>): SenderCertificate;
-export function SenderCertificate_Validate(cert: Wrapper<SenderCertificate>, key: Wrapper<PublicKey>, time: Timestamp): boolean;
+export function SenderCertificate_Validate(cert: Wrapper<SenderCertificate>, trustRoots: Wrapper<PublicKey>[], time: Timestamp): boolean;
 export function SenderKeyDistributionMessage_Create(sender: Wrapper<ProtocolAddress>, distributionId: Uuid, store: SenderKeyStore): Promise<SenderKeyDistributionMessage>;
 export function SenderKeyDistributionMessage_Deserialize(data: Uint8Array): SenderKeyDistributionMessage;
 export function SenderKeyDistributionMessage_GetChainId(obj: Wrapper<SenderKeyDistributionMessage>): number;
@@ -700,6 +700,7 @@ export function UnauthenticatedChatConnection_connect(asyncRuntime: Wrapper<Toki
 export function UnauthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>): CancellablePromise<void>;
 export function UnauthenticatedChatConnection_info(chat: Wrapper<UnauthenticatedChatConnection>): ChatConnectionInfo;
 export function UnauthenticatedChatConnection_init_listener(chat: Wrapper<UnauthenticatedChatConnection>, listener: ChatListener): void;
+export function UnauthenticatedChatConnection_look_up_username_hash(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>, hash: Uint8Array): CancellablePromise<Uuid | null>;
 export function UnauthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function UnidentifiedSenderMessageContent_Deserialize(data: Uint8Array): UnidentifiedSenderMessageContent;
 export function UnidentifiedSenderMessageContent_GetContentHint(m: Wrapper<UnidentifiedSenderMessageContent>): number;

package/dist/Errors.d.ts

@@ -45,7 +45,8 @@ export declare enum ErrorCode {
     BackupValidation = 41,
     Cancelled = 42,
     KeyTransparencyError = 43,
-    KeyTransparencyVerificationFailed = 44
+    KeyTransparencyVerificationFailed = 44,
+    IncrementalMacVerificationFailed = 45
 }
 export declare class LibSignalErrorBase extends Error {
     readonly code: ErrorCode;
@@ -207,4 +208,7 @@ export type KeyTransparencyError = LibSignalErrorCommon & {
 export type KeyTransparencyVerificationFailed = LibSignalErrorCommon & {
     code: ErrorCode.KeyTransparencyVerificationFailed;
 };
-export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | SvrAttestationError | SvrInvalidDataError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed;
+export type IncrementalMacVerificationFailed = LibSignalErrorCommon & {
+    code: ErrorCode.IncrementalMacVerificationFailed;
+};
+export type LibSignalError = GenericError | DuplicatedMessageError | SealedSenderSelfSendError | UntrustedIdentityError | InvalidRegistrationIdError | InvalidProtocolAddress | VerificationFailedError | InvalidSessionError | InvalidSenderKeySessionError | NicknameCannotBeEmptyError | CannotStartWithDigitError | MissingSeparatorError | BadNicknameCharacterError | NicknameTooShortError | NicknameTooLongError | DiscriminatorCannotBeEmptyError | DiscriminatorCannotBeZeroError | DiscriminatorCannotBeSingleDigitError | DiscriminatorCannotHaveLeadingZerosError | BadDiscriminatorCharacterError | DiscriminatorTooLargeError | InputDataTooLong | InvalidEntropyDataLength | InvalidUsernameLinkEncryptedData | IoError | CdsiInvalidTokenError | InvalidUriError | InvalidMediaInputError | SvrDataMissingError | SvrRestoreFailedError | SvrRequestFailedError | SvrAttestationError | SvrInvalidDataError | UnsupportedMediaInputError | ChatServiceInactive | AppExpiredError | DeviceDelinkedError | ConnectionInvalidatedError | ConnectedElsewhereError | RateLimitedError | RateLimitChallengeError | BackupValidationError | CancellationError | KeyTransparencyError | KeyTransparencyVerificationFailed | IncrementalMacVerificationFailed;

package/dist/Errors.js

@@ -53,6 +53,7 @@ var ErrorCode;
     ErrorCode[ErrorCode["Cancelled"] = 42] = "Cancelled";
     ErrorCode[ErrorCode["KeyTransparencyError"] = 43] = "KeyTransparencyError";
     ErrorCode[ErrorCode["KeyTransparencyVerificationFailed"] = 44] = "KeyTransparencyVerificationFailed";
+    ErrorCode[ErrorCode["IncrementalMacVerificationFailed"] = 45] = "IncrementalMacVerificationFailed";
 })(ErrorCode || (exports.ErrorCode = ErrorCode = {}));
 class LibSignalErrorBase extends Error {
     constructor(message, name, operation, extraProps) {

package/dist/acknowledgments.md

@@ -2591,7 +2591,7 @@ limitations under the License.
 
 ```
 
-## boring 4.15.0
+## boring 4.18.0
 
 ```
 Copyright 2011-2017 Google Inc.
@@ -2613,7 +2613,7 @@ limitations under the License.
 
 ```
 
-## bindgen 0.70.1
+## bindgen 0.72.0
 
 ```
 BSD 3-Clause License
@@ -2883,7 +2883,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ```
 
-## boring-sys 4.15.0
+## boring-sys 4.18.0
 
 ```
 /* Copyright (c) 2015, Google Inc.
@@ -3192,7 +3192,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## boring-sys 4.15.0
+## boring-sys 4.18.0
 
 ```
 Copyright (c) 2014 Alex Crichton
@@ -3488,7 +3488,7 @@ THE SOFTWARE.
 
 ```
 
-## either 1.15.0, itertools 0.13.0, itertools 0.14.0, petgraph 0.7.1, serde_with 3.12.0, serde_with_macros 3.12.0
+## either 1.15.0, itertools 0.10.5, itertools 0.14.0, petgraph 0.7.1, serde_with 3.12.0, serde_with_macros 3.12.0
 
 ```
 Copyright (c) 2015
@@ -3732,7 +3732,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## boring-sys 4.15.0
+## boring-sys 4.18.0
 
 ```
 Copyright (c) 2015-2016 the fiat-crypto authors (see
@@ -4095,7 +4095,7 @@ SOFTWARE.
 
 ```
 
-## tokio-boring 4.15.0
+## tokio-boring 4.18.0
 
 ```
 Copyright (c) 2016 Tokio contributors
@@ -6481,7 +6481,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 ```
 
-## snow 0.9.6
+## snow 0.10.0
 
 ```
 MIT License
@@ -6699,7 +6699,35 @@ SOFTWARE.
 
 ```
 
-## curve25519-dalek-derive 0.1.1, adler2 2.0.0, anyhow 1.0.97, async-trait 0.1.88, atomic-waker 1.1.2, auto_enums 0.8.7, derive_utils 0.15.0, displaydoc 0.2.5, dyn-clone 1.0.19, fastrand 2.3.0, home 0.5.9, itoa 1.0.15, linkme-impl 0.3.33, linkme 0.3.33, linux-raw-sys 0.4.15, linux-raw-sys 0.9.3, minimal-lexical 0.2.1, num_enum 0.7.3, num_enum_derive 0.7.3, once_cell 1.21.3, paste 1.0.15, pin-project-internal 1.1.10, pin-project-lite 0.2.16, pin-project 1.1.10, prettyplease 0.2.32, proc-macro-crate 3.3.0, proc-macro2 1.0.94, quote 1.0.40, rustc-hash 1.1.0, rustix 0.38.44, rustix 1.0.5, rustversion 1.0.20, semver 1.0.26, send_wrapper 0.6.0, serde 1.0.219, serde_derive 1.0.219, serde_json 1.0.140, syn-mid 0.6.0, syn 2.0.100, thiserror-impl 1.0.69, thiserror-impl 2.0.12, thiserror 1.0.69, thiserror 2.0.12, unicode-ident 1.0.18, utf-8 0.7.6
+## rustc-hash 2.1.1
+
+```
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+```
+
+## curve25519-dalek-derive 0.1.1, adler2 2.0.0, anyhow 1.0.97, async-trait 0.1.88, atomic-waker 1.1.2, auto_enums 0.8.7, derive_utils 0.15.0, displaydoc 0.2.5, dyn-clone 1.0.19, fastrand 2.3.0, home 0.5.9, itoa 1.0.15, linkme-impl 0.3.33, linkme 0.3.33, linux-raw-sys 0.4.15, linux-raw-sys 0.9.3, minimal-lexical 0.2.1, num_enum 0.7.3, num_enum_derive 0.7.3, once_cell 1.21.3, paste 1.0.15, pin-project-internal 1.1.10, pin-project-lite 0.2.16, pin-project 1.1.10, prettyplease 0.2.32, proc-macro-crate 3.3.0, proc-macro2 1.0.94, quote 1.0.40, rustix 0.38.44, rustix 1.0.5, rustversion 1.0.20, semver 1.0.26, send_wrapper 0.6.0, serde 1.0.219, serde_derive 1.0.219, serde_json 1.0.140, syn-mid 0.6.0, syn 2.0.100, thiserror-impl 1.0.69, thiserror-impl 2.0.12, thiserror 1.0.69, thiserror 2.0.12, unicode-ident 1.0.18, utf-8 0.7.6
 
 ```
 Permission is hereby granted, free of charge, to any
@@ -7628,7 +7656,7 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice
 
 ```
 
-## boring-sys 4.15.0
+## boring-sys 4.18.0
 
 ```
 /* ====================================================================

package/dist/incremental_mac.js

@@ -182,6 +182,6 @@ function chunkSizeInBytes(sizeChoice) {
 }
 exports.chunkSizeInBytes = chunkSizeInBytes;
 function makeVerificationError(message) {
-    return new Errors_1.LibSignalErrorBase(message, 'VerificationFailed', 'incremental_mac');
+    return new Errors_1.LibSignalErrorBase(message, 'IncrementalMacVerificationFailed', 'incremental_mac');
 }
 //# sourceMappingURL=incremental_mac.js.map

package/dist/index.d.ts

@@ -225,7 +225,21 @@ export declare class SenderCertificate {
     senderDeviceId(): number;
     serverCertificate(): ServerCertificate;
     signature(): Uint8Array;
+    /**
+     * Validates `this` against the given trust root at the given current time.
+     *
+     * @see validateWithTrustRoots
+     */
     validate(trustRoot: PublicKey, time: number): boolean;
+    /**
+     * Validates `this` against the given trust roots at the given current time.
+     *
+     * Checks the certificate against each key in `trustRoots` in constant time (that is, no result
+     * is produced until every key is checked), making sure **one** of them has signed its embedded
+     * server certificate. The `time` parameter is compared numerically against ``expiration``, and
+     * is not required to use any specific units, but Signal uses milliseconds since 1970.
+     */
+    validateWithTrustRoots(trustRoots: PublicKey[], time: number): boolean;
 }
 export declare class SenderKeyDistributionMessage {
     readonly _nativeHandle: Native.SenderKeyDistributionMessage;

package/dist/index.js

@@ -505,8 +505,29 @@ class SenderCertificate {
     signature() {
         return Native.SenderCertificate_GetSignature(this);
     }
+    /**
+     * Validates `this` against the given trust root at the given current time.
+     *
+     * @see validateWithTrustRoots
+     */
     validate(trustRoot, time) {
-        return Native.SenderCertificate_Validate(this, trustRoot, time);
+        return Native.SenderCertificate_Validate(this, [trustRoot], time);
+    }
+    /**
+     * Validates `this` against the given trust roots at the given current time.
+     *
+     * Checks the certificate against each key in `trustRoots` in constant time (that is, no result
+     * is produced until every key is checked), making sure **one** of them has signed its embedded
+     * server certificate. The `time` parameter is compared numerically against ``expiration``, and
+     * is not required to use any specific units, but Signal uses milliseconds since 1970.
+     */
+    validateWithTrustRoots(trustRoots, time) {
+        try {
+            return Native.SenderCertificate_Validate(this, trustRoots, time);
+        }
+        catch (_error) {
+            return false;
+        }
     }
 }
 exports.SenderCertificate = SenderCertificate;

package/dist/net/Chat.d.ts

@@ -10,6 +10,9 @@ export type ChatRequest = Readonly<{
     body?: Uint8Array;
     timeoutMillis?: number;
 }>;
+export type RequestOptions = {
+    abortSignal?: AbortSignal;
+};
 type ConnectionManager = Native.Wrapper<Native.ConnectionManager>;
 export declare class ChatServerMessageAck {
     readonly _nativeHandle: Native.ServerMessageAck;
@@ -65,9 +68,7 @@ export type ChatConnection = {
     /**
      * Sends request to the Chat service.
      */
-    fetch(chatRequest: ChatRequest, options?: {
-        abortSignal?: AbortSignal;
-    }): Promise<Native.ChatResponse>;
+    fetch(chatRequest: ChatRequest, options?: RequestOptions): Promise<Native.ChatResponse>;
     /**
      * Information about the connection to the Chat service.
      */
@@ -79,8 +80,8 @@ export interface ConnectionInfo {
     toString: () => string;
 }
 export declare class UnauthenticatedChatConnection implements ChatConnection {
-    private readonly asyncContext;
-    private readonly chatService;
+    readonly _asyncContext: TokioAsyncContext;
+    readonly _chatService: Wrapper<Native.UnauthenticatedChatConnection>;
     private readonly chatListener;
     private readonly env?;
     static connect(asyncContext: TokioAsyncContext, connectionManager: ConnectionManager, listener: ConnectionEventsListener, env?: Environment, options?: {
@@ -97,9 +98,7 @@ export declare class UnauthenticatedChatConnection implements ChatConnection {
      */
     static fakeConnect(asyncContext: TokioAsyncContext, listener: ChatServiceListener): [UnauthenticatedChatConnection, Wrapper<Native.FakeChatRemoteEnd>];
     private constructor();
-    fetch(chatRequest: ChatRequest, options?: {
-        abortSignal?: AbortSignal;
-    }): Promise<Native.ChatResponse>;
+    fetch(chatRequest: ChatRequest, options?: RequestOptions): Promise<Native.ChatResponse>;
     disconnect(): Promise<void>;
     connectionInfo(): ConnectionInfo;
     keyTransparencyClient(): KT.Client;

package/dist/net/Chat.js

@@ -66,29 +66,31 @@ class UnauthenticatedChatConnection {
             (0, internal_1.newNativeHandle)(Native.TESTING_FakeChatConnection_TakeRemote(fakeChat)),
         ];
     }
-    constructor(asyncContext, chatService, 
+    constructor(
+    // Not true-private so that they can be accessed by the "Service" interfaces in chat/.
+    _asyncContext, _chatService, 
     // Unused except to keep the listener alive since the Rust code only holds a
     // weak reference to the same object.
     chatListener, env) {
-        this.asyncContext = asyncContext;
-        this.chatService = chatService;
+        this._asyncContext = _asyncContext;
+        this._chatService = _chatService;
         this.chatListener = chatListener;
         this.env = env;
     }
     fetch(chatRequest, options) {
-        return this.asyncContext.makeCancellable(options?.abortSignal, Native.UnauthenticatedChatConnection_send(this.asyncContext, this.chatService, buildHttpRequest(chatRequest), chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS));
+        return this._asyncContext.makeCancellable(options?.abortSignal, Native.UnauthenticatedChatConnection_send(this._asyncContext, this._chatService, buildHttpRequest(chatRequest), chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS));
     }
     disconnect() {
-        return Native.UnauthenticatedChatConnection_disconnect(this.asyncContext, this.chatService);
+        return Native.UnauthenticatedChatConnection_disconnect(this._asyncContext, this._chatService);
     }
     connectionInfo() {
-        return new ConnectionInfoImpl(Native.UnauthenticatedChatConnection_info(this.chatService));
+        return new ConnectionInfoImpl(Native.UnauthenticatedChatConnection_info(this._chatService));
     }
     keyTransparencyClient() {
         if (this.env == null) {
             throw new Error('KeyTransparency is not supported on local test server');
         }
-        return new KT.ClientImpl(this.asyncContext, this.chatService, this.env);
+        return new KT.ClientImpl(this._asyncContext, this._chatService, this.env);
     }
 }
 exports.UnauthenticatedChatConnection = UnauthenticatedChatConnection;

package/dist/net/chat/UnauthUsernamesService.d.ts

@@ -0,0 +1,20 @@
+import { Aci } from '../../Address';
+import { RequestOptions } from '../Chat';
+declare module '../Chat' {
+    interface UnauthenticatedChatConnection extends UnauthUsernamesService {
+    }
+}
+export interface UnauthUsernamesService {
+    /**
+     * Looks up a username hash on the service, like that computed by {@link usernames.hash}.
+     *
+     * Returns the corresponding account's ACI, or `null` if the username doesn't correspond to an
+     * account.
+     *
+     * Throws / completes with failure only if the request can't be completed, potentially including
+     * if the hash is structurally invalid.
+     */
+    lookUpUsernameHash(request: {
+        hash: Uint8Array;
+    }, options?: RequestOptions): Promise<Aci | null>;
+}

package/dist/net/chat/UnauthUsernamesService.js

@@ -0,0 +1,14 @@
+"use strict";
+//
+// Copyright 2025 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+Object.defineProperty(exports, "__esModule", { value: true });
+const Native = require("../../../Native");
+const Address_1 = require("../../Address");
+const Chat_1 = require("../Chat");
+Chat_1.UnauthenticatedChatConnection.prototype.lookUpUsernameHash = async function ({ hash, }, options) {
+    const response = await this._asyncContext.makeCancellable(options?.abortSignal, Native.UnauthenticatedChatConnection_look_up_username_hash(this._asyncContext, this._chatService, Buffer.from(hash)));
+    return response ? Address_1.Aci.fromUuidBytes(response) : null;
+};
+//# sourceMappingURL=UnauthUsernamesService.js.map

package/dist/net.d.ts

@@ -6,6 +6,7 @@ import { RegistrationService } from './net/Registration';
 import { SvrB } from './net/SvrB';
 export * from './net/CDSI';
 export * from './net/Chat';
+export * from './net/chat/UnauthUsernamesService';
 export * from './net/Registration';
 export * from './net/SvrB';
 export declare enum Environment {

package/dist/net.js

@@ -27,6 +27,7 @@ const SvrB_1 = require("./net/SvrB");
 const internal_1 = require("./internal");
 __exportStar(require("./net/CDSI"), exports);
 __exportStar(require("./net/Chat"), exports);
+__exportStar(require("./net/chat/UnauthUsernamesService"), exports);
 __exportStar(require("./net/Registration"), exports);
 __exportStar(require("./net/SvrB"), exports);
 // This must match the libsignal-bridge Rust enum of the same name.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.79.0",
+  "version": "0.80.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",