@towns-labs/encryption 2.0.1

package/dist/cryptoStore.d.ts

@@ -0,0 +1,34 @@
+import { ExtendedInboundGroupSessionData, GroupSessionRecord, HybridGroupSessionRecord } from './storeTypes';
+import { InboundGroupSessionData } from './encryptionDevice';
+import { UserDevice } from './olmLib';
+export declare const DEFAULT_USER_DEVICE_EXPIRATION_TIME_MS: number;
+export declare function createCryptoStore(databaseName: string, userId: string, maxEntries?: number): CryptoStore;
+export interface CryptoStore {
+    userId: string;
+    initialize(): Promise<void>;
+    deleteAllData(): Promise<void>;
+    deleteInboundGroupSessions(streamId: string, sessionId: string): Promise<void>;
+    deleteOutboundGrounpSessions(streamId: string): Promise<void>;
+    deleteAccount(userId: string): Promise<void>;
+    getAccount(): Promise<string>;
+    storeAccount(accountPickle: string): Promise<void>;
+    storeEndToEndOutboundGroupSession(sessionId: string, sessionData: string, streamId: string): Promise<void>;
+    getEndToEndOutboundGroupSession(streamId: string): Promise<string>;
+    getAllEndToEndOutboundGroupSessions(): Promise<GroupSessionRecord[]>;
+    getEndToEndInboundGroupSession(streamId: string, sessionId: string): Promise<InboundGroupSessionData | undefined>;
+    getHybridGroupSession(streamId: string, sessionId: string): Promise<HybridGroupSessionRecord | undefined>;
+    getHybridGroupSessionsForStream(streamId: string): Promise<HybridGroupSessionRecord[]>;
+    getAllEndToEndInboundGroupSessions(): Promise<ExtendedInboundGroupSessionData[]>;
+    getAllHybridGroupSessions(): Promise<HybridGroupSessionRecord[]>;
+    deleteHybridGroupSessions(streamId: string): Promise<void>;
+    storeEndToEndInboundGroupSession(streamId: string, sessionId: string, sessionData: InboundGroupSessionData): Promise<void>;
+    storeHybridGroupSession(sessionData: HybridGroupSessionRecord): Promise<void>;
+    getInboundGroupSessionIds(streamId: string): Promise<string[]>;
+    getHybridGroupSessionIds(streamId: string): Promise<string[]>;
+    withAccountTx<T>(fn: () => Promise<T>): Promise<T>;
+    withGroupSessions<T>(fn: () => Promise<T>): Promise<T>;
+    deviceRecordCount(): Promise<number>;
+    saveUserDevices(userId: string, devices: UserDevice[], expirationMs?: number): Promise<void>;
+    getUserDevices(userId: string): Promise<UserDevice[]>;
+}
+//# sourceMappingURL=cryptoStore.d.ts.map

package/dist/cryptoStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptoStore.d.ts","sourceRoot":"","sources":["../src/cryptoStore.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,+BAA+B,EAC/B,kBAAkB,EAClB,wBAAwB,EAC3B,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAA;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAUrC,eAAO,MAAM,sCAAsC,QAAiB,CAAA;AAEpE,wBAAgB,iBAAiB,CAC7B,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GACpB,WAAW,CAMb;AAED,MAAM,WAAW,WAAW;IACxB,MAAM,EAAE,MAAM,CAAA;IAEd,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3B,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9B,0BAA0B,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9E,4BAA4B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7D,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IAC7B,YAAY,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAClD,iCAAiC,CAC7B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,+BAA+B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAClE,mCAAmC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAA;IACpE,8BAA8B,CAC1B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAAC,CAAA;IAC/C,qBAAqB,CACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAA;IAChD,+BAA+B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAAA;IACtF,kCAAkC,IAAI,OAAO,CAAC,+BAA+B,EAAE,CAAC,CAAA;IAChF,yBAAyB,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAAA;IAChE,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC1D,gCAAgC,CAC5B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,uBAAuB,GACrC,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,uBAAuB,CAAC,WAAW,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAC9D,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAC7D,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IAClD,iBAAiB,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IACtD,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IACpC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5F,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAA;CACxD"}

package/dist/cryptoStore.js

@@ -0,0 +1,17 @@
+import { CryptoStoreIndexedDb } from './CryptoStoreIndexedDb';
+import { CryptoStoreInMemory } from './CryptoStoreInMemory';
+import { isBrowser } from '@towns-labs/utils';
+const ONE_SECOND_MS = 1000;
+const ONE_MINUTE_MS = 60 * ONE_SECOND_MS;
+const ONE_HOUR_MS = 60 * ONE_MINUTE_MS;
+const ONE_DAY_MS = 24 * ONE_HOUR_MS;
+export const DEFAULT_USER_DEVICE_EXPIRATION_TIME_MS = 5 * ONE_DAY_MS;
+export function createCryptoStore(databaseName, userId, maxEntries) {
+    if (isBrowser) {
+        return new CryptoStoreIndexedDb(databaseName, userId);
+    }
+    else {
+        return new CryptoStoreInMemory(userId, maxEntries);
+    }
+}
+//# sourceMappingURL=cryptoStore.js.map

package/dist/cryptoStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptoStore.js","sourceRoot":"","sources":["../src/cryptoStore.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAA;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAE7C,MAAM,aAAa,GAAG,IAAI,CAAA;AAC1B,MAAM,aAAa,GAAG,EAAE,GAAG,aAAa,CAAA;AACxC,MAAM,WAAW,GAAG,EAAE,GAAG,aAAa,CAAA;AACtC,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,CAAA;AAEnC,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,GAAG,UAAU,CAAA;AAEpE,MAAM,UAAU,iBAAiB,CAC7B,YAAoB,EACpB,MAAc,EACd,UAAmB;IAEnB,IAAI,SAAS,EAAE,CAAC;QACZ,OAAO,IAAI,oBAAoB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IACzD,CAAC;SAAM,CAAC;QACJ,OAAO,IAAI,mBAAmB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;IACtD,CAAC;AACL,CAAC"}

package/dist/derivedEncryption.d.ts

@@ -0,0 +1,2 @@
+export declare const AES_GCM_DERIVED_ALGORITHM = "r.aes-256-gcm.derived";
+//# sourceMappingURL=derivedEncryption.d.ts.map

package/dist/derivedEncryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"derivedEncryption.d.ts","sourceRoot":"","sources":["../src/derivedEncryption.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,0BAA0B,CAAA"}

package/dist/derivedEncryption.js

@@ -0,0 +1,2 @@
+export const AES_GCM_DERIVED_ALGORITHM = 'r.aes-256-gcm.derived';
+//# sourceMappingURL=derivedEncryption.js.map

package/dist/derivedEncryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"derivedEncryption.js","sourceRoot":"","sources":["../src/derivedEncryption.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,yBAAyB,GAAG,uBAAuB,CAAA"}

package/dist/encryptionDelegate.d.ts

@@ -0,0 +1,16 @@
+import { Account, InboundGroupSession, OutboundGroupSession, PkDecryption, PkEncryption, PkSigning, Session, Utility } from './encryptionTypes';
+export declare class EncryptionDelegate {
+    private delegate;
+    isInitialized: boolean;
+    constructor();
+    init(): Promise<void>;
+    createAccount(): Account;
+    createSession(): Session;
+    createInboundGroupSession(): InboundGroupSession;
+    createOutboundGroupSession(): OutboundGroupSession;
+    createPkEncryption(): PkEncryption;
+    createPkDecryption(): PkDecryption;
+    createPkSigning(): PkSigning;
+    createUtility(): Utility;
+}
+//# sourceMappingURL=encryptionDelegate.d.ts.map

package/dist/encryptionDelegate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptionDelegate.d.ts","sourceRoot":"","sources":["../src/encryptionDelegate.ts"],"names":[],"mappings":"AACA,OAAO,EACH,OAAO,EACP,mBAAmB,EACnB,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,OAAO,EACP,OAAO,EACV,MAAM,mBAAmB,CAAA;AAE1B,qBAAa,kBAAkB;IAC3B,OAAO,CAAC,QAAQ,CAAqB;IAC9B,aAAa,UAAQ;;IAKf,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAS3B,aAAa,IAAI,OAAO;IAOxB,aAAa,IAAI,OAAO;IAOxB,yBAAyB,IAAI,mBAAmB;IAOhD,0BAA0B,IAAI,oBAAoB;IAOlD,kBAAkB,IAAI,YAAY;IAOlC,kBAAkB,IAAI,YAAY;IAOlC,eAAe,IAAI,SAAS;IAO5B,aAAa,IAAI,OAAO;CAMlC"}

package/dist/encryptionDelegate.js

@@ -0,0 +1,64 @@
+import Olm from '@towns-protocol/olm';
+export class EncryptionDelegate {
+    delegate;
+    isInitialized = false;
+    // eslint-disable-next-line @typescript-eslint/no-empty-function
+    constructor() { }
+    async init() {
+        // initializes Olm library. This should run before using any Olm classes.
+        if (this.delegate) {
+            return;
+        }
+        this.delegate = await Olm.initAsync();
+        this.isInitialized = this.delegate !== undefined;
+    }
+    createAccount() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.Account();
+    }
+    createSession() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.Session();
+    }
+    createInboundGroupSession() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.InboundGroupSession();
+    }
+    createOutboundGroupSession() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.OutboundGroupSession();
+    }
+    createPkEncryption() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.PkEncryption();
+    }
+    createPkDecryption() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.PkDecryption();
+    }
+    createPkSigning() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.PkSigning();
+    }
+    createUtility() {
+        if (!this.delegate) {
+            throw new Error('olm not initialized');
+        }
+        return new this.delegate.Utility();
+    }
+}
+//# sourceMappingURL=encryptionDelegate.js.map

package/dist/encryptionDelegate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptionDelegate.js","sourceRoot":"","sources":["../src/encryptionDelegate.ts"],"names":[],"mappings":"AAAA,OAAO,GAAqB,MAAM,qBAAqB,CAAA;AAYvD,MAAM,OAAO,kBAAkB;IACnB,QAAQ,CAAqB;IAC9B,aAAa,GAAG,KAAK,CAAA;IAE5B,gEAAgE;IAChE,gBAAe,CAAC;IAET,KAAK,CAAC,IAAI;QACb,yEAAyE;QACzE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChB,OAAM;QACV,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,CAAA;QACrC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAA;IACpD,CAAC;IAEM,aAAa;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAA;IACtC,CAAC;IAEM,aAAa;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAA;IACtC,CAAC;IAEM,yBAAyB;QAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAA;IAClD,CAAC;IAEM,0BAA0B;QAC7B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAA;IACnD,CAAC;IAEM,kBAAkB;QACrB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAA;IAC3C,CAAC;IAEM,kBAAkB;QACrB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAA;IAC3C,CAAC;IAEM,eAAe;QAClB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAA;IACxC,CAAC;IAEM,aAAa;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QACD,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAA;IACtC,CAAC;CACJ"}

package/dist/encryptionDevice.d.ts

@@ -0,0 +1,264 @@
+import type { CryptoStore } from './cryptoStore';
+import { InboundGroupSession, IOutboundGroupSessionKey } from './encryptionTypes';
+import { EncryptionDelegate } from './encryptionDelegate';
+import { GroupEncryptionSession } from './olmLib';
+import type { HybridGroupSessionRecord } from './storeTypes';
+import { ExportedDevice, HybridGroupSessionKey } from '@towns-labs/proto';
+/** data stored in the session store about an inbound group session */
+export interface InboundGroupSessionData {
+    stream_id: string;
+    /** pickled InboundGroupSession */
+    session: string;
+    keysClaimed: Record<string, string>;
+    /** whether this session is untrusted. */
+    untrusted?: boolean;
+}
+export type EncryptionDeviceInitOpts = {
+    fromExportedDevice?: ExportedDevice;
+    pickleKey?: string;
+};
+export interface IDecryptedGroupMessage {
+    result: string;
+    keysClaimed: Record<string, string>;
+    streamId: string;
+    untrusted: boolean;
+}
+export type GroupSessionExtraData = {
+    untrusted?: boolean;
+};
+export declare class EncryptionDevice {
+    private delegate;
+    private readonly cryptoStore;
+    pickleKey: string;
+    /** Curve25519 key for the account, unknown until we load the account from storage in init() */
+    deviceCurve25519Key: string | null;
+    /** Ed25519 key for the account, unknown until we load the account from storage in init() */
+    deviceDoNotUseKey: string | null;
+    fallbackKey: {
+        keyId: string;
+        key: string;
+    };
+    sessionsInProgress: Record<string, Promise<void>>;
+    olmPrekeyPromise: Promise<any>;
+    private inboundGroupSessionMessageIndexes;
+    constructor(delegate: EncryptionDelegate, cryptoStore: CryptoStore);
+    /**
+     * Iniitialize the Account. Must be called prior to any other operation
+     * on the device.
+     *
+     * Data from an exported device can be provided in order to recreate this device.
+     *
+     * Attempts to load the Account from the crypto store, or create one otherwise
+     * storing the account in storage.
+     *
+     * Reads the device keys from the Account object.
+     *
+     * @param fromExportedDevice - data from exported device
+     *     that must be re-created.
+     *     If present, opts.pickleKey is ignored
+     *     (exported data already provides a pickle key)
+     * @param pickleKey - pickle key to set instead of default one
+     *
+     *
+     */
+    init(opts?: EncryptionDeviceInitOpts): Promise<void>;
+    private initializeFromExportedDevice;
+    private initializeAccount;
+    /**
+     * Export the current device state
+     * @returns ExportedDevice object containing the device state
+     */
+    exportDevice(): Promise<ExportedDevice>;
+    /**
+     * Extract our Account from the crypto store and call the given function
+     * with the account object
+     * The `account` object is usable only within the callback passed to this
+     * function and will be freed as soon the callback returns. It is *not*
+     * usable for the rest of the lifetime of the transaction.
+     * This function requires a live transaction object from cryptoStore.doTxn()
+     * and therefore may only be called in a doTxn() callback.
+     *
+     * @param txn - Opaque transaction object from cryptoStore.doTxn()
+     * @internal
+     */
+    private getAccount;
+    /**
+     * Saves an account to the crypto store.
+     * This function requires a live transaction object from cryptoStore.doTxn()
+     * and therefore may only be called in a doTxn() callback.
+     *
+     * @param txn - Opaque transaction object from cryptoStore.doTxn()
+     * @param Account object
+     * @internal
+     */
+    private storeAccount;
+    /**
+     * get an OlmUtility and call the given function
+     *
+     * @returns result of func
+     * @internal
+     */
+    private getUtility;
+    /**
+     * Signs a message with the ed25519 key for this account.
+     *
+     * @param message -  message to be signed
+     * @returns base64-encoded signature
+     */
+    sign(message: string): Promise<string>;
+    /**
+     * Marks all of the fallback keys as published.
+     */
+    markKeysAsPublished(): Promise<void>;
+    /**
+     * Generate a new fallback keys
+     *
+     * @returns Resolved once the account is saved back having generated the key
+     */
+    generateFallbackKeyIfNeeded(): Promise<void>;
+    getFallbackKey(): Promise<{
+        keyId: string;
+        key: string;
+    }>;
+    forgetOldFallbackKey(): Promise<void>;
+    /**
+     * Store an OutboundGroupSession in outboundSessionStore
+     *
+     */
+    private saveOutboundGroupSession;
+    /**
+     * Extract OutboundGroupSession from the session store and call given fn.
+     */
+    private getOutboundGroupSession;
+    /**
+     * Get the session keys for an outbound group session
+     *
+     * @param sessionId -  the id of the outbound group session
+     *
+     * @returns current chain index, and
+     *     base64-encoded secret key.
+     */
+    getOutboundGroupSessionKey(streamId: string): Promise<IOutboundGroupSessionKey>;
+    /** */
+    getHybridGroupSessionKeyForStream(streamId: string): Promise<HybridGroupSessionKey>;
+    /** */
+    getHybridGroupSessionKey(streamId: string, sessionId: string): Promise<HybridGroupSessionKey>;
+    /**
+     * Generate a new outbound group session
+     *
+     */
+    createOutboundGroupSession(streamId: string): Promise<string>;
+    /** */
+    createHybridGroupSession(streamId: string, miniblockNum: bigint, miniblockHash: Uint8Array): Promise<{
+        sessionId: string;
+        sessionRecord: HybridGroupSessionRecord;
+        sessionKey: HybridGroupSessionKey;
+    }>;
+    /**
+     * Unpickle a session from a sessionData object and invoke the given function.
+     * The session is valid only until func returns.
+     *
+     * @param sessionData - Object describing the session.
+     * @param func - Invoked with the unpickled session
+     * @returns result of func
+     */
+    private unpickleInboundGroupSession;
+    /**
+     * Extract an InboundGroupSession from the crypto store and call the given function
+     *
+     * @param streamId - The stream ID to extract the session for, or null to fetch
+     *     sessions for any room.
+     * @param txn - Opaque transaction object from cryptoStore.doTxn()
+     * @param func - function to call.
+     *
+     * @internal
+     */
+    getInboundGroupSession(streamId: string, sessionId: string): Promise<{
+        session: InboundGroupSession | undefined;
+        data: InboundGroupSessionData | undefined;
+    }>;
+    /**
+     * Add an inbound group session to the session store
+     *
+     * @param streamId -     room in which this session will be used
+     * @param senderKey -  base64-encoded curve25519 key of the sender
+     * @param sessionId -  session identifier
+     * @param sessionKey - base64-encoded secret key
+     * @param keysClaimed - Other keys the sender claims.
+     * @param exportFormat - true if the group keys are in export format
+     *    (ie, they lack an ed25519 signature)
+     * @param extraSessionData - any other data to be include with the session
+     */
+    addInboundGroupSession(streamId: string, sessionId: string, sessionKey: string, keysClaimed: Record<string, string>, _exportFormat: boolean, extraSessionData?: GroupSessionExtraData): Promise<void>;
+    /** */
+    addHybridGroupSession(streamId: string, sessionId: string, sessionKey: string): Promise<void>;
+    /**
+     * Encrypt an outgoing message with an outbound group session
+     *
+     * @param sessionId - this id of the session
+     * @param payloadString - payload to be encrypted
+     *
+     * @returns ciphertext
+     */
+    encryptGroupMessage(payloadString: string, streamId: string): Promise<{
+        ciphertext: string;
+        sessionId: string;
+    }>;
+    encryptUsingFallbackKey(theirIdentityKey: string, fallbackKey: string, payload: string): Promise<{
+        type: 0 | 1;
+        body: string;
+    }>;
+    /**
+     * Decrypt an incoming message using an existing session
+     *
+     * @param theirDeviceIdentityKey - Curve25519 identity key for the
+     *     remote device
+     * @param messageType -  messageType field from the received message
+     * @param ciphertext - base64-encoded body from the received message
+     *
+     * @returns decrypted payload.
+     */
+    decryptMessage(ciphertext: string, theirDeviceIdentityKey: string, messageType?: number): Promise<string>;
+    /**
+     * Verify an ed25519 signature.
+     *
+     * @param key - ed25519 key
+     * @param message - message which was signed
+     * @param signature - base64-encoded signature to be checked
+     *
+     * @throws Error if there is a problem with the verification. If the key was
+     * too small then the message will be "OLM.INVALID_BASE64". If the signature
+     * was invalid then the message will be "OLM.BAD_MESSAGE_MAC".
+     */
+    verifySignature(key: string, message: string, signature: string): void;
+    getInboundGroupSessionIds(streamId: string): Promise<string[]>;
+    getHybridGroupSessionIds(streamId: string): Promise<string[]>;
+    /**
+     * Determine if we have the keys for a given group session
+     *
+     * @param streamId - stream in which the message was received
+     * @param senderKey - base64-encoded curve25519 key of the sender
+     * @param sessionId - session identifier
+     */
+    hasInboundSessionKeys(streamId: string, sessionId: string): Promise<boolean>;
+    /** */
+    hasHybridGroupSessionKey(streamId: string, sessionId: string): Promise<boolean>;
+    /**
+     * Export an inbound group session
+     *
+     * @param streamId - streamId of session
+     * @param sessionId  - session identifier
+     */
+    exportInboundGroupSession(streamId: string, sessionId: string): Promise<GroupEncryptionSession | undefined>;
+    /** */
+    exportHybridGroupSession(streamId: string, sessionId: string): Promise<GroupEncryptionSession | undefined>;
+    /**
+     * Get a list containing all of the room keys
+     *
+     * @returns a list of session export objects
+     */
+    exportInboundGroupSessions(): Promise<GroupEncryptionSession[]>;
+    exportHybridGroupSessions(): Promise<GroupEncryptionSession[]>;
+}
+export declare function hybridSessionKeyHash(streamId: Uint8Array, key: Uint8Array, miniblockNum: bigint, miniblockHash: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=encryptionDevice.d.ts.map

package/dist/encryptionDevice.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptionDevice.d.ts","sourceRoot":"","sources":["../src/encryptionDevice.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAChD,OAAO,EAEH,mBAAmB,EACnB,wBAAwB,EAG3B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAA8B,sBAAsB,EAAE,MAAM,UAAU,CAAA;AAE7E,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAA;AAC5D,OAAO,EACH,cAAc,EAMd,qBAAqB,EAGxB,MAAM,mBAAmB,CAAA;AAW1B,sEAAsE;AACtE,MAAM,WAAW,uBAAuB;IACpC,SAAS,EAAE,MAAM,CAAA;IACjB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,yCAAyC;IACzC,SAAS,CAAC,EAAE,OAAO,CAAA;CACtB;AAED,MAAM,MAAM,wBAAwB,GAAG;IACnC,kBAAkB,CAAC,EAAE,cAAc,CAAA;IACnC,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAqBD,MAAM,WAAW,sBAAsB;IACnC,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,OAAO,CAAA;CACrB;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,SAAS,CAAC,EAAE,OAAO,CAAA;CACtB,CAAA;AAED,qBAAa,gBAAgB;IA8BrB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,QAAQ,CAAC,WAAW;IA7BzB,SAAS,SAAgB;IAEhC,+FAA+F;IACxF,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAO;IAChD,4FAA4F;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAO;IAEvC,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAyB;IAIpE,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAK;IAKtD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAoB;IAQzD,OAAO,CAAC,iCAAiC,CACnC;gBAGM,QAAQ,EAAE,kBAAkB,EACnB,WAAW,EAAE,WAAW;IAG7C;;;;;;;;;;;;;;;;;;OAkBG;IACU,IAAI,CAAC,IAAI,CAAC,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;YAsCnD,4BAA4B;YAmC5B,iBAAiB;IAW/B;;;OAGG;IACU,YAAY,IAAI,OAAO,CAAC,cAAc,CAAC;IAuCpD;;;;;;;;;;;OAWG;YACW,UAAU;IAOxB;;;;;;;;OAQG;YACW,YAAY;IAI1B;;;;;OAKG;IACH,OAAO,CAAC,UAAU;IASlB;;;;;OAKG;IACU,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKnD;;OAEG;IACU,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC;IAMjD;;;;OAIG;IACU,2BAA2B,IAAI,OAAO,CAAC,IAAI,CAAC;IAU5C,cAAc,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAazD,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC;IASlD;;;OAGG;YACW,wBAAwB;IAatC;;OAEG;YACW,uBAAuB;IAarC;;;;;;;OAOG;IACU,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAS5F,MAAM;IACO,iCAAiC,CAC1C,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC,qBAAqB,CAAC;IAejC,MAAM;IACO,wBAAwB,CACjC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,qBAAqB,CAAC;IAUjC;;;OAGG;IACU,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiC1E,MAAM;IACO,wBAAwB,CACjC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,UAAU,GAC1B,OAAO,CAAC;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,aAAa,EAAE,wBAAwB,CAAA;QACvC,UAAU,EAAE,qBAAqB,CAAA;KACpC,CAAC;IAkCF;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAMnC;;;;;;;;;OASG;IACG,sBAAsB,CACxB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC;QACP,OAAO,EAAE,mBAAmB,GAAG,SAAS,CAAA;QACxC,IAAI,EAAE,uBAAuB,GAAG,SAAS,CAAA;KAC5C,CAAC;IAcF;;;;;;;;;;;OAWG;IACU,sBAAsB,CAC/B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,aAAa,EAAE,OAAO,EACtB,gBAAgB,GAAE,qBAA0B,GAC7C,OAAO,CAAC,IAAI,CAAC;IA+EhB,MAAM;IACO,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;IAiC1F;;;;;;;OAOG;IACU,mBAAmB,CAC5B,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAcxC,uBAAuB,CAChC,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAkBzC;;;;;;;;;OASG;IACU,cAAc,CACvB,UAAU,EAAE,MAAM,EAClB,sBAAsB,EAAE,MAAM,EAC9B,WAAW,GAAE,MAAU,GACxB,OAAO,CAAC,MAAM,CAAC;IAmClB;;;;;;;;;;OAUG;IACI,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAQhE,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAI9D,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAI1E;;;;;;OAMG;IACU,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAqBzF,MAAM;IACO,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5F;;;;;OAKG;IACU,yBAAyB,CAClC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC;IAsB9C,MAAM;IACO,wBAAwB,CACjC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC;IAa9C;;;;OAIG;IACU,0BAA0B,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA2B/D,yBAAyB,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;CAW9E;AAKD,wBAAsB,oBAAoB,CACtC,QAAQ,EAAE,UAAU,EACpB,GAAG,EAAE,UAAU,EACf,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,UAAU,GAC1B,OAAO,CAAC,UAAU,CAAC,CA4BrB"}