@wireapp/core-crypto 0.4.0

package/platforms/web/corecrypto.d.ts

@@ -0,0 +1,644 @@
+/**
+* see [core_crypto::prelude::CiphersuiteName]
+*/
+export enum Ciphersuite {
+	/**
+	* DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
+	*/
+	MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519,
+	/**
+	* DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
+	*/
+	MLS_128_DHKEMP256_AES128GCM_SHA256_P256,
+	/**
+	* DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
+	*/
+	MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519,
+	/**
+	* DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	*/
+	MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448,
+	/**
+	* DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	*/
+	MLS_256_DHKEMP521_AES256GCM_SHA512_P521,
+	/**
+	* DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	*/
+	MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448,
+	/**
+	* DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	*/
+	MLS_256_DHKEMP384_AES256GCM_SHA384_P384
+}
+/**
+ * Configuration object for new conversations
+ */
+export interface ConversationConfiguration {
+	/**
+	 * List of client IDs with administrative permissions
+	 * Note: This is currently unused
+	 */
+	admins?: Uint8Array[];
+	/**
+	 * Conversation ciphersuite
+	 */
+	ciphersuite?: Ciphersuite;
+	/**
+	 * Duration in seconds after which we will automatically force a self_update commit
+	 * Note: This isn't currently implemented
+	 */
+	keyRotationSpan?: number;
+	/**
+	 * List of client IDs that are allowed to be external senders of commits
+	 */
+	externalSenders?: Uint8Array[];
+}
+/**
+ * Alias for conversation IDs.
+ * This is a freeform, uninspected buffer.
+ */
+export declare type ConversationId = Uint8Array;
+/**
+ * Alias for client identifier.
+ * This is a freeform, uninspected buffer.
+ */
+export declare type ClientId = Uint8Array;
+/**
+ * Alias for proposal reference. It is a byte array of size 16.
+ */
+export declare type ProposalRef = Uint8Array;
+/**
+ * Alias for an MLS generic commit.
+ * It contains:
+ * * MLS Commit that needs to be fanned out to other (existing) members of the conversation
+ * * (Optional) MLS Welcome message that needs to be fanned out to the clients newly added to the conversation (if any)
+ * * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit + some metadatas for optimizations
+ * (For final version. Requires to be implemented in the Delivery Service)
+ * This is a freeform, uninspected buffer.
+ */
+export declare type TlsCommitBundle = Uint8Array;
+/**
+ * Data shape for the returned MLS commit & welcome message tuple upon adding clients to a conversation
+ */
+export interface MemberAddedMessages {
+	/**
+	 * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation
+	 *
+	 * @readonly
+	 */
+	commit: Uint8Array;
+	/**
+	 * TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation
+	 *
+	 * @readonly
+	 */
+	welcome: Uint8Array;
+	/**
+	 * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit
+	 *
+	 * @readonly
+	 */
+	publicGroupState: Uint8Array;
+}
+/**
+ * Data shape for a MLS generic commit + optional bundle (aka stapled commit & welcome)
+ */
+export interface CommitBundle {
+	/**
+	 * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation
+	 *
+	 * @readonly
+	 */
+	commit: Uint8Array;
+	/**
+	 * Optional TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation
+	 *
+	 * @readonly
+	 */
+	welcome?: Uint8Array;
+	/**
+	 * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit
+	 *
+	 * @readonly
+	 */
+	publicGroupState: Uint8Array;
+}
+/**
+ * Params for CoreCrypto initialization
+ * Please note that the `entropySeed` parameter MUST be exactly 32 bytes
+ */
+export interface CoreCryptoParams {
+	/**
+	 * Name of the IndexedDB database
+	 */
+	databaseName: string;
+	/**
+	 * Encryption master key
+	 * This should be appropriately stored in a secure location (i.e. WebCrypto private key storage)
+	 */
+	key: string;
+	/**
+	 * MLS Client ID.
+	 * This should stay consistent as it will be verified against the stored signature & identity to validate the persisted credential
+	 */
+	clientId: string;
+	/**
+	 * External PRNG entropy pool seed.
+	 * This **must** be exactly 32 bytes
+	 */
+	entropySeed?: Uint8Array;
+	/**
+	 * .wasm file path, this will be useful in case your bundling system likes to relocate files (i.e. what webpack does)
+	 */
+	wasmFilePath?: string;
+}
+/**
+ * Data shape for adding clients to a conversation
+ */
+export interface Invitee {
+	/**
+	 * Client ID as a byte array
+	 */
+	id: ClientId;
+	/**
+	 * MLS KeyPackage belonging to the aforementioned client
+	 */
+	kp: Uint8Array;
+}
+export interface MlsConversationInitMessage {
+	/**
+	 * Group ID
+	 *
+	 * @readonly
+	 */
+	group: Uint8Array;
+	/**
+	 * TLS-serialized MLS Commit that needs to be fanned out
+	 *
+	 * @readonly
+	 */
+	commit: Uint8Array;
+}
+/**
+ * This is a wrapper for all the possible outcomes you can get after decrypting a message
+ */
+export interface DecryptedMessage {
+	/**
+	 * Raw decrypted application message, if the decrypted MLS message is an application message
+	 */
+	message?: Uint8Array;
+	/**
+	 * List of proposals that were retrieved from the decrypted message, in addition to the pending local proposals
+	 */
+	proposals: ProposalBundle[];
+	/**
+	 * It is set to false if ingesting this MLS message has resulted in the client being removed from the group (i.e. a Remove commit)
+	 */
+	isActive: boolean;
+	/**
+	 * Commit delay hint (in milliseconds) to prevent clients from hammering the server with epoch changes
+	 */
+	commitDelay?: number;
+	/**
+	 * Client identifier of the sender of the message being decrypted. Only present for application messages.
+	 */
+	senderClientId?: ClientId;
+}
+/**
+ * Returned by all methods creating proposals. Contains a proposal message and an identifier to roll back the proposal
+ */
+export interface ProposalBundle {
+	/**
+	 * TLS-serialized MLS proposal that needs to be fanned out to other (existing) members of the conversation
+	 *
+	 * @readonly
+	 */
+	proposal: Uint8Array;
+	/**
+	 * Unique identifier of a proposal. Use this in {@link CoreCrypto.clear_pending_proposal} to roll back (delete) the proposal
+	 *
+	 * @readonly
+	 */
+	proposalRef: ProposalRef;
+}
+/**
+ * MLS Proposal type
+ */
+export declare const enum ProposalType {
+	/**
+	 * This allows to propose the addition of other clients to the MLS group/conversation
+	 */
+	Add = 0,
+	/**
+	 * This allows to propose the removal of clients from the MLS group/conversation
+	 */
+	Remove = 1,
+	/**
+	 * This allows to propose to update the client keying material (i.e. keypackage rotation) and the group root key
+	 */
+	Update = 2
+}
+/**
+ * Common arguments for proposals
+ */
+export interface ProposalArgs {
+	/**
+	 * Conversation ID that is targeted by the proposal
+	 */
+	conversationId: ConversationId;
+}
+/**
+ * Arguments for a proposal of type `Add`
+ */
+export interface AddProposalArgs extends ProposalArgs {
+	/**
+	 * TLS-serialized MLS KeyPackage to be added
+	 */
+	kp: Uint8Array;
+}
+/**
+ * Arguments for a proposal of type `Remove`
+ */
+export interface RemoveProposalArgs extends ProposalArgs {
+	/**
+	 * Client ID to be removed from the conversation
+	 */
+	clientId: ClientId;
+}
+/**
+ * MLS External Proposal type
+ */
+export declare const enum ExternalProposalType {
+	/**
+	 * This allows to propose the addition of other clients to the MLS group/conversation
+	 */
+	Add = 0,
+	/**
+	 * This allows to propose the removal of clients from the MLS group/conversation
+	 */
+	Remove = 1
+}
+export interface ExternalProposalArgs {
+	/**
+	 * Conversation ID that is targeted by the external proposal
+	 */
+	conversationId: ConversationId;
+	/**
+	 * MLS Group epoch for the external proposal.
+	 * This needs to be the current epoch of the group or this proposal **will** be rejected
+	 */
+	epoch: number;
+}
+export interface ExternalRemoveProposalArgs extends ExternalProposalArgs {
+	/**
+	 * KeyPackageRef of the client that needs to be removed in the proposal
+	 */
+	keyPackageRef: Uint8Array;
+}
+/**
+ * Wrapper for the WASM-compiled version of CoreCrypto
+ */
+export declare class CoreCrypto {
+	#private;
+	/**
+	 * This is your entrypoint to initialize {@link CoreCrypto}!
+	 *
+	 * @param params - {@link CoreCryptoParams}
+	 *
+	 * @example
+	 * ## Simple init
+	 * ```ts
+	 * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
+	 * // Do the rest with `cc`
+	 * ```
+	 *
+	 * ## Custom Entropy seed init & wasm file location
+	 * ```ts
+	 * // FYI, this is the IETF test vector #1
+	 * const entropySeed = Uint32Array.from([
+	 *   0xade0b876, 0x903df1a0, 0xe56a5d40, 0x28bd8653,
+	 *   0xb819d2bd, 0x1aed8da0, 0xccef36a8, 0xc70d778b,
+	 *   0x7c5941da, 0x8d485751, 0x3fe02477, 0x374ad8b8,
+	 *   0xf4b8436a, 0x1ca11815, 0x69b687c3, 0x8665eeb2,
+	 * ]);
+	 *
+	 * const wasmFilePath = "/long/complicated/path/on/webserver/whatever.wasm";
+	 *
+	 * const cc = await CoreCrypto.init({
+	 *   databaseName: "test",
+	 *   key: "test",
+	 *   clientId: "test",
+	 *   entropySeed,
+	 *   wasmFilePath,
+	 * });
+	 * ````
+	 */
+	static init({ databaseName, key, clientId, wasmFilePath, entropySeed }: CoreCryptoParams): Promise<CoreCrypto>;
+	/** @hidden */
+	private constructor();
+	/**
+	 * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
+	 *
+	 * **CAUTION**: This {@link CoreCrypto} instance won't be useable after a call to this method, but there's no way to express this requirement in TypeScript so you'll get errors instead!
+	 */
+	wipe(): Promise<void>;
+	/**
+	 * Closes this {@link CoreCrypto} instance and deallocates all loaded resources
+	 *
+	 * **CAUTION**: This {@link CoreCrypto} instance won't be useable after a call to this method, but there's no way to express this requirement in TypeScript so you'll get errors instead!
+	 */
+	close(): Promise<void>;
+	/**
+	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
+	 *
+	 * @returns Whether the given conversation ID exists
+	 *
+	 * @example
+	 * ```ts
+	 *  const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
+	 *  const encoder = new TextEncoder();
+	 *  if (await cc.conversationExists(encoder.encode("my super chat"))) {
+	 *    // Do something
+	 *  } else {
+	 *    // Do something else
+	 *  }
+	 * ```
+	 */
+	conversationExists(conversationId: ConversationId): Promise<boolean>;
+	/**
+	 * Returns the current epoch of a conversation
+	 *
+	 * @returns the epoch of the conversation
+	 *
+	 * @example
+	 * ```ts
+	 *  const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
+	 *  const encoder = new TextEncoder();
+	 *  console.log(await cc.conversationEpoch(encoder.encode("my super chat")))
+	 * ```
+	 */
+	conversationEpoch(conversationId: ConversationId): Promise<number>;
+	/**
+	 * Wipes and destroys the local storage of a given conversation / MLS group
+	 *
+	 * @param conversationId - The ID of the conversation to remove
+	 */
+	wipeConversation(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Creates a new conversation with the current client being the sole member
+	 * You will want to use {@link CoreCrypto.addClientsToConversation} afterwards to add clients to this conversation
+	 *
+	 * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
+	 * @param configuration.admins - An array of client IDs that will have administrative permissions over the group
+	 * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
+	 * @param configuration.keyRotationSpan - The amount of time in milliseconds after which the MLS Keypackages will be rotated
+	 * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
+	 */
+	createConversation(conversationId: ConversationId, configuration?: ConversationConfiguration): Promise<any>;
+	/**
+	 * Decrypts a message for a given conversation
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param payload - The encrypted message buffer
+	 *
+	 * @returns Either a {@link DecryptedMessage} payload or `undefined` - This happens when the encrypted payload contains a system message such a proposal or commit
+	 */
+	decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
+	/**
+	 * Encrypts a message for a given conversation
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param message - The plaintext message to encrypt
+	 *
+	 * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group.
+	 */
+	encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
+	/**
+	 * Ingest a TLS-serialized MLS welcome message to join a an existing MLS group
+	 *
+	 * @param welcomeMessage - TLS-serialized MLS Welcome message
+	 * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
+	 */
+	processWelcomeMessage(welcomeMessage: Uint8Array): Promise<ConversationId>;
+	/**
+	 * @returns The client's public key
+	 */
+	clientPublicKey(): Promise<Uint8Array>;
+	/**
+	 * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
+	 */
+	clientValidKeypackagesCount(): Promise<number>;
+	/**
+	 * Fetches a requested amount of keypackages
+	 *
+	 * @param amountRequested - The amount of keypackages requested
+	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
+	 */
+	clientKeypackages(amountRequested: number): Promise<Array<Uint8Array>>;
+	/**
+	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param clients - Array of {@link Invitee} (which are Client ID / KeyPackage pairs)
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	addClientsToConversation(conversationId: ConversationId, clients: Invitee[]): Promise<MemberAddedMessages>;
+	/**
+	 * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
+	 * to do so, otherwise this operation does nothing.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param clientIds - Array of Client IDs to remove.
+	 *
+	 * @returns A {@link CommitBundle}, or `undefined` if for any reason, the operation would result in an empty commit
+	 */
+	removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<CommitBundle>;
+	/**
+	 * Creates an update commit which forces every client to update their keypackages in the conversation
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	updateKeyingMaterial(conversationId: ConversationId): Promise<CommitBundle>;
+	/**
+	 * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	commitPendingProposals(conversationId: ConversationId): Promise<CommitBundle>;
+	/**
+	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
+	 * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
+	 * It also contains a Welcome message the Delivery Service will forward to invited clients and
+	 * an updated PublicGroupState required by clients willing to join the group by an external commit.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param clients - Array of {@link Invitee} (which are Client ID / KeyPackage pairs)
+	 *
+	 * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
+	 */
+	finalAddClientsToConversation(conversationId: ConversationId, clients: Invitee[]): Promise<TlsCommitBundle>;
+	/**
+	 * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
+	 * to do so, otherwise this operation does nothing.
+	 *
+	 * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
+	 * It also contains a Welcome message the Delivery Service will forward to invited clients and
+	 * an updated PublicGroupState required by clients willing to join the group by an external commit.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param clientIds - Array of Client IDs to remove.
+	 *
+	 * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service, or `undefined` if for any reason, the operation would result in an empty commit
+	 */
+	finalRemoveClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<TlsCommitBundle>;
+	/**
+	 * Creates an update commit which forces every client to update their keypackages in the conversation
+	 *
+	 * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
+	 * It also contains a Welcome message the Delivery Service will forward to invited clients and
+	 * an updated PublicGroupState required by clients willing to join the group by an external commit.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
+	 */
+	finalUpdateKeyingMaterial(conversationId: ConversationId): Promise<TlsCommitBundle>;
+	/**
+	 * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
+	 *
+	 * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
+	 * It also contains a Welcome message the Delivery Service will forward to invited clients and
+	 * an updated PublicGroupState required by clients willing to join the group by an external commit.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
+	 */
+	finalCommitPendingProposals(conversationId: ConversationId): Promise<TlsCommitBundle>;
+	/**
+	 * Creates a new proposal for the provided Conversation ID
+	 *
+	 * @param proposalType - The type of proposal, see {@link ProposalType}
+	 * @param args - The arguments of the proposal, see {@link ProposalArgs}, {@link AddProposalArgs} or {@link RemoveProposalArgs}
+	 *
+	 * @returns A {@link ProposalBundle} containing the Proposal and its reference in order to roll it back if necessary
+	 */
+	newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<ProposalBundle>;
+	newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalProposalArgs | ExternalRemoveProposalArgs): Promise<Uint8Array>;
+	/**
+	 * Exports public group state for use in external commits
+	 *
+	 * @param conversationId - MLS Conversation ID
+	 * @returns TLS-serialized MLS public group state
+	 */
+	exportGroupState(conversationId: ConversationId): Promise<Uint8Array>;
+	/**
+	 * Allows to create an external commit to "apply" to join a group through its public group state
+	 *
+	 * Also see the second step of this process: {@link CoreCrypto.mergePendingGroupFromExternalCommit}
+	 *
+	 * @param publicGroupState - The public group state that can be fetched from the backend for a given conversation
+	 * @returns see {@link MlsConversationInitMessage}
+	 */
+	joinByExternalCommit(publicGroupState: Uint8Array): Promise<MlsConversationInitMessage>;
+	/**
+	 * This is the second step of the process of joining a group through an external commit
+	 *
+	 * This step makes the group operational and ready to encrypt/decrypt message
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param configuration - Configuration of the group, see {@link ConversationConfiguration}
+	 */
+	mergePendingGroupFromExternalCommit(conversationId: ConversationId, configuration: ConversationConfiguration): Promise<void>;
+	/**
+	 * Allows to mark the latest commit produced as "accepted" and be able to safely merge it
+	 * into the local group state
+	 *
+	 * @param conversationId - The group's ID
+	 */
+	commitAccepted(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Allows {@link CoreCrypto} to act as a CSPRNG provider
+	 * @note The underlying CSPRNG algorithm is ChaCha20 and takes in account the external seed provider either at init time or provided with {@link CoreCrypto.reseedRng}
+	 *
+	 * @param length - The number of bytes to be returned in the `Uint8Array`
+	 *
+	 * @returns A `Uint8Array` buffer that contains `length` cryptographically-secure random bytes
+	 */
+	randomBytes(length: number): Promise<Uint8Array>;
+	/**
+	 * Allows to reseed {@link CoreCrypto}'s internal CSPRNG with a new seed.
+	 *
+	 * @param seed - **exactly 32** bytes buffer seed
+	 */
+	reseedRng(seed: Uint8Array): Promise<void>;
+	/**
+	 * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions
+	 * have changed meanwhile.
+	 *
+	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
+	 * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc..
+	 *
+	 * @param conversationId - The group's ID
+	 * @param proposalRef - A reference to the proposal to delete. You get one when using {@link CoreCrypto.newProposal}
+	 */
+	clear_pending_proposal(conversationId: ConversationId, proposalRef: ProposalRef): Promise<void>;
+	/**
+	 * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions
+	 * have changed meanwhile.
+	 *
+	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
+	 * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
+	 * **DO NOT** use when Delivery Service responds 409, pending state will be renewed
+	 * in {@link CoreCrypto.decrypt_message}
+	 *
+	 * @param conversationId - The group's ID
+	 */
+	clear_pending_commit(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Returns the current version of {@link CoreCrypto}
+	 *
+	 * @returns The `core-crypto-ffi` version as defined in its `Cargo.toml` file
+	 */
+	static version(): string;
+}
+
+export {};