@wireapp/core-crypto 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,644 @@
1
+ /**
2
+ * see [core_crypto::prelude::CiphersuiteName]
3
+ */
4
+ export enum Ciphersuite {
5
+ /**
6
+ * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
7
+ */
8
+ MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519,
9
+ /**
10
+ * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
11
+ */
12
+ MLS_128_DHKEMP256_AES128GCM_SHA256_P256,
13
+ /**
14
+ * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
15
+ */
16
+ MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519,
17
+ /**
18
+ * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
19
+ */
20
+ MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448,
21
+ /**
22
+ * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
23
+ */
24
+ MLS_256_DHKEMP521_AES256GCM_SHA512_P521,
25
+ /**
26
+ * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
27
+ */
28
+ MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448,
29
+ /**
30
+ * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
31
+ */
32
+ MLS_256_DHKEMP384_AES256GCM_SHA384_P384
33
+ }
34
+ /**
35
+ * Configuration object for new conversations
36
+ */
37
+ export interface ConversationConfiguration {
38
+ /**
39
+ * List of client IDs with administrative permissions
40
+ * Note: This is currently unused
41
+ */
42
+ admins?: Uint8Array[];
43
+ /**
44
+ * Conversation ciphersuite
45
+ */
46
+ ciphersuite?: Ciphersuite;
47
+ /**
48
+ * Duration in seconds after which we will automatically force a self_update commit
49
+ * Note: This isn't currently implemented
50
+ */
51
+ keyRotationSpan?: number;
52
+ /**
53
+ * List of client IDs that are allowed to be external senders of commits
54
+ */
55
+ externalSenders?: Uint8Array[];
56
+ }
57
+ /**
58
+ * Alias for conversation IDs.
59
+ * This is a freeform, uninspected buffer.
60
+ */
61
+ export declare type ConversationId = Uint8Array;
62
+ /**
63
+ * Alias for client identifier.
64
+ * This is a freeform, uninspected buffer.
65
+ */
66
+ export declare type ClientId = Uint8Array;
67
+ /**
68
+ * Alias for proposal reference. It is a byte array of size 16.
69
+ */
70
+ export declare type ProposalRef = Uint8Array;
71
+ /**
72
+ * Alias for an MLS generic commit.
73
+ * It contains:
74
+ * * MLS Commit that needs to be fanned out to other (existing) members of the conversation
75
+ * * (Optional) MLS Welcome message that needs to be fanned out to the clients newly added to the conversation (if any)
76
+ * * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit + some metadatas for optimizations
77
+ * (For final version. Requires to be implemented in the Delivery Service)
78
+ * This is a freeform, uninspected buffer.
79
+ */
80
+ export declare type TlsCommitBundle = Uint8Array;
81
+ /**
82
+ * Data shape for the returned MLS commit & welcome message tuple upon adding clients to a conversation
83
+ */
84
+ export interface MemberAddedMessages {
85
+ /**
86
+ * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation
87
+ *
88
+ * @readonly
89
+ */
90
+ commit: Uint8Array;
91
+ /**
92
+ * TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation
93
+ *
94
+ * @readonly
95
+ */
96
+ welcome: Uint8Array;
97
+ /**
98
+ * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit
99
+ *
100
+ * @readonly
101
+ */
102
+ publicGroupState: Uint8Array;
103
+ }
104
+ /**
105
+ * Data shape for a MLS generic commit + optional bundle (aka stapled commit & welcome)
106
+ */
107
+ export interface CommitBundle {
108
+ /**
109
+ * TLS-serialized MLS Commit that needs to be fanned out to other (existing) members of the conversation
110
+ *
111
+ * @readonly
112
+ */
113
+ commit: Uint8Array;
114
+ /**
115
+ * Optional TLS-serialized MLS Welcome message that needs to be fanned out to the clients newly added to the conversation
116
+ *
117
+ * @readonly
118
+ */
119
+ welcome?: Uint8Array;
120
+ /**
121
+ * TLS-serialized MLS PublicGroupState (GroupInfo in draft-15) which is required for joining a group by external commit
122
+ *
123
+ * @readonly
124
+ */
125
+ publicGroupState: Uint8Array;
126
+ }
127
+ /**
128
+ * Params for CoreCrypto initialization
129
+ * Please note that the `entropySeed` parameter MUST be exactly 32 bytes
130
+ */
131
+ export interface CoreCryptoParams {
132
+ /**
133
+ * Name of the IndexedDB database
134
+ */
135
+ databaseName: string;
136
+ /**
137
+ * Encryption master key
138
+ * This should be appropriately stored in a secure location (i.e. WebCrypto private key storage)
139
+ */
140
+ key: string;
141
+ /**
142
+ * MLS Client ID.
143
+ * This should stay consistent as it will be verified against the stored signature & identity to validate the persisted credential
144
+ */
145
+ clientId: string;
146
+ /**
147
+ * External PRNG entropy pool seed.
148
+ * This **must** be exactly 32 bytes
149
+ */
150
+ entropySeed?: Uint8Array;
151
+ /**
152
+ * .wasm file path, this will be useful in case your bundling system likes to relocate files (i.e. what webpack does)
153
+ */
154
+ wasmFilePath?: string;
155
+ }
156
+ /**
157
+ * Data shape for adding clients to a conversation
158
+ */
159
+ export interface Invitee {
160
+ /**
161
+ * Client ID as a byte array
162
+ */
163
+ id: ClientId;
164
+ /**
165
+ * MLS KeyPackage belonging to the aforementioned client
166
+ */
167
+ kp: Uint8Array;
168
+ }
169
+ export interface MlsConversationInitMessage {
170
+ /**
171
+ * Group ID
172
+ *
173
+ * @readonly
174
+ */
175
+ group: Uint8Array;
176
+ /**
177
+ * TLS-serialized MLS Commit that needs to be fanned out
178
+ *
179
+ * @readonly
180
+ */
181
+ commit: Uint8Array;
182
+ }
183
+ /**
184
+ * This is a wrapper for all the possible outcomes you can get after decrypting a message
185
+ */
186
+ export interface DecryptedMessage {
187
+ /**
188
+ * Raw decrypted application message, if the decrypted MLS message is an application message
189
+ */
190
+ message?: Uint8Array;
191
+ /**
192
+ * List of proposals that were retrieved from the decrypted message, in addition to the pending local proposals
193
+ */
194
+ proposals: ProposalBundle[];
195
+ /**
196
+ * It is set to false if ingesting this MLS message has resulted in the client being removed from the group (i.e. a Remove commit)
197
+ */
198
+ isActive: boolean;
199
+ /**
200
+ * Commit delay hint (in milliseconds) to prevent clients from hammering the server with epoch changes
201
+ */
202
+ commitDelay?: number;
203
+ /**
204
+ * Client identifier of the sender of the message being decrypted. Only present for application messages.
205
+ */
206
+ senderClientId?: ClientId;
207
+ }
208
+ /**
209
+ * Returned by all methods creating proposals. Contains a proposal message and an identifier to roll back the proposal
210
+ */
211
+ export interface ProposalBundle {
212
+ /**
213
+ * TLS-serialized MLS proposal that needs to be fanned out to other (existing) members of the conversation
214
+ *
215
+ * @readonly
216
+ */
217
+ proposal: Uint8Array;
218
+ /**
219
+ * Unique identifier of a proposal. Use this in {@link CoreCrypto.clear_pending_proposal} to roll back (delete) the proposal
220
+ *
221
+ * @readonly
222
+ */
223
+ proposalRef: ProposalRef;
224
+ }
225
+ /**
226
+ * MLS Proposal type
227
+ */
228
+ export declare const enum ProposalType {
229
+ /**
230
+ * This allows to propose the addition of other clients to the MLS group/conversation
231
+ */
232
+ Add = 0,
233
+ /**
234
+ * This allows to propose the removal of clients from the MLS group/conversation
235
+ */
236
+ Remove = 1,
237
+ /**
238
+ * This allows to propose to update the client keying material (i.e. keypackage rotation) and the group root key
239
+ */
240
+ Update = 2
241
+ }
242
+ /**
243
+ * Common arguments for proposals
244
+ */
245
+ export interface ProposalArgs {
246
+ /**
247
+ * Conversation ID that is targeted by the proposal
248
+ */
249
+ conversationId: ConversationId;
250
+ }
251
+ /**
252
+ * Arguments for a proposal of type `Add`
253
+ */
254
+ export interface AddProposalArgs extends ProposalArgs {
255
+ /**
256
+ * TLS-serialized MLS KeyPackage to be added
257
+ */
258
+ kp: Uint8Array;
259
+ }
260
+ /**
261
+ * Arguments for a proposal of type `Remove`
262
+ */
263
+ export interface RemoveProposalArgs extends ProposalArgs {
264
+ /**
265
+ * Client ID to be removed from the conversation
266
+ */
267
+ clientId: ClientId;
268
+ }
269
+ /**
270
+ * MLS External Proposal type
271
+ */
272
+ export declare const enum ExternalProposalType {
273
+ /**
274
+ * This allows to propose the addition of other clients to the MLS group/conversation
275
+ */
276
+ Add = 0,
277
+ /**
278
+ * This allows to propose the removal of clients from the MLS group/conversation
279
+ */
280
+ Remove = 1
281
+ }
282
+ export interface ExternalProposalArgs {
283
+ /**
284
+ * Conversation ID that is targeted by the external proposal
285
+ */
286
+ conversationId: ConversationId;
287
+ /**
288
+ * MLS Group epoch for the external proposal.
289
+ * This needs to be the current epoch of the group or this proposal **will** be rejected
290
+ */
291
+ epoch: number;
292
+ }
293
+ export interface ExternalRemoveProposalArgs extends ExternalProposalArgs {
294
+ /**
295
+ * KeyPackageRef of the client that needs to be removed in the proposal
296
+ */
297
+ keyPackageRef: Uint8Array;
298
+ }
299
+ /**
300
+ * Wrapper for the WASM-compiled version of CoreCrypto
301
+ */
302
+ export declare class CoreCrypto {
303
+ #private;
304
+ /**
305
+ * This is your entrypoint to initialize {@link CoreCrypto}!
306
+ *
307
+ * @param params - {@link CoreCryptoParams}
308
+ *
309
+ * @example
310
+ * ## Simple init
311
+ * ```ts
312
+ * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
313
+ * // Do the rest with `cc`
314
+ * ```
315
+ *
316
+ * ## Custom Entropy seed init & wasm file location
317
+ * ```ts
318
+ * // FYI, this is the IETF test vector #1
319
+ * const entropySeed = Uint32Array.from([
320
+ * 0xade0b876, 0x903df1a0, 0xe56a5d40, 0x28bd8653,
321
+ * 0xb819d2bd, 0x1aed8da0, 0xccef36a8, 0xc70d778b,
322
+ * 0x7c5941da, 0x8d485751, 0x3fe02477, 0x374ad8b8,
323
+ * 0xf4b8436a, 0x1ca11815, 0x69b687c3, 0x8665eeb2,
324
+ * ]);
325
+ *
326
+ * const wasmFilePath = "/long/complicated/path/on/webserver/whatever.wasm";
327
+ *
328
+ * const cc = await CoreCrypto.init({
329
+ * databaseName: "test",
330
+ * key: "test",
331
+ * clientId: "test",
332
+ * entropySeed,
333
+ * wasmFilePath,
334
+ * });
335
+ * ````
336
+ */
337
+ static init({ databaseName, key, clientId, wasmFilePath, entropySeed }: CoreCryptoParams): Promise<CoreCrypto>;
338
+ /** @hidden */
339
+ private constructor();
340
+ /**
341
+ * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
342
+ *
343
+ * **CAUTION**: This {@link CoreCrypto} instance won't be useable after a call to this method, but there's no way to express this requirement in TypeScript so you'll get errors instead!
344
+ */
345
+ wipe(): Promise<void>;
346
+ /**
347
+ * Closes this {@link CoreCrypto} instance and deallocates all loaded resources
348
+ *
349
+ * **CAUTION**: This {@link CoreCrypto} instance won't be useable after a call to this method, but there's no way to express this requirement in TypeScript so you'll get errors instead!
350
+ */
351
+ close(): Promise<void>;
352
+ /**
353
+ * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
354
+ *
355
+ * @returns Whether the given conversation ID exists
356
+ *
357
+ * @example
358
+ * ```ts
359
+ * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
360
+ * const encoder = new TextEncoder();
361
+ * if (await cc.conversationExists(encoder.encode("my super chat"))) {
362
+ * // Do something
363
+ * } else {
364
+ * // Do something else
365
+ * }
366
+ * ```
367
+ */
368
+ conversationExists(conversationId: ConversationId): Promise<boolean>;
369
+ /**
370
+ * Returns the current epoch of a conversation
371
+ *
372
+ * @returns the epoch of the conversation
373
+ *
374
+ * @example
375
+ * ```ts
376
+ * const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
377
+ * const encoder = new TextEncoder();
378
+ * console.log(await cc.conversationEpoch(encoder.encode("my super chat")))
379
+ * ```
380
+ */
381
+ conversationEpoch(conversationId: ConversationId): Promise<number>;
382
+ /**
383
+ * Wipes and destroys the local storage of a given conversation / MLS group
384
+ *
385
+ * @param conversationId - The ID of the conversation to remove
386
+ */
387
+ wipeConversation(conversationId: ConversationId): Promise<void>;
388
+ /**
389
+ * Creates a new conversation with the current client being the sole member
390
+ * You will want to use {@link CoreCrypto.addClientsToConversation} afterwards to add clients to this conversation
391
+ *
392
+ * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
393
+ * @param configuration.admins - An array of client IDs that will have administrative permissions over the group
394
+ * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
395
+ * @param configuration.keyRotationSpan - The amount of time in milliseconds after which the MLS Keypackages will be rotated
396
+ * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
397
+ */
398
+ createConversation(conversationId: ConversationId, configuration?: ConversationConfiguration): Promise<any>;
399
+ /**
400
+ * Decrypts a message for a given conversation
401
+ *
402
+ * @param conversationId - The ID of the conversation
403
+ * @param payload - The encrypted message buffer
404
+ *
405
+ * @returns Either a {@link DecryptedMessage} payload or `undefined` - This happens when the encrypted payload contains a system message such a proposal or commit
406
+ */
407
+ decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
408
+ /**
409
+ * Encrypts a message for a given conversation
410
+ *
411
+ * @param conversationId - The ID of the conversation
412
+ * @param message - The plaintext message to encrypt
413
+ *
414
+ * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group.
415
+ */
416
+ encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
417
+ /**
418
+ * Ingest a TLS-serialized MLS welcome message to join a an existing MLS group
419
+ *
420
+ * @param welcomeMessage - TLS-serialized MLS Welcome message
421
+ * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
422
+ */
423
+ processWelcomeMessage(welcomeMessage: Uint8Array): Promise<ConversationId>;
424
+ /**
425
+ * @returns The client's public key
426
+ */
427
+ clientPublicKey(): Promise<Uint8Array>;
428
+ /**
429
+ * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
430
+ */
431
+ clientValidKeypackagesCount(): Promise<number>;
432
+ /**
433
+ * Fetches a requested amount of keypackages
434
+ *
435
+ * @param amountRequested - The amount of keypackages requested
436
+ * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
437
+ */
438
+ clientKeypackages(amountRequested: number): Promise<Array<Uint8Array>>;
439
+ /**
440
+ * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
441
+ *
442
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
443
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
444
+ * epoch, use new encryption secrets etc...
445
+ *
446
+ * @param conversationId - The ID of the conversation
447
+ * @param clients - Array of {@link Invitee} (which are Client ID / KeyPackage pairs)
448
+ *
449
+ * @returns A {@link CommitBundle}
450
+ */
451
+ addClientsToConversation(conversationId: ConversationId, clients: Invitee[]): Promise<MemberAddedMessages>;
452
+ /**
453
+ * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
454
+ * to do so, otherwise this operation does nothing.
455
+ *
456
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
457
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
458
+ * epoch, use new encryption secrets etc...
459
+ *
460
+ * @param conversationId - The ID of the conversation
461
+ * @param clientIds - Array of Client IDs to remove.
462
+ *
463
+ * @returns A {@link CommitBundle}, or `undefined` if for any reason, the operation would result in an empty commit
464
+ */
465
+ removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<CommitBundle>;
466
+ /**
467
+ * Creates an update commit which forces every client to update their keypackages in the conversation
468
+ *
469
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
470
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
471
+ * epoch, use new encryption secrets etc...
472
+ *
473
+ * @param conversationId - The ID of the conversation
474
+ *
475
+ * @returns A {@link CommitBundle}
476
+ */
477
+ updateKeyingMaterial(conversationId: ConversationId): Promise<CommitBundle>;
478
+ /**
479
+ * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
480
+ *
481
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
482
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
483
+ * epoch, use new encryption secrets etc...
484
+ *
485
+ * @param conversationId - The ID of the conversation
486
+ *
487
+ * @returns A {@link CommitBundle}
488
+ */
489
+ commitPendingProposals(conversationId: ConversationId): Promise<CommitBundle>;
490
+ /**
491
+ * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
492
+ * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
493
+ * It also contains a Welcome message the Delivery Service will forward to invited clients and
494
+ * an updated PublicGroupState required by clients willing to join the group by an external commit.
495
+ *
496
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
497
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
498
+ * epoch, use new encryption secrets etc...
499
+ *
500
+ * @param conversationId - The ID of the conversation
501
+ * @param clients - Array of {@link Invitee} (which are Client ID / KeyPackage pairs)
502
+ *
503
+ * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
504
+ */
505
+ finalAddClientsToConversation(conversationId: ConversationId, clients: Invitee[]): Promise<TlsCommitBundle>;
506
+ /**
507
+ * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
508
+ * to do so, otherwise this operation does nothing.
509
+ *
510
+ * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
511
+ * It also contains a Welcome message the Delivery Service will forward to invited clients and
512
+ * an updated PublicGroupState required by clients willing to join the group by an external commit.
513
+ *
514
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
515
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
516
+ * epoch, use new encryption secrets etc...
517
+ *
518
+ * @param conversationId - The ID of the conversation
519
+ * @param clientIds - Array of Client IDs to remove.
520
+ *
521
+ * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service, or `undefined` if for any reason, the operation would result in an empty commit
522
+ */
523
+ finalRemoveClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<TlsCommitBundle>;
524
+ /**
525
+ * Creates an update commit which forces every client to update their keypackages in the conversation
526
+ *
527
+ * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
528
+ * It also contains a Welcome message the Delivery Service will forward to invited clients and
529
+ * an updated PublicGroupState required by clients willing to join the group by an external commit.
530
+ *
531
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
532
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
533
+ * epoch, use new encryption secrets etc...
534
+ *
535
+ * @param conversationId - The ID of the conversation
536
+ *
537
+ * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
538
+ */
539
+ finalUpdateKeyingMaterial(conversationId: ConversationId): Promise<TlsCommitBundle>;
540
+ /**
541
+ * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
542
+ *
543
+ * The returned {@link CommitBundle} is a TLS struct that needs to be fanned out to Delivery Service in order to validate the commit.
544
+ * It also contains a Welcome message the Delivery Service will forward to invited clients and
545
+ * an updated PublicGroupState required by clients willing to join the group by an external commit.
546
+ *
547
+ * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
548
+ * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
549
+ * epoch, use new encryption secrets etc...
550
+ *
551
+ * @param conversationId - The ID of the conversation
552
+ *
553
+ * @returns A {@link CommitBundle} byte array to fan out to the Delivery Service
554
+ */
555
+ finalCommitPendingProposals(conversationId: ConversationId): Promise<TlsCommitBundle>;
556
+ /**
557
+ * Creates a new proposal for the provided Conversation ID
558
+ *
559
+ * @param proposalType - The type of proposal, see {@link ProposalType}
560
+ * @param args - The arguments of the proposal, see {@link ProposalArgs}, {@link AddProposalArgs} or {@link RemoveProposalArgs}
561
+ *
562
+ * @returns A {@link ProposalBundle} containing the Proposal and its reference in order to roll it back if necessary
563
+ */
564
+ newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<ProposalBundle>;
565
+ newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalProposalArgs | ExternalRemoveProposalArgs): Promise<Uint8Array>;
566
+ /**
567
+ * Exports public group state for use in external commits
568
+ *
569
+ * @param conversationId - MLS Conversation ID
570
+ * @returns TLS-serialized MLS public group state
571
+ */
572
+ exportGroupState(conversationId: ConversationId): Promise<Uint8Array>;
573
+ /**
574
+ * Allows to create an external commit to "apply" to join a group through its public group state
575
+ *
576
+ * Also see the second step of this process: {@link CoreCrypto.mergePendingGroupFromExternalCommit}
577
+ *
578
+ * @param publicGroupState - The public group state that can be fetched from the backend for a given conversation
579
+ * @returns see {@link MlsConversationInitMessage}
580
+ */
581
+ joinByExternalCommit(publicGroupState: Uint8Array): Promise<MlsConversationInitMessage>;
582
+ /**
583
+ * This is the second step of the process of joining a group through an external commit
584
+ *
585
+ * This step makes the group operational and ready to encrypt/decrypt message
586
+ *
587
+ * @param conversationId - The ID of the conversation
588
+ * @param configuration - Configuration of the group, see {@link ConversationConfiguration}
589
+ */
590
+ mergePendingGroupFromExternalCommit(conversationId: ConversationId, configuration: ConversationConfiguration): Promise<void>;
591
+ /**
592
+ * Allows to mark the latest commit produced as "accepted" and be able to safely merge it
593
+ * into the local group state
594
+ *
595
+ * @param conversationId - The group's ID
596
+ */
597
+ commitAccepted(conversationId: ConversationId): Promise<void>;
598
+ /**
599
+ * Allows {@link CoreCrypto} to act as a CSPRNG provider
600
+ * @note The underlying CSPRNG algorithm is ChaCha20 and takes in account the external seed provider either at init time or provided with {@link CoreCrypto.reseedRng}
601
+ *
602
+ * @param length - The number of bytes to be returned in the `Uint8Array`
603
+ *
604
+ * @returns A `Uint8Array` buffer that contains `length` cryptographically-secure random bytes
605
+ */
606
+ randomBytes(length: number): Promise<Uint8Array>;
607
+ /**
608
+ * Allows to reseed {@link CoreCrypto}'s internal CSPRNG with a new seed.
609
+ *
610
+ * @param seed - **exactly 32** bytes buffer seed
611
+ */
612
+ reseedRng(seed: Uint8Array): Promise<void>;
613
+ /**
614
+ * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions
615
+ * have changed meanwhile.
616
+ *
617
+ * **CAUTION**: only use this when you had an explicit response from the Delivery Service
618
+ * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc..
619
+ *
620
+ * @param conversationId - The group's ID
621
+ * @param proposalRef - A reference to the proposal to delete. You get one when using {@link CoreCrypto.newProposal}
622
+ */
623
+ clear_pending_proposal(conversationId: ConversationId, proposalRef: ProposalRef): Promise<void>;
624
+ /**
625
+ * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions
626
+ * have changed meanwhile.
627
+ *
628
+ * **CAUTION**: only use this when you had an explicit response from the Delivery Service
629
+ * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
630
+ * **DO NOT** use when Delivery Service responds 409, pending state will be renewed
631
+ * in {@link CoreCrypto.decrypt_message}
632
+ *
633
+ * @param conversationId - The group's ID
634
+ */
635
+ clear_pending_commit(conversationId: ConversationId): Promise<void>;
636
+ /**
637
+ * Returns the current version of {@link CoreCrypto}
638
+ *
639
+ * @returns The `core-crypto-ffi` version as defined in its `Cargo.toml` file
640
+ */
641
+ static version(): string;
642
+ }
643
+
644
+ export {};