@wireapp/core-crypto 0.6.0-pre.5 → 0.6.0-rc.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@wireapp/core-crypto",
-    "version": "0.6.0-pre.5",
+    "version": "0.6.0-rc.1",
     "description": "CoreCrypto bindings for the Web",
     "type": "module",
     "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -35,39 +35,61 @@ export declare enum Ciphersuite {
  * Configuration object for new conversations
  */
 export interface ConversationConfiguration {
-	/**
-	 * List of client IDs with administrative permissions
-	 * Note: This is currently unused
-	 */
-	admins?: Uint8Array[];
 	/**
 	 * Conversation ciphersuite
 	 */
 	ciphersuite?: Ciphersuite;
+	/**
+	 * List of client IDs that are allowed to be external senders of commits
+	 */
+	externalSenders?: Uint8Array[];
+	/**
+	 * Implementation specific configuration
+	 */
+	custom?: CustomConfiguration;
+}
+/**
+ * see [core_crypto::prelude::MlsWirePolicy]
+ */
+export declare enum WirePolicy {
+	/**
+	 * Handshake messages are never encrypted
+	 */
+	Plaintext = 1,
+	/**
+	 * Handshake messages are always encrypted
+	 */
+	Ciphertext = 2
+}
+/**
+ * Implementation specific configuration object for a conversation
+ */
+export interface CustomConfiguration {
 	/**
 	 * Duration in seconds after which we will automatically force a self_update commit
 	 * Note: This isn't currently implemented
 	 */
 	keyRotationSpan?: number;
 	/**
-	 * List of client IDs that are allowed to be external senders of commits
+	 * Defines if handshake messages are encrypted or not
+	 * Note: Ciphertext is not currently supported by wire-server
 	 */
-	externalSenders?: Uint8Array[];
+	wirePolicy?: WirePolicy;
 }
 /**
  * Alias for conversation IDs.
  * This is a freeform, uninspected buffer.
  */
-export declare type ConversationId = Uint8Array;
+export type ConversationId = Uint8Array;
 /**
  * Alias for client identifier.
  * This is a freeform, uninspected buffer.
  */
-export declare type ClientId = Uint8Array;
+export type ClientId = Uint8Array;
 /**
  * Alias for proposal reference. It is a byte array of size 16.
  */
-export declare type ProposalRef = Uint8Array;
+export type ProposalRef = Uint8Array;
 /**
  * Data shape for the returned MLS commit & welcome message tuple upon adding clients to a conversation
  */
@@ -182,7 +204,7 @@ export interface CoreCryptoParams {
 	 * MLS Client ID.
 	 * This should stay consistent as it will be verified against the stored signature & identity to validate the persisted credential
 	 */
-	clientId: string;
+	clientId: ClientId;
 	/**
 	 * External PRNG entropy pool seed.
 	 * This **must** be exactly 32 bytes
@@ -435,7 +457,7 @@ export declare class CoreCrypto {
 	 *
 	 * @param clientId - {@link CoreCryptoParams#clientId} but required
 	 */
-	mlsInit(clientId: string): Promise<void>;
+	mlsInit(clientId: ClientId): Promise<void>;
 	/** @hidden */
 	private constructor();
 	/**
@@ -497,10 +519,10 @@ export declare class CoreCrypto {
 	 * You will want to use {@link CoreCrypto.addClientsToConversation} afterwards to add clients to this conversation
 	 *
 	 * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
-	 * @param configuration.admins - An array of client IDs that will have administrative permissions over the group
+	 * @param configuration - configuration of the MLS group
 	 * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
-	 * @param configuration.keyRotationSpan - The amount of time in milliseconds after which the MLS Keypackages will be rotated
 	 * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
+	 * @param configuration.custom - {@link CustomConfiguration}
 	 */
 	createConversation(conversationId: ConversationId, configuration?: ConversationConfiguration): Promise<any>;
 	/**
@@ -522,12 +544,13 @@ export declare class CoreCrypto {
 	 */
 	encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
 	/**
-	 * Ingest a TLS-serialized MLS welcome message to join a an existing MLS group
+	 * Ingest a TLS-serialized MLS welcome message to join an existing MLS group
 	 *
 	 * @param welcomeMessage - TLS-serialized MLS Welcome message
+	 * @param configuration - configuration of the MLS group
 	 * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
 	 */
-	processWelcomeMessage(welcomeMessage: Uint8Array): Promise<ConversationId>;
+	processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: CustomConfiguration): Promise<ConversationId>;
 	/**
 	 * @returns The client's public key
 	 */
@@ -622,17 +645,17 @@ export declare class CoreCrypto {
 	 * bad can happen if you forget to except some storage space wasted.
 	 *
 	 * @param publicGroupState - a TLS encoded PublicGroupState fetched from the Delivery Service
+	 * @param configuration - configuration of the MLS group
 	 * @returns see {@link ConversationInitBundle}
 	 */
-	joinByExternalCommit(publicGroupState: Uint8Array): Promise<ConversationInitBundle>;
+	joinByExternalCommit(publicGroupState: Uint8Array, configuration?: CustomConfiguration): Promise<ConversationInitBundle>;
 	/**
 	 * This merges the commit generated by {@link CoreCrypto.joinByExternalCommit}, persists the group permanently
 	 * and deletes the temporary one. This step makes the group operational and ready to encrypt/decrypt message
 	 *
 	 * @param conversationId - The ID of the conversation
-	 * @param configuration - Configuration of the group, see {@link ConversationConfiguration}
 	 */
-	mergePendingGroupFromExternalCommit(conversationId: ConversationId, configuration: ConversationConfiguration): Promise<void>;
+	mergePendingGroupFromExternalCommit(conversationId: ConversationId): Promise<void>;
 	/**
 	 * In case the external commit generated by {@link CoreCrypto.joinByExternalCommit} is rejected by the Delivery Service, and we
 	 * want to abort this external commit once for all, we can wipe out the pending group from the keystore in order
@@ -720,8 +743,10 @@ export declare class CoreCrypto {
 	 *
 	 * @param sessionId - ID of the Proteus session
 	 * @param envelope - CBOR-encoded Proteus message
+	 *
+	 * @returns A `Uint8Array` containing the message that was sent along with the session handshake
 	 */
-	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array): Promise<void>;
+	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array): Promise<Uint8Array>;
 	/**
 	 * Locally persists a session to the keystore
 	 *
@@ -739,8 +764,10 @@ export declare class CoreCrypto {
 	 * Checks if a session exists
 	 *
 	 * @param sessionId - ID of the Proteus session
+	 *
+	 * @returns whether the session exists or not
 	 */
-	proteusSessionExists(sessionId: string): Promise<void>;
+	proteusSessionExists(sessionId: string): Promise<boolean>;
 	/**
 	 * Decrypt an incoming message for an existing Proteus session
 	 *
@@ -783,15 +810,24 @@ export declare class CoreCrypto {
 	/**
 	 * Proteus session local fingerprint
 	 *
+	 * @param sessionId - ID of the Proteus session
 	 * @returns Hex-encoded public key string
 	 */
 	proteusFingerprintLocal(sessionId: string): Promise<string>;
 	/**
 	 * Proteus session remote fingerprint
 	 *
+	 * @param sessionId - ID of the Proteus session
 	 * @returns Hex-encoded public key string
 	 */
 	proteusFingerprintRemote(sessionId: string): Promise<string>;
+	/**
+	 * Hex-encoded fingerprint of the given prekey
+	 *
+	 * @param prekey - the prekey bundle to get the fingerprint from
+	 * @returns Hex-encoded public key string
+	**/
+	static proteusFingerprintPrekeybundle(prekey: Uint8Array): string;
 	/**
 	 * Imports all the data stored by Cryptobox into the CoreCrypto keystore
 	 *

package/platforms/web/corecrypto.js

@@ -36,6 +36,15 @@ function getObject(idx) { return heap[idx]; }
 
 let heap_next = heap.length;
 
+function addHeapObject(obj) {
+    if (heap_next === heap.length) heap.push(heap.length + 1);
+    const idx = heap_next;
+    heap_next = heap[idx];
+
+    heap[idx] = obj;
+    return idx;
+}
+
 function dropObject(idx) {
     if (idx < 36) return;
     heap[idx] = heap_next;
@@ -48,15 +57,6 @@ function takeObject(idx) {
     return ret;
 }
 
-function addHeapObject(obj) {
-    if (heap_next === heap.length) heap.push(heap.length + 1);
-    const idx = heap_next;
-    heap_next = heap[idx];
-
-    heap[idx] = obj;
-    return idx;
-}
-
 const cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
 
 cachedTextDecoder.decode();
@@ -252,7 +252,7 @@ function makeMutClosure(arg0, arg1, dtor, f) {
 function __wbg_adapter_52(arg0, arg1, arg2) {
     try {
         const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h700a51df4dcb59a1(retptr, arg0, arg1, addHeapObject(arg2));
+        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h150b30eeb1e9e4d8(retptr, arg0, arg1, addHeapObject(arg2));
         var r0 = getInt32Memory0()[retptr / 4 + 0];
         var r1 = getInt32Memory0()[retptr / 4 + 1];
         if (r1) {
@@ -264,7 +264,7 @@ function __wbg_adapter_52(arg0, arg1, arg2) {
 }
 
 function __wbg_adapter_55(arg0, arg1, arg2) {
-    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__he9e5ec6c41a75df4(arg0, arg1, addHeapObject(arg2));
+    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__heba224c0328f088b(arg0, arg1, addHeapObject(arg2));
 }
 
 /**
@@ -328,10 +328,22 @@ function handleError(f, args) {
 function getArrayU8FromWasm0(ptr, len) {
     return getUint8Memory0().subarray(ptr / 1, ptr / 1 + len);
 }
-function __wbg_adapter_217(arg0, arg1, arg2, arg3) {
-    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h880776ea65aca59d(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wbg_adapter_219(arg0, arg1, arg2, arg3) {
+    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h35e2dd043ef02cb8(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 
+/**
+* see [core_crypto::prelude::MlsWirePolicy]
+*/
+const WirePolicy$1 = Object.freeze({
+/**
+* Handshake messages are never encrypted
+*/
+Plaintext:1,"1":"Plaintext",
+/**
+* Handshake messages are always encrypted
+*/
+Ciphertext:2,"2":"Ciphertext", });
 /**
 * see [core_crypto::prelude::CiphersuiteName]
 */
@@ -425,17 +437,15 @@ class ConversationConfiguration {
         wasm$1.__wbg_conversationconfiguration_free(ptr);
     }
     /**
-    * @param {(Uint8Array)[] | undefined} admins
     * @param {number | undefined} ciphersuite
-    * @param {number | undefined} key_rotation_span
     * @param {(Uint8Array)[] | undefined} external_senders
+    * @param {number | undefined} key_rotation_span
+    * @param {number | undefined} wire_policy
     */
-    constructor(admins, ciphersuite, key_rotation_span, external_senders) {
-        var ptr0 = isLikeNone(admins) ? 0 : passArrayJsValueToWasm0(admins, wasm$1.__wbindgen_malloc);
+    constructor(ciphersuite, external_senders, key_rotation_span, wire_policy) {
+        var ptr0 = isLikeNone(external_senders) ? 0 : passArrayJsValueToWasm0(external_senders, wasm$1.__wbindgen_malloc);
         var len0 = WASM_VECTOR_LEN;
-        var ptr1 = isLikeNone(external_senders) ? 0 : passArrayJsValueToWasm0(external_senders, wasm$1.__wbindgen_malloc);
-        var len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.conversationconfiguration_new(ptr0, len0, isLikeNone(ciphersuite) ? 8 : ciphersuite, !isLikeNone(key_rotation_span), isLikeNone(key_rotation_span) ? 0 : key_rotation_span, ptr1, len1);
+        const ret = wasm$1.conversationconfiguration_new(isLikeNone(ciphersuite) ? 8 : ciphersuite, ptr0, len0, !isLikeNone(key_rotation_span), isLikeNone(key_rotation_span) ? 0 : key_rotation_span, isLikeNone(wire_policy) ? 3 : wire_policy);
         return ConversationConfiguration.__wrap(ret);
     }
 }
@@ -502,7 +512,7 @@ class CoreCrypto$1 {
     * see [core_crypto::MlsCentral::try_new]
     * @param {string} path
     * @param {string} key
-    * @param {string} client_id
+    * @param {Uint8Array} client_id
     * @param {Uint8Array | undefined} entropy_seed
     * @returns {Promise<CoreCrypto>}
     */
@@ -511,7 +521,7 @@ class CoreCrypto$1 {
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passStringToWasm0(key, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len1 = WASM_VECTOR_LEN;
-        const ptr2 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const ptr2 = passArray8ToWasm0(client_id, wasm$1.__wbindgen_malloc);
         const len2 = WASM_VECTOR_LEN;
         var ptr3 = isLikeNone(entropy_seed) ? 0 : passArray8ToWasm0(entropy_seed, wasm$1.__wbindgen_malloc);
         var len3 = WASM_VECTOR_LEN;
@@ -537,11 +547,11 @@ class CoreCrypto$1 {
     }
     /**
     * see [core_crypto::MlsCentral::mls_init]
-    * @param {string} client_id
+    * @param {Uint8Array} client_id
     * @returns {Promise<Promise<any>>}
     */
     mls_init(client_id) {
-        const ptr0 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const ptr0 = passArray8ToWasm0(client_id, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
         const ret = wasm$1.corecrypto_mls_init(this.ptr, ptr0, len0);
         return takeObject(ret);
@@ -661,12 +671,16 @@ class CoreCrypto$1 {
     *
     * see [core_crypto::MlsCentral::process_raw_welcome_message]
     * @param {Uint8Array} welcome_message
+    * @param {CustomConfiguration} custom_configuration
     * @returns {Promise<any>}
     */
-    process_welcome_message(welcome_message) {
+    process_welcome_message(welcome_message, custom_configuration) {
         const ptr0 = passArray8ToWasm0(welcome_message, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_process_welcome_message(this.ptr, ptr0, len0);
+        _assertClass(custom_configuration, CustomConfiguration);
+        var ptr1 = custom_configuration.ptr;
+        custom_configuration.ptr = 0;
+        const ret = wasm$1.corecrypto_process_welcome_message(this.ptr, ptr0, len0, ptr1);
         return takeObject(ret);
     }
     /**
@@ -864,12 +878,16 @@ class CoreCrypto$1 {
     *
     * see [core_crypto::MlsCentral::join_by_external_commit]
     * @param {Uint8Array} public_group_state
+    * @param {CustomConfiguration} custom_configuration
     * @returns {Promise<any>}
     */
-    join_by_external_commit(public_group_state) {
+    join_by_external_commit(public_group_state, custom_configuration) {
         const ptr0 = passArray8ToWasm0(public_group_state, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_join_by_external_commit(this.ptr, ptr0, len0);
+        _assertClass(custom_configuration, CustomConfiguration);
+        var ptr1 = custom_configuration.ptr;
+        custom_configuration.ptr = 0;
+        const ret = wasm$1.corecrypto_join_by_external_commit(this.ptr, ptr0, len0, ptr1);
         return takeObject(ret);
     }
     /**
@@ -877,16 +895,12 @@ class CoreCrypto$1 {
     *
     * see [core_crypto::MlsCentral::merge_pending_group_from_external_commit]
     * @param {Uint8Array} conversation_id
-    * @param {ConversationConfiguration} configuration
     * @returns {Promise<any>}
     */
-    merge_pending_group_from_external_commit(conversation_id, configuration) {
+    merge_pending_group_from_external_commit(conversation_id) {
         const ptr0 = passArray8ToWasm0(conversation_id, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
-        _assertClass(configuration, ConversationConfiguration);
-        var ptr1 = configuration.ptr;
-        configuration.ptr = 0;
-        const ret = wasm$1.corecrypto_merge_pending_group_from_external_commit(this.ptr, ptr0, len0, ptr1);
+        const ret = wasm$1.corecrypto_merge_pending_group_from_external_commit(this.ptr, ptr0, len0);
         return takeObject(ret);
     }
     /**
@@ -1139,6 +1153,35 @@ class CoreCrypto$1 {
         return takeObject(ret);
     }
     /**
+    * Returns: [`WasmCryptoResult<String>`]
+    *
+    * see [core_crypto::proteus::ProteusCproteus_fingerprint_prekeybundle]
+    * @param {Uint8Array} prekey
+    * @returns {string}
+    */
+    static proteus_fingerprint_prekeybundle(prekey) {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            const ptr0 = passArray8ToWasm0(prekey, wasm$1.__wbindgen_malloc);
+            const len0 = WASM_VECTOR_LEN;
+            wasm$1.corecrypto_proteus_fingerprint_prekeybundle(retptr, ptr0, len0);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var r2 = getInt32Memory0()[retptr / 4 + 2];
+            var r3 = getInt32Memory0()[retptr / 4 + 3];
+            var ptr1 = r0;
+            var len1 = r1;
+            if (r3) {
+                ptr1 = 0; len1 = 0;
+                throw takeObject(r2);
+            }
+            return getStringFromWasm0(ptr1, len1);
+        } finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+            wasm$1.__wbindgen_free(ptr1, len1);
+        }
+    }
+    /**
     * Returns: [`WasmCryptoResult<()>`]
     *
     * see [core_crypto::proteus::ProteusCentral::cryptobox_migrate]
@@ -1213,6 +1256,38 @@ class CoreCryptoWasmCallbacks {
     }
 }
 /**
+* see [core_crypto::prelude::MlsCustomConfiguration]
+*/
+class CustomConfiguration {
+
+    static __wrap(ptr) {
+        const obj = Object.create(CustomConfiguration.prototype);
+        obj.ptr = ptr;
+
+        return obj;
+    }
+
+    __destroy_into_raw() {
+        const ptr = this.ptr;
+        this.ptr = 0;
+
+        return ptr;
+    }
+
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm$1.__wbg_customconfiguration_free(ptr);
+    }
+    /**
+    * @param {number | undefined} key_rotation_span
+    * @param {number | undefined} wire_policy
+    */
+    constructor(key_rotation_span, wire_policy) {
+        const ret = wasm$1.customconfiguration_new(!isLikeNone(key_rotation_span), isLikeNone(key_rotation_span) ? 0 : key_rotation_span, isLikeNone(wire_policy) ? 3 : wire_policy);
+        return CustomConfiguration.__wrap(ret);
+    }
+}
+/**
 * see [core_crypto::prelude::decrypt::MlsConversationDecryptMessage]
 */
 class DecryptedMessage {
@@ -1497,9 +1572,6 @@ async function load(module, imports) {
 function getImports() {
     const imports = {};
     imports.wbg = {};
-    imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
-        takeObject(arg0);
-    };
     imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
         const ret = getObject(arg0);
         return addHeapObject(ret);
@@ -1509,6 +1581,9 @@ function getImports() {
         const ret = typeof(val) === 'object' && val !== null;
         return ret;
     };
+    imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
+        takeObject(arg0);
+    };
     imports.wbg.__wbg_getwithrefkey_15c62c2b8546208d = function(arg0, arg1) {
         const ret = getObject(arg0)[getObject(arg1)];
         return addHeapObject(ret);
@@ -1521,48 +1596,6 @@ function getImports() {
         const ret = getObject(arg0) in getObject(arg1);
         return ret;
     };
-    imports.wbg.__wbindgen_number_new = function(arg0) {
-        const ret = arg0;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
-        const ret = getStringFromWasm0(arg0, arg1);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_new_1d9a920c6bfc44a8 = function() {
-        const ret = new Array();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_a68214f35c417fa9 = function(arg0, arg1, arg2) {
-        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
-    };
-    imports.wbg.__wbg_new_268f7b7dd3430798 = function() {
-        const ret = new Map();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_new_0b9bfdd97583284e = function() {
-        const ret = new Object();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_933729cf5b66ac11 = function(arg0, arg1, arg2) {
-        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_is_string = function(arg0) {
-        const ret = typeof(getObject(arg0)) === 'string';
-        return ret;
-    };
-    imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) {
-        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
-    };
-    imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
-        const ret = BigInt.asUintN(64, arg0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_bigint_from_i64 = function(arg0) {
-        const ret = arg0;
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_objectStoreNames_8c06c40d2b05141c = function(arg0) {
         const ret = getObject(arg0).objectStoreNames;
         return addHeapObject(ret);
@@ -1571,6 +1604,10 @@ function getImports() {
         const ret = getObject(arg0).length;
         return ret;
     };
+    imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
+        const ret = getStringFromWasm0(arg0, arg1);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbindgen_string_get = function(arg0, arg1) {
         const obj = getObject(arg1);
         const ret = typeof(obj) === 'string' ? obj : undefined;
@@ -1624,10 +1661,18 @@ function getImports() {
         getBigInt64Memory0()[arg0 / 8 + 1] = isLikeNone(ret) ? 0n : ret;
         getInt32Memory0()[arg0 / 4 + 0] = !isLikeNone(ret);
     };
+    imports.wbg.__wbindgen_bigint_from_i64 = function(arg0) {
+        const ret = arg0;
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbindgen_jsval_eq = function(arg0, arg1) {
         const ret = getObject(arg0) === getObject(arg1);
         return ret;
     };
+    imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
+        const ret = BigInt.asUintN(64, arg0);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_isArray_27c46c67f498e15d = function(arg0) {
         const ret = Array.isArray(getObject(arg0));
         return ret;
@@ -1644,6 +1689,17 @@ function getImports() {
         const ret = CoreCrypto$1.__wrap(arg0);
         return addHeapObject(ret);
     };
+    imports.wbg.__wbindgen_number_new = function(arg0) {
+        const ret = arg0;
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) {
+        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
+    };
+    imports.wbg.__wbg_new_0b9bfdd97583284e = function() {
+        const ret = new Object();
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_call_168da88779e35f61 = function() { return handleError(function (arg0, arg1, arg2) {
         const ret = getObject(arg0).call(getObject(arg1), getObject(arg2));
         return addHeapObject(ret);
@@ -1652,10 +1708,6 @@ function getImports() {
         const ret = new Uint8Array(getObject(arg0));
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_push_740e4b286702d964 = function(arg0, arg1) {
-        const ret = getObject(arg0).push(getObject(arg1));
-        return ret;
-    };
     imports.wbg.__wbg_new_9962f939219f1820 = function(arg0, arg1) {
         try {
             var state0 = {a: arg0, b: arg1};
@@ -1663,7 +1715,7 @@ function getImports() {
                 const a = state0.a;
                 state0.a = 0;
                 try {
-                    return __wbg_adapter_217(a, state0.b, arg0, arg1);
+                    return __wbg_adapter_219(a, state0.b, arg0, arg1);
                 } finally {
                     state0.a = a;
                 }
@@ -1674,6 +1726,25 @@ function getImports() {
             state0.a = state0.b = 0;
         }
     };
+    imports.wbg.__wbg_new_1d9a920c6bfc44a8 = function() {
+        const ret = new Array();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_push_740e4b286702d964 = function(arg0, arg1) {
+        const ret = getObject(arg0).push(getObject(arg1));
+        return ret;
+    };
+    imports.wbg.__wbg_new_268f7b7dd3430798 = function() {
+        const ret = new Map();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_933729cf5b66ac11 = function(arg0, arg1, arg2) {
+        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_a68214f35c417fa9 = function(arg0, arg1, arg2) {
+        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
+    };
     imports.wbg.__wbg_call_3999bee59e9f7719 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
         const ret = getObject(arg0).call(getObject(arg1), getObject(arg2), getObject(arg3));
         return addHeapObject(ret);
@@ -1747,6 +1818,17 @@ function getImports() {
     imports.wbg.__wbg_setonerror_d5771cc5bf9ea74c = function(arg0, arg1) {
         getObject(arg0).onerror = getObject(arg1);
     };
+    imports.wbg.__wbg_open_a31c3fe1fdc244eb = function() { return handleError(function (arg0, arg1, arg2) {
+        const ret = getObject(arg0).open(getStringFromWasm0(arg1, arg2));
+        return addHeapObject(ret);
+    }, arguments) };
+    imports.wbg.__wbg_open_c5d5fb2df44b9d10 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
+        const ret = getObject(arg0).open(getStringFromWasm0(arg1, arg2), arg3 >>> 0);
+        return addHeapObject(ret);
+    }, arguments) };
+    imports.wbg.__wbg_setonupgradeneeded_17d0b9530f1e0cac = function(arg0, arg1) {
+        getObject(arg0).onupgradeneeded = getObject(arg1);
+    };
     imports.wbg.__wbg_put_84e7fc93eee27b28 = function() { return handleError(function (arg0, arg1, arg2) {
         const ret = getObject(arg0).put(getObject(arg1), getObject(arg2));
         return addHeapObject(ret);
@@ -1755,6 +1837,10 @@ function getImports() {
         const ret = getObject(arg0).put(getObject(arg1));
         return addHeapObject(ret);
     }, arguments) };
+    imports.wbg.__wbg_delete_8abedd1043b4105d = function() { return handleError(function (arg0, arg1) {
+        const ret = getObject(arg0).delete(getObject(arg1));
+        return addHeapObject(ret);
+    }, arguments) };
     imports.wbg.__wbg_openCursor_e036069f0e326708 = function() { return handleError(function (arg0, arg1) {
         const ret = getObject(arg0).openCursor(getObject(arg1));
         return addHeapObject(ret);
@@ -1763,18 +1849,6 @@ function getImports() {
         const ret = getObject(arg0).openCursor();
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_count_b0e88953a0ea909c = function() { return handleError(function (arg0) {
-        const ret = getObject(arg0).count();
-        return addHeapObject(ret);
-    }, arguments) };
-    imports.wbg.__wbg_count_46eda68a16dbe30e = function() { return handleError(function (arg0, arg1) {
-        const ret = getObject(arg0).count(getObject(arg1));
-        return addHeapObject(ret);
-    }, arguments) };
-    imports.wbg.__wbg_delete_8abedd1043b4105d = function() { return handleError(function (arg0, arg1) {
-        const ret = getObject(arg0).delete(getObject(arg1));
-        return addHeapObject(ret);
-    }, arguments) };
     imports.wbg.__wbg_get_6285bf458a1ee758 = function() { return handleError(function (arg0, arg1) {
         const ret = getObject(arg0).get(getObject(arg1));
         return addHeapObject(ret);
@@ -1799,24 +1873,21 @@ function getImports() {
         const ret = getObject(arg0).openCursor(getObject(arg1));
         return addHeapObject(ret);
     }, arguments) };
+    imports.wbg.__wbg_close_5a04b9ce11dade22 = function(arg0) {
+        getObject(arg0).close();
+    };
     imports.wbg.__wbg_deleteDatabase_f6454de6a88aebde = function() { return handleError(function (arg0, arg1, arg2) {
         const ret = getObject(arg0).deleteDatabase(getStringFromWasm0(arg1, arg2));
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_close_5a04b9ce11dade22 = function(arg0) {
-        getObject(arg0).close();
-    };
-    imports.wbg.__wbg_open_a31c3fe1fdc244eb = function() { return handleError(function (arg0, arg1, arg2) {
-        const ret = getObject(arg0).open(getStringFromWasm0(arg1, arg2));
+    imports.wbg.__wbg_count_b0e88953a0ea909c = function() { return handleError(function (arg0) {
+        const ret = getObject(arg0).count();
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_open_c5d5fb2df44b9d10 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
-        const ret = getObject(arg0).open(getStringFromWasm0(arg1, arg2), arg3 >>> 0);
+    imports.wbg.__wbg_count_46eda68a16dbe30e = function() { return handleError(function (arg0, arg1) {
+        const ret = getObject(arg0).count(getObject(arg1));
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_setonupgradeneeded_17d0b9530f1e0cac = function(arg0, arg1) {
-        getObject(arg0).onupgradeneeded = getObject(arg1);
-    };
     imports.wbg.__wbg_randomFillSync_6894564c2c334c42 = function() { return handleError(function (arg0, arg1, arg2) {
         getObject(arg0).randomFillSync(getArrayU8FromWasm0(arg1, arg2));
     }, arguments) };
@@ -1847,6 +1918,10 @@ function getImports() {
         const ret = getObject(arg0).node;
         return addHeapObject(ret);
     };
+    imports.wbg.__wbindgen_is_string = function(arg0) {
+        const ret = typeof(getObject(arg0)) === 'string';
+        return ret;
+    };
     imports.wbg.__wbg_require_78a3dcfbdba9cbce = function() { return handleError(function () {
         const ret = module.require;
         return addHeapObject(ret);
@@ -1934,10 +2009,6 @@ function getImports() {
         const ret = getObject(arg0).result;
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbg_error_aacf5ac191e54ed0 = function() { return handleError(function (arg0) {
-        const ret = getObject(arg0).error;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    }, arguments) };
     imports.wbg.__wbg_contains_6cf516181cd86571 = function(arg0, arg1, arg2) {
         const ret = getObject(arg0).contains(getStringFromWasm0(arg1, arg2));
         return ret;
@@ -1964,6 +2035,10 @@ function getImports() {
     imports.wbg.__wbg_deleteObjectStore_1b698c5fd1bc077d = function() { return handleError(function (arg0, arg1, arg2) {
         getObject(arg0).deleteObjectStore(getStringFromWasm0(arg1, arg2));
     }, arguments) };
+    imports.wbg.__wbg_error_aacf5ac191e54ed0 = function() { return handleError(function (arg0) {
+        const ret = getObject(arg0).error;
+        return isLikeNone(ret) ? 0 : addHeapObject(ret);
+    }, arguments) };
     imports.wbg.__wbindgen_is_falsy = function(arg0) {
         const ret = !getObject(arg0);
         return ret;
@@ -2064,12 +2139,12 @@ function getImports() {
         const ret = getObject(arg0).objectStore(getStringFromWasm0(arg1, arg2));
         return addHeapObject(ret);
     }, arguments) };
-    imports.wbg.__wbindgen_closure_wrapper2358 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 123, __wbg_adapter_52);
+    imports.wbg.__wbindgen_closure_wrapper2363 = function(arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 122, __wbg_adapter_52);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper3780 = function(arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 123, __wbg_adapter_55);
+    imports.wbg.__wbindgen_closure_wrapper3837 = function(arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 122, __wbg_adapter_55);
         return addHeapObject(ret);
     };
 
@@ -2119,12 +2194,14 @@ async function init(input) {
 var exports = /*#__PURE__*/Object.freeze({
     __proto__: null,
     version: version,
+    WirePolicy: WirePolicy$1,
     Ciphersuite: Ciphersuite$1,
     CommitBundle: CommitBundle,
     ConversationConfiguration: ConversationConfiguration,
     ConversationInitBundle: ConversationInitBundle,
     CoreCrypto: CoreCrypto$1,
     CoreCryptoWasmCallbacks: CoreCryptoWasmCallbacks,
+    CustomConfiguration: CustomConfiguration,
     DecryptedMessage: DecryptedMessage,
     Invitee: Invitee,
     MemberAddedMessages: MemberAddedMessages,
@@ -2137,7 +2214,7 @@ var exports = /*#__PURE__*/Object.freeze({
 var wasm = async (opt = {}) => {
                 let {importHook, serverPath} = opt;
 
-                let path = "assets/core_crypto_ffi-bf5877ee.wasm";
+                let path = "assets/core_crypto_ffi-b8c4f151.wasm";
 
                 if (serverPath != null) {
                     path = serverPath + /[^\/\\]*$/.exec(path)[0];
@@ -2188,6 +2265,20 @@ var Ciphersuite;
     */
     Ciphersuite[Ciphersuite["MLS_256_DHKEMP384_AES256GCM_SHA384_P384"] = 7] = "MLS_256_DHKEMP384_AES256GCM_SHA384_P384";
 })(Ciphersuite || (Ciphersuite = {}));
+/**
+ * see [core_crypto::prelude::MlsWirePolicy]
+ */
+var WirePolicy;
+(function (WirePolicy) {
+    /**
+     * Handshake messages are never encrypted
+     */
+    WirePolicy[WirePolicy["Plaintext"] = 1] = "Plaintext";
+    /**
+     * Handshake messages are always encrypted
+     */
+    WirePolicy[WirePolicy["Ciphertext"] = 2] = "Ciphertext";
+})(WirePolicy || (WirePolicy = {}));
 /**
  * Informs whether the PublicGroupState is confidential
  * see [core_crypto::mls::conversation::public_group_state::PublicGroupStateEncryptionType]
@@ -2258,12 +2349,6 @@ var ExternalProposalType;
  * Wrapper for the WASM-compiled version of CoreCrypto
  */
 class CoreCrypto {
-    /** @hidden */
-    constructor(cc) {
-        /** @hidden */
-        _CoreCrypto_cc.set(this, void 0);
-        __classPrivateFieldSet(this, _CoreCrypto_cc, cc, "f");
-    }
     /**
      * This is your entrypoint to initialize {@link CoreCrypto}!
      *
@@ -2329,6 +2414,12 @@ class CoreCrypto {
     async mlsInit(clientId) {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_init(clientId);
     }
+    /** @hidden */
+    constructor(cc) {
+        /** @hidden */
+        _CoreCrypto_cc.set(this, void 0);
+        __classPrivateFieldSet(this, _CoreCrypto_cc, cc, "f");
+    }
     /**
      * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
      *
@@ -2401,14 +2492,14 @@ class CoreCrypto {
      * You will want to use {@link CoreCrypto.addClientsToConversation} afterwards to add clients to this conversation
      *
      * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
-     * @param configuration.admins - An array of client IDs that will have administrative permissions over the group
+     * @param configuration - configuration of the MLS group
      * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
-     * @param configuration.keyRotationSpan - The amount of time in milliseconds after which the MLS Keypackages will be rotated
      * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
+     * @param configuration.custom - {@link CustomConfiguration}
      */
     async createConversation(conversationId, configuration = {}) {
-        const { admins, ciphersuite, keyRotationSpan, externalSenders } = configuration || {};
-        const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).ConversationConfiguration)(admins, ciphersuite, keyRotationSpan, externalSenders);
+        const { ciphersuite, externalSenders, custom = {} } = configuration || {};
+        const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).ConversationConfiguration)(ciphersuite, externalSenders, custom?.keyRotationSpan);
         const ret = await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").create_conversation(conversationId, config);
         return ret;
     }
@@ -2447,13 +2538,16 @@ class CoreCrypto {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").encrypt_message(conversationId, message);
     }
     /**
-     * Ingest a TLS-serialized MLS welcome message to join a an existing MLS group
+     * Ingest a TLS-serialized MLS welcome message to join an existing MLS group
      *
      * @param welcomeMessage - TLS-serialized MLS Welcome message
+     * @param configuration - configuration of the MLS group
      * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
      */
-    async processWelcomeMessage(welcomeMessage) {
-        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").process_welcome_message(welcomeMessage);
+    async processWelcomeMessage(welcomeMessage, configuration = {}) {
+        const { keyRotationSpan, wirePolicy } = configuration || {};
+        const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).CustomConfiguration)(keyRotationSpan, wirePolicy);
+        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").process_welcome_message(welcomeMessage, config);
     }
     /**
      * @returns The client's public key
@@ -2647,10 +2741,13 @@ class CoreCrypto {
      * bad can happen if you forget to except some storage space wasted.
      *
      * @param publicGroupState - a TLS encoded PublicGroupState fetched from the Delivery Service
+     * @param configuration - configuration of the MLS group
      * @returns see {@link ConversationInitBundle}
      */
-    async joinByExternalCommit(publicGroupState) {
-        const ffiInitMessage = await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").join_by_external_commit(publicGroupState);
+    async joinByExternalCommit(publicGroupState, configuration = {}) {
+        const { keyRotationSpan, wirePolicy } = configuration || {};
+        const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).CustomConfiguration)(keyRotationSpan, wirePolicy);
+        const ffiInitMessage = await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").join_by_external_commit(publicGroupState, config);
         const pgs = ffiInitMessage.public_group_state;
         const ret = {
             conversationId: ffiInitMessage.conversation_id,
@@ -2668,12 +2765,9 @@ class CoreCrypto {
      * and deletes the temporary one. This step makes the group operational and ready to encrypt/decrypt message
      *
      * @param conversationId - The ID of the conversation
-     * @param configuration - Configuration of the group, see {@link ConversationConfiguration}
      */
-    async mergePendingGroupFromExternalCommit(conversationId, configuration) {
-        const { admins, ciphersuite, keyRotationSpan, externalSenders } = configuration || {};
-        const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).ConversationConfiguration)(admins, ciphersuite, keyRotationSpan, externalSenders);
-        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").merge_pending_group_from_external_commit(conversationId, config);
+    async mergePendingGroupFromExternalCommit(conversationId) {
+        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").merge_pending_group_from_external_commit(conversationId);
     }
     /**
      * In case the external commit generated by {@link CoreCrypto.joinByExternalCommit} is rejected by the Delivery Service, and we
@@ -2785,6 +2879,8 @@ class CoreCrypto {
      *
      * @param sessionId - ID of the Proteus session
      * @param envelope - CBOR-encoded Proteus message
+     *
+     * @returns A `Uint8Array` containing the message that was sent along with the session handshake
      */
     async proteusSessionFromMessage(sessionId, envelope) {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_session_from_message(sessionId, envelope);
@@ -2810,6 +2906,8 @@ class CoreCrypto {
      * Checks if a session exists
      *
      * @param sessionId - ID of the Proteus session
+     *
+     * @returns whether the session exists or not
      */
     async proteusSessionExists(sessionId) {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_session_exists(sessionId);
@@ -2866,6 +2964,7 @@ class CoreCrypto {
     /**
      * Proteus session local fingerprint
      *
+     * @param sessionId - ID of the Proteus session
      * @returns Hex-encoded public key string
      */
     async proteusFingerprintLocal(sessionId) {
@@ -2874,11 +2973,21 @@ class CoreCrypto {
     /**
      * Proteus session remote fingerprint
      *
+     * @param sessionId - ID of the Proteus session
      * @returns Hex-encoded public key string
      */
     async proteusFingerprintRemote(sessionId) {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_fingerprint_remote(sessionId);
     }
+    /**
+     * Hex-encoded fingerprint of the given prekey
+     *
+     * @param prekey - the prekey bundle to get the fingerprint from
+     * @returns Hex-encoded public key string
+    **/
+    static proteusFingerprintPrekeybundle(prekey) {
+        return __classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto.proteus_fingerprint_prekeybundle(prekey);
+    }
     /**
      * Imports all the data stored by Cryptobox into the CoreCrypto keystore
      *
@@ -2903,4 +3012,4 @@ _a = CoreCrypto, _CoreCrypto_cc = new WeakMap();
 /** @hidden */
 _CoreCrypto_module = { value: void 0 };
 
-export { Ciphersuite, CoreCrypto, ExternalProposalType, ProposalType, PublicGroupStateEncryptionType, RatchetTreeType };
+export { Ciphersuite, CoreCrypto, ExternalProposalType, ProposalType, PublicGroupStateEncryptionType, RatchetTreeType, WirePolicy };