@wireapp/core-crypto 0.6.0-rc.6 → 0.6.0-rc.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "0.6.0-rc.6",
+  "version": "0.6.0-rc.8",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -1,124 +1,3 @@
-declare class FfiWireE2EIdentity {
-	free(): void;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::directory_response]
-	* @param {Uint8Array} directory
-	* @returns {any}
-	*/
-	directory_response(directory: Uint8Array): any;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_account_request]
-	* @param {any} directory
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	new_account_request(directory: any, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_account_response]
-	* @param {Uint8Array} account
-	* @returns {Uint8Array}
-	*/
-	new_account_response(account: Uint8Array): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_order_request]
-	* @param {string} handle
-	* @param {string} client_id
-	* @param {number} expiry_days
-	* @param {any} directory
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	new_order_request(handle: string, client_id: string, expiry_days: number, directory: any, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_order_response]
-	* @param {Uint8Array} order
-	* @returns {any}
-	*/
-	new_order_response(order: Uint8Array): any;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_request]
-	* @param {string} url
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	new_authz_request(url: string, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_response]
-	* @param {Uint8Array} authz
-	* @returns {any}
-	*/
-	new_authz_response(authz: Uint8Array): any;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::create_dpop_token]
-	* @param {string} access_token_url
-	* @param {string} user_id
-	* @param {bigint} client_id
-	* @param {string} domain
-	* @param {any} client_id_challenge
-	* @param {string} backend_nonce
-	* @param {number} expiry_days
-	* @returns {string}
-	*/
-	create_dpop_token(access_token_url: string, user_id: string, client_id: bigint, domain: string, client_id_challenge: any, backend_nonce: string, expiry_days: number): string;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_challenge_request]
-	* @param {any} handle_challenge
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	new_challenge_request(handle_challenge: any, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::new_challenge_response]
-	* @param {Uint8Array} challenge
-	*/
-	new_challenge_response(challenge: Uint8Array): void;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::check_order_request]
-	* @param {string} order_url
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	check_order_request(order_url: string, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::check_order_response]
-	* @param {Uint8Array} order
-	* @returns {Uint8Array}
-	*/
-	check_order_response(order: Uint8Array): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request]
-	* @param {(Uint8Array)[]} domains
-	* @param {Uint8Array} order
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	finalize_request(domains: (Uint8Array)[], order: Uint8Array, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::finalize_response]
-	* @param {Uint8Array} finalize
-	* @returns {any}
-	*/
-	finalize_response(finalize: Uint8Array): any;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::certificate_request]
-	* @param {any} finalize
-	* @param {Uint8Array} account
-	* @param {string} previous_nonce
-	* @returns {Uint8Array}
-	*/
-	certificate_request(finalize: any, account: Uint8Array, previous_nonce: string): Uint8Array;
-	/**
-	* See [core_crypto::e2e_identity::WireE2eIdentity::certificate_response]
-	* @param {string} certificate_chain
-	* @returns {(Uint8Array)[]}
-	*/
-	certificate_response(certificate_chain: string): (Uint8Array)[];
-}
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
  *
@@ -529,7 +408,7 @@ export interface CoreCryptoCallbacks {
 	 * @param clientId - id of the client performing an operation requiring authorization
 	 * @returns whether the user is authorized by the logic layer to perform the operation
 	 */
-	authorize: (conversationId: Uint8Array, clientId: Uint8Array) => boolean;
+	authorize: (conversationId: Uint8Array, clientId: Uint8Array) => Promise<boolean>;
 	/**
 	 * A mix between {@link authorize} and {@link clientIsExistingGroupUser}. We currently use this callback to verify
 	 * external commits to join a group ; in such case, the client has to:
@@ -541,7 +420,7 @@ export interface CoreCryptoCallbacks {
 	 * @param existingClients - all the clients currently within the MLS group
 	 * @returns true if the external client is authorized to write to the conversation
 	 */
-	userAuthorize: (conversationId: Uint8Array, externalClientId: Uint8Array, existingClients: Uint8Array[]) => boolean;
+	userAuthorize: (conversationId: Uint8Array, externalClientId: Uint8Array, existingClients: Uint8Array[]) => Promise<boolean>;
 	/**
 	 * Callback to ensure that the given `clientId` belongs to one of the provided `existingClients`
 	 * This basically allows to defer the client ID parsing logic to the caller - because CoreCrypto is oblivious to such things
@@ -550,7 +429,7 @@ export interface CoreCryptoCallbacks {
 	 * @param clientId - id of a client
 	 * @param existingClients - all the clients currently within the MLS group
 	 */
-	clientIsExistingGroupUser: (conversationId: Uint8Array, clientId: Uint8Array, existingClients: Uint8Array[]) => boolean;
+	clientIsExistingGroupUser: (conversationId: Uint8Array, clientId: Uint8Array, existingClients: Uint8Array[]) => Promise<boolean>;
 }
 /**
  * Wrapper for the WASM-compiled version of CoreCrypto
@@ -605,6 +484,22 @@ export declare class CoreCrypto {
 	 * @param clientId - {@link CoreCryptoParams#clientId} but required
 	 */
 	mlsInit(clientId: ClientId): Promise<void>;
+	/**
+	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
+	 * This method is designed to be used in conjunction with {@link CoreCrypto.mlsInitWithClientID} and represents the first step in this process
+	 *
+	 * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
+	 */
+	mlsGenerateKeypair(): Promise<Uint8Array>;
+	/**
+	 * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
+	 *
+	 * Important: This is designed to be called after {@link CoreCrypto.mlsGenerateKeyPair}
+	 *
+	 * @param clientId - The newly-allocated client ID by the MLS Authentication Service
+	 * @param signaturePublicKey - The public key you were given at the first step; This is for authentication purposes
+	 */
+	mlsInitWithClientId(clientId: ClientId, signaturePublicKey: Uint8Array): Promise<void>;
 	/** @hidden */
 	private constructor();
 	/**
@@ -624,7 +519,7 @@ export declare class CoreCrypto {
 	 *
 	 * @param callbacks - Any interface following the {@link CoreCryptoCallbacks} interface
 	 */
-	registerCallbacks(callbacks: CoreCryptoCallbacks): void;
+	registerCallbacks(callbacks: CoreCryptoCallbacks, ctx?: any): Promise<void>;
 	/**
 	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
 	 *
@@ -952,9 +847,19 @@ export declare class CoreCrypto {
 	/**
 	 * Creates a new prekey with an automatically generated ID..
 	 *
-	 * @returns: A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
+	 * @returns A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
 	 */
 	proteusNewPrekeyAuto(): Promise<Uint8Array>;
+	/**
+	 * Proteus last resort prekey stuff
+	 *
+	 * @returns A CBOR-serialize version of the PreKeyBundle associated with the last resort PreKey (holding the last resort prekey id)
+	 */
+	proteusLastResortPrekey(): Promise<Uint8Array>;
+	/**
+	 * @returns The last resort PreKey id
+	 */
+	static proteusLastResortPrekeyId(): number;
 	/**
 	 * Proteus public key fingerprint
 	 * It's basically the public key encoded as an hex string
@@ -997,12 +902,12 @@ export declare class CoreCrypto {
 	/**
 	 * Creates an enrollment instance with private key material you can use in order to fetch
 	 * a new x509 certificate from the acme server.
-	 * Make sure to call [WireE2eIdentity::free] (not yet available) to dispose this instance and its associated
+	 * Make sure to call {@link WireE2eIdentity.free} to dispose this instance and its associated
 	 * keying material.
 	 *
 	 * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
 	 */
-	newAcmeEnrollment(): Promise<WireE2eIdentity>;
+	newAcmeEnrollment(ciphersuite?: Ciphersuite): Promise<WireE2eIdentity>;
 	/**
 	 * Returns the current version of {@link CoreCrypto}
 	 *
@@ -1016,7 +921,8 @@ type AcmeOrder = Uint8Array;
 export declare class WireE2eIdentity {
 	#private;
 	/** @hidden */
-	constructor(e2ei: CoreCryptoFfiTypes.FfiWireE2EIdentity);
+	constructor(e2ei: unknown);
+	free(): void;
 	/**
 	 * Parses the response from `GET /acme/{provisioner-name}/directory`.
 	 * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
@@ -1133,13 +1039,13 @@ export declare class WireE2eIdentity {
 	/**
 	 * Final step before fetching the certificate.
 	 *
-	 * @param domains you want to generate a certificate for e.g. `["wire.com"]`
-	 * @param order you got from {@link checkOrderResponse}
-	 * @param account you found after {@link newAccountResponse}
-	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
+	 * @param domains - domains you want to generate a certificate for e.g. `["wire.com"]`
+	 * @param order - order you got from {@link checkOrderResponse}
+	 * @param account - account you found after {@link newAccountResponse}
+	 * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeRequest(domains: Uint8Array[], order: AcmeOrder, account: AcmeAccount, previousNonce: string): JsonRawData;
+	finalizeRequest(domains: string[], order: AcmeOrder, account: AcmeAccount, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
 	 *

package/platforms/web/corecrypto.js

@@ -228,7 +228,7 @@ function makeMutClosure(arg0, arg1, dtor, f) {
 function __wbg_adapter_52(arg0, arg1, arg2) {
     try {
         const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h017e8b5914b4ce6e(retptr, arg0, arg1, addHeapObject(arg2));
+        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h0b669391a1ca469a(retptr, arg0, arg1, addHeapObject(arg2));
         var r0 = getInt32Memory0()[retptr / 4 + 0];
         var r1 = getInt32Memory0()[retptr / 4 + 1];
         if (r1) {
@@ -240,7 +240,7 @@ function __wbg_adapter_52(arg0, arg1, arg2) {
     }
 }
 function __wbg_adapter_55(arg0, arg1, arg2) {
-    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h2cd85c49913904d9(arg0, arg1, addHeapObject(arg2));
+    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__ha3d8e2730fb8635e(arg0, arg1, addHeapObject(arg2));
 }
 function _assertClass(instance, klass) {
     if (!(instance instanceof klass)) {
@@ -279,23 +279,6 @@ function getArrayJsValueFromWasm0(ptr, len) {
     }
     return result;
 }
-/**
-* Returns the current version of CoreCrypto
-* @returns {string}
-*/
-function version() {
-    try {
-        const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1.version(retptr);
-        var r0 = getInt32Memory0()[retptr / 4 + 0];
-        var r1 = getInt32Memory0()[retptr / 4 + 1];
-        return getStringFromWasm0(r0, r1);
-    }
-    finally {
-        wasm$1.__wbindgen_add_to_stack_pointer(16);
-        wasm$1.__wbindgen_free(r0, r1);
-    }
-}
 function handleError(f, args) {
     try {
         return f.apply(this, args);
@@ -307,8 +290,8 @@ function handleError(f, args) {
 function getArrayU8FromWasm0(ptr, len) {
     return getUint8Memory0().subarray(ptr / 1, ptr / 1 + len);
 }
-function __wbg_adapter_263(arg0, arg1, arg2, arg3) {
-    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h8cd39efe380c2d83(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wbg_adapter_271(arg0, arg1, arg2, arg3) {
+    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h191981cd1d6b08cc(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 /**
 * see [core_crypto::prelude::MlsWirePolicy]
@@ -659,6 +642,23 @@ let CoreCrypto$1 = class CoreCrypto {
         wasm$1.__wbg_corecrypto_free(ptr);
     }
     /**
+    * Returns the current version of CoreCrypto
+    * @returns {string}
+    */
+    static version() {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.corecrypto_version(retptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            return getStringFromWasm0(r0, r1);
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+            wasm$1.__wbindgen_free(r0, r1);
+        }
+    }
+    /**
     * see [core_crypto::MlsCentral::try_new]
     * @param {string} path
     * @param {string} key
@@ -707,6 +707,32 @@ let CoreCrypto$1 = class CoreCrypto {
         return takeObject(ret);
     }
     /**
+    * Returns [`WasmCryptoResult<Vec<u8>>`]
+    *
+    * See [core_crypto::MlsCentral::mls_generate_keypair]
+    * @returns {Promise<any>}
+    */
+    mls_generate_keypair() {
+        const ret = wasm$1.corecrypto_mls_generate_keypair(this.ptr);
+        return takeObject(ret);
+    }
+    /**
+    * Returns [`WasmCryptoResult<()>`]
+    *
+    * See [core_crypto::MlsCentral::mls_init_with_client_id]
+    * @param {Uint8Array} client_id
+    * @param {Uint8Array} signature_public_key
+    * @returns {Promise<any>}
+    */
+    mls_init_with_client_id(client_id, signature_public_key) {
+        const ptr0 = passArray8ToWasm0(client_id, wasm$1.__wbindgen_malloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passArray8ToWasm0(signature_public_key, wasm$1.__wbindgen_malloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_mls_init_with_client_id(this.ptr, ptr0, len0, ptr1, len1);
+        return takeObject(ret);
+    }
+    /**
     * Returns: [`WasmCryptoResult<()>`]
     *
     * see [core_crypto::MlsCentral::close]
@@ -1227,7 +1253,7 @@ let CoreCrypto$1 = class CoreCrypto {
     * see [core_crypto::proteus::ProteusCentral::encrypt]
     * @param {string} session_id
     * @param {Uint8Array} plaintext
-    * @returns {Promise<Uint8Array>}
+    * @returns {Promise<Promise<any>>}
     */
     proteus_encrypt(session_id, plaintext) {
         const ptr0 = passStringToWasm0(session_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
@@ -1243,7 +1269,7 @@ let CoreCrypto$1 = class CoreCrypto {
     * see [core_crypto::proteus::ProteusCentral::encrypt_batched]
     * @param {(string)[]} sessions
     * @param {Uint8Array} plaintext
-    * @returns {Promise<Map<any, any>>}
+    * @returns {Promise<any>}
     */
     proteus_encrypt_batched(sessions, plaintext) {
         const ptr0 = passArrayJsValueToWasm0(sessions, wasm$1.__wbindgen_malloc);
@@ -1258,7 +1284,7 @@ let CoreCrypto$1 = class CoreCrypto {
     *
     * see [core_crypto::proteus::ProteusCentral::new_prekey]
     * @param {number} prekey_id
-    * @returns {Promise<Uint8Array>}
+    * @returns {Promise<Promise<any>>}
     */
     proteus_new_prekey(prekey_id) {
         const ret = wasm$1.corecrypto_proteus_new_prekey(this.ptr, prekey_id);
@@ -1268,13 +1294,45 @@ let CoreCrypto$1 = class CoreCrypto {
     * Returns: [`WasmCryptoResult<Uint8Array>`]
     *
     * see [core_crypto::proteus::ProteusCentral::new_prekey]
-    * @returns {Promise<Uint8Array>}
+    * @returns {Promise<Promise<any>>}
     */
     proteus_new_prekey_auto() {
         const ret = wasm$1.corecrypto_proteus_new_prekey_auto(this.ptr);
         return takeObject(ret);
     }
     /**
+    * Returns [`WasmCryptoResult<Uint8Array>`]
+    *
+    * see [core_crypto::proteus::ProteusCentral::last_resort_prekey]
+    * @returns {Promise<any>}
+    */
+    proteus_last_resort_prekey() {
+        const ret = wasm$1.corecrypto_proteus_last_resort_prekey(this.ptr);
+        return takeObject(ret);
+    }
+    /**
+    * Returns: [`WasmCryptoResult<u16>`]
+    *
+    * see [core_crypto::proteus::ProteusCentral::last_resort_prekey_id]
+    * @returns {number}
+    */
+    static proteus_last_resort_prekey_id() {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.corecrypto_proteus_last_resort_prekey_id(retptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var r2 = getInt32Memory0()[retptr / 4 + 2];
+            if (r2) {
+                throw takeObject(r1);
+            }
+            return r0;
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
+    }
+    /**
     * Returns: [`WasmCryptoResult<String>`]
     *
     * see [core_crypto::proteus::ProteusCentral::fingerprint]
@@ -1421,9 +1479,10 @@ class CoreCryptoWasmCallbacks {
     * @param {Function} authorize
     * @param {Function} user_authorize
     * @param {Function} client_is_existing_group_user
+    * @param {any} ctx
     */
-    constructor(authorize, user_authorize, client_is_existing_group_user) {
-        const ret = wasm$1.corecryptowasmcallbacks_new(addHeapObject(authorize), addHeapObject(user_authorize), addHeapObject(client_is_existing_group_user));
+    constructor(authorize, user_authorize, client_is_existing_group_user, ctx) {
+        const ret = wasm$1.corecryptowasmcallbacks_new(addHeapObject(authorize), addHeapObject(user_authorize), addHeapObject(client_is_existing_group_user), addHeapObject(ctx));
         return CoreCryptoWasmCallbacks.__wrap(ret);
     }
 }
@@ -1838,7 +1897,7 @@ class FfiWireE2EIdentity {
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request]
-    * @param {(Uint8Array)[]} domains
+    * @param {(string)[]} domains
     * @param {Uint8Array} order
     * @param {Uint8Array} account
     * @param {string} previous_nonce
@@ -2244,9 +2303,27 @@ async function load(module, imports) {
 function getImports() {
     const imports = {};
     imports.wbg = {};
+    imports.wbg.__wbg_new_f9876326328f45ed = function () {
+        const ret = new Object();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_new_b525de17f44a8943 = function () {
+        const ret = new Array();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_17224bc548dd1d7b = function (arg0, arg1, arg2) {
+        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
+    };
+    imports.wbg.__wbg_set_20cbc34131e76824 = function (arg0, arg1, arg2) {
+        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
+    };
     imports.wbg.__wbindgen_object_drop_ref = function (arg0) {
         takeObject(arg0);
     };
+    imports.wbg.__wbindgen_number_new = function (arg0) {
+        const ret = arg0;
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbindgen_object_clone_ref = function (arg0) {
         const ret = getObject(arg0);
         return addHeapObject(ret);
@@ -2296,20 +2373,20 @@ function getImports() {
         const ret = getObject(arg0).length;
         return ret;
     };
-    imports.wbg.__wbg_new_537b7341ce90bb31 = function (arg0) {
-        const ret = new Uint8Array(getObject(arg0));
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_call_9495de66fdbe016b = function () {
         return handleError(function (arg0, arg1, arg2) {
             const ret = getObject(arg0).call(getObject(arg1), getObject(arg2));
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbg_new_f9876326328f45ed = function () {
-        const ret = new Object();
+    imports.wbg.__wbg_new_537b7341ce90bb31 = function (arg0) {
+        const ret = new Uint8Array(getObject(arg0));
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_push_49c286f04dd3bf59 = function (arg0, arg1) {
+        const ret = getObject(arg0).push(getObject(arg1));
+        return ret;
+    };
     imports.wbg.__wbg_new_f841cc6f2098f4b5 = function () {
         const ret = new Map();
         return addHeapObject(ret);
@@ -2322,28 +2399,6 @@ function getImports() {
         const ret = BigInt.asUintN(64, arg0);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
-        const ret = FfiWireE2EIdentity.__wrap(arg0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_new_b525de17f44a8943 = function () {
-        const ret = new Array();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_17224bc548dd1d7b = function (arg0, arg1, arg2) {
-        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
-    };
-    imports.wbg.__wbg_set_20cbc34131e76824 = function (arg0, arg1, arg2) {
-        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
-    };
-    imports.wbg.__wbindgen_number_new = function (arg0) {
-        const ret = arg0;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_push_49c286f04dd3bf59 = function (arg0, arg1) {
-        const ret = getObject(arg0).push(getObject(arg1));
-        return ret;
-    };
     imports.wbg.__wbg_new_9d3a9ce4282a18a8 = function (arg0, arg1) {
         try {
             var state0 = { a: arg0, b: arg1 };
@@ -2351,7 +2406,7 @@ function getImports() {
                 const a = state0.a;
                 state0.a = 0;
                 try {
-                    return __wbg_adapter_263(a, state0.b, arg0, arg1);
+                    return __wbg_adapter_271(a, state0.b, arg0, arg1);
                 }
                 finally {
                     state0.a = a;
@@ -2364,6 +2419,10 @@ function getImports() {
             state0.a = state0.b = 0;
         }
     };
+    imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
+        const ret = FfiWireE2EIdentity.__wrap(arg0);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_setonsuccess_925a7718d3f62bc1 = function (arg0, arg1) {
         getObject(arg0).onsuccess = getObject(arg1);
     };
@@ -2448,6 +2507,10 @@ function getImports() {
             return addHeapObject(ret);
         }, arguments);
     };
+    imports.wbg.__wbg_length_ea0846e494e3b16e = function (arg0) {
+        const ret = getObject(arg0).length;
+        return ret;
+    };
     imports.wbg.__wbg_reject_57029f54148d79c3 = function (arg0) {
         const ret = Promise.reject(getObject(arg0));
         return addHeapObject(ret);
@@ -2638,6 +2701,10 @@ function getImports() {
         const ret = new Uint8Array(arg0 >>> 0);
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_charCodeAt_d78a90aced59e02f = function (arg0, arg1) {
+        const ret = getObject(arg0).charCodeAt(arg1 >>> 0);
+        return ret;
+    };
     imports.wbg.__wbg_next_88560ec06a094dea = function () {
         return handleError(function (arg0) {
             const ret = getObject(arg0).next();
@@ -2719,6 +2786,12 @@ function getImports() {
         const ret = getObject(arg0).target;
         return isLikeNone(ret) ? 0 : addHeapObject(ret);
     };
+    imports.wbg.__wbg_error_f64b8d41ed4d2fdc = function () {
+        return handleError(function (arg0) {
+            const ret = getObject(arg0).error;
+            return isLikeNone(ret) ? 0 : addHeapObject(ret);
+        }, arguments);
+    };
     imports.wbg.__wbg_result_3a1fef332bc47038 = function () {
         return handleError(function (arg0) {
             const ret = getObject(arg0).result;
@@ -2759,12 +2832,6 @@ function getImports() {
             getObject(arg0).deleteObjectStore(getStringFromWasm0(arg1, arg2));
         }, arguments);
     };
-    imports.wbg.__wbg_error_f64b8d41ed4d2fdc = function () {
-        return handleError(function (arg0) {
-            const ret = getObject(arg0).error;
-            return isLikeNone(ret) ? 0 : addHeapObject(ret);
-        }, arguments);
-    };
     imports.wbg.__wbindgen_is_falsy = function (arg0) {
         const ret = !getObject(arg0);
         return ret;
@@ -2880,6 +2947,10 @@ function getImports() {
         const ret = getObject(arg0).then(getObject(arg1));
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_then_f753623316e2873a = function (arg0, arg1, arg2) {
+        const ret = getObject(arg0).then(getObject(arg1), getObject(arg2));
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_resolve_fd40f858d9db1a04 = function (arg0) {
         const ret = Promise.resolve(getObject(arg0));
         return addHeapObject(ret);
@@ -2944,12 +3015,12 @@ function getImports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbindgen_closure_wrapper4326 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 146, __wbg_adapter_52);
+    imports.wbg.__wbindgen_closure_wrapper4402 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 145, __wbg_adapter_52);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper4766 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 146, __wbg_adapter_55);
+    imports.wbg.__wbindgen_closure_wrapper4858 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 145, __wbg_adapter_55);
         return addHeapObject(ret);
     };
     return imports;
@@ -3003,14 +3074,13 @@ var exports = /*#__PURE__*/Object.freeze({
     PublicGroupStateBundle: PublicGroupStateBundle,
     WirePolicy: WirePolicy$1,
     default: init,
-    initSync: initSync,
-    version: version
+    initSync: initSync
 });
 
 var wasm = async (opt = {}) => {
                 let {importHook, serverPath} = opt;
 
-                let path = "assets/core_crypto_ffi-fb64c1f7.wasm";
+                let path = "assets/core_crypto_ffi-d7dac5b2.wasm";
 
                 if (serverPath != null) {
                     path = serverPath + /[^\/\\]*$/.exec(path)[0];
@@ -3026,7 +3096,7 @@ var wasm = async (opt = {}) => {
 
 // Wire
 // Copyright (C) 2022 Wire Swiss GmbH
-var _a, _CoreCrypto_module, _CoreCrypto_cc, _WireE2eIdentity_e2ei;
+var _a, _CoreCrypto_module, _CoreCrypto_cc, _CoreCrypto_assertModuleLoaded, _WireE2eIdentity_e2ei;
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
  *
@@ -3046,7 +3116,7 @@ class CoreCryptoError extends Error {
         this.proteusErrorCode = richError.proteusErrorCode;
     }
     static fallback(msg, ...params) {
-        console.warn("Cannot build CoreCryptoError, falling back to standard Error");
+        console.warn(`Cannot build CoreCryptoError, falling back to standard Error! ctx: ${msg}`);
         // @ts-ignore
         return new Error(msg, ...params);
     }
@@ -3269,6 +3339,26 @@ class CoreCrypto {
     async mlsInit(clientId) {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_init(clientId));
     }
+    /**
+     * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
+     * This method is designed to be used in conjunction with {@link CoreCrypto.mlsInitWithClientID} and represents the first step in this process
+     *
+     * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
+     */
+    async mlsGenerateKeypair() {
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_generate_keypair());
+    }
+    /**
+     * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
+     *
+     * Important: This is designed to be called after {@link CoreCrypto.mlsGenerateKeyPair}
+     *
+     * @param clientId - The newly-allocated client ID by the MLS Authentication Service
+     * @param signaturePublicKey - The public key you were given at the first step; This is for authentication purposes
+     */
+    async mlsInitWithClientId(clientId, signaturePublicKey) {
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").mls_init_with_client_id(clientId, signaturePublicKey));
+    }
     /** @hidden */
     constructor(cc) {
         /** @hidden */
@@ -3296,10 +3386,10 @@ class CoreCrypto {
      *
      * @param callbacks - Any interface following the {@link CoreCryptoCallbacks} interface
      */
-    registerCallbacks(callbacks) {
+    async registerCallbacks(callbacks, ctx = null) {
         try {
-            const wasmCallbacks = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).CoreCryptoWasmCallbacks)(callbacks.authorize, callbacks.userAuthorize, callbacks.clientIsExistingGroupUser);
-            __classPrivateFieldGet(this, _CoreCrypto_cc, "f").set_callbacks(wasmCallbacks);
+            const wasmCallbacks = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).CoreCryptoWasmCallbacks)(callbacks.authorize, callbacks.userAuthorize, callbacks.clientIsExistingGroupUser, ctx);
+            await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").set_callbacks(wasmCallbacks);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -3377,6 +3467,9 @@ class CoreCrypto {
      * @returns a {@link DecryptedMessage}. Note that {@link DecryptedMessage#message} is `undefined` when the encrypted payload contains a system message such a proposal or commit
      */
     async decryptMessage(conversationId, payload) {
+        if (!payload?.length) {
+            throw new Error("decryptMessage payload is empty or null");
+        }
         try {
             const ffiDecryptedMessage = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").decrypt_message(conversationId, payload));
             const commitDelay = ffiDecryptedMessage.commit_delay ?
@@ -3857,11 +3950,26 @@ class CoreCrypto {
     /**
      * Creates a new prekey with an automatically generated ID..
      *
-     * @returns: A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
+     * @returns A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
      */
     async proteusNewPrekeyAuto() {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_new_prekey_auto());
     }
+    /**
+     * Proteus last resort prekey stuff
+     *
+     * @returns A CBOR-serialize version of the PreKeyBundle associated with the last resort PreKey (holding the last resort prekey id)
+     */
+    async proteusLastResortPrekey() {
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_last_resort_prekey());
+    }
+    /**
+     * @returns The last resort PreKey id
+     */
+    static proteusLastResortPrekeyId() {
+        __classPrivateFieldGet(this, _a, "m", _CoreCrypto_assertModuleLoaded).call(this);
+        return __classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto.proteus_last_resort_prekey_id();
+    }
     /**
      * Proteus public key fingerprint
      * It's basically the public key encoded as an hex string
@@ -3921,13 +4029,16 @@ class CoreCrypto {
     /**
      * Creates an enrollment instance with private key material you can use in order to fetch
      * a new x509 certificate from the acme server.
-     * Make sure to call [WireE2eIdentity::free] (not yet available) to dispose this instance and its associated
+     * Make sure to call {@link WireE2eIdentity.free} to dispose this instance and its associated
      * keying material.
      *
      * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
      */
-    async newAcmeEnrollment() {
-        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").new_acme_enrollment(Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519));
+    async newAcmeEnrollment(ciphersuite = Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519) {
+        if (ciphersuite !== Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519) {
+            throw new Error("This ACME ciphersuite isn't supported. Only `Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519` is as of now");
+        }
+        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").new_acme_enrollment(ciphersuite));
         return new WireE2eIdentity(e2ei);
     }
     /**
@@ -3936,13 +4047,15 @@ class CoreCrypto {
      * @returns The `core-crypto-ffi` version as defined in its `Cargo.toml` file
      */
     static version() {
-        if (!__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module)) {
-            throw new Error("Internal module hasn't been initialized. Please use `await CoreCrypto.init(params)`!");
-        }
-        return __classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).version();
+        __classPrivateFieldGet(this, _a, "m", _CoreCrypto_assertModuleLoaded).call(this);
+        return __classPrivateFieldGet(this, _a, "f", _CoreCrypto_module).CoreCrypto.version();
     }
 }
-_a = CoreCrypto, _CoreCrypto_cc = new WeakMap();
+_a = CoreCrypto, _CoreCrypto_cc = new WeakMap(), _CoreCrypto_assertModuleLoaded = function _CoreCrypto_assertModuleLoaded() {
+    if (!__classPrivateFieldGet(this, _a, "f", _CoreCrypto_module)) {
+        throw new Error("Internal module hasn't been initialized. Please use `await CoreCrypto.init(params)` or `await CoreCrypto.deferredInit(params)` !");
+    }
+};
 /** @hidden */
 _CoreCrypto_module = { value: void 0 };
 class WireE2eIdentity {
@@ -3952,6 +4065,9 @@ class WireE2eIdentity {
         _WireE2eIdentity_e2ei.set(this, void 0);
         __classPrivateFieldSet(this, _WireE2eIdentity_e2ei, e2ei, "f");
     }
+    free() {
+        __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").free();
+    }
     /**
      * Parses the response from `GET /acme/{provisioner-name}/directory`.
      * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
@@ -4152,10 +4268,10 @@ class WireE2eIdentity {
     /**
      * Final step before fetching the certificate.
      *
-     * @param domains you want to generate a certificate for e.g. `["wire.com"]`
-     * @param order you got from {@link checkOrderResponse}
-     * @param account you found after {@link newAccountResponse}
-     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
+     * @param domains - domains you want to generate a certificate for e.g. `["wire.com"]`
+     * @param order - order you got from {@link checkOrderResponse}
+     * @param account - account you found after {@link newAccountResponse}
+     * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
      */
     finalizeRequest(domains, order, account, previousNonce) {