@wireapp/core-crypto 1.0.0-pre.4 → 1.0.0-pre.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "1.0.0-pre.4",
+  "version": "1.0.0-pre.6",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -47,7 +47,11 @@ export declare enum Ciphersuite {
 	/**
 	 * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
 	 */
-	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
+	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7,
+	/**
+	 *  x25519Kyber768Draft00 Hybrid KEM | AES-GCM 128 | SHA2-256 | Ed25519
+	 */
+	MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519 = 61489
 }
 export declare enum CredentialType {
 	/**
@@ -231,6 +235,29 @@ export declare enum RatchetTreeType {
 	 */
 	ByRef = 3
 }
+/**
+ * Result returned after rotating the Credential of the current client in all the local conversations
+ */
+export interface RotateBundle {
+	/**
+	 * An Update commit for each conversation
+	 *
+	 * @readonly
+	 */
+	commits: CommitBundle[];
+	/**
+	 * Fresh KeyPackages with the new Credential
+	 *
+	 * @readonly
+	 */
+	newKeyPackages: Uint8Array[];
+	/**
+	 * All the now deprecated KeyPackages. Once deleted remotely, delete them locally with {@link CoreCrypto.deleteKeyPackages}
+	 *
+	 * @readonly
+	 */
+	keyPackageRefsToRemove: Uint8Array[];
+}
 /**
  * Params for CoreCrypto deferred initialization
  * Please note that the `entropySeed` parameter MUST be exactly 32 bytes
@@ -607,12 +634,12 @@ export declare class CoreCrypto {
 	 */
 	conversationExists(conversationId: ConversationId): Promise<boolean>;
 	/**
-	* Marks a conversation as child of another one
-	* This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled)
-	*
-	* @param childId - conversation identifier of the child conversation
-	* @param parentId - conversation identifier of the parent conversation
-	*/
+	 * Marks a conversation as child of another one
+	 * This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled)
+	 *
+	 * @param childId - conversation identifier of the child conversation
+	 * @param parentId - conversation identifier of the parent conversation
+	 */
 	markConversationAsChildOf(childId: ConversationId, parentId: ConversationId): Promise<void>;
 	/**
 	 * Returns the current epoch of a conversation
@@ -678,17 +705,26 @@ export declare class CoreCrypto {
 	/**
 	 *
 	 * @param ciphersuite - of the KeyPackages to count
+	 * @param credentialType - of the KeyPackages to count
 	 * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
 	 */
-	clientValidKeypackagesCount(ciphersuite: Ciphersuite): Promise<number>;
+	clientValidKeypackagesCount(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise<number>;
 	/**
 	 * Fetches a requested amount of keypackages
 	 *
 	 * @param ciphersuite - of the KeyPackages to generate
+	 * @param credentialType - of the KeyPackages to generate
 	 * @param amountRequested - The amount of keypackages requested
 	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
 	 */
-	clientKeypackages(ciphersuite: Ciphersuite, amountRequested: number): Promise<Array<Uint8Array>>;
+	clientKeypackages(ciphersuite: Ciphersuite, credentialType: CredentialType, amountRequested: number): Promise<Array<Uint8Array>>;
+	/**
+	 * Prunes local KeyPackages after making sure they also have been deleted on the backend side
+	 * You should only use this after {@link CoreCrypto.e2eiRotateAll}
+	 *
+	 * @param refs - KeyPackage references to delete obtained from a {RotateBundle}
+	 */
+	deleteKeypackages(refs: Uint8Array[]): Promise<void>;
 	/**
 	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
 	 *
@@ -750,13 +786,6 @@ export declare class CoreCrypto {
 	 */
 	newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<ProposalBundle>;
 	newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalAddProposalArgs): Promise<Uint8Array>;
-	/**
-	 * Exports GroupInfo for use in external commits
-	 *
-	 * @param conversationId - MLS Conversation ID
-	 * @returns TLS-serialized MLS GroupInfo
-	 */
-	exportGroupInfo(conversationId: ConversationId): Promise<Uint8Array>;
 	/**
 	 * Allows to create an external commit to "apply" to join a group through its GroupInfo.
 	 *
@@ -996,12 +1025,48 @@ export declare class CoreCrypto {
 	 */
 	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expiryDays: number, ciphersuite: Ciphersuite): Promise<WireE2eIdentity>;
 	/**
-	 * Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate
+	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
+	 * As a consequence, this method does not support changing the ClientId which should remain the same as the Basic one.
+	 * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
+	 *
+	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle user handle e.g. `alice.smith.qa@example.com`
+	 * @param expiryDays generated x509 certificate expiry
+	 * @param ciphersuite - for generating signing key material
+	 * @returns The new {@link WireE2eIdentity} object
+	 */
+	e2eiNewActivationEnrollment(displayName: string, handle: string, expiryDays: number, ciphersuite: Ciphersuite): Promise<WireE2eIdentity>;
+	/**
+	 * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
+	 * having to change/rotate their credential, either because the former one is expired or it
+	 * has been revoked. As a consequence, this method does not support changing neither ClientId which
+	 * should remain the same as the previous one. It lets you change the DisplayName or the handle
+	 * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
+	 *
+	 * @param expiryDays generated x509 certificate expiry
+	 * @param ciphersuite - for generating signing key material
+	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle user handle e.g. `alice.smith.qa@example.com`
+	 * @returns The new {@link WireE2eIdentity} object
+	 */
+	e2eiNewRotateEnrollment(expiryDays: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string): Promise<WireE2eIdentity>;
+	/**
+	 * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; that means he cannot initialize with a Basic credential
+	 *
+	 * @param enrollment - the enrollment instance used to fetch the certificates
+	 * @param certificateChain - the raw response from ACME server
+	 */
+	e2eiMlsInitOnly(enrollment: WireE2eIdentity, certificateChain: string): Promise<void>;
+	/**
+	 * Creates a commit in all local conversations for changing the credential. Requires first
+	 * having enrolled a new X509 certificate with either {@link CoreCrypto.e2eiNewActivationEnrollment}
+	 * or {@link CoreCrypto.e2eiNewRotateEnrollment}
 	 *
 	 * @param enrollment - the enrollment instance used to fetch the certificates
 	 * @param certificateChain - the raw response from ACME server
+	 * @param newKeyPackageCount - number of KeyPackages with new identity to generate
 	 */
-	e2eiMlsInit(enrollment: WireE2eIdentity, certificateChain: string): Promise<void>;
+	e2eiRotateAll(enrollment: WireE2eIdentity, certificateChain: string, newKeyPackageCount: number): Promise<RotateBundle>;
 	/**
 	 * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
 	 * it later with {@link e2eiEnrollmentStashPop}