@wireapp/core-crypto 1.0.0-rc.37 → 1.0.0-rc.39

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "1.0.0-rc.37",
+  "version": "1.0.0-rc.39",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -1,22 +1,3 @@
-/* tslint:disable */
-/* eslint-disable */
-/**
-* see [core_crypto::prelude::DeviceStatus]
-*/
-export enum DeviceStatus {
-	/**
-	* All is fine
-	*/
-	Valid = 0,
-	/**
-	* The Credential's certificate is expired
-	*/
-	Expired = 1,
-	/**
-	* The Credential's certificate is revoked (not implemented yet)
-	*/
-	Revoked = 2
-}
 /**
 * For creating a challenge.
 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
@@ -38,29 +19,6 @@ export class AcmeChallenge {
 	readonly url: string;
 }
 /**
-* Holds URLs of all the standard ACME endpoint supported on an ACME server.
-* @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
-*/
-export class AcmeDirectory {
-	free(): void;
-	/**
-	* URL for creating a new account.
-	*/
-	readonly newAccount: string;
-	/**
-	* URL for fetching a new nonce. Use this only for creating a new account.
-	*/
-	readonly newNonce: string;
-	/**
-	* URL for creating a new order.
-	*/
-	readonly newOrder: string;
-	/**
-	* Revocation URL
-	*/
-	readonly revokeCert: string;
-}
-/**
 * Result of an authorization creation.
 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 */
@@ -93,41 +51,6 @@ export class NewAcmeOrder {
 	*/
 	readonly delegate: Uint8Array;
 }
-/**
-* Represents the identity claims identifying a client
-* Those claims are verifiable by any member in the group
-*/
-export class WireIdentity {
-	free(): void;
-	/**
-	* X509 certificate identifying this client in the MLS group ; PEM encoded
-	*/
-	readonly certificate: string;
-	/**
-	* Unique client identifier e.g. `T4Coy4vdRzianwfOgXpn6A:6add501bacd1d90e@whitehouse.gov`
-	*/
-	readonly clientId: string;
-	/**
-	* Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy`
-	*/
-	readonly displayName: string;
-	/**
-	* DNS domain for which this identity proof was generated e.g. `whitehouse.gov`
-	*/
-	readonly domain: string;
-	/**
-	* user handle e.g. `john_wire`
-	*/
-	readonly handle: string;
-	/**
-	* Status of the Credential at the moment T when this object is created
-	*/
-	readonly status: DeviceStatus;
-	/**
-	* MLS thumbprint
-	*/
-	readonly thumbprint: string;
-}
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
  *
@@ -566,6 +489,88 @@ export interface BufferedDecryptedMessage {
 	 */
 	crlNewDistributionPoints?: string[];
 }
+/**
+ * Represents the identity claims identifying a client
+ * Those claims are verifiable by any member in the group
+ */
+export interface WireIdentity {
+	/**
+	 * Unique client identifier
+	 */
+	clientId: string;
+	/**
+	 * User handle e.g. `john_wire`
+	 */
+	handle: string;
+	/**
+	 * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy`
+	 */
+	displayName: string;
+	/**
+	 * DNS domain for which this identity proof was generated e.g. `whitehouse.gov`
+	 */
+	domain: string;
+	/**
+	 * X509 certificate identifying this client in the MLS group ; PEM encoded
+	 */
+	certificate: string;
+	/**
+	 * Status of the Credential at the moment T when this object is created
+	 */
+	status: DeviceStatus;
+	/**
+	 * MLS thumbprint
+	 */
+	thumbprint: string;
+	/**
+	 * X509 certificate serial number
+	 */
+	serialNumber: string;
+	/**
+	 * X509 certificate not before as Unix timestamp
+	 */
+	notBefore: bigint;
+	/**
+	 * X509 certificate not after as Unix timestamp
+	 */
+	notAfter: bigint;
+}
+export interface AcmeDirectory {
+	/**
+	 * URL for fetching a new nonce. Use this only for creating a new account.
+	 */
+	newNonce: string;
+	/**
+	 * URL for creating a new account.
+	 */
+	newAccount: string;
+	/**
+	 * URL for creating a new order.
+	 */
+	newOrder: string;
+	/**
+	 * Revocation URL
+	 */
+	revokeCert: string;
+}
+/**
+ * Indicates the standalone status of a device Credential in a MLS group at a moment T.
+ * This does not represent the states where a device is not using MLS or is not using end-to-end identity
+ */
+export declare enum DeviceStatus {
+	/**
+	 * All is fine
+	 */
+	Valid = 0,
+	/**
+	 * The Credential's certificate is expired
+	 */
+	Expired = 1,
+	/**
+	 * The Credential's certificate is revoked
+	 */
+	Revoked = 2
+}
 /**
  * Returned by all methods creating proposals. Contains a proposal message and an identifier to roll back the proposal
  */
@@ -1075,6 +1080,15 @@ export declare class CoreCrypto {
 	 * @returns A `Uint8Array` representing the derived key
 	 */
 	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<Uint8Array>;
+	/**
+	 * Returns the raw public key of the single external sender present in this group.
+	 * This should be used to initialize a subconversation
+	 *
+	 * @param conversationId - The group's ID
+	 *
+	 * @returns A `Uint8Array` representing the external sender raw public key
+	 */
+	getExternalSender(conversationId: ConversationId): Promise<Uint8Array>;
 	/**
 	 * Returns all clients from group's members
 	 *

package/platforms/web/corecrypto.js

@@ -160,12 +160,12 @@ var makeMutClosure = function(arg0, arg1, dtor, f) {
   return real;
 };
 var __wbg_adapter_54 = function(arg0, arg1, arg2) {
-  wasm.wasm_bindgen__convert__closures__invoke1_mut__h1355a643cca522f3(arg0, arg1, addHeapObject(arg2));
+  wasm.wasm_bindgen__convert__closures__invoke1_mut__h601e8bd711f8c2cf(arg0, arg1, addHeapObject(arg2));
 };
 var __wbg_adapter_57 = function(arg0, arg1, arg2) {
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    wasm.wasm_bindgen__convert__closures__invoke1_mut__h1d0caafd6e7f792a(retptr, arg0, arg1, addHeapObject(arg2));
+    wasm.wasm_bindgen__convert__closures__invoke1_mut__h853f0d8ce45de15b(retptr, arg0, arg1, addHeapObject(arg2));
     var r0 = getInt32Memory0()[retptr / 4 + 0];
     var r1 = getInt32Memory0()[retptr / 4 + 1];
     if (r1) {
@@ -235,8 +235,8 @@ var handleError = function(f, args) {
     wasm.__wbindgen_exn_store(addHeapObject(e));
   }
 };
-var __wbg_adapter_417 = function(arg0, arg1, arg2, arg3) {
-  wasm.wasm_bindgen__convert__closures__invoke2_mut__h74bc542a539f879a(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+var __wbg_adapter_421 = function(arg0, arg1, arg2, arg3) {
+  wasm.wasm_bindgen__convert__closures__invoke2_mut__h6bedc2125abb8b9f(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 };
 async function __wbg_load(module, imports) {
   if (typeof Response === "function" && module instanceof Response) {
@@ -265,57 +265,53 @@ async function __wbg_load(module, imports) {
 var __wbg_get_imports = function() {
   const imports = {};
   imports.wbg = {};
-  imports.wbg.__wbg_corecrypto_new = function(arg0) {
-    const ret = CoreCrypto.__wrap(arg0);
+  imports.wbg.__wbg_acmedirectory_new = function(arg0) {
+    const ret = AcmeDirectory.__wrap(arg0);
+    return addHeapObject(ret);
+  };
+  imports.wbg.__wbg_ffiwiree2eidentity_new = function(arg0) {
+    const ret = FfiWireE2EIdentity.__wrap(arg0);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_number_new = function(arg0) {
     const ret = arg0;
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
-    takeObject(arg0);
-  };
   imports.wbg.__wbg_newacmeauthz_new = function(arg0) {
     const ret = NewAcmeAuthz.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_proposalbundle_new = function(arg0) {
-    const ret = ProposalBundle.__wrap(arg0);
-    return addHeapObject(ret);
-  };
   imports.wbg.__wbg_commitbundle_new = function(arg0) {
     const ret = CommitBundle.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_acmedirectory_new = function(arg0) {
-    const ret = AcmeDirectory.__wrap(arg0);
+  imports.wbg.__wbg_proposalbundle_new = function(arg0) {
+    const ret = ProposalBundle.__wrap(arg0);
     return addHeapObject(ret);
   };
   imports.wbg.__wbg_buffereddecryptedmessage_new = function(arg0) {
     const ret = BufferedDecryptedMessage.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_ffiwiree2eidentity_new = function(arg0) {
-    const ret = FfiWireE2EIdentity.__wrap(arg0);
+  imports.wbg.__wbg_newacmeorder_new = function(arg0) {
+    const ret = NewAcmeOrder.__wrap(arg0);
+    return addHeapObject(ret);
+  };
+  imports.wbg.__wbg_corecrypto_new = function(arg0) {
+    const ret = CoreCrypto.__wrap(arg0);
     return addHeapObject(ret);
   };
   imports.wbg.__wbg_proteusautoprekeybundle_new = function(arg0) {
     const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_newacmeorder_new = function(arg0) {
-    const ret = NewAcmeOrder.__wrap(arg0);
-    return addHeapObject(ret);
+  imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
+    takeObject(arg0);
   };
   imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
     const ret = getObject(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
-    const ret = BigInt.asUintN(64, arg0);
-    return addHeapObject(ret);
-  };
   imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
     const ret = getStringFromWasm0(arg0, arg1);
     return addHeapObject(ret);
@@ -328,6 +324,10 @@ var __wbg_get_imports = function() {
     const ret = getObject(arg0) === null;
     return ret;
   };
+  imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
+    const ret = BigInt.asUintN(64, arg0);
+    return addHeapObject(ret);
+  };
   imports.wbg.__wbindgen_string_get = function(arg0, arg1) {
     const obj = getObject(arg1);
     const ret = typeof obj === "string" ? obj : undefined;
@@ -889,7 +889,7 @@ var __wbg_get_imports = function() {
         const a = state0.a;
         state0.a = 0;
         try {
-          return __wbg_adapter_417(a, state0.b, arg02, arg12);
+          return __wbg_adapter_421(a, state0.b, arg02, arg12);
         } finally {
           state0.a = a;
         }
@@ -969,12 +969,12 @@ var __wbg_get_imports = function() {
     const ret = wasm.memory;
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_closure_wrapper2565 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 648, __wbg_adapter_54);
+  imports.wbg.__wbindgen_closure_wrapper2578 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 652, __wbg_adapter_54);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_closure_wrapper13130 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 2173, __wbg_adapter_57);
+  imports.wbg.__wbindgen_closure_wrapper13188 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 2185, __wbg_adapter_57);
     return addHeapObject(ret);
   };
   return imports;
@@ -1041,19 +1041,11 @@ var CLOSURE_DTORS = typeof FinalizationRegistry === "undefined" ? { register: ()
 });
 var cachedUint32Memory0 = null;
 var cachedUint16Memory0 = null;
-var DeviceStatus = Object.freeze({
-  Valid: 0,
-  "0": "Valid",
-  Expired: 1,
-  "1": "Expired",
-  Revoked: 2,
-  "2": "Revoked"
-});
-var WirePolicy = Object.freeze({
-  Plaintext: 1,
-  "1": "Plaintext",
-  Ciphertext: 2,
-  "2": "Ciphertext"
+var CredentialType = Object.freeze({
+  Basic: 1,
+  "1": "Basic",
+  X509: 2,
+  "2": "X509"
 });
 var Ciphersuite = Object.freeze({
   MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1,
@@ -1073,11 +1065,19 @@ var Ciphersuite = Object.freeze({
   MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519: 61489,
   "61489": "MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519"
 });
-var CredentialType = Object.freeze({
-  Basic: 1,
-  "1": "Basic",
-  X509: 2,
-  "2": "X509"
+var DeviceStatus = Object.freeze({
+  Valid: 0,
+  "0": "Valid",
+  Expired: 1,
+  "1": "Expired",
+  Revoked: 2,
+  "2": "Revoked"
+});
+var WirePolicy = Object.freeze({
+  Plaintext: 1,
+  "1": "Plaintext",
+  Ciphertext: 2,
+  "2": "Ciphertext"
 });
 var AcmeChallengeFinalization = typeof FinalizationRegistry === "undefined" ? { register: () => {
 }, unregister: () => {
@@ -1169,12 +1169,12 @@ class AcmeDirectory {
     const ptr = this.__destroy_into_raw();
     wasm.__wbg_acmedirectory_free(ptr);
   }
-  get newNonce() {
+  get new_nonce() {
     let deferred1_0;
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmedirectory_newNonce(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_acmedirectory_new_nonce(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -1185,7 +1185,7 @@ class AcmeDirectory {
       wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
     }
   }
-  get newAccount() {
+  get new_account() {
     let deferred1_0;
     let deferred1_1;
     try {
@@ -1201,7 +1201,7 @@ class AcmeDirectory {
       wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
     }
   }
-  get newOrder() {
+  get new_order() {
     let deferred1_0;
     let deferred1_1;
     try {
@@ -1217,12 +1217,12 @@ class AcmeDirectory {
       wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
     }
   }
-  get revokeCert() {
+  get revoke_cert() {
     let deferred1_0;
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_acmedirectory_revoke_cert(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -1918,6 +1918,12 @@ class CoreCrypto {
     const ret = wasm.corecrypto_export_secret_key(this.__wbg_ptr, ptr0, len0, key_length);
     return takeObject(ret);
   }
+  get_external_sender(id) {
+    const ptr0 = passArray8ToWasm0(id, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.corecrypto_get_external_sender(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
+  }
   get_client_ids(conversation_id) {
     const ptr0 = passArray8ToWasm0(conversation_id, wasm.__wbindgen_malloc);
     const len0 = WASM_VECTOR_LEN;
@@ -2157,7 +2163,7 @@ class NewAcmeAuthz {
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmedirectory_newNonce(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_acmedirectory_new_nonce(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -2349,12 +2355,12 @@ class WireIdentity {
     const ptr = this.__destroy_into_raw();
     wasm.__wbg_wireidentity_free(ptr);
   }
-  get clientId() {
+  get client_id() {
     let deferred1_0;
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmedirectory_newNonce(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_wireidentity_client_id(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -2370,7 +2376,7 @@ class WireIdentity {
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmechallenge_url(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_wireidentity_handle(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -2381,12 +2387,12 @@ class WireIdentity {
       wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
     }
   }
-  get displayName() {
+  get display_name() {
     let deferred1_0;
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmechallenge_target(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_wireidentity_display_name(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -2402,7 +2408,7 @@ class WireIdentity {
     let deferred1_1;
     try {
       const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.__wbg_get_acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+      wasm.__wbg_get_wireidentity_domain(retptr, this.__wbg_ptr);
       var r0 = getInt32Memory0()[retptr / 4 + 0];
       var r1 = getInt32Memory0()[retptr / 4 + 1];
       deferred1_0 = r0;
@@ -2449,6 +2455,30 @@ class WireIdentity {
       wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
     }
   }
+  get serial_number() {
+    let deferred1_0;
+    let deferred1_1;
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.__wbg_get_wireidentity_serial_number(retptr, this.__wbg_ptr);
+      var r0 = getInt32Memory0()[retptr / 4 + 0];
+      var r1 = getInt32Memory0()[retptr / 4 + 1];
+      deferred1_0 = r0;
+      deferred1_1 = r1;
+      return getStringFromWasm0(r0, r1);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+      wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
+    }
+  }
+  get not_before() {
+    const ret = wasm.__wbg_get_wireidentity_not_before(this.__wbg_ptr);
+    return BigInt.asUintN(64, ret);
+  }
+  get not_after() {
+    const ret = wasm.__wbg_get_wireidentity_not_after(this.__wbg_ptr);
+    return BigInt.asUintN(64, ret);
+  }
 }
 var core_crypto_ffi_default = __wbg_init;
 
@@ -2531,6 +2561,29 @@ var RatchetTreeType;
   RatchetTreeType2[RatchetTreeType2["Delta"] = 2] = "Delta";
   RatchetTreeType2[RatchetTreeType2["ByRef"] = 3] = "ByRef";
 })(RatchetTreeType || (RatchetTreeType = {}));
+var mapWireIdentity = (ffiIdentity) => {
+  if (!ffiIdentity) {
+    return;
+  }
+  return {
+    clientId: ffiIdentity.client_id,
+    handle: ffiIdentity.handle,
+    displayName: ffiIdentity.display_name,
+    domain: ffiIdentity.domain,
+    certificate: ffiIdentity.certificate,
+    status: ffiIdentity.status,
+    thumbprint: ffiIdentity.thumbprint,
+    serialNumber: ffiIdentity.serial_number,
+    notBefore: ffiIdentity.not_before,
+    notAfter: ffiIdentity.not_after
+  };
+};
+var DeviceStatus2;
+(function(DeviceStatus3) {
+  DeviceStatus3[DeviceStatus3["Valid"] = 0] = "Valid";
+  DeviceStatus3[DeviceStatus3["Expired"] = 1] = "Expired";
+  DeviceStatus3[DeviceStatus3["Revoked"] = 2] = "Revoked";
+})(DeviceStatus2 || (DeviceStatus2 = {}));
 var ProposalType;
 (function(ProposalType2) {
   ProposalType2[ProposalType2["Add"] = 0] = "Add";
@@ -2654,24 +2707,25 @@ class CoreCrypto2 {
       if (typeof ffiCommitDelay === "number" && ffiCommitDelay >= 0) {
         commitDelay = ffiCommitDelay * 1000;
       }
+      const identity = mapWireIdentity(ffiDecryptedMessage.identity);
       const ret = {
         message: ffiDecryptedMessage.message,
         proposals: ffiDecryptedMessage.proposals,
         isActive: ffiDecryptedMessage.is_active,
         senderClientId: ffiDecryptedMessage.sender_client_id,
         commitDelay,
+        identity,
         hasEpochChanged: ffiDecryptedMessage.has_epoch_changed,
-        bufferedMessages: ffiDecryptedMessage.buffered_messages?.map((m) => {
-          return {
-            message: m.message,
-            proposals: m.proposals,
-            isActive: m.is_active,
-            senderClientId: m.sender_client_id,
-            commitDelay: m.commit_delay,
-            hasEpochChanged: m.has_epoch_changed,
-            crlNewDistributionPoints: m.crl_new_distribution_points
-          };
-        }),
+        bufferedMessages: ffiDecryptedMessage.buffered_messages?.map((m) => ({
+          message: m.message,
+          proposals: m.proposals,
+          isActive: m.is_active,
+          senderClientId: m.sender_client_id,
+          commitDelay: m.commit_delay,
+          identity: mapWireIdentity(m.identity),
+          hasEpochChanged: m.has_epoch_changed,
+          crlNewDistributionPoints: m.crl_new_distribution_points
+        })),
         crlNewDistributionPoints: ffiDecryptedMessage.crl_new_distribution_points
       };
       return ret;
@@ -2853,6 +2907,9 @@ class CoreCrypto2 {
   async exportSecretKey(conversationId, keyLength) {
     return await CoreCryptoError.asyncMapErr(this.#cc.export_secret_key(conversationId, keyLength));
   }
+  async getExternalSender(conversationId) {
+    return await CoreCryptoError.asyncMapErr(this.#cc.get_external_sender(conversationId));
+  }
   async getClientIds(conversationId) {
     return await CoreCryptoError.asyncMapErr(this.#cc.get_client_ids(conversationId));
   }
@@ -2976,10 +3033,10 @@ class CoreCrypto2 {
     return await CoreCryptoError.asyncMapErr(this.#cc.e2ei_is_enabled(ciphersuite));
   }
   async getDeviceIdentities(conversationId, deviceIds) {
-    return await CoreCryptoError.asyncMapErr(this.#cc.get_device_identities(conversationId, deviceIds));
+    return (await CoreCryptoError.asyncMapErr(this.#cc.get_device_identities(conversationId, deviceIds))).map(mapWireIdentity);
   }
   async getUserIdentities(conversationId, userIds) {
-    return await CoreCryptoError.asyncMapErr(this.#cc.get_user_identities(conversationId, userIds));
+    return (await CoreCryptoError.asyncMapErr(this.#cc.get_user_identities(conversationId, userIds))).map(([userId, identities]) => [userId, identities.map(mapWireIdentity)]);
   }
   async getCredentialInUse(groupInfo, credentialType = CredentialType2.X509) {
     let state = await CoreCryptoError.asyncMapErr(this.#cc.get_credential_in_use(groupInfo, credentialType));
@@ -3003,7 +3060,13 @@ class E2eiEnrollment {
     return this.#enrollment;
   }
   async directoryResponse(directory) {
-    return await CoreCryptoError.asyncMapErr(this.#enrollment.directory_response(directory));
+    const ffiRet = await CoreCryptoError.asyncMapErr(this.#enrollment.directory_response(directory));
+    return {
+      newNonce: ffiRet.new_nonce,
+      newAccount: ffiRet.new_account,
+      newOrder: ffiRet.new_order,
+      revokeCert: ffiRet.revoke_cert
+    };
   }
   async newAccountRequest(previousNonce) {
     return await CoreCryptoError.asyncMapErr(this.#enrollment.new_account_request(previousNonce));
@@ -3062,7 +3125,6 @@ var E2eiConversationState;
 })(E2eiConversationState || (E2eiConversationState = {}));
 export {
   WirePolicy2 as WirePolicy,
-  WireIdentity,
   RatchetTreeType,
   ProposalType,
   NewAcmeOrder,
@@ -3071,11 +3133,10 @@ export {
   ExternalProposalType,
   E2eiEnrollment,
   E2eiConversationState,
-  DeviceStatus,
+  DeviceStatus2 as DeviceStatus,
   CredentialType2 as CredentialType,
   CoreCryptoError,
   CoreCrypto2 as CoreCrypto,
   Ciphersuite2 as Ciphersuite,
-  AcmeDirectory,
   AcmeChallenge
 };