@wireapp/core-crypto 5.0.0 → 5.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "5.0.0",
+  "version": "5.2.0",
   "author": "Wire CoreCrypto team <team.corecrypto@wire.com>",
   "repository": {
     "type": "git",

package/src/core-crypto-ffi_bg.wasm.d.ts

@@ -234,7 +234,7 @@ export const __wbindgen_export_6: WebAssembly.Table;
 export const __externref_drop_slice: (a: number, b: number) => void;
 export const __externref_table_dealloc: (a: number) => void;
 export const closure896_externref_shim: (a: number, b: number, c: any) => void;
-export const closure2583_externref_shim: (a: number, b: number, c: any) => void;
-export const closure2781_externref_shim: (a: number, b: number, c: any) => void;
-export const closure2867_externref_shim: (a: number, b: number, c: any, d: any) => void;
+export const closure2581_externref_shim: (a: number, b: number, c: any) => void;
+export const closure2776_externref_shim: (a: number, b: number, c: any) => void;
+export const closure2865_externref_shim: (a: number, b: number, c: any, d: any) => void;
 export const __wbindgen_start: () => void;

package/src/corecrypto.d.ts

@@ -1,30 +1,39 @@
 // Generated by dts-bundle-generator v9.5.1
 
-export interface CoreCryptoRichError {
-	message: string;
-	error_name?: string;
-	error_stack?: string[];
-	proteus_error_code?: number;
-}
 /**
- * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
- *
- * Whenever you're supposed to get this class (that extends `Error`) you might end up with a base `Error`
- * in case the parsing of the message structure fails. This is unlikely but the case is still covered and fall backs automatically.
- * More information will be found in the base `Error.cause` to inform you why the parsing has failed.
- *
- * Please note that in this case the extra properties will not be available.
+ * see [core_crypto::prelude::CiphersuiteName]
  */
-export declare class CoreCryptoError extends Error {
-	errorStack: string[];
-	proteusErrorCode: number | null;
-	private constructor();
-	private static fallback;
-	static build(msg: string, ...params: unknown[]): CoreCryptoError | Error;
-	static fromStdError(e: Error): CoreCryptoError | Error;
-	static asyncMapErr<T>(p: Promise<T>): Promise<T>;
+export declare enum Ciphersuite {
+	/**
+	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
+	 */
+	MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1,
+	/**
+	 * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
+	 */
+	MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2,
+	/**
+	 * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
+	 */
+	MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3,
+	/**
+	 * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	 */
+	MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4,
+	/**
+	 * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	 */
+	MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5,
+	/**
+	 * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	 */
+	MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6,
+	/**
+	 * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	 */
+	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
 }
-declare enum Ciphersuite {
+declare enum Ciphersuite$1 {
 	/**
 	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
 	 */
@@ -74,7 +83,11 @@ declare enum WirePolicy {
 	 */
 	Ciphertext = 2
 }
-declare class AcmeChallenge {
+/**
+ * For creating a challenge.
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
+ */
+export class AcmeChallenge {
 	private constructor();
 	free(): void;
 	/**
@@ -142,13 +155,9 @@ export class BuildMetadata {
 	 */
 	readonly gitDirty: string;
 }
-/**
- * Configuration object for new conversations
- * see [core_crypto::prelude::MlsConversationConfiguration]
- */
-export class ConversationConfiguration {
+declare class ConversationConfiguration {
 	free(): void;
-	constructor(ciphersuite?: Ciphersuite, external_senders?: (Uint8Array)[], key_rotation_span?: number, wire_policy?: WirePolicy);
+	constructor(ciphersuite?: Ciphersuite$1, external_senders?: (Uint8Array)[], key_rotation_span?: number, wire_policy?: WirePolicy);
 	/**
 	 * List of client IDs that are allowed to be external senders
 	 */
@@ -156,7 +165,7 @@ export class ConversationConfiguration {
 	/**
 	 * Conversation ciphersuite
 	 */
-	readonly ciphersuite: Ciphersuite | undefined;
+	readonly ciphersuite: Ciphersuite$1 | undefined;
 	/**
 	 * Additional configuration
 	 */
@@ -198,19 +207,19 @@ declare class CoreCryptoContext {
 	 *
 	 * see [core_crypto::mls::context::CentralContext::client_public_key]
 	 */
-	client_public_key(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>;
+	client_public_key(ciphersuite: Ciphersuite$1, credential_type: CredentialType): Promise<any>;
 	/**
 	 * Returns: [`WasmCryptoResult<js_sys::Array<js_sys::Uint8Array>>`]
 	 *
 	 * see [core_crypto::mls::context::CentralContext::get_or_create_client_keypackages]
 	 */
-	client_keypackages(ciphersuite: Ciphersuite, credential_type: CredentialType, amount_requested: number): Promise<any>;
+	client_keypackages(ciphersuite: Ciphersuite$1, credential_type: CredentialType, amount_requested: number): Promise<any>;
 	/**
 	 * Returns: [`WasmCryptoResult<usize>`]
 	 *
 	 * see [core_crypto::mls::context::CentralContext::client_valid_key_packages_count]
 	 */
-	client_valid_keypackages_count(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>;
+	client_valid_keypackages_count(ciphersuite: Ciphersuite$1, credential_type: CredentialType): Promise<any>;
 	/**
 	 * Returns: [`WasmCryptoResult<usize>`]
 	 *
@@ -440,19 +449,19 @@ declare class CoreCryptoContext {
 	 *
 	 * see [core_crypto::mls::context::CentralContext::e2ei_new_enrollment]
 	 */
-	e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<any>;
 	/**
 	 * Returns: [`WasmCryptoResult<E2eiEnrollment>`]
 	 *
 	 * see [core_crypto::mls::context::CentralContext::e2ei_new_activation_enrollment]
 	 */
-	e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<any>;
 	/**
 	 * Returns: [`WasmCryptoResult<E2eiEnrollment>`]
 	 *
 	 * see [core_crypto::mls::context::CentralContext::e2ei_new_rotate_enrollment]
 	 */
-	e2ei_new_rotate_enrollment(display_name: string | undefined, handle: string | undefined, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	e2ei_new_rotate_enrollment(display_name: string | undefined, handle: string | undefined, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<any>;
 	/**
 	 * See [core_crypto::mls::context::CentralContext::e2ei_dump_pki_env]
 	 */
@@ -494,7 +503,7 @@ declare class CoreCryptoContext {
 	 *
 	 * see [core_crypto::context::CentralContext::delete_stale_key_packages]
 	 */
-	delete_stale_key_packages(cipher_suite: Ciphersuite): Promise<any>;
+	delete_stale_key_packages(cipher_suite: Ciphersuite$1): Promise<any>;
 	/**
 	 * see [core_crypto::mls::context::CentralContext::e2ei_enrollment_stash]
 	 */
@@ -514,7 +523,7 @@ declare class CoreCryptoContext {
 	 *
 	 * see [core_crypto::mls::context::CentralContext::e2ei_is_enabled]
 	 */
-	e2ei_is_enabled(ciphersuite: Ciphersuite): Promise<any>;
+	e2ei_is_enabled(ciphersuite: Ciphersuite$1): Promise<any>;
 	/**
 	 * Returns [`WasmCryptoResult<Vec<WireIdentity>>`]
 	 *
@@ -738,38 +747,49 @@ export class X509Identity {
 	 */
 	readonly notAfter: bigint;
 }
-/**
- * see [core_crypto::prelude::CiphersuiteName]
- */
-declare enum Ciphersuite$1 {
-	/**
-	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
-	 */
-	MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1,
-	/**
-	 * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
-	 */
-	MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2,
-	/**
-	 * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
-	 */
-	MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3,
+interface ConversationConfiguration$1 {
 	/**
-	 * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	 * The ciphersuite which should be used to encrypt this conversation.
 	 */
-	MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4,
+	ciphersuite?: Ciphersuite;
 	/**
-	 * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	 * List of client IDs that are allowed to be external senders
 	 */
-	MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5,
+	externalSenders?: Uint8Array[];
 	/**
-	 * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	 *  Duration in seconds after which we will automatically force a self-update commit
+	 *  Note: This isn't currently implemented
 	 */
-	MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6,
+	keyRotationSpan?: number;
 	/**
-	 * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	 * Defines if handshake messages are encrypted or not
+	 * Note: encrypted handshake messages are not supported by wire-server
 	 */
-	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
+	wirePolicy?: WirePolicy;
+}
+export interface CoreCryptoRichError {
+	message: string;
+	error_name?: string;
+	error_stack?: string[];
+	proteus_error_code?: number;
+}
+/**
+ * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
+ *
+ * Whenever you're supposed to get this class (that extends `Error`) you might end up with a base `Error`
+ * in case the parsing of the message structure fails. This is unlikely but the case is still covered and fall backs automatically.
+ * More information will be found in the base `Error.cause` to inform you why the parsing has failed.
+ *
+ * Please note that in this case the extra properties will not be available.
+ */
+export declare class CoreCryptoError extends Error {
+	errorStack: string[];
+	proteusErrorCode: number | null;
+	private constructor();
+	private static fallback;
+	static build(msg: string, ...params: unknown[]): CoreCryptoError | Error;
+	static fromStdError(e: Error): CoreCryptoError | Error;
+	static asyncMapErr<T>(p: Promise<T>): Promise<T>;
 }
 declare enum CredentialType$1 {
 	/**
@@ -1280,7 +1300,7 @@ declare class CoreCryptoContext$1 {
 	 * @param ciphersuites - All the ciphersuites supported by this MLS client
 	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
 	 */
-	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite$1[], nbKeyPackage?: number): Promise<void>;
+	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise<void>;
 	/**
 	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
 	 * This method is designed to be used in conjunction with {@link CoreCryptoContext.mlsInitWithClientId} and represents the first step in this process
@@ -1288,7 +1308,7 @@ declare class CoreCryptoContext$1 {
 	 * @param ciphersuites - All the ciphersuites supported by this MLS client
 	 * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
 	 */
-	mlsGenerateKeypair(ciphersuites: Ciphersuite$1[]): Promise<Uint8Array[]>;
+	mlsGenerateKeypair(ciphersuites: Ciphersuite[]): Promise<Uint8Array[]>;
 	/**
 	 * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
 	 *
@@ -1298,7 +1318,7 @@ declare class CoreCryptoContext$1 {
 	 * @param signaturePublicKeys - The public key you were given at the first step; This is for authentication purposes
 	 * @param ciphersuites - All the ciphersuites supported by this MLS client
 	 */
-	mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite$1[]): Promise<void>;
+	mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite[]): Promise<void>;
 	/**
 	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
 	 *
@@ -1342,7 +1362,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @returns the ciphersuite of the conversation
 	 */
-	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite$1>;
+	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite>;
 	/**
 	 * Wipes and destroys the local storage of a given conversation / MLS group
 	 *
@@ -1360,7 +1380,7 @@ declare class CoreCryptoContext$1 {
 	 * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
 	 * @param configuration.custom - {@link CustomConfiguration}
 	 */
-	createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType$1, configuration?: Partial<ConversationConfiguration>): Promise<any>;
+	createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType$1, configuration?: ConversationConfiguration$1): Promise<any>;
 	/**
 	 * Decrypts a message for a given conversation.
 	 *
@@ -1403,14 +1423,14 @@ declare class CoreCryptoContext$1 {
 	 * @param credentialType - of the public key to look for
 	 * @returns the client's public signature key
 	 */
-	clientPublicKey(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<Uint8Array>;
+	clientPublicKey(ciphersuite: Ciphersuite, credentialType: CredentialType$1): Promise<Uint8Array>;
 	/**
 	 *
 	 * @param ciphersuite - of the KeyPackages to count
 	 * @param credentialType - of the KeyPackages to count
 	 * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
 	 */
-	clientValidKeypackagesCount(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<number>;
+	clientValidKeypackagesCount(ciphersuite: Ciphersuite, credentialType: CredentialType$1): Promise<number>;
 	/**
 	 * Fetches a requested amount of keypackages
 	 *
@@ -1419,7 +1439,7 @@ declare class CoreCryptoContext$1 {
 	 * @param amountRequested - The amount of keypackages requested
 	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
 	 */
-	clientKeypackages(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1, amountRequested: number): Promise<Array<Uint8Array>>;
+	clientKeypackages(ciphersuite: Ciphersuite, credentialType: CredentialType$1, amountRequested: number): Promise<Array<Uint8Array>>;
 	/**
 	 * Prunes local KeyPackages after making sure they also have been deleted on the backend side
 	 * You should only use this after calling {@link CoreCryptoContext.e2eiRotate} on all conversations.
@@ -1650,7 +1670,7 @@ declare class CoreCryptoContext$1 {
 	 * @param team - name of the Wire team a user belongs to
 	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiMlsInitOnly}
 	 */
-	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
 	/**
 	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
 	 * Once the enrollment is finished, use {@link CoreCryptoContext.e2eiRotate} to do key rotation.
@@ -1662,7 +1682,7 @@ declare class CoreCryptoContext$1 {
 	 * @param team - name of the Wire team a user belongs to
 	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotate}
 	 */
-	e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
 	/**
 	 * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
 	 * having to change/rotate their credential, either because the former one is expired or it
@@ -1677,7 +1697,7 @@ declare class CoreCryptoContext$1 {
 	 * @param team - name of the Wire team a user belongs to
 	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotate}
 	 */
-	e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite$1, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
 	/**
 	 * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ;
 	 * that means he cannot initialize with a Basic credential
@@ -1763,7 +1783,7 @@ declare class CoreCryptoContext$1 {
 	 * saved x509 credential and the provided signature scheme.
 	 * @param cipherSuite
 	 */
-	deleteStaleKeyPackages(cipherSuite: Ciphersuite$1): Promise<void>;
+	deleteStaleKeyPackages(cipherSuite: Ciphersuite): Promise<void>;
 	/**
 	 * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
 	 * it later with {@link e2eiEnrollmentStashPop}
@@ -1793,7 +1813,7 @@ declare class CoreCryptoContext$1 {
 	 * @param ciphersuite of the credential to check
 	 * @returns true if end-to-end identity is enabled for the given ciphersuite
 	 */
-	e2eiIsEnabled(ciphersuite: Ciphersuite$1): Promise<boolean>;
+	e2eiIsEnabled(ciphersuite: Ciphersuite): Promise<boolean>;
 	/**
 	 * From a given conversation, get the identity of the members supplied. Identity is only present for members with a
 	 * Certificate Credential (after turning on end-to-end identity).
@@ -1860,7 +1880,7 @@ export interface CoreCryptoParams extends CoreCryptoDeferredParams {
 	/**
 	 * All the ciphersuites this MLS client can support
 	 */
-	ciphersuites: Ciphersuite$1[];
+	ciphersuites: Ciphersuite[];
 	/**
 	 * Number of initial KeyPackage to create when initializing the client
 	 */
@@ -2025,7 +2045,7 @@ export declare class CoreCrypto {
 	 *
 	 * @returns the ciphersuite of the conversation
 	 */
-	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite$1>;
+	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite>;
 	/**
 	 * See {@link CoreCryptoContext.clientPublicKey}.
 	 *
@@ -2033,7 +2053,7 @@ export declare class CoreCrypto {
 	 * @param credentialType - of the public key to look for
 	 * @returns the client's public signature key
 	 */
-	clientPublicKey(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<Uint8Array>;
+	clientPublicKey(ciphersuite: Ciphersuite, credentialType: CredentialType$1): Promise<Uint8Array>;
 	/**
 	 * See {@link CoreCryptoContext.exportSecretKey}.
 	 *
@@ -2131,7 +2151,7 @@ export declare class CoreCrypto {
 	 * @param ciphersuite of the credential to check
 	 * @returns true if end-to-end identity is enabled for the given ciphersuite
 	 */
-	e2eiIsEnabled(ciphersuite: Ciphersuite$1): Promise<boolean>;
+	e2eiIsEnabled(ciphersuite: Ciphersuite): Promise<boolean>;
 	/**
 	 * See {@link CoreCryptoContext.getDeviceIdentities}.
 	 *
@@ -2166,7 +2186,7 @@ export declare class CoreCrypto {
 }
 
 export {
-	Ciphersuite$1 as Ciphersuite,
+	ConversationConfiguration$1 as ConversationConfiguration,
 	CoreCryptoContext$1 as CoreCryptoContext,
 	CredentialType$1 as CredentialType,
 	WirePolicy$1 as WirePolicy,

package/src/corecrypto.js

@@ -22,6 +22,17 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
 
+// src/Ciphersuite.ts
+var Ciphersuite;
+((Ciphersuite2) => {
+  Ciphersuite2[Ciphersuite2["MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519"] = 1] = "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519";
+  Ciphersuite2[Ciphersuite2["MLS_128_DHKEMP256_AES128GCM_SHA256_P256"] = 2] = "MLS_128_DHKEMP256_AES128GCM_SHA256_P256";
+  Ciphersuite2[Ciphersuite2["MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519"] = 3] = "MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519";
+  Ciphersuite2[Ciphersuite2["MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448"] = 4] = "MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448";
+  Ciphersuite2[Ciphersuite2["MLS_256_DHKEMP521_AES256GCM_SHA512_P521"] = 5] = "MLS_256_DHKEMP521_AES256GCM_SHA512_P521";
+  Ciphersuite2[Ciphersuite2["MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448"] = 6] = "MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448";
+  Ciphersuite2[Ciphersuite2["MLS_256_DHKEMP384_AES256GCM_SHA384_P384"] = 7] = "MLS_256_DHKEMP384_AES256GCM_SHA384_P384";
+})(Ciphersuite ||= {});
 // src/CoreCryptoError.ts
 class CoreCryptoError extends Error {
   errorStack;
@@ -299,15 +310,15 @@ function __wbg_adapter_60(arg0, arg1, arg2) {
   wasm.closure896_externref_shim(arg0, arg1, arg2);
 }
 function __wbg_adapter_63(arg0, arg1, arg2) {
-  wasm.closure2583_externref_shim(arg0, arg1, arg2);
+  wasm.closure2581_externref_shim(arg0, arg1, arg2);
 }
 function __wbg_adapter_66(arg0, arg1, arg2) {
-  wasm.closure2781_externref_shim(arg0, arg1, arg2);
+  wasm.closure2776_externref_shim(arg0, arg1, arg2);
 }
 function __wbg_adapter_506(arg0, arg1, arg2, arg3) {
-  wasm.closure2867_externref_shim(arg0, arg1, arg2, arg3);
+  wasm.closure2865_externref_shim(arg0, arg1, arg2, arg3);
 }
-var Ciphersuite = Object.freeze({
+var Ciphersuite2 = Object.freeze({
   MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1,
   "1": "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519",
   MLS_128_DHKEMP256_AES128GCM_SHA256_P256: 2,
@@ -2094,7 +2105,7 @@ function __wbg_get_imports() {
     const ret = Object.entries(arg0);
     return ret;
   };
-  imports.wbg.__wbg_epochchanged_1c4fa93ea9e2b0bc = function() {
+  imports.wbg.__wbg_epochchanged_e8c8becbe2fbb9d4 = function() {
     return handleError(function(arg0, arg1, arg2, arg3) {
       var v0 = getArrayU8FromWasm0(arg1, arg2).slice();
       wasm.__wbindgen_free(arg1, arg2 * 1, 1);
@@ -2126,7 +2137,7 @@ function __wbg_get_imports() {
       return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);
     }, arguments);
   };
-  imports.wbg.__wbg_execute_077721bcdc99f713 = function() {
+  imports.wbg.__wbg_execute_e839de2fc4a6dc9b = function() {
     return handleError(function(arg0, arg1) {
       const ret = arg0.execute(CoreCryptoContext.__wrap(arg1));
       return ret;
@@ -2709,12 +2720,12 @@ function __wbg_get_imports() {
     const ret = false;
     return ret;
   };
-  imports.wbg.__wbindgen_closure_wrapper13852 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 2584, __wbg_adapter_63);
+  imports.wbg.__wbindgen_closure_wrapper13824 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 2582, __wbg_adapter_63);
     return ret;
   };
-  imports.wbg.__wbindgen_closure_wrapper14887 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 2782, __wbg_adapter_66);
+  imports.wbg.__wbindgen_closure_wrapper14861 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 2777, __wbg_adapter_66);
     return ret;
   };
   imports.wbg.__wbindgen_closure_wrapper3692 = function(arg0, arg1, arg2) {
@@ -2849,16 +2860,6 @@ async function __wbg_init(module_or_path) {
 var core_crypto_ffi_default = __wbg_init;
 
 // src/CoreCryptoMLS.ts
-var Ciphersuite2;
-((Ciphersuite3) => {
-  Ciphersuite3[Ciphersuite3["MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519"] = 1] = "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519";
-  Ciphersuite3[Ciphersuite3["MLS_128_DHKEMP256_AES128GCM_SHA256_P256"] = 2] = "MLS_128_DHKEMP256_AES128GCM_SHA256_P256";
-  Ciphersuite3[Ciphersuite3["MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519"] = 3] = "MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519";
-  Ciphersuite3[Ciphersuite3["MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448"] = 4] = "MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448";
-  Ciphersuite3[Ciphersuite3["MLS_256_DHKEMP521_AES256GCM_SHA512_P521"] = 5] = "MLS_256_DHKEMP521_AES256GCM_SHA512_P521";
-  Ciphersuite3[Ciphersuite3["MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448"] = 6] = "MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448";
-  Ciphersuite3[Ciphersuite3["MLS_256_DHKEMP384_AES256GCM_SHA384_P384"] = 7] = "MLS_256_DHKEMP384_AES256GCM_SHA384_P384";
-})(Ciphersuite2 ||= {});
 var CredentialType2;
 ((CredentialType3) => {
   CredentialType3[CredentialType3["Basic"] = 1] = "Basic";
@@ -2994,6 +2995,12 @@ var E2eiConversationState;
   E2eiConversationState2[E2eiConversationState2["NotEnabled"] = 3] = "NotEnabled";
 })(E2eiConversationState ||= {});
 
+// src/ConversationConfiguration.ts
+function conversationConfigurationToFfi(cc) {
+  const ciphersuite = cc.ciphersuite ? normalizeEnum(Ciphersuite2, cc.ciphersuite) : undefined;
+  return new ConversationConfiguration(ciphersuite, cc.externalSenders, cc.keyRotationSpan, cc.wirePolicy);
+}
+
 // src/CoreCryptoContext.ts
 class CoreCryptoContext2 {
   #ctx;
@@ -3037,12 +3044,7 @@ class CoreCryptoContext2 {
     return await CoreCryptoError.asyncMapErr(this.#ctx.wipe_conversation(conversationId));
   }
   async createConversation(conversationId, creatorCredentialType, configuration = {}) {
-    const {
-      ciphersuite,
-      externalSenders,
-      custom = {}
-    } = configuration || {};
-    const config = new ConversationConfiguration(ciphersuite, externalSenders, custom?.keyRotationSpan, custom?.wirePolicy);
+    const config = conversationConfigurationToFfi(configuration);
     return await CoreCryptoError.asyncMapErr(this.#ctx.create_conversation(conversationId, creatorCredentialType, config));
   }
   async decryptMessage(conversationId, payload) {
@@ -3509,7 +3511,7 @@ export {
   CoreCryptoError,
   CoreCryptoContext2 as CoreCryptoContext,
   CoreCrypto2 as CoreCrypto,
-  ConversationConfiguration,
-  Ciphersuite2 as Ciphersuite,
-  BuildMetadata2 as BuildMetadata
+  Ciphersuite,
+  BuildMetadata2 as BuildMetadata,
+  AcmeChallenge
 };