npm - @wireapp/core-crypto - Versions diffs - 7.0.1 → 8.0.0 - Mend

@wireapp/core-crypto 7.0.1 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +17 -17
package/src/CoreCrypto.ts +116 -0
package/src/corecrypto.d.ts +251 -232
package/src/corecrypto.js +640 -520
package/src/core-crypto-ffi_bg.wasm +0 -0
package/src/core-crypto-ffi_bg.wasm.d.ts +0 -269

package/src/corecrypto.d.ts CHANGED Viewed

@@ -1,9 +1,22 @@
 // Generated by dts-bundle-generator v9.5.1
+/* tslint:disable */
+/* eslint-disable */
+export function ciphersuiteFromU16(discriminant: number): Ciphersuite;
+export function ciphersuiteDefault(): Ciphersuite;
 /**
- * see [core_crypto::prelude::CiphersuiteName]
+ * Updates the key of the CoreCrypto database.
+ * To be used only once, when moving from CoreCrypto <= 5.x to CoreCrypto 6.x.
  */
-export declare enum Ciphersuite {
+export function migrateDatabaseKeyTypeToBytes(name: string, old_key: string, new_key: DatabaseKey): Promise<void>;
+/**
+ * Updates the key of the CoreCrypto database.
+ */
+export function updateDatabaseKey(name: string, old_key: DatabaseKey, new_key: DatabaseKey): Promise<void>;
+/**
+ * MLS ciphersuites.
+ */
+export enum Ciphersuite {
 	/**
 	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
 	 */
@@ -33,13 +46,6 @@ export declare enum Ciphersuite {
 	 */
 	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
 }
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Updates the key of the CoreCrypto database.
- * To be used only once, when moving from CoreCrypto <= 5.x to CoreCrypto 6.x.
- */
-export function migrateDatabaseKeyTypeToBytes(name: string, old_key: string, new_key: DatabaseKey): Promise<void>;
 export enum CredentialType {
 	/**
 	 * Basic credential i.e. a KeyPair
@@ -156,11 +162,6 @@ declare class AcmeDirectory {
 	 */
 	readonly revokeCert: string;
 }
-declare class ArrayOfByteArray {
-	free(): void;
-	constructor(aoba: Uint8Array[]);
-	as_arrays(): Uint8Array[];
-}
 declare class BufferedDecryptedMessage {
 	private constructor();
 	free(): void;
@@ -184,7 +185,7 @@ declare class BufferedDecryptedMessage {
 	/**
 	 * New CRL Distribution of members of this group
 	 */
-	readonly crlNewDistributionPoints: NewCrlDistributionPoints;
+	readonly crlNewDistributionPoints: string[] | undefined;
 }
 /**
  * Metadata describing the conditions of the build of this software.
@@ -237,29 +238,36 @@ export class BuildMetadata {
 	 */
 	readonly gitDirty: string;
 }
-declare class Ciphersuite$1 {
-	free(): void;
-	as_u16(): number;
-	constructor(discriminant: number);
-}
-declare class Ciphersuites {
-	free(): void;
-	constructor(ids: Uint16Array);
-}
-declare class ClientId {
+export class ClientId {
 	free(): void;
 	constructor(bytes: Uint8Array);
-	as_bytes(): Uint8Array;
+	copyBytes(): Uint8Array;
 }
 declare class ConversationConfiguration {
 	free(): void;
-	constructor(ciphersuite?: Ciphersuite$1 | null, external_senders?: Uint8Array[] | null, key_rotation_span?: number | null, wire_policy?: WirePolicy | null);
-	readonly ciphersuite: Ciphersuite$1 | undefined;
+	constructor(ciphersuite?: Ciphersuite | null, external_senders?: ExternalSenderKey[] | null, key_rotation_span?: number | null, wire_policy?: WirePolicy | null);
+	readonly ciphersuite: Ciphersuite | undefined;
+	readonly externalSenders: ExternalSenderKey[];
 	readonly custom: CustomConfiguration;
+}
+/**
+ * r" A unique identifier for a single conversation.
+ * r"
+ * r" The backend provides an opaque string identifying a new conversation.
+ * r" Construct an instance of this newtype to pass that identifier to Rust.
+ */
+export class ConversationId {
+	free(): void;
 	/**
-	 * List of client IDs that are allowed to be external senders
+	 * Construct a new instance, transferring data from the client layer to Rust.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
 	 */
-	readonly externalSenders: Uint8Array[];
+	copyBytes(): Uint8Array;
 }
 declare class CoreCryptoContext {
 	private constructor();
@@ -267,15 +275,15 @@ declare class CoreCryptoContext {
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_new_enrollment]
 	 */
-	e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<FfiWireE2EIdentity>;
+	e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<FfiWireE2EIdentity>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_new_activation_enrollment]
 	 */
-	e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<FfiWireE2EIdentity>;
+	e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<FfiWireE2EIdentity>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_new_rotate_enrollment]
 	 */
-	e2ei_new_rotate_enrollment(display_name: string | null | undefined, handle: string | null | undefined, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite$1): Promise<FfiWireE2EIdentity>;
+	e2ei_new_rotate_enrollment(display_name: string | null | undefined, handle: string | null | undefined, team: string | null | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<FfiWireE2EIdentity>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_register_acme_ca]
 	 */
@@ -283,7 +291,7 @@ declare class CoreCryptoContext {
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_register_intermediate_ca_pem]
 	 */
-	e2ei_register_intermediate_ca(cert_pem: string): Promise<NewCrlDistributionPoints>;
+	e2ei_register_intermediate_ca(cert_pem: string): Promise<string[] | undefined>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_register_crl]
 	 */
@@ -291,19 +299,19 @@ declare class CoreCryptoContext {
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_mls_init_only]
 	 */
-	e2ei_mls_init_only(enrollment: FfiWireE2EIdentity, certificate_chain: string, nb_key_package?: number | null): Promise<NewCrlDistributionPoints>;
+	e2ei_mls_init_only(enrollment: FfiWireE2EIdentity, certificate_chain: string, nb_key_package?: number | null): Promise<string[] | undefined>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::e2ei_rotate]
 	 */
-	e2ei_rotate(conversation_id: Uint8Array): Promise<void>;
+	e2ei_rotate(conversation_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::save_x509_credential]
 	 */
-	save_x509_credential(enrollment: FfiWireE2EIdentity, certificate_chain: string): Promise<NewCrlDistributionPoints>;
+	save_x509_credential(enrollment: FfiWireE2EIdentity, certificate_chain: string): Promise<string[] | undefined>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::delete_stale_key_packages]
 	 */
-	delete_stale_key_packages(ciphersuite: Ciphersuite$1): Promise<void>;
+	delete_stale_key_packages(ciphersuite: Ciphersuite): Promise<void>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::e2ei_enrollment_stash]
 	 *
@@ -317,27 +325,19 @@ declare class CoreCryptoContext {
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::e2ei_conversation_state]
 	 */
-	e2ei_conversation_state(conversation_id: Uint8Array): Promise<E2eiConversationState>;
+	e2ei_conversation_state(conversation_id: ConversationId): Promise<E2eiConversationState>;
 	/**
 	 * See [core_crypto::prelude::Session::e2ei_is_enabled]
 	 */
-	e2ei_is_enabled(ciphersuite: Ciphersuite$1): Promise<boolean>;
+	e2ei_is_enabled(ciphersuite: Ciphersuite): Promise<boolean>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::get_device_identities]
 	 */
-	get_device_identities(conversation_id: Uint8Array, device_ids: ClientId[]): Promise<WireIdentity[]>;
+	get_device_identities(conversation_id: ConversationId, device_ids: ClientId[]): Promise<WireIdentity[]>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::get_user_identities]
 	 */
-	get_user_identities(conversation_id: Uint8Array, user_ids: string[]): Promise<Map<string, WireIdentity[]>>;
-	/**
-	 * See [core_crypto::prelude::Session::get_credential_in_use]
-	 */
-	get_credential_in_use(group_info: Uint8Array, credential_type: CredentialType): Promise<E2eiConversationState>;
-	/**
-	 * See [core_crypto::prelude::Session::e2ei_dump_pki_env]
-	 */
-	e2ei_dump_pki_env(): Promise<E2eiDumpedPkiEnv | undefined>;
+	get_user_identities(conversation_id: ConversationId, user_ids: string[]): Promise<Map<string, WireIdentity[]>>;
 	/**
 	 * See [core_crypto::prelude::Session::e2ei_is_pki_env_setup]
 	 */
@@ -345,99 +345,95 @@ declare class CoreCryptoContext {
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::mls_init]
 	 */
-	mls_init(client_id: ClientId, ciphersuites: Ciphersuites, nb_key_package?: number | null): Promise<void>;
-	/**
-	 * See [core_crypto::transaction_context::TransactionContext::mls_generate_keypairs]
-	 */
-	mls_generate_keypairs(ciphersuites: Ciphersuites): Promise<ClientId[]>;
-	/**
-	 * See [core_crypto::transaction_context::TransactionContext::mls_init_with_client_id]
-	 */
-	mls_init_with_client_id(client_id: ClientId, tmp_client_ids: ClientId[], ciphersuites: Ciphersuites): Promise<void>;
+	mls_init(client_id: ClientId, ciphersuites: any[], nb_key_package?: number | null): Promise<void>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::client_public_key]
 	 */
-	client_public_key(ciphersuite: Ciphersuite$1, credential_type: CredentialType): Promise<Uint8Array>;
+	client_public_key(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<Uint8Array>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::epoch]
 	 */
-	conversation_epoch(conversation_id: Uint8Array): Promise<bigint>;
+	conversation_epoch(conversation_id: ConversationId): Promise<bigint>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::ciphersuite]
 	 */
-	conversation_ciphersuite(conversation_id: Uint8Array): Promise<Ciphersuite$1>;
+	conversation_ciphersuite(conversation_id: ConversationId): Promise<Ciphersuite>;
 	/**
 	 * See [core_crypto::prelude::Session::conversation_exists]
 	 */
-	conversation_exists(conversation_id: Uint8Array): Promise<boolean>;
+	conversation_exists(conversation_id: ConversationId): Promise<boolean>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::get_client_ids]
 	 */
-	get_client_ids(conversation_id: Uint8Array): Promise<ClientId[]>;
+	get_client_ids(conversation_id: ConversationId): Promise<ClientId[]>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::export_secret_key]
 	 */
-	export_secret_key(conversation_id: Uint8Array, key_length: number): Promise<Uint8Array>;
+	export_secret_key(conversation_id: ConversationId, key_length: number): Promise<SecretKey>;
 	/**
 	 * See [core_crypto::mls::conversation::Conversation::get_external_sender]
 	 */
-	get_external_sender(conversation_id: Uint8Array): Promise<Uint8Array>;
+	get_external_sender(conversation_id: ConversationId): Promise<ExternalSenderKey>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::get_or_create_client_keypackages]
 	 */
-	client_keypackages(ciphersuite: Ciphersuite$1, credential_type: CredentialType, amount_requested: number): Promise<ArrayOfByteArray>;
+	client_keypackages(ciphersuite: Ciphersuite, credential_type: CredentialType, amount_requested: number): Promise<KeyPackage[]>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::client_valid_key_packages_count]
 	 */
-	client_valid_keypackages_count(ciphersuite: Ciphersuite$1, credential_type: CredentialType): Promise<bigint>;
-	/**
-	 * See [core_crypto::transaction_context::TransactionContext::delete_keypackages]
-	 */
-	delete_keypackages(refs: ArrayOfByteArray): Promise<void>;
+	client_valid_keypackages_count(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<bigint>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::new_conversation]
 	 */
-	create_conversation(conversation_id: Uint8Array, creator_credential_type: CredentialType, config: ConversationConfiguration): Promise<void>;
+	create_conversation(conversation_id: ConversationId, creator_credential_type: CredentialType, config: ConversationConfiguration): Promise<void>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::process_raw_welcome_message]
 	 */
-	process_welcome_message(welcome_message: Uint8Array, custom_configuration: CustomConfiguration): Promise<WelcomeBundle>;
+	process_welcome_message(welcome_message: Welcome, custom_configuration: CustomConfiguration): Promise<WelcomeBundle>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::add_members]
 	 */
-	add_clients_to_conversation(conversation_id: Uint8Array, key_packages: ArrayOfByteArray): Promise<NewCrlDistributionPoints>;
+	add_clients_to_conversation(conversation_id: ConversationId, key_packages: KeyPackage[]): Promise<string[] | undefined>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::remove_members]
 	 */
-	remove_clients_from_conversation(conversation_id: Uint8Array, clients: ClientId[]): Promise<void>;
+	remove_clients_from_conversation(conversation_id: ConversationId, clients: ClientId[]): Promise<void>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::mark_as_child_of]
 	 */
-	mark_conversation_as_child_of(child_id: Uint8Array, parent_id: Uint8Array): Promise<void>;
+	mark_conversation_as_child_of(child_id: ConversationId, parent_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::update_key_material]
 	 */
-	update_keying_material(conversation_id: Uint8Array): Promise<void>;
+	update_keying_material(conversation_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::commit_pending_proposals]
 	 */
-	commit_pending_proposals(conversation_id: Uint8Array): Promise<void>;
+	commit_pending_proposals(conversation_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::wipe]
 	 */
-	wipe_conversation(conversation_id: Uint8Array): Promise<void>;
+	wipe_conversation(conversation_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::decrypt_message]
 	 */
-	decrypt_message(conversation_id: Uint8Array, payload: Uint8Array): Promise<DecryptedMessage>;
+	decrypt_message(conversation_id: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
 	/**
 	 * See [core_crypto::mls::conversation::ConversationGuard::encrypt_message]
 	 */
-	encrypt_message(conversation_id: Uint8Array, message: Uint8Array): Promise<Uint8Array>;
+	encrypt_message(conversation_id: ConversationId, message: Uint8Array): Promise<Uint8Array>;
 	/**
 	 * See [core_crypto::transaction_context::TransactionContext::join_by_external_commit]
 	 */
-	join_by_external_commit(group_info: Uint8Array, custom_configuration: CustomConfiguration, credential_type: CredentialType): Promise<WelcomeBundle>;
+	join_by_external_commit(group_info: GroupInfo, custom_configuration: CustomConfiguration, credential_type: CredentialType): Promise<WelcomeBundle>;
+	/**
+	 * See [core_crypto::mls::conversation::ConversationGuard::enable_history_sharing]
+	 */
+	enable_history_sharing(conversation_id: ConversationId): Promise<void>;
+	/**
+	 * See [core_crypto::mls::conversation::ConversationGuard::disable_history_sharing]
+	 */
+	disable_history_sharing(conversation_id: ConversationId): Promise<void>;
 	/**
 	 * See [core_crypto::proteus::ProteusCentral::try_new]
 	 */
@@ -601,26 +597,25 @@ declare class DecryptedMessage {
 	/**
 	 * New CRL Distribution of members of this group
 	 */
-	readonly crlNewDistributionPoints: NewCrlDistributionPoints;
+	readonly crlNewDistributionPoints: string[] | undefined;
 }
 /**
- * Dump of the PKI environemnt as PEM
+ * r" The raw public key of an external sender.
+ * r"
+ * r" This can be used to initialize a subconversation.
  */
-export class E2eiDumpedPkiEnv {
-	private constructor();
+export class ExternalSenderKey {
 	free(): void;
 	/**
-	 * Root CA in use (i.e. Trust Anchor)
-	 */
-	readonly root_ca: string;
-	/**
-	 * Intermediate CAs that are loaded
+	 * Construct a new instance, transferring data from the client layer to Rust.
 	 */
-	readonly intermediates: string[];
+	constructor(bytes: Uint8Array);
 	/**
-	 * CRLs registered in the PKI env
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
 	 */
-	readonly crls: string[];
+	copyBytes(): Uint8Array;
 }
 declare class FfiWireE2EIdentity {
 	private constructor();
@@ -694,6 +689,43 @@ declare class FfiWireE2EIdentity {
 	 */
 	new_oidc_challenge_response(challenge: Uint8Array): Promise<void>;
 }
+/**
+ * r" MLS Group Information
+ * r"
+ * r" This is used when joining by external commit.
+ * r" It can be found within the `GroupInfoBundle` within a `CommitBundle`.
+ */
+export class GroupInfo {
+	free(): void;
+	/**
+	 * Construct a new instance, transferring data from the client layer to Rust.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
+	 */
+	copyBytes(): Uint8Array;
+}
+declare class KeyPackage {
+	free(): void;
+	/**
+	 * Construct a new instance, transferring data from the client layer to Rust.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
+	 */
+	copyBytes(): Uint8Array;
+}
+export class MlsTransportData {
+	free(): void;
+	constructor(buf: Uint8Array);
+	readonly data: Uint8Array;
+}
 /**
  * Result of an authorization creation.
  *
@@ -728,17 +760,49 @@ export class NewAcmeOrder {
 	readonly delegate: Uint8Array;
 	readonly authorizations: string[];
 }
-declare class NewCrlDistributionPoints {
-	private constructor();
-	free(): void;
-	as_strings(): string[] | undefined;
-}
 declare class ProteusAutoPrekeyBundle {
 	private constructor();
 	free(): void;
 	readonly id: number;
 	readonly pkb: Uint8Array;
 }
+/**
+ * r" A secret key derived from the group secret.
+ * r"
+ * r" This is intended to be used for AVS.
+ */
+export class SecretKey {
+	free(): void;
+	/**
+	 * Construct a new instance, transferring data from the client layer to Rust.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
+	 */
+	copyBytes(): Uint8Array;
+}
+/**
+ * r" A TLS-serialized Welcome message.
+ * r"
+ * r" This structure is defined in RFC 9420:
+ * r" <https://www.rfc-editor.org/rfc/rfc9420.html#joining-via-welcome-message>.
+ */
+export class Welcome {
+	free(): void;
+	/**
+	 * Construct a new instance, transferring data from the client layer to Rust.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Get the raw bytes from this type, transferring data from Rust to the client layer.
+	 *
+	 * This does not consume the newtype, instead copying the internal data across the FFI boundary.
+	 */
+	copyBytes(): Uint8Array;
+}
 /**
  * see [core_crypto::prelude::WelcomeBundle]
  */
@@ -748,7 +812,7 @@ export class WelcomeBundle {
 	/**
 	 * Identifier of the joined conversation
 	 */
-	readonly id: Uint8Array;
+	readonly id: ConversationId;
 	/**
 	 * New CRL Distribution of members of this group
 	 */
@@ -781,13 +845,13 @@ export class WireIdentity {
 export class X509Identity {
 	private constructor();
 	free(): void;
-	handle: string;
-	display_name: string;
-	domain: string;
-	certificate: string;
-	serial_number: string;
-	not_before: bigint;
-	not_after: bigint;
+	readonly handle: string;
+	readonly displayName: string;
+	readonly domain: string;
+	readonly certificate: string;
+	readonly serialNumber: string;
+	readonly notBefore: bigint;
+	readonly notAfter: bigint;
 }
 interface ConversationConfiguration$1 {
 	/**
@@ -797,7 +861,7 @@ interface ConversationConfiguration$1 {
 	/**
 	 * List of client IDs that are allowed to be external senders
 	 */
-	externalSenders?: Uint8Array[];
+	externalSenders?: ExternalSenderKey[];
 	/**
 	 *  Duration in seconds after which we will automatically force a self-update commit
 	 *  Note: This isn't currently implemented
@@ -829,24 +893,22 @@ export declare class CoreCryptoError extends Error {
 	proteusErrorCode: number | null;
 	private constructor();
 	private static fallback;
-	static build(msg: string, ...params: unknown[]): CoreCryptoError | Error;
-	static fromStdError(e: Error): CoreCryptoError | Error;
+	static build(msg: string, ...params: unknown[]): CoreCryptoError;
+	static fromStdError(e: Error): CoreCryptoError;
 	static asyncMapErr<T>(p: Promise<T>): Promise<T>;
 }
-/**
- * Alias for conversation IDs.
- * This is a freeform, uninspected buffer.
- */
-export type ConversationId = Uint8Array;
-/**
- * Alias for client identifier.
- * This is a freeform, uninspected buffer.
- */
-type ClientId$1 = Uint8Array;
 /**
  * Alias for proposal reference. It is a byte array of size 16.
  */
 export type ProposalRef = Uint8Array;
+/**
+ * A `HistorySecret` encodes sufficient client state that it can be used to instantiate an
+ * ephemeral client.
+ */
+export interface HistorySecret {
+	clientId: ClientId;
+	data: Uint8Array;
+}
 /**
  * Data shape for a MLS generic commit + optional bundle (aka stapled commit & welcome)
  */
@@ -862,13 +924,18 @@ export interface CommitBundle {
 	 *
 	 * @readonly
 	 */
-	welcome?: Uint8Array;
+	welcome?: Welcome;
 	/**
 	 * MLS GroupInfo which is required for joining a group by external commit
 	 *
 	 * @readonly
 	 */
 	groupInfo: GroupInfoBundle;
+	/**
+	 * An encrypted message to fan out to all other conversation members in the new epoch
+	 * @readonly
+	 */
+	encryptedMessage?: Uint8Array;
 }
 /**
  * Wraps a GroupInfo in order to efficiently upload it to the Delivery Service.
@@ -886,7 +953,7 @@ export interface GroupInfoBundle {
 	/**
 	 * TLS-serialized GroupInfo
 	 */
-	payload: Uint8Array;
+	payload: GroupInfo;
 }
 /**
  * This is a wrapper for all the possible outcomes you can get after decrypting a message
@@ -907,7 +974,7 @@ interface DecryptedMessage$1 {
 	/**
 	 * Client identifier of the sender of the message being decrypted. Only present for application messages.
 	 */
-	senderClientId?: ClientId$1;
+	senderClientId?: ClientId;
 	/**
 	 * true when the decrypted message resulted in an epoch change i.e. it was a commit
 	 */
@@ -948,7 +1015,7 @@ interface BufferedDecryptedMessage$1 {
 	/**
 	 * see {@link DecryptedMessage.senderClientId}
 	 */
-	senderClientId?: ClientId$1;
+	senderClientId?: ClientId;
 	/**
 	 * see {@link DecryptedMessage.hasEpochChanged}
 	 */
@@ -991,6 +1058,12 @@ export interface MlsTransport {
 	 * @returns a promise resolving to a {@link MlsTransportResponse}
 	 */
 	sendMessage: (message: Uint8Array) => Promise<MlsTransportResponse>;
+	/**
+	 *  This callback is called by CoreCrypto to prepare a history secret to be sent to the delivery service.
+	 * @param secret
+	 * @returns a promise resolving to a {@link MlsTransportData}
+	 */
+	prepareForTransport: (secret: HistorySecret) => Promise<MlsTransportData>;
 }
 /**
  *  Supporting struct for CRL registration result
@@ -1030,7 +1103,7 @@ interface AcmeDirectory$1 {
 /**
  * Returned by APIs whose code paths potentially discover new certificate revocation list distribution URLs.
  */
-type NewCrlDistributionPoints$1 = string[] | undefined;
+export type NewCrlDistributionPoints = string[] | undefined;
 export type JsonRawData = Uint8Array;
 export declare class E2eiEnrollment {
 	#private;
@@ -1235,25 +1308,7 @@ declare class CoreCryptoContext$1 {
 	 * @param ciphersuites - All the ciphersuites supported by this MLS client
 	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
 	 */
-	mlsInit(clientId: ClientId$1, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise<void>;
-	/**
-	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
-	 * This method is designed to be used in conjunction with {@link CoreCryptoContext.mlsInitWithClientId} and represents the first step in this process
-	 *
-	 * @param ciphersuites - All the ciphersuites supported by this MLS client
-	 * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
-	 */
-	mlsGenerateKeypair(ciphersuites: Ciphersuite[]): Promise<Uint8Array[]>;
-	/**
-	 * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
-	 *
-	 * Important: This is designed to be called after {@link CoreCryptoContext.mlsGenerateKeypair}
-	 *
-	 * @param clientId - The newly-allocated client ID by the MLS Authentication Service
-	 * @param signaturePublicKeys - The public key you were given at the first step; This is for authentication purposes
-	 * @param ciphersuites - All the ciphersuites supported by this MLS client
-	 */
-	mlsInitWithClientId(clientId: ClientId$1, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite[]): Promise<void>;
+	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise<void>;
 	/**
 	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
 	 *
@@ -1349,7 +1404,7 @@ declare class CoreCryptoContext$1 {
 	 * @param configuration - configuration of the MLS group
 	 * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
 	 */
-	processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: Partial<CustomConfiguration>): Promise<WelcomeBundle>;
+	processWelcomeMessage(welcomeMessage: Welcome, configuration?: Partial<CustomConfiguration>): Promise<WelcomeBundle>;
 	/**
 	 * Get the client's public signature key. To upload to the DS for further backend side validation
 	 *
@@ -1374,13 +1429,6 @@ declare class CoreCryptoContext$1 {
 	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
 	 */
 	clientKeypackages(ciphersuite: Ciphersuite, credentialType: CredentialType, amountRequested: number): Promise<Array<Uint8Array>>;
-	/**
-	 * Prunes local KeyPackages after making sure they also have been deleted on the backend side
-	 * You should only use this after calling {@link CoreCryptoContext.e2eiRotate} on all conversations.
-	 *
-	 * @param refs - KeyPackage references to delete obtained from a {RotateBundle}
-	 */
-	deleteKeypackages(refs: Uint8Array[]): Promise<void>;
 	/**
 	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
 	 *
@@ -1391,7 +1439,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @returns Potentially a list of newly discovered crl distribution points
 	 */
-	addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise<NewCrlDistributionPoints$1>;
+	addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise<NewCrlDistributionPoints>;
 	/**
 	 * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
 	 * to do so, otherwise this operation does nothing.
@@ -1399,7 +1447,7 @@ declare class CoreCryptoContext$1 {
 	 * @param conversationId - The ID of the conversation
 	 * @param clientIds - Array of Client IDs to remove.
 	 */
-	removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId$1[]): Promise<void>;
+	removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<void>;
 	/**
 	 * Update the keying material of the conversation.
 	 *
@@ -1429,7 +1477,15 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @return see {@link WelcomeBundle}
 	 */
-	joinByExternalCommit(groupInfo: Uint8Array, credentialType: CredentialType, configuration?: Partial<CustomConfiguration>): Promise<WelcomeBundle>;
+	joinByExternalCommit(groupInfo: GroupInfo, credentialType: CredentialType, configuration?: Partial<CustomConfiguration>): Promise<WelcomeBundle>;
+	/**
+	 * Enable history sharing by generating a history client and adding it to the conversation.
+	 */
+	enableHistorySharing(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Disable history sharing by removing histroy clients from the conversation.
+	 */
+	disableHistorySharing(conversationId: ConversationId): Promise<void>;
 	/**
 	 * Derives a new key from the group
 	 *
@@ -1439,7 +1495,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @returns A `Uint8Array` representing the derived key
 	 */
-	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<Uint8Array>;
+	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<SecretKey>;
 	/**
 	 * Returns the raw public key of the single external sender present in this group.
 	 * This should be used to initialize a subconversation
@@ -1448,7 +1504,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @returns A `Uint8Array` representing the external sender raw public key
 	 */
-	getExternalSender(conversationId: ConversationId): Promise<Uint8Array>;
+	getExternalSender(conversationId: ConversationId): Promise<ExternalSenderKey>;
 	/**
 	 * Returns all clients from group's members
 	 *
@@ -1456,7 +1512,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @returns A list of clients from the members of the group
 	 */
-	getClientIds(conversationId: ConversationId): Promise<ClientId$1[]>;
+	getClientIds(conversationId: ConversationId): Promise<ClientId[]>;
 	/**
 	 * Allows {@link CoreCryptoContext} to act as a CSPRNG provider
 	 *
@@ -1641,13 +1697,7 @@ declare class CoreCryptoContext$1 {
 	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
 	 * @returns a MlsClient initialized with only a x509 credential
 	 */
-	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise<NewCrlDistributionPoints$1>;
-	/**
-	 * Dumps the PKI environment as PEM
-	 *
-	 * @returns a struct with different fields representing the PKI environment as PEM strings
-	 */
-	e2eiDumpPKIEnv(): Promise<E2eiDumpedPkiEnv | undefined>;
+	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise<NewCrlDistributionPoints>;
 	/**
 	 * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)
 	 */
@@ -1669,7 +1719,7 @@ declare class CoreCryptoContext$1 {
 	 *
 	 * @param certPEM - PEM certificate to register as an Intermediate CA
 	 */
-	e2eiRegisterIntermediateCA(certPEM: string): Promise<NewCrlDistributionPoints$1>;
+	e2eiRegisterIntermediateCA(certPEM: string): Promise<NewCrlDistributionPoints>;
 	/**
 	 * Registers a CRL for the use in E2EI processing.
 	 *
@@ -1711,13 +1761,13 @@ declare class CoreCryptoContext$1 {
 	 * @param certificateChain - the raw response from ACME server
 	 * @returns Potentially a list of new crl distribution points discovered in the certificate chain
 	 */
-	saveX509Credential(enrollment: E2eiEnrollment, certificateChain: string): Promise<NewCrlDistributionPoints$1>;
+	saveX509Credential(enrollment: E2eiEnrollment, certificateChain: string): Promise<NewCrlDistributionPoints>;
 	/**
 	 * Deletes all key packages whose credential does not match the most recently
 	 * saved x509 credential and the provided signature scheme.
-	 * @param cipherSuite
+	 * @param ciphersuite
 	 */
-	deleteStaleKeyPackages(cipherSuite: Ciphersuite): Promise<void>;
+	deleteStaleKeyPackages(ciphersuite: Ciphersuite): Promise<void>;
 	/**
 	 * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
 	 * it later with {@link e2eiEnrollmentStashPop}
@@ -1756,7 +1806,7 @@ declare class CoreCryptoContext$1 {
 	 * @param deviceIds - identifiers of the devices
 	 * @returns identities or if no member has a x509 certificate, it will return an empty List
 	 */
-	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId$1[]): Promise<WireIdentity[]>;
+	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise<WireIdentity[]>;
 	/**
 	 * From a given conversation, get the identity of the users (device holders) supplied.
 	 * Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity).
@@ -1767,15 +1817,6 @@ declare class CoreCryptoContext$1 {
 	 * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.
 	 */
 	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity[]>>;
-	/**
-	 * Gets the e2ei conversation state from a `GroupInfo`. Useful to check if the group has e2ei
-	 * turned on or not before joining it.
-	 *
-	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
-	 * @param credentialType - kind of Credential to check usage of. Defaults to X509 for now as no other value will give any result.
-	 * @returns see {@link E2eiConversationState}
-	 */
-	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType): Promise<E2eiConversationState$1>;
 }
 /**
  * Params for CoreCrypto deferred initialization
@@ -1796,10 +1837,6 @@ export interface CoreCryptoDeferredParams {
 	 * This **must** be exactly 32 bytes
 	 */
 	entropySeed?: Uint8Array;
-	/**
-	 * .wasm file path, this will be useful in case your bundling system likes to relocate files (i.e. what webpack does)
-	 */
-	wasmFilePath?: string;
 }
 /**
  * Params for CoreCrypto initialization
@@ -1810,7 +1847,7 @@ export interface CoreCryptoParams extends CoreCryptoDeferredParams {
 	 * MLS Client ID.
 	 * This should stay consistent as it will be verified against the stored signature & identity to validate the persisted credential
 	 */
-	clientId: ClientId$1;
+	clientId: ClientId;
 	/**
 	 * All the ciphersuites this MLS client can support
 	 */
@@ -1823,6 +1860,9 @@ export interface CoreCryptoParams extends CoreCryptoDeferredParams {
 export interface EpochObserver {
 	epochChanged(conversationId: ConversationId, epoch: number): Promise<void>;
 }
+export interface HistoryObserver {
+	historyClientCreated(conversationId: ConversationId, secret: HistorySecret): Promise<void>;
+}
 /**
  * Initializes the global logger for Core Crypto and registers the callback.
  *
@@ -1895,7 +1935,7 @@ export declare class CoreCrypto {
 	 * // Do the rest with `cc`
 	 * ```
 	 *
-	 * ## Custom Entropy seed init & wasm file location
+	 * ## Custom Entropy seed init
 	 * ```ts
 	 * // FYI, this is the IETF test vector #1
 	 * const entropySeed = Uint32Array.from([
@@ -1905,19 +1945,15 @@ export declare class CoreCrypto {
 	 *   0xf4b8436a, 0x1ca11815, 0x69b687c3, 0x8665eeb2,
 	 * ]);
 	 *
-	 * const wasmFilePath = "/long/complicated/path/on/webserver/whatever.wasm";
-	 *
 	 * const cc = await CoreCrypto.init({
 	 *   databaseName: "test",
 	 *   key: "test",
 	 *   clientId: "test",
 	 *   entropySeed,
-	 *   wasmFilePath,
 	 * });
 	 * ````
 	 */
-	static init({ databaseName, key, clientId, wasmFilePath, // eslint-disable-line @typescript-eslint/no-unused-vars
-	ciphersuites, entropySeed, nbKeyPackage, }: CoreCryptoParams): Promise<CoreCrypto>;
+	static init({ databaseName, key, clientId, ciphersuites, entropySeed, nbKeyPackage, }: CoreCryptoParams): Promise<CoreCrypto>;
 	/**
 	 * Almost identical to {@link CoreCrypto.init} but allows a 2 phase initialization of MLS.
 	 * First, calling this will set up the keystore and will allow generating proteus prekeys.
@@ -1925,14 +1961,14 @@ export declare class CoreCrypto {
 	 * Use this clientId to initialize MLS with {@link CoreCryptoContext.mlsInit}.
 	 * @param params - {@link CoreCryptoDeferredParams}
 	 */
-	static deferredInit({ databaseName, key, entropySeed, wasmFilePath, }: CoreCryptoDeferredParams): Promise<CoreCrypto>;
+	static deferredInit({ databaseName, key, entropySeed, }: CoreCryptoDeferredParams): Promise<CoreCrypto>;
 	/**
 	 * Instantiate a history client.
 	 *
 	 * This client exposes the full interface of `CoreCrypto`, but it should only be used to decrypt messages.
 	 * Other use is a logic error.
 	 */
-	static historyClient(historySecret: Uint8Array): Promise<CoreCrypto>;
+	static historyClient(historySecret: HistorySecret): Promise<CoreCrypto>;
 	/**
 	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
 	 * otherwise, every operation performed with the context will be discarded.
@@ -1945,28 +1981,11 @@ export declare class CoreCrypto {
 	/** @hidden */
 	private constructor();
 	/**
-	 * If this returns `false` you **cannot** call {@link CoreCrypto.close} as it will produce an error because of the
-	 * outstanding references that were detected.
-	 *
-	 * As always with this kind of thing, beware TOCTOU.
-	 *
-	 * @returns whether the CoreCrypto instance can currently close.
-	 */
-	canClose(): Promise<boolean>;
-	/**
-	 * If this returns `true` you **cannot** call {@link CoreCrypto.close} as it will produce an error because of the
-	 * outstanding references that were detected.
+	 * Waits for any transaction that is currently in progress, then closes this {@link CoreCrypto}
+	 * instance and deallocates all loaded resources
 	 *
-	 * This will never return `true` as we need an async method to accurately determine whether or not this can close.
-	 *
-	 * @returns false
-	 * @deprecated prefer {@link CoreCrypto.canClose}
-	 */
-	isLocked(): boolean;
-	/**
-	 * Closes this {@link CoreCrypto} instance and deallocates all loaded resources
-	 *
-	 * **CAUTION**: This {@link CoreCrypto} instance won't be usable after a call to this method, but there's no way to express this requirement in TypeScript, so you'll get errors instead!
+	 * **CAUTION**: This {@link CoreCrypto} instance won't be usable after a call to this method,
+	 * but there's no way to express this requirement in TypeScript, so you'll get errors instead!
 	 */
 	close(): Promise<void>;
 	/**
@@ -2018,6 +2037,15 @@ export declare class CoreCrypto {
 	 * @returns A `Uint8Array` representing the derived key
 	 */
 	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<Uint8Array>;
+	/**
+	 * Check if history sharing is enabled, i.e., if any of the conversation members have a {@link ClientId} starting
+	 * with the history client id prefix.
+	 *
+	 * @param conversationId - The group's ID
+	 *
+	 * @returns Whether history sharing is enabled
+	 */
+	isHistorySharingEnabled(conversationId: ConversationId): Promise<boolean>;
 	/**
 	 * See {@link CoreCryptoContext.getExternalSender}.
 	 *
@@ -2033,7 +2061,7 @@ export declare class CoreCrypto {
 	 *
 	 * @returns A list of clients from the members of the group
 	 */
-	getClientIds(conversationId: ConversationId): Promise<ClientId$1[]>;
+	getClientIds(conversationId: ConversationId): Promise<ClientId[]>;
 	/**
 	 * See {@link CoreCryptoContext.randomBytes}.
 	 *
@@ -2088,12 +2116,6 @@ export declare class CoreCrypto {
 	 * @returns Hex-encoded public key string
 	 **/
 	static proteusFingerprintPrekeybundle(prekey: Uint8Array): string;
-	/**
-	 * See {@link CoreCryptoContext.e2eiDumpPKIEnv}.
-	 *
-	 * @returns a struct with different fields representing the PKI environment as PEM strings
-	 */
-	e2eiDumpPKIEnv(): Promise<E2eiDumpedPkiEnv | undefined>;
 	/**
 	 * See {@link CoreCryptoContext.e2eiIsPKIEnvSetup}.
 	 * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)
@@ -2113,7 +2135,7 @@ export declare class CoreCrypto {
 	 * @param deviceIds - identifiers of the devices
 	 * @returns identities or if no member has a x509 certificate, it will return an empty List
 	 */
-	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId$1[]): Promise<WireIdentity[]>;
+	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise<WireIdentity[]>;
 	/**
 	 * See {@link CoreCryptoContext.getUserIdentities}.
 	 *
@@ -2122,14 +2144,6 @@ export declare class CoreCrypto {
 	 * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.
 	 */
 	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity[]>>;
-	/**
-	 * See {@link CoreCryptoContext.getCredentialInUse}.
-	 *
-	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
-	 * @param credentialType - kind of Credential to check usage of. Defaults to X509 for now as no other value will give any result.
-	 * @returns see {@link E2eiConversationState}
-	 */
-	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType): Promise<E2eiConversationState$1>;
 	/**
 	 * Registers an epoch observer, which will then be notified every time a conversation's epoch changes.
 	 *
@@ -2137,6 +2151,13 @@ export declare class CoreCrypto {
 	 * @returns nothing
 	 */
 	registerEpochObserver(observer: EpochObserver): Promise<void>;
+	/**
+	 * Registers a history observer, which will then be notified every time a history client is created.
+	 *
+	 * @param observer must conform to the {@link HistoryObserver} interface
+	 * @returns nothing
+	 */
+	registerHistoryObserver(observer: HistoryObserver): Promise<void>;
 }
 /**
  * Initialises the wasm module necessary for running core crypto.
@@ -2148,14 +2169,12 @@ export declare function initWasmModule(location?: string | undefined): Promise<v
 export {
 	AcmeDirectory$1 as AcmeDirectory,
 	BufferedDecryptedMessage$1 as BufferedDecryptedMessage,
-	ClientId$1 as ClientId,
 	ConversationConfiguration$1 as ConversationConfiguration,
 	CoreCryptoContext$1 as CoreCryptoContext,
 	DecryptedMessage$1 as DecryptedMessage,
 	E2eiConversationState$1 as E2eiConversationState,
 	MlsGroupInfoEncryptionType as GroupInfoEncryptionType,
 	MlsRatchetTreeType as RatchetTreeType,
-	NewCrlDistributionPoints$1 as NewCrlDistributionPoints,
 	ProteusAutoPrekeyBundle$1 as ProteusAutoPrekeyBundle,
 };