export * from './Errors.js'; import { Aci, ProtocolAddress, ServiceId } from './Address.js'; export * from './Address.js'; import { CiphertextMessage, CiphertextMessageConvertible } from './CiphertextMessage.js'; export * from './CiphertextMessage.js'; import { IdentityKeyPair, PrivateKey, PublicKey } from './EcKeys.js'; export * from './EcKeys.js'; import { KEMPublicKey, PreKeyBundle, SignedPreKeyRecord } from './ProtocolTypes.js'; export * from './ProtocolTypes.js'; import * as uuid from './uuid.js'; export * as usernames from './usernames.js'; export * as io from './io.js'; export * as Net from './net.js'; export * as Mp4Sanitizer from './Mp4Sanitizer.js'; export * as WebpSanitizer from './WebpSanitizer.js'; import * as Native from './Native.js'; export type Uuid = uuid.Uuid; export declare enum CiphertextMessageType { Whisper = 2, PreKey = 3, SenderKey = 7, Plaintext = 8 } export declare enum Direction { Sending = 0, Receiving = 1 } export declare enum ContentHint { Default = 0, Resendable = 1, Implicit = 2 } export declare function hkdf(outputLength: number, keyMaterial: Uint8Array, label: Uint8Array, salt: Uint8Array | null): Uint8Array; export declare class ScannableFingerprint { private readonly scannable; private constructor(); static _fromBuffer(scannable: Uint8Array): ScannableFingerprint; compare(other: ScannableFingerprint): boolean; toBuffer(): Uint8Array; } export declare class DisplayableFingerprint { private readonly display; private constructor(); static _fromString(display: string): DisplayableFingerprint; toString(): string; } export declare class Fingerprint { readonly _nativeHandle: Native.Fingerprint; private constructor(); static new(iterations: number, version: number, localIdentifier: Uint8Array, localKey: PublicKey, remoteIdentifier: Uint8Array, remoteKey: PublicKey): Fingerprint; displayableFingerprint(): DisplayableFingerprint; scannableFingerprint(): ScannableFingerprint; } /** * Implements the AES-256-GCM-SIV * authenticated stream cipher with a 12-byte nonce. * * AES-GCM-SIV is a multi-pass algorithm (to generate the "synthetic initialization vector"), so * this API does not expose a streaming form. */ export declare class Aes256GcmSiv { readonly _nativeHandle: Native.Aes256GcmSiv; private constructor(); static new(key: Uint8Array): Aes256GcmSiv; /** * Encrypts the given plaintext using the given nonce, and authenticating the ciphertext and given * associated data. * * The associated data is not included in the ciphertext; instead, it's expected to match between * the encrypter and decrypter. If you don't need any extra data, pass an empty array. * * @returns The encrypted data, including an appended 16-byte authentication tag. */ encrypt(message: Uint8Array, nonce: Uint8Array, associatedData: Uint8Array): Uint8Array; /** * Decrypts the given ciphertext using the given nonce, and authenticating the ciphertext and given * associated data. * * The associated data is not included in the ciphertext; instead, it's expected to match between * the encrypter and decrypter. * * @returns The decrypted data */ decrypt(message: Uint8Array, nonce: Uint8Array, associatedData: Uint8Array): Uint8Array; } export declare class KEMSecretKey { readonly _nativeHandle: Native.KyberSecretKey; private constructor(); static _fromNativeHandle(handle: Native.KyberSecretKey): KEMSecretKey; static deserialize(buf: Uint8Array): KEMSecretKey; serialize(): Uint8Array; } export declare class KEMKeyPair { readonly _nativeHandle: Native.KyberKeyPair; private constructor(); static _fromNativeHandle(handle: Native.KyberKeyPair): KEMKeyPair; static generate(): KEMKeyPair; getPublicKey(): KEMPublicKey; getSecretKey(): KEMSecretKey; } /** The public information contained in a {@link KyberPreKeyRecord} */ export type SignedKyberPublicPreKey = { id: () => number; publicKey: () => KEMPublicKey; signature: () => Uint8Array; }; export declare class PreKeyRecord { readonly _nativeHandle: Native.PreKeyRecord; private constructor(); static _fromNativeHandle(nativeHandle: Native.PreKeyRecord): PreKeyRecord; static new(id: number, pubKey: PublicKey, privKey: PrivateKey): PreKeyRecord; static deserialize(buffer: Uint8Array): PreKeyRecord; id(): number; privateKey(): PrivateKey; publicKey(): PublicKey; serialize(): Uint8Array; } export declare class KyberPreKeyRecord implements SignedKyberPublicPreKey { readonly _nativeHandle: Native.KyberPreKeyRecord; private constructor(); static _fromNativeHandle(nativeHandle: Native.KyberPreKeyRecord): KyberPreKeyRecord; static new(id: number, timestamp: number, keyPair: KEMKeyPair, signature: Uint8Array): KyberPreKeyRecord; serialize(): Uint8Array; static deserialize(buffer: Uint8Array): KyberPreKeyRecord; id(): number; keyPair(): KEMKeyPair; publicKey(): KEMPublicKey; secretKey(): KEMSecretKey; signature(): Uint8Array; timestamp(): number; } export declare class SignalMessage { readonly _nativeHandle: Native.SignalMessage; private constructor(); static _new(messageVersion: number, macKey: Uint8Array, senderRatchetKey: PublicKey, counter: number, previousCounter: number, ciphertext: Uint8Array, senderIdentityKey: PublicKey, receiverIdentityKey: PublicKey, pqRatchet: Uint8Array): SignalMessage; static deserialize(buffer: Uint8Array): SignalMessage; body(): Uint8Array; pqRatchet(): Uint8Array; counter(): number; messageVersion(): number; serialize(): Uint8Array; } export declare class PreKeySignalMessage { readonly _nativeHandle: Native.PreKeySignalMessage; private constructor(); static _new(messageVersion: number, registrationId: number, preKeyId: number | null, signedPreKeyId: number, baseKey: PublicKey, identityKey: PublicKey, signalMessage: SignalMessage): PreKeySignalMessage; static deserialize(buffer: Uint8Array): PreKeySignalMessage; preKeyId(): number | null; registrationId(): number; signedPreKeyId(): number; version(): number; serialize(): Uint8Array; } export declare class SessionRecord { readonly _nativeHandle: Native.SessionRecord; private constructor(); static _fromNativeHandle(nativeHandle: Native.SessionRecord): SessionRecord; static deserialize(buffer: Uint8Array): SessionRecord; serialize(): Uint8Array; archiveCurrentState(): void; localRegistrationId(): number; remoteRegistrationId(): number; /** * Returns whether the current session can be used to send messages. * * If there is no current session, returns false. */ hasCurrentState(requirePqRatio: number, now?: Date): boolean; currentRatchetKeyMatches(key: PublicKey): boolean; } export declare class ServerCertificate { readonly _nativeHandle: Native.ServerCertificate; static _fromNativeHandle(nativeHandle: Native.ServerCertificate): ServerCertificate; private constructor(); static new(keyId: number, serverKey: PublicKey, trustRoot: PrivateKey): ServerCertificate; static deserialize(buffer: Uint8Array): ServerCertificate; certificateData(): Uint8Array; key(): PublicKey; keyId(): number; serialize(): Uint8Array; signature(): Uint8Array; } export declare class SenderKeyRecord { readonly _nativeHandle: Native.SenderKeyRecord; static _fromNativeHandle(nativeHandle: Native.SenderKeyRecord): SenderKeyRecord; private constructor(); static deserialize(buffer: Uint8Array): SenderKeyRecord; serialize(): Uint8Array; } export declare class SenderCertificate { readonly _nativeHandle: Native.SenderCertificate; private constructor(); static _fromNativeHandle(nativeHandle: Native.SenderCertificate): SenderCertificate; static new(senderUuid: string | Aci, senderE164: string | null, senderDeviceId: number, senderKey: PublicKey, expiration: number, signerCert: ServerCertificate, signerKey: PrivateKey): SenderCertificate; static deserialize(buffer: Uint8Array): SenderCertificate; serialize(): Uint8Array; certificate(): Uint8Array; expiration(): number; key(): PublicKey; senderE164(): string | null; senderUuid(): string; /** * Returns an ACI if the sender is a valid UUID, `null` otherwise. * * In a future release SenderCertificate will *only* support ACIs. */ senderAci(): Aci | null; senderDeviceId(): number; serverCertificate(): ServerCertificate; signature(): Uint8Array; /** * Validates `this` against the given trust root at the given current time. * * @see validateWithTrustRoots */ validate(trustRoot: PublicKey, time: number): boolean; /** * Validates `this` against the given trust roots at the given current time. * * Checks the certificate against each key in `trustRoots` in constant time (that is, no result * is produced until every key is checked), making sure **one** of them has signed its embedded * server certificate. The `time` parameter is compared numerically against ``expiration``, and * is not required to use any specific units, but Signal uses milliseconds since 1970. */ validateWithTrustRoots(trustRoots: PublicKey[], time: number): boolean; } export declare class SenderKeyDistributionMessage { readonly _nativeHandle: Native.SenderKeyDistributionMessage; private constructor(); static create(sender: ProtocolAddress, distributionId: Uuid, store: SenderKeyStore): Promise; static _new(messageVersion: number, distributionId: Uuid, chainId: number, iteration: number, chainKey: Uint8Array, pk: PublicKey): SenderKeyDistributionMessage; static deserialize(buffer: Uint8Array): SenderKeyDistributionMessage; serialize(): Uint8Array; chainKey(): Uint8Array; iteration(): number; chainId(): number; distributionId(): Uuid; } export declare function processSenderKeyDistributionMessage(sender: ProtocolAddress, message: SenderKeyDistributionMessage, store: SenderKeyStore): Promise; export declare class SenderKeyMessage { readonly _nativeHandle: Native.SenderKeyMessage; private constructor(); static _new(messageVersion: number, distributionId: Uuid, chainId: number, iteration: number, ciphertext: Uint8Array, pk: PrivateKey): SenderKeyMessage; static deserialize(buffer: Uint8Array): SenderKeyMessage; serialize(): Uint8Array; ciphertext(): Uint8Array; iteration(): number; chainId(): number; distributionId(): Uuid; verifySignature(key: PublicKey): boolean; } export declare class UnidentifiedSenderMessageContent { readonly _nativeHandle: Native.UnidentifiedSenderMessageContent; private constructor(); static _fromNativeHandle(nativeHandle: Native.UnidentifiedSenderMessageContent): UnidentifiedSenderMessageContent; static new(message: CiphertextMessage, sender: SenderCertificate, contentHint: number, groupId: Uint8Array | null): UnidentifiedSenderMessageContent; static deserialize(buffer: Uint8Array): UnidentifiedSenderMessageContent; serialize(): Uint8Array; contents(): Uint8Array; msgType(): number; senderCertificate(): SenderCertificate; contentHint(): number; groupId(): Uint8Array | null; } export declare abstract class SessionStore { abstract saveSession(name: ProtocolAddress, record: SessionRecord): Promise; abstract getSession(name: ProtocolAddress): Promise; abstract getExistingSessions(addresses: ProtocolAddress[]): Promise; } export declare enum IdentityChange { NewOrUnchanged = 0, ReplacedExisting = 1 } export declare abstract class IdentityKeyStore { abstract getIdentityKey(): Promise; getIdentityKeyPair(): Promise; abstract getLocalRegistrationId(): Promise; abstract saveIdentity(name: ProtocolAddress, key: PublicKey): Promise; abstract isTrustedIdentity(name: ProtocolAddress, key: PublicKey, direction: Direction): Promise; abstract getIdentity(name: ProtocolAddress): Promise; } export declare abstract class PreKeyStore { abstract savePreKey(id: number, record: PreKeyRecord): Promise; abstract getPreKey(id: number): Promise; abstract removePreKey(id: number): Promise; } export declare abstract class SignedPreKeyStore { abstract saveSignedPreKey(id: number, record: SignedPreKeyRecord): Promise; abstract getSignedPreKey(id: number): Promise; } export declare abstract class KyberPreKeyStore { abstract saveKyberPreKey(kyberPreKeyId: number, record: KyberPreKeyRecord): Promise; abstract getKyberPreKey(kyberPreKeyId: number): Promise; abstract markKyberPreKeyUsed(kyberPreKeyId: number, signedPreKeyId: number, baseKey: PublicKey): Promise; } export declare abstract class SenderKeyStore { abstract saveSenderKey(sender: ProtocolAddress, distributionId: Uuid, record: SenderKeyRecord): Promise; abstract getSenderKey(sender: ProtocolAddress, distributionId: Uuid): Promise; } export declare function groupEncrypt(sender: ProtocolAddress, distributionId: Uuid, store: SenderKeyStore, message: Uint8Array): Promise; export declare function groupDecrypt(sender: ProtocolAddress, store: SenderKeyStore, message: Uint8Array): Promise>; export declare class SealedSenderDecryptionResult { readonly _nativeHandle: Native.SealedSenderDecryptionResult; private constructor(); static _fromNativeHandle(nativeHandle: Native.SealedSenderDecryptionResult): SealedSenderDecryptionResult; message(): Uint8Array; senderE164(): string | null; senderUuid(): string; /** * Returns an ACI if the sender is a valid UUID, `null` otherwise. * * In a future release SenderCertificate will *only* support ACIs. */ senderAci(): Aci | null; deviceId(): number; } export declare class PlaintextContent implements CiphertextMessageConvertible { readonly _nativeHandle: Native.PlaintextContent; private constructor(); static deserialize(buffer: Uint8Array): PlaintextContent; static from(message: DecryptionErrorMessage): PlaintextContent; serialize(): Uint8Array; body(): Uint8Array; asCiphertextMessage(): CiphertextMessage; } export declare class DecryptionErrorMessage { readonly _nativeHandle: Native.DecryptionErrorMessage; private constructor(); static _fromNativeHandle(nativeHandle: Native.DecryptionErrorMessage): DecryptionErrorMessage; static forOriginal(bytes: Uint8Array, type: CiphertextMessageType, timestamp: number, originalSenderDeviceId: number): DecryptionErrorMessage; static deserialize(buffer: Uint8Array): DecryptionErrorMessage; static extractFromSerializedBody(buffer: Uint8Array): DecryptionErrorMessage; serialize(): Uint8Array; timestamp(): number; deviceId(): number; ratchetKey(): PublicKey | undefined; } export declare function processPreKeyBundle(bundle: PreKeyBundle, address: ProtocolAddress, localAddress: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise; export declare function signalEncrypt(message: Uint8Array, address: ProtocolAddress, localAddress: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise; export declare function signalDecrypt(message: SignalMessage, address: ProtocolAddress, localAddress: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise>; export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, localAddress: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise>; export declare function sealedSenderEncryptMessage(message: Uint8Array, address: ProtocolAddress, senderCert: SenderCertificate, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise>; export declare function sealedSenderEncrypt(content: UnidentifiedSenderMessageContent, address: ProtocolAddress, identityStore: IdentityKeyStore): Promise>; export type SealedSenderMultiRecipientEncryptOptions = { content: UnidentifiedSenderMessageContent; recipients: ProtocolAddress[]; excludedRecipients?: ServiceId[]; identityStore: IdentityKeyStore; sessionStore: SessionStore; }; export declare function sealedSenderMultiRecipientEncrypt(options: SealedSenderMultiRecipientEncryptOptions): Promise>; export declare function sealedSenderMultiRecipientEncrypt(content: UnidentifiedSenderMessageContent, recipients: ProtocolAddress[], identityStore: IdentityKeyStore, sessionStore: SessionStore): Promise>; export declare function sealedSenderMultiRecipientMessageForSingleRecipient(message: Uint8Array): Uint8Array; export declare function sealedSenderDecryptMessage(message: Uint8Array, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise; export declare function sealedSenderDecryptToUsmc(message: Uint8Array, identityStore: IdentityKeyStore): Promise; export declare class Cds2Client { readonly _nativeHandle: Native.SgxClientState; private constructor(); static new(mrenclave: Uint8Array, attestationMsg: Uint8Array, currentTimestamp: Date): Cds2Client; initialRequest(): Uint8Array; completeHandshake(buffer: Uint8Array): void; establishedSend(buffer: Uint8Array): Uint8Array; establishedRecv(buffer: Uint8Array): Uint8Array; } export declare class HsmEnclaveClient { readonly _nativeHandle: Native.HsmEnclaveClient; private constructor(); static new(public_key: Uint8Array, code_hashes: Uint8Array[]): HsmEnclaveClient; initialRequest(): Uint8Array; completeHandshake(buffer: Uint8Array): void; establishedSend(buffer: Uint8Array): Uint8Array; establishedRecv(buffer: Uint8Array): Uint8Array; } /** * Svr2Client provides functions that manage data sent over the network when * comminicating with SVR2 service. * * Holds an opaque native handle. Use {@link Svr2Client.new} to construct. * * Interaction with the service is done over a websocket, which is handled by * the client. Once the websocket has been initiated, the client establishes a * connection in the following manner: * * 1. Connect to the service websocket, read service attestation message * 2. Instantiate the client using {@link Svr2Client.new} with the attestation * message * 3. Send the result of {@link Svr2Client.initialRequest} * 4. Receive a response and pass it to {@link Svr2Client.completeHandshake} * * After a connection has been established, a client may send or receive * messages. To send a message, they formulate the plaintext, then pass it to * {@link Svr2Client.establishedSend} to get the ciphertext message to pass * along. When a message is received (as ciphertext), it is passed to * {@link Svr2Client.establishedRecv}, which decrypts and verifies it, passing * the plaintext back to the client for processing. */ export declare class Svr2Client { readonly _nativeHandle: Native.SgxClientState; private constructor(); /** * Creates a new instance of the client using the attestation message */ static new(mrenclave: Uint8Array, attestationMsg: Uint8Array, currentTimestamp: Date): Svr2Client; /** Initial request to send to SVR2, which begins post-attestation handshake. */ initialRequest(): Uint8Array; /** * Called by client upon receipt of first non-attestation message from * service, to complete handshake. */ completeHandshake(buffer: Uint8Array): void; /** * Encrypts a plaintext message for SVR2 * * Must be called after successfully completing the handshake. */ establishedSend(buffer: Uint8Array): Uint8Array; /** * Decrypts message received from SVR2 * * Must be called after successfully completing the handshake. */ establishedRecv(buffer: Uint8Array): Uint8Array; } export declare enum LogLevel { Error = 1, Warn = 2, Info = 3, Debug = 4, Trace = 5 } export declare function initLogger(maxLevel: LogLevel, callback: (level: LogLevel, target: string, file: string | null, line: number | null, message: string) => void): void;