CoreCryptoContext

class CoreCryptoContext(cc: <Error class: unknown class>)

The CoreCrypto context used within a transaction

Constructors

Link copied to clipboard
constructor(cc: <Error class: unknown class>)

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
suspend fun addMember(id: MLSGroupId, keyPackages: List<MLSKeyPackage>): List<String>?

Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.

Link copied to clipboard

Commits the local pending proposals.

Link copied to clipboard

Returns the current epoch of a conversation

Link copied to clipboard

Checks if the Client is member of a given conversation and if the MLS Group is loaded up.

Link copied to clipboard
suspend fun createConversation(id: MLSGroupId, ciphersuite: Ciphersuite = Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519, creatorCredentialType: CredentialType = CredentialType.Basic, externalSenders: List<ExternalSenderKey> = emptyList())

Creates a new conversation with the current client being the sole member. You will want to use addMember afterward to add clients to this conversation.

Link copied to clipboard

Decrypts a message for a given conversation

Link copied to clipboard
suspend fun deleteStaleKeyPackages(cipherSuite: Ciphersuite)

Deletes all key packages whose credential does not match the most recently saved x509 credential and the provided signature scheme.

Link copied to clipboard
suspend fun deriveAvsSecret(id: MLSGroupId, keyLength: UInt): <Error class: unknown class>

Derives a new key from the group to use with AVS

Link copied to clipboard
suspend fun disableHistorySharing(id: MLSGroupId): <Error class: unknown class>

Disable history sharing by removing history clients from the conversation.

Link copied to clipboard

Indicates when to mark a conversation as not verified i.e. when not all its members have a X509. Credential generated by Wire's end-to-end identity enrollment

Link copied to clipboard

Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume it later with e2eiEnrollmentStashPop

Link copied to clipboard

Fetches the persisted enrollment and deletes it from the keystore

Link copied to clipboard
suspend fun e2eiIsEnabled(ciphersuite: Ciphersuite = Ciphersuite.DEFAULT): Boolean

Returns true when end-to-end-identity is enabled for the given Ciphersuite

Link copied to clipboard
suspend fun e2eiIsPKIEnvSetup(): Boolean

Returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)

Link copied to clipboard
suspend fun e2eiMlsInitOnly(enrollment: E2EIEnrollment, certificateChain: String, nbKeyPackage: UInt? = DEFAULT_NB_KEY_PACKAGE): CrlDistributionPoints?

Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; that means he cannot initialize with a Basic credential

Link copied to clipboard
suspend fun e2eiNewActivationEnrollment(displayName: String, handle: String, expirySec: UInt, ciphersuite: Ciphersuite, team: String? = null): E2EIEnrollment

Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.

Link copied to clipboard
suspend fun e2eiNewEnrollment(clientId: String, displayName: String, handle: String, expirySec: UInt, ciphersuite: Ciphersuite, team: String? = null): E2EIEnrollment

Creates an enrollment instance with private key material you can use in order to fetch a new x509 certificate from the acme server.

Link copied to clipboard
suspend fun e2eiNewRotateEnrollment(expirySec: UInt, ciphersuite: Ciphersuite, displayName: String? = null, handle: String? = null, team: String? = null): E2EIEnrollment

Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) having to change/rotate their credential, either because the former one is expired or it has been revoked. It lets you change the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in e2eiRotateAll to do the rotation.

Link copied to clipboard
suspend fun e2eiRegisterAcmeCA(trustAnchorPEM: String)

Registers a Root Trust Anchor CA for the use in E2EI processing.

Link copied to clipboard
suspend fun e2eiRegisterCRL(crlDP: String, crlDER: ByteArray): CRLRegistration

Registers a CRL for the use in E2EI processing.

Link copied to clipboard

Registers an Intermediate CA for the use in E2EI processing.

Link copied to clipboard
suspend fun e2eiRotate(id: MLSGroupId): <Error class: unknown class>

Replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation.

Link copied to clipboard
suspend fun enableHistorySharing(id: MLSGroupId): <Error class: unknown class>

Enable history sharing by generating a history client and adding it to the conversation.

Link copied to clipboard
suspend fun encryptMessage(id: MLSGroupId, message: ByteArray): ByteArray

Encrypts a message for a given conversation.

Link copied to clipboard
suspend fun generateKeyPackages(amount: UInt, ciphersuite: Ciphersuite = Ciphersuite.DEFAULT, credentialType: CredentialType = CredentialType.DEFAULT): List<MLSKeyPackage>

Generates the requested number of KeyPackages ON TOP of the existing ones e.g. if you already have created 100 KeyPackages (default value), requesting 10 will return the 10 oldest. Otherwise, if you request 200, 100 new will be generated. Unless explicitly deleted, KeyPackages are deleted upon processWelcomeMessage

Link copied to clipboard
suspend fun getData(): ByteArray?

Get the data that has previously been set by setData, or null if no data has been set. This is meant to be used as a check point at the end of a transaction.

Link copied to clipboard

From a given conversation, get the identity of the members supplied. Identity is only present for members with a Certificate Credential (after turning on end-to-end identity).

Link copied to clipboard

Returns the raw public key of the single external sender present in this group. This should be used to initialize a subconversation

Link copied to clipboard
suspend fun getPublicKey(ciphersuite: Ciphersuite = Ciphersuite.DEFAULT, credentialType: CredentialType = CredentialType.DEFAULT): ByteArray

Get the client's public signature key. To upload to the DS for further backend side validation

Link copied to clipboard

From a given conversation, get the identity of the users (device holders) supplied. Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity). If no member has a x509 certificate, it will return an empty Vec.

Link copied to clipboard
suspend fun joinByExternalCommit(groupInfo: GroupInfo, credentialType: CredentialType = CredentialType.DEFAULT, configuration: CustomConfiguration = defaultGroupConfiguration): WelcomeBundle

"Apply" to join a group through its GroupInfo.

Link copied to clipboard
suspend fun members(id: MLSGroupId): List<ClientId>

Returns all clients from group's members

Link copied to clipboard
suspend fun mlsInit(id: ClientId, ciphersuites: Ciphersuites = Ciphersuites.DEFAULT, nbKeyPackage: UInt? = DEFAULT_NB_KEY_PACKAGE)

This is your entrypoint to initialize CoreCrypto with a Basic Credential

Link copied to clipboard
suspend fun processWelcomeMessage(welcome: Welcome, configuration: CustomConfiguration = defaultGroupConfiguration): WelcomeBundle

Ingest a TLS-serialized MLS welcome message to join an existing MLS group.

Link copied to clipboard
suspend fun proteusCreateSession(preKeyCrypto: PreKey, sessionId: SessionId)

Create a session using a prekey

Link copied to clipboard
suspend fun proteusCryptoboxMigrate(path: String)

Import all the data stored by Cryptobox, located at path, into the CoreCrypto keystore

Link copied to clipboard
suspend fun proteusDecrypt(message: ByteArray, sessionId: SessionId): ByteArray

Decrypt an incoming message for an existing session

Link copied to clipboard
suspend fun proteusDeleteSession(sessionId: SessionId)

Deletes a session Note: this also deletes the persisted data within the keystore

Link copied to clipboard
suspend fun proteusDoesSessionExist(sessionId: SessionId): Boolean

Checks if a session exists

Link copied to clipboard
suspend fun proteusEncrypt(message: ByteArray, sessionId: SessionId): ByteArray

Encrypt a message for a given session

Link copied to clipboard
suspend fun proteusEncryptBatched(sessionIds: List<SessionId>, message: ByteArray): Map<SessionId, ByteArray>

Batch encryption for proteus messages This is used to minimize FFI roundtrips when used in the context of a multi-client session (i.e. conversation)

Link copied to clipboard
suspend fun proteusEncryptWithPreKey(message: ByteArray, preKey: PreKey, sessionId: SessionId): ByteArray

Create a session and encrypt a message.

Link copied to clipboard

Proteus session local fingerprint

Link copied to clipboard

Proteus public key fingerprint It's basically the public key encoded as an hex string

Link copied to clipboard

Proteus session remote fingerprint

Link copied to clipboard
suspend fun proteusInit()

Initialise CoreCrypto to be used with proteus.

Link copied to clipboard

Create a new last resort prekey

Link copied to clipboard
suspend fun proteusNewPreKeys(from: Int, count: Int): ArrayList<PreKey>

Creates a number of prekeys starting from the from index

Link copied to clipboard
suspend fun removeMember(id: MLSGroupId, members: List<ClientId>)

Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed to do so, otherwise this operation does nothing.

Link copied to clipboard
suspend fun saveX509Credential(enrollment: E2EIEnrollment, certificateChain: String): List<String>?

Saves a new X509 credential. Requires first having enrolled a new X509 certificate with either e2eiNewActivationEnrollment or e2eiNewRotateEnrollment

Link copied to clipboard
suspend fun setData(data: ByteArray)

Set arbitrary data to be retrieved by getData. This is meant to be used as a check point at the end of a transaction. The data should be limited to a reasonable size.

Link copied to clipboard
suspend fun updateKeyingMaterial(id: MLSGroupId): <Error class: unknown class>

Creates an update commit which forces every client to update their LeafNode in the conversation.

Link copied to clipboard
suspend fun validKeyPackageCount(ciphersuite: Ciphersuite = Ciphersuite.DEFAULT, credentialType: CredentialType = CredentialType.DEFAULT): ULong

Number of unexpired KeyPackages currently in store

Link copied to clipboard
suspend fun wipeConversation(id: MLSGroupId): <Error class: unknown class>

Wipes and destroys the local storage of a given conversation / MLS group.