wip

wireapp · Aug 16, 2023 · 3efcbb7 · 3efcbb7
1 parent eaffa1c
commit 3efcbb7
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 8 deletions.
diff --git a/crypto-ffi/bindings/js/CoreCrypto.ts b/crypto-ffi/bindings/js/CoreCrypto.ts
@@ -1081,7 +1081,7 @@ export class CoreCrypto {
     /**
      * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *
@@ -1128,7 +1128,7 @@ export class CoreCrypto {
      * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
      * to do so, otherwise this operation does nothing.
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *
@@ -1166,9 +1166,9 @@ export class CoreCrypto {
     }
 
     /**
-     * Creates an update commit which forces every client to update their keypackages in the conversation
+     * Creates an update commit which forces every client to update their LeafNode in the conversation
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *

diff --git a/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/E2EIModel.kt b/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/E2EIModel.kt
@@ -0,0 +1,8 @@
+package com.wire.crypto.client
+
+@JvmInline
+value class RotateBundle(private val value: com.wire.crypto.RotateBundle) {
+    val commits: List<CommitBundle> get() = value.commits.map { CommitBundle(it) }
+    val newKeyPackages: List<MLSKeyPackage> get() = value.newKeyPackages.map { MLSKeyPackage(it) }
+    val keyPackageRefsToRemove: List<MLSKeyPackageRef> get() = value.keyPackageRefsToRemove.map { MLSKeyPackageRef(it) }
+}
diff --git a/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/MLSClient.kt b/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/MLSClient.kt
@@ -50,6 +50,16 @@ class MLSClient(private val cc: com.wire.crypto.CoreCrypto) {
         return cc.clientPublicKey(ciphersuite.lower()).toSignaturePublicKey()
     }
 
+    /**
+     * Generates the requested number of KeyPackages ON TOP of the existing ones e.g. if you already have created 100
+     * KeyPackages (default value), requesting 10 will return the 10 oldest. Otherwise, if you request 200, 100 new will
+     * be generated.
+     * Unless explicitly deleted, KeyPackages are deleted upon [processWelcomeMessage]
+     *
+     * @param amount required amount
+     * @param ciphersuite of the KeyPackage to create
+     * @param credentialType of the KeyPackage to create
+     */
     suspend fun generateKeyPackages(
         amount: UInt,
         ciphersuite: Ciphersuite = Ciphersuite.DEFAULT,
@@ -58,14 +68,28 @@ class MLSClient(private val cc: com.wire.crypto.CoreCrypto) {
         return cc.clientKeypackages(ciphersuite.lower(), credentialType.lower(), amount).map { it.toMLSKeyPackage() }
     }
 
+    /**
+     * Number of unexpired KeyPackages currently in store
+     *
+     * @param ciphersuite of the KeyPackage to count
+     * @param credentialType of the KeyPackage to count
+     */
     suspend fun validKeyPackageCount(
         ciphersuite: Ciphersuite = Ciphersuite.DEFAULT,
         credentialType: CredentialType = CredentialType.DEFAULT
     ): ULong {
         return cc.clientValidKeypackagesCount(ciphersuite.lower(), credentialType.lower())
     }
 
-    suspend fun updateKeyingMaterial(id: MLSGroupId) = CommitBundle(cc.updateKeyingMaterial(id.lower()))
+    /**
+     * Prunes local KeyPackages after making sure they also have been deleted on the backend side.
+     * You should only use this after [e2eiRotateAll]
+     *
+     * @param refs KeyPackage references from the [RotateBundle]
+     */
+    suspend fun deleteKeyPackages(refs: List<MLSKeyPackageRef>) {
+        return cc.deleteKeypackages(refs.map { it.lowerUByte() })
+    }
 
     suspend fun conversationExists(id: MLSGroupId): Boolean = cc.conversationExists(id.lower())
 
@@ -143,16 +167,48 @@ class MLSClient(private val cc: com.wire.crypto.CoreCrypto) {
 
     suspend fun members(id: MLSGroupId): List<ClientId> = cc.getClientIds(id.lower()).map { it.toClientId() }
 
+    /**
+     * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
+     *
+     * **CAUTION**: [commitAccepted] **HAS TO** be called afterward **ONLY IF** the Delivery Service responds'200 OK' to the [CommitBundle] upload.
+     * It will "merge" the commit locally i.e. increment the local group epoch, use new encryption secrets etc...
+     *
+     * @param id conversation identifier
+     * @param members pairs of client identifier and its KeyPackage
+     * @return a [CommitBundle] to upload to the backend and if it succeeds call [commitAccepted]
+     */
     suspend fun addMember(id: MLSGroupId, members: Map<ClientId, MLSKeyPackage>): CommitBundle {
         val invitees = members.map { (clientId, kp) -> com.wire.crypto.Invitee(clientId.lower(), kp.lower()) }
         return CommitBundle(cc.addClientsToConversation(id.lower(), invitees))
     }
 
+    /**
+     * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
+     * to do so, otherwise this operation does nothing.
+     *
+     * **CAUTION**: [commitAccepted] **HAS TO** be called afterward **ONLY IF** the Delivery Service responds'200 OK' to the [CommitBundle] upload.
+     * It will "merge" the commit locally i.e. increment the local group epoch, use new encryption secrets etc...
+     *
+     * @param id conversation identifier
+     * @param members client identifier to delete
+     * @return a [CommitBundle] to upload to the backend and if it succeeds call [commitAccepted]
+     */
     suspend fun removeMember(id: MLSGroupId, members: List<ClientId>): CommitBundle {
         val clientIds = members.map { it.lower() }
         return CommitBundle(cc.removeClientsFromConversation(id.lower(), clientIds))
     }
 
+    /**
+     * Creates an update commit which forces every client to update their LeafNode in the conversation.
+     *
+     * **CAUTION**: [commitAccepted] **HAS TO** be called afterward **ONLY IF** the Delivery Service responds'200 OK' to the [CommitBundle] upload.
+     * It will "merge" the commit locally i.e. increment the local group epoch, use new encryption secrets etc...
+     *
+     * @param id conversation identifier
+     * @return a [CommitBundle] to upload to the backend and if it succeeds call [commitAccepted]
+     */
+    suspend fun updateKeyingMaterial(id: MLSGroupId) = CommitBundle(cc.updateKeyingMaterial(id.lower()))
+
     suspend fun deriveSecret(id: MLSGroupId, keyLength: UInt): AvsSecret {
         return cc.exportSecretKey(id.lower(), keyLength).toAvsSecret()
     }

diff --git a/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/MlsModel.kt b/crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/MlsModel.kt
@@ -69,7 +69,6 @@ fun List<UByte>.toGroupId() = MLSGroupId(toByteArray())
 fun String.toGroupId() = MLSGroupId(toByteArray())
 
 @JvmInline
-@OptIn(ExperimentalUnsignedTypes::class)
 value class ClientId(override val value: String) : FfiType<String, com.wire.crypto.ClientId> {
 
     override fun lower() = value.toUByteList()
@@ -110,6 +109,12 @@ value class MLSKeyPackage(override val value: ByteArray) : Uniffi
 
 fun List<UByte>.toMLSKeyPackage() = MLSKeyPackage(toByteArray())
 
+@JvmInline
+value class MLSKeyPackageRef(override val value: ByteArray) : Uniffi {
+    // FIXME: inconsistent representation across FFI ; ByteArray in out position, List<UByte> in in position
+    fun lowerUByte() = value.toUByteList()
+}
+
 @JvmInline
 value class GroupInfo(override val value: ByteArray) : Uniffi023
 

diff --git a/crypto-ffi/bindings/jvm/src/test/kotlin/com/wire/crypto/client/MLSClientTest.kt b/crypto-ffi/bindings/jvm/src/test/kotlin/com/wire/crypto/client/MLSClientTest.kt
@@ -61,8 +61,13 @@ internal class MLSClientTest {
     @Test
     fun `calling generateKeyPackages should return expected number`() = runTest {
         val (alice) = newClients(aliceId)
-        assertThat(alice.generateKeyPackages(10U)).isNotEmpty().hasSize(10)
-        assertThat(alice.validKeyPackageCount()).isEqualTo(10)
+
+        // by default
+        assertThat(alice.validKeyPackageCount()).isEqualTo(100.toULong())
+
+        assertThat(alice.generateKeyPackages(200U)).isNotEmpty().hasSize(200)
+
+        assertThat(alice.validKeyPackageCount()).isEqualTo(200.toULong())
     }
 
     @Test