feat!: rename e2eiIsDegraded by e2eiConversationState and change …

…return type to an enumeration instead of a boolean to match all the e2ei states a conversation could have.
wireapp · Jul 31, 2023 · e7404d8 · e7404d8
1 parent 1521ad7
commit e7404d8
Show file tree

Hide file tree

Showing 14 changed files with 408 additions and 164 deletions.
diff --git a/crypto-ffi/bindings/js/CoreCrypto.ts b/crypto-ffi/bindings/js/CoreCrypto.ts
@@ -1729,10 +1729,12 @@ export class CoreCrypto {
      * Credential generated by Wire's end-to-end identity enrollment
      *
      * @param conversationId The group's ID
-     * @returns true if all the members have valid X509 credentials
+     * @returns the conversation state given current members
      */
-    async e2eiIsDegraded(conversationId: ConversationId): Promise<boolean> {
-        return await CoreCryptoError.asyncMapErr(this.#cc.e2ei_is_degraded(conversationId));
+    async e2eiConversationState(conversationId: ConversationId): Promise<E2eiConversationState> {
+        let state = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_conversation_state(conversationId));
+        // @ts-ignore
+        return E2eiConversationState[E2eiConversationState[state]];
     }
 
     /**
@@ -2111,3 +2113,23 @@ export interface AcmeChallenge {
      */
     target: string;
 }
+
+/**
+ * Indicates the state of a Conversation regarding end-to-end identity.
+ * Note: this does not check pending state (pending commit, pending proposals) so it does not
+ * consider members about to be added/removed
+ */
+export enum E2eiConversationState {
+    /**
+     * All clients have a valid E2EI certificate
+     */
+    Verified = 0x0001,
+    /**
+     * Some clients are either still Basic or their certificate is expired
+     */
+    Degraded = 0x0002,
+    /**
+     * All clients are still Basic. If all client have expired certificates, Degraded is returned.
+     */
+    NotEnabled = 0x0003,
+}
diff --git a/crypto-ffi/bindings/js/test/CoreCrypto.test.js b/crypto-ffi/bindings/js/test/CoreCrypto.test.js
@@ -1037,32 +1037,32 @@ test("end-to-end-identity", async () => {
   await ctx.close();
 });
 
-test("e2ei is conversation degraded", async () => {
+test("e2ei is conversation invalid", async () => {
   const [ctx, page] = await initBrowser();
 
-  const isDegraded = await page.evaluate(async () => {
-    const { CoreCrypto, Ciphersuite, CredentialType } = await import("./corecrypto.js");
+  let state = await page.evaluate(async () => {
+    const { CoreCrypto, Ciphersuite, CredentialType, E2eiConversationState } = await import("./corecrypto.js");
 
     const ciphersuite = Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
     const credentialType = CredentialType.Basic;
     const cc = await CoreCrypto.init({
-      databaseName: "is degraded",
+      databaseName: "is invalid",
       key: "test",
       ciphersuites: [ciphersuite],
       clientId: "test",
     });
 
     const encoder = new TextEncoder();
-    const conversationId = encoder.encode("degradedConversation");
+    const conversationId = encoder.encode("invalidConversation");
     await cc.createConversation(conversationId, credentialType);
 
-    const isDegraded = await cc.e2eiIsDegraded(conversationId);
+    const state = await cc.e2eiConversationState(conversationId);
 
     await cc.wipe();
-    return isDegraded;
+    return E2eiConversationState[state]
   });
 
-  expect(isDegraded).toBe(true);
+  expect(state).toBe("NotEnabled");
 
   await page.close();
   await ctx.close();

diff --git a/crypto-ffi/bindings/kt/main/com/wire/crypto/client/MLSClient.kt b/crypto-ffi/bindings/kt/main/com/wire/crypto/client/MLSClient.kt
@@ -125,7 +125,7 @@ interface MLSClient {
 
     suspend fun deriveSecret(groupId: MLSGroupId, keyLength: UInt): ByteArray
 
-    suspend fun e2eiIsDegraded(groupId: MLSGroupId): Boolean
+    suspend fun e2eiConversationState(groupId: MLSGroupId): E2eiConversationState
 
     suspend fun e2eiIsEnabled(ciphersuite: Ciphersuite): Boolean
 }
@@ -277,8 +277,8 @@ class MLSClientImpl(
         return cc.exportSecretKey(groupId.toUByteList(), keyLength).toByteArray()
     }
 
-    override suspend fun e2eiIsDegraded(groupId: MLSGroupId): Boolean {
-        return cc.e2eiIsDegraded(groupId.toUByteList())
+    override suspend fun e2eiConversationState(groupId: MLSGroupId): E2eiConversationState {
+        return cc.e2eiConversationState(groupId.toUByteList())
     }
 
     override suspend fun e2eiIsEnabled(ciphersuite: Ciphersuite): Boolean {

diff --git a/crypto-ffi/bindings/swift/Sources/CoreCrypto/CoreCrypto.swift b/crypto-ffi/bindings/swift/Sources/CoreCrypto/CoreCrypto.swift
@@ -1109,9 +1109,9 @@ public class CoreCryptoWrapper {
     /// Credential generated by Wire's end-to-end identity enrollment
     ///
     /// - parameter conversationId: the Group's ID
-    /// - returns: true if all the members have valid X509 credentials
-    public func e2eiIsDegraded(conversationId: ConversationId) async throws -> Bool {
-        return try await self.coreCrypto.e2eiIsDegraded(conversationId: conversationId)
+    /// - returns: the conversation state given current members
+    public func e2eiConversationState(conversationId: ConversationId) async throws -> E2eiConversationState {
+        return try await self.coreCrypto.e2eiConversationState(conversationId: conversationId)
     }
 
     /// Returns true when end-to-end-identity is enabled for the given Ciphersuite
@@ -1127,3 +1127,28 @@ public class CoreCryptoWrapper {
         return CoreCryptoSwift.version()
     }
 }
+
+
+
+/// Indicates the state of a Conversation regarding end-to-end identity.
+/// Note: this does not check pending state (pending commit, pending proposals) so it does not consider members about to be added/removed
+public enum E2eiConversationState: ConvertToInner {
+    typealias Inner = CoreCryptoSwift.E2eiConversationState
+
+    case verified
+    case degraded
+    case notEnabled
+}
+
+private extension E2eiConversationState {
+    func convert() -> Inner {
+        switch self {
+        case .verified:
+            return CoreCryptoSwift.E2eiConversationState.verified
+        case .degraded:
+            return CoreCryptoSwift.E2eiConversationState.degraded
+        case .notEnabled:
+            return CoreCryptoSwift.E2eiConversationState.notEnabled
+        }
+    }
+}
diff --git a/crypto-ffi/src/CoreCrypto.udl b/crypto-ffi/src/CoreCrypto.udl
@@ -214,6 +214,12 @@ enum E2eIdentityError {
     "LockPoisonError",
 };
 
+enum E2eiConversationState {
+    "Verified",
+    "Degraded",
+    "NotEnabled",
+};
+
 callback interface CoreCryptoCallbacks {
     boolean authorize([ByRef] bytes conversation_id, [ByRef] ClientId client_id);
     boolean user_authorize([ByRef] bytes conversation_id, [ByRef] ClientId external_client_id, [ByRef] sequence<ClientId> existing_clients);

diff --git a/crypto-ffi/src/generic.rs b/crypto-ffi/src/generic.rs
@@ -25,8 +25,8 @@ use std::collections::HashMap;
 use tls_codec::{Deserialize, Serialize};
 
 pub use core_crypto::prelude::{
-    CiphersuiteName, ConversationId, CryptoError, E2eIdentityError, E2eIdentityResult, MemberId, MlsCredentialType,
-    MlsGroupInfoEncryptionType, MlsRatchetTreeType, MlsWirePolicy,
+    CiphersuiteName, ConversationId, CryptoError, E2eIdentityError, E2eIdentityResult, E2eiConversationState, MemberId,
+    MlsCredentialType, MlsGroupInfoEncryptionType, MlsRatchetTreeType, MlsWirePolicy,
 };
 
 mod uniffi_support;
@@ -1068,10 +1068,13 @@ impl CoreCrypto {
             .map_err(|_| CryptoError::ImplementationError)
     }
 
-    /// See [core_crypto::mls::MlsCentral::e2ei_is_degraded]
-    pub async fn e2ei_is_degraded(&self, conversation_id: Vec<u8>) -> CryptoResult<bool> {
-        let is_degraded = self.central.lock().await.e2ei_is_degraded(&conversation_id).await?;
-        Ok(is_degraded)
+    /// See [core_crypto::mls::MlsCentral::e2ei_conversation_state]
+    pub async fn e2ei_conversation_state(&self, conversation_id: Vec<u8>) -> CryptoResult<E2eiConversationState> {
+        self.central
+            .lock()
+            .await
+            .e2ei_conversation_state(&conversation_id)
+            .await
     }
 
     /// See [core_crypto::mls::MlsCentral::e2ei_is_enabled]

diff --git a/crypto-ffi/src/wasm.rs b/crypto-ffi/src/wasm.rs
@@ -2468,19 +2468,19 @@ impl CoreCrypto {
 
     /// Returns [`WasmCryptoResult<bool>`]
     ///
-    /// see [core_crypto::mls::MlsCentral::e2ei_is_degraded]
-    pub fn e2ei_is_degraded(&self, conversation_id: Box<[u8]>) -> Promise {
+    /// see [core_crypto::mls::MlsCentral::e2ei_conversation_state]
+    pub fn e2ei_conversation_state(&self, conversation_id: Box<[u8]>) -> Promise {
         let this = self.inner.clone();
         future_to_promise(
             async move {
-                WasmCryptoResult::Ok(
-                    this.write()
-                        .await
-                        .e2ei_is_degraded(&conversation_id.into())
-                        .await
-                        .map_err(CoreCryptoError::from)?
-                        .into(),
-                )
+                let state: E2eiConversationState = this
+                    .write()
+                    .await
+                    .e2ei_conversation_state(&conversation_id.into())
+                    .await
+                    .map_err(CoreCryptoError::from)?
+                    .into();
+                WasmCryptoResult::Ok((state as u8).into())
             }
             .err_into(),
         )
@@ -2850,3 +2850,25 @@ impl From<AcmeChallenge> for core_crypto::prelude::E2eiAcmeChallenge {
         }
     }
 }
+
+#[wasm_bindgen]
+#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
+#[repr(u8)]
+/// see [core_crypto::prelude::E2eiConversationState]
+pub enum E2eiConversationState {
+    Verified = 1,
+    /// Some clients are either still Basic or their certificate is expired
+    Degraded = 2,
+    /// All clients are still Basic. If all client have expired certificates, [E2eiConversationState::Degraded] is returned.
+    NotEnabled = 3,
+}
+
+impl From<core_crypto::prelude::E2eiConversationState> for E2eiConversationState {
+    fn from(state: core_crypto::prelude::E2eiConversationState) -> Self {
+        match state {
+            core_crypto::prelude::E2eiConversationState::Verified => Self::Verified,
+            core_crypto::prelude::E2eiConversationState::Degraded => Self::Degraded,
+            core_crypto::prelude::E2eiConversationState::NotEnabled => Self::NotEnabled,
+        }
+    }
+}
diff --git a/crypto/src/e2e_identity/degraded.rs b/crypto/src/e2e_identity/degraded.rs
diff --git a/crypto/src/e2e_identity/mod.rs b/crypto/src/e2e_identity/mod.rs
@@ -11,12 +11,12 @@ use crate::{
 };
 
 mod crypto;
-pub(crate) mod degraded;
 pub mod enabled;
 pub mod error;
 pub(crate) mod identity;
 pub(crate) mod rotate;
 pub(crate) mod stash;
+pub(crate) mod state;
 pub mod types;
 
 type Json = Vec<u8>;