// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Copyright by contributors to this project.
// SPDX-License-Identifier: (Apache-2.0 OR MIT)
use mls_rs_core::{crypto::SignatureSecretKey, identity::SigningIdentity};
use crate::{
client_config::ClientConfig,
group::{
cipher_suite_provider,
epoch::SenderDataSecret,
key_schedule::{InitSecret, KeySchedule},
proposal::{ExternalInit, Proposal, RemoveProposal},
EpochSecrets, ExternalPubExt, LeafIndex, LeafNode, MlsError, TreeKemPrivate,
},
Group, MlsMessage,
};
#[cfg(any(feature = "secret_tree_access", feature = "private_message"))]
use crate::group::secret_tree::SecretTree;
#[cfg(feature = "custom_proposal")]
use crate::group::{
framing::MlsMessagePayload,
message_processor::{EventOrContent, MessageProcessor},
message_signature::AuthenticatedContent,
message_verifier::verify_plaintext_authentication,
CustomProposal,
};
use alloc::vec;
use alloc::vec::Vec;
#[cfg(feature = "psk")]
use mls_rs_core::psk::{ExternalPskId, PreSharedKey};
#[cfg(feature = "psk")]
use crate::group::{
PreSharedKeyProposal, {JustPreSharedKeyID, PreSharedKeyID},
};
use super::{validate_group_info_joiner, ExportedTree};
/// A builder that aids with the construction of an external commit.
#[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::ffi_type(opaque))]
pub struct ExternalCommitBuilder<C: ClientConfig> {
signer: SignatureSecretKey,
signing_identity: SigningIdentity,
config: C,
tree_data: Option<ExportedTree<'static>>,
to_remove: Option<u32>,
#[cfg(feature = "psk")]
external_psks: Vec<ExternalPskId>,
authenticated_data: Vec<u8>,
#[cfg(feature = "custom_proposal")]
custom_proposals: Vec<Proposal>,
#[cfg(feature = "custom_proposal")]
received_custom_proposals: Vec<MlsMessage>,
}
impl<C: ClientConfig> ExternalCommitBuilder<C> {
pub(crate) fn new(
signer: SignatureSecretKey,
signing_identity: SigningIdentity,
config: C,
) -> Self {
Self {
tree_data: None,
to_remove: None,
authenticated_data: Vec::new(),
signer,
signing_identity,
config,
#[cfg(feature = "psk")]
external_psks: Vec::new(),
#[cfg(feature = "custom_proposal")]
custom_proposals: Vec::new(),
#[cfg(feature = "custom_proposal")]
received_custom_proposals: Vec::new(),
}
}
#[must_use]
/// Use external tree data if the GroupInfo message does not contain a
/// [`RatchetTreeExt`](crate::extension::built_in::RatchetTreeExt)
pub fn with_tree_data(self, tree_data: ExportedTree<'static>) -> Self {
Self {
tree_data: Some(tree_data),
..self
}
}
#[must_use]
/// Propose the removal of an old version of the client as part of the external commit.
/// Only one such proposal is allowed.
pub fn with_removal(self, to_remove: u32) -> Self {
Self {
to_remove: Some(to_remove),
..self
}
}
#[must_use]
/// Add plaintext authenticated data to the resulting commit message.
pub fn with_authenticated_data(self, data: Vec<u8>) -> Self {
Self {
authenticated_data: data,
..self
}
}
#[cfg(feature = "psk")]
#[must_use]
/// Add an external psk to the group as part of the external commit.
pub fn with_external_psk(mut self, psk: ExternalPskId) -> Self {
self.external_psks.push(psk);
self
}
#[cfg(feature = "custom_proposal")]
#[must_use]
/// Insert a [`CustomProposal`] into the current commit that is being built.
pub fn with_custom_proposal(mut self, proposal: CustomProposal) -> Self {
self.custom_proposals.push(Proposal::Custom(proposal));
self
}
#[cfg(all(feature = "custom_proposal", feature = "by_ref_proposal"))]
#[must_use]
/// Insert a [`CustomProposal`] received from a current group member into the current
/// commit that is being built.
///
/// # Warning
///
/// The authenticity of the proposal is NOT fully verified. It is only verified the
/// same way as by [`ExternalGroup`](`crate::external_client::ExternalGroup`).
/// The proposal MUST be an MlsPlaintext, else the [`Self::build`] function will fail.
pub fn with_received_custom_proposal(mut self, proposal: MlsMessage) -> Self {
self.received_custom_proposals.push(proposal);
self
}
/// Build the external commit using a GroupInfo message provided by an existing group member.
#[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
pub async fn build(self, group_info: MlsMessage) -> Result<(Group<C>, MlsMessage), MlsError> {
let protocol_version = group_info.version;
if !self.config.version_supported(protocol_version) {
return Err(MlsError::UnsupportedProtocolVersion(protocol_version));
}
let group_info = group_info
.into_group_info()
.ok_or(MlsError::UnexpectedMessageType)?;
let cipher_suite = cipher_suite_provider(
self.config.crypto_provider(),
group_info.group_context.cipher_suite,
)?;
let external_pub_ext = group_info
.extensions
.get_as::<ExternalPubExt>()?
.ok_or(MlsError::MissingExternalPubExtension)?;
let public_tree = validate_group_info_joiner(
protocol_version,
&group_info,
self.tree_data,
&self.config.identity_provider(),
&cipher_suite,
)
.await?;
let (leaf_node, _) = LeafNode::generate(
&cipher_suite,
self.config.leaf_properties(),
self.signing_identity,
&self.signer,
self.config.lifetime(),
)
.await?;
let (init_secret, kem_output) =
InitSecret::encode_for_external(&cipher_suite, &external_pub_ext.external_pub).await?;
let epoch_secrets = EpochSecrets {
#[cfg(feature = "psk")]
resumption_secret: PreSharedKey::new(vec![]),
sender_data_secret: SenderDataSecret::from(vec![]),
#[cfg(any(feature = "secret_tree_access", feature = "private_message"))]
secret_tree: SecretTree::empty(),
};
let (mut group, _) = Group::join_with(
self.config,
group_info,
public_tree,
KeySchedule::new(init_secret),
epoch_secrets,
TreeKemPrivate::new_for_external(),
None,
self.signer,
)
.await?;
#[cfg(feature = "psk")]
let psk_ids = self
.external_psks
.into_iter()
.map(|psk_id| PreSharedKeyID::new(JustPreSharedKeyID::External(psk_id), &cipher_suite))
.collect::<Result<Vec<_>, MlsError>>()?;
let mut proposals = vec![Proposal::ExternalInit(ExternalInit { kem_output })];
#[cfg(feature = "psk")]
proposals.extend(
psk_ids
.into_iter()
.map(|psk| Proposal::Psk(PreSharedKeyProposal { psk })),
);
#[cfg(feature = "custom_proposal")]
{
let mut custom_proposals = self.custom_proposals;
proposals.append(&mut custom_proposals);
}
#[cfg(all(feature = "custom_proposal", feature = "by_ref_proposal"))]
for message in self.received_custom_proposals {
let MlsMessagePayload::Plain(plaintext) = message.payload else {
return Err(MlsError::UnexpectedMessageType);
};
let auth_content = AuthenticatedContent::from(plaintext.clone());
verify_plaintext_authentication(&cipher_suite, plaintext, None, None, &group.state)
.await?;
group
.process_event_or_content(EventOrContent::Content(auth_content), true, None)
.await?;
}
if let Some(r) = self.to_remove {
proposals.push(Proposal::Remove(RemoveProposal {
to_remove: LeafIndex(r),
}));
}
let commit_output = group
.commit_internal(
proposals,
Some(&leaf_node),
self.authenticated_data,
Default::default(),
None,
None,
)
.await?;
group.apply_pending_commit().await?;
Ok((group, commit_output.commit_message))
}
}
