Add example for 1x API

Marta Mularczyk · Marta Mularczyk · commit 666100079764 · 2024-12-16T13:09:07.000+01:00
diff --git a/.github/workflows/native_build.yml b/.github/workflows/native_build.yml
@@ -43,7 +43,9 @@ jobs:
         run: cargo test --no-default-features --features std,test_util,non-fips  --verbose --workspace
       - name: Examples
         working-directory: mls-rs
-        run: cargo run --example basic_usage
+        run: |
+          cargo run --example basic_usage
+          cargo run --example api_1x
   AsyncBuildAndTest:
     strategy:
       matrix:
diff --git a/mls-rs/Cargo.toml b/mls-rs/Cargo.toml
@@ -113,6 +113,10 @@ criterion = { version = "0.5.1", features = ["async_futures", "html_reports"] }
 name = "basic_usage"
 required-features = []
 
+[[example]]
+name = "api_1x"
+required-features = []
+
 [[example]]
 name = "x509"
 required-features = ["x509"]
diff --git a/mls-rs/examples/api_1x.rs b/mls-rs/examples/api_1x.rs
@@ -0,0 +1,92 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// Copyright by contributors to this project.
+// SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+use std::convert::Infallible;
+
+use mls_rs::{
+    client_builder::MlsConfig,
+    error::MlsError,
+    identity::{
+        basic::{BasicCredential, BasicIdentityProvider},
+        SigningIdentity,
+    },
+    CipherSuite, CipherSuiteProvider, Client, CryptoProvider, ExtensionList, KeyPackageStorage,
+};
+use mls_rs_core::key_package::KeyPackageData;
+
+const CIPHERSUITE: CipherSuite = CipherSuite::CURVE25519_AES128;
+
+fn main() -> Result<(), MlsError> {
+    let crypto_provider = mls_rs_crypto_openssl::OpensslCryptoProvider::default();
+
+    // Create clients for Alice and Bob
+    let alice = make_client(crypto_provider.clone(), "alice")?;
+    let bob = make_client(crypto_provider.clone(), "bob")?;
+
+    // Bob generates key package. We store secrets in memory, no need for any storage.
+    let key_package_generation = bob
+        .key_package_builder(CIPHERSUITE)?
+        .valid_for_sec(123)
+        .build()?;
+
+    let stored_secrets = key_package_generation.key_package_data;
+
+    // Alice creates a group with Bob.
+    let mut alice_group = alice.create_group(ExtensionList::default(), Default::default())?;
+
+    let welcomes = alice_group
+        .commit_builder()
+        .add_member(key_package_generation.key_package_message)?
+        .build()?
+        .welcome_messages;
+
+    alice_group.apply_pending_commit()?;
+
+    // Bob joins
+    let mut bob_group = bob.group_joiner(&welcomes[0], stored_secrets)?.join()?.0;
+
+    // Alice and bob can chat
+    let msg = alice_group.encrypt_application_message(b"hello world", Default::default())?;
+    let msg = bob_group.process_incoming_message(msg)?;
+
+    println!("Received message: {:?}", msg);
+
+    Ok(())
+}
+
+#[derive(Clone)]
+struct NoOpKeyPackageStorage;
+
+impl KeyPackageStorage for NoOpKeyPackageStorage {
+    type Error = Infallible;
+
+    fn delete(&mut self, _: &[u8]) -> Result<(), Infallible> {
+        Ok(())
+    }
+
+    fn get(&self, _: &[u8]) -> Result<Option<KeyPackageData>, Infallible> {
+        Ok(None)
+    }
+
+    fn insert(&mut self, _: Vec<u8>, _: KeyPackageData) -> Result<(), Infallible> {
+        Ok(())
+    }
+}
+
+fn make_client<P: CryptoProvider + Clone>(
+    crypto_provider: P,
+    name: &str,
+) -> Result<Client<impl MlsConfig>, MlsError> {
+    let cipher_suite = crypto_provider.cipher_suite_provider(CIPHERSUITE).unwrap();
+    let (secret, public) = cipher_suite.signature_key_generate().unwrap();
+    let basic_identity = BasicCredential::new(name.as_bytes().to_vec());
+    let signing_identity = SigningIdentity::new(basic_identity.into_credential(), public);
+
+    Ok(Client::builder()
+        .identity_provider(BasicIdentityProvider)
+        .crypto_provider(crypto_provider)
+        .signing_identity(signing_identity, secret, CIPHERSUITE)
+        .key_package_repo(NoOpKeyPackageStorage)
+        .build())
+}
diff --git a/mls-rs/src/client.rs b/mls-rs/src/client.rs
@@ -605,7 +605,13 @@ where
         welcome_message: &'a MlsMessage,
         key_package_data: KeyPackageData,
     ) -> Result<GroupJoiner<'a, 'b, C>, MlsError> {
-        GroupJoiner::new(self.config.clone(), welcome_message, key_package_data).await
+        GroupJoiner::new(
+            self.config.clone(),
+            welcome_message,
+            key_package_data,
+            self.signer.clone(),
+        )
+        .await
     }
 
     /// Decrypt GroupInfo encrypted in the Welcome message without actually joining
diff --git a/mls-rs/src/group/mod.rs b/mls-rs/src/group/mod.rs
@@ -1490,7 +1490,7 @@ impl<C: ClientConfig> Group<C> {
         let key_package_data =
             find_key_package_generation(&config.key_package_repo(), &key_package_refs).await?;
 
-        let (group_info, _, _) = GroupJoiner::new(config.clone(), welcome, key_package_data)
+        let (group_info, _, _) = GroupJoiner::new(config.clone(), welcome, key_package_data, None)
             .await?
             .decrypt_group_info()
             .await?;
@@ -1499,7 +1499,6 @@ impl<C: ClientConfig> Group<C> {
     }
 
     #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
-
     pub(crate) async fn decrypt_group_secrets<'a>(
         welcome: &'a MlsMessage,
         config: &C,
diff --git a/mls-rs/src/group/resumption.rs b/mls-rs/src/group/resumption.rs
@@ -298,9 +298,8 @@ async fn resumption_join_group<C: ClientConfig + Clone>(
     let key_package_data =
         find_key_package_generation(&config.key_package_repo(), &key_package_refs).await?;
 
-    let mut joiner = GroupJoiner::new(config.clone(), welcome, key_package_data)
+    let mut joiner = GroupJoiner::new(config.clone(), welcome, key_package_data, Some(signer))
         .await?
-        .signature_secret_key(signer)
         .additional_psk(psk_input);
 
     if let Some(tree) = tree_data {
diff --git a/mls-rs/src/group_joiner.rs b/mls-rs/src/group_joiner.rs
@@ -100,6 +100,7 @@ impl<'a, 'b, C: ClientConfig> GroupJoiner<'a, 'b, C> {
         config: C,
         welcome_msg: &'a MlsMessage,
         key_package_data: KeyPackageData,
+        signer: Option<SignatureSecretKey>,
     ) -> Result<Self, MlsError> {
         let key_package = KeyPackage::mls_decode(&mut &*key_package_data.key_package_bytes)?;
         let init_key = &key_package_data.init_key;
@@ -115,7 +116,7 @@ impl<'a, 'b, C: ClientConfig> GroupJoiner<'a, 'b, C> {
             version: welcome_msg.version,
             key_package,
             leaf_secret: key_package_data.leaf_node_key,
-            signer: None,
+            signer,
             #[cfg(feature = "psk")]
             additional_psk: None,
         })
diff --git a/mls-rs/src/key_package/builder.rs b/mls-rs/src/key_package/builder.rs
@@ -8,6 +8,7 @@ use alloc::vec;
 use mls_rs_codec::{MlsDecode, MlsEncode, MlsSize};
 use mls_rs_core::error::IntoAnyError;
 use mls_rs_core::extension::MlsExtension;
+use mls_rs_core::key_package::KeyPackageData;
 
 use crate::client::MlsError;
 use crate::client_config::ClientConfig;
@@ -124,17 +125,23 @@ impl<CP: CipherSuiteProvider> KeyPackageBuilder<'_, CP> {
             .sign(&self.cipher_suite_provider, signing_key, &())
             .await?;
 
+        let package_bytes = package.mls_encode_to_vec()?;
+        let reference = package.to_reference(&self.cipher_suite_provider).await?;
+
+        let key_package_message = MlsMessage::new(
+            self.protocol_version,
+            MlsMessagePayload::KeyPackage(package),
+        );
+
         Ok(KeyPackageGeneration {
-            reference: package.to_reference(&self.cipher_suite_provider).await?,
-            key_package_message: MlsMessage::new(
-                self.protocol_version,
-                MlsMessagePayload::KeyPackage(package),
-            ),
-            secrets: KeyPackageSecrets {
+            reference,
+            key_package_data: KeyPackageData::new(
+                package_bytes,
                 init_secret_key,
                 leaf_node_secret,
-            },
-            not_after: lifetime.not_after,
+                lifetime.not_after,
+            ),
+            key_package_message,
         })
     }
 }
@@ -150,8 +157,7 @@ pub struct KeyPackageSecrets {
 pub struct KeyPackageGeneration {
     pub reference: KeyPackageRef,
     pub key_package_message: MlsMessage,
-    pub secrets: KeyPackageSecrets,
-    pub not_after: u64,
+    pub key_package_data: KeyPackageData,
 }
 
 impl<'a, CP> KeyPackageBuilder<'a, CP> {
@@ -253,7 +259,7 @@ mod tests {
             let opened = cipher_suite_provider
                 .hpke_open(
                     &sealed,
-                    &generated.secrets.init_secret_key,
+                    &generated.key_package_data.init_key,
                     &generated_kp.hpke_init_key,
                     &[],
                     None,
diff --git a/mls-rs/src/key_package/mod.rs b/mls-rs/src/key_package/mod.rs
@@ -26,7 +26,6 @@ mod validator;
 pub(crate) use validator::*;
 
 pub(crate) mod generator;
-//pub use builder::*;
 pub(crate) use generator::*;
 
 #[non_exhaustive]
