Struct Session

pub struct Session { /* private fields */ }

A MLS Session enables a user device to communicate via the MLS protocol.

This closely maps to the Client term in RFC 9720, but we avoid that term to avoid ambiguity; Client is very overloaded with distinct meanings.

There is one Session per user per device. A session can contain many MLS groups/conversations.

It is cheap to clone a Session because everything heavy is wrapped inside an Arc.

Implementations

impl Session

pub async fn e2ei_is_pki_env_setup(&self) -> bool

Returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)

pub async fn e2ei_dump_pki_env(&self) -> Result<Option<E2eiDumpedPkiEnv>, Error>

Dumps the PKI environment as PEM

pub async fn e2ei_is_enabled( &self, signature_scheme: SignatureScheme, ) -> Result<bool, Error>

Returns true when end-to-end-identity is enabled for the given SignatureScheme

pub async fn e2ei_verify_group_state( &self, group_info: VerifiableGroupInfo, ) -> Result<E2eiConversationState, Error>

Verifies a Group state before joining it

pub async fn get_credential_in_use( &self, group_info: VerifiableGroupInfo, credential_type: MlsCredentialType, ) -> Result<E2eiConversationState, Error>

Gets the e2ei conversation state from a GroupInfo. Useful to check if the group has e2ei turned on or not before joining it.

impl Session

pub async fn generate_one_keypackage_from_credential_bundle( &self, backend: &MlsCryptoProvider, cs: MlsCiphersuite, cb: &CredentialBundle, ) -> Result<KeyPackage, Error>

Generates a single new keypackage

Arguments

• backend - the KeyStorage to load the keypackages from

Errors

KeyStore and OpenMls errors

pub async fn request_key_packages( &self, count: usize, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, backend: &MlsCryptoProvider, ) -> Result<Vec<KeyPackage>, Error>

Requests count keying material to be present and returns a reference to it for the consumer to copy/clone.

Arguments

• count - number of openmls::key_packages::KeyPackage to generate
• ciphersuite - of openmls::key_packages::KeyPackage to generate
• backend - the KeyStorage to load the keypackages from

Errors

KeyStore and OpenMls errors

pub async fn valid_keypackages_count( &self, backend: &MlsCryptoProvider, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> Result<usize, Error>

Returns the count of valid, non-expired, unclaimed keypackages in store

pub async fn prune_keypackages( &self, backend: &MlsCryptoProvider, refs: &[KeyPackageRef], ) -> Result<(), Error>

Prune the provided KeyPackageRefs from the keystore

Warning: Despite this API being public, the caller should know what they’re doing. Provided KeypackageRefs will be purged regardless of their expiration state, so please be wary of what you are doing if you directly call this API. This could result in still valid, uploaded keypackages being pruned from the system and thus being impossible to find when referenced in a future Welcome message.

impl Session

pub async fn try_new(configuration: MlsClientConfiguration) -> Result<Self>

Tries to initialize the [Client]. Takes a store path (i.e. Disk location of the embedded database, should be consistent between messaging sessions) And a root identity key (i.e. enclaved encryption key for this device)

Arguments

• configuration - the configuration for the MlsCentral

Errors

Failures in the initialization of the KeyStore can cause errors, such as IO, the same kind of errors can happen when the groups are being restored from the KeyStore or even during the client initialization (to fetch the identity signature). Other than that, MlsError can be caused by group deserialization or during the initialization of the credentials:

• for x509 Credentials if the certificate chain length is lower than 2
• for Basic Credentials if the signature key cannot be generated either by not supported scheme or the key generation fails

pub async fn try_new_in_memory( configuration: MlsClientConfiguration, ) -> Result<Self>

Same as the [Client::try_new] but instead, it uses an in memory KeyStore. Although required, the store_path parameter from the MlsClientConfiguration won’t be used here.

pub async fn provide_transport(&self, transport: Arc<dyn MlsTransport>)

Provide the implementation of functions to communicate with the delivery service (see MlsTransport).

pub async fn init( &self, identifier: ClientIdentifier, ciphersuites: &[MlsCiphersuite], backend: &MlsCryptoProvider, nb_key_package: usize, ) -> Result<(), Error>

Initializes the client. If the client’s cryptographic material is already stored in the keystore, it loads it Otherwise, it is being created.

Arguments

• identifier - client identifier ; either a ClientId or a x509 certificate chain
• ciphersuites - all ciphersuites this client is supposed to support
• backend - the KeyStore and crypto provider to read identities from

Errors

KeyStore and OpenMls errors can happen

pub async fn get_raw_conversation( &self, id: &ConversationId, ) -> Result<ImmutableConversation, Error>

Get an immutable view of an MlsConversation.

Because it operates on the raw conversation type, this may be faster than crate::mls::TransactionContext::conversation. for transient and immutable purposes. For long-lived or mutable purposes, prefer the other method.

pub async fn public_key( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> Result<Vec<u8>>

Returns the client’s most recent public signature key as a buffer. Used to upload a public key to the server in order to verify client’s messages signature.

Arguments

• ciphersuite - a callback to be called to perform authorization
• credential_type - of the credential to look for

pub async fn conversation_exists( &self, id: &ConversationId, ) -> Result<bool, Error>

Checks if a given conversation id exists locally

pub fn random_bytes(&self, len: usize) -> Result<Vec<u8>>

Generates a random byte array of the specified size

pub async fn can_close(&self) -> bool

Reports whether the local KeyStore believes that it can currently close.

Beware TOCTOU!

pub async fn close(self) -> Result<()>

Closes the connection with the local KeyStore

Errors

KeyStore errors, such as IO

pub async fn reseed(&self, seed: Option<EntropySeed>) -> Result<()>

see mls_crypto_provider::MlsCryptoProvider::reseed

pub async fn generate_raw_keypairs( &self, ciphersuites: &[MlsCiphersuite], backend: &MlsCryptoProvider, ) -> Result<Vec<ClientId>, Error>

Initializes a raw MLS keypair without an associated client ID Returns a random ClientId to bind later in [Client::init_with_external_client_id]

Arguments

• ciphersuites - all ciphersuites this client is supposed to support
• backend - the KeyStore and crypto provider to read identities from

Errors

KeyStore and OpenMls errors can happen

pub async fn init_with_external_client_id( &self, client_id: ClientId, tmp_ids: Vec<ClientId>, ciphersuites: &[MlsCiphersuite], backend: &MlsCryptoProvider, ) -> Result<(), Error>

Finalizes initialization using a 2-step process of uploading first a public key and then associating a new Client ID to that keypair

Arguments

• client_id - The client ID you have fetched from the MLS Authentication Service
• tmp_ids - The temporary random client ids generated in the previous step [Client::generate_raw_keypairs]
• ciphersuites - To initialize the Client with
• backend - the KeyStore and crypto provider to read identities from

WARNING: You have absolutely NO reason to call this if you didn’t call [Client::generate_raw_keypairs] first. You have been warned!

pub async fn id(&self) -> Result<ClientId, Error>

Retrieves the client’s client id. This is free-form and not inspected.

pub async fn is_e2ei_capable(&self) -> bool

Returns whether this client is E2EI capable

Trait Implementations

impl Clone for Session

fn clone(&self) -> Session

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Session

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl From<Session> for CoreCrypto

fn from(mls: Session) -> Self

Converts to this type from the input type.