core_crypto/mls/
mod.rs

1use mls_crypto_provider::MlsCryptoProvider;
2
3use crate::{ClientId, MlsConversation, Session};
4
5pub(crate) mod ciphersuite;
6pub mod conversation;
7pub mod credential;
8mod error;
9pub mod key_package;
10pub(crate) mod proposal;
11pub(crate) mod session;
12
13pub use error::{Error, Result};
14pub use session::{EpochObserver, HistoryObserver};
15
16#[cfg_attr(target_family = "wasm", async_trait::async_trait(?Send))]
17#[cfg_attr(not(target_family = "wasm"), async_trait::async_trait)]
18pub(crate) trait HasSessionAndCrypto: Send {
19    async fn session(&self) -> Result<Session>;
20    async fn crypto_provider(&self) -> Result<MlsCryptoProvider>;
21}
22
23#[cfg(test)]
24mod tests {
25
26    use crate::{
27        CertificateBundle, ClientIdentifier, CoreCrypto, CredentialType,
28        mls::Session,
29        test_utils::{x509::X509TestChain, *},
30        transaction_context::Error as TransactionError,
31    };
32
33    mod conversation_epoch {
34        use super::*;
35        use crate::mls::conversation::Conversation as _;
36
37        #[apply(all_cred_cipher)]
38        async fn can_get_newly_created_conversation_epoch(case: TestContext) {
39            let [session] = case.sessions().await;
40            let conversation = case.create_conversation([&session]).await;
41            let epoch = conversation.guard().await.epoch().await;
42            assert_eq!(epoch, 0);
43        }
44
45        #[apply(all_cred_cipher)]
46        async fn can_get_conversation_epoch(case: TestContext) {
47            let [alice, bob] = case.sessions().await;
48            Box::pin(async move {
49                let conversation = case.create_conversation([&alice, &bob]).await;
50                let epoch = conversation.guard().await.epoch().await;
51                assert_eq!(epoch, 1);
52            })
53            .await;
54        }
55
56        #[apply(all_cred_cipher)]
57        async fn conversation_not_found(case: TestContext) {
58            use crate::LeafError;
59            let [session] = case.sessions().await;
60            let id = conversation_id();
61            let err = session.transaction.conversation(&id).await.unwrap_err();
62            assert!(matches!(
63                err,
64                TransactionError::Leaf(LeafError::ConversationNotFound(i)) if i == id
65            ));
66        }
67    }
68
69    mod invariants {
70        use super::*;
71
72        #[apply(all_cred_cipher)]
73        async fn can_create_from_valid_configuration(mut case: TestContext) {
74            let db = case.create_persistent_db().await;
75            Box::pin(async move {
76                let new_client_result = Session::try_new(&db).await;
77                assert!(new_client_result.is_ok())
78            })
79            .await
80        }
81    }
82
83    #[apply(all_cred_cipher)]
84    async fn create_conversation_should_fail_when_already_exists(case: TestContext) {
85        use crate::LeafError;
86
87        let [alice] = case.sessions().await;
88        Box::pin(async move {
89            let conversation = case.create_conversation([&alice]).await;
90            let id = conversation.id().clone();
91
92                // creating a conversation should first verify that the conversation does not already exist ; only then create it
93                let repeat_create = alice
94                    .transaction
95                    .new_conversation(&id, case.credential_type, case.cfg.clone())
96                    .await;
97                assert!(matches!(repeat_create.unwrap_err(), TransactionError::Leaf(LeafError::ConversationAlreadyExists(i)) if i == id));
98            })
99        .await;
100    }
101
102    #[apply(all_cred_cipher)]
103    async fn can_fetch_client_public_key(mut case: TestContext) {
104        let db = case.create_persistent_db().await;
105        Box::pin(async move {
106            let result = Session::try_new(&db).await;
107            println!("{result:?}");
108            assert!(result.is_ok());
109        })
110        .await
111    }
112
113    #[apply(all_cred_cipher)]
114    async fn can_2_phase_init_central(mut case: TestContext) {
115        let db = case.create_persistent_db().await;
116        Box::pin(async move {
117            use crate::{ClientId, Credential};
118
119            let x509_test_chain = X509TestChain::init_empty(case.signature_scheme());
120
121            // phase 1: init without initialized mls_client
122            let client = Session::try_new(&db).await.unwrap();
123            let cc = CoreCrypto::from(client);
124            let context = cc.new_transaction().await.unwrap();
125            x509_test_chain.register_with_central(&context).await;
126
127            assert!(!context.session().await.unwrap().is_ready().await);
128            // phase 2: init mls_client
129            let client_id = ClientId::from("alice");
130            let identifier = match case.credential_type {
131                CredentialType::Basic => ClientIdentifier::Basic(client_id.clone()),
132                CredentialType::X509 => {
133                    CertificateBundle::rand_identifier(&client_id, &[x509_test_chain.find_local_intermediate_ca()])
134                }
135            };
136            context
137                .mls_init(identifier.clone(), &[case.ciphersuite()])
138                .await
139                .unwrap();
140
141            let credential =
142                Credential::from_identifier(&identifier, case.ciphersuite(), &cc.mls.crypto_provider).unwrap();
143            let credential_ref = cc.add_credential(credential).await.unwrap();
144
145            assert!(context.session().await.unwrap().is_ready().await);
146            // expect mls_client to work
147            assert!(context.generate_keypackage(&credential_ref, None).await.is_ok());
148        })
149        .await
150    }
151}
core_crypto/mls/mod.rs

core_crypto/mls/
mod.rs
