Classes

CoreCrypto client which manages one cryptographic client for proteus and MLS.

The PKI environment used for certificate management during X509 credential acquisition.

The database acting as a core crypto keystore.

A unique identifier for an MLS client.

Each app instance a user is running, such as desktop or mobile, is a separate client with its own client id. A single user may therefore have multiple clients. More information: https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients

A unique identifier for a single conversation.

The backend provides an opaque string identifying a new conversation. Construct an instance of this newtype to pass that identifier to Rust.

A CoreCryptoCommand has an execute method which accepts a CoreCryptoContext and returns nothing.

It is the argument to a CoreCrypto::transaction call.

The CoreCryptoContext holds the primary CoreCrypto APIs.

An instance of this struct is provided to the closure passed to CoreCryptoFfi::transaction.

Every mutable operation is done through this struct. Operations are buffered in memory and persisted to the keystore when the transaction completes.

CoreCrypto wraps around MLS and Proteus implementations and provides a transactional interface for each.

A callback interface for forwarding CoreCrypto log messages to the platform’s logging system.

A cryptographic credential.

This is tied to a particular client via either its client id or certificate bundle, depending on its credential type, but is independent of any client instance or storage.

To attach a credential to a client instance and store it, call add_credential on a CoreCryptoContext.

A compact reference to a credential that has been persisted in CoreCrypto.

Credentials can be quite large; this type avoids passing them back and forth across the FFI boundary more than strictly required.

Created by calling add_credential on a CoreCryptoContext.

This reference is not a literal in-memory reference. It is instead the key from which a credential can be retrieved, and is stable over time and across the FFI boundary.

The key used to encrypt the database.

An EpochObserver is notified whenever a conversation’s epoch changes.

The raw public key of an external sender.

This can be used to initialize a subconversation.

MLS Group Information

This is used when joining by external commit. It can be found within the GroupInfoBundle within a CommitBundle.

A HistoryObserver is notified whenever a new history client is created.

A signed object describing a client’s identity and capabilities.

Includes a public key that can be used to encrypt to that client. Other clients can use a client’s KeyPackage to introduce that client to a new group.

A lightweight distinct reference to a KeyPackage, sufficient to uniquely identify it.

This contains some metadata to assist in sorting and filtering refs without needing to perform the relatively heavy operation of converting to a full keypackage.

Used by CoreCrypto to send commits or application messages to the delivery service.

This trait must be implemented before calling any functions that produce commits.

Callbacks for external calls made by CoreCrypto during X509 credential acquisition.

When communicating with the Identity Provider (IDP) and Wire server, CoreCrypto delegates to the client app by calling the relevant methods.

Client App CoreCrypto Acme IDP | | | | | X509CredentialAcquisition().finalize() | | |————————–>| | | | | GET acme/root.pem | | | |————————> | | | | 200 OK | | | |<———————— | | | authenticate() | | | |<————————–| | | | | Authentication flow | | | —————————————————————————-> | |<—————————————————————————– | | return Success [PKiEnvironmentHooks.authenticate()] | | |<————————–| | | | | (excluded several calls for brevity) | | return Success(Credential) [X509CredentialAcquisition().finalize()] | |<————————–| | |

A secret key derived from the group secret.

This is intended to be used for AVS.

A TLS-serialized Welcome message.

This structure is defined in RFC 9420: https://www.rfc-editor.org/rfc/rfc9420.html#joining-via-welcome-message.