From 42db0701d9a1f774b8c0382fe3caa7c8f4f6fcc0 Mon Sep 17 00:00:00 2001 From: Mohamad Jaara Date: Tue, 30 Apr 2024 18:13:53 +0200 Subject: [PATCH 1/2] feat: support new MLS cipher suite [WPB-8592] (#2716) * feat: support new MLS cipher suite * fix test * fix tests * fix tests * fix tests * fix create conversation dead lock * fix test * address PR comments * address PR comments * address PR comments --- .../kalium/cryptography/BaseMLSClientTest.kt | 16 ++- .../cryptography/BaseProteusClientTest.kt | 2 +- .../kalium/cryptography/BaseMLSClientTest.kt | 16 ++- .../cryptography/BaseProteusClientTest.kt | 2 +- .../cryptography/CoreCryptoCentralImpl.kt | 7 +- .../kalium/cryptography/BaseMLSClientTest.kt | 16 ++- .../cryptography/BaseProteusClientTest.kt | 2 +- .../CoreCryptoCentral.kt | 34 ++++-- .../MLSClientImpl.kt | 23 ++-- .../kalium/cryptography/CoreCryptoCentral.kt | 13 +- .../kalium/cryptography/BaseMLSClientTest.kt | 12 +- .../kalium/cryptography/E2EIClientTest.kt | 10 +- .../wire/kalium/cryptography/MLSClientTest.kt | 4 +- .../kalium/cryptography/ProteusClientTest.kt | 2 +- .../cryptography/CoreCryptoCentralImpl.kt | 7 +- .../kalium/cryptography/BaseMLSClientTest.kt | 12 +- .../kalium/cryptography/BaseMLSClientTest.kt | 16 ++- .../cryptography/BaseProteusClientTest.kt | 2 +- gradle/libs.versions.toml | 2 +- .../configuration/UserConfigRepository.kt | 24 ++++ .../logic/data/client/E2EIClientProvider.kt | 10 +- .../logic/data/client/MLSClientProvider.kt | 16 ++- .../data/client/ProteusClientProvider.kt | 4 +- .../logic/data/conversation/Conversation.kt | 22 +--- .../data/conversation/ProtocolInfoMapper.kt | 5 +- .../data/featureConfig/FeatureConfigMapper.kt | 19 ++- .../data/featureConfig/FeatureConfigModel.kt | 2 + .../wire/kalium/logic/data/mls/CipherSuite.kt | 98 +++++++++++++++ .../kalium/logic/feature/UserSessionScope.kt | 3 +- .../SyncFeatureConfigsUseCase.kt | 2 +- .../featureConfig/handler/MLSConfigHandler.kt | 5 + .../logic/data/call/CallRepositoryTest.kt | 3 +- .../conversation/ProtocolInfoMapperTest.kt | 5 +- .../data/event/FeatureConfigMapperTest.kt | 2 +- .../FeatureConfigRepositoryTest.kt | 13 +- .../data/featureConfig/FeatureConfigTest.kt | 7 +- .../client/RegisterMLSClientUseCaseTest.kt | 2 +- .../JoinExistingMLSConversationUseCaseTest.kt | 11 +- ...JoinExistingMLSConversationsUseCaseTest.kt | 5 +- .../RecoverMLSConversationsUseCaseTests.kt | 5 +- .../handler/MLSConfigHandlerTest.kt | 114 +++++++++++++----- .../feature/message/MessageSenderTest.kt | 3 +- .../feature/mlsmigration/MLSMigratorTest.kt | 5 +- .../logic/framework/TestConversation.kt | 5 +- .../UserConfigRepositoryArrangement.kt | 9 +- .../logic/feature/scenario/OnCloseCallTest.kt | 3 +- .../persistence/dao/unread/UserConfigDAO.kt | 11 ++ .../model/SupportedCipherSuiteEntity.kt | 29 +++++ 48 files changed, 488 insertions(+), 152 deletions(-) create mode 100644 logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt create mode 100644 persistence/src/commonMain/kotlin/com/wire/kalium/persistence/model/SupportedCipherSuiteEntity.kt diff --git a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index 2f80972e470..e81b6fa10c2 100644 --- a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -22,14 +22,22 @@ import java.nio.file.Files actual open class BaseMLSClientTest { - actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient { - return createCoreCrypto(clientId).mlsClient(clientId) + actual suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient { + return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId) } - actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral { + actual suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral { val root = Files.createTempDirectory("mls").toFile() val keyStore = root.resolve("keystore-$clientId") - return coreCryptoCentral(keyStore.absolutePath, "test") + return coreCryptoCentral(keyStore.absolutePath, "test", allowedCipherSuites, defaultCipherSuite) } } diff --git a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt index 8a8ad5b6698..4b8fab41c2c 100644 --- a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt +++ b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt @@ -33,7 +33,7 @@ actual open class BaseProteusClientTest { actual suspend fun createProteusClient(proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret?): ProteusClient { return databaseKey?.let { - coreCryptoCentral(proteusStore.value, it.value).proteusClient() + coreCryptoCentral(proteusStore.value, it.value, emptyList(), 0.toUShort()).proteusClient() } ?: cryptoboxProteusClient(proteusStore.value, testCoroutineScheduler, testCoroutineScheduler) } } diff --git a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index a3e415e6914..f713c82dfa7 100644 --- a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -21,13 +21,21 @@ package com.wire.kalium.cryptography import java.nio.file.Files actual open class BaseMLSClientTest { - actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient { - return createCoreCrypto(clientId).mlsClient(clientId) + actual suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient { + return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId) } - actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral { + actual suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral { val root = Files.createTempDirectory("mls").toFile() val keyStore = root.resolve("keystore-$clientId") - return coreCryptoCentral(keyStore.absolutePath, "test") + return coreCryptoCentral(keyStore.absolutePath, "test", allowedCipherSuites, defaultCipherSuite) } } diff --git a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt index 5e686e24443..20b5c3f3658 100644 --- a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt +++ b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt @@ -33,7 +33,7 @@ actual open class BaseProteusClientTest { actual suspend fun createProteusClient(proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret?): ProteusClient { return databaseKey?.let { - coreCryptoCentral(proteusStore.value, it.value).proteusClient() + coreCryptoCentral(proteusStore.value, it.value, emptyList(), null).proteusClient() } ?: cryptoboxProteusClient(proteusStore.value, testCoroutineScheduler,testCoroutineScheduler) } } diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt index 52dd4c07f96..259c4e54dc5 100644 --- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt +++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt @@ -24,7 +24,12 @@ import com.wire.crypto.CoreCryptoCallbacks import platform.Foundation.NSFileManager import kotlin.time.Duration -actual suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral { +actual suspend fun coreCryptoCentral( + rootDir: String, + databaseKey: String, + allowedCipherSuites: List, + defaultCipherSuite: UShort? +): CoreCryptoCentral { val path = "$rootDir/${CoreCryptoCentralImpl.KEYSTORE_NAME}" NSFileManager.defaultManager.createDirectoryAtPath(rootDir, withIntermediateDirectories = true, null, null) val coreCrypto = CoreCrypto.deferredInit(path, databaseKey, null) diff --git a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index 7ab8ae14087..dbdb6e0bf3a 100644 --- a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -24,14 +24,22 @@ import platform.Foundation.NSURL import platform.Foundation.URLByAppendingPathComponent actual open class BaseMLSClientTest actual constructor() { - actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient { - return createCoreCrypto(clientId).mlsClient(clientId) + actual suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient { + return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId) } - actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral { + actual suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral { val rootDir = NSURL.fileURLWithPath(NSTemporaryDirectory() + "/mls", isDirectory = true) NSFileManager.defaultManager.createDirectoryAtURL(rootDir, true, null, null) val keyStore = rootDir.URLByAppendingPathComponent("keystore-$clientId")!! - return coreCryptoCentral(keyStore.path!!, "test") + return coreCryptoCentral(keyStore.path!!, "test", allowedCipherSuites, defaultCipherSuite) } } diff --git a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt index 81a1a2f72e5..23b47c90120 100644 --- a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt +++ b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt @@ -35,7 +35,7 @@ actual open class BaseProteusClientTest actual constructor() { proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret? ): ProteusClient { - return coreCryptoCentral(proteusStore.value, "secret").proteusClient() + return coreCryptoCentral(proteusStore.value, "secret", emptyList(), null).proteusClient() } } diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt index 465302eea90..5eefcb16f63 100644 --- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt +++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt @@ -17,21 +17,31 @@ */ package com.wire.kalium.cryptography +import com.wire.crypto.Ciphersuites import com.wire.crypto.ClientId import com.wire.crypto.CoreCrypto import com.wire.crypto.CoreCryptoCallbacks -import com.wire.crypto.client.Ciphersuites import com.wire.crypto.coreCryptoDeferredInit import com.wire.kalium.cryptography.MLSClientImpl.Companion.toCrlRegistration import com.wire.kalium.cryptography.exceptions.CryptographyException import java.io.File -actual suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral { +actual suspend fun coreCryptoCentral( + rootDir: String, + databaseKey: String, + allowedCipherSuites: Ciphersuites, + defaultCipherSuite: UShort? +): CoreCryptoCentral { val path = "$rootDir/${CoreCryptoCentralImpl.KEYSTORE_NAME}" File(rootDir).mkdirs() - val coreCrypto = coreCryptoDeferredInit(path, databaseKey, Ciphersuites.DEFAULT.lower(), null) + val coreCrypto = coreCryptoDeferredInit(path, databaseKey, allowedCipherSuites, null) coreCrypto.setCallbacks(Callbacks()) - return CoreCryptoCentralImpl(coreCrypto, rootDir) + return CoreCryptoCentralImpl( + cc = coreCrypto, + rootDir = rootDir, + cipherSuite = allowedCipherSuites, + defaultCipherSuite = defaultCipherSuite + ) } private class Callbacks : CoreCryptoCallbacks { @@ -61,12 +71,18 @@ private class Callbacks : CoreCryptoCallbacks { } } -class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral { +class CoreCryptoCentralImpl( + private val cc: CoreCrypto, + private val rootDir: String, + // TODO: remove one they are removed from the CC api + private val cipherSuite: Ciphersuites, + private val defaultCipherSuite: UShort? +) : CoreCryptoCentral { fun getCoreCrypto() = cc override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient { - cc.mlsInit(clientId.toString().encodeToByteArray(), Ciphersuites.DEFAULT.lower(), null) - return MLSClientImpl(cc) + cc.mlsInit(clientId.toString().encodeToByteArray(), cipherSuite, null) + return MLSClientImpl(cc, defaultCipherSuite!!) } override suspend fun mlsClient( @@ -79,7 +95,7 @@ class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: Str (enrollment as E2EIClientImpl).wireE2eIdentity, certificateChain, newMLSKeyPackageCount ) - return MLSClientImpl(cc) + return MLSClientImpl(cc, defaultCipherSuite!!) } override suspend fun proteusClient(): ProteusClient { @@ -100,7 +116,7 @@ class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: Str handle, teamId, expiry.inWholeSeconds.toUInt(), - Ciphersuites.DEFAULT.lower().first() + defaultCipherSuite!! ) ) diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt index 6e442fb6c09..0bfa6b1dada 100644 --- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt +++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt @@ -28,7 +28,7 @@ import com.wire.crypto.MlsCredentialType import com.wire.crypto.MlsGroupInfoEncryptionType import com.wire.crypto.MlsRatchetTreeType import com.wire.crypto.MlsWirePolicy -import com.wire.crypto.client.Ciphersuites +import com.wire.crypto.Ciphersuite import io.ktor.util.decodeBase64Bytes import io.ktor.util.encodeBase64 import kotlin.time.Duration @@ -41,25 +41,26 @@ typealias ConversationId = ByteArray @Suppress("TooManyFunctions") @OptIn(ExperimentalUnsignedTypes::class) class MLSClientImpl( - private val coreCrypto: CoreCrypto + private val coreCrypto: CoreCrypto, + private val defaultCipherSuite: Ciphersuite ) : MLSClient { private val keyRotationDuration: Duration = 30.toDuration(DurationUnit.DAYS) private val defaultGroupConfiguration = CustomConfiguration(keyRotationDuration.toJavaDuration(), MlsWirePolicy.PLAINTEXT) - private val defaultCiphersuite = Ciphersuites.DEFAULT.lower().first() + override suspend fun close() { coreCrypto.close() } override suspend fun getPublicKey(): ByteArray { - return coreCrypto.clientPublicKey(defaultCiphersuite, toCredentialType(getMLSCredentials())) + return coreCrypto.clientPublicKey(defaultCipherSuite, toCredentialType(getMLSCredentials())) } override suspend fun generateKeyPackages(amount: Int): List { - return coreCrypto.clientKeypackages(defaultCiphersuite, toCredentialType(getMLSCredentials()), amount.toUInt()) + return coreCrypto.clientKeypackages(defaultCipherSuite, toCredentialType(getMLSCredentials()), amount.toUInt()) } override suspend fun validKeyPackageCount(): ULong { - return coreCrypto.clientValidKeypackagesCount(defaultCiphersuite, toCredentialType(getMLSCredentials())) + return coreCrypto.clientValidKeypackagesCount(defaultCipherSuite, toCredentialType(getMLSCredentials())) } override suspend fun updateKeyingMaterial(groupId: MLSGroupId): CommitBundle { @@ -78,7 +79,7 @@ class MLSClientImpl( return coreCrypto.newExternalAddProposal( conversationId = groupId.decodeBase64Bytes(), epoch = epoch, - ciphersuite = defaultCiphersuite, + ciphersuite = defaultCipherSuite, credentialType = toCredentialType(getMLSCredentials()) ) } @@ -106,7 +107,7 @@ class MLSClientImpl( externalSenders: List ) { val conf = ConversationConfiguration( - defaultCiphersuite, + defaultCipherSuite, externalSenders.map { it.value }, defaultGroupConfiguration ) @@ -210,7 +211,7 @@ class MLSClientImpl( handle, teamId, expiry.inWholeSeconds.toUInt(), - defaultCiphersuite + defaultCipherSuite ) ) } @@ -227,7 +228,7 @@ class MLSClientImpl( handle, teamId, expiry.inWholeSeconds.toUInt(), - defaultCiphersuite + defaultCipherSuite ) ) } @@ -237,7 +238,7 @@ class MLSClientImpl( } override suspend fun isE2EIEnabled(): Boolean { - return coreCrypto.e2eiIsEnabled(defaultCiphersuite) + return coreCrypto.e2eiIsEnabled(defaultCipherSuite) } override suspend fun getMLSCredentials(): CredentialType { diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt index eabd9acc4a5..10fc3146a48 100644 --- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt +++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentral.kt @@ -22,7 +22,11 @@ import kotlin.time.Duration interface CoreCryptoCentral { suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient - suspend fun mlsClient(enrollment: E2EIClient, certificateChain: CertificateChain, newMLSKeyPackageCount: UInt): MLSClient + suspend fun mlsClient( + enrollment: E2EIClient, + certificateChain: CertificateChain, + newMLSKeyPackageCount: UInt + ): MLSClient suspend fun proteusClient(): ProteusClient @@ -59,4 +63,9 @@ interface CoreCryptoCentral { suspend fun registerIntermediateCa(pem: CertificateChain) } -expect suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral +expect suspend fun coreCryptoCentral( + rootDir: String, + databaseKey: String, + allowedCipherSuites: List, + defaultCipherSuite: UShort? +): CoreCryptoCentral diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index e3fc901cf0a..7957f86f271 100644 --- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -20,8 +20,16 @@ package com.wire.kalium.cryptography expect open class BaseMLSClientTest() { - suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient + suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient - suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral + suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral } diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt index ece85e201ad..3863baca4ea 100644 --- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt +++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt @@ -35,7 +35,7 @@ class E2EIClientTest : BaseMLSClientTest() { } private suspend fun createE2EIClient(user: SampleUser): E2EIClient { - return createMLSClient(user.qualifiedClientId).e2eiNewActivationEnrollment( + return createMLSClient(user.qualifiedClientId, ALLOWED_CIPHER_SUITES, DEFAULT_CIPHER_SUITE).e2eiNewActivationEnrollment( user.name, user.handle, user.teamId,90.days ) } @@ -112,7 +112,7 @@ class E2EIClientTest : BaseMLSClientTest() { @Test fun givenClient_whenCallingCheckOrderRequest_ReturnNonEmptyResult() = runTest { - val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId) + val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId, ALLOWED_CIPHER_SUITES, DEFAULT_CIPHER_SUITE) val e2eiClient = createE2EIClient(ALICE1) e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE) e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE) @@ -130,7 +130,7 @@ class E2EIClientTest : BaseMLSClientTest() { @Test fun givenClient_whenCallingFinalizeRequest_ReturnNonEmptyResult() = runTest { - val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId) + val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId, ALLOWED_CIPHER_SUITES, DEFAULT_CIPHER_SUITE) val e2eiClient = createE2EIClient(ALICE1) e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE) e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE) @@ -149,7 +149,7 @@ class E2EIClientTest : BaseMLSClientTest() { @Test fun givenClient_whenCallingCertificateRequest_ReturnNonEmptyResult() = runTest { - val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId) + val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId, ALLOWED_CIPHER_SUITES, DEFAULT_CIPHER_SUITE) val e2eiClient = createE2EIClient(ALICE1) e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE) e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE) @@ -169,6 +169,8 @@ class E2EIClientTest : BaseMLSClientTest() { companion object { + val DEFAULT_CIPHER_SUITE = 1.toUShort() + val ALLOWED_CIPHER_SUITES = listOf(1.toUShort()) val ALICE1 = SampleUser( CryptoQualifiedID("837655f7-b448-465a-b4b2-93f0919b38f0", "elna.wire.link"), CryptoClientId("fb4b58152e20"), diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt index 93b8723740d..861007a7609 100644 --- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt +++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt @@ -33,7 +33,7 @@ class MLSClientTest : BaseMLSClientTest() { } private suspend fun createClient(user: SampleUser): MLSClient { - return createMLSClient(user.qualifiedClientId) + return createMLSClient(user.qualifiedClientId, ALLOWED_CIPHER_SUITES, DEFAULT_CIPHER_SUITES) } @Test @@ -188,6 +188,8 @@ class MLSClientTest : BaseMLSClientTest() { } companion object { + val ALLOWED_CIPHER_SUITES = listOf(1.toUShort()) + val DEFAULT_CIPHER_SUITES = 1.toUShort() const val MLS_CONVERSATION_ID = "JfflcPtUivbg+1U3Iyrzsh5D2ui/OGS5Rvf52ipH5KY=" const val PLAIN_TEXT = "Hello World" val ALICE1 = SampleUser( diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/ProteusClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/ProteusClientTest.kt index 4260020978a..82eca15fece 100644 --- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/ProteusClientTest.kt +++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/ProteusClientTest.kt @@ -1,4 +1,4 @@ -/* + /* * Wire * Copyright (C) 2024 Wire Swiss GmbH * diff --git a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt index 8a609a1e420..1e007c05b53 100644 --- a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt +++ b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt @@ -17,4 +17,9 @@ */ package com.wire.kalium.cryptography -actual suspend fun coreCryptoCentral(rootDir: String, databaseKey: String): CoreCryptoCentral = TODO("Not yet implemented") +actual suspend fun coreCryptoCentral( + rootDir: String, + databaseKey: String, + allowedCipherSuites: List, + defaultCipherSuite: UShort? +): CoreCryptoCentral = TODO("Not yet implemented") diff --git a/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index a47c5b0bd37..32d073968a9 100644 --- a/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -19,11 +19,19 @@ package com.wire.kalium.cryptography actual open class BaseMLSClientTest actual constructor() { - actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient { + actual suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient { TODO("Not yet implemented") } - actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId):CoreCryptoCentral { + actual suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral { TODO("Not yet implemented") } } diff --git a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt index fe5b4c14f34..e8f67f7377d 100644 --- a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt +++ b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt @@ -22,13 +22,21 @@ import java.nio.file.Files actual open class BaseMLSClientTest { - actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient { - return createCoreCrypto(clientId).mlsClient(clientId) + actual suspend fun createMLSClient( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): MLSClient { + return createCoreCrypto(clientId, allowedCipherSuites, defaultCipherSuite).mlsClient(clientId) } - actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral { + actual suspend fun createCoreCrypto( + clientId: CryptoQualifiedClientId, + allowedCipherSuites: List, + defaultCipherSuite: UShort + ): CoreCryptoCentral { val root = Files.createTempDirectory("mls").toFile() val keyStore = root.resolve("keystore-$clientId") - return coreCryptoCentral(keyStore.absolutePath, "test") + return coreCryptoCentral(keyStore.absolutePath, "test", allowedCipherSuites, defaultCipherSuite) } } diff --git a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt index 5e686e24443..20b5c3f3658 100644 --- a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt +++ b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseProteusClientTest.kt @@ -33,7 +33,7 @@ actual open class BaseProteusClientTest { actual suspend fun createProteusClient(proteusStore: ProteusStoreRef, databaseKey: ProteusDBSecret?): ProteusClient { return databaseKey?.let { - coreCryptoCentral(proteusStore.value, it.value).proteusClient() + coreCryptoCentral(proteusStore.value, it.value, emptyList(), null).proteusClient() } ?: cryptoboxProteusClient(proteusStore.value, testCoroutineScheduler,testCoroutineScheduler) } } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 7cb7a9e16fd..56277f7296b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -37,7 +37,7 @@ pbandk = "0.14.2" turbine = "1.0.0" avs = "9.6.13" jna = "5.14.0" -core-crypto = "1.0.0-rc.55" +core-crypto = "1.0.0-rc.56-hotfix.1" core-crypto-multiplatform = "0.6.0-rc.3-multiplatform-pre1" completeKotlin = "1.1.0" desugar-jdk = "2.0.4" diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt index 1041832636e..e0fb55441ac 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt @@ -28,6 +28,8 @@ import com.wire.kalium.logic.data.legalhold.LegalHoldRequest import com.wire.kalium.logic.data.message.SelfDeletionMapper.toSelfDeletionTimerEntity import com.wire.kalium.logic.data.message.SelfDeletionMapper.toTeamSelfDeleteTimer import com.wire.kalium.logic.data.message.TeamSettingsSelfDeletionStatus +import com.wire.kalium.logic.data.mls.CipherSuite +import com.wire.kalium.logic.data.mls.SupportedCipherSuite import com.wire.kalium.logic.data.user.SupportedProtocol import com.wire.kalium.logic.data.user.toDao import com.wire.kalium.logic.data.user.toModel @@ -44,6 +46,7 @@ import com.wire.kalium.persistence.config.IsFileSharingEnabledEntity import com.wire.kalium.persistence.config.TeamSettingsSelfDeletionStatusEntity import com.wire.kalium.persistence.config.UserConfigStorage import com.wire.kalium.persistence.dao.unread.UserConfigDAO +import com.wire.kalium.persistence.model.SupportedCipherSuiteEntity import com.wire.kalium.util.DateTimeUtil import kotlinx.coroutines.flow.Flow import kotlinx.coroutines.flow.map @@ -83,6 +86,8 @@ interface UserConfigRepository { fun setE2EISettings(setting: E2EISettings): Either fun snoozeE2EINotification(duration: Duration): Either fun setDefaultProtocol(protocol: SupportedProtocol): Either + suspend fun setSupportedCipherSuite(cipherSuite: SupportedCipherSuite): Either + suspend fun getSupportedCipherSuite(): Either fun getDefaultProtocol(): Either suspend fun setSupportedProtocols(protocols: Set): Either suspend fun getSupportedProtocols(): Either> @@ -249,6 +254,25 @@ internal class UserConfigDataSource internal constructor( override fun setDefaultProtocol(protocol: SupportedProtocol): Either = wrapStorageRequest { userConfigStorage.persistDefaultProtocol(protocol.toDao()) } + override suspend fun setSupportedCipherSuite(cipherSuite: SupportedCipherSuite): Either = + SupportedCipherSuiteEntity( + supported = cipherSuite.supported.map { it.tag }, + default = cipherSuite.default.tag + ).let { + wrapStorageRequest { + userConfigDAO.setDefaultCipherSuite(it) + } + } + + override suspend fun getSupportedCipherSuite(): Either = wrapStorageRequest { + userConfigDAO.getDefaultCipherSuite() + }.map { + SupportedCipherSuite( + supported = it.supported.map { tag -> CipherSuite.fromTag(tag) }, + default = CipherSuite.fromTag(it.default) + ) + } + override fun getDefaultProtocol(): Either = wrapStorageRequest { userConfigStorage.defaultProtocol().toModel() } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt index ec53963aa41..b115a3dcd8d 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt @@ -76,11 +76,11 @@ internal class EI2EIClientProviderImpl( selfUser.id.toCrypto() ) val newE2EIClient = it.newAcmeEnrollment( - cryptoQualifiedClientId, - selfUser.name!!, - selfUser.handle!!, - selfUser.teamId?.value, - defaultE2EIExpiry + clientId = cryptoQualifiedClientId, + displayName = selfUser.name!!, + handle = selfUser.handle!!, + teamId = selfUser.teamId?.value, + expiry = defaultE2EIExpiry ) e2EIClient = newE2EIClient Either.Right(newE2EIClient) diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt index e62e82725e2..d41ef34e27d 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt @@ -28,11 +28,13 @@ import com.wire.kalium.cryptography.coreCryptoCentral import com.wire.kalium.logger.KaliumLogLevel import com.wire.kalium.logic.CoreFailure import com.wire.kalium.logic.E2EIFailure +import com.wire.kalium.logic.configuration.UserConfigRepository import com.wire.kalium.logic.data.conversation.ClientId import com.wire.kalium.logic.data.id.CurrentClientIdProvider import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.functional.Either import com.wire.kalium.logic.functional.fold +import com.wire.kalium.logic.functional.getOrElse import com.wire.kalium.logic.functional.left import com.wire.kalium.logic.functional.map import com.wire.kalium.logic.functional.right @@ -48,7 +50,7 @@ import kotlinx.coroutines.sync.withLock import kotlinx.coroutines.withContext interface MLSClientProvider { - fun isMLSClientInitialised(): Boolean + suspend fun isMLSClientInitialised(): Boolean suspend fun getMLSClient(clientId: ClientId? = null): Either @@ -67,6 +69,7 @@ class MLSClientProviderImpl( private val userId: UserId, private val currentClientIdProvider: CurrentClientIdProvider, private val passphraseStorage: PassphraseStorage, + private val userConfigRepository: UserConfigRepository, private val dispatchers: KaliumDispatcher = KaliumDispatcherImpl ) : MLSClientProvider { @@ -76,7 +79,7 @@ class MLSClientProviderImpl( private val mlsClientMutex = Mutex() private val coreCryptoCentralMutex = Mutex() - override fun isMLSClientInitialised() = mlsClient != null + override suspend fun isMLSClientInitialised() = mlsClientMutex.withLock { mlsClient != null } override suspend fun getMLSClient(clientId: ClientId?): Either = mlsClientMutex.withLock { withContext(dispatchers.io) { @@ -127,8 +130,11 @@ class MLSClientProviderImpl( } @Suppress("TooGenericExceptionCaught") - override suspend fun getCoreCrypto(clientId: ClientId?) = coreCryptoCentralMutex.withLock { + override suspend fun getCoreCrypto(clientId: ClientId?): Either = coreCryptoCentralMutex.withLock { withContext(dispatchers.io) { + val (supportedCipherSuite, defaultCipherSuite) = userConfigRepository.getSupportedCipherSuite() + .getOrElse { return@withContext Either.Left(it) } + val currentClientId = clientId ?: currentClientIdProvider().fold({ return@withContext Either.Left(it) }, { it }) val location = "$rootKeyStorePath/${currentClientId.value}".also { @@ -142,7 +148,9 @@ class MLSClientProviderImpl( val cc = try { coreCryptoCentral( rootDir = "$location/$KEYSTORE_NAME", - databaseKey = passphrase + databaseKey = passphrase, + allowedCipherSuites = supportedCipherSuite.map { it.tag.toUShort() }, + defaultCipherSuite = defaultCipherSuite.tag.toUShort() ) } catch (e: Exception) { diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ProteusClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ProteusClientProvider.kt index 013deac601f..f697f679eed 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ProteusClientProvider.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ProteusClientProvider.kt @@ -106,7 +106,9 @@ class ProteusClientProviderImpl( val central = try { coreCryptoCentral( rootDir = rootProteusPath, - databaseKey = SecurityHelperImpl(passphraseStorage).proteusDBSecret(userId).value + databaseKey = SecurityHelperImpl(passphraseStorage).proteusDBSecret(userId).value, + allowedCipherSuites = emptyList(), + defaultCipherSuite = null ) } catch (e: Exception) { diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/Conversation.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/Conversation.kt index 1145d76bd20..afdd57f3832 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/Conversation.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/Conversation.kt @@ -29,6 +29,7 @@ import com.wire.kalium.logic.data.id.PlainId import com.wire.kalium.logic.data.id.TeamId import com.wire.kalium.logic.data.message.MessagePreview import com.wire.kalium.logic.data.message.UnreadEventType +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.OtherUser import com.wire.kalium.logic.data.user.User import com.wire.kalium.logic.data.user.UserId @@ -195,23 +196,6 @@ data class Conversation( enum class VerificationStatus { VERIFIED, NOT_VERIFIED, DEGRADED } enum class LegalHoldStatus { ENABLED, DISABLED, DEGRADED, UNKNOWN } - @Suppress("MagicNumber") - enum class CipherSuite(val tag: Int) { - UNKNOWN(0), - MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519(1), - MLS_128_DHKEMP256_AES128GCM_SHA256_P256(2), - MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519(3), - MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448(4), - MLS_256_DHKEMP521_AES256GCM_SHA512_P521(5), - MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448(6), - MLS_256_DHKEMP384_AES256GCM_SHA384_P384(7), - MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519(61489); - - companion object { - fun fromTag(tag: Int): CipherSuite = values().first { type -> type.tag == tag } - } - } - val supportsUnreadMessageCount get() = type in setOf(Type.ONE_ON_ONE, Type.GROUP) @@ -236,7 +220,7 @@ data class Conversation( "groupState" to groupState.name, "epoch" to "$epoch", "keyingMaterialLastUpdate" to keyingMaterialLastUpdate.toString(), - "cipherSuite" to cipherSuite.name + "cipherSuite" to cipherSuite.toString() ) } @@ -254,7 +238,7 @@ data class Conversation( "groupState" to groupState.name, "epoch" to "$epoch", "keyingMaterialLastUpdate" to keyingMaterialLastUpdate.toString(), - "cipherSuite" to cipherSuite.name + "cipherSuite" to cipherSuite.toString() ) } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapper.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapper.kt index 02ec6f130d0..f09e64fc004 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapper.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapper.kt @@ -19,6 +19,7 @@ package com.wire.kalium.logic.data.conversation import com.wire.kalium.logic.data.id.IdMapper +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.di.MapperProvider import com.wire.kalium.persistence.dao.conversation.ConversationEntity @@ -38,14 +39,14 @@ class ProtocolInfoMapperImpl( Conversation.ProtocolInfo.MLSCapable.GroupState.valueOf(protocolInfo.groupState.name), protocolInfo.epoch, protocolInfo.keyingMaterialLastUpdate, - Conversation.CipherSuite.fromTag(protocolInfo.cipherSuite.cipherSuiteTag) + CipherSuite.fromTag(protocolInfo.cipherSuite.cipherSuiteTag) ) is ConversationEntity.ProtocolInfo.Mixed -> Conversation.ProtocolInfo.Mixed( idMapper.fromGroupIDEntity(protocolInfo.groupId), Conversation.ProtocolInfo.MLSCapable.GroupState.valueOf(protocolInfo.groupState.name), protocolInfo.epoch, protocolInfo.keyingMaterialLastUpdate, - Conversation.CipherSuite.fromTag(protocolInfo.cipherSuite.cipherSuiteTag) + CipherSuite.fromTag(protocolInfo.cipherSuite.cipherSuiteTag) ) } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigMapper.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigMapper.kt index cf6962f16b6..7f3dcc0b7a2 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigMapper.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigMapper.kt @@ -18,6 +18,8 @@ package com.wire.kalium.logic.data.featureConfig +import com.wire.kalium.logic.data.mls.CipherSuite +import com.wire.kalium.logic.data.mls.SupportedCipherSuite import com.wire.kalium.logic.data.user.SupportedProtocol import com.wire.kalium.logic.data.user.toModel import com.wire.kalium.network.api.base.authenticated.featureConfigs.FeatureConfigData @@ -76,14 +78,19 @@ class FeatureConfigMapperImpl : FeatureConfigMapper { override fun fromDTO(data: FeatureConfigData.MLS?): MLSModel = data?.let { MLSModel( - it.config.defaultProtocol.toModel(), - it.config.supportedProtocols.map { it.toModel() }.toSet(), - fromDTO(it.status) + defaultProtocol = it.config.defaultProtocol.toModel(), + supportedProtocols = it.config.supportedProtocols.map { it.toModel() }.toSet(), + status = fromDTO(it.status), + supportedCipherSuite = SupportedCipherSuite( + default = CipherSuite.fromTag(it.config.defaultCipherSuite), + supported = it.config.allowedCipherSuites.map { CipherSuite.fromTag(it) } + ) ) } ?: MLSModel( - SupportedProtocol.PROTEUS, - setOf(SupportedProtocol.PROTEUS), - Status.DISABLED + defaultProtocol = SupportedProtocol.PROTEUS, + supportedCipherSuite = null, + supportedProtocols = setOf(SupportedProtocol.PROTEUS), + status = Status.DISABLED ) @Suppress("MagicNumber") diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigModel.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigModel.kt index f90d4818f8d..6391b7d6378 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigModel.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigModel.kt @@ -18,6 +18,7 @@ package com.wire.kalium.logic.data.featureConfig +import com.wire.kalium.logic.data.mls.SupportedCipherSuite import com.wire.kalium.logic.data.user.SupportedProtocol import com.wire.kalium.util.time.Second import kotlinx.datetime.Instant @@ -78,6 +79,7 @@ data class SelfDeletingMessagesConfigModel( data class MLSModel( val defaultProtocol: SupportedProtocol, val supportedProtocols: Set, + val supportedCipherSuite: SupportedCipherSuite?, val status: Status ) diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt new file mode 100644 index 00000000000..161a24b4f09 --- /dev/null +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt @@ -0,0 +1,98 @@ +/* + * Wire + * Copyright (C) 2024 Wire Swiss GmbH + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see http://www.gnu.org/licenses/. + */ +package com.wire.kalium.logic.data.mls + +data class SupportedCipherSuite( + val supported: List, + val default: CipherSuite +) + +@Suppress("MagicNumber", "ClassName") +sealed class CipherSuite(open val tag: Int) { + data class UNKNOWN(override val tag: Int) : CipherSuite(tag) { + override fun toString(): String { + return "UNKNOWN($tag)".uppercase() + } + } + + data object MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 : CipherSuite(1) { + override fun toString(): String { + return "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519" + } + } + + data object MLS_128_DHKEMP256_AES128GCM_SHA256_P256 : CipherSuite(2) { + override fun toString(): String { + return "MLS_128_DHKEMP256_AES128GCM_SHA256_P256" + } + } + + data object MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 : + CipherSuite(3) { + override fun toString(): String { + return "MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519" + } + } + + data object MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 : CipherSuite(4) { + override fun toString(): String { + return "MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448" + + } + } + + data object MLS_256_DHKEMP521_AES256GCM_SHA512_P521 : CipherSuite(5) { + override fun toString(): String { + return "MLS_256_DHKEMP521_AES256GCM_SHA512_P521" + } + + } + + data object MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 : CipherSuite(6) { + override fun toString(): String { + return "MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448" + } + } + + data object MLS_256_DHKEMP384_AES256GCM_SHA384_P384 : CipherSuite(7) { + override fun toString(): String { + return "MLS_256_DHKEMP384_AES256GCM_SHA384_P384" + } + } + + data object MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519 : + CipherSuite(61489) { + override fun toString(): String { + return "MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519" + } + } + + companion object { + fun fromTag(tag: Int): CipherSuite = when (tag) { + 1 -> MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + 2 -> MLS_128_DHKEMP256_AES128GCM_SHA256_P256 + 3 -> MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 + 4 -> MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 + 5 -> MLS_256_DHKEMP521_AES256GCM_SHA512_P521 + 6 -> MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 + 7 -> MLS_256_DHKEMP384_AES256GCM_SHA384_P384 + 61489 -> MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519 + else -> UNKNOWN(tag) + } + } +} diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt index 170fd799013..448306225fc 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt @@ -629,7 +629,8 @@ class UserSessionScope internal constructor( rootKeyStorePath = rootPathsProvider.rootMLSPath(userId), userId = userId, currentClientIdProvider = clientIdProvider, - passphraseStorage = globalPreferences.passphraseStorage + passphraseStorage = globalPreferences.passphraseStorage, + userConfigRepository = userConfigRepository ) } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/SyncFeatureConfigsUseCase.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/SyncFeatureConfigsUseCase.kt index 3e2dd97ee63..9299f7a54f7 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/SyncFeatureConfigsUseCase.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/SyncFeatureConfigsUseCase.kt @@ -65,7 +65,7 @@ internal class SyncFeatureConfigsUseCaseImpl( // TODO handle other feature flags and after it bump version in [SlowSyncManager.CURRENT_VERSION] guestRoomConfigHandler.handle(it.guestRoomLinkModel) fileSharingConfigHandler.handle(it.fileSharingModel) - mlsConfigHandler.handle(it.mlsModel, duringSlowSync = true) + mlsConfigHandler.handle(it.mlsModel, duringSlowSync = true) it.mlsMigrationModel?.let { mlsMigrationConfigHandler.handle(it, duringSlowSync = true) } classifiedDomainsConfigHandler.handle(it.classifiedDomainsModel) conferenceCallingConfigHandler.handle(it.conferenceCallingModel) diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandler.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandler.kt index 0a11676c1e7..bdf500070ac 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandler.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandler.kt @@ -36,6 +36,7 @@ class MLSConfigHandler( val isMLSSupported = mlsConfig.supportedProtocols.contains(SupportedProtocol.MLS) val previousSupportedProtocols = userConfigRepository.getSupportedProtocols().getOrElse(setOf(SupportedProtocol.PROTEUS)) val supportedProtocolsHasChanged = !previousSupportedProtocols.equals(mlsConfig.supportedProtocols) + val supportedCipherSuite = mlsConfig.supportedCipherSuite return userConfigRepository.setMLSEnabled(mlsEnabled && isMLSSupported) .flatMap { @@ -50,6 +51,10 @@ class MLSConfigHandler( } else { Either.Right(Unit) } + }.flatMap { + supportedCipherSuite?.let { + userConfigRepository.setSupportedCipherSuite(it) + } ?: Either.Right(Unit) } } } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/call/CallRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/call/CallRepositoryTest.kt index a6dcd615729..3a913755b4d 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/call/CallRepositoryTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/call/CallRepositoryTest.kt @@ -47,6 +47,7 @@ import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.data.user.UserRepository import com.wire.kalium.logic.data.user.type.UserType import com.wire.kalium.logic.data.conversation.EpochChangesObserver +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.framework.TestConversation import com.wire.kalium.logic.framework.TestTeam import com.wire.kalium.logic.framework.TestUser @@ -1751,7 +1752,7 @@ class CallRepositoryTest { Conversation.ProtocolInfo.MLSCapable.GroupState.ESTABLISHED, 1UL, Clock.System.now(), - Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val qualifiedClientID = QualifiedClientID( diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapperTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapperTest.kt index 7990f4a50cd..6cca3838a42 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapperTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/conversation/ProtocolInfoMapperTest.kt @@ -19,6 +19,7 @@ package com.wire.kalium.logic.data.conversation import com.wire.kalium.logic.data.id.GroupID +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.persistence.dao.conversation.ConversationEntity import kotlinx.coroutines.test.runTest import kotlinx.datetime.Instant @@ -77,14 +78,14 @@ class ProtocolInfoMapperTest { Conversation.ProtocolInfo.MLSCapable.GroupState.ESTABLISHED, 5UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val CONVERSATION_MLS_PROTOCOL_INFO = Conversation.ProtocolInfo.MLS( GroupID("GROUP_ID"), Conversation.ProtocolInfo.MLSCapable.GroupState.ESTABLISHED, 5UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val CONVERSATION_PROTEUS_PROTOCOL_INFO = Conversation.ProtocolInfo.Proteus diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/event/FeatureConfigMapperTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/event/FeatureConfigMapperTest.kt index 8527290e603..cf0ec4b7582 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/event/FeatureConfigMapperTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/event/FeatureConfigMapperTest.kt @@ -157,7 +157,7 @@ class FeatureConfigMapperTest { MLSConfigDTO( SupportedProtocolDTO.MLS, listOf(SupportedProtocolDTO.MLS), - emptyList(), + listOf(1), 1 ), FeatureFlagStatusDTO.ENABLED ), diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigRepositoryTest.kt index 151b3974181..bc917d12469 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigRepositoryTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigRepositoryTest.kt @@ -75,13 +75,14 @@ class FeatureConfigRepositoryTest { ConfigsStatusModel(Status.ENABLED), ConfigsStatusModel(Status.ENABLED), MLSModel( - SupportedProtocol.PROTEUS, - setOf(SupportedProtocol.PROTEUS), - Status.ENABLED + defaultProtocol = SupportedProtocol.PROTEUS, + supportedProtocols = setOf(SupportedProtocol.PROTEUS), + status = Status.ENABLED, + supportedCipherSuite = null ), E2EIModel( E2EIConfigModel("url", 1000000L), - com.wire.kalium.logic.data.featureConfig.Status.ENABLED + Status.ENABLED ), MLSMigrationModel( Instant.DISTANT_FUTURE, @@ -159,8 +160,8 @@ class FeatureConfigRepositoryTest { MLSConfigDTO( SupportedProtocolDTO.PROTEUS, listOf(SupportedProtocolDTO.PROTEUS), - emptyList(), - 1 + allowedCipherSuites = listOf(1), + defaultCipherSuite = 1 ), FeatureFlagStatusDTO.ENABLED ), FeatureConfigData.E2EI( diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigTest.kt index 1d973832c20..fd3facd35fa 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/featureConfig/FeatureConfigTest.kt @@ -43,7 +43,12 @@ object FeatureConfigTest { secondFactorPasswordChallengeModel: ConfigsStatusModel = ConfigsStatusModel(Status.ENABLED), ssoModel: ConfigsStatusModel = ConfigsStatusModel(Status.ENABLED), validateSAMLEmailsModel: ConfigsStatusModel = ConfigsStatusModel(Status.ENABLED), - mlsModel: MLSModel = MLSModel(SupportedProtocol.PROTEUS, setOf(SupportedProtocol.PROTEUS), Status.ENABLED), + mlsModel: MLSModel = MLSModel( + defaultProtocol = SupportedProtocol.PROTEUS, + supportedProtocols = setOf(SupportedProtocol.PROTEUS), + status = Status.ENABLED, + supportedCipherSuite = null + ), e2EIModel: E2EIModel = E2EIModel(E2EIConfigModel("url", 10000L), Status.ENABLED), mlsMigrationModel: MLSMigrationModel? = MLSMigrationModel( Instant.DISTANT_FUTURE, diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt index 3000c2f847f..c752928e718 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt @@ -177,7 +177,7 @@ class RegisterMLSClientUseCaseTest { fun withIsMLSClientInitialisedReturns(result: Boolean = true) = apply { given(mlsClientProvider) - .function(mlsClientProvider::isMLSClientInitialised) + .suspendFunction(mlsClientProvider::isMLSClientInitialised) .whenInvoked() .thenReturn(result) } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationUseCaseTest.kt index 113ed7757a6..5d51327280b 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationUseCaseTest.kt @@ -28,6 +28,7 @@ import com.wire.kalium.logic.data.conversation.MLSConversationRepository import com.wire.kalium.logic.data.conversation.mls.MLSAdditionResult import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.GroupID +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.featureFlags.FeatureSupport import com.wire.kalium.logic.framework.TestConversation @@ -328,7 +329,7 @@ class JoinExistingMLSConversationUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id1", "domain")) @@ -338,7 +339,7 @@ class JoinExistingMLSConversationUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id2", "domain")) @@ -348,7 +349,7 @@ class JoinExistingMLSConversationUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 0UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id3", "domain")) @@ -358,7 +359,7 @@ class JoinExistingMLSConversationUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 0UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("self", "domain")) @@ -368,7 +369,7 @@ class JoinExistingMLSConversationUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 0UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("one-on-one", "domain")) } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationsUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationsUseCaseTest.kt index cb1660cdd52..b341f0d3e70 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationsUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/JoinExistingMLSConversationsUseCaseTest.kt @@ -28,6 +28,7 @@ import com.wire.kalium.logic.data.conversation.JoinExistingMLSConversationsUseCa import com.wire.kalium.logic.data.conversation.MLSConversationRepository import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.GroupID +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.featureFlags.FeatureSupport import com.wire.kalium.logic.framework.TestConversation import com.wire.kalium.logic.functional.Either @@ -254,7 +255,7 @@ class JoinExistingMLSConversationsUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id1", "domain")) @@ -264,7 +265,7 @@ class JoinExistingMLSConversationsUseCaseTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id2", "domain")) } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/RecoverMLSConversationsUseCaseTests.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/RecoverMLSConversationsUseCaseTests.kt index 7b263c00b87..097bcb88ba0 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/RecoverMLSConversationsUseCaseTests.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/conversation/RecoverMLSConversationsUseCaseTests.kt @@ -26,6 +26,7 @@ import com.wire.kalium.logic.data.conversation.JoinExistingMLSConversationUseCas import com.wire.kalium.logic.data.conversation.MLSConversationRepository import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.GroupID +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.featureFlags.FeatureSupport import com.wire.kalium.logic.framework.TestConversation import com.wire.kalium.logic.functional.Either @@ -264,7 +265,7 @@ class RecoverMLSConversationsUseCaseTests { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id1", "domain")) @@ -274,7 +275,7 @@ class RecoverMLSConversationsUseCaseTests { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, epoch = 1UL, keyingMaterialLastUpdate = DateTimeUtil.currentInstant(), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) ).copy(id = ConversationId("id2", "domain")) } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandlerTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandlerTest.kt index ad8fcc1efb6..f4b8aefae16 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandlerTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/featureConfig/handler/MLSConfigHandlerTest.kt @@ -19,9 +19,12 @@ package com.wire.kalium.logic.feature.featureConfig.handler import com.wire.kalium.logic.data.featureConfig.MLSModel import com.wire.kalium.logic.data.featureConfig.Status +import com.wire.kalium.logic.data.mls.CipherSuite +import com.wire.kalium.logic.data.mls.SupportedCipherSuite import com.wire.kalium.logic.data.user.SupportedProtocol import com.wire.kalium.logic.framework.TestUser import com.wire.kalium.logic.functional.Either +import com.wire.kalium.logic.functional.right import com.wire.kalium.logic.util.arrangement.repository.UserConfigRepositoryArrangement import com.wire.kalium.logic.util.arrangement.repository.UserConfigRepositoryArrangementImpl import com.wire.kalium.logic.util.arrangement.usecase.UpdateSupportedProtocolsAndResolveOneOnOnesArrangement @@ -42,10 +45,12 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.ENABLED, - defaultProtocol = SupportedProtocol.MLS - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + defaultProtocol = SupportedProtocol.MLS + ), duringSlowSync = false + ) verify(arrangement.userConfigRepository) .suspendFunction(arrangement.userConfigRepository::setDefaultProtocol) @@ -62,10 +67,12 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.ENABLED, - defaultProtocol = SupportedProtocol.PROTEUS - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + defaultProtocol = SupportedProtocol.PROTEUS + ), duringSlowSync = false + ) verify(arrangement.userConfigRepository) .suspendFunction(arrangement.userConfigRepository::setDefaultProtocol) @@ -82,10 +89,12 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.DISABLED, - defaultProtocol = SupportedProtocol.MLS - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.DISABLED, + defaultProtocol = SupportedProtocol.MLS + ), duringSlowSync = false + ) verify(arrangement.userConfigRepository) .suspendFunction(arrangement.userConfigRepository::setDefaultProtocol) @@ -103,10 +112,12 @@ class MLSConfigHandlerTest { withUpdateSupportedProtocolsAndResolveOneOnOnesSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.ENABLED, - supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) + ), duringSlowSync = false + ) verify(arrangement.userConfigRepository) .suspendFunction(arrangement.userConfigRepository::setMLSEnabled) @@ -123,9 +134,11 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.DISABLED - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.DISABLED + ), duringSlowSync = false + ) verify(arrangement.userConfigRepository) .suspendFunction(arrangement.userConfigRepository::setMLSEnabled) @@ -143,10 +156,12 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.ENABLED, - supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) - ), duringSlowSync = false) + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) + ), duringSlowSync = false + ) verify(arrangement.updateSupportedProtocolsAndResolveOneOnOnes) .suspendFunction(arrangement.updateSupportedProtocolsAndResolveOneOnOnes::invoke) @@ -164,10 +179,12 @@ class MLSConfigHandlerTest { withSetMLSEnabledSuccessful() } - handler.handle(MLS_CONFIG.copy( - status = Status.ENABLED, - supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) - ), duringSlowSync = true) + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS) + ), duringSlowSync = true + ) verify(arrangement.updateSupportedProtocolsAndResolveOneOnOnes) .suspendFunction(arrangement.updateSupportedProtocolsAndResolveOneOnOnes::invoke) @@ -175,10 +192,46 @@ class MLSConfigHandlerTest { .wasInvoked(exactly = once) } + @Test + fun givenSupportedCipherSuiteIsNotNull_whenHandlling_thenStoreTheSupportedCipherSuite() = runTest { + val (arrangement, handler) = arrange { + withGetSupportedProtocolsReturning(setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS).right()) + withSetMLSEnabledSuccessful() + withSetDefaultProtocolSuccessful() + withSetSupportedProtocolsSuccessful() + withSetSupportedCipherSuite(Unit.right()) + } + + handler.handle( + MLS_CONFIG.copy( + status = Status.ENABLED, + supportedProtocols = setOf(SupportedProtocol.PROTEUS, SupportedProtocol.MLS), + supportedCipherSuite = SupportedCipherSuite( + supported = listOf( + CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519, + CipherSuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384 + ), + default = CipherSuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384 + ) + ), + duringSlowSync = true, + ) + + verify(arrangement.userConfigRepository) + .suspendFunction(arrangement.userConfigRepository::setSupportedCipherSuite) + .with(eq(SupportedCipherSuite( + supported = listOf( + CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519, + CipherSuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384 + ), + default = CipherSuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384 + ))) + .wasInvoked(exactly = once) + } + private class Arrangement(private val block: Arrangement.() -> Unit) : UserConfigRepositoryArrangement by UserConfigRepositoryArrangementImpl(), - UpdateSupportedProtocolsAndResolveOneOnOnesArrangement by UpdateSupportedProtocolsAndResolveOneOnOnesArrangementImpl() - { + UpdateSupportedProtocolsAndResolveOneOnOnesArrangement by UpdateSupportedProtocolsAndResolveOneOnOnesArrangementImpl() { fun arrange() = run { block() this@Arrangement to MLSConfigHandler( @@ -195,7 +248,8 @@ class MLSConfigHandlerTest { val MLS_CONFIG = MLSModel( defaultProtocol = SupportedProtocol.MLS, supportedProtocols = setOf(SupportedProtocol.PROTEUS), - status = Status.ENABLED + status = Status.ENABLED, + supportedCipherSuite = null ) } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/message/MessageSenderTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/message/MessageSenderTest.kt index 0c89deb3fe3..579fa18e2a4 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/message/MessageSenderTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/message/MessageSenderTest.kt @@ -38,6 +38,7 @@ import com.wire.kalium.logic.data.message.MessageSent import com.wire.kalium.logic.data.message.MessageTarget import com.wire.kalium.logic.data.message.RecipientEntry import com.wire.kalium.logic.data.message.SessionEstablisher +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.prekey.UsersWithoutSessions import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.data.user.UserRepository @@ -1286,7 +1287,7 @@ class MessageSenderTest { Conversation.ProtocolInfo.MLSCapable.GroupState.ESTABLISHED, 0UL, Instant.DISTANT_PAST, - Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val MLS_STALE_MESSAGE_FAILURE = NetworkFailure.ServerMiscommunication( KaliumException.InvalidRequestError( diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigratorTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigratorTest.kt index b860f7b2b7b..43d5ac4fd6a 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigratorTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/mlsmigration/MLSMigratorTest.kt @@ -27,6 +27,7 @@ import com.wire.kalium.logic.data.conversation.mls.MLSAdditionResult import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.SelfTeamIdProvider import com.wire.kalium.logic.data.message.SystemMessageInserter +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.data.user.UserRepository import com.wire.kalium.logic.framework.TestConversation @@ -326,14 +327,14 @@ class MLSMigratorTest { Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, 0UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val MLS_PROTOCOL_INFO = Conversation.ProtocolInfo.MLS( TestConversation.GROUP_ID, Conversation.ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, 0UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) } } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/framework/TestConversation.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/framework/TestConversation.kt index f55060e3dc4..a20e7914a45 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/framework/TestConversation.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/framework/TestConversation.kt @@ -26,6 +26,7 @@ import com.wire.kalium.logic.data.conversation.MutedConversationStatus import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.GroupID import com.wire.kalium.logic.data.id.toApi +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.network.api.base.authenticated.conversation.ConvProtocol import com.wire.kalium.network.api.base.authenticated.conversation.ConversationMemberAddedResponse @@ -343,7 +344,7 @@ object TestConversation { ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, 0UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val PROTEUS_PROTOCOL_INFO = ProtocolInfo.Proteus @@ -353,7 +354,7 @@ object TestConversation { ProtocolInfo.MLSCapable.GroupState.PENDING_JOIN, 0UL, Instant.parse("2021-03-30T15:36:00.000Z"), - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 + cipherSuite = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 ) val CONVERSATION = Conversation( diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/repository/UserConfigRepositoryArrangement.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/repository/UserConfigRepositoryArrangement.kt index 093e64a9031..2e6cbe9d9c8 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/repository/UserConfigRepositoryArrangement.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/repository/UserConfigRepositoryArrangement.kt @@ -17,7 +17,6 @@ */ package com.wire.kalium.logic.util.arrangement.repository -import com.wire.kalium.logic.CoreFailure import com.wire.kalium.logic.StorageFailure import com.wire.kalium.logic.configuration.UserConfigRepository import com.wire.kalium.logic.data.featureConfig.MLSMigrationModel @@ -37,6 +36,7 @@ internal interface UserConfigRepositoryArrangement { fun withSetMLSEnabledSuccessful() fun withSetMigrationConfigurationSuccessful() fun withGetMigrationConfigurationReturning(result: Either) + fun withSetSupportedCipherSuite(result: Either) } internal class UserConfigRepositoryArrangementImpl : UserConfigRepositoryArrangement { @@ -84,4 +84,11 @@ internal class UserConfigRepositoryArrangementImpl : UserConfigRepositoryArrange .whenInvoked() .thenReturn(result) } + + override fun withSetSupportedCipherSuite(result: Either) { + given(userConfigRepository) + .suspendFunction(userConfigRepository::setSupportedCipherSuite) + .whenInvokedWith(any()) + .thenReturn(result) + } } diff --git a/logic/src/jvmTest/kotlin/com/wire/kalium/logic/feature/scenario/OnCloseCallTest.kt b/logic/src/jvmTest/kotlin/com/wire/kalium/logic/feature/scenario/OnCloseCallTest.kt index 358dc3ddeef..9904e2b1a23 100644 --- a/logic/src/jvmTest/kotlin/com/wire/kalium/logic/feature/scenario/OnCloseCallTest.kt +++ b/logic/src/jvmTest/kotlin/com/wire/kalium/logic/feature/scenario/OnCloseCallTest.kt @@ -27,6 +27,7 @@ import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.GroupID import com.wire.kalium.logic.data.id.QualifiedIdMapperImpl import com.wire.kalium.logic.data.call.CallStatus +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.feature.call.scenario.OnCloseCall import com.wire.kalium.logic.framework.TestUser import io.mockative.Mock @@ -255,7 +256,7 @@ class OnCloseCallTest { groupState = Conversation.ProtocolInfo.MLSCapable.GroupState.ESTABLISHED, epoch = ULong.MAX_VALUE, keyingMaterialLastUpdate = Instant.DISTANT_FUTURE, - cipherSuite = Conversation.CipherSuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256 + cipherSuite = CipherSuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256 ) ) diff --git a/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt b/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt index 0b9671ba6bc..ede3482c411 100644 --- a/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt +++ b/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt @@ -26,6 +26,7 @@ import com.wire.kalium.persistence.config.MLSMigrationEntity import com.wire.kalium.persistence.config.TeamSettingsSelfDeletionStatusEntity import com.wire.kalium.persistence.dao.MetadataDAO import com.wire.kalium.persistence.dao.SupportedProtocolEntity +import com.wire.kalium.persistence.model.SupportedCipherSuiteEntity import kotlinx.coroutines.flow.Flow import kotlinx.coroutines.flow.map import kotlinx.serialization.builtins.SetSerializer @@ -57,6 +58,8 @@ interface UserConfigDAO { suspend fun observeCertificateExpirationTime(url: String): Flow suspend fun setShouldNotifyForRevokedCertificate(shouldNotify: Boolean) suspend fun observeShouldNotifyForRevokedCertificate(): Flow + suspend fun setDefaultCipherSuite(cipherSuite: SupportedCipherSuiteEntity) + suspend fun getDefaultCipherSuite(): SupportedCipherSuiteEntity? } @Suppress("TooManyFunctions") @@ -176,7 +179,15 @@ internal class UserConfigDAOImpl internal constructor( override suspend fun observeShouldNotifyForRevokedCertificate(): Flow = metadataDAO.valueByKeyFlow(SHOULD_NOTIFY_FOR_REVOKED_CERTIFICATE).map { it?.toBoolean() } + override suspend fun setDefaultCipherSuite(cipherSuite: SupportedCipherSuiteEntity) { + metadataDAO.putSerializable(DEFAULT_CIPHER_SUITE_KEY, cipherSuite, SupportedCipherSuiteEntity.serializer()) + } + + override suspend fun getDefaultCipherSuite(): SupportedCipherSuiteEntity? = + metadataDAO.getSerializable(DEFAULT_CIPHER_SUITE_KEY, SupportedCipherSuiteEntity.serializer()) + private companion object { + private const val DEFAULT_CIPHER_SUITE_KEY = "DEFAULT_CIPHER_SUITE" private const val SELF_DELETING_MESSAGES_KEY = "SELF_DELETING_MESSAGES" private const val SHOULD_NOTIFY_FOR_REVOKED_CERTIFICATE = "should_notify_for_revoked_certificate" private const val MLS_MIGRATION_KEY = "MLS_MIGRATION" diff --git a/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/model/SupportedCipherSuiteEntity.kt b/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/model/SupportedCipherSuiteEntity.kt new file mode 100644 index 00000000000..829c4c0b745 --- /dev/null +++ b/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/model/SupportedCipherSuiteEntity.kt @@ -0,0 +1,29 @@ +/* + * Wire + * Copyright (C) 2024 Wire Swiss GmbH + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see http://www.gnu.org/licenses/. + */ +package com.wire.kalium.persistence.model + +import kotlinx.serialization.SerialName +import kotlinx.serialization.Serializable + +@Serializable +data class SupportedCipherSuiteEntity( + @SerialName("supported") + val supported: List, + @SerialName("default") + val default: Int +) From 00d9937da6488f4b1b6ee873a906dc7614b73324 Mon Sep 17 00:00:00 2001 From: Mohamad Jaara Date: Thu, 2 May 2024 10:04:17 +0200 Subject: [PATCH 2/2] =?UTF-8?q?feat:=20pass=20the=20MLS=20public=20key=20s?= =?UTF-8?q?ignature=20algorithm=20when=20updating=20MLS=20p=E2=80=A6=20(#2?= =?UTF-8?q?720)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: support new MLS cipher suite * feat: pass the MLS public key signature algorithm when updating MLS public keys * fix test * detekt * fix tests * fix tests * fix tests * fix create conversation dead lock * fix test * fix * fix TODO * fix * detekt --- .../cryptography/CoreCryptoCentralImpl.kt | 10 +++++-- .../wire/kalium/cryptography/MLSClientImpl.kt | 7 +++-- .../MLSClientImpl.kt | 4 +-- .../com/wire/kalium/cryptography/MLSClient.kt | 3 +- .../wire/kalium/cryptography/MLSClientTest.kt | 3 +- .../wire/kalium/cryptography/MLSClientImpl.kt | 2 +- .../logic/data/client/ClientRepository.kt | 16 ++++++++-- .../client/remote/ClientRemoteRepository.kt | 29 ++++++++++++++----- .../wire/kalium/logic/data/mls/CipherSuite.kt | 16 ++++++++++ .../client/RegisterMLSClientUseCase.kt | 10 +++++-- .../logic/data/client/ClientRepositoryTest.kt | 4 ++- .../client/RegisterMLSClientUseCaseTest.kt | 11 +++---- .../authenticated/client/ClientRequest.kt | 8 +++++ 13 files changed, 93 insertions(+), 30 deletions(-) diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt index 259c4e54dc5..3516966da67 100644 --- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt +++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/CoreCryptoCentralImpl.kt @@ -34,7 +34,7 @@ actual suspend fun coreCryptoCentral( NSFileManager.defaultManager.createDirectoryAtPath(rootDir, withIntermediateDirectories = true, null, null) val coreCrypto = CoreCrypto.deferredInit(path, databaseKey, null) coreCrypto.setCallbacks(Callbacks()) - return CoreCryptoCentralImpl(coreCrypto, rootDir) + return CoreCryptoCentralImpl(coreCrypto, rootDir, defaultCipherSuite) } private class Callbacks : CoreCryptoCallbacks { @@ -59,11 +59,15 @@ private class Callbacks : CoreCryptoCallbacks { } } -class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral { +class CoreCryptoCentralImpl( + private val cc: CoreCrypto, + private val rootDir: String, + private val defaultCipherSuite: UShort? +) : CoreCryptoCentral { override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient { cc.mlsInit(MLSClientImpl.toUByteList(clientId.toString())) - return MLSClientImpl(cc) + return MLSClientImpl(cc, defaultCipherSuite = defaultCipherSuite!!) } override suspend fun mlsClient( diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt index bd7e5ed3f46..248524ed8cc 100644 --- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt +++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt @@ -38,7 +38,8 @@ import kotlin.time.toDuration @Suppress("TooManyFunctions") @OptIn(ExperimentalUnsignedTypes::class) class MLSClientImpl( - private val coreCrypto: CoreCrypto + private val coreCrypto: CoreCrypto, + private val defaultCipherSuite: UShort ) : MLSClient { private val keyRotationDuration: Duration = 30.toDuration(DurationUnit.DAYS) @@ -48,8 +49,8 @@ class MLSClientImpl( override suspend fun close() { } - override suspend fun getPublicKey(): ByteArray { - return coreCrypto.clientPublicKey().toUByteArray().asByteArray() + override suspend fun getPublicKey(): Pair { + return coreCrypto.clientPublicKey().toUByteArray().asByteArray() to defaultCipherSuite } override suspend fun generateKeyPackages(amount: Int): List { diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt index 0bfa6b1dada..0586fa3a60f 100644 --- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt +++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt @@ -51,8 +51,8 @@ class MLSClientImpl( coreCrypto.close() } - override suspend fun getPublicKey(): ByteArray { - return coreCrypto.clientPublicKey(defaultCipherSuite, toCredentialType(getMLSCredentials())) + override suspend fun getPublicKey(): Pair { + return coreCrypto.clientPublicKey(defaultCipherSuite, toCredentialType(getMLSCredentials())) to defaultCipherSuite } override suspend fun generateKeyPackages(amount: Int): List { diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt index 72e172f8e29..6698ad01e03 100644 --- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt +++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt @@ -165,8 +165,9 @@ interface MLSClient { * Public key of the client's identity. * * @return public key of the client + * @return ciphersuite used for the public key */ - suspend fun getPublicKey(): ByteArray + suspend fun getPublicKey(): Pair /** * Generate a fresh set of key packages. diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt index 861007a7609..1c7dbddf330 100644 --- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt +++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/MLSClientTest.kt @@ -39,7 +39,7 @@ class MLSClientTest : BaseMLSClientTest() { @Test fun givenClient_whenCallingGetPublicKey_ReturnNonEmptyResult() = runTest { val mlsClient = createClient(ALICE1) - assertTrue(mlsClient.getPublicKey().isNotEmpty()) + assertTrue(mlsClient.getPublicKey().first.isNotEmpty()) } @Test @@ -209,5 +209,4 @@ class MLSClientTest : BaseMLSClientTest() { "Carol" ) } - } diff --git a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt index e275a01350c..f2267bbe925 100644 --- a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt +++ b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt @@ -26,7 +26,7 @@ class MLSClientImpl : MLSClient { TODO("Not yet implemented") } - override suspend fun getPublicKey(): ByteArray { + override suspend fun getPublicKey(): Pair { TODO("Not yet implemented") } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ClientRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ClientRepository.kt index 17ba54523e0..47fae3cef3e 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ClientRepository.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/ClientRepository.kt @@ -28,6 +28,7 @@ import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.toApi import com.wire.kalium.logic.data.id.toDao import com.wire.kalium.logic.data.id.toModel +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.di.MapperProvider import com.wire.kalium.logic.functional.Either @@ -52,7 +53,12 @@ import kotlinx.coroutines.flow.map @Suppress("TooManyFunctions") interface ClientRepository { suspend fun registerClient(param: RegisterClientParam): Either - suspend fun registerMLSClient(clientId: ClientId, publicKey: ByteArray): Either + suspend fun registerMLSClient( + clientId: ClientId, + publicKey: ByteArray, + cipherSuite: CipherSuite + ): Either + suspend fun hasRegisteredMLSClient(): Either suspend fun persistClientId(clientId: ClientId): Either @@ -204,8 +210,12 @@ class ClientDataSource( .map { it?.let { clientMapper.fromClientEntity(it) } } .wrapStorageRequest() - override suspend fun registerMLSClient(clientId: ClientId, publicKey: ByteArray): Either = - clientRemoteRepository.registerMLSClient(clientId, publicKey.encodeBase64()) + override suspend fun registerMLSClient( + clientId: ClientId, + publicKey: ByteArray, + cipherSuite: CipherSuite + ): Either = + clientRemoteRepository.registerMLSClient(clientId, publicKey.encodeBase64(), cipherSuite) .flatMap { wrapStorageRequest { clientRegistrationStorage.setHasRegisteredMLSClient() diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/remote/ClientRemoteRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/remote/ClientRemoteRepository.kt index f22e32d3d59..0aa9a688928 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/remote/ClientRemoteRepository.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/remote/ClientRemoteRepository.kt @@ -26,28 +26,37 @@ import com.wire.kalium.logic.data.client.DeleteClientParam import com.wire.kalium.logic.data.client.RegisterClientParam import com.wire.kalium.logic.data.client.UpdateClientCapabilitiesParam import com.wire.kalium.logic.data.conversation.ClientId -import com.wire.kalium.logic.data.id.IdMapper +import com.wire.kalium.logic.data.id.toApi +import com.wire.kalium.logic.data.mls.CipherSuite +import com.wire.kalium.logic.data.mls.signatureAlgorithm import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.di.MapperProvider import com.wire.kalium.logic.functional.Either +import com.wire.kalium.logic.functional.left import com.wire.kalium.logic.functional.map import com.wire.kalium.logic.wrapApiRequest import com.wire.kalium.network.api.base.authenticated.client.ClientApi -import com.wire.kalium.network.api.base.authenticated.client.MLSPublicKeyTypeDTO import com.wire.kalium.network.api.base.authenticated.client.SimpleClientResponse import com.wire.kalium.network.api.base.authenticated.client.UpdateClientMlsPublicKeysRequest import com.wire.kalium.network.api.base.model.PushTokenBody +import com.wire.kalium.network.exceptions.KaliumException import com.wire.kalium.network.api.base.model.UserId as UserIdDTO interface ClientRemoteRepository { suspend fun registerClient(param: RegisterClientParam): Either - suspend fun registerMLSClient(clientId: ClientId, publicKey: String): Either + suspend fun registerMLSClient( + clientId: ClientId, + publicKey: String, + cipherSuite: CipherSuite + ): Either + suspend fun deleteClient(param: DeleteClientParam): Either suspend fun registerToken(body: PushTokenBody): Either suspend fun deregisterToken(pid: String): Either suspend fun fetchOtherUserClients( userIdList: List ): Either>> + suspend fun updateClientCapabilities( updateClientCapabilitiesParam: UpdateClientCapabilitiesParam, clientID: String @@ -58,20 +67,26 @@ class ClientRemoteDataSource( private val clientApi: ClientApi, private val clientConfig: ClientConfig, private val clientMapper: ClientMapper = MapperProvider.clientMapper(), - private val idMapper: IdMapper = MapperProvider.idMapper() ) : ClientRemoteRepository { override suspend fun registerClient(param: RegisterClientParam): Either = wrapApiRequest { clientApi.registerClient(clientMapper.toRegisterClientRequest(clientConfig, param)) } .map { clientResponse -> clientMapper.fromClientDto(clientResponse) } - override suspend fun registerMLSClient(clientId: ClientId, publicKey: String): Either = + override suspend fun registerMLSClient( + clientId: ClientId, + publicKey: String, + cipherSuite: CipherSuite + ): Either = cipherSuite.signatureAlgorithm()?.let { signatureAlgorithm -> wrapApiRequest { clientApi.updateClientMlsPublicKeys( - UpdateClientMlsPublicKeysRequest(mapOf(Pair(MLSPublicKeyTypeDTO.ED25519, publicKey))), + UpdateClientMlsPublicKeysRequest( + mapOf(signatureAlgorithm to publicKey), + ), clientId.value ) } + } ?: NetworkFailure.ServerMiscommunication(KaliumException.GenericError(IllegalArgumentException("Unknown cipher suite"))).left() override suspend fun deleteClient(param: DeleteClientParam): Either = wrapApiRequest { clientApi.deleteClient(param.password, param.clientId.value) } @@ -87,7 +102,7 @@ class ClientRemoteDataSource( override suspend fun fetchOtherUserClients( userIdList: List ): Either>> { - val networkUserId = userIdList.map { idMapper.toNetworkUserId(it) } + val networkUserId = userIdList.map { it.toApi() } return wrapApiRequest { clientApi.listClientsOfUsers(networkUserId) } } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt index 161a24b4f09..530e0494020 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/mls/CipherSuite.kt @@ -17,6 +17,8 @@ */ package com.wire.kalium.logic.data.mls +import com.wire.kalium.network.api.base.authenticated.client.MLSPublicKeyTypeDTO + data class SupportedCipherSuite( val supported: List, val default: CipherSuite @@ -94,5 +96,19 @@ sealed class CipherSuite(open val tag: Int) { 61489 -> MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519 else -> UNKNOWN(tag) } + + fun fromTag(tag: UShort) = fromTag(tag.toInt()) } } + +fun CipherSuite.signatureAlgorithm(): MLSPublicKeyTypeDTO? = when (this) { + CipherSuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256 -> MLSPublicKeyTypeDTO.P256 + CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 -> MLSPublicKeyTypeDTO.ED25519 + CipherSuite.MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 -> MLSPublicKeyTypeDTO.ED25519 + CipherSuite.MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_ED25519 -> MLSPublicKeyTypeDTO.ED25519 + CipherSuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384 -> MLSPublicKeyTypeDTO.P384 + CipherSuite.MLS_256_DHKEMP521_AES256GCM_SHA512_P521 -> MLSPublicKeyTypeDTO.P521 + CipherSuite.MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 -> MLSPublicKeyTypeDTO.ED448 + CipherSuite.MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 -> MLSPublicKeyTypeDTO.ED448 + is CipherSuite.UNKNOWN -> null +} diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCase.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCase.kt index fddf36cb836..27043e05357 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCase.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCase.kt @@ -25,10 +25,12 @@ import com.wire.kalium.logic.data.client.MLSClientProvider import com.wire.kalium.logic.data.conversation.ClientId import com.wire.kalium.logic.data.keypackage.KeyPackageLimitsProvider import com.wire.kalium.logic.data.keypackage.KeyPackageRepository +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.functional.Either import com.wire.kalium.logic.functional.flatMap import com.wire.kalium.logic.functional.onFailure import com.wire.kalium.logic.functional.right +import com.wire.kalium.logic.wrapMLSRequest sealed class RegisterMLSClientResult { data object Success : RegisterMLSClientResult() @@ -60,8 +62,12 @@ internal class RegisterMLSClientUseCaseImpl( } }.onFailure { mlsClientProvider.getMLSClient(clientId) - }.flatMap { - clientRepository.registerMLSClient(clientId, it.getPublicKey()) + }.flatMap { mlsClient -> + wrapMLSRequest { + mlsClient.getPublicKey() + } + }.flatMap { (publicKey, cipherSuite) -> + clientRepository.registerMLSClient(clientId, publicKey, CipherSuite.fromTag(cipherSuite)) }.flatMap { keyPackageRepository.uploadNewKeyPackages(clientId, keyPackageLimitsProvider.refillAmount()) Either.Right(RegisterMLSClientResult.Success) diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/client/ClientRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/client/ClientRepositoryTest.kt index 816209ffbf0..c4ac11ab231 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/client/ClientRepositoryTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/client/ClientRepositoryTest.kt @@ -28,6 +28,7 @@ import com.wire.kalium.logic.data.id.ConversationId import com.wire.kalium.logic.data.id.PlainId import com.wire.kalium.logic.data.id.toDao import com.wire.kalium.logic.data.id.toModel +import com.wire.kalium.logic.data.mls.CipherSuite import com.wire.kalium.logic.data.user.UserId import com.wire.kalium.logic.di.MapperProvider import com.wire.kalium.logic.framework.TestClient @@ -85,7 +86,7 @@ class ClientRepositoryTest { .withRegisterMLSClient(Either.Right(Unit)) .arrange() - clientRepository.registerMLSClient(CLIENT_ID, MLS_PUBLIC_KEY) + clientRepository.registerMLSClient(CLIENT_ID, MLS_PUBLIC_KEY, MLS_CIPHER_SUITE) verify(arrangement.clientRemoteRepository) .suspendFunction(arrangement.clientRemoteRepository::registerMLSClient) @@ -477,6 +478,7 @@ class ClientRepositoryTest { secondFactorVerificationCode = SECOND_FACTOR_CODE, ) val MLS_PUBLIC_KEY = "public_key".encodeToByteArray() + val MLS_CIPHER_SUITE = CipherSuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 val CLIENT_ID = TestClient.CLIENT_ID val CLIENT_RESULT = TestClient.CLIENT val TEST_FAILURE = NetworkFailure.ServerMiscommunication( diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt index c752928e718..d06c1b8eab0 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt @@ -55,7 +55,7 @@ class RegisterMLSClientUseCaseTest { .withIsMLSClientInitialisedReturns() .withMLSClientE2EIIsEnabledReturns(e2eiIsEnrolled) .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) - .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) + .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY, Arrangement.MLS_CIPHER_SUITE) .withRegisterMLSClient(Either.Right(Unit)) .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) .withUploadKeyPackagesSuccessful() @@ -88,7 +88,7 @@ class RegisterMLSClientUseCaseTest { .withIsMLSClientInitialisedReturns(false) .withMLSClientE2EIIsEnabledReturns(e2eiIsEnrolled) .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) - .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) + .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY, Arrangement.MLS_CIPHER_SUITE) .withRegisterMLSClient(Either.Right(Unit)) .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) .withUploadKeyPackagesSuccessful() @@ -119,7 +119,7 @@ class RegisterMLSClientUseCaseTest { val (arrangement, registerMLSClient) = Arrangement() .withGetMLSClientSuccessful() .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) - .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) + .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY, Arrangement.MLS_CIPHER_SUITE) .withRegisterMLSClient(Either.Right(Unit)) .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) .withUploadKeyPackagesSuccessful() @@ -201,11 +201,11 @@ class RegisterMLSClientUseCaseTest { .thenReturn(Either.Right(Unit)) } - fun withGetPublicKey(result: ByteArray) = apply { + fun withGetPublicKey(publicKey: ByteArray, cipherSuite: UShort) = apply { given(mlsClient) .suspendFunction(mlsClient::getPublicKey) .whenInvoked() - .thenReturn(result) + .thenReturn(publicKey to cipherSuite) } fun withGetMLSClientSuccessful() = apply { @@ -225,6 +225,7 @@ class RegisterMLSClientUseCaseTest { companion object { val MLS_PUBLIC_KEY = "public_key".encodeToByteArray() + val MLS_CIPHER_SUITE = 0.toUShort() const val REFILL_AMOUNT = 100 val RANDOM_URL = "https://random.rn" val E2EI_TEAM_SETTINGS = E2EISettings( diff --git a/network/src/commonMain/kotlin/com/wire/kalium/network/api/base/authenticated/client/ClientRequest.kt b/network/src/commonMain/kotlin/com/wire/kalium/network/api/base/authenticated/client/ClientRequest.kt index c04d436e503..ce9219916e6 100644 --- a/network/src/commonMain/kotlin/com/wire/kalium/network/api/base/authenticated/client/ClientRequest.kt +++ b/network/src/commonMain/kotlin/com/wire/kalium/network/api/base/authenticated/client/ClientRequest.kt @@ -118,6 +118,14 @@ data class UpdateClientCapabilitiesRequest( @Serializable enum class MLSPublicKeyTypeDTO { + @SerialName("p256") + P256, + @SerialName("p384") + P384, + @SerialName("p521") + P521, + @SerialName("ed448") + ED448, @SerialName("ed25519") ED25519; }