Update to Latest OpenMLS (#596)

* Update xmtp/openmls to latest

* Intermediate Commit with TLS Naming Fixes

* Resolve errors in identity.rs

* Update to New BasicCredential API

* Standardize Errors Passed

* Use StagedWelcome + Other Fixes

* Remove use of `.map_err` where appropriate

* fix: fixes error handling

* fix: fixes imports formatting

* Cleanup StagedWelcome

* Update aggregate_member_list() .filter_map

* Create basic credentials directly

* One more case of Credential::new()

* One more

* Fix legacy credential

* Lint

* One last lint

---------

Co-authored-by: tuddman <tuddman@users.noreply.github.com>
Co-authored-by: Nicholas Molnar <65710+neekolas@users.noreply.github.com>

Author: 3 people

Cargo.lock

@@ -24,17 +24,17 @@ resolver = "2"
 
 [workspace.dependencies]
 async-trait = "0.1.77"
+chrono = "0.4"
 ethers = "2.0.11"
 ethers-core = "2.0.4"
 futures = "0.3.30"
 futures-core = "0.3.30"
 hex = "0.4.3"
 log = "0.4"
-tracing = "0.1"
-openmls = { git = "https://github.com/xmtp/openmls", rev = "0da7dcb" }
-openmls_basic_credential = { git = "https://github.com/xmtp/openmls", rev = "0da7dcb" }
-openmls_rust_crypto = { git = "https://github.com/xmtp/openmls", rev = "0da7dcb" }
-openmls_traits = { git = "https://github.com/xmtp/openmls", rev = "0da7dcb" }
+openmls = { git = "https://github.com/xmtp/openmls", rev = "4eee1fc" }
+openmls_basic_credential = { git = "https://github.com/xmtp/openmls", rev = "4eee1fc" }
+openmls_rust_crypto = { git = "https://github.com/xmtp/openmls", rev = "4eee1fc" }
+openmls_traits = { git = "https://github.com/xmtp/openmls", rev = "4eee1fc" }
 prost = "^0.12"
 prost-types = "^0.12"
 rand = "0.8.5"
@@ -44,7 +44,7 @@ thiserror = "1.0"
 tls_codec = "0.4.0"
 tokio = { version = "1.35.1", features = ["macros"] }
 tonic = "^0.11"
-chrono = "0.4"
+tracing = "0.1"
 
 # Internal Crate Dependencies
 xmtp_cryptography = { path = "xmtp_cryptography" }

Cargo.toml

@@ -1,4 +1,7 @@
-use openmls::prelude::{MlsMessageIn, ProtocolMessage, TlsDeserializeTrait};
+use openmls::{
+    credentials::BasicCredential,
+    prelude::{tls_codec::Deserialize, MlsMessageIn, ProtocolMessage},
+};
 use openmls_rust_crypto::RustCrypto;
 use tonic::{Request, Response, Status};
 
@@ -85,10 +88,12 @@ struct ValidateGroupMessageResult {
 }
 
 fn validate_group_message(message: Vec<u8>) -> Result<ValidateGroupMessageResult, String> {
-    let msg_result = MlsMessageIn::tls_deserialize(&mut message.as_slice())
-        .map_err(|_| "failed to decode".to_string())?;
+    let msg_result =
+        MlsMessageIn::tls_deserialize(&mut message.as_slice()).map_err(|e| e.to_string())?;
 
-    let protocol_message: ProtocolMessage = msg_result.into();
+    let protocol_message: ProtocolMessage = msg_result
+        .try_into_protocol_message()
+        .map_err(|e| e.to_string())?;
 
     Ok(ValidateGroupMessageResult {
         group_id: serialize_group_id(protocol_message.group_id().as_slice()),
@@ -108,15 +113,14 @@ fn validate_key_package(key_package_bytes: Vec<u8>) -> Result<ValidateKeyPackage
         VerifiedKeyPackage::from_bytes(&rust_crypto, key_package_bytes.as_slice())
             .map_err(|e| e.to_string())?;
 
+    let credential = verified_key_package.inner.leaf_node().credential();
+
+    let basic_credential = BasicCredential::try_from(credential).map_err(|e| e.to_string())?;
+
     Ok(ValidateKeyPackageResult {
         installation_id: verified_key_package.installation_id(),
         account_address: verified_key_package.account_address,
-        credential_identity_bytes: verified_key_package
-            .inner
-            .leaf_node()
-            .credential()
-            .identity()
-            .to_vec(),
+        credential_identity_bytes: basic_credential.identity().to_vec(),
         expiration: verified_key_package.inner.life_time().not_after(),
     })
 }
@@ -127,8 +131,8 @@ mod tests {
     use openmls::{
         extensions::{ApplicationIdExtension, Extension, Extensions},
         prelude::{
-            Ciphersuite, Credential as OpenMlsCredential, CredentialType, CredentialWithKey,
-            CryptoConfig, TlsSerializeTrait,
+            tls_codec::Serialize, Ciphersuite, Credential as OpenMlsCredential, CredentialWithKey,
+            CryptoConfig,
         },
         prelude_test::KeyPackage,
         versions::ProtocolVersion,
@@ -192,7 +196,7 @@ mod tests {
     async fn test_validate_key_packages_happy_path() {
         let (identity, keypair, account_address) = generate_identity();
 
-        let credential = OpenMlsCredential::new(identity, CredentialType::Basic).unwrap();
+        let credential: OpenMlsCredential = BasicCredential::new(identity).unwrap().into();
         let credential_with_key = CredentialWithKey {
             credential,
             signature_key: keypair.to_public_vec().into(),
@@ -222,7 +226,7 @@ mod tests {
         let (identity, keypair, account_address) = generate_identity();
         let (_, other_keypair, _) = generate_identity();
 
-        let credential = OpenMlsCredential::new(identity, CredentialType::Basic).unwrap();
+        let credential: OpenMlsCredential = BasicCredential::new(identity).unwrap().into();
         let credential_with_key = CredentialWithKey {
             credential,
             // Use the wrong signature key to make the validation fail

bindings_ffi/Cargo.lock

@@ -1,15 +1,15 @@
 use std::{collections::HashSet, mem::Discriminant};
 
 use openmls::{
-    framing::{MlsMessageIn, MlsMessageInBody},
+    credentials::errors::BasicCredentialError,
+    framing::{MlsMessageBodyIn, MlsMessageIn},
     group::GroupEpoch,
     messages::Welcome,
-    prelude::TlsSerializeTrait,
+    prelude::tls_codec::{Deserialize, Error as TlsCodecError, Serialize},
 };
 use openmls_traits::OpenMlsProvider;
 use prost::EncodeError;
 use thiserror::Error;
-use tls_codec::{Deserialize, Error as TlsSerializationError};
 
 use xmtp_proto::{
     api_client::XmtpMlsClient,
@@ -62,8 +62,8 @@ pub enum ClientError {
     QueryError(#[from] xmtp_proto::api_client::Error),
     #[error("identity error: {0}")]
     Identity(#[from] crate::identity::IdentityError),
-    #[error("serialization error: {0}")]
-    Serialization(#[from] TlsSerializationError),
+    #[error("TLS Codec error: {0}")]
+    TlsError(#[from] TlsCodecError),
     #[error("key package verification: {0}")]
     KeyPackageVerification(#[from] KeyPackageVerificationError),
     #[error("syncing errors: {0:?}")]
@@ -105,10 +105,10 @@ pub enum MessageProcessingError {
     Intent(#[from] IntentError),
     #[error("storage error: {0}")]
     Storage(#[from] crate::storage::StorageError),
-    #[error("tls deserialization: {0}")]
-    TlsDeserialization(#[from] tls_codec::Error),
+    #[error("TLS Codec error: {0}")]
+    TlsError(#[from] TlsCodecError),
     #[error("unsupported message type: {0:?}")]
-    UnsupportedMessageType(Discriminant<MlsMessageInBody>),
+    UnsupportedMessageType(Discriminant<MlsMessageBodyIn>),
     #[error("commit validation")]
     CommitValidation(#[from] CommitValidationError),
     #[error("codec")]
@@ -119,6 +119,8 @@ pub enum MessageProcessingError {
     EpochIncrementNotAllowed,
     #[error("Welcome processing error: {0}")]
     WelcomeProcessing(String),
+    #[error("wrong credential type")]
+    WrongCredentialType(#[from] BasicCredentialError),
     #[error("proto decode error: {0}")]
     DecodeError(#[from] prost::DecodeError),
 }
@@ -269,7 +271,6 @@ where
             .identity
             .new_key_package(&self.mls_provider(&connection))?;
         let kp_bytes = kp.tls_serialize_detached()?;
-
         self.api_client.upload_key_package(kp_bytes).await?;
 
         Ok(())
@@ -488,7 +489,7 @@ pub fn deserialize_welcome(welcome_bytes: &Vec<u8>) -> Result<Welcome, ClientErr
     // let welcome_proto = WelcomeMessageProto::decode(&mut welcome_bytes.as_slice())?;
     let welcome = MlsMessageIn::tls_deserialize(&mut welcome_bytes.as_slice())?;
     match welcome.extract() {
-        MlsMessageInBody::Welcome(welcome) => Ok(welcome),
+        MlsMessageBodyIn::Welcome(welcome) => Ok(welcome),
         _ => Err(ClientError::Generic(
             "unexpected message type in welcome".to_string(),
         )),

mls_validation_service/src/handlers.rs

@@ -1,7 +1,9 @@
-use openmls::prelude::MlsMessageOut;
+use openmls::prelude::{
+    tls_codec::{Error as TlsCodecError, Serialize},
+    MlsMessageOut,
+};
 use prost::{DecodeError, Message};
 use thiserror::Error;
-use tls_codec::Serialize;
 
 use xmtp_proto::xmtp::mls::database::{
     add_members_data::{Version as AddMembersVersion, V1 as AddMembersV1},
@@ -28,8 +30,8 @@ pub enum IntentError {
     Decode(#[from] DecodeError),
     #[error("key package verification: {0}")]
     KeyPackageVerification(#[from] KeyPackageVerificationError),
-    #[error("tls codec: {0}")]
-    TlsCodec(#[from] tls_codec::Error),
+    #[error("TLS Codec error: {0}")]
+    TlsError(#[from] TlsCodecError),
     #[error("generic: {0}")]
     Generic(String),
 }