Add commit bundle support (#2688)

* wire-api: Add types and test (wip)

* Add endpoint in galley

* Implement naive PublicGroupState (broken)

* Split into PublicGroupStateTBS and PGS

* Refactor: use deriving via newtype

* Add roundtrip tests

* bump cli

* Add integration test for commit bundles

* Implement federated commit bundle requests

* Test remote commit bundles

* Fix build

* Add CHANGELOG entry

* Extract action from commit for welcome verification

* Change status code from 409 to 400 for some errors

The conflict status code 409 should be used for errors that are caused
by race conditions, such as in cases where the client has an out-of-date
view on the state of the backend.

* Remove redundant error handling

* Implement welcome check for commit bundles

* Test welcome mismatch

* Add new endpoint to charts and demo

Co-authored-by: Paolo Capriotti <[email protected]>

Author: smatting

changelog.d/1-api-changes/FS-922-post-commit-bundle

@@ -0,0 +1 @@
+Add new endpoint `/mls/commit-bundles` for submitting MLS `CommitBundle`s. A `CommitBundle` is a triple consisting of a commit message, an optional welcome message and a public group state.

charts/nginz/values.yaml

@@ -478,6 +478,9 @@ nginx_conf:
     - path: /mls/messages
       envs:
       - all
+    - path: /mls/commit-bundles
+      envs:
+      - all
     - path: /mls/public-keys
       envs:
       - all

deploy/services-demo/conf/nginz/nginx.conf

@@ -425,6 +425,11 @@ http {
       proxy_pass http://galley;
     }
 
+    location /mls/commit-bundles {
+      include common_response_with_zauth.conf;
+      proxy_pass http://galley;
+    }
+
     location /mls/public-keys {
       include common_response_with_zauth.conf;
       proxy_pass http://galley;

libs/wire-api-federation/src/Wire/API/Federation/API/Galley.hs

@@ -69,6 +69,7 @@ type GalleyApi =
     :<|> FedEndpoint "mls-welcome" MLSWelcomeRequest EmptyResponse
     :<|> FedEndpoint "on-mls-message-sent" RemoteMLSMessage EmptyResponse
     :<|> FedEndpoint "send-mls-message" MessageSendRequest MLSMessageResponse
+    :<|> FedEndpoint "send-mls-commit-bundle" MessageSendRequest MLSMessageResponse
     :<|> FedEndpoint "on-client-removed" ClientRemovedRequest EmptyResponse
 
 data ClientRemovedRequest = ClientRemovedRequest

libs/wire-api/src/Wire/API/Error/Galley.hs

@@ -81,6 +81,7 @@ data GalleyError
   | MLSSelfRemovalNotAllowed
   | MLSGroupConversationMismatch
   | MLSClientSenderUserMismatch
+  | MLSWelcomeMismatch
   | --
     NoBindingTeamMembers
   | NoBindingTeam
@@ -192,13 +193,15 @@ type instance MapError 'MLSClientMismatch = 'StaticError 409 "mls-client-mismatc
 
 type instance MapError 'MLSStaleMessage = 'StaticError 409 "mls-stale-message" "The conversation epoch in a message is too old"
 
-type instance MapError 'MLSCommitMissingReferences = 'StaticError 409 "mls-commit-missing-references" "The commit is not referencing all pending proposals"
+type instance MapError 'MLSCommitMissingReferences = 'StaticError 400 "mls-commit-missing-references" "The commit is not referencing all pending proposals"
 
-type instance MapError 'MLSSelfRemovalNotAllowed = 'StaticError 409 "mls-self-removal-not-allowed" "Self removal from group is not allowed"
+type instance MapError 'MLSSelfRemovalNotAllowed = 'StaticError 400 "mls-self-removal-not-allowed" "Self removal from group is not allowed"
 
-type instance MapError 'MLSGroupConversationMismatch = 'StaticError 409 "mls-group-conversation-mismatch" "Conversation ID resolved from Group ID does not match submitted Conversation ID"
+type instance MapError 'MLSGroupConversationMismatch = 'StaticError 400 "mls-group-conversation-mismatch" "Conversation ID resolved from Group ID does not match submitted Conversation ID"
 
-type instance MapError 'MLSClientSenderUserMismatch = 'StaticError 409 "mls-client-sender-user-mismatch" "User ID resolved from Client ID does not match message's sender user ID"
+type instance MapError 'MLSClientSenderUserMismatch = 'StaticError 400 "mls-client-sender-user-mismatch" "User ID resolved from Client ID does not match message's sender user ID"
+
+type instance MapError 'MLSWelcomeMismatch = 'StaticError 400 "mls-welcome-mismatch" "The list of targets of a welcome message does not match the list of new clients in a group"
 
 type instance MapError 'NoBindingTeamMembers = 'StaticError 403 "non-binding-team-members" "Both users must be members of the same binding team"
 

libs/wire-api/src/Wire/API/MLS/CipherSuite.hs

@@ -37,7 +37,7 @@ import Wire.Arbitrary
 
 newtype CipherSuite = CipherSuite {cipherSuiteNumber :: Word16}
   deriving stock (Eq, Show)
-  deriving newtype (ParseMLS, Arbitrary)
+  deriving newtype (ParseMLS, SerialiseMLS, Arbitrary)
 
 instance ToSchema CipherSuite where
   schema =

libs/wire-api/src/Wire/API/MLS/Commit.hs

@@ -21,6 +21,7 @@ import Imports
 import Wire.API.MLS.KeyPackage
 import Wire.API.MLS.Proposal
 import Wire.API.MLS.Serialisation
+import Wire.Arbitrary
 
 data Commit = Commit
   { cProposals :: [ProposalOrRef],
@@ -53,7 +54,13 @@ data HPKECiphertext = HPKECiphertext
   { hcOutput :: ByteString,
     hcCiphertext :: ByteString
   }
-  deriving (Eq, Show)
+  deriving (Eq, Show, Generic)
+  deriving (Arbitrary) via (GenericUniform HPKECiphertext)
 
 instance ParseMLS HPKECiphertext where
   parseMLS = HPKECiphertext <$> parseMLSBytes @Word16 <*> parseMLSBytes @Word16
+
+instance SerialiseMLS HPKECiphertext where
+  serialiseMLS (HPKECiphertext out ct) = do
+    serialiseMLSBytes @Word16 out
+    serialiseMLSBytes @Word16 ct

libs/wire-api/src/Wire/API/MLS/CommitBundle.hs

@@ -0,0 +1,45 @@
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <[email protected]>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+{-# LANGUAGE RecordWildCards #-}
+
+module Wire.API.MLS.CommitBundle where
+
+import qualified Data.Swagger as S
+import Imports
+import Wire.API.MLS.GroupInfoBundle
+import Wire.API.MLS.Message
+import Wire.API.MLS.Serialisation
+import Wire.API.MLS.Welcome
+
+data CommitBundle = CommitBundle
+  { cbCommitMsg :: RawMLS (Message 'MLSPlainText),
+    cbWelcome :: Maybe (RawMLS Welcome),
+    cbGroupInfoBundle :: GroupInfoBundle
+  }
+  deriving (Eq, Show)
+
+instance ParseMLS CommitBundle where
+  parseMLS = CommitBundle <$> parseMLS <*> parseMLSOptional parseMLS <*> parseMLS
+
+instance S.ToSchema CommitBundle where
+  declareNamedSchema _ = pure (mlsSwagger "CommitBundle")
+
+instance SerialiseMLS CommitBundle where
+  serialiseMLS (CommitBundle commit welcome gi) = do
+    serialiseMLS commit
+    serialiseMLSOptional serialiseMLS welcome
+    serialiseMLS gi

libs/wire-api/src/Wire/API/MLS/Extension.hs

@@ -52,8 +52,7 @@ import Wire.API.MLS.Serialisation
 import Wire.Arbitrary
 
 newtype ProtocolVersion = ProtocolVersion {pvNumber :: Word8}
-  deriving newtype (Eq, Ord, Show, Binary, Arbitrary)
-  deriving (ParseMLS) via (BinaryMLS ProtocolVersion)
+  deriving newtype (Eq, Ord, Show, Binary, Arbitrary, ParseMLS, SerialiseMLS)
 
 data ProtocolVersionTag = ProtocolMLS10 | ProtocolMLSDraft11
   deriving stock (Bounded, Enum, Eq, Show, Generic)

libs/wire-api/src/Wire/API/MLS/GroupInfoBundle.hs

@@ -0,0 +1,53 @@
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <[email protected]>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module Wire.API.MLS.GroupInfoBundle where
+
+import Imports
+import Test.QuickCheck
+import Wire.API.MLS.PublicGroupState
+import Wire.API.MLS.Serialisation
+import Wire.Arbitrary
+
+data GroupInfoEncryption = UnencryptedGroupInfo | JweEncryptedGroupInfo
+  deriving stock (Eq, Show, Generic, Bounded, Enum)
+  deriving (Arbitrary) via (GenericUniform GroupInfoEncryption)
+
+data GroupInfoTreeType = TreeFull | TreeDelta | TreeByRef
+  deriving stock (Eq, Show, Generic, Bounded, Enum)
+  deriving (Arbitrary) via (GenericUniform GroupInfoTreeType)
+
+data GroupInfoBundle = GroupInfoBundle
+  { gipEncryptionType :: GroupInfoEncryption,
+    gipTreeType :: GroupInfoTreeType,
+    gipGroupState :: PublicGroupState
+  }
+  deriving stock (Eq, Show, Generic)
+  deriving (Arbitrary) via GenericUniform GroupInfoBundle
+
+instance ParseMLS GroupInfoBundle where
+  parseMLS =
+    GroupInfoBundle
+      <$> parseMLSEnum @Word8 "GroupInfoEncryptionEnum"
+      <*> parseMLSEnum @Word8 "RatchetTreeEnum"
+      <*> parseMLS
+
+instance SerialiseMLS GroupInfoBundle where
+  serialiseMLS (GroupInfoBundle e t pgs) = do
+    serialiseMLSEnum @Word8 e
+    serialiseMLSEnum @Word8 t
+    serialiseMLS pgs