Skip to content

Add MLS public keys to clients #2147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Mar 11, 2022
Merged

Add MLS public keys to clients #2147

merged 14 commits into from
Mar 11, 2022

Conversation

pcapriotti
Copy link
Contributor

@pcapriotti pcapriotti commented Feb 21, 2022
edited
Loading

This PR introduces changes to the client API needed to support validation of MLS key packages. See https://wearezeta.atlassian.net/wiki/spaces/CORE/pages/553418860/MLS+implementation+in+wire-server#Changes-to-the-client-API for details.

The client JSON object now has an additional field mls_public_keys, containing an object mapping signature schemes to public keys, e.g.

{
  ...
  "mls_public_keys": { "ed25519": "GY+t1EQu0Zsm0r/zrm6zz9UpjPcAPyT5i8L1iaY3ypM=" }
  ...
}

At the moment, ed25519 is the only supported signature scheme, corresponding to MLS ciphersuite 1.

When creating a new client with POST /clients, the field mls_public_keys can be set, and the corresponding public keys are bound to the device identity on the backend, and will be used to veriy uploaded key packages with a matching signature scheme.

When updating a client with PUT /clients/:client, the field mls_public_keys can also be set, with a similar effect. If a given signature scheme already has a public key set for that device, the request will fail.

Tracked by https://wearezeta.atlassian.net/browse/FS-472.

Checklist

  • The PR Title explains the impact of the change.
  • The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
  • If a cassandra schema migration has been added, I ran make git-add-cassandra-schema to update the cassandra schema documentation.
  • changelog.d contains the following bits of information (details):
    • A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside changelog.d.

@pcapriotti pcapriotti changed the base branch from develop to pcapriotti/mls-key-packages February 21, 2022 14:19
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch 2 times, most recently from 8b02712 to 52010b1 Compare February 22, 2022 14:39
@pcapriotti pcapriotti marked this pull request as ready for review February 22, 2022 14:56
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-key-packages branch from 41b18a8 to 2324fa6 Compare February 22, 2022 15:04
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch from 64b957f to dc85333 Compare February 22, 2022 15:14
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-key-packages branch from 6ae2d14 to 631e529 Compare February 25, 2022 09:20
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch 5 times, most recently from c831726 to 1fa42e8 Compare February 25, 2022 16:02
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-key-packages branch from 8d240f8 to 39c8741 Compare February 28, 2022 10:41
Base automatically changed from pcapriotti/mls-key-packages to develop February 28, 2022 14:13
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch from 1fa42e8 to 4ddc932 Compare February 28, 2022 14:17
@pcapriotti pcapriotti requested a review from mdimjasevic March 1, 2022 12:49
@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch 3 times, most recently from 4873468 to 310f548 Compare March 4, 2022 10:26
mdimjasevic
mdimjasevic approved these changes Mar 8, 2022
View reviewed changes
Copy link
Contributor

@mdimjasevic mdimjasevic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good! A couple of minor comments are inlined.

@pcapriotti
Copy link
Contributor Author

I'm not sure why you prefer the more general type signatures. It makes it tricker to use CPS functions like withMVar, and since we're polysemising these things anyway, I would imagine having the concrete types in there makes it easier to turn this into an interpretation function without having to use any higher-order stuff.

@mdimjasevic
Copy link
Contributor

I'm not sure why you prefer the more general type signatures. It makes it tricker to use CPS functions like withMVar, and since we're polysemising these things anyway, I would imagine having the concrete types in there makes it easier to turn this into an interpretation function without having to use any higher-order stuff.

This was just a suggestion. Of course, if you have good reasons not to have more general type signatures, that is fine. I'm not requesting to change them.

@pcapriotti pcapriotti force-pushed the pcapriotti/mls-client-api branch from 695c2c5 to 3dcb548 Compare March 10, 2022 10:18
@mdimjasevic mdimjasevic merged commit ca94a6f into develop Mar 11, 2022
@mdimjasevic mdimjasevic deleted the pcapriotti/mls-client-api branch March 11, 2022 12:07
@zebot zebot mentioned this pull request Mar 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@mdimjasevic mdimjasevic mdimjasevic approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pcapriotti @mdimjasevic