openmls::group

Struct MlsGroup

Source 
pub struct MlsGroup { /* private fields */ }
Expand description

A MlsGroup represents an MLS group with a high-level API. The API exposes high level functions to manage a group by adding/removing members, get the current member list, etc.

The API is modeled such that it can serve as a direct interface to the Delivery Service. Functions that modify the public state of the group will return a Vec<MLSMessageOut> that can be sent to the Delivery Service directly. Conversely, incoming messages from the Delivery Service can be fed into process_message().

An MlsGroup has an internal queue of pending proposals that builds up as new messages are processed. When creating proposals, those messages are not automatically appended to this queue, instead they have to be processed again through process_message(). This allows the Delivery Service to reject them (e.g. if they reference the wrong epoch).

If incoming messages or applied operations are semantically or syntactically incorrect, an error event will be returned with a corresponding error message and the state of the group will remain unchanged.

An MlsGroup has an internal state variable determining if it is active or inactive, as well as if it has a pending commit. See MlsGroupState for more information.

Implementations§

Source§

impl MlsGroup

Source

pub fn create_message<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, message: &[u8], ) -> Result<MlsMessageOut, CreateMessageError>

Creates an application message. Returns CreateMessageError::MlsGroupStateError::UseAfterEviction if the member is no longer part of the group. Returns CreateMessageError::MlsGroupStateError::PendingProposal if pending proposals exist. In that case .process_pending_proposals() must be called first and incoming messages from the DS must be processed afterwards.

Source§

impl MlsGroup

Source

pub fn builder() -> MlsGroupBuilder

Creates a builder which can be used to configure and build a new MlsGroup.

Source

pub fn new<Provider: OpenMlsProvider>( provider: &Provider, signer: &impl Signer, mls_group_create_config: &MlsGroupCreateConfig, credential_with_key: CredentialWithKey, ) -> Result<Self, NewGroupError<Provider::StorageError>>

Creates a new group with the creator as the only member (and a random group ID).

This function removes the private key corresponding to the key_package from the key store.

Source

pub fn new_with_group_id<Provider: OpenMlsProvider>( provider: &Provider, signer: &impl Signer, mls_group_create_config: &MlsGroupCreateConfig, group_id: GroupId, credential_with_key: CredentialWithKey, ) -> Result<Self, NewGroupError<Provider::StorageError>>

Creates a new group with a given group ID with the creator as the only member.

Source

pub fn join_by_external_commit<Provider: OpenMlsProvider>( provider: &Provider, signer: &impl Signer, ratchet_tree: Option<RatchetTreeIn>, verifiable_group_info: VerifiableGroupInfo, mls_group_config: &MlsGroupJoinConfig, capabilities: Option<Capabilities>, extensions: Option<Extensions>, aad: &[u8], credential_with_key: CredentialWithKey, ) -> Result<(Self, MlsMessageOut, Option<GroupInfo>), ExternalCommitError<Provider::StorageError>>

Join an existing group through an External Commit. The resulting MlsGroup instance starts off with a pending commit (the external commit, which adds this client to the group). Merging this commit is necessary for this MlsGroup instance to function properly, as, for example, this client is not yet part of the tree. As a result, it is not possible to clear the pending commit. If the external commit was rejected due to an epoch change, the MlsGroup instance has to be discarded and a new one has to be created using this function based on the latest ratchet_tree and group info. For more information on the external init process, please see Section 11.2.1 in the MLS specification.

Note: If there is a group member in the group with the same identity as us, this will create a remove proposal.

Source§

impl MlsGroup

Source

pub fn export_secret<Provider: OpenMlsProvider>( &self, provider: &Provider, label: &str, context: &[u8], key_length: usize, ) -> Result<Vec<u8>, ExportSecretError>

Exports a secret from the current epoch. Returns ExportSecretError::KeyLengthTooLong if the requested key length is too long. Returns ExportSecretError::GroupStateError(MlsGroupStateError::UseAfterEviction) if the group is not active.

Source

pub fn epoch_authenticator(&self) -> &EpochAuthenticator

Returns the epoch authenticator of the current epoch.

Source

pub fn resumption_psk_secret(&self) -> &ResumptionPskSecret

Returns the resumption PSK secret of the current epoch.

Source

pub fn get_past_resumption_psk( &self, epoch: GroupEpoch, ) -> Option<&ResumptionPskSecret>

Returns a resumption psk for a given epoch. If no resumption psk is available for that epoch, None is returned.

Source

pub fn export_group_info<Provider: OpenMlsProvider>( &self, provider: &Provider, signer: &impl Signer, with_ratchet_tree: bool, ) -> Result<MlsMessageOut, ExportGroupInfoError>

Export a group info object for this group.

Source§

impl MlsGroup

Source

pub fn self_update<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, leaf_node_parameters: LeafNodeParameters, ) -> Result<CommitMessageBundle, SelfUpdateError<Provider::StorageError>>

Updates the own leaf node. The application can choose to update the credential, the capabilities, and the extensions by buliding the LeafNodeParameters.

If successful, it returns a tuple of MlsMessageOut (containing the commit), an optional MlsMessageOut (containing the Welcome) and the GroupInfo. The Welcome is Some when the queue of pending proposals contained add proposals The GroupInfo is Some if the group has the use_ratchet_tree_extension flag set.

Returns an error if there is a pending commit.

Source

pub fn propose_self_update<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, leaf_node_parameters: LeafNodeParameters, ) -> Result<(MlsMessageOut, ProposalRef), ProposeSelfUpdateError<Provider::StorageError>>

Creates a proposal to update the own leaf node. The application can choose to update the credential, the capabilities, and the extensions by building the LeafNodeParameters.

Source§

impl MlsGroup

Source

pub fn commit_builder(&mut self) -> CommitBuilder<'_, Initial>

Returns a builder for commits.

Source§

impl MlsGroup

Source

pub fn add_members<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, key_packages: &[KeyPackage], ) -> Result<(MlsMessageOut, MlsMessageOut, Option<GroupInfo>), AddMembersError<Provider::StorageError>>

Adds members to the group.

New members are added by providing a KeyPackage for each member.

This operation results in a Commit with a path, i.e. it includes an update of the committer’s leaf KeyPackage. To add members without forcing an update of the committer’s leaf KeyPackage, use Self::add_members_without_update().

If successful, it returns a triple of MlsMessageOuts, where the first contains the commit, the second one the Welcome and the third an optional GroupInfo that will be Some if the group has the use_ratchet_tree_extension flag set.

Returns an error if there is a pending commit.

Source

pub fn add_members_without_update<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, key_packages: &[KeyPackage], ) -> Result<(MlsMessageOut, MlsMessageOut, Option<GroupInfo>), AddMembersError<Provider::StorageError>>

Adds members to the group.

New members are added by providing a KeyPackage for each member.

This operation results in a Commit that does not necessarily include a path, i.e. an update of the committer’s leaf KeyPackage. In particular, it will only include a path if the group’s proposal store includes one or more proposals that require a path (see Section 17.4 of RFC 9420 for a list of proposals and whether they require a path).

If successful, it returns a triple of MlsMessageOuts, where the first contains the commit, the second one the Welcome and the third an optional GroupInfo that will be Some if the group has the use_ratchet_tree_extension flag set.

Returns an error if there is a pending commit.

Source

pub fn own_leaf(&self) -> Option<&LeafNode>

Returns a reference to the own LeafNode.

Source

pub fn remove_members<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, members: &[LeafNodeIndex], ) -> Result<(MlsMessageOut, Option<MlsMessageOut>, Option<GroupInfo>), RemoveMembersError<Provider::StorageError>>

Removes members from the group.

Members are removed by providing the member’s leaf index.

If successful, it returns a tuple of MlsMessageOut (containing the commit), an optional MlsMessageOut (containing the Welcome) and the current GroupInfo. The Welcome is Some when the queue of pending proposals contained add proposals The GroupInfo is Some if the group has the use_ratchet_tree_extension flag set.

Returns an error if there is a pending commit.

Source

pub fn leave_group<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, ) -> Result<MlsMessageOut, LeaveGroupError<Provider::StorageError>>

Leave the group.

Creates a Remove Proposal that needs to be covered by a Commit from a different member. The Remove Proposal is returned as a MlsMessageOut.

Returns an error if there is a pending commit.

Source

pub fn leave_group_via_self_remove<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, ) -> Result<MlsMessageOut, LeaveGroupError<Provider::StorageError>>

Leave the group via a SelfRemove proposal.

Creates a SelfRemove Proposal that needs to be covered by a Commit from a different member. The SelfRemove Proposal is returned as a MlsMessageOut.

Since SelfRemove proposals are always sent as PublicMessages, this function can only be used if the group’s WireFormatPolicy allows for it.

Returns an error if there is a pending commit.

Source

pub fn members(&self) -> impl Iterator<Item = Member> + '_

Returns a list of Members in the group.

Source

pub fn member(&self, leaf_index: LeafNodeIndex) -> Option<&Credential>

Returns the Credential of a member corresponding to the given leaf index. Returns None if the member can not be found in this group.

Source

pub fn member_at(&self, leaf_index: LeafNodeIndex) -> Option<Member>

Returns the Member corresponding to the given leaf index. Returns None if the member can not be found in this group.

Source§

impl MlsGroup

Source

pub fn process_message<Provider: OpenMlsProvider>( &mut self, provider: &Provider, message: impl Into<ProtocolMessage>, ) -> Result<ProcessedMessage, ProcessMessageError>

Parses incoming messages from the DS. Checks for syntactic errors and makes some semantic checks as well. If the input is an encrypted message, it will be decrypted. This processing function does syntactic and semantic validation of the message. It returns a ProcessedMessage enum.

§Errors:

Returns an ProcessMessageError when the validation checks fail with the exact reason of the failure.

Source

pub fn store_pending_proposal<Storage: StorageProvider>( &mut self, storage: &Storage, proposal: QueuedProposal, ) -> Result<(), Storage::Error>

Stores a standalone proposal in the internal ProposalStore

Source

pub fn commit_to_pending_proposals<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, ) -> Result<(MlsMessageOut, Option<MlsMessageOut>, Option<GroupInfo>), CommitToPendingProposalsError<Provider::StorageError>>

Creates a Commit message that covers the pending proposals that are currently stored in the group’s ProposalStore. The Commit message is created even if there are no valid pending proposals.

Returns an error if there is a pending commit. Otherwise it returns a tuple of Commit, Option<Welcome>, Option<GroupInfo>, where Commit and Welcome are MlsMessages of the type MlsMessageOut.

Source

pub fn merge_staged_commit<Provider: OpenMlsProvider>( &mut self, provider: &Provider, staged_commit: StagedCommit, ) -> Result<(), MergeCommitError<Provider::StorageError>>

Merge a StagedCommit into the group after inspection. As this advances the epoch of the group, it also clears any pending commits.

Source

pub fn merge_pending_commit<Provider: OpenMlsProvider>( &mut self, provider: &Provider, ) -> Result<(), MergePendingCommitError<Provider::StorageError>>

Merges the pending StagedCommit if there is one, and clears the field by setting it to None.

Source§

impl MlsGroup

Source

pub fn propose_add_member_by_value<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: KeyPackage, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose_remove_member_by_value<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: LeafNodeIndex, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose_external_psk<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: PreSharedKeyId, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose_external_psk_by_value<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: PreSharedKeyId, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose_custom_proposal_by_value<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: CustomProposal, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose_custom_proposal_by_reference<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, value: CustomProposal, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to add an external PSK to the key schedule.

Returns an error if there is a pending commit.

Source

pub fn propose<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, propose: Propose, ref_or_value: ProposalOrRefType, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Generate a proposal

Source

pub fn propose_add_member<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, key_package: &KeyPackage, ) -> Result<(MlsMessageOut, ProposalRef), ProposeAddMemberError<Provider::StorageError>>

Creates proposals to add members to the group.

Returns an error if there is a pending commit.

Source

pub fn propose_remove_member<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, member: LeafNodeIndex, ) -> Result<(MlsMessageOut, ProposalRef), ProposeRemoveMemberError<Provider::StorageError>>

Creates proposals to remove members from the group. The member has to be the member’s leaf index.

Returns an error if there is a pending commit.

Source

pub fn propose_remove_member_by_credential<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, member: &Credential, ) -> Result<(MlsMessageOut, ProposalRef), ProposeRemoveMemberError<Provider::StorageError>>

Creates proposals to remove members from the group. The member has to be the member’s credential.

Returns an error if there is a pending commit.

Source

pub fn propose_remove_member_by_credential_by_value<Provider: OpenMlsProvider>( &mut self, provider: &Provider, signer: &impl Signer, member: &Credential, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates proposals to remove members from the group. The member has to be the member’s credential.

Returns an error if there is a pending commit.

Source

pub fn propose_group_context_extensions<Provider: OpenMlsProvider>( &mut self, provider: &Provider, extensions: Extensions, signer: &impl Signer, ) -> Result<(MlsMessageOut, ProposalRef), ProposalError<Provider::StorageError>>

Creates a proposals with a new set of extensions for the group context.

Returns an error when the group does not support all the required capabilities in the new extensions.

Source

pub fn update_group_context_extensions<Provider: OpenMlsProvider>( &mut self, provider: &Provider, extensions: Extensions, signer: &impl Signer, ) -> Result<(MlsMessageOut, Option<MlsMessageOut>, Option<GroupInfo>), CreateGroupContextExtProposalError<Provider::StorageError>>

Updates Group Context Extensions

Commits to the Group Context Extension inline proposal using the Extensions

Returns an error when the group does not support all the required capabilities in the new extensions or if there is a pending commit.

Source

pub fn remove_pending_proposal<Storage: StorageProvider>( &mut self, storage: &Storage, proposal_ref: &ProposalRef, ) -> Result<(), RemoveProposalError<Storage::Error>>

Removes a specific proposal from the store.

Source§

impl MlsGroup

Source

pub fn configuration(&self) -> &MlsGroupJoinConfig

Returns the configuration.

Source

pub fn set_configuration<Storage: StorageProvider>( &mut self, storage: &Storage, mls_group_config: &MlsGroupJoinConfig, ) -> Result<(), Storage::Error>

Sets the configuration.

Source

pub fn set_aad(&mut self, aad: Vec<u8>)

Sets the additional authenticated data (AAD) for the next outgoing message. This is ephemeral and will be reset by every API call that successfully returns an MlsMessageOut.

Source

pub fn aad(&self) -> &[u8]

Returns the additional authenticated data (AAD) for the next outgoing message.

Source

pub fn ciphersuite(&self) -> Ciphersuite

Returns the group’s ciphersuite.

Source

pub fn is_active(&self) -> bool

Returns whether the own client is still a member of the group or if it was already evicted

Source

pub fn credential(&self) -> Result<&Credential, MlsGroupStateError>

Returns own credential. If the group is inactive, it returns a UseAfterEviction error.

Source

pub fn own_leaf_index(&self) -> LeafNodeIndex

Returns the leaf index of the client in the tree owning this group.

Source

pub fn own_leaf_node(&self) -> Option<&LeafNode>

Returns the leaf node of the client in the tree owning this group.

Source

pub fn group_id(&self) -> &GroupId

Returns the group ID.

Source

pub fn epoch(&self) -> GroupEpoch

Returns the epoch.

Source

pub fn pending_proposals(&self) -> impl Iterator<Item = &QueuedProposal>

Returns an Iterator over pending proposals.

Source

pub fn pending_commit(&self) -> Option<&StagedCommit>

Returns a reference to the StagedCommit of the most recently created commit. If there was no commit created in this epoch, either because this commit or another commit was merged, it returns None.

Source

pub fn clear_pending_commit<Storage: StorageProvider>( &mut self, storage: &Storage, ) -> Result<(), Storage::Error>

Sets the group_state to MlsGroupState::Operational, thus clearing any potentially pending commits.

Note that this has no effect if the group was created through an external commit and the resulting external commit has not been merged yet. For more information, see MlsGroup::join_by_external_commit().

Use with caution! This function should only be used if it is clear that the pending commit will not be used in the group. In particular, if a pending commit is later accepted by the group, this client will lack the key material to encrypt or decrypt group messages.

Source

pub fn clear_pending_proposals<Storage: StorageProvider>( &mut self, storage: &Storage, ) -> Result<(), Storage::Error>

Clear the pending proposals, if the proposal store is not empty.

Warning: Once the pending proposals are cleared it will be impossible to process a Commit message that references those proposals. Only use this function as a last resort, e.g. when a call to MlsGroup::commit_to_pending_proposals fails.

Source

pub fn extensions(&self) -> &Extensions

Get a reference to the group context Extensions of this MlsGroup.

Source

pub fn ext_commit_sender_index( &self, commit: &StagedCommit, ) -> Result<LeafNodeIndex, LibraryError>

Returns the index of the sender of a staged, external commit.

Source

pub fn load<Storage: StorageProvider>( storage: &Storage, group_id: &GroupId, ) -> Result<Option<MlsGroup>, Storage::Error>

Loads the state of the group with given id from persisted state.

Source

pub fn delete<Storage: StorageProvider>( &mut self, storage: &Storage, ) -> Result<(), Storage::Error>

Remove the persisted state of this group from storage. Note that signature key material is not managed by OpenMLS and has to be removed from the storage provider separately (if desired).

Source

pub fn export_ratchet_tree(&self) -> RatchetTree

Exports the Ratchet Tree.

Trait Implementations§

Source§

impl Debug for MlsGroup

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.