Block resumption psks (#817)

* block psks on commit proposal

* check to see if the psk number is zero or not

* fix linter issue

* add check for psks on processed welcome

* add a comment for it

* invert the logic

Cargo.toml

@@ -36,10 +36,10 @@ futures = "0.3.30"
 futures-core = "0.3.30"
 hex = "0.4.3"
 log = "0.4"
-openmls = { git = "https://github.com/xmtp/openmls", rev = "606bf92" }
-openmls_basic_credential = { git = "https://github.com/xmtp/openmls", rev = "606bf92" }
-openmls_rust_crypto = { git = "https://github.com/xmtp/openmls", rev = "606bf92" }
-openmls_traits = { git = "https://github.com/xmtp/openmls", rev = "606bf92" }
+openmls = { git = "https://github.com/xmtp/openmls", rev = "99b2d5e7d0e034ac57644395e2194c5a102afb9a" }
+openmls_basic_credential = { git = "https://github.com/xmtp/openmls", rev = "99b2d5e7d0e034ac57644395e2194c5a102afb9a" }
+openmls_rust_crypto = { git = "https://github.com/xmtp/openmls", rev = "99b2d5e7d0e034ac57644395e2194c5a102afb9a" }
+openmls_traits = { git = "https://github.com/xmtp/openmls", rev = "99b2d5e7d0e034ac57644395e2194c5a102afb9a" }
 prost = "^0.12"
 prost-types = "^0.12"
 rand = "0.8.5"

xmtp_mls/src/groups/mod.rs

@@ -18,7 +18,10 @@ use openmls::{
         Extension, ExtensionType, Extensions, Metadata, RequiredCapabilitiesExtension,
         UnknownExtension,
     },
-    group::{CreateGroupContextExtProposalError, MlsGroupCreateConfig, MlsGroupJoinConfig},
+    group::{
+        CreateGroupContextExtProposalError, MlsGroupCreateConfig, MlsGroupJoinConfig,
+        ProcessedWelcome,
+    },
     messages::proposals::ProposalType,
     prelude::{
         BasicCredentialError, Capabilities, CredentialWithKey, Error as TlsCodecError, GroupId,
@@ -165,6 +168,8 @@ pub enum GroupError {
     MessageHistory(#[from] MessageHistoryError),
     #[error("Installation diff error: {0}")]
     InstallationDiff(#[from] InstallationDiffError),
+    #[error("PSKs are not support")]
+    NoPSKSupport,
 }
 
 impl RetryableError for GroupError {
@@ -326,8 +331,14 @@ impl MlsGroup {
         let welcome = deserialize_welcome(&welcome_bytes)?;
 
         let join_config = build_group_join_config();
-        let staged_welcome =
-            StagedWelcome::new_from_welcome(provider, &join_config, welcome.clone(), None)?;
+
+        let processed_welcome =
+            ProcessedWelcome::new_from_welcome(provider, &join_config, welcome.clone())?;
+        let psks = processed_welcome.psks();
+        if !psks.is_empty() {
+            return Err(GroupError::NoPSKSupport);
+        }
+        let staged_welcome = processed_welcome.into_staged_welcome(provider, None)?;
 
         let added_by_node = staged_welcome.welcome_sender()?;
 

xmtp_mls/src/groups/validated_commit.rs

@@ -78,6 +78,8 @@ pub enum CommitValidationError {
     InstallationDiff(#[from] InstallationDiffError),
     #[error("Failed to parse group mutable permissions: {0}")]
     GroupMutablePermissions(#[from] GroupMutablePermissionsError),
+    #[error("PSKs are not support")]
+    NoPSKSupport,
 }
 
 #[derive(Debug, Clone, PartialEq, Hash)]
@@ -186,6 +188,7 @@ impl MetadataFieldChange {
  * present in the [`AssociationState`] for the `inbox_id` presented in the credential at the `to_sequence_id` found in the
  * new [`GroupMembership`].
  * 5. All proposals in a commit must come from the same installation
+ * 6. No PSK proposals will be allowed
  */
 #[derive(Debug, Clone)]
 pub struct ValidatedCommit {
@@ -226,6 +229,11 @@ impl ValidatedCommit {
             &mutable_metadata,
         )?;
 
+        // Block any psk proposals
+        if staged_commit.psk_proposals().any(|_| true) {
+            return Err(CommitValidationError::NoPSKSupport);
+        }
+
         // Get the installations actually added and removed in the commit
         let ProposalChanges {
             added_installations,