Block resumption psks #817
Conversation
|
@franziskuskiefer do you mind taking a look at this? I'm not sure if this is correct way to block psks or if there are different functions I should be using. |
xmtp_mls/src/groups/mod.rs
Outdated
| @@ -326,6 +328,9 @@ impl MlsGroup { | |||
| let welcome = deserialize_welcome(&welcome_bytes)?; | |||
|
|
|||
| let join_config = build_group_join_config(); | |||
| if join_config.number_of_resumption_psks > 0 { | |||
There was a problem hiding this comment.
Just noting I had to make this public so I could use it xmtp/openmls#30
There was a problem hiding this comment.
Can you make this into a getter instead of making it public? Then we can upstream this change. (I'd just prefer not making the fields pub directly.)
There was a problem hiding this comment.
This isn't doing what you think it's doing I'm afraid. This only prevents you from joining a group that allow resumption PSKs. It's a property you probably want to set when creating groups to avoid generating unused resumption PSKs.
But to achieve what you want, you need to look into the group secrets. That's actually not possible yet. But it is with openmls/openmls#1586. I just added a function there to get the psks. On the result from that function you can get the processed_welcome.psks().psk(), which returns a PSK enum. There you can error out when it contains a resumption psk (or any, depending on what you want to achieve).
There was a problem hiding this comment.
I pulled in your PR to my fork and I seem to be able to get the psks now. 🙏
xmtp_mls/src/groups/mod.rs
Outdated
| @@ -326,6 +328,9 @@ impl MlsGroup { | |||
| let welcome = deserialize_welcome(&welcome_bytes)?; | |||
|
|
|||
| let join_config = build_group_join_config(); | |||
| if join_config.number_of_resumption_psks > 0 { | |||
There was a problem hiding this comment.
Can you make this into a getter instead of making it public? Then we can upstream this change. (I'd just prefer not making the fields pub directly.)
xmtp_mls/src/groups/mod.rs
Outdated
| @@ -326,6 +328,9 @@ impl MlsGroup { | |||
| let welcome = deserialize_welcome(&welcome_bytes)?; | |||
|
|
|||
| let join_config = build_group_join_config(); | |||
| if join_config.number_of_resumption_psks > 0 { | |||
There was a problem hiding this comment.
This isn't doing what you think it's doing I'm afraid. This only prevents you from joining a group that allow resumption PSKs. It's a property you probably want to set when creating groups to avoid generating unused resumption PSKs.
But to achieve what you want, you need to look into the group secrets. That's actually not possible yet. But it is with openmls/openmls#1586. I just added a function there to get the psks. On the result from that function you can get the processed_welcome.psks().psk(), which returns a PSK enum. There you can error out when it contains a resumption psk (or any, depending on what you want to achieve).
xmtp_mls/src/groups/mod.rs
Outdated
| if processed_welcome.psks().is_empty() { | ||
| return Err(GroupError::NoPSKSupport); | ||
| } |
There was a problem hiding this comment.
We may eventually want to allow external psks depending on how we want to do conversation history. But in the meantime I'm okay with blocking both resumption and external psks.
Closes #678
https://www.rfc-editor.org/rfc/rfc9420.html#section-12.1
https://openmls.tech/openmls/doc/openmls/schedule/psk/enum.Psk.html