chore: remove transactional crypto provider

Which isn't needed anymore with the current API where keystore transactions aren't visible outside the keystore crate.
wireapp · Oct 30, 2024 · 7eb92ad · 7eb92ad
1 parent f443b40
commit 7eb92ad
Show file tree

Hide file tree

Showing 30 changed files with 90 additions and 128 deletions.
diff --git a/crypto/src/context.rs b/crypto/src/context.rs
@@ -2,7 +2,7 @@
 //! [MlsCentral]. All mutating operations need to be done through a [CentralContext].
 
 use async_lock::{Mutex, RwLock, RwLockReadGuardArc, RwLockWriteGuardArc};
-use mls_crypto_provider::{CryptoKeystore, TransactionalCryptoProvider};
+use mls_crypto_provider::{CryptoKeystore, MlsCryptoProvider};
 use std::{ops::Deref, sync::Arc};
 
 use crate::mls::MlsCentral;
@@ -31,7 +31,7 @@ pub struct CentralContext {
 #[derive(Debug, Clone)]
 enum ContextState {
     Valid {
-        provider: TransactionalCryptoProvider,
+        provider: MlsCryptoProvider,
         callbacks: Arc<RwLock<Option<std::sync::Arc<dyn CoreCryptoCallbacks + 'static>>>>,
         mls_client: Arc<RwLock<Option<Client>>>,
         mls_groups: Arc<RwLock<GroupStore<MlsConversation>>>,
@@ -117,7 +117,7 @@ impl CentralContext {
     }
 
     /// Creates a read guard on the internal mls provider for the current transaction
-    pub async fn mls_provider(&self) -> CryptoResult<TransactionalCryptoProvider> {
+    pub async fn mls_provider(&self) -> CryptoResult<MlsCryptoProvider> {
         match self.state.read().await.deref() {
             ContextState::Valid { provider, .. } => Ok(provider.clone()),
             ContextState::Invalid => Err(CryptoError::InvalidContext),

diff --git a/crypto/src/e2e_identity/conversation_state.rs b/crypto/src/e2e_identity/conversation_state.rs
@@ -4,7 +4,7 @@ use crate::{
     MlsError,
 };
 
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 use openmls_traits::OpenMlsCryptoProvider;
 use wire_e2e_identity::prelude::WireIdentityReader;
 
@@ -149,10 +149,7 @@ impl MlsCentral {
 }
 
 impl MlsConversation {
-    async fn e2ei_conversation_state(
-        &self,
-        backend: &TransactionalCryptoProvider,
-    ) -> CryptoResult<E2eiConversationState> {
+    async fn e2ei_conversation_state(&self, backend: &MlsCryptoProvider) -> CryptoResult<E2eiConversationState> {
         backend.authentication_service().refresh_time_of_interest().await;
         Ok(compute_state(
             self.ciphersuite(),

diff --git a/crypto/src/e2e_identity/crypto.rs b/crypto/src/e2e_identity/crypto.rs
@@ -1,6 +1,6 @@
 use super::error::*;
 use crate::{prelude::MlsCiphersuite, CryptoError, CryptoResult, MlsError};
-use mls_crypto_provider::{PkiKeypair, RustCrypto, TransactionalCryptoProvider};
+use mls_crypto_provider::{MlsCryptoProvider, PkiKeypair, RustCrypto};
 use openmls_basic_credential::SignatureKeyPair as OpenMlsSignatureKeyPair;
 use openmls_traits::{
     crypto::OpenMlsCrypto,
@@ -13,7 +13,7 @@ use zeroize::Zeroize;
 impl super::E2eiEnrollment {
     pub(super) fn new_sign_key(
         ciphersuite: MlsCiphersuite,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
     ) -> CryptoResult<E2eiSignatureKeypair> {
         let (sk, _) = backend
             .crypto()

diff --git a/crypto/src/e2e_identity/mod.rs b/crypto/src/e2e_identity/mod.rs
@@ -5,7 +5,7 @@ use wire_e2e_identity::prelude::{E2eiAcmeAuthorization, RustyE2eIdentity};
 use zeroize::Zeroize;
 
 use error::*;
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 
 use crate::e2e_identity::init_certificates::NewCrlDistributionPoint;
 use crate::{
@@ -161,7 +161,7 @@ impl E2eiEnrollment {
         handle: String,
         team: Option<String>,
         expiry_sec: u32,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         ciphersuite: MlsCiphersuite,
         sign_keypair: Option<E2eiSignatureKeypair>,
         #[cfg(not(target_family = "wasm"))] refresh_token: Option<refresh_token::RefreshToken>,
@@ -437,7 +437,7 @@ impl E2eiEnrollment {
     /// * `challenge` - http response body
     pub async fn new_oidc_challenge_response(
         &mut self,
-        #[cfg(not(target_family = "wasm"))] backend: &TransactionalCryptoProvider,
+        #[cfg(not(target_family = "wasm"))] backend: &MlsCryptoProvider,
         challenge: Json,
     ) -> E2eIdentityResult<()> {
         let challenge = serde_json::from_slice(&challenge[..])?;

diff --git a/crypto/src/e2e_identity/refresh_token.rs b/crypto/src/e2e_identity/refresh_token.rs
@@ -5,7 +5,7 @@ use crate::{
 };
 use core_crypto_keystore::connection::FetchFromDatabase;
 use core_crypto_keystore::{entities::E2eiRefreshToken, CryptoKeystoreResult};
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 use zeroize::Zeroize;
 
 /// An OIDC refresh token managed by CoreCrypto to benefit from encryption-at-rest
@@ -18,7 +18,7 @@ impl RefreshToken {
         key_store.find_unique::<E2eiRefreshToken>().await?.try_into()
     }
 
-    pub(crate) async fn replace(self, backend: &TransactionalCryptoProvider) -> CryptoKeystoreResult<()> {
+    pub(crate) async fn replace(self, backend: &MlsCryptoProvider) -> CryptoKeystoreResult<()> {
         let keystore = backend.keystore();
         let rt = E2eiRefreshToken::from(self);
         keystore.save(rt).await?;

diff --git a/crypto/src/e2e_identity/rotate.rs b/crypto/src/e2e_identity/rotate.rs
@@ -5,7 +5,7 @@ use openmls_traits::OpenMlsCryptoProvider;
 
 use core_crypto_keystore::connection::FetchFromDatabase;
 use core_crypto_keystore::{entities::MlsKeyPackage, CryptoKeystoreMls};
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 
 use crate::context::CentralContext;
 use crate::e2e_identity::init_certificates::NewCrlDistributionPoint;
@@ -237,7 +237,7 @@ impl MlsConversation {
     #[cfg_attr(test, crate::durable)]
     pub(crate) async fn e2ei_rotate(
         &mut self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         client: &Client,
         cb: Option<&CredentialBundle>,
     ) -> CryptoResult<MlsCommitBundle> {

diff --git a/crypto/src/e2e_identity/stash.rs b/crypto/src/e2e_identity/stash.rs
@@ -3,14 +3,14 @@ use openmls_traits::{random::OpenMlsRand, OpenMlsCryptoProvider};
 use crate::context::CentralContext;
 use crate::prelude::{CryptoError, CryptoResult, E2eiEnrollment};
 use core_crypto_keystore::CryptoKeystoreMls;
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 
 /// A unique identifier for an enrollment a consumer can use to fetch it from the keystore when he
 /// wants to resume the process
 pub(crate) type EnrollmentHandle = Vec<u8>;
 
 impl E2eiEnrollment {
-    pub(crate) async fn stash(self, backend: &TransactionalCryptoProvider) -> CryptoResult<EnrollmentHandle> {
+    pub(crate) async fn stash(self, backend: &MlsCryptoProvider) -> CryptoResult<EnrollmentHandle> {
         // should be enough to prevent collisions
         const HANDLE_SIZE: usize = 32;
 
@@ -24,10 +24,7 @@ impl E2eiEnrollment {
         Ok(handle)
     }
 
-    pub(crate) async fn stash_pop(
-        backend: &TransactionalCryptoProvider,
-        handle: EnrollmentHandle,
-    ) -> CryptoResult<Self> {
+    pub(crate) async fn stash_pop(backend: &MlsCryptoProvider, handle: EnrollmentHandle) -> CryptoResult<Self> {
         let content = backend
             .key_store()
             .pop_e2ei_enrollment(&handle)

diff --git a/crypto/src/mls/client/identifier.rs b/crypto/src/mls/client/identifier.rs
@@ -3,7 +3,7 @@ use crate::{
     prelude::CryptoError,
     prelude::{CertificateBundle, Client, ClientId, CryptoResult},
 };
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 use openmls_traits::types::SignatureScheme;
 use std::collections::{HashMap, HashSet};
 
@@ -38,7 +38,7 @@ impl ClientIdentifier {
     /// This method does not persist them in the keystore !
     pub fn generate_credential_bundles(
         self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         signature_schemes: HashSet<SignatureScheme>,
     ) -> CryptoResult<Vec<(SignatureScheme, ClientId, CredentialBundle)>> {
         match self {

diff --git a/crypto/src/mls/client/key_package.rs b/crypto/src/mls/client/key_package.rs
@@ -24,7 +24,7 @@ use core_crypto_keystore::{
     connection::FetchFromDatabase,
     entities::{EntityFindParams, MlsEncryptionKeyPair, MlsHpkePrivateKey, MlsKeyPackage},
 };
-use mls_crypto_provider::{CryptoKeystore, TransactionalCryptoProvider};
+use mls_crypto_provider::{CryptoKeystore, MlsCryptoProvider};
 
 use crate::context::CentralContext;
 use crate::{
@@ -54,7 +54,7 @@ impl Client {
     /// KeyStore and OpenMls errors
     pub async fn generate_one_keypackage_from_credential_bundle(
         &self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         cs: MlsCiphersuite,
         cb: &CredentialBundle,
     ) -> CryptoResult<KeyPackage> {
@@ -94,7 +94,7 @@ impl Client {
         count: usize,
         ciphersuite: MlsCiphersuite,
         credential_type: MlsCredentialType,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
     ) -> CryptoResult<Vec<KeyPackage>> {
         // Auto-prune expired keypackages on request
         self.prune_keypackages(backend, &[]).await?;
@@ -131,7 +131,7 @@ impl Client {
 
     pub(crate) async fn generate_new_keypackages(
         &self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         ciphersuite: MlsCiphersuite,
         cb: &CredentialBundle,
         count: usize,
@@ -151,7 +151,7 @@ impl Client {
     /// Returns the count of valid, non-expired, unclaimed keypackages in store
     pub async fn valid_keypackages_count(
         &self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         ciphersuite: MlsCiphersuite,
         credential_type: MlsCredentialType,
     ) -> CryptoResult<usize> {
@@ -191,11 +191,7 @@ impl Client {
     /// Warning: Despite this API being public, the caller should know what they're doing.
     /// Provided KeypackageRefs **will** be purged regardless of their expiration state, so please be wary of what you are doing if you directly call this API.
     /// This could result in still valid, uploaded keypackages being pruned from the system and thus being impossible to find when referenced in a future Welcome message.
-    pub async fn prune_keypackages(
-        &self,
-        backend: &TransactionalCryptoProvider,
-        refs: &[KeyPackageRef],
-    ) -> CryptoResult<()> {
+    pub async fn prune_keypackages(&self, backend: &MlsCryptoProvider, refs: &[KeyPackageRef]) -> CryptoResult<()> {
         let keystore = backend.keystore();
         let kps = self.find_all_keypackages(&keystore).await?;
         let _ = self._prune_keypackages(&kps, &keystore, refs).await?;
@@ -204,7 +200,7 @@ impl Client {
 
     pub(crate) async fn prune_keypackages_and_credential(
         &mut self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         refs: &[KeyPackageRef],
     ) -> CryptoResult<()> {
         let keystore = backend.key_store();

diff --git a/crypto/src/mls/client/mod.rs b/crypto/src/mls/client/mod.rs
@@ -38,7 +38,7 @@ use tls_codec::{Deserialize, Serialize};
 
 use core_crypto_keystore::entities::{EntityFindParams, MlsCredential, MlsSignatureKeyPair};
 use identities::ClientIdentities;
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 
 impl MlsCentral {
     pub(crate) async fn mls_client(&self) -> RwLockReadGuard<'_, Option<Client>> {
@@ -73,7 +73,7 @@ impl Client {
     pub async fn init(
         identifier: ClientIdentifier,
         ciphersuites: &[MlsCiphersuite],
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         nb_key_package: usize,
     ) -> CryptoResult<Self> {
         let id = identifier.get_id()?;
@@ -124,7 +124,7 @@ impl Client {
     /// KeyStore and OpenMls errors can happen
     pub async fn generate_raw_keypairs(
         ciphersuites: &[MlsCiphersuite],
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
     ) -> CryptoResult<Vec<ClientId>> {
         const TEMP_KEY_SIZE: usize = 16;
 
@@ -168,7 +168,7 @@ impl Client {
         client_id: ClientId,
         tmp_ids: Vec<ClientId>,
         ciphersuites: &[MlsCiphersuite],
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
     ) -> CryptoResult<Self> {
         // Find all the keypairs, get the ones that exist (or bail), then insert new ones + delete the provisional ones
         let stored_skp = backend
@@ -240,7 +240,7 @@ impl Client {
     /// Generates a brand new client from scratch
     pub(crate) async fn generate(
         identifier: ClientIdentifier,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         ciphersuites: &[MlsCiphersuite],
         nb_key_package: usize,
     ) -> CryptoResult<Self> {
@@ -279,7 +279,7 @@ impl Client {
 
     /// Loads the client from the keystore.
     pub(crate) async fn load(
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         id: &ClientId,
         mut credentials: Vec<(Credential, u64)>,
         signature_schemes: HashSet<SignatureScheme>,
@@ -338,7 +338,7 @@ impl Client {
         })
     }
 
-    async fn find_all_basic_credentials(backend: &TransactionalCryptoProvider) -> CryptoResult<Vec<Credential>> {
+    async fn find_all_basic_credentials(backend: &MlsCryptoProvider) -> CryptoResult<Vec<Credential>> {
         let store_credentials = backend
             .key_store()
             .find_all::<MlsCredential>(EntityFindParams::default())
@@ -408,7 +408,7 @@ impl Client {
 
     pub(crate) async fn get_most_recent_or_create_credential_bundle(
         &mut self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         sc: SignatureScheme,
         ct: MlsCredentialType,
     ) -> CryptoResult<CredentialBundle> {
@@ -428,7 +428,7 @@ impl Client {
 
     pub(crate) async fn init_basic_credential_bundle_if_missing(
         &mut self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         sc: SignatureScheme,
     ) -> CryptoResult<()> {
         let existing_cb = self
@@ -466,7 +466,7 @@ impl Eq for Client {}
 impl Client {
     pub async fn random_generate(
         case: &crate::test_utils::TestCase,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
         signer: Option<&crate::test_utils::x509::X509Certificate>,
         provision: bool,
     ) -> CryptoResult<Self> {
@@ -490,7 +490,7 @@ impl Client {
 
     pub async fn find_keypackages(
         &self,
-        backend: &TransactionalCryptoProvider,
+        backend: &MlsCryptoProvider,
     ) -> CryptoResult<Vec<openmls::prelude::KeyPackage>> {
         use core_crypto_keystore::CryptoKeystoreMls as _;
         let kps = backend

diff --git a/crypto/src/mls/conversation/buffer_messages.rs b/crypto/src/mls/conversation/buffer_messages.rs
@@ -16,7 +16,7 @@ use core_crypto_keystore::{
     entities::{EntityFindParams, MlsPendingMessage},
 };
 use log::{error, info, trace};
-use mls_crypto_provider::TransactionalCryptoProvider;
+use mls_crypto_provider::MlsCryptoProvider;
 use openmls::prelude::{MlsMessageIn, MlsMessageInBody};
 use tls_codec::Deserialize;
 
@@ -68,7 +68,7 @@ impl MlsConversation {
     pub(crate) async fn restore_pending_messages<'a>(
         &'a mut self,
         client: &'a Client,
-        backend: &'a TransactionalCryptoProvider,
+        backend: &'a MlsCryptoProvider,
         callbacks: Option<&'a dyn CoreCryptoCallbacks>,
         parent_conversation: Option<&'a GroupStoreValue<Self>>,
         is_rejoin: bool,