Closed mulmarta closed 4 days ago
Thanks for the write-up, Marta! This looks very nice to me.
I believe that this will overall make all method calls to Client
and Group
be "idempotent" (if that's the right word?)? That is, if I call it Client::join_group
twice with the same arguments, I get the same (group, new_member_info)
values back?
(Module any randomness that might be picked when the values are created, but semantically the values would compare equal after two calls.)
You're right that join_group
will be idempotent. I'm not 100% sure about Group
functions. E.g. if you call Group::process_incoming_message
with a ciphertext, I think for forward secrecy, Group
should delete the decryption key from memory? Of course if you create Group
again with the same snapshot, then you can receive the ciphertext for the second time.
E.g. if you call
Group::process_incoming_message
with a ciphertext, I think for forward secrecy,Group
should delete the decryption key from memory?
Yeah, it makes sense that there is an in-memory state which can change!
Yes, the good news is we already have this in place in order to support processing multiple messages before the user calls write to storage.
@mulmarta was working on the write_to_storage story, and I feel like we can avoid key package interaction in there all together by just having a property of private_kp_data
in the above example containing the KeyPackageRef
that needs to be deleted?
Closing in favor of #215
Background:
Part of #211
Before (0.x)
Join Group API
In the above,
join_group
internally finds the key package private key by calling KeyPackageStorage::get on (a clone of) thekey_package_store
with all key package references included in thewelcome_message
.Write to Storage API
In the above,
write_to_storage
internally deletes the key package private key used to join by calling KeyPackageStorage::delete on (a clone of) thekey_package_store
owned byclient
.After (1.x)
Join Group API
Client
joins a group in three steps. First, it parses the Welcome message which returns information needed to fetch the private key from the storage. The same function will be used to parse other MLSMessage types like Commit, Proposal. Second,Client
retrieves the private key and, third, it joins using the private key.