mdk-core 0.8.0

A simplified interface to build secure messaging apps on nostr with MLS.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

//! Shared validation helpers for MLS group state.
//!
//! Keep state-transition checks here when they compare current MLS state with
//! staged post-commit state. Broader proposal and group evolution validation can
//! move here incrementally as follow-up work.
//!
//! These helpers model membership by Nostr identity, not by MLS leaf count.
//! Multiple MLS leaves may legitimately carry the same Nostr identity, so the
//! `BTreeSet<PublicKey>` return values intentionally deduplicate identities.

use std::collections::BTreeSet;

use mdk_storage_traits::MdkStorageProvider;
use nostr::PublicKey;
use openmls::prelude::{LeafNodeIndex, MlsGroup, Proposal, Sender, StagedCommit};

use crate::MDK;
use crate::error::Error;
use crate::extension::NostrGroupDataExtension;

impl<Storage> MDK<Storage>
where
    Storage: MdkStorageProvider,
{
    /// Returns the Nostr identities represented by live members of an MLS group.
    ///
    /// This is the in-memory `MlsGroup` variant used by state validation. Public
    /// callers that only have a `GroupId` should use `get_members`, which loads
    /// the group and delegates here.
    pub(crate) fn live_member_identities(
        &self,
        mls_group: &MlsGroup,
    ) -> Result<BTreeSet<PublicKey>, Error> {
        mls_group
            .members()
            .map(|member| self.pubkey_from_credential(&member.credential))
            .collect()
    }

    /// Returns the Nostr identities represented after applying a staged commit.
    pub(crate) fn post_commit_member_identities(
        &self,
        mls_group: &MlsGroup,
        staged_commit: &StagedCommit,
    ) -> Result<BTreeSet<PublicKey>, Error> {
        let departing_leaf_indices = Self::departing_leaf_indices(staged_commit);
        let mut member_identities =
            self.live_member_identities_after_departures(mls_group, &departing_leaf_indices)?;

        for add_proposal in staged_commit.add_proposals() {
            let credential = add_proposal
                .add_proposal()
                .key_package()
                .leaf_node()
                .credential();
            member_identities.insert(self.pubkey_from_credential(credential)?);
        }

        Ok(member_identities)
    }

    /// Validates that removing the specified members would not deplete all admins.
    ///
    /// This is for proposal-time checks where no staged commit exists yet, so it
    /// reads the admin set from the current MLS group extension. Commit-time
    /// validation should use `validate_admin_invariant_after_commit` instead.
    ///
    /// The admin set is checked against post-departure live MLS members so stale
    /// admin entries do not satisfy the invariant.
    pub(crate) fn validate_admin_depletion(
        &self,
        mls_group: &MlsGroup,
        departing_leaf_indices: &[LeafNodeIndex],
    ) -> Result<(), Error> {
        let group_data = NostrGroupDataExtension::from_group(mls_group)?;
        let departing_leaf_indices = departing_leaf_indices.iter().copied().collect();
        let member_identities =
            self.live_member_identities_after_departures(mls_group, &departing_leaf_indices)?;
        Self::validate_active_admins(&group_data.admins, &member_identities)
    }

    /// Validates that at least one admin identity is represented by a live member.
    pub(crate) fn validate_active_admins(
        admins: &BTreeSet<PublicKey>,
        member_identities: &BTreeSet<PublicKey>,
    ) -> Result<(), Error> {
        if admins.is_disjoint(member_identities) {
            return Err(Error::Group("Would leave group with no admins".to_string()));
        }

        Ok(())
    }

    /// Validates that the current MLS group contains at least one active admin identity.
    pub(crate) fn validate_active_admins_in_group(
        &self,
        mls_group: &MlsGroup,
        admins: &BTreeSet<PublicKey>,
    ) -> Result<(), Error> {
        let member_identities = self.live_member_identities(mls_group)?;
        Self::validate_active_admins(admins, &member_identities)
    }

    /// Validates that a staged commit leaves at least one active admin identity.
    pub(crate) fn validate_admin_invariant_after_commit(
        &self,
        mls_group: &MlsGroup,
        staged_commit: &StagedCommit,
    ) -> Result<(), Error> {
        let group_data =
            NostrGroupDataExtension::from_group_context(staged_commit.group_context())?;
        let member_identities = self.post_commit_member_identities(mls_group, staged_commit)?;
        Self::validate_active_admins(&group_data.admins, &member_identities)
    }

    fn live_member_identities_after_departures(
        &self,
        mls_group: &MlsGroup,
        departing_leaf_indices: &BTreeSet<LeafNodeIndex>,
    ) -> Result<BTreeSet<PublicKey>, Error> {
        for leaf_index in departing_leaf_indices {
            mls_group
                .member_at(*leaf_index)
                .ok_or(Error::MessageFromNonMember)?;
        }

        mls_group
            .members()
            .filter(|member| !departing_leaf_indices.contains(&member.index))
            .map(|member| self.pubkey_from_credential(&member.credential))
            .collect()
    }

    fn departing_leaf_indices(staged_commit: &StagedCommit) -> BTreeSet<LeafNodeIndex> {
        staged_commit
            .queued_proposals()
            .filter_map(|queued| match queued.proposal() {
                Proposal::Remove(remove) => Some(remove.removed()),
                Proposal::SelfRemove => match queued.sender() {
                    Sender::Member(leaf_index) => Some(*leaf_index),
                    _ => None,
                },
                _ => None,
            })
            .collect()
    }
}