awslabs · bifurcation · May 31, 2024 · May 31, 2024 · Jul 1, 2024 · Jul 1, 2024
@@ -20,6 +20,7 @@ ffi = ["dep:safer-ffi", "dep:safer-ffi-gen"]
 x509 = []
 test_suite = ["serde", "dep:serde_json", "dep:itertools"]
 serde = ["dep:serde", "zeroize/serde", "hex/serde", "dep:serde_bytes"]
+replace_proposal = []
 
 [dependencies]
 mls-rs-codec = { version = "0.5.2", path = "../mls-rs-codec", default-features = false}

@@ -34,6 +34,12 @@ impl ExtensionType {
     pub const EXTERNAL_PUB: ExtensionType = ExtensionType(4);
     pub const EXTERNAL_SENDERS: ExtensionType = ExtensionType(5);
 
+    // XXX(RLB): This value is chosen from the vendor range, since this is an experimental
+    // implementation that is only intended to work between `mls-rs` instances.  Once a real value
+    // is assigned by IANA, this code will need to be updated.
+    #[cfg(feature = "replace_proposal")]
+    pub const LEAF_NODE_EPOCH: ExtensionType = ExtensionType(0xFF01);
+
     /// Default extension types defined
     /// in [RFC 9420](https://www.rfc-editor.org/rfc/rfc9420.html#name-leaf-node-contents)
     pub const DEFAULT: &'static [ExtensionType] = &[

@@ -57,6 +57,9 @@ impl ProposalType {
     pub const EXTERNAL_INIT: ProposalType = ProposalType(6);
     pub const GROUP_CONTEXT_EXTENSIONS: ProposalType = ProposalType(7);
 
+    #[cfg(feature = "replace_proposal")]
+    pub const REPLACE: ProposalType = ProposalType(0xff01);
+
     /// Default proposal types defined
     /// in [RFC 9420](https://www.rfc-editor.org/rfc/rfc9420.html#name-leaf-node-contents)
     pub const DEFAULT: &'static [ProposalType] = &[

@@ -33,6 +33,7 @@ by_ref_proposal = []
 psk = []
 x509 = ["mls-rs-core/x509", "dep:mls-rs-identity-x509"]
 rfc_compliant = ["state_update", "private_message", "custom_proposal", "out_of_order", "psk", "x509", "prior_epoch", "by_ref_proposal", "mls-rs-core/rfc_compliant"]
+replace_proposal = ["mls-rs-core/replace_proposal", "by_ref_proposal"]
 
 std = ["mls-rs-core/std", "mls-rs-codec/std", "mls-rs-identity-x509?/std", "hex/std", "futures/std", "itertools/use_std", "safer-ffi-gen?/std", "zeroize/std", "dep:debug_tree", "dep:thiserror", "serde?/std"]
 

@@ -9,7 +9,7 @@ use mls_rs::{
         basic::{BasicCredential, BasicIdentityProvider},
         SigningIdentity,
     },
-    CipherSuite, CipherSuiteProvider, Client, CryptoProvider, ExtensionList,
+    CipherSuite, CipherSuiteProvider, Client, CryptoProvider, ExtensionList, Group,
 };
 
 const CIPHERSUITE: CipherSuite = CipherSuite::CURVE25519_AES128;
@@ -61,8 +61,19 @@ fn main() -> Result<(), MlsError> {
     alice_group.apply_pending_commit()?;
 
     // Bob joins the group with the welcome message created as part of Alice's commit.
-    let (mut bob_group, _) = bob.join_group(None, &alice_commit.welcome_messages[0])?;
+    let (bob_group, _) = bob.join_group(None, &alice_commit.welcome_messages[0])?;
 
+    #[cfg(feature = "private_message")]
+    encrypt_decrypt(alice_group, bob_group)?;
+
+    Ok(())
+}
+
+#[cfg(feature = "private_message")]
+fn encrypt_decrypt<C: MlsConfig>(
+    mut alice_group: Group<C>,
+    mut bob_group: Group<C>,
+) -> Result<(), MlsError> {
     // Alice encrypts an application message to Bob.
     let msg = alice_group.encrypt_application_message(b"hello world", Default::default())?;
 

@@ -1045,10 +1045,16 @@ mod tests {
 
     #[test]
     fn builder_can_be_obtained_from_client_to_edit_properties_for_new_client() {
+        #[cfg(not(feature = "replace_proposal"))]
+        let expected_extensions = [33, 34].map(Into::into);
+
+        #[cfg(feature = "replace_proposal")]
+        let expected_extensions = [0xff01, 33, 34].map(Into::into);
+
         let alice = TestClientBuilder::new_for_test()
             .extension_type(33.into())
             .build();
         let bob = alice.to_builder().extension_type(34.into()).build();
-        assert_eq!(bob.config.supported_extensions(), [33, 34].map(Into::into));
+        assert_eq!(bob.config.supported_extensions(), expected_extensions);
     }
 }
@@ -29,6 +29,9 @@ use crate::{
 #[cfg(feature = "std")]
 use crate::time::MlsTime;
 
+#[cfg(feature = "replace_proposal")]
+use alloc::vec;
+
 use alloc::vec::Vec;
 
 #[cfg(feature = "sqlite")]
@@ -879,8 +882,14 @@ pub(crate) struct Settings {
 
 impl Default for Settings {
     fn default() -> Self {
+        #[cfg(not(feature = "replace_proposal"))]
+        let extension_types = Default::default();
+
+        #[cfg(feature = "replace_proposal")]
+        let extension_types = vec![ExtensionType::LEAF_NODE_EPOCH];
+
         Self {
-            extension_types: Default::default(),
+            extension_types,
             protocol_versions: Default::default(),
             key_package_extensions: Default::default(),
             leaf_node_extensions: Default::default(),

@@ -235,6 +235,35 @@ impl MlsCodecExtension for ExternalSendersExt {
     }
 }
 
+/// Mark a LeafNode with the epoch in which it was created.  Note that a LeafNode with
+/// `leaf_node_source` set to `update` or `commit` is already bound to the `group_id` for the group
+/// by way of the `LeafNodeTBS` signed structure.
+#[cfg(feature = "replace_proposal")]
+#[cfg_attr(
+    all(feature = "ffi", not(test)),
+    safer_ffi_gen::ffi_type(clone, opaque)
+)]
+#[derive(Clone, Debug, PartialEq, Eq, MlsSize, MlsEncode, MlsDecode)]
+#[non_exhaustive]
+pub struct LeafNodeEpochExt {
+    pub epoch: u64,
+}
+
+#[cfg(feature = "replace_proposal")]
+#[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen)]
+impl LeafNodeEpochExt {
+    pub fn new(epoch: u64) -> Self {
+        Self { epoch }
+    }
+}
+
+#[cfg(feature = "replace_proposal")]
+impl MlsCodecExtension for LeafNodeEpochExt {
+    fn extension_type() -> ExtensionType {
+        ExtensionType::LEAF_NODE_EPOCH
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -327,4 +356,18 @@ mod tests {
         let restored = ExternalPubExt::from_extension(&as_extension).unwrap();
         assert_eq!(ext, restored)
     }
+
+    #[cfg(feature = "replace_proposal")]
+    #[test]
+    fn test_leaf_node_epoch() {
+        let ext = LeafNodeEpochExt {
+            epoch: 0x01234567890abcdef,
+        };
+
+        let as_extension = ext.clone().into_extension().unwrap();
+        assert_eq!(as_extension.extension_type, ExtensionType::LEAF_NODE_EPOCH);
+
+        let restored = LeafNodeEpochExt::from_extension(&as_extension).unwrap();
+        assert_eq!(ext, restored)
+    }
 }
@@ -197,6 +197,19 @@ where
         Ok(self)
     }
 
+    /// Insert a [`ReplaceProposal`](crate::group::proposal::ReplaceProposal) into
+    /// the current commit that is being built.
+    #[cfg(feature = "replace_proposal")]
+    pub fn replace_member(
+        mut self,
+        to_replace: u32,
+        leaf_node: LeafNode,
+    ) -> Result<Self, MlsError> {
+        let proposal = self.group.replace_proposal(to_replace, leaf_node)?;
+        self.proposals.push(proposal);
+        Ok(self)
+    }
+
     /// Insert a
     /// [`GroupContextExtensions`](crate::group::proposal::Proposal::GroupContextExtensions)
     /// into the current commit that is being built.
@@ -1017,6 +1030,54 @@ mod tests {
         assert_commit_builder_output(group, commit_output, vec![expected_remove], 0);
     }
 
+    #[cfg(feature = "replace_proposal")]
+    #[maybe_async::test(not(mls_build_async), async(mls_build_async, crate::futures_test))]
+    async fn test_commit_builder_replace() -> Result<(), MlsError> {
+        let mut group = test_group_custom_config(TEST_PROTOCOL_VERSION, TEST_CIPHER_SUITE, |b| {
+            b.custom_proposal_type(ProposalType::REPLACE)
+        })
+        .await
+        .group;
+
+        let (alice, alice_kp) =
+            test_client_with_key_pkg(TEST_PROTOCOL_VERSION, TEST_CIPHER_SUITE, "alice").await;
+
+        // Add Alice to the group
+        let output = group
+            .commit_builder()
+            .add_member(alice_kp.clone())
+            .unwrap()
+            .build()
+            .await?;
+
+        group.apply_pending_commit().await?;
+
+        // Alice creates an Update proposal, including a fresh LeafNode
+        let (mut alice_group, _) = alice.join_group(None, &output.welcome_messages[0])?;
+        let proposal = alice_group.update_proposal(None, None)?;
+        let Proposal::Update(update) = proposal else {
+            panic!("non update proposal found")
+        };
+
+        // The committer replaces Alice's appearance in the group
+        let commit_output = group
+            .commit_builder()
+            .replace_member(1, update.leaf_node.clone())?
+            .build()
+            .await?;
+
+        let expected_replace = group.replace_proposal(1, update.leaf_node)?;
+
+        assert_commit_builder_output(
+            group.clone(),
+            commit_output.clone(),
+            vec![expected_replace],
+            0,
+        );
+
+        Ok(())
+    }
+
     #[cfg(feature = "psk")]
     #[maybe_async::test(not(mls_build_async), async(mls_build_async, crate::futures_test))]
     async fn test_commit_builder_psk() {