refactor: swap meaning of Ciphersuite vs MlsCiphersuite

Previously `MlsCiphersuite` was defined in core-crypto,
and `Ciphersuite` was defined in openmls, which was insane.

This commit adjusts such that `Ciphersuite` is defined in core-crypto,
and `MlsCiphersuite` is a module-level import alias for the definition
in openmls.

Author: coriolinus

crypto-ffi/src/ciphersuite.rs

@@ -4,7 +4,7 @@
 //! it doesn't work on newtypes around external enums. We therefore redefine the ciphersuites enum
 //! here with appropriate annotations such that it gets exported to all relevant bindings.
 
-use core_crypto::{CiphersuiteName, MlsCiphersuite};
+use core_crypto::{Ciphersuite, CiphersuiteName};
 #[cfg(target_family = "wasm")]
 use wasm_bindgen::prelude::*;
 
@@ -60,16 +60,16 @@ impl From<CiphersuiteName> for Ciphersuite {
     }
 }
 
-impl From<Ciphersuite> for MlsCiphersuite {
+impl From<Ciphersuite> for Ciphersuite {
     #[inline]
     fn from(value: Ciphersuite) -> Self {
         CiphersuiteName::from(value).into()
     }
 }
 
-impl From<MlsCiphersuite> for Ciphersuite {
+impl From<Ciphersuite> for Ciphersuite {
     #[inline]
-    fn from(value: MlsCiphersuite) -> Self {
+    fn from(value: Ciphersuite) -> Self {
         CiphersuiteName::from(value).into()
     }
 }

crypto-ffi/src/core_crypto/e2ei/mod.rs

@@ -17,7 +17,7 @@ impl CoreCryptoFfi {
 
     /// See [core_crypto::Session::e2ei_is_enabled]
     pub async fn e2ei_is_enabled(&self, ciphersuite: Ciphersuite) -> CoreCryptoResult<bool> {
-        let signature_scheme = core_crypto::MlsCiphersuite::from(ciphersuite).signature_algorithm();
+        let signature_scheme = core_crypto::Ciphersuite::from(ciphersuite).signature_algorithm();
         self.inner
             .e2ei_is_enabled(signature_scheme)
             .await

crypto-ffi/src/core_crypto_context/e2ei.rs

@@ -198,7 +198,7 @@ impl CoreCryptoContext {
 
     /// See [core_crypto::Session::e2ei_is_enabled]
     pub async fn e2ei_is_enabled(&self, ciphersuite: Ciphersuite) -> CoreCryptoResult<bool> {
-        let sc = core_crypto::MlsCiphersuite::from(ciphersuite).signature_algorithm();
+        let sc = core_crypto::Ciphersuite::from(ciphersuite).signature_algorithm();
         self.inner
             .e2ei_is_enabled(sc)
             .await

crypto-ffi/src/core_crypto_context/mls.rs

@@ -1,5 +1,5 @@
 use core_crypto::{
-    ClientIdentifier, KeyPackageIn, MlsCiphersuite, MlsConversationConfiguration, RecursiveError, VerifiableGroupInfo,
+    Ciphersuite, ClientIdentifier, KeyPackageIn, MlsConversationConfiguration, RecursiveError, VerifiableGroupInfo,
     mls::conversation::Conversation as _, transaction_context::Error as TransactionError,
 };
 use tls_codec::{Deserialize as _, Serialize as _};
@@ -60,7 +60,7 @@ impl CoreCryptoContext {
         self.inner
             .mls_init(
                 ClientIdentifier::Basic(client_id.as_cc()),
-                &ciphersuites.into_iter().map(MlsCiphersuite::from).collect::<Vec<_>>(),
+                &ciphersuites.into_iter().map(Ciphersuite::from).collect::<Vec<_>>(),
             )
             .await?;
         Ok(())

crypto/benches/utils/mls.rs

@@ -5,8 +5,8 @@ use std::{
 
 use async_lock::RwLock;
 use core_crypto::{
-    CertificateBundle, ClientId, ConnectionType, ConversationId, CoreCrypto, Database, DatabaseKey, HistorySecret,
-    MlsCiphersuite, MlsCommitBundle, MlsConversationConfiguration, MlsCredentialType, MlsCustomConfiguration,
+    CertificateBundle, Ciphersuite, ClientId, ConnectionType, ConversationId, CoreCrypto, Database, DatabaseKey,
+    HistorySecret, MlsCommitBundle, MlsConversationConfiguration, MlsCredentialType, MlsCustomConfiguration,
     MlsGroupInfoBundle, MlsTransport, MlsTransportData, MlsTransportResponse, Session, SessionConfig,
 };
 use criterion::BenchmarkId;
@@ -35,7 +35,7 @@ pub enum MlsTestCase {
 }
 
 impl MlsTestCase {
-    pub fn get(&self) -> (Self, MlsCiphersuite, Option<CertificateBundle>) {
+    pub fn get(&self) -> (Self, Ciphersuite, Option<CertificateBundle>) {
         match self {
             MlsTestCase::Basic_Ciphersuite1 => (
                 *self,
@@ -59,7 +59,7 @@ impl MlsTestCase {
         }
     }
 
-    pub fn values() -> impl Iterator<Item = (Self, MlsCiphersuite, Option<CertificateBundle>, bool)> {
+    pub fn values() -> impl Iterator<Item = (Self, Ciphersuite, Option<CertificateBundle>, bool)> {
         [
             MlsTestCase::Basic_Ciphersuite1,
             #[cfg(feature = "test-all-cipher")]
@@ -121,7 +121,7 @@ impl Display for MlsTestCase {
 }
 
 pub async fn setup_mls(
-    ciphersuite: MlsCiphersuite,
+    ciphersuite: Ciphersuite,
     credential: Option<&CertificateBundle>,
     in_memory: bool,
 ) -> (CoreCrypto, ConversationId, Arc<dyn MlsTransportTestExt>) {
@@ -146,7 +146,7 @@ pub async fn setup_mls(
 }
 
 pub async fn new_central(
-    ciphersuite: MlsCiphersuite,
+    ciphersuite: Ciphersuite,
     // TODO: always None for the moment. Need to update the benches with some realistic certificates. Tracking issue: WPB-9589
     _credential: Option<&CertificateBundle>,
     in_memory: bool,
@@ -190,7 +190,7 @@ pub fn conversation_id() -> ConversationId {
 pub async fn add_clients(
     central: &mut Session,
     id: &ConversationId,
-    ciphersuite: MlsCiphersuite,
+    ciphersuite: Ciphersuite,
     nb_clients: usize,
     main_client_delivery_service: Arc<dyn MlsTransportTestExt>,
 ) -> (Vec<ClientId>, VerifiableGroupInfo) {
@@ -225,7 +225,7 @@ pub async fn add_clients(
 }
 
 pub async fn setup_mls_and_add_clients(
-    cipher_suite: MlsCiphersuite,
+    cipher_suite: Ciphersuite,
     credential: Option<&CertificateBundle>,
     in_memory: bool,
     client_count: usize,
@@ -253,7 +253,7 @@ fn create_signature_keypair(backend: &MlsCryptoProvider, ciphersuite: Ciphersuit
     SignatureKeyPair::new(ciphersuite.signature_algorithm(), &mut *rng).unwrap()
 }
 
-pub async fn rand_key_package(ciphersuite: MlsCiphersuite) -> (KeyPackage, ClientId) {
+pub async fn rand_key_package(ciphersuite: Ciphersuite) -> (KeyPackage, ClientId) {
     let client_id = Alphanumeric
         .sample_string(&mut rand::thread_rng(), 16)
         .as_bytes()
@@ -286,7 +286,7 @@ pub async fn invite(
     from: &mut Session,
     other: &mut Session,
     id: &ConversationId,
-    ciphersuite: MlsCiphersuite,
+    ciphersuite: Ciphersuite,
     delivery_service: Arc<dyn MlsTransportTestExt>,
 ) {
     let core_crypto = CoreCrypto::from(from.clone());

crypto/src/e2e_identity/crypto.rs

@@ -1,25 +1,25 @@
 use mls_crypto_provider::PkiKeypair;
 use openmls_basic_credential::SignatureKeyPair as OpenMlsSignatureKeyPair;
-use openmls_traits::types::{Ciphersuite, SignatureScheme};
+use openmls_traits::types::{Ciphersuite as MlsCiphersuite, SignatureScheme};
 use wire_e2e_identity::prelude::JwsAlgorithm;
 use zeroize::Zeroize;
 
 use super::error::*;
-use crate::{MlsCiphersuite, MlsError};
+use crate::{Ciphersuite, MlsError};
 
-impl TryFrom<MlsCiphersuite> for JwsAlgorithm {
+impl TryFrom<Ciphersuite> for JwsAlgorithm {
     type Error = Error;
 
-    fn try_from(cs: MlsCiphersuite) -> Result<Self> {
-        let cs = openmls_traits::types::Ciphersuite::from(cs);
+    fn try_from(cs: Ciphersuite) -> Result<Self> {
+        let cs = MlsCiphersuite::from(cs);
         Ok(match cs {
-            Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
-            | Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => JwsAlgorithm::Ed25519,
-            Ciphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => JwsAlgorithm::P256,
-            Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => JwsAlgorithm::P384,
-            Ciphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => JwsAlgorithm::P521,
-            Ciphersuite::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448
-            | Ciphersuite::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => return Err(Error::NotYetSupported),
+            MlsCiphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
+            | MlsCiphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 => JwsAlgorithm::Ed25519,
+            MlsCiphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256 => JwsAlgorithm::P256,
+            MlsCiphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384 => JwsAlgorithm::P384,
+            MlsCiphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521 => JwsAlgorithm::P521,
+            MlsCiphersuite::MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448
+            | MlsCiphersuite::MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 => return Err(Error::NotYetSupported),
         })
     }
 }

crypto/src/e2e_identity/enrollment/crypto.rs

@@ -3,13 +3,10 @@ use openmls::prelude::SignatureScheme;
 use openmls_traits::crypto::OpenMlsCrypto as _;
 
 use super::{Error, Result};
-use crate::{MlsCiphersuite, MlsError, e2e_identity::crypto::E2eiSignatureKeypair};
+use crate::{Ciphersuite, MlsError, e2e_identity::crypto::E2eiSignatureKeypair};
 
 impl super::E2eiEnrollment {
-    pub(crate) fn new_sign_key(
-        ciphersuite: MlsCiphersuite,
-        backend: &MlsCryptoProvider,
-    ) -> Result<E2eiSignatureKeypair> {
+    pub(crate) fn new_sign_key(ciphersuite: Ciphersuite, backend: &MlsCryptoProvider) -> Result<E2eiSignatureKeypair> {
         let (sk, _) = backend
             .signature_key_gen(ciphersuite.signature_algorithm())
             .map_err(MlsError::wrap("performing signature keygen"))?;

crypto/src/e2e_identity/enrollment/mod.rs

@@ -9,7 +9,7 @@ use wire_e2e_identity::{RustyE2eIdentity, prelude::E2eiAcmeAuthorization};
 use zeroize::Zeroize as _;
 
 use super::{EnrollmentHandle, Error, Json, Result, crypto::E2eiSignatureKeypair, id::QualifiedE2eiClientId, types};
-use crate::{ClientId, KeystoreError, MlsCiphersuite, MlsError};
+use crate::{Ciphersuite, ClientId, KeystoreError, MlsError};
 
 /// Wire end to end identity solution for fetching a x509 certificate which identifies a client.
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
@@ -27,7 +27,7 @@ pub struct E2eiEnrollment {
     device_authz: Option<E2eiAcmeAuthorization>,
     valid_order: Option<wire_e2e_identity::prelude::E2eiAcmeOrder>,
     finalize: Option<wire_e2e_identity::prelude::E2eiAcmeFinalize>,
-    pub(super) ciphersuite: MlsCiphersuite,
+    pub(super) ciphersuite: Ciphersuite,
     has_called_new_oidc_challenge_request: bool,
 }
 
@@ -56,7 +56,7 @@ impl E2eiEnrollment {
         team: Option<String>,
         expiry_sec: u32,
         backend: &MlsCryptoProvider,
-        ciphersuite: MlsCiphersuite,
+        ciphersuite: Ciphersuite,
         sign_keypair: Option<E2eiSignatureKeypair>,
         has_called_new_oidc_challenge_request: bool,
     ) -> Result<Self> {
@@ -88,7 +88,7 @@ impl E2eiEnrollment {
         })
     }
 
-    pub(crate) fn ciphersuite(&self) -> &MlsCiphersuite {
+    pub(crate) fn ciphersuite(&self) -> &Ciphersuite {
         &self.ciphersuite
     }
 

crypto/src/ephemeral.rs

@@ -27,7 +27,7 @@ use obfuscate::{Obfuscate, Obfuscated};
 use openmls::prelude::KeyPackageSecretEncapsulation;
 
 use crate::{
-    ClientId, ClientIdentifier, CoreCrypto, Error, MlsCiphersuite, MlsCredentialType, MlsError, RecursiveError, Result,
+    Ciphersuite, ClientId, ClientIdentifier, CoreCrypto, Error, MlsCredentialType, MlsError, RecursiveError, Result,
     Session, SessionConfig,
 };
 
@@ -56,7 +56,7 @@ impl Obfuscate for HistorySecret {
 /// Create a new [`CoreCrypto`] with an **uninitialized** mls session.
 ///
 /// You must initialize the session yourself before using this!
-async fn in_memory_cc_with_ciphersuite(ciphersuite: impl Into<MlsCiphersuite>) -> Result<CoreCrypto> {
+async fn in_memory_cc_with_ciphersuite(ciphersuite: impl Into<Ciphersuite>) -> Result<CoreCrypto> {
     let db = Database::open(ConnectionType::InMemory, &DatabaseKey::generate())
         .await
         .unwrap();
@@ -85,7 +85,7 @@ async fn in_memory_cc_with_ciphersuite(ciphersuite: impl Into<MlsCiphersuite>) -
 /// Note that this is a crate-private function; the public interface for this feature is
 /// [`Conversation::generate_history_secret`][core_crypto::mls::conversation::Conversation::generate_history_secret].
 /// This implementation lives here instead of there for organizational reasons.
-pub(crate) async fn generate_history_secret(ciphersuite: MlsCiphersuite) -> Result<HistorySecret> {
+pub(crate) async fn generate_history_secret(ciphersuite: Ciphersuite) -> Result<HistorySecret> {
     // generate a new completely arbitrary client id
     let client_id = uuid::Uuid::new_v4();
     let client_id = format!("{HISTORY_CLIENT_ID_PREFIX}-{client_id}");

crypto/src/lib.rs

@@ -54,7 +54,7 @@ pub use crate::{
         RecursiveError, Result, ToRecursiveError,
     },
     mls::{
-        ciphersuite::MlsCiphersuite,
+        ciphersuite::Ciphersuite,
         conversation::{
             ConversationId, MlsConversation,
             commit::MlsCommitBundle,