chore: adjust CC to handle new type names

Note that this includes renaming a bunch of keystore entities
from `MlsFoo` to `StoredFoo`, because

1. Those were not properly types owned by MLS
2. They were causing conflicts with actual types owned by MLS
3. The whole situation there was just confusing.

Author: coriolinus

crypto/src/e2e_identity/enrollment/crypto.rs

@@ -1,6 +1,6 @@
 use mls_crypto_provider::{MlsCryptoProvider, RustCrypto};
 use openmls::prelude::SignatureScheme;
-use openmls_traits::{OpenMlsCryptoProvider as _, crypto::OpenMlsCrypto as _};
+use openmls_traits::crypto::OpenMlsCrypto as _;
 
 use super::{Error, Result};
 use crate::{MlsCiphersuite, MlsError, e2e_identity::crypto::E2eiSignatureKeypair};
@@ -11,7 +11,6 @@ impl super::E2eiEnrollment {
         backend: &MlsCryptoProvider,
     ) -> Result<E2eiSignatureKeypair> {
         let (sk, _) = backend
-            .crypto()
             .signature_key_gen(ciphersuite.signature_algorithm())
             .map_err(MlsError::wrap("performing signature keygen"))?;
         E2eiSignatureKeypair::try_new(ciphersuite.signature_algorithm(), sk)

crypto/src/mls/ciphersuite.rs

@@ -4,7 +4,9 @@ use wire_e2e_identity::prelude::HashAlgorithm;
 use super::{Error, Result};
 use crate::CiphersuiteName;
 
-#[derive(Debug, Copy, Clone, Eq, PartialEq, Hash, derive_more::Deref, serde::Serialize, serde::Deserialize)]
+#[derive(
+    Debug, Copy, Clone, Eq, PartialEq, PartialOrd, Ord, Hash, derive_more::Deref, serde::Serialize, serde::Deserialize,
+)]
 #[serde(transparent)]
 #[repr(transparent)]
 /// A wrapper for the OpenMLS Ciphersuite, so that we are able to provide a default value.

crypto/src/mls/conversation/config.rs

@@ -10,7 +10,6 @@ use openmls::prelude::{
     RequiredCapabilitiesExtension, SenderRatchetConfiguration, WireFormatPolicy,
 };
 use openmls_traits::{
-    OpenMlsCryptoProvider,
     crypto::OpenMlsCrypto,
     types::{Ciphersuite, SignatureScheme},
 };
@@ -125,7 +124,6 @@ impl MlsConversationConfiguration {
         backend: &MlsCryptoProvider,
     ) -> Result<ExternalSender> {
         backend
-            .crypto()
             .validate_signature_key(signature_scheme, &key[..])
             .map_err(MlsError::wrap("validating signature key"))?;
         let key = OpenMlsSignaturePublicKey::new(key.into(), signature_scheme)

crypto/src/mls/conversation/conversation_guard/commit.rs

@@ -11,7 +11,7 @@ use crate::{
             Conversation as _, ConversationGuard, ConversationWithMls as _, Error, Result, commit::MlsCommitBundle,
         },
         credential::{
-            CredentialBundle,
+            Credential,
             crl::{extract_crl_uris_from_credentials, get_new_crl_distribution_points},
         },
     },
@@ -109,7 +109,7 @@ impl ConversationGuard {
     ) -> Result<(NewCrlDistributionPoints, MlsCommitBundle)> {
         self.ensure_no_pending_commit().await?;
         let backend = self.crypto_provider().await?;
-        let credential = self.credential_bundle().await?;
+        let credential = self.credential().await?;
         let signer = credential.signature_key();
         let mut conversation = self.conversation_mut().await;
 
@@ -155,7 +155,7 @@ impl ConversationGuard {
     pub async fn remove_members(&mut self, clients: &[ClientId]) -> Result<()> {
         self.ensure_no_pending_commit().await?;
         let backend = self.crypto_provider().await?;
-        let credential = self.credential_bundle().await?;
+        let credential = self.credential().await?;
         let signer = credential.signature_key();
         let mut conversation = self.inner.write().await;
 
@@ -205,19 +205,19 @@ impl ConversationGuard {
     /// [crate::transaction_context::TransactionContext::e2ei_new_activation_enrollment] or
     /// [crate::transaction_context::TransactionContext::e2ei_new_rotate_enrollment] and having saved it with
     /// [crate::transaction_context::TransactionContext::save_x509_credential].
-    pub async fn e2ei_rotate(&mut self, cb: Option<&CredentialBundle>) -> Result<()> {
+    pub async fn e2ei_rotate(&mut self, cb: Option<&Credential>) -> Result<()> {
         let client = &self.session().await?;
         let conversation = self.conversation().await;
 
         let cb = match cb {
             Some(cb) => cb,
-            None => &client
-                .find_most_recent_credential_bundle(
+            None => &*client
+                .find_most_recent_credential(
                     conversation.ciphersuite().signature_algorithm(),
                     MlsCredentialType::X509,
                 )
                 .await
-                .map_err(RecursiveError::mls_client("finding most recent x509 credential bundle"))?,
+                .map_err(RecursiveError::mls_client("finding most recent x509 credential"))?,
         };
 
         let mut leaf_node = conversation
@@ -237,20 +237,20 @@ impl ConversationGuard {
 
     pub(crate) async fn update_key_material_inner(
         &mut self,
-        cb: Option<&CredentialBundle>,
+        cb: Option<&Credential>,
         leaf_node: Option<LeafNode>,
     ) -> Result<MlsCommitBundle> {
         self.ensure_no_pending_commit().await?;
         let session = &self.session().await?;
         let backend = &self.crypto_provider().await?;
         let mut conversation = self.conversation_mut().await;
         let cb = match cb {
-            None => &conversation.find_most_recent_credential_bundle(session).await?,
+            None => &conversation.find_most_recent_credential(session).await?,
             Some(cb) => cb,
         };
         let (commit, welcome, group_info) = conversation
             .group
-            .explicit_self_update(backend, &cb.signature_key, leaf_node)
+            .explicit_self_update(backend, &cb.signature_key_pair, leaf_node)
             .await
             .map_err(MlsError::wrap("group self update"))?;
 
@@ -288,7 +288,7 @@ impl ConversationGuard {
             return Ok(None);
         }
 
-        let signer = &inner.find_most_recent_credential_bundle(session).await?.signature_key;
+        let signer = &inner.find_most_recent_credential(session).await?.signature_key_pair;
 
         let (commit, welcome, gi) = inner
             .group
@@ -317,7 +317,7 @@ impl ConversationGuard {
         if proposals.is_empty() {
             return Ok(None);
         }
-        let signer = &inner.find_most_recent_credential_bundle(session).await?.signature_key;
+        let signer = &inner.find_most_recent_credential(session).await?.signature_key_pair;
 
         let (commit, welcome, gi) = inner
             .group

crypto/src/mls/conversation/conversation_guard/decrypt/buffer_commit.rs

@@ -1,4 +1,4 @@
-use core_crypto_keystore::{connection::FetchFromDatabase as _, entities::MlsBufferedCommit};
+use core_crypto_keystore::{connection::FetchFromDatabase as _, entities::StoredBufferedCommit};
 use log::info;
 use openmls::framing::MlsMessageIn;
 use openmls_traits::OpenMlsCryptoProvider as _;
@@ -16,7 +16,7 @@ impl ConversationGuard {
         let conversation = self.conversation().await;
         info!(group_id = conversation.id(); "buffering commit");
 
-        let buffered_commit = MlsBufferedCommit::new(conversation.id().to_bytes(), commit.as_ref().to_owned());
+        let buffered_commit = StoredBufferedCommit::new(conversation.id().to_bytes(), commit.as_ref().to_owned());
 
         self.crypto_provider()
             .await?
@@ -34,9 +34,9 @@ impl ConversationGuard {
         self.crypto_provider()
             .await?
             .keystore()
-            .find::<MlsBufferedCommit>(conversation.id())
+            .find::<StoredBufferedCommit>(conversation.id())
             .await
-            .map(|option| option.map(MlsBufferedCommit::into_commit_data))
+            .map(|option| option.map(StoredBufferedCommit::into_commit_data))
             .map_err(KeystoreError::wrap("attempting to retrieve buffered commit"))
             .map_err(Into::into)
     }
@@ -69,7 +69,7 @@ impl ConversationGuard {
         self.crypto_provider()
             .await?
             .keystore()
-            .remove::<MlsBufferedCommit, _>(conversation.id())
+            .remove::<StoredBufferedCommit, _>(conversation.id())
             .await
             .map_err(KeystoreError::wrap("attempting to clear buffered commit"))
             .map_err(Into::into)

crypto/src/mls/conversation/conversation_guard/encrypt.rs

@@ -20,7 +20,7 @@ impl ConversationGuard {
     /// from OpenMls and the KeyStore
     pub async fn encrypt_message(&mut self, message: impl AsRef<[u8]>) -> Result<Vec<u8>> {
         let backend = self.crypto_provider().await?;
-        let credential = self.credential_bundle().await?;
+        let credential = self.credential().await?;
         let signer = credential.signature_key();
         let mut inner = self.conversation_mut().await;
         let encrypted = inner

crypto/src/mls/conversation/conversation_guard/mod.rs

@@ -9,7 +9,7 @@ use super::{ConversationWithMls, Error, MlsConversation, Result};
 use crate::{
     KeystoreError, LeafError, MlsGroupInfoBundle, MlsTransport, RecursiveError,
     group_store::GroupStoreValue,
-    mls::{conversation::ConversationIdRef, credential::CredentialBundle},
+    mls::{conversation::ConversationIdRef, credential::Credential},
     transaction_context::TransactionContext,
 };
 mod commit;
@@ -121,11 +121,11 @@ impl ConversationGuard {
         }
     }
 
-    async fn credential_bundle(&self) -> Result<Arc<CredentialBundle>> {
+    async fn credential(&self) -> Result<Arc<Credential>> {
         let client = self.session().await?;
         let inner = self.conversation().await;
         inner
-            .find_current_credential_bundle(&client)
+            .find_current_credential(&client)
             .await
             .map_err(|_| Error::IdentityInitializationError)
     }

crypto/src/mls/conversation/merge.rs

@@ -11,7 +11,7 @@
 //! | 1+ pend. Proposal | ❌              | ✅              |
 //!
 
-use core_crypto_keystore::entities::MlsEncryptionKeyPair;
+use core_crypto_keystore::entities::StoredEncryptionKeyPair;
 use mls_crypto_provider::MlsCryptoProvider;
 use openmls_traits::OpenMlsCryptoProvider;
 
@@ -35,7 +35,7 @@ impl MlsConversation {
         // ..so if there's any, we clear them after the commit is merged
         for oln in &previous_own_leaf_nodes {
             let ek = oln.encryption_key().as_slice();
-            let _ = backend.key_store().remove::<MlsEncryptionKeyPair, _>(ek).await;
+            let _ = backend.key_store().remove::<StoredEncryptionKeyPair, _>(ek).await;
         }
 
         client

crypto/src/mls/conversation/mod.rs

@@ -25,7 +25,7 @@ use log::trace;
 use mls_crypto_provider::{Database, MlsCryptoProvider};
 use openmls::{
     group::MlsGroup,
-    prelude::{Credential, CredentialWithKey, LeafNodeIndex, Proposal, SignaturePublicKey},
+    prelude::{Credential as MlsCredential, CredentialWithKey, LeafNodeIndex, Proposal, SignaturePublicKey},
 };
 use openmls_traits::{OpenMlsCryptoProvider, types::SignatureScheme};
 
@@ -57,7 +57,7 @@ pub use conversation_guard::ConversationGuard;
 pub use error::{Error, Result};
 pub use immutable_conversation::ImmutableConversation;
 
-use super::credential::CredentialBundle;
+use super::credential::Credential;
 use crate::{
     UserId,
     mls::{HasSessionAndCrypto, credential::ext::CredentialExt as _},
@@ -391,13 +391,13 @@ impl MlsConversation {
     ) -> Result<Self> {
         let (cs, ct) = (configuration.ciphersuite, creator_credential_type);
         let cb = author_client
-            .get_most_recent_or_create_credential_bundle(backend, cs.signature_algorithm(), ct)
+            .get_most_recent_or_create_credential(backend, cs.signature_algorithm(), ct)
             .await
-            .map_err(RecursiveError::mls_client("getting or creating credential bundle"))?;
+            .map_err(RecursiveError::mls_client("getting or creating credential"))?;
 
         let group = MlsGroup::new_with_group_id(
             backend,
-            &cb.signature_key,
+            &cb.signature_key_pair,
             &configuration.as_openmls_default_configuration()?,
             openmls::prelude::GroupId::from_slice(id.as_ref()),
             cb.to_mls_credential_with_key(),
@@ -469,7 +469,7 @@ impl MlsConversation {
     }
 
     /// Returns all members credentials from the group/conversation
-    pub fn members(&self) -> HashMap<Vec<u8>, Credential> {
+    pub fn members(&self) -> HashMap<Vec<u8>, MlsCredential> {
         self.group.members().fold(HashMap::new(), |mut acc, kp| {
             let credential = kp.credential;
             let id = credential.identity().to_vec();
@@ -557,30 +557,30 @@ impl MlsConversation {
         self.ciphersuite().signature_algorithm()
     }
 
-    pub(crate) async fn find_current_credential_bundle(&self, client: &Session) -> Result<Arc<CredentialBundle>> {
+    pub(crate) async fn find_current_credential(&self, client: &Session) -> Result<Arc<Credential>> {
         let own_leaf = self.group.own_leaf().ok_or(LeafError::InternalMlsError)?;
         let sc = self.ciphersuite().signature_algorithm();
         let ct = self
             .own_credential_type()
             .map_err(RecursiveError::mls_conversation("getting own credential type"))?;
 
         client
-            .find_credential_bundle_by_public_key(sc, ct, own_leaf.signature_key())
+            .find_credential_by_public_key(sc, ct, own_leaf.signature_key())
             .await
-            .map_err(RecursiveError::mls_client("finding current credential bundle"))
+            .map_err(RecursiveError::mls_client("finding current credential"))
             .map_err(Into::into)
     }
 
-    pub(crate) async fn find_most_recent_credential_bundle(&self, client: &Session) -> Result<Arc<CredentialBundle>> {
+    pub(crate) async fn find_most_recent_credential(&self, client: &Session) -> Result<Arc<Credential>> {
         let sc = self.ciphersuite().signature_algorithm();
         let ct = self
             .own_credential_type()
             .map_err(RecursiveError::mls_conversation("getting own credential type"))?;
 
         client
-            .find_most_recent_credential_bundle(sc, ct)
+            .find_most_recent_credential(sc, ct)
             .await
-            .map_err(RecursiveError::mls_client("finding most recent credential bundle"))
+            .map_err(RecursiveError::mls_client("finding most recent credential"))
             .map_err(Into::into)
     }
 }

crypto/src/mls/conversation/proposal.rs

@@ -26,10 +26,10 @@ impl MlsConversation {
         key_package: KeyPackageIn,
     ) -> Result<MlsProposalBundle> {
         let signer = &self
-            .find_current_credential_bundle(client)
+            .find_current_credential(client)
             .await
             .map_err(|_| Error::IdentityInitializationError)?
-            .signature_key;
+            .signature_key_pair;
 
         let crl_new_distribution_points = get_new_crl_distribution_points(
             backend,
@@ -62,10 +62,10 @@ impl MlsConversation {
         member: LeafNodeIndex,
     ) -> Result<MlsProposalBundle> {
         let signer = &self
-            .find_current_credential_bundle(client)
+            .find_current_credential(client)
             .await
             .map_err(|_| Error::IdentityInitializationError)?
-            .signature_key;
+            .signature_key_pair;
         let proposal = self
             .group
             .propose_remove_member(backend, signer, member)
@@ -94,13 +94,13 @@ impl MlsConversation {
         leaf_node: Option<LeafNode>,
     ) -> Result<MlsProposalBundle> {
         let msg_signer = &self
-            .find_current_credential_bundle(client)
+            .find_current_credential(client)
             .await
             .map_err(|_| Error::IdentityInitializationError)?
-            .signature_key;
+            .signature_key_pair;
 
         let proposal = if let Some(leaf_node) = leaf_node {
-            let leaf_node_signer = &self.find_most_recent_credential_bundle(client).await?.signature_key;
+            let leaf_node_signer = &self.find_most_recent_credential(client).await?.signature_key_pair;
 
             self.group
                 .propose_explicit_self_update(backend, msg_signer, leaf_node, leaf_node_signer)