refactor: refactor mls_session #1728
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bencher Report
fewerner
force-pushed
the
felix/refactor/mls-session
branch
5 times, most recently
from
a96ec22 to
805938d
Compare
Member
|
Could you please mark the commits with breaking changes as such? Also, there is f96d144, looks like it is supposed to be autosquashed? |
Member
|
Regarding in c761fea:
This is also currently a feature since it allows clients to decrypt proteus and mls messages within a single transaction. |
typfel
requested changes
Jan 7, 2026
Member
typfel
left a comment
typfel
left a comment
There was a problem hiding this comment.
Nice work!
Added some comments.
I think there's some clean up necessary on the commit messages. We are following the https://www.conventionalcommits.org/en/v1.0.0/ so you can't stack things like this:
test: ts: set transport on mlsInit()
it should instead be written as:
test(ts): set transport on mlsInit()
Contributor
Author
Sure. The commit changes one of your commits, so I decided to it as a fixup, I will autosquash it before merge. |
fewerner
force-pushed
the
felix/refactor/mls-session
branch
2 times, most recently
from
51810f1 to
7ad1cb3
Compare
typfel
approved these changes
Jan 8, 2026
The idea here is to create an "empty" CoreCrypto client first that holds no session and no pki environment. We create the mls Session on mls init which allows us to get rid of the inner session and provide transport as part of mls_init. The keystore should live in CoreCrypto since it is shared between proteus and mls. Proteus should not need to know anything about the mls session.
This removes the anti pattern where the session had to be instantiated in order to call `.init()`. Instead, we prepare the constructor arguments beforehand. All we need is the keystore database which we have here which will be the session's crypto_provider's keystore after instantiation.
Getting the client id is no longer async and is a simple `clone()`.
We provide a dummy implementation to the transport argument here. Since the history client is a very special case this should be ok. The general use case of a session always needs transport, so we rather not make it optional.
This should not be needed anymore as we use CoreCrypto::new() and then provide the database on session initialization
We already have a client id and empty identities, so we just create the session directly.
We change the order here to have a mls session before setting up the pki to make the existing tests that call this still pass. Otherwise every call to this method would result in an MlsNotInitialized Error.
proteus should not depend on the mls crypto provider's keystore which is part of a mls session. Instead just use the CC's keystore.
proteus transactions should not rely on the the mls crypto provider to access the keystore. mls members are only available when the mls session exists, so lets access them through the mls session. I think there is a design flaw in the transaction context that we should address later. The transaction context never knows if it is a mls or proteus transaction. There should probably be separate transaction contexts so that a transaction context just uses its session instead of checking for it's existence. It also doesn't need to know anything about the other session. However, for now we keep it like that. Also setting transport on an already initialized session is no longer possible. It only existed for tests which we will have to adjust.
A session always has transport
We no longer have an inner session. A session is always initialized and can't be reset or replaced without droping the session and creating a new one.
Identities used to be locked through the inner session. We still need some kind of lock here to avoid larger refactoring or locking the whole mls session.
Not needed anymore!
We don't need to test behavior of uninitialized MLS sessions, because e2ei can now only be initialized when mls is (this is to change in the future, but not yet).
We can't reinit the inner anymore so the SessionContext has to reinit the entire session.
Since the transaction context knows the database, we should get it directly.
Note that this test won't actually work and we will have to ignore it until the pki environment api has been refactored. However, we adjust it to the refactoring already.
These tests initialize the pki without a session which is fine and must be working. However, with the current session refactoring does not support this so we disable the tests for now. The tests have to be enabled and working again with WPB-19578.
These logs should not have been merged previously.
This test assumes that the pki environment can be used before initializing the mls session. This will be the case again with WPB-19578 which should revert this commit.
previously this used the session to access the keystore. Since we didn't initialize it this doesn't work anymore. We can use the transaction which knows the keystore. This is a design flaw overall. We have to discuss the best practice here. It would make sense to move getters to the CC instance which is how it is in the FFI layer.
fewerner
force-pushed
the
felix/refactor/mls-session
branch
from
7ad1cb3 to
d78584b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's new in this PR
This PR simplifies the way an mls_session is created and removes the inner session.
It also removes
provideTransport()and transport will now be provided onmlsInit()since every mls session needs transport.The database will be known by the CC instance and transaction context to avoid database usage through the mls session's crypto provider were it is not needed.
PR Submission Checklist for internal contributors
SQPIT-764feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.