From 8303bd85bada793684b34cb59294c72c1c148d08 Mon Sep 17 00:00:00 2001 From: Jazz Turner-Baggs <473256+jazzz@users.noreply.github.com> Date: Sat, 13 Jun 2026 08:57:52 -0700 Subject: [PATCH] Downgrade Ciphersuite --- core/conversations/src/conversation/group_v1.rs | 6 +++--- core/conversations/src/inbox_v2.rs | 11 +++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/core/conversations/src/conversation/group_v1.rs b/core/conversations/src/conversation/group_v1.rs index 3763eb6..0d0d433 100644 --- a/core/conversations/src/conversation/group_v1.rs +++ b/core/conversations/src/conversation/group_v1.rs @@ -39,7 +39,7 @@ impl std::fmt::Debug for GroupV1Convo { impl GroupV1Convo { // Create a new conversation with the creator as the only participant. pub fn new(cx: &mut ServiceContext) -> Result { - let config = Self::mls_create_config(); + let config = Self::mls_create_config(cx); let mls_group = MlsGroup::new( &cx.mls_provider, &cx.mls_identity, @@ -105,9 +105,9 @@ impl GroupV1Convo { Ok(()) } - fn mls_create_config() -> MlsGroupCreateConfig { + fn mls_create_config(cx: &mut ServiceContext) -> MlsGroupCreateConfig { MlsGroupCreateConfig::builder() - .ciphersuite(Ciphersuite::MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519) + .ciphersuite(cx.mls_provider.crypto().supported_ciphersuites()[0]) .use_ratchet_tree_extension(true) // This is handy for now, until there is central store for this data .build() } diff --git a/core/conversations/src/inbox_v2.rs b/core/conversations/src/inbox_v2.rs index 7d5259c..23589ff 100644 --- a/core/conversations/src/inbox_v2.rs +++ b/core/conversations/src/inbox_v2.rs @@ -1,8 +1,6 @@ mod identity; mod mls_provider; -use crypto::Ed25519VerifyingKey; -pub use identity::MlsIdentityProvider; use chat_proto::logoschat::envelope::EnvelopeV1; use crypto::Ed25519VerifyingKey; use de_mls::protos::de_mls::messages::v1::MemberWelcome; @@ -31,6 +29,9 @@ use crate::{ }; use crate::{IdentId, IdentIdRef, IdentityProvider}; +// Downgraded from MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519 until demls accepts an external provider +const CIPHER_SUITE: Ciphersuite = Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519; + // Define unique Identifiers derivations used in InboxV2 fn delivery_address_for(ident_id: IdentIdRef) -> String { blake2b_hex::(&["InboxV2|", "delivery_address|", ident_id.as_str()]) @@ -201,15 +202,13 @@ impl InboxV2 { cx: &ServiceContext, ) -> Result { let capabilities = Capabilities::builder() - .ciphersuites(vec![ - Ciphersuite::MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519, - ]) + .ciphersuites(vec![CIPHER_SUITE]) .extensions(vec![ExtensionType::ApplicationId]) .build(); let a = KeyPackage::builder() .leaf_node_capabilities(capabilities) .build( - Ciphersuite::MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519, + CIPHER_SUITE, &cx.mls_provider, &cx.mls_identity, cx.mls_identity.get_credential(),