From 7188b236ea02be735d77d5625fd85bac5c4d4a2f Mon Sep 17 00:00:00 2001
From: Richard Hua <rich@rkhua.com>
Date: Thu, 11 Jan 2024 23:28:22 +1100
Subject: [PATCH 1/3] feat: add legacy v2-signed keys

---
 go/keystore_api/v1/keystore.pb.go                |  2 +-
 go/message_api/v1/authn.pb.go                    |  2 +-
 go/message_api/v1/message_api.pb.go              |  2 +-
 go/message_api/v1/message_api_grpc.pb.go         |  2 +-
 go/message_api/v3/mls.pb.go                      |  2 +-
 go/message_api/v3/mls_grpc.pb.go                 |  2 +-
 go/message_contents/ciphertext.pb.go             |  2 +-
 go/message_contents/composite.pb.go              |  2 +-
 go/message_contents/contact.pb.go                |  2 +-
 go/message_contents/content.pb.go                |  2 +-
 go/message_contents/conversation_reference.pb.go |  2 +-
 go/message_contents/invitation.pb.go             |  2 +-
 go/message_contents/message.pb.go                |  2 +-
 go/message_contents/private_key.pb.go            |  2 +-
 go/message_contents/public_key.pb.go             |  2 +-
 go/message_contents/signature.pb.go              |  2 +-
 go/mls/message_contents/message.pb.go            |  2 +-
 go/mls_validation/v1/service.pb.go               |  2 +-
 go/mls_validation/v1/service_grpc.pb.go          |  2 +-
 proto/mls/message_contents/association.proto     | 10 ++++++++++
 proto/mls/message_contents/credential.proto      |  8 ++++++--
 21 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/go/keystore_api/v1/keystore.pb.go b/go/keystore_api/v1/keystore.pb.go
index 16b4c7cf..bb3b71f3 100644
--- a/go/keystore_api/v1/keystore.pb.go
+++ b/go/keystore_api/v1/keystore.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: keystore_api/v1/keystore.proto
 
 package v1
diff --git a/go/message_api/v1/authn.pb.go b/go/message_api/v1/authn.pb.go
index a3126aec..2f86aaab 100644
--- a/go/message_api/v1/authn.pb.go
+++ b/go/message_api/v1/authn.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_api/v1/authn.proto
 
 package v1
diff --git a/go/message_api/v1/message_api.pb.go b/go/message_api/v1/message_api.pb.go
index 88c223d6..7834359f 100644
--- a/go/message_api/v1/message_api.pb.go
+++ b/go/message_api/v1/message_api.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_api/v1/message_api.proto
 
 package v1
diff --git a/go/message_api/v1/message_api_grpc.pb.go b/go/message_api/v1/message_api_grpc.pb.go
index 554ccd12..f2453d62 100644
--- a/go/message_api/v1/message_api_grpc.pb.go
+++ b/go/message_api/v1/message_api_grpc.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.3.0
-// - protoc             v4.25.1
+// - protoc             v3.21.12
 // source: message_api/v1/message_api.proto
 
 package v1
diff --git a/go/message_api/v3/mls.pb.go b/go/message_api/v3/mls.pb.go
index 869950e0..9143919f 100644
--- a/go/message_api/v3/mls.pb.go
+++ b/go/message_api/v3/mls.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_api/v3/mls.proto
 
 package v3
diff --git a/go/message_api/v3/mls_grpc.pb.go b/go/message_api/v3/mls_grpc.pb.go
index ec818785..c5780093 100644
--- a/go/message_api/v3/mls_grpc.pb.go
+++ b/go/message_api/v3/mls_grpc.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.3.0
-// - protoc             v4.25.1
+// - protoc             v3.21.12
 // source: message_api/v3/mls.proto
 
 package v3
diff --git a/go/message_contents/ciphertext.pb.go b/go/message_contents/ciphertext.pb.go
index 528f109f..6caf1a1d 100644
--- a/go/message_contents/ciphertext.pb.go
+++ b/go/message_contents/ciphertext.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/ciphertext.proto
 
 package message_contents
diff --git a/go/message_contents/composite.pb.go b/go/message_contents/composite.pb.go
index 3395357a..cf539786 100644
--- a/go/message_contents/composite.pb.go
+++ b/go/message_contents/composite.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/composite.proto
 
 package message_contents
diff --git a/go/message_contents/contact.pb.go b/go/message_contents/contact.pb.go
index 49bf0b49..1a0edc54 100644
--- a/go/message_contents/contact.pb.go
+++ b/go/message_contents/contact.pb.go
@@ -7,7 +7,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/contact.proto
 
 package message_contents
diff --git a/go/message_contents/content.pb.go b/go/message_contents/content.pb.go
index 26fa2800..25455f53 100644
--- a/go/message_contents/content.pb.go
+++ b/go/message_contents/content.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/content.proto
 
 package message_contents
diff --git a/go/message_contents/conversation_reference.pb.go b/go/message_contents/conversation_reference.pb.go
index d933282d..5599bab9 100644
--- a/go/message_contents/conversation_reference.pb.go
+++ b/go/message_contents/conversation_reference.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/conversation_reference.proto
 
 package message_contents
diff --git a/go/message_contents/invitation.pb.go b/go/message_contents/invitation.pb.go
index 72ac731c..bea21169 100644
--- a/go/message_contents/invitation.pb.go
+++ b/go/message_contents/invitation.pb.go
@@ -5,7 +5,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/invitation.proto
 
 package message_contents
diff --git a/go/message_contents/message.pb.go b/go/message_contents/message.pb.go
index 21fcc9f9..6ace49b3 100644
--- a/go/message_contents/message.pb.go
+++ b/go/message_contents/message.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/message.proto
 
 package message_contents
diff --git a/go/message_contents/private_key.pb.go b/go/message_contents/private_key.pb.go
index bb257bc7..853063df 100644
--- a/go/message_contents/private_key.pb.go
+++ b/go/message_contents/private_key.pb.go
@@ -6,7 +6,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/private_key.proto
 
 package message_contents
diff --git a/go/message_contents/public_key.pb.go b/go/message_contents/public_key.pb.go
index bfa0c886..4faa728e 100644
--- a/go/message_contents/public_key.pb.go
+++ b/go/message_contents/public_key.pb.go
@@ -4,7 +4,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/public_key.proto
 
 package message_contents
diff --git a/go/message_contents/signature.pb.go b/go/message_contents/signature.pb.go
index e0cb1fb8..9bd630c4 100644
--- a/go/message_contents/signature.pb.go
+++ b/go/message_contents/signature.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: message_contents/signature.proto
 
 package message_contents
diff --git a/go/mls/message_contents/message.pb.go b/go/mls/message_contents/message.pb.go
index eba427dd..797b6ed8 100644
--- a/go/mls/message_contents/message.pb.go
+++ b/go/mls/message_contents/message.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: mls/message_contents/message.proto
 
 package message_contents
diff --git a/go/mls_validation/v1/service.pb.go b/go/mls_validation/v1/service.pb.go
index 913585fb..cdba0b77 100644
--- a/go/mls_validation/v1/service.pb.go
+++ b/go/mls_validation/v1/service.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.1
-// 	protoc        v4.25.1
+// 	protoc        v3.21.12
 // source: mls_validation/v1/service.proto
 
 package v1
diff --git a/go/mls_validation/v1/service_grpc.pb.go b/go/mls_validation/v1/service_grpc.pb.go
index 69af37fd..1aa45f6a 100644
--- a/go/mls_validation/v1/service_grpc.pb.go
+++ b/go/mls_validation/v1/service_grpc.pb.go
@@ -3,7 +3,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.3.0
-// - protoc             v4.25.1
+// - protoc             v3.21.12
 // source: mls_validation/v1/service.proto
 
 package v1
diff --git a/proto/mls/message_contents/association.proto b/proto/mls/message_contents/association.proto
index 1d2ebb09..4967475e 100644
--- a/proto/mls/message_contents/association.proto
+++ b/proto/mls/message_contents/association.proto
@@ -3,6 +3,8 @@ syntax = "proto3";
 
 package xmtp.mls.message_contents;
 
+import "message_contents/public_key.proto";
+
 option go_package = "github.com/xmtp/proto/v3/go/mls/message_contents";
 option java_package = "org.xmtp.proto.mls.message.contents";
 
@@ -21,6 +23,14 @@ message Eip191Association {
   string iso8601_time = 4;
 }
 
+// LegacyCreateIdentityAssociation is used when a v3 installation key
+// is signed by a v2 identity key, which in turn is signed via a
+// 'CreateIdentity' wallet signature
+message LegacyCreateIdentityAssociation {
+  RecoverableEcdsaSignature signature = 1;
+  SignedPublicKey legacy_create_identity_key = 2;
+}
+
 // RecoverableEcdsaSignature
 message RecoverableEcdsaSignature {
   // Includes recovery id as the last byte
diff --git a/proto/mls/message_contents/credential.proto b/proto/mls/message_contents/credential.proto
index b247fd7f..93ad4c3a 100644
--- a/proto/mls/message_contents/credential.proto
+++ b/proto/mls/message_contents/credential.proto
@@ -13,13 +13,17 @@ message MlsCredential {
   bytes installation_public_key = 1;
   oneof association {
     Eip191Association eip_191 = 2;
+    LegacyCreateIdentityAssociation legacy_create_identity = 3;
   }
 }
 
 // A declaration and proof that a credential is no longer valid
 message CredentialRevocation {
-  bytes installation_public_key = 1;
+  oneof public_key {
+    bytes installation_key = 1;
+    bytes legacy_create_identity_key = 2;
+  }
   oneof association {
-    Eip191Association eip_191 = 2;
+    Eip191Association eip_191 = 3;
   }
 }

From 6b78a4bd1170fdf7029f54b366f7b0a844637699 Mon Sep 17 00:00:00 2001
From: Richard Hua <rich@rkhua.com>
Date: Thu, 11 Jan 2024 23:45:03 +1100
Subject: [PATCH 2/3] fix: fix import of SignedPublicKey

---
 proto/mls/message_contents/association.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proto/mls/message_contents/association.proto b/proto/mls/message_contents/association.proto
index 4967475e..caffd370 100644
--- a/proto/mls/message_contents/association.proto
+++ b/proto/mls/message_contents/association.proto
@@ -28,7 +28,7 @@ message Eip191Association {
 // 'CreateIdentity' wallet signature
 message LegacyCreateIdentityAssociation {
   RecoverableEcdsaSignature signature = 1;
-  SignedPublicKey legacy_create_identity_key = 2;
+  xmtp.message_contents.SignedPublicKey legacy_create_identity_key = 2;
 }
 
 // RecoverableEcdsaSignature

From 059ce564b59226853a63ca523c0da213db74f442 Mon Sep 17 00:00:00 2001
From: Richard Hua <rich@rkhua.com>
Date: Fri, 12 Jan 2024 10:49:35 +1100
Subject: [PATCH 3/3] fix: revoke the unsigned legacy identity key bytes, not
 the serialized proto

---
 proto/mls/message_contents/association.proto | 2 +-
 proto/mls/message_contents/credential.proto  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/proto/mls/message_contents/association.proto b/proto/mls/message_contents/association.proto
index caffd370..ac7653bc 100644
--- a/proto/mls/message_contents/association.proto
+++ b/proto/mls/message_contents/association.proto
@@ -28,7 +28,7 @@ message Eip191Association {
 // 'CreateIdentity' wallet signature
 message LegacyCreateIdentityAssociation {
   RecoverableEcdsaSignature signature = 1;
-  xmtp.message_contents.SignedPublicKey legacy_create_identity_key = 2;
+  xmtp.message_contents.SignedPublicKey signed_legacy_create_identity_key = 2;
 }
 
 // RecoverableEcdsaSignature
diff --git a/proto/mls/message_contents/credential.proto b/proto/mls/message_contents/credential.proto
index 93ad4c3a..cd6f1c7b 100644
--- a/proto/mls/message_contents/credential.proto
+++ b/proto/mls/message_contents/credential.proto
@@ -21,7 +21,7 @@ message MlsCredential {
 message CredentialRevocation {
   oneof public_key {
     bytes installation_key = 1;
-    bytes legacy_create_identity_key = 2;
+    bytes unsigned_legacy_create_identity_key = 2;
   }
   oneof association {
     Eip191Association eip_191 = 3;