diff --git a/openmls/src/group/mls_group/processing.rs b/openmls/src/group/mls_group/processing.rs index 6d098f636..4e1e5e4e4 100644 --- a/openmls/src/group/mls_group/processing.rs +++ b/openmls/src/group/mls_group/processing.rs @@ -270,6 +270,7 @@ impl MlsGroup { // Checks the following semantic validation: // - ValSem010 // - ValSem246 (as part of ValSem010) + // - https://validation.openmls.tech/#valn1203 let (content, credential) = unverified_message.verify(self.ciphersuite(), provider.crypto(), self.version())?; @@ -361,6 +362,7 @@ impl MlsGroup { /// - ValSem003 /// - ValSem006 /// - ValSem007 MembershipTag presence + /// - https://validation.openmls.tech/#valn1202 pub(crate) fn decrypt_message( &mut self, crypto: &impl OpenMlsCrypto, diff --git a/openmls/src/group/public_group/process.rs b/openmls/src/group/public_group/process.rs index c04426c01..c5de9c974 100644 --- a/openmls/src/group/public_group/process.rs +++ b/openmls/src/group/public_group/process.rs @@ -200,6 +200,7 @@ impl PublicGroup { // Checks the following semantic validation: // - ValSem010 // - ValSem246 (as part of ValSem010) + // - https://validation.openmls.tech/#valn1203 let (content, credential) = unverified_message.verify(self.ciphersuite(), crypto, self.version())?; diff --git a/openmls/src/group/public_group/staged_commit.rs b/openmls/src/group/public_group/staged_commit.rs index e83961177..07fc9c170 100644 --- a/openmls/src/group/public_group/staged_commit.rs +++ b/openmls/src/group/public_group/staged_commit.rs @@ -47,6 +47,7 @@ impl PublicGroup { let ciphersuite = self.ciphersuite(); // Verify epoch + // https://validation.openmls.tech/#valn1201 if mls_content.epoch() != self.group_context().epoch() { log::error!( "Epoch mismatch. Got {:?}, expected {:?}", @@ -99,7 +100,8 @@ impl PublicGroup { self.validate_leaf_node(update_path.leaf_node())?; } - // Validate the staged proposals by doing the following checks: + // Validate the staged proposals. This implements https://validation.openmls.tech/#valn1204. + // This is done by doing the following checks: // ValSem101 // ValSem102 @@ -247,6 +249,7 @@ impl PublicGroup { diff.apply_received_update_path(crypto, ciphersuite, sender_index, update_path)?; } else if apply_proposals_values.path_required { // ValSem201 + // https://validation.openmls.tech/#valn1206 return Err(StageCommitError::RequiredPathNotFound); }; diff --git a/openmls/src/treesync/treekem.rs b/openmls/src/treesync/treekem.rs index 3c6660a69..848b9361e 100644 --- a/openmls/src/treesync/treekem.rs +++ b/openmls/src/treesync/treekem.rs @@ -408,6 +408,7 @@ impl UpdatePathIn { let leaf_node_in = self.leaf_node().clone(); let verifiable_leaf_node = leaf_node_in.into_verifiable_leaf_node(); match verifiable_leaf_node { + // https://validation.openmls.tech/#valn1208 VerifiableLeafNode::Commit(mut commit_leaf_node) => { let pk = &commit_leaf_node .signature_key()