Skip to content

Commit

Permalink
Merge branch 'openmls:main' into jwl/epoch-in-verifiablegroupinfo
Browse files Browse the repository at this point in the history
  • Loading branch information
@josephlukefahr
josephlukefahr authored Oct 31, 2024
2 parents 7afa36a + fba978d commit 9576558
Show file tree
Hide file tree
Showing 27 changed files with 194 additions and 38 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added

- [#1666](https://github.com/openmls/openmls/pull/1666): Add `members()` and `group_context()` getter methods to `StagedWelcome`.

## 0.6.0 (2024-09-04)

### Added
Expand Down
1 change: 1 addition & 0 deletions openmls/src/ciphersuite/hpke.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ impl From<CryptoError> for Error {
}
}

/// Context for HPKE encryption
#[derive(Debug, Clone, TlsSerialize, TlsDeserialize, TlsDeserializeBytes, TlsSize)]
pub struct EncryptContext {
label: VLBytes,
Expand Down
2 changes: 1 addition & 1 deletion openmls/src/extensions/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,7 @@ mod test {

#[test]
fn that_unknown_extensions_are_de_serialized_correctly() {
let extension_types = [0x0000u16, 0x0A0A, 0x7A7A, 0xF000, 0xFFFF];
let extension_types = [0x0000u16, 0x0A0A, 0x7A7A, 0xF100, 0xFFFF];
let extension_datas = [vec![], vec![0], vec![1, 2, 3]];

for extension_type in extension_types.into_iter() {
Expand Down
8 changes: 4 additions & 4 deletions openmls/src/framing/message_in.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ pub enum ProtocolMessage {
/// A [`ProtocolMessage`] containing a [`PrivateMessage`].
PrivateMessage(PrivateMessageIn),
/// A [`ProtocolMessage`] containing a [`PublicMessage`].
PublicMessage(PublicMessageIn),
PublicMessage(Box<PublicMessageIn>),
}

impl ProtocolMessage {
Expand Down Expand Up @@ -244,7 +244,7 @@ impl From<PrivateMessageIn> for ProtocolMessage {

impl From<PublicMessageIn> for ProtocolMessage {
fn from(public_message: PublicMessageIn) -> Self {
ProtocolMessage::PublicMessage(public_message)
ProtocolMessage::PublicMessage(Box::new(public_message))
}
}

Expand All @@ -253,7 +253,7 @@ impl TryFrom<MlsMessageIn> for ProtocolMessage {

fn try_from(msg: MlsMessageIn) -> Result<Self, Self::Error> {
match msg.body {
MlsMessageBodyIn::PublicMessage(m) => Ok(ProtocolMessage::PublicMessage(m)),
MlsMessageBodyIn::PublicMessage(m) => Ok(m.into()),
MlsMessageBodyIn::PrivateMessage(m) => Ok(ProtocolMessage::PrivateMessage(m)),
_ => Err(ProtocolMessageError::WrongWireFormat),
}
Expand All @@ -263,6 +263,6 @@ impl TryFrom<MlsMessageIn> for ProtocolMessage {
#[cfg(any(feature = "test-utils", test))]
impl From<PublicMessage> for ProtocolMessage {
fn from(msg: PublicMessage) -> Self {
ProtocolMessage::PublicMessage(msg.into())
PublicMessageIn::from(msg).into()
}
}
3 changes: 1 addition & 2 deletions openmls/src/group/mls_group/builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ use super::{past_secrets::MessageSecretsStore, MlsGroup, MlsGroupState};
pub struct MlsGroupBuilder {
group_id: Option<GroupId>,
mls_group_create_config_builder: MlsGroupCreateConfigBuilder,
max_past_epochs: Option<usize>,
psk_ids: Vec<PreSharedKeyId>,
}

Expand Down Expand Up @@ -136,7 +135,7 @@ impl MlsGroupBuilder {
.map_err(LibraryError::unexpected_crypto_error)?;

let message_secrets_store = MessageSecretsStore::new_with_secret(
self.max_past_epochs.unwrap_or_default(),
mls_group_create_config.max_past_epochs(),
message_secrets,
);

Expand Down
1 change: 1 addition & 0 deletions openmls/src/group/mls_group/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,7 @@ impl MlsGroupCreateConfigBuilder {
.iter()
.all(|e| matches!(e.extension_type(), ExtensionType::Unknown(_)));
if !is_valid_in_leaf_node {
log::error!("Leaf node extensions must be unknown extensions.");
return Err(LeafNodeValidationError::UnsupportedExtensions);
}

Expand Down
10 changes: 10 additions & 0 deletions openmls/src/group/mls_group/creation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -518,6 +518,16 @@ impl StagedWelcome {
))
}

/// Get the [`GroupContext`] of this welcome's [`PublicGroup`].
pub fn group_context(&self) -> &GroupContext {
self.public_group.group_context()
}

/// Get an iterator over all [`Member`]s of this welcome's [`PublicGroup`].
pub fn members(&self) -> impl Iterator<Item = Member> + '_ {
self.public_group.members()
}

/// Consumes the [`StagedWelcome`] and returns the respective [`MlsGroup`].
pub fn into_group<Provider: OpenMlsProvider>(
self,
Expand Down
16 changes: 16 additions & 0 deletions openmls/src/group/mls_group/membership.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,22 @@ impl MlsGroup {
.leaf(leaf_index)
.map(|leaf| leaf.credential())
}

/// Returns the [`Member`] corresponding to the given
/// leaf index. Returns `None` if the member can not be found in this group.
pub fn member_at(&self, leaf_index: LeafNodeIndex) -> Option<Member> {
self.public_group()
// This will return None if the member can't be found.
.leaf(leaf_index)
.map(|leaf_node| {
Member::new(
leaf_index,
leaf_node.encryption_key().as_slice().to_vec(),
leaf_node.signature_key().as_slice().to_vec(),
leaf_node.credential().clone(),
)
})
}
}

/// Helper `enum` that classifies the kind of remove operation. This can be used to
Expand Down
2 changes: 1 addition & 1 deletion openmls/src/group/mls_group/past_secrets.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ struct EpochTree {
#[cfg_attr(feature = "crypto-debug", derive(Debug))]
pub(crate) struct MessageSecretsStore {
// Maximum size of the `past_epoch_trees` list.
max_epochs: usize,
pub(crate) max_epochs: usize,
// Past message secrets.
past_epoch_trees: VecDeque<EpochTree>,
// The message secrets of the current epoch.
Expand Down
4 changes: 3 additions & 1 deletion openmls/src/group/mls_group/processing.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@ impl MlsGroup {
// Checks the following semantic validation:
// - ValSem010
// - ValSem246 (as part of ValSem010)
// - https://validation.openmls.tech/#valn1203
let (content, credential) =
unverified_message.verify(self.ciphersuite(), provider.crypto(), self.version())?;

Expand Down Expand Up @@ -361,6 +362,7 @@ impl MlsGroup {
/// - ValSem003
/// - ValSem006
/// - ValSem007 MembershipTag presence
/// - https://validation.openmls.tech/#valn1202
pub(crate) fn decrypt_message(
&mut self,
crypto: &impl OpenMlsCrypto,
Expand Down Expand Up @@ -389,7 +391,7 @@ impl MlsGroup {
.into(),
})?;
DecryptedMessage::from_inbound_public_message(
public_message,
*public_message,
message_secrets,
message_secrets.serialized_context().to_vec(),
crypto,
Expand Down
31 changes: 29 additions & 2 deletions openmls/src/group/mls_group/tests_and_kats/tests/mls_group.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1156,6 +1156,34 @@ fn remove_prosposal_by_ref(
}
}

#[openmls_test]
fn max_past_epochs_join_config(
ciphersuite: Ciphersuite,
provider: &impl crate::storage::OpenMlsProvider,
) {
let max_past_epochs = 10;

let create_config = MlsGroupCreateConfig::builder()
.max_past_epochs(max_past_epochs)
.build();

let (alice_credential_with_key, _alice_kpb, alice_signer, _alice_pk) =
setup_client("Alice", ciphersuite, provider);

let alice_group = MlsGroup::new(
provider,
&alice_signer,
&create_config,
alice_credential_with_key,
)
.expect("failed to create group");

assert_eq!(
alice_group.message_secrets_store.max_epochs,
max_past_epochs
);
}

// Test that the builder pattern accurately configures the new group.
#[openmls_test]
fn builder_pattern() {
Expand Down Expand Up @@ -2222,8 +2250,7 @@ fn update_path() {
Some(pm.confirmation_tag().unwrap().0.mac_value.clone()),
);

let protocol_message =
ProtocolMessage::PublicMessage(PublicMessage::from(broken_message).into());
let protocol_message = ProtocolMessage::from(PublicMessage::from(broken_message));

let result = group_alice.process_message(provider, protocol_message);
assert_eq!(
Expand Down
3 changes: 2 additions & 1 deletion openmls/src/group/public_group/process.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ impl PublicGroup {
}
ProtocolMessage::PublicMessage(public_message) => {
DecryptedMessage::from_inbound_public_message(
public_message,
*public_message,
None,
self.group_context()
.tls_serialize_detached()
Expand Down Expand Up @@ -200,6 +200,7 @@ impl PublicGroup {
// Checks the following semantic validation:
// - ValSem010
// - ValSem246 (as part of ValSem010)
// - https://validation.openmls.tech/#valn1203
let (content, credential) =
unverified_message.verify(self.ciphersuite(), crypto, self.version())?;

Expand Down
5 changes: 4 additions & 1 deletion openmls/src/group/public_group/staged_commit.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ impl PublicGroup {
let ciphersuite = self.ciphersuite();

// Verify epoch
// https://validation.openmls.tech/#valn1201
if mls_content.epoch() != self.group_context().epoch() {
log::error!(
"Epoch mismatch. Got {:?}, expected {:?}",
Expand Down Expand Up @@ -99,7 +100,8 @@ impl PublicGroup {
self.validate_leaf_node(update_path.leaf_node())?;
}

// Validate the staged proposals by doing the following checks:
// Validate the staged proposals. This implements https://validation.openmls.tech/#valn1204.
// This is done by doing the following checks:

// ValSem101
// ValSem102
Expand Down Expand Up @@ -247,6 +249,7 @@ impl PublicGroup {
diff.apply_received_update_path(crypto, ciphersuite, sender_index, update_path)?;
} else if apply_proposals_values.path_required {
// ValSem201
// https://validation.openmls.tech/#valn1206
return Err(StageCommitError::RequiredPathNotFound);
};

Expand Down
4 changes: 2 additions & 2 deletions openmls/src/group/public_group/tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ fn public_group<Provider: OpenMlsProvider>(ciphersuite: Ciphersuite, provider: &
ProtocolMessage::PublicMessage(public_message) => public_message,
};
let processed_message = public_group
.process_message(provider.crypto(), public_message)
.process_message(provider.crypto(), *public_message)
.unwrap();

// Further inspection of the message can take place here ...
Expand Down Expand Up @@ -295,7 +295,7 @@ fn public_group<Provider: OpenMlsProvider>(ciphersuite: Ciphersuite, provider: &
fn into_public_message(message: MlsMessageOut) -> PublicMessageIn {
match message.into_protocol_message().unwrap() {
ProtocolMessage::PrivateMessage(_) => panic!("Unexpected message type."),
ProtocolMessage::PublicMessage(public_message) => public_message,
ProtocolMessage::PublicMessage(public_message) => *public_message,
}
}

Expand Down
Loading

0 comments on commit 9576558

Please sign in to comment.