wip

wireapp · Sep 15, 2023 · 4ecea28 · 4ecea28
1 parent d817e3d
commit 4ecea28
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 9 deletions.
diff --git a/openmls/src/group/core_group/new_from_welcome.rs b/openmls/src/group/core_group/new_from_welcome.rs
@@ -153,6 +153,12 @@ impl CoreGroup {
             ProposalStore::new(),
         )?;
 
+        KeyPackageIn::from(key_package.clone()).validate(
+            backend.crypto(),
+            ProtocolVersion::Mls10,
+            &public_group,
+        )?;
+
         // Find our own leaf in the tree.
         let own_leaf_index = public_group
             .members()

diff --git a/openmls/src/group/errors.rs b/openmls/src/group/errors.rs
@@ -38,6 +38,9 @@ pub enum WelcomeError<KeyStoreError> {
     /// See [`GroupInfoError`] for more details.
     #[error(transparent)]
     GroupInfo(#[from] GroupInfoError),
+    /// See [`KeyPackageVerifyError`] for more details.
+    #[error(transparent)]
+    KeyPackageVerifyError(#[from] KeyPackageVerifyError),
     /// No joiner secret found in the Welcome message.
     #[error("No joiner secret found in the Welcome message.")]
     JoinerSecretNotFound,

diff --git a/openmls/src/group/public_group/diff/compute_path.rs b/openmls/src/group/public_group/diff/compute_path.rs
@@ -1,8 +1,10 @@
 use std::collections::HashSet;
 
+use openmls_traits::types::Ciphersuite;
 use openmls_traits::{key_store::OpenMlsKeyStore, signatures::Signer, OpenMlsCryptoProvider};
 use tls_codec::Serialize;
 
+use crate::prelude::{Capabilities, CredentialType, ExtensionType, ProtocolVersion};
 use crate::{
     binary_tree::LeafNodeIndex,
     credentials::CredentialWithKey,
@@ -62,15 +64,32 @@ impl<'a> PublicGroupDiff<'a> {
                 // The KeyPackage is immediately put into the group. No need for
                 // the init key.
                 init_private_key: _,
-            } = KeyPackage::builder().build_without_key_storage(
-                CryptoConfig {
-                    ciphersuite,
-                    version,
-                },
-                backend,
-                signer,
-                credential_with_key.ok_or(CreateCommitError::MissingCredential)?,
-            )?;
+            } = KeyPackage::builder()
+                .leaf_node_capabilities(
+                    // TODO: factorize & have this injected by client
+                    Capabilities::new(
+                        Some(&[ProtocolVersion::Mls10]),
+                        Some(&[
+                            Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519,
+                            Ciphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256,
+                            Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519,
+                            Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384,
+                            Ciphersuite::MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519,
+                        ]),
+                        Some(&[ExtensionType::PerDomainTrustAnchor]),
+                        Some(&[]),
+                        Some(&[CredentialType::Basic, CredentialType::X509]),
+                    ),
+                )
+                .build_without_key_storage(
+                    CryptoConfig {
+                        ciphersuite,
+                        version,
+                    },
+                    backend,
+                    signer,
+                    credential_with_key.ok_or(CreateCommitError::MissingCredential)?,
+                )?;
 
             let leaf_node: LeafNode = key_package.into();
             self.diff