From 89c61b1c82eb9c446b4263380accddb18647affb Mon Sep 17 00:00:00 2001
From: beltram <beltram.maldant@gmail.com>
Date: Fri, 22 Dec 2023 12:33:54 +0100
Subject: [PATCH] wip

---
 openmls/src/group/public_group/mod.rs         |  3 ++-
 openmls/src/messages/group_info.rs            |  3 ++-
 openmls/src/treesync/mod.rs                   | 22 +++++++++++--------
 .../kats/kat_tree_operations.rs               |  5 +++--
 .../kats/kat_tree_validation.rs               |  2 +-
 .../tests_and_kats/kats/kat_treekem.rs        |  2 +-
 .../tests_and_kats/tests/test_diff.rs         |  2 +-
 7 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/openmls/src/group/public_group/mod.rs b/openmls/src/group/public_group/mod.rs
index 620fcce038..29e677ffac 100644
--- a/openmls/src/group/public_group/mod.rs
+++ b/openmls/src/group/public_group/mod.rs
@@ -122,7 +122,8 @@ impl PublicGroup {
         // Create a RatchetTree from the given nodes. We have to do this before
         // verifying the group info, since we need to find the Credential to verify the
         // signature against.
-        let treesync = TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id)?;
+        let treesync =
+            TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true)?;
 
         let group_info: GroupInfo = {
             let signer_signature_key = treesync
diff --git a/openmls/src/messages/group_info.rs b/openmls/src/messages/group_info.rs
index a519f184b7..eb926d7fb8 100644
--- a/openmls/src/messages/group_info.rs
+++ b/openmls/src/messages/group_info.rs
@@ -143,7 +143,8 @@ impl VerifiableGroupInfo {
 
         // although it clones the ratchet tree here...
         let group_id = self.group_id();
-        let treesync = TreeSync::from_ratchet_tree(backend, cs, ratchet_tree.clone(), group_id)?;
+        let treesync =
+            TreeSync::from_ratchet_tree(backend, cs, ratchet_tree.clone(), group_id, true)?;
 
         let signer_signature_key = treesync
             .leaf(self.signer())
diff --git a/openmls/src/treesync/mod.rs b/openmls/src/treesync/mod.rs
index 77f78b01aa..715914a83a 100644
--- a/openmls/src/treesync/mod.rs
+++ b/openmls/src/treesync/mod.rs
@@ -445,6 +445,7 @@ impl TreeSync {
         ciphersuite: Ciphersuite,
         ratchet_tree: RatchetTree,
         group_id: &GroupId,
+        validate_leaf_node: bool,
     ) -> Result<Self, TreeSyncFromNodesError> {
         // TODO #800: Unmerged leaves should be checked
         let mut ts_nodes: Vec<TreeNode<TreeSyncLeafNode, TreeSyncParentNode>> =
@@ -454,15 +455,18 @@ impl TreeSync {
         for (node_index, node_option) in ratchet_tree.0.into_iter().enumerate() {
             let ts_node: TreeNode<TreeSyncLeafNode, TreeSyncParentNode> = match node_option {
                 Some(Node::LeafNode(ln)) => {
-                    let index = node_index
-                        .try_into()
-                        .map_err(|_| LibraryError::custom("failed converting a usize -> u32"));
-                    let index = LeafNodeIndex::from_tree_index(index?);
-                    let tree_position = TreePosition::new(group_id.clone(), index);
-                    let ln =
-                        LeafNodeIn::from(ln).try_into_verifiable_leaf_node(Some(tree_position))?;
-                    let ln =
-                        ln.validate(backend.crypto(), ciphersuite.signature_algorithm(), None)?;
+                    let ln = if validate_leaf_node {
+                        let index = node_index
+                            .try_into()
+                            .map_err(|_| LibraryError::custom("failed converting a usize -> u32"));
+                        let index = LeafNodeIndex::from_tree_index(index?);
+                        let tree_position = TreePosition::new(group_id.clone(), index);
+                        let ln = LeafNodeIn::from(ln)
+                            .try_into_verifiable_leaf_node(Some(tree_position))?;
+                        ln.validate(backend.crypto(), ciphersuite.signature_algorithm(), None)?
+                    } else {
+                        ln
+                    };
                     TreeSyncNode::from(Node::LeafNode(ln)).into()
                 }
                 Some(Node::ParentNode(pn)) => TreeSyncNode::from(Node::ParentNode(pn)).into(),
diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs b/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs
index 89309a4487..cf5d8a4840 100644
--- a/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs
+++ b/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs
@@ -63,8 +63,9 @@ async fn run_test_vector(
 
     let ratchet_tree = RatchetTree::from(RatchetTreeIn::from_nodes(nodes));
 
-    let tree_before = TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id)
-        .map_err(|e| format!("Error while creating tree sync: {e:?}"))?;
+    let tree_before =
+        TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, false)
+            .map_err(|e| format!("Error while creating tree sync: {e:?}"))?;
 
     let group_context = GroupContext::new(
         ciphersuite,
diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs b/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs
index 9145ade938..2ea7010428 100644
--- a/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs
+++ b/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs
@@ -107,7 +107,7 @@ fn run_test_vector(test: TestElement, backend: &impl OpenMlsCryptoProvider) -> R
         .unwrap();
 
     let treesync =
-        TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree.clone(), group_id)
+        TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree.clone(), group_id, true)
             .map_err(|e| format!("Error while creating tree sync: {e:?}"))?;
 
     let diff = treesync.empty_diff();
diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs b/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs
index fb41994553..b596c5a8f6 100644
--- a/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs
+++ b/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs
@@ -98,7 +98,7 @@ pub fn run_test_vector(test: TreeKemTest, backend: &impl OpenMlsCryptoProvider)
             .into_verified(ciphersuite, backend.crypto(), group_id)
             .unwrap();
 
-        TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id).unwrap()
+        TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true).unwrap()
     };
 
     let full_leaf_nodes = {
diff --git a/openmls/src/treesync/tests_and_kats/tests/test_diff.rs b/openmls/src/treesync/tests_and_kats/tests/test_diff.rs
index 7f567e366d..272d089771 100644
--- a/openmls/src/treesync/tests_and_kats/tests/test_diff.rs
+++ b/openmls/src/treesync/tests_and_kats/tests/test_diff.rs
@@ -38,7 +38,7 @@ async fn test_free_leaf_computation(
 
     // Get the encryption key pair from the leaf.
     let group_id = GroupId::random(backend);
-    let tree = TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id)
+    let tree = TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, true)
         .expect("error generating tree");
 
     // Create and add a new leaf. It should go to leaf index 1