Skip to content

Commit

Permalink
feat: expose processed message's credential with its associated publi…
Browse files Browse the repository at this point in the history
…c signature key
  • Loading branch information
beltram committed Mar 25, 2024
1 parent 42fbe01 commit b93177c
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 23 deletions.
13 changes: 10 additions & 3 deletions openmls/src/ciphersuite/signature.rs
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,20 @@ impl From<(&str, &[u8])> for SignContent {
}

/// A public signature key.
#[derive(
Eq, PartialEq, Hash, Debug, Clone, Serialize, Deserialize, TlsSerialize, TlsDeserialize, TlsSize,
)]
#[derive(Hash, Debug, Clone, Serialize, Deserialize, TlsSerialize, TlsDeserialize, TlsSize)]
pub struct SignaturePublicKey {
pub(in crate::ciphersuite) value: VLBytes,
}

impl Eq for SignaturePublicKey {}

impl PartialEq for SignaturePublicKey {
fn eq(&self, other: &Self) -> bool {
use subtle::ConstantTimeEq as _;
self.value.as_slice().ct_eq(other.value.as_slice()).into()
}
}

impl From<Vec<u8>> for SignaturePublicKey {
fn from(value: Vec<u8>) -> Self {
Self {
Expand Down
2 changes: 1 addition & 1 deletion openmls/src/credentials/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,7 @@ pub struct BasicCredential {
identity: VLBytes,
}

#[derive(Debug, Clone)]
#[derive(Debug, Clone, Eq, PartialEq)]
/// A wrapper around a credential with a corresponding public key.
pub struct CredentialWithKey {
/// The [`Credential`].
Expand Down
14 changes: 7 additions & 7 deletions openmls/src/framing/validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ pub enum SenderContext {
#[derive(Debug, Clone)]
pub(crate) struct UnverifiedMessage {
verifiable_content: VerifiableAuthenticatedContentIn,
credential: Credential,
credential: CredentialWithKey,
sender_pk: OpenMlsSignaturePublicKey,
sender_context: Option<SenderContext>,
}
Expand All @@ -258,7 +258,7 @@ impl UnverifiedMessage {
/// Construct an [UnverifiedMessage] from a [DecryptedMessage] and an optional [Credential].
pub(crate) fn from_decrypted_message(
decrypted_message: DecryptedMessage,
credential: Credential,
credential: CredentialWithKey,
sender_pk: OpenMlsSignaturePublicKey,
sender_context: Option<SenderContext>,
) -> Self {
Expand All @@ -278,8 +278,8 @@ impl UnverifiedMessage {
backend: &impl OpenMlsCryptoProvider,
protocol_version: ProtocolVersion,
group: &PublicGroup,
) -> Result<(AuthenticatedContent, Credential), ProcessMessageError> {
let content: AuthenticatedContentIn = match self.credential.mls_credential() {
) -> Result<(AuthenticatedContent, CredentialWithKey), ProcessMessageError> {
let content: AuthenticatedContentIn = match self.credential.credential.mls_credential() {
MlsCredentialType::Basic(_) => self
.verifiable_content
.verify(backend.crypto(), &self.sender_pk)
Expand Down Expand Up @@ -340,7 +340,7 @@ pub struct ProcessedMessage {
sender: Sender,
authenticated_data: Vec<u8>,
content: ProcessedMessageContent,
credential: Credential,
credential: CredentialWithKey,
}

impl ProcessedMessage {
Expand All @@ -351,7 +351,7 @@ impl ProcessedMessage {
sender: Sender,
authenticated_data: Vec<u8>,
content: ProcessedMessageContent,
credential: Credential,
credential: CredentialWithKey,
) -> Self {
Self {
group_id,
Expand Down Expand Up @@ -394,7 +394,7 @@ impl ProcessedMessage {
}

/// Returns the credential of the message.
pub fn credential(&self) -> &Credential {
pub fn credential(&self) -> &CredentialWithKey {
&self.credential
}
}
Expand Down
11 changes: 4 additions & 7 deletions openmls/src/group/public_group/process.rs
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
use openmls_traits::OpenMlsCryptoProvider;
use tls_codec::Serialize;

use openmls_traits::OpenMlsCryptoProvider;

use crate::{
ciphersuite::OpenMlsSignaturePublicKey,
credentials::CredentialWithKey,
error::LibraryError,
framing::{
mls_content::FramedContentBody, ApplicationMessage, DecryptedMessage, ProcessedMessage,
Expand Down Expand Up @@ -72,10 +72,7 @@ impl PublicGroup {
// - Prepares ValSem246 by setting the right credential. The remainder
// of ValSem246 is validated as part of ValSem010.
// External senders are not supported yet #106/#151.
let CredentialWithKey {
credential,
signature_key,
} = decrypted_message.credential(
let credential = decrypted_message.credential(
self.treesync(),
message_secrets_store_option
.map(|store| store.leaves_for_epoch(decrypted_message.verifiable_content().epoch()))
Expand All @@ -84,7 +81,7 @@ impl PublicGroup {
)?;

let signature_public_key = OpenMlsSignaturePublicKey::from_signature_key(
signature_key,
credential.signature_key.clone(),
self.ciphersuite().signature_algorithm(),
);

Expand Down
7 changes: 7 additions & 0 deletions openmls/src/treesync/node/leaf_node.rs
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,13 @@ impl LeafNode {
pub fn credential(&self) -> &Credential {
&self.payload.credential
}
/// Returns the `signature_key` as byte slice.
pub fn to_credential_with_key(&self) -> CredentialWithKey {
CredentialWithKey {
credential: self.credential().clone(),
signature_key: self.signature_key().clone(),
}
}

/// Returns the `parent_hash` as byte slice or `None`.
pub fn parent_hash(&self) -> Option<&[u8]> {
Expand Down
6 changes: 3 additions & 3 deletions openmls/tests/book_code.rs
Original file line number Diff line number Diff line change
Expand Up @@ -669,7 +669,7 @@ async fn book_operations(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoP
assert!(alice_members.any(|Member { index, .. }| index == *sender_leaf_index));
drop(alice_members);

assert_eq!(sender_credential, &charlie_credential.credential);
assert_eq!(sender_credential, &charlie_credential);

let bob_processed_message = bob_group
.process_message(
Expand Down Expand Up @@ -1016,9 +1016,9 @@ async fn book_operations(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoP
// Check the message
assert_eq!(application_message.into_bytes(), message_alice);
// Check that Alice sent the message
assert_eq!(sender_cred_from_msg, sender_cred_from_group);
assert_eq!(sender_cred_from_msg.credential, sender_cred_from_group);
assert_eq!(
&sender_cred_from_msg,
&sender_cred_from_msg.credential,
alice_group.credential().expect("Expected a credential.")
);
} else {
Expand Down
4 changes: 2 additions & 2 deletions openmls/tests/test_mls_group.rs
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ async fn mls_group_operations(ciphersuite: Ciphersuite, backend: &impl OpenMlsCr
assert_eq!(application_message.into_bytes(), message_alice);
// Check that Alice sent the message
assert_eq!(
&sender,
&sender.credential,
alice_group
.credential()
.expect("An unexpected error occurred.")
Expand Down Expand Up @@ -785,7 +785,7 @@ async fn mls_group_operations(ciphersuite: Ciphersuite, backend: &impl OpenMlsCr
assert_eq!(application_message.into_bytes(), message_alice);
// Check that Alice sent the message
assert_eq!(
&sender,
&sender.credential,
alice_group.credential().expect("Expected a credential")
);
} else {
Expand Down

0 comments on commit b93177c

Please sign in to comment.