diff --git a/openmls/src/treesync/mod.rs b/openmls/src/treesync/mod.rs index 083b057c49..ce81fb9b70 100644 --- a/openmls/src/treesync/mod.rs +++ b/openmls/src/treesync/mod.rs @@ -90,6 +90,7 @@ pub use node::encryption_keys::test_utils; pub use node::encryption_keys::EncryptionKey; // Public re-exports +use crate::treesync::node::leaf_node::LeafNodeIn; pub use node::{leaf_node::LeafNode, parent_node::ParentNode, Node}; // Tests @@ -437,10 +438,12 @@ impl TreeSync { // Set the leaf indices in all the leaves and convert the node types. for (node_index, node_option) in ratchet_tree.0.into_iter().enumerate() { let ts_node_option: TreeNode = match node_option { - Some(node) => { - let node = node.clone(); - TreeSyncNode::from(node).into() + Some(Node::LeafNode(ln)) => { + let ln = LeafNodeIn::from(ln).into_verifiable_leaf_node(); + let ln = ln.validate(crypto, ciphersuite.signature_algorithm()); + TreeSyncNode::from(Node::LeafNode(ln)).into() } + Some(Node::ParentNode(pn)) => TreeSyncNode::from(Node::ParentNode(pn)).into(), None => { if node_index % 2 == 0 { TreeNode::Leaf(TreeSyncLeafNode::blank()) diff --git a/openmls/src/treesync/node/leaf_node.rs b/openmls/src/treesync/node/leaf_node.rs index 362e39f5ae..5f0960b69a 100644 --- a/openmls/src/treesync/node/leaf_node.rs +++ b/openmls/src/treesync/node/leaf_node.rs @@ -31,6 +31,8 @@ mod capabilities; mod codec; pub use capabilities::*; +use openmls_traits::crypto::OpenMlsCrypto; +use openmls_traits::types::SignatureScheme; /// Private module to ensure protection. mod private_mod { @@ -745,6 +747,14 @@ impl VerifiableLeafNode { VerifiableLeafNode::Commit(v) => v.signature_key(), } } + + pub(crate) fn validate(self, crypto: &impl OpenMlsCrypto, sc: SignatureScheme) -> LeafNode { + match self { + VerifiableLeafNode::Commit(ln) => ln.standalone_validate(crypto, sc), + VerifiableLeafNode::KeyPackage(ln) => ln.standalone_validate(crypto, sc), + VerifiableLeafNode::Update(ln) => ln.standalone_validate(crypto, sc), + } + } } #[derive(Debug, Clone, PartialEq, Eq)] @@ -757,6 +767,18 @@ impl VerifiableKeyPackageLeafNode { pub(crate) fn signature_key(&self) -> &SignaturePublicKey { &self.payload.signature_key } + + pub fn standalone_validate( + self, + crypto: &impl OpenMlsCrypto, + signature_scheme: SignatureScheme, + ) -> LeafNode { + let pk = self + .signature_key() + .clone() + .into_signature_public_key_enriched(signature_scheme); + self.verify::(crypto, &pk).unwrap() + } } impl Verifiable for VerifiableKeyPackageLeafNode { @@ -799,6 +821,18 @@ impl VerifiableUpdateLeafNode { pub(crate) fn signature_key(&self) -> &SignaturePublicKey { &self.payload.signature_key } + + pub fn standalone_validate( + self, + crypto: &impl OpenMlsCrypto, + signature_scheme: SignatureScheme, + ) -> LeafNode { + let pk = self + .signature_key() + .clone() + .into_signature_public_key_enriched(signature_scheme); + self.verify::(crypto, &pk).unwrap() + } } impl Verifiable for VerifiableUpdateLeafNode { @@ -849,6 +883,18 @@ impl VerifiableCommitLeafNode { pub(crate) fn signature_key(&self) -> &SignaturePublicKey { &self.payload.signature_key } + + pub fn standalone_validate( + self, + crypto: &impl OpenMlsCrypto, + signature_scheme: SignatureScheme, + ) -> LeafNode { + let pk = self + .signature_key() + .clone() + .into_signature_public_key_enriched(signature_scheme); + self.verify::(crypto, &pk).unwrap() + } } impl Verifiable for VerifiableCommitLeafNode {