fix: parent hash error

openmls/src/treesync/mod.rs

@@ -90,6 +90,7 @@ pub use node::encryption_keys::test_utils;
 pub use node::encryption_keys::EncryptionKey;
 
 // Public re-exports
+use crate::treesync::node::leaf_node::LeafNodeIn;
 pub use node::{leaf_node::LeafNode, parent_node::ParentNode, Node};
 
 // Tests
@@ -437,10 +438,12 @@ impl TreeSync {
         // Set the leaf indices in all the leaves and convert the node types.
         for (node_index, node_option) in ratchet_tree.0.into_iter().enumerate() {
             let ts_node_option: TreeNode<TreeSyncLeafNode, TreeSyncParentNode> = match node_option {
-                Some(node) => {
-                    let node = node.clone();
-                    TreeSyncNode::from(node).into()
+                Some(Node::LeafNode(ln)) => {
+                    let ln = LeafNodeIn::from(ln).into_verifiable_leaf_node();
+                    let ln = ln.validate(crypto, ciphersuite.signature_algorithm());
+                    TreeSyncNode::from(Node::LeafNode(ln)).into()
                 }
+                Some(Node::ParentNode(pn)) => TreeSyncNode::from(Node::ParentNode(pn)).into(),
                 None => {
                     if node_index % 2 == 0 {
                         TreeNode::Leaf(TreeSyncLeafNode::blank())

openmls/src/treesync/node/leaf_node.rs

@@ -31,6 +31,8 @@ mod capabilities;
 mod codec;
 
 pub use capabilities::*;
+use openmls_traits::crypto::OpenMlsCrypto;
+use openmls_traits::types::SignatureScheme;
 
 /// Private module to ensure protection.
 mod private_mod {
@@ -745,6 +747,14 @@ impl VerifiableLeafNode {
             VerifiableLeafNode::Commit(v) => v.signature_key(),
         }
     }
+
+    pub(crate) fn validate(self, crypto: &impl OpenMlsCrypto, sc: SignatureScheme) -> LeafNode {
+        match self {
+            VerifiableLeafNode::Commit(ln) => ln.standalone_validate(crypto, sc),
+            VerifiableLeafNode::KeyPackage(ln) => ln.standalone_validate(crypto, sc),
+            VerifiableLeafNode::Update(ln) => ln.standalone_validate(crypto, sc),
+        }
+    }
 }
 
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -757,6 +767,18 @@ impl VerifiableKeyPackageLeafNode {
     pub(crate) fn signature_key(&self) -> &SignaturePublicKey {
         &self.payload.signature_key
     }
+
+    pub fn standalone_validate(
+        self,
+        crypto: &impl OpenMlsCrypto,
+        signature_scheme: SignatureScheme,
+    ) -> LeafNode {
+        let pk = self
+            .signature_key()
+            .clone()
+            .into_signature_public_key_enriched(signature_scheme);
+        self.verify::<LeafNode>(crypto, &pk).unwrap()
+    }
 }
 
 impl Verifiable for VerifiableKeyPackageLeafNode {
@@ -799,6 +821,18 @@ impl VerifiableUpdateLeafNode {
     pub(crate) fn signature_key(&self) -> &SignaturePublicKey {
         &self.payload.signature_key
     }
+
+    pub fn standalone_validate(
+        self,
+        crypto: &impl OpenMlsCrypto,
+        signature_scheme: SignatureScheme,
+    ) -> LeafNode {
+        let pk = self
+            .signature_key()
+            .clone()
+            .into_signature_public_key_enriched(signature_scheme);
+        self.verify::<LeafNode>(crypto, &pk).unwrap()
+    }
 }
 
 impl Verifiable for VerifiableUpdateLeafNode {
@@ -849,6 +883,18 @@ impl VerifiableCommitLeafNode {
     pub(crate) fn signature_key(&self) -> &SignaturePublicKey {
         &self.payload.signature_key
     }
+
+    pub fn standalone_validate(
+        self,
+        crypto: &impl OpenMlsCrypto,
+        signature_scheme: SignatureScheme,
+    ) -> LeafNode {
+        let pk = self
+            .signature_key()
+            .clone()
+            .into_signature_public_key_enriched(signature_scheme);
+        self.verify::<LeafNode>(crypto, &pk).unwrap()
+    }
 }
 
 impl Verifiable for VerifiableCommitLeafNode {