diff --git a/openmls/src/framing/mls_auth_content_in.rs b/openmls/src/framing/mls_auth_content_in.rs index 01d7e3908a..5dddb6702f 100644 --- a/openmls/src/framing/mls_auth_content_in.rs +++ b/openmls/src/framing/mls_auth_content_in.rs @@ -54,6 +54,7 @@ impl AuthenticatedContentIn { sender_context: Option, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { Ok(AuthenticatedContent { wire_format: self.wire_format, @@ -65,6 +66,7 @@ impl AuthenticatedContentIn { sender_context, protocol_version, group, + sender, ) .await?, auth: self.auth, diff --git a/openmls/src/framing/mls_content_in.rs b/openmls/src/framing/mls_content_in.rs index a300a986ea..e29390093d 100644 --- a/openmls/src/framing/mls_content_in.rs +++ b/openmls/src/framing/mls_content_in.rs @@ -57,6 +57,7 @@ impl FramedContentIn { sender_context: Option, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { Ok(FramedContent { group_id: self.group_id, @@ -71,6 +72,7 @@ impl FramedContentIn { sender_context, protocol_version, group, + sender, ) .await?, }) @@ -145,6 +147,7 @@ impl FramedContentBodyIn { sender_context: Option, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { Ok(match self { FramedContentBodyIn::Application(bytes) => FramedContentBody::Application(bytes), @@ -156,6 +159,7 @@ impl FramedContentBodyIn { sender_context, protocol_version, group, + sender, ) .await?, ), @@ -170,6 +174,7 @@ impl FramedContentBodyIn { sender_context, protocol_version, group, + sender, ) .await?, ) diff --git a/openmls/src/framing/validation.rs b/openmls/src/framing/validation.rs index 85ddd07deb..17aa4f180e 100644 --- a/openmls/src/framing/validation.rs +++ b/openmls/src/framing/validation.rs @@ -322,6 +322,7 @@ impl UnverifiedMessage { self.sender_context, protocol_version, group, + false, ) .await?; Ok((content, self.credential)) diff --git a/openmls/src/group/core_group/new_from_external_init.rs b/openmls/src/group/core_group/new_from_external_init.rs index 069cb70439..a7a1c38583 100644 --- a/openmls/src/group/core_group/new_from_external_init.rs +++ b/openmls/src/group/core_group/new_from_external_init.rs @@ -52,6 +52,7 @@ impl CoreGroup { verifiable_group_info, // Existing proposals are discarded when joining by external commit. ProposalStore::new(), + true, ) .await?; let group_context = public_group.group_context(); diff --git a/openmls/src/group/core_group/new_from_welcome.rs b/openmls/src/group/core_group/new_from_welcome.rs index 173cc56284..08e5b4b272 100644 --- a/openmls/src/group/core_group/new_from_welcome.rs +++ b/openmls/src/group/core_group/new_from_welcome.rs @@ -151,11 +151,12 @@ impl CoreGroup { ratchet_tree, verifiable_group_info, ProposalStore::new(), + false, ) .await?; KeyPackageIn::from(key_package.clone()) - .validate(backend, ProtocolVersion::Mls10, &public_group) + .validate(backend, ProtocolVersion::Mls10, &public_group, false) .await?; // Find our own leaf in the tree. diff --git a/openmls/src/group/core_group/test_proposals.rs b/openmls/src/group/core_group/test_proposals.rs index 7a6f97407e..803397f797 100644 --- a/openmls/src/group/core_group/test_proposals.rs +++ b/openmls/src/group/core_group/test_proposals.rs @@ -50,7 +50,7 @@ async fn proposal_queue_functions(ciphersuite: Ciphersuite, backend: &impl OpenM let kpi = KeyPackageIn::from(alice_update_key_package.clone()); assert!(kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .is_ok()); @@ -197,7 +197,7 @@ async fn proposal_queue_order(ciphersuite: Ciphersuite, backend: &impl OpenMlsCr let kpi = KeyPackageIn::from(alice_update_key_package.clone()); assert!(kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .is_ok()); diff --git a/openmls/src/group/mls_group/membership.rs b/openmls/src/group/mls_group/membership.rs index 990a4f5c3a..7f7bcd4ad8 100644 --- a/openmls/src/group/mls_group/membership.rs +++ b/openmls/src/group/mls_group/membership.rs @@ -48,7 +48,12 @@ impl MlsGroup { let mut inline_proposals = Vec::with_capacity(key_packages.len()); for key_package in key_packages.into_iter() { let key_package = key_package - .validate(backend, ProtocolVersion::Mls10, self.group().public_group()) + .validate( + backend, + ProtocolVersion::Mls10, + self.group().public_group(), + true, + ) .await?; inline_proposals.push(Proposal::Add(AddProposal { key_package })); } diff --git a/openmls/src/group/mls_group/proposal.rs b/openmls/src/group/mls_group/proposal.rs index da9a4a88bf..2d931ee0aa 100644 --- a/openmls/src/group/mls_group/proposal.rs +++ b/openmls/src/group/mls_group/proposal.rs @@ -106,7 +106,12 @@ impl MlsGroup { self.is_operational()?; let key_package = joiner_key_package - .validate(backend, ProtocolVersion::Mls10, self.group().public_group()) + .validate( + backend, + ProtocolVersion::Mls10, + self.group().public_group(), + true, + ) .await?; let proposal = self.group @@ -247,7 +252,12 @@ impl MlsGroup { self.is_operational()?; let key_package = joiner_key_package - .validate(backend, ProtocolVersion::Mls10, self.group().public_group()) + .validate( + backend, + ProtocolVersion::Mls10, + self.group().public_group(), + true, + ) .await?; let add_proposal = self.group diff --git a/openmls/src/group/mls_group/updates.rs b/openmls/src/group/mls_group/updates.rs index 2f08159426..db7df5e118 100644 --- a/openmls/src/group/mls_group/updates.rs +++ b/openmls/src/group/mls_group/updates.rs @@ -189,7 +189,7 @@ impl MlsGroup { .into()); }; let own_leaf = own_leaf - .validate(self.group().public_group(), backend) + .validate(self.group().public_group(), backend, true) .await?; let update_proposal = self.group.create_update_proposal( @@ -272,7 +272,7 @@ impl MlsGroup { .into()); }; let own_leaf = own_leaf - .validate(self.group().public_group(), backend) + .validate(self.group().public_group(), backend, true) .await?; let update_proposal = self.group.create_update_proposal( diff --git a/openmls/src/group/public_group/mod.rs b/openmls/src/group/public_group/mod.rs index ca6c437f54..02160922dd 100644 --- a/openmls/src/group/public_group/mod.rs +++ b/openmls/src/group/public_group/mod.rs @@ -107,6 +107,7 @@ impl PublicGroup { ratchet_tree: RatchetTreeIn, verifiable_group_info: VerifiableGroupInfo, proposal_store: ProposalStore, + sender: bool, ) -> Result<(Self, GroupInfo), CreationFromExternalError> { let ciphersuite = verifiable_group_info.ciphersuite(); @@ -123,7 +124,8 @@ impl PublicGroup { // verifying the group info, since we need to find the Credential to verify the // signature against. let treesync = - TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true).await?; + TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true, sender) + .await?; let group_info: GroupInfo = { let signer_signature_key = treesync diff --git a/openmls/src/group/public_group/tests.rs b/openmls/src/group/public_group/tests.rs index bd476638ed..1e74309bda 100644 --- a/openmls/src/group/public_group/tests.rs +++ b/openmls/src/group/public_group/tests.rs @@ -60,6 +60,7 @@ async fn public_group(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoProv ratchet_tree.into(), verifiable_group_info, ProposalStore::new(), + true, ) .await .unwrap(); diff --git a/openmls/src/group/tests/test_proposal_validation.rs b/openmls/src/group/tests/test_proposal_validation.rs index 5fbaa3fa3a..6da1b28147 100644 --- a/openmls/src/group/tests/test_proposal_validation.rs +++ b/openmls/src/group/tests/test_proposal_validation.rs @@ -1084,7 +1084,7 @@ async fn test_valsem105(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoPr .await; let kpi: KeyPackageIn = charlie_key_package.clone().into(); - kpi.standalone_validate(backend, ProtocolVersion::Mls10) + kpi.standalone_validate(backend, ProtocolVersion::Mls10, true) .await .unwrap(); diff --git a/openmls/src/key_packages/key_package_in.rs b/openmls/src/key_packages/key_package_in.rs index afb92282e3..b58a56b328 100644 --- a/openmls/src/key_packages/key_package_in.rs +++ b/openmls/src/key_packages/key_package_in.rs @@ -119,8 +119,10 @@ impl KeyPackageIn { backend: &impl OpenMlsCryptoProvider, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { - self._validate(backend, protocol_version, Some(group)).await + self._validate(backend, protocol_version, Some(group), sender) + .await } /// Verify that this key package is valid disregarding the group it is supposed to be used with. @@ -128,8 +130,10 @@ impl KeyPackageIn { self, backend: &impl OpenMlsCryptoProvider, protocol_version: ProtocolVersion, + sender: bool, ) -> Result { - self._validate(backend, protocol_version, None).await + self._validate(backend, protocol_version, None, sender) + .await } async fn _validate( @@ -137,6 +141,7 @@ impl KeyPackageIn { backend: &impl OpenMlsCryptoProvider, protocol_version: ProtocolVersion, group: Option<&PublicGroup>, + sender: bool, ) -> Result { // We first need to verify the LeafNode inside the KeyPackage @@ -154,10 +159,10 @@ impl KeyPackageIn { let leaf_node = match verifiable_leaf_node { VerifiableLeafNode::KeyPackage(leaf_node) => { if let Some(group) = group { - leaf_node.validate(group, backend).await? + leaf_node.validate(group, backend, sender).await? } else { leaf_node - .standalone_validate(backend, signature_scheme) + .standalone_validate(backend, signature_scheme, sender) .await? } } diff --git a/openmls/src/key_packages/test_key_packages.rs b/openmls/src/key_packages/test_key_packages.rs index ec0b68d712..db0b0fe078 100644 --- a/openmls/src/key_packages/test_key_packages.rs +++ b/openmls/src/key_packages/test_key_packages.rs @@ -47,7 +47,7 @@ async fn generate_key_package(ciphersuite: Ciphersuite, backend: &impl OpenMlsCr let kpi = KeyPackageIn::from(key_package); assert!(kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .is_ok()); } @@ -101,7 +101,7 @@ async fn application_id_extension(ciphersuite: Ciphersuite, backend: &impl OpenM let kpi = KeyPackageIn::from(key_package.clone()); assert!(kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .is_ok()); @@ -138,7 +138,7 @@ async fn key_package_validation(ciphersuite: Ciphersuite, backend: &impl OpenMls let kpi = KeyPackageIn::tls_deserialize(&mut encoded.as_slice()).unwrap(); let err = kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .unwrap_err(); // Expect an invalid protocol version error @@ -158,7 +158,7 @@ async fn key_package_validation(ciphersuite: Ciphersuite, backend: &impl OpenMls let kpi = KeyPackageIn::tls_deserialize(&mut encoded.as_slice()).unwrap(); let err = kpi - .standalone_validate(backend, ProtocolVersion::Mls10) + .standalone_validate(backend, ProtocolVersion::Mls10, true) .await .unwrap_err(); // Expect an invalid init/encryption key error diff --git a/openmls/src/messages/group_info.rs b/openmls/src/messages/group_info.rs index f3e002cb3f..3e03cf05b3 100644 --- a/openmls/src/messages/group_info.rs +++ b/openmls/src/messages/group_info.rs @@ -123,6 +123,7 @@ impl VerifiableGroupInfo { pub async fn take_ratchet_tree( mut self, backend: &impl OpenMlsCryptoProvider, + sender: bool, ) -> Result { let cs = self.ciphersuite(); @@ -144,7 +145,8 @@ impl VerifiableGroupInfo { // although it clones the ratchet tree here... let group_id = self.group_id(); let treesync = - TreeSync::from_ratchet_tree(backend, cs, ratchet_tree.clone(), group_id, true).await?; + TreeSync::from_ratchet_tree(backend, cs, ratchet_tree.clone(), group_id, true, sender) + .await?; let signer_signature_key = treesync .leaf(self.signer()) diff --git a/openmls/src/messages/mod.rs b/openmls/src/messages/mod.rs index 81190cc8e2..a75c012fbe 100644 --- a/openmls/src/messages/mod.rs +++ b/openmls/src/messages/mod.rs @@ -196,12 +196,13 @@ impl CommitIn { sender_context: SenderContext, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { let mut proposals = Vec::with_capacity(self.proposals.len()); for proposal in self.proposals.into_iter() { proposals.push( proposal - .validate(backend, ciphersuite, protocol_version, group) + .validate(backend, ciphersuite, protocol_version, group, sender) .await?, ); } @@ -237,7 +238,10 @@ impl CommitIn { TreePosition::new(group_id, new_leaf_index) } }; - Some(path.into_verified(backend, tree_position, group).await?) + Some( + path.into_verified(backend, tree_position, group, sender) + .await?, + ) } else { None }; diff --git a/openmls/src/messages/proposals_in.rs b/openmls/src/messages/proposals_in.rs index 821703f763..b54d07a4ad 100644 --- a/openmls/src/messages/proposals_in.rs +++ b/openmls/src/messages/proposals_in.rs @@ -102,16 +102,21 @@ impl ProposalIn { sender_context: Option, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { Ok(match self { ProposalIn::Add(add) => Proposal::Add( - add.validate(backend, protocol_version, ciphersuite, group) + add.validate(backend, protocol_version, ciphersuite, group, sender) .await?, ), ProposalIn::Update(update) => { let sender_context = sender_context.ok_or(ValidationError::CommitterIncludedOwnUpdate)?; - Proposal::Update(update.validate(backend, sender_context, group).await?) + Proposal::Update( + update + .validate(backend, sender_context, group, sender) + .await?, + ) } ProposalIn::Remove(remove) => Proposal::Remove(remove), ProposalIn::PreSharedKey(psk) => Proposal::PreSharedKey(psk), @@ -154,10 +159,11 @@ impl AddProposalIn { protocol_version: ProtocolVersion, ciphersuite: Ciphersuite, group: &PublicGroup, + sender: bool, ) -> Result { let key_package = self .key_package - .validate(backend, protocol_version, group) + .validate(backend, protocol_version, group, sender) .await?; // Verify that the ciphersuite is valid if key_package.ciphersuite() != ciphersuite { @@ -192,6 +198,7 @@ impl UpdateProposalIn { backend: &impl OpenMlsCryptoProvider, sender_context: SenderContext, group: &PublicGroup, + sender: bool, ) -> Result { let tree_position = match sender_context { SenderContext::Member((group_id, leaf_index)) => { @@ -203,7 +210,9 @@ impl UpdateProposalIn { .leaf_node .try_into_verifiable_leaf_node(Some(tree_position))?; let leaf_node = match verifiable_leaf_node { - VerifiableLeafNode::Update(leaf_node) => leaf_node.validate(group, backend).await?, + VerifiableLeafNode::Update(leaf_node) => { + leaf_node.validate(group, backend, sender).await? + } _ => return Err(ValidationError::InvalidLeafNodeSourceType), }; @@ -234,11 +243,12 @@ impl ProposalOrRefIn { ciphersuite: Ciphersuite, protocol_version: ProtocolVersion, group: &PublicGroup, + sender: bool, ) -> Result { Ok(match self { ProposalOrRefIn::Proposal(proposal_in) => ProposalOrRef::Proposal( proposal_in - .validate(backend, ciphersuite, None, protocol_version, group) + .validate(backend, ciphersuite, None, protocol_version, group, sender) .await?, ), ProposalOrRefIn::Reference(reference) => ProposalOrRef::Reference(reference), diff --git a/openmls/src/treesync/mod.rs b/openmls/src/treesync/mod.rs index e4229b4330..18a983c5b3 100644 --- a/openmls/src/treesync/mod.rs +++ b/openmls/src/treesync/mod.rs @@ -446,6 +446,7 @@ impl TreeSync { ratchet_tree: RatchetTree, group_id: &GroupId, validate_leaf_node: bool, + sender: bool, ) -> Result { // TODO #800: Unmerged leaves should be checked let mut ts_nodes: Vec> = @@ -463,7 +464,7 @@ impl TreeSync { let tree_position = TreePosition::new(group_id.clone(), index); let ln = LeafNodeIn::from(ln) .try_into_verifiable_leaf_node(Some(tree_position))?; - ln.validate(backend, ciphersuite.signature_algorithm(), None) + ln.validate(backend, ciphersuite.signature_algorithm(), None, sender) .await? } else { ln diff --git a/openmls/src/treesync/node/leaf_node.rs b/openmls/src/treesync/node/leaf_node.rs index db23a03141..6caef76ea3 100644 --- a/openmls/src/treesync/node/leaf_node.rs +++ b/openmls/src/treesync/node/leaf_node.rs @@ -785,14 +785,27 @@ impl VerifiableLeafNode { backend: &impl OpenMlsCryptoProvider, sc: SignatureScheme, group: Option<&PublicGroup>, + sender: bool, ) -> Result { match (self, group) { - (VerifiableLeafNode::KeyPackage(ln), None) => ln.standalone_validate(backend, sc).await, - (VerifiableLeafNode::KeyPackage(ln), Some(group)) => ln.validate(group, backend).await, - (VerifiableLeafNode::Update(ln), None) => ln.standalone_validate(backend, sc).await, - (VerifiableLeafNode::Update(ln), Some(group)) => ln.validate(group, backend).await, - (VerifiableLeafNode::Commit(ln), None) => ln.standalone_validate(backend, sc).await, - (VerifiableLeafNode::Commit(ln), Some(group)) => ln.validate(group, backend).await, + (VerifiableLeafNode::KeyPackage(ln), None) => { + ln.standalone_validate(backend, sc, sender).await + } + (VerifiableLeafNode::KeyPackage(ln), Some(group)) => { + ln.validate(group, backend, sender).await + } + (VerifiableLeafNode::Update(ln), None) => { + ln.standalone_validate(backend, sc, sender).await + } + (VerifiableLeafNode::Update(ln), Some(group)) => { + ln.validate(group, backend, sender).await + } + (VerifiableLeafNode::Commit(ln), None) => { + ln.standalone_validate(backend, sc, sender).await + } + (VerifiableLeafNode::Commit(ln), Some(group)) => { + ln.validate(group, backend, sender).await + } } } } diff --git a/openmls/src/treesync/node/validate.rs b/openmls/src/treesync/node/validate.rs index 76a90a72c8..fbeaec982c 100644 --- a/openmls/src/treesync/node/validate.rs +++ b/openmls/src/treesync/node/validate.rs @@ -45,9 +45,10 @@ impl ValidatableLeafNode for VerifiableUpdateLeafNode { self, group: &PublicGroup, backend: &impl OpenMlsCryptoProvider, + sender: bool, ) -> Result { self.validate_replaced_encryption_key(group)?; - self.validate_default(group, backend).await + self.validate_default(group, backend, sender).await } fn signature_key(&self) -> &SignaturePublicKey { @@ -95,8 +96,9 @@ impl ValidatableLeafNode for VerifiableKeyPackageLeafNode { self, backend: &impl OpenMlsCryptoProvider, signature_scheme: SignatureScheme, + sender: bool, ) -> Result { - self.validate_lifetime()?; + self.validate_lifetime(sender)?; self.standalone_validate_default(backend, signature_scheme) .await } @@ -105,9 +107,10 @@ impl ValidatableLeafNode for VerifiableKeyPackageLeafNode { self, group: &PublicGroup, backend: &impl OpenMlsCryptoProvider, + sender: bool, ) -> Result { - self.validate_lifetime()?; - self.validate_default(group, backend).await + self.validate_lifetime(sender)?; + self.validate_default(group, backend, sender).await } fn signature_key(&self) -> &SignaturePublicKey { @@ -132,11 +135,13 @@ impl ValidatableLeafNode for VerifiableKeyPackageLeafNode { } impl VerifiableKeyPackageLeafNode { - fn validate_lifetime(&self) -> Result<(), LeafNodeValidationError> { + /// about `sender` see https://www.rfc-editor.org/rfc/rfc9420.html#section-7.3-4.5.1 + /// We only validate the lifetime if we are the message sender + fn validate_lifetime(&self, sender: bool) -> Result<(), LeafNodeValidationError> { let LeafNodeSource::KeyPackage(lifetime) = self.payload.leaf_node_source else { return Err(LeafNodeValidationError::InvalidLeafNodeSource); }; - if !lifetime.is_valid() { + if sender && !lifetime.is_valid() { return Err(LeafNodeValidationError::Lifetime(LifetimeError::NotCurrent)); } Ok(()) @@ -153,6 +158,7 @@ where self, backend: &impl OpenMlsCryptoProvider, signature_scheme: SignatureScheme, + _sender: bool, ) -> Result { self.standalone_validate_default(backend, signature_scheme) .await @@ -177,21 +183,24 @@ where self, group: &PublicGroup, backend: &impl OpenMlsCryptoProvider, + sender: bool, ) -> Result { - self.validate_default(group, backend).await + self.validate_default(group, backend, sender).await } async fn validate_default( self, group: &PublicGroup, backend: &impl OpenMlsCryptoProvider, + sender: bool, ) -> Result { self.validate_capabilities(group)?; self.validate_credential_type(group)?; let tree = group.treesync(); self.validate_signature_encryption_key_unique(tree)?; let signature_scheme = group.ciphersuite().signature_algorithm(); - self.standalone_validate(backend, signature_scheme).await + self.standalone_validate(backend, signature_scheme, sender) + .await } fn signature_key(&self) -> &SignaturePublicKey; diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs b/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs index ceab79e21e..704a3ac54d 100644 --- a/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs +++ b/openmls/src/treesync/tests_and_kats/kats/kat_tree_operations.rs @@ -64,7 +64,7 @@ async fn run_test_vector( let ratchet_tree = RatchetTree::from(RatchetTreeIn::from_nodes(nodes)); let tree_before = - TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, false) + TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, false, true) .await .map_err(|e| format!("Error while creating tree sync: {e:?}"))?; diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs b/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs index f33b2b9cbf..84ab51d6d9 100644 --- a/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs +++ b/openmls/src/treesync/tests_and_kats/kats/kat_tree_validation.rs @@ -109,10 +109,16 @@ async fn run_test_vector( .into_verified(ciphersuite, backend.crypto(), group_id) .unwrap(); - let treesync = - TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree.clone(), group_id, true) - .await - .map_err(|e| format!("Error while creating tree sync: {e:?}"))?; + let treesync = TreeSync::from_ratchet_tree( + backend, + ciphersuite, + ratchet_tree.clone(), + group_id, + true, + false, + ) + .await + .map_err(|e| format!("Error while creating tree sync: {e:?}"))?; let diff = treesync.empty_diff(); diff --git a/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs b/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs index ca68a27ff3..0698045622 100644 --- a/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs +++ b/openmls/src/treesync/tests_and_kats/kats/kat_treekem.rs @@ -98,7 +98,7 @@ pub async fn run_test_vector(test: TreeKemTest, backend: &impl OpenMlsCryptoProv .into_verified(ciphersuite, backend.crypto(), group_id) .unwrap(); - TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true) + TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, group_id, true, true) .await .unwrap() }; diff --git a/openmls/src/treesync/tests_and_kats/tests/test_diff.rs b/openmls/src/treesync/tests_and_kats/tests/test_diff.rs index 9d32bb2eae..1481fb0f12 100644 --- a/openmls/src/treesync/tests_and_kats/tests/test_diff.rs +++ b/openmls/src/treesync/tests_and_kats/tests/test_diff.rs @@ -38,9 +38,10 @@ async fn test_free_leaf_computation( // Get the encryption key pair from the leaf. let group_id = GroupId::random(backend); - let tree = TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, true) - .await - .expect("error generating tree"); + let tree = + TreeSync::from_ratchet_tree(backend, ciphersuite, ratchet_tree, &group_id, true, true) + .await + .expect("error generating tree"); // Create and add a new leaf. It should go to leaf index 1 diff --git a/openmls/src/treesync/treekem.rs b/openmls/src/treesync/treekem.rs index 9a82289aaf..81af6432b2 100644 --- a/openmls/src/treesync/treekem.rs +++ b/openmls/src/treesync/treekem.rs @@ -383,13 +383,14 @@ impl UpdatePathIn { backend: &impl OpenMlsCryptoProvider, tree_position: TreePosition, group: &PublicGroup, + sender: bool, ) -> Result { let leaf_node_in = self.leaf_node().clone(); let verifiable_leaf_node = leaf_node_in.try_into_verifiable_leaf_node(Some(tree_position))?; match verifiable_leaf_node { VerifiableLeafNode::Commit(commit_leaf_node) => { - let leaf_node = commit_leaf_node.validate(group, backend).await?; + let leaf_node = commit_leaf_node.validate(group, backend, sender).await?; Ok(UpdatePath { leaf_node, nodes: self.nodes,