From a57dc96a218319efb53303cb29159aaf77e899cc Mon Sep 17 00:00:00 2001 From: Brendan McMillion Date: Fri, 29 Dec 2023 17:09:42 -0800 Subject: [PATCH 1/2] Don't delete private key for last resort KP. --- openmls/src/extensions/test_extensions.rs | 26 +++++++++++++++++-- .../src/group/core_group/new_from_welcome.rs | 8 +++--- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/openmls/src/extensions/test_extensions.rs b/openmls/src/extensions/test_extensions.rs index 4c9b567f7a..69b9d0bd4a 100644 --- a/openmls/src/extensions/test_extensions.rs +++ b/openmls/src/extensions/test_extensions.rs @@ -8,6 +8,7 @@ use tls_codec::{Deserialize, Serialize}; use super::*; use crate::{ + ciphersuite::HpkePrivateKey, credentials::*, framing::*, group::{config::CryptoConfig, errors::*, *}, @@ -16,6 +17,7 @@ use crate::{ prelude::Capabilities, schedule::psk::store::ResumptionPskStore, test_utils::*, + treesync::node::encryption_keys::EncryptionKeyPair, versions::ProtocolVersion, }; @@ -324,7 +326,7 @@ fn last_resort_extension(ciphersuite: Ciphersuite, provider: &impl OpenMlsProvid alice_group.merge_pending_commit(provider).unwrap(); - let _bob_group = MlsGroup::new_from_welcome( + let mut bob_group = MlsGroup::new_from_welcome( provider, &mls_group_config, welcome.into_welcome().expect("Unexpected MLS message"), @@ -332,11 +334,31 @@ fn last_resort_extension(ciphersuite: Ciphersuite, provider: &impl OpenMlsProvid ) .expect("An unexpected error occurred."); - // This should not have deleted the KP from the store + // === Bob sends a commit == + + let (_message, _welcome, _group_info) = bob_group + .self_update(provider, &signer) + .expect("An unexpected error occurred."); + bob_group + .merge_pending_commit(provider) + .expect("An unexpected error occurred."); + + // This should not have deleted the KP or private keys from the store let kp: Option = provider.key_store().read( kp.hash_ref(provider.crypto()) .expect("error hashing kp") .as_slice(), ); assert!(kp.is_some()); + + let kp = kp.unwrap(); + + let leaf_keypair = + EncryptionKeyPair::read_from_key_store(provider, kp.leaf_node().encryption_key()); + assert!(leaf_keypair.is_some()); + + let private_key = provider + .key_store() + .read::(kp.hpke_init_key().as_slice()); + assert!(private_key.is_some()); } diff --git a/openmls/src/group/core_group/new_from_welcome.rs b/openmls/src/group/core_group/new_from_welcome.rs index 5305a582b6..81aebc02f3 100644 --- a/openmls/src/group/core_group/new_from_welcome.rs +++ b/openmls/src/group/core_group/new_from_welcome.rs @@ -30,9 +30,11 @@ impl CoreGroup { key_package_bundle.key_package.leaf_node().encryption_key(), ) .ok_or(WelcomeError::NoMatchingEncryptionKey)?; - leaf_keypair - .delete_from_key_store(provider.key_store()) - .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?; + if !key_package_bundle.key_package.last_resort() { + leaf_keypair + .delete_from_key_store(provider.key_store()) + .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?; + } let ciphersuite = welcome.ciphersuite(); From 57d2a605ed0e6cab26cfce30a5b444c25a21f3ea Mon Sep 17 00:00:00 2001 From: Brendan McMillion Date: Fri, 29 Dec 2023 17:24:37 -0800 Subject: [PATCH 2/2] Fix linting errors. --- openmls/src/credentials/codec.rs | 3 +-- openmls/src/group/mod.rs | 7 +------ openmls/src/prelude.rs | 4 ++-- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/openmls/src/credentials/codec.rs b/openmls/src/credentials/codec.rs index c4169936d4..0cc8df9169 100644 --- a/openmls/src/credentials/codec.rs +++ b/openmls/src/credentials/codec.rs @@ -31,8 +31,7 @@ impl tls_codec::Serialize for Credential { impl tls_codec::Deserialize for Credential { fn tls_deserialize(bytes: &mut R) -> Result { let val = u16::tls_deserialize(bytes)?; - let credential_type = CredentialType::try_from(val) - .map_err(|e| tls_codec::Error::DecodingError(e.to_string()))?; + let credential_type = CredentialType::from(val); match credential_type { CredentialType::Basic => Ok(Credential::from(MlsCredentialType::Basic( BasicCredential::tls_deserialize(bytes)?, diff --git a/openmls/src/group/mod.rs b/openmls/src/group/mod.rs index 5ffde23222..10be650ff2 100644 --- a/openmls/src/group/mod.rs +++ b/openmls/src/group/mod.rs @@ -29,10 +29,9 @@ pub(crate) mod errors; pub use core_group::proposals::*; pub use core_group::staged_commit::StagedCommit; pub use errors::*; -pub use group_context::*; +pub use group_context::GroupContext; pub use mls_group::config::*; pub use mls_group::membership::*; -pub use mls_group::processing::*; pub use mls_group::*; pub use public_group::*; @@ -41,11 +40,7 @@ pub use public_group::*; pub(crate) use core_group::create_commit_params::*; #[cfg(any(feature = "test-utils", test))] pub(crate) mod tests; -#[cfg(any(feature = "test-utils", test))] -pub use group_context::GroupContext; use openmls_traits::random::OpenMlsRand; -#[cfg(any(feature = "test-utils", test))] -pub use proposals::*; /// A group ID. The group ID is chosen by the creator of the group and should be globally unique. #[derive( diff --git a/openmls/src/prelude.rs b/openmls/src/prelude.rs index de04bfffe6..aef1064837 100644 --- a/openmls/src/prelude.rs +++ b/openmls/src/prelude.rs @@ -4,7 +4,7 @@ // MlsGroup pub use crate::group::{config::CryptoConfig, core_group::Member, ser::*, *}; -pub use crate::group::public_group::{errors::*, process::*, *}; +pub use crate::group::public_group::errors::*; // Ciphersuite pub use crate::ciphersuite::{hash_ref::KeyPackageRef, signable::*, signature::*, *}; @@ -22,7 +22,7 @@ pub use crate::versions::*; pub use crate::extensions::{errors::*, *}; // Framing -pub use crate::framing::{message_in::*, message_out::*, sender::*, validation::*, *}; +pub use crate::framing::*; // Key packages pub use crate::key_packages::{errors::*, *};