From a57dc96a218319efb53303cb29159aaf77e899cc Mon Sep 17 00:00:00 2001 From: Brendan McMillion Date: Fri, 29 Dec 2023 17:09:42 -0800 Subject: [PATCH] Don't delete private key for last resort KP. --- openmls/src/extensions/test_extensions.rs | 26 +++++++++++++++++-- .../src/group/core_group/new_from_welcome.rs | 8 +++--- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/openmls/src/extensions/test_extensions.rs b/openmls/src/extensions/test_extensions.rs index 4c9b567f7a..69b9d0bd4a 100644 --- a/openmls/src/extensions/test_extensions.rs +++ b/openmls/src/extensions/test_extensions.rs @@ -8,6 +8,7 @@ use tls_codec::{Deserialize, Serialize}; use super::*; use crate::{ + ciphersuite::HpkePrivateKey, credentials::*, framing::*, group::{config::CryptoConfig, errors::*, *}, @@ -16,6 +17,7 @@ use crate::{ prelude::Capabilities, schedule::psk::store::ResumptionPskStore, test_utils::*, + treesync::node::encryption_keys::EncryptionKeyPair, versions::ProtocolVersion, }; @@ -324,7 +326,7 @@ fn last_resort_extension(ciphersuite: Ciphersuite, provider: &impl OpenMlsProvid alice_group.merge_pending_commit(provider).unwrap(); - let _bob_group = MlsGroup::new_from_welcome( + let mut bob_group = MlsGroup::new_from_welcome( provider, &mls_group_config, welcome.into_welcome().expect("Unexpected MLS message"), @@ -332,11 +334,31 @@ fn last_resort_extension(ciphersuite: Ciphersuite, provider: &impl OpenMlsProvid ) .expect("An unexpected error occurred."); - // This should not have deleted the KP from the store + // === Bob sends a commit == + + let (_message, _welcome, _group_info) = bob_group + .self_update(provider, &signer) + .expect("An unexpected error occurred."); + bob_group + .merge_pending_commit(provider) + .expect("An unexpected error occurred."); + + // This should not have deleted the KP or private keys from the store let kp: Option = provider.key_store().read( kp.hash_ref(provider.crypto()) .expect("error hashing kp") .as_slice(), ); assert!(kp.is_some()); + + let kp = kp.unwrap(); + + let leaf_keypair = + EncryptionKeyPair::read_from_key_store(provider, kp.leaf_node().encryption_key()); + assert!(leaf_keypair.is_some()); + + let private_key = provider + .key_store() + .read::(kp.hpke_init_key().as_slice()); + assert!(private_key.is_some()); } diff --git a/openmls/src/group/core_group/new_from_welcome.rs b/openmls/src/group/core_group/new_from_welcome.rs index 5305a582b6..81aebc02f3 100644 --- a/openmls/src/group/core_group/new_from_welcome.rs +++ b/openmls/src/group/core_group/new_from_welcome.rs @@ -30,9 +30,11 @@ impl CoreGroup { key_package_bundle.key_package.leaf_node().encryption_key(), ) .ok_or(WelcomeError::NoMatchingEncryptionKey)?; - leaf_keypair - .delete_from_key_store(provider.key_store()) - .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?; + if !key_package_bundle.key_package.last_resort() { + leaf_keypair + .delete_from_key_store(provider.key_store()) + .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?; + } let ciphersuite = welcome.ciphersuite();