Merge pull request #8 from Bren2010/brendan/deleting-lr

Don't delete private key for last resort KP.
xmtp · Jan 5, 2024 · 9c7d5cb · 9c7d5cb
2 parents 2f50273 + 57d2a60
commit 9c7d5cb
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 15 deletions.
diff --git a/openmls/src/credentials/codec.rs b/openmls/src/credentials/codec.rs
@@ -31,8 +31,7 @@ impl tls_codec::Serialize for Credential {
 impl tls_codec::Deserialize for Credential {
     fn tls_deserialize<R: Read>(bytes: &mut R) -> Result<Self, tls_codec::Error> {
         let val = u16::tls_deserialize(bytes)?;
-        let credential_type = CredentialType::try_from(val)
-            .map_err(|e| tls_codec::Error::DecodingError(e.to_string()))?;
+        let credential_type = CredentialType::from(val);
         match credential_type {
             CredentialType::Basic => Ok(Credential::from(MlsCredentialType::Basic(
                 BasicCredential::tls_deserialize(bytes)?,

diff --git a/openmls/src/extensions/test_extensions.rs b/openmls/src/extensions/test_extensions.rs
@@ -8,6 +8,7 @@ use tls_codec::{Deserialize, Serialize};
 
 use super::*;
 use crate::{
+    ciphersuite::HpkePrivateKey,
     credentials::*,
     framing::*,
     group::{config::CryptoConfig, errors::*, *},
@@ -16,6 +17,7 @@ use crate::{
     prelude::Capabilities,
     schedule::psk::store::ResumptionPskStore,
     test_utils::*,
+    treesync::node::encryption_keys::EncryptionKeyPair,
     versions::ProtocolVersion,
 };
 
@@ -324,19 +326,39 @@ fn last_resort_extension(ciphersuite: Ciphersuite, provider: &impl OpenMlsProvid
 
     alice_group.merge_pending_commit(provider).unwrap();
 
-    let _bob_group = MlsGroup::new_from_welcome(
+    let mut bob_group = MlsGroup::new_from_welcome(
         provider,
         &mls_group_config,
         welcome.into_welcome().expect("Unexpected MLS message"),
         Some(alice_group.export_ratchet_tree().into()),
     )
     .expect("An unexpected error occurred.");
 
-    // This should not have deleted the KP from the store
+    // === Bob sends a commit ==
+
+    let (_message, _welcome, _group_info) = bob_group
+        .self_update(provider, &signer)
+        .expect("An unexpected error occurred.");
+    bob_group
+        .merge_pending_commit(provider)
+        .expect("An unexpected error occurred.");
+
+    // This should not have deleted the KP or private keys from the store
     let kp: Option<KeyPackage> = provider.key_store().read(
         kp.hash_ref(provider.crypto())
             .expect("error hashing kp")
             .as_slice(),
     );
     assert!(kp.is_some());
+
+    let kp = kp.unwrap();
+
+    let leaf_keypair =
+        EncryptionKeyPair::read_from_key_store(provider, kp.leaf_node().encryption_key());
+    assert!(leaf_keypair.is_some());
+
+    let private_key = provider
+        .key_store()
+        .read::<HpkePrivateKey>(kp.hpke_init_key().as_slice());
+    assert!(private_key.is_some());
 }
diff --git a/openmls/src/group/core_group/new_from_welcome.rs b/openmls/src/group/core_group/new_from_welcome.rs
@@ -30,9 +30,11 @@ impl CoreGroup {
             key_package_bundle.key_package.leaf_node().encryption_key(),
         )
         .ok_or(WelcomeError::NoMatchingEncryptionKey)?;
-        leaf_keypair
-            .delete_from_key_store(provider.key_store())
-            .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?;
+        if !key_package_bundle.key_package.last_resort() {
+            leaf_keypair
+                .delete_from_key_store(provider.key_store())
+                .map_err(|_| WelcomeError::NoMatchingEncryptionKey)?;
+        }
 
         let ciphersuite = welcome.ciphersuite();
 

diff --git a/openmls/src/group/mod.rs b/openmls/src/group/mod.rs
@@ -29,10 +29,9 @@ pub(crate) mod errors;
 pub use core_group::proposals::*;
 pub use core_group::staged_commit::StagedCommit;
 pub use errors::*;
-pub use group_context::*;
+pub use group_context::GroupContext;
 pub use mls_group::config::*;
 pub use mls_group::membership::*;
-pub use mls_group::processing::*;
 pub use mls_group::*;
 pub use public_group::*;
 
@@ -41,11 +40,7 @@ pub use public_group::*;
 pub(crate) use core_group::create_commit_params::*;
 #[cfg(any(feature = "test-utils", test))]
 pub(crate) mod tests;
-#[cfg(any(feature = "test-utils", test))]
-pub use group_context::GroupContext;
 use openmls_traits::random::OpenMlsRand;
-#[cfg(any(feature = "test-utils", test))]
-pub use proposals::*;
 
 /// A group ID. The group ID is chosen by the creator of the group and should be globally unique.
 #[derive(

diff --git a/openmls/src/prelude.rs b/openmls/src/prelude.rs
@@ -4,7 +4,7 @@
 // MlsGroup
 pub use crate::group::{config::CryptoConfig, core_group::Member, ser::*, *};
 
-pub use crate::group::public_group::{errors::*, process::*, *};
+pub use crate::group::public_group::errors::*;
 
 // Ciphersuite
 pub use crate::ciphersuite::{hash_ref::KeyPackageRef, signable::*, signature::*, *};
@@ -22,7 +22,7 @@ pub use crate::versions::*;
 pub use crate::extensions::{errors::*, *};
 
 // Framing
-pub use crate::framing::{message_in::*, message_out::*, sender::*, validation::*, *};
+pub use crate::framing::*;
 
 // Key packages
 pub use crate::key_packages::{errors::*, *};