diff --git a/include/mls/key_schedule.h b/include/mls/key_schedule.h index de1d26ea..85cd7aba 100644 --- a/include/mls/key_schedule.h +++ b/include/mls/key_schedule.h @@ -200,10 +200,9 @@ struct TranscriptHash const bytes& confirmation_tag); // Updating hashes - bytes new_confirmed(const AuthenticatedContent& content_auth) const; + bytes new_confirmed(const bytes& transcript_hash_input) const; void set_confirmed(bytes confirmed_transcript_hash); void update_interim(const bytes& confirmation_tag); - void update_interim(const AuthenticatedContent& content_auth); }; bool diff --git a/include/mls/state.h b/include/mls/state.h index 9d2a4960..0234c7b2 100644 --- a/include/mls/state.h +++ b/include/mls/state.h @@ -321,12 +321,12 @@ class State const bytes& leaf_secret, const std::optional& opts, const MessageOpts& msg_opts, - CommitParams params); + const CommitParams& params); struct CommitMaterials; CommitMaterials prepare_commit(const bytes& leaf_secret, const std::optional& opts, - CommitParams params) const; + const CommitParams& params) const; Welcome welcome(bool inline_tree, const std::vector& psks, const std::vector& joiners, @@ -346,7 +346,7 @@ class State LeafIndex committer, const std::optional& path_secret_decrypt_node, const std::optional& encrypted_path_secret, - const ExtensionList& extensions, + ExtensionList extensions, const std::vector& psks, const std::optional& force_init_secret, const bytes& confirmed_transcript_hash, @@ -448,8 +448,8 @@ class State ExtensionList extensions, const bytes& confirmed_transcript_hash, bool has_path, - const std::vector psks, - const std::optional force_init_secret) const; + const std::vector& psks, + const std::optional& force_init_secret) const; }; } // namespace MLS_NAMESPACE diff --git a/lib/mls_vectors/src/mls_vectors.cpp b/lib/mls_vectors/src/mls_vectors.cpp index 9471b4f0..8a141b7d 100644 --- a/lib/mls_vectors/src/mls_vectors.cpp +++ b/lib/mls_vectors/src/mls_vectors.cpp @@ -989,7 +989,7 @@ TranscriptTestVector::TranscriptTestVector(CipherSuite suite) sig_priv, group_context); - const auto new_confirmed = transcript.new_confirmed(authenticated_content); + const auto new_confirmed = transcript.new_confirmed(authenticated_content.confirmed_transcript_hash_input()); transcript.set_confirmed(new_confirmed); group_context.confirmed_transcript_hash = transcript.confirmed; @@ -999,10 +999,8 @@ TranscriptTestVector::TranscriptTestVector(CipherSuite suite) std::nullopt, transcript.confirmed, tls::marshal(group_context)); - authenticated_content.set_confirmation_tag( - key_schedule_after.confirmation_tag); - transcript.update_interim(authenticated_content); + transcript.update_interim(key_schedule_after.confirmation_tag); // Store the required data confirmation_key = key_schedule_after.confirmation_key; @@ -1016,9 +1014,11 @@ TranscriptTestVector::verify() const auto transcript = TranscriptHash(cipher_suite); transcript.interim = interim_transcript_hash_before; - const auto new_confirmed = transcript.new_confirmed(authenticated_content); + const auto new_confirmed = transcript.new_confirmed(authenticated_content.confirmed_transcript_hash_input()); transcript.set_confirmed(new_confirmed); - transcript.update_interim(authenticated_content); + + const auto input_confirmation_tag = opt::get(authenticated_content.auth.confirmation_tag); + transcript.update_interim(input_confirmation_tag); VERIFY_EQUAL( "confirmed", transcript.confirmed, confirmed_transcript_hash_after); diff --git a/src/key_schedule.cpp b/src/key_schedule.cpp index b7cd8f32..571e2dc8 100644 --- a/src/key_schedule.cpp +++ b/src/key_schedule.cpp @@ -551,11 +551,9 @@ TranscriptHash::TranscriptHash(CipherSuite suite_in, } bytes -TranscriptHash::new_confirmed(const AuthenticatedContent& content_auth) const +TranscriptHash::new_confirmed(const bytes& transcript_hash_input) const { - const auto transcript = - interim + content_auth.confirmed_transcript_hash_input(); - return suite.digest().hash(transcript); + return suite.digest().hash(interim + transcript_hash_input); } void @@ -567,16 +565,7 @@ TranscriptHash::set_confirmed(bytes confirmed_transcript_hash) void TranscriptHash::update_interim(const bytes& confirmation_tag) { - const auto transcript = confirmed + tls::marshal(confirmation_tag); - interim = suite.digest().hash(transcript); -} - -void -TranscriptHash::update_interim(const AuthenticatedContent& content_auth) -{ - const auto transcript = - confirmed + content_auth.interim_transcript_hash_input(); - interim = suite.digest().hash(transcript); + interim = suite.digest().hash(confirmed + tls::marshal(confirmation_tag)); } bool diff --git a/src/state.cpp b/src/state.cpp index f745db47..b0568272 100644 --- a/src/state.cpp +++ b/src/state.cpp @@ -653,7 +653,7 @@ struct State::CommitMaterials State::CommitMaterials State::prepare_commit(const bytes& leaf_secret, const std::optional& opts, - CommitParams params) const + const CommitParams& params) const { // Construct a proposal list from cached proposals auto proposals = std::vector{}; @@ -769,7 +769,7 @@ std::tuple State::commit(const bytes& leaf_secret, const std::optional& opts, const MessageOpts& msg_opts, - CommitParams params) + const CommitParams& params) { // Compute the new group state auto commit_materials = prepare_commit(leaf_secret, opts, params); @@ -789,8 +789,8 @@ State::commit(const bytes& leaf_secret, sign(sender, commit, msg_opts.authenticated_data, msg_opts.encrypt); // Update confirmed transcript hash and ratchet the key schedule forward - const auto confirmed_transcript_hash = - _transcript_hash.new_confirmed(preliminary_commit); + const auto confirmed_transcript_hash = _transcript_hash.new_confirmed( + preliminary_commit.confirmed_transcript_hash_input()); const auto next = successor(commit_materials.index, std::move(commit_materials.new_tree), @@ -874,7 +874,7 @@ State::handle(const ValidatedContent& val_content, // Commits are handled in the remainder of this method case ContentType::commit: - return handle_commit(content_auth, cached_state, expected_params); + return handle_commit(content_auth, std::move(cached_state), expected_params); // Any other content type in this method is an error default: @@ -1013,8 +1013,8 @@ State::handle_commit(const AuthenticatedContent& content_auth, } // Update the transcript hash - const auto new_confirmed_transcript_hash = - _transcript_hash.new_confirmed(content_auth); + const auto new_confirmed_transcript_hash = _transcript_hash.new_confirmed( + content_auth.confirmed_transcript_hash_input()); const auto new_confirmation_tag = opt::get(content_auth.auth.confirmation_tag); @@ -1034,7 +1034,7 @@ State::ratchet(TreeKEMPublicKey new_tree, LeafIndex committer, const std::optional& path_secret_decrypt_node, const std::optional& encrypted_path_secret, - const ExtensionList& extensions, + ExtensionList extensions, const std::vector& psks, const std::optional& force_init_secret, const bytes& confirmed_transcript_hash, @@ -1421,7 +1421,6 @@ State::apply(const std::vector& proposals) const auto psks = resolve(psk_ids); tree.truncate(); - // TODO _tree_priv.truncate(_tree.size); tree.set_hash_all(); return { tree, joiner_locations, psks, extensions }; } @@ -2263,8 +2262,8 @@ State::successor(LeafIndex index, ExtensionList extensions, const bytes& confirmed_transcript_hash, bool has_path, - const std::vector psks, - const std::optional force_init_secret) const + const std::vector& psks, + const std::optional& force_init_secret) const { // Initialize a clone with updates, clear things that shouldn't be copied auto next = *this; @@ -2272,7 +2271,7 @@ State::successor(LeafIndex index, next._index = index; next._tree = std::move(tree); next._tree_priv = std::move(tree_priv); - next._extensions = extensions; + next._extensions = std::move(extensions); next._pending_proposals.clear(); // Copy forward a resumption PSK