Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Annotation] Each modification of LeafNode content MUST be reflected by a change in its signature. #33

Open
Tracked by #1186
, #35
...
duesee opened this issue Jan 10, 2023 · 1 comment · Fixed by openmls/openmls#1192
Open
Tracked by #1186
, #35
...

[Annotation] Each modification of LeafNode content MUST be reflected by a change in its signature. #33

duesee opened this issue Jan 10, 2023 · 1 comment · Fixed by openmls/openmls#1192
Labels
annotation leaf_node

Comments

@duesee
Copy link
Collaborator

duesee commented Jan 10, 2023
edited
Loading

Each modification of LeafNode content MUST be reflected by a change in its signature.

Annotation 
{
  "@context": "http://www.w3.org/ns/anno.jsonld",
  "type": "Annotation",
  "body": [
    {
      "type": "TextualBody",
      "purpose": "tagging",
      "value": "leaf_node"
    }
  ],
  "target": {
    "selector": [
      {
        "type": "TextQuoteSelector",
        "exact": "Each modification of\n   LeafNode content MUST be reflected by a change in its signature."
      },
      {
        "type": "TextPositionSelector",
        "start": 103144,
        "end": 103232
      }
    ]
  },
  "id": "#3ddfbdee-ab0e-43e2-bc6d-4d9ab53e4705",
  "meta": null
}
@duesee duesee mentioned this issue Jan 10, 2023
Closed
14 tasks
@duesee
Copy link
Collaborator Author

duesee commented Jan 10, 2023
edited
Loading

From my understanding, this translates to, "OpenMLS should make sure that any instance of LeafNode is guaranteed to have a correct signature."

This means that ...

  • 1) LeafNodes can only be created with a correct signature.

    • Constructors (impls) can only create a LeafNode with a valid signature.
    • Due to From<OpenMlsLeafNode>, check OpenMlsLeafNode as well. OpenMlsLeafNode is a thin wrapper around LeafNode that (optionally) has the private_key and leaf_index .
    • Bad LeafNode can be constructed through SignedStruct::from_payload.
    • LeafNode implements TlsDeserialize (which is also used in KeyPackages deserialize implementation.).

  • 2) LeafNodes can't be changed in a way that breaks the signature.

    • Currently, we only have the #[test]-gated capabilities_mut and set_credential methods that are &mut LeafNode to test for library erros, i.e., that a broken signature was used in LeafNode.

@duesee duesee closed this as completed Jan 10, 2023
@duesee duesee reopened this Jan 10, 2023
This was referenced Jan 11, 2023
Merged
Open
@duesee duesee self-assigned this Jan 11, 2023
@duesee duesee mentioned this issue Jan 11, 2023
Closed
2 tasks
@duesee duesee changed the title [Validation] Each modification of LeafNode content MUST be reflected by a change in its signature. [Annotation] Each modification of LeafNode content MUST be reflected by a change in its signature. Jan 11, 2023
@duesee duesee reopened this Feb 2, 2023
@duesee duesee removed their assignment Apr 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
annotation leaf_node
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow to pass Capabilities and Extensions when creating an OpenMlsLeafNode. openmls/openmls
1 participant
@duesee