fix: do not serialize signature key's scheme

wireapp · Aug 11, 2022 · 46ee6e0 · 46ee6e0
1 parent 1b4a7a2
commit 46ee6e0
Show file tree

Hide file tree

Showing 5 changed files with 10,436 additions and 10,420 deletions.
diff --git a/openmls/src/ciphersuite/codec.rs b/openmls/src/ciphersuite/codec.rs
@@ -7,22 +7,13 @@ use tls_codec::{Error, TlsSliceU16, TlsSliceU8, TlsVecU8};
 
 impl tls_codec::Serialize for SignaturePublicKey {
     fn tls_serialize<W: Write>(&self, writer: &mut W) -> Result<usize, Error> {
-        let written = self.signature_scheme.tls_serialize(writer)?;
-        TlsSliceU16(&self.value).tls_serialize(writer).map(|l| l + written)
-    }
-}
-
-impl tls_codec::Deserialize for SignaturePublicKey {
-    fn tls_deserialize<R: Read>(bytes: &mut R) -> Result<Self, Error> {
-        let signature_scheme = SignatureScheme::tls_deserialize(bytes)?;
-        let value = TlsByteVecU16::tls_deserialize(bytes)?.into();
-        Ok(Self { value, signature_scheme })
+        TlsSliceU16(&self.value).tls_serialize(writer)
     }
 }
 
 impl tls_codec::Size for SignaturePublicKey {
     fn tls_serialized_len(&self) -> usize {
-        TlsSliceU16(&self.value).tls_serialized_len() + self.signature_scheme.tls_serialized_len()
+        TlsSliceU16(&self.value).tls_serialized_len()
     }
 }
 

diff --git a/openmls/src/credentials/codec.rs b/openmls/src/credentials/codec.rs
@@ -51,7 +51,11 @@ impl tls_codec::Deserialize for BasicCredential {
     fn tls_deserialize<R: Read>(bytes: &mut R) -> Result<Self, tls_codec::Error> {
         let identity = TlsByteVecU16::tls_deserialize(bytes)?;
         let signature_scheme = SignatureScheme::tls_deserialize(bytes)?;
-        let public_key = SignaturePublicKey::tls_deserialize(bytes)?;
+        let public_key_bytes = TlsByteVecU16::tls_deserialize(bytes)?;
+        let public_key = SignaturePublicKey::new(public_key_bytes.into(), signature_scheme)
+            .map_err(|e| {
+                Error::DecodingError(format!("Error creating signature public key {:?}", e))
+            })?;
         Ok(BasicCredential {
             identity,
             signature_scheme,

diff --git a/openmls/src/extensions/external_senders_extension.rs b/openmls/src/extensions/external_senders_extension.rs
@@ -1,32 +1,50 @@
+use std::io::Read;
+
 use openmls_traits::types::SignatureScheme;
-use super::{Deserialize, Serialize};
-use crate::{
-    credentials::Credential,
-    prelude::SignaturePublicKey
-};
-use tls_codec::{TlsDeserialize, TlsSerialize, TlsSize, TlsVecU16};
+use tls_codec::{Error, TlsByteVecU16, TlsDeserialize, TlsSerialize, TlsSize, TlsVecU16};
+
 use crate::prelude::{BasicCredential, CredentialType, MlsCredentialType};
+use crate::{credentials::Credential, prelude::SignaturePublicKey};
 
+use super::{Deserialize, Serialize};
 
 /// # External Senders
 ///
 /// Allows declaring clients allowed to create external proposals.
 /// Clients are ([`ExternalSender`])
-#[derive(PartialEq, Clone, Debug, Default, Serialize, Deserialize, TlsSerialize, TlsDeserialize, TlsSize)]
+#[derive(
+    PartialEq, Clone, Debug, Default, Serialize, Deserialize, TlsSerialize, TlsDeserialize, TlsSize,
+)]
 pub struct ExternalSendersExtension {
     /// [Credential] of the senders allowed to send external proposals
     pub senders: TlsVecU16<ExternalSender>,
 }
 
 /// A client not in a MLS group allowed to create external proposals for a group
-#[derive(PartialEq, Clone, Debug, Serialize, Deserialize, TlsSerialize, TlsDeserialize, TlsSize)]
+#[derive(PartialEq, Clone, Debug, Serialize, Deserialize, TlsSerialize, TlsSize)]
 pub struct ExternalSender {
     /// Sender's credential
     pub credential: Credential,
     /// Sender's public signature key
     pub signature_key: SignaturePublicKey,
 }
 
+impl tls_codec::Deserialize for ExternalSender {
+    fn tls_deserialize<R: Read>(bytes: &mut R) -> Result<Self, Error> {
+        let credential: Credential = Credential::tls_deserialize(bytes)?.into();
+        let public_key_bytes = TlsByteVecU16::tls_deserialize(bytes)?;
+        let signature_scheme = credential.signature_scheme().map_err(|_| Error::DecodingError("Could not extract signature scheme from credential while deserializing external sender".to_string()))?;
+        let signature_key = SignaturePublicKey::new(public_key_bytes.into(), signature_scheme)
+            .map_err(|e| {
+                Error::DecodingError(format!("Error deserializing signature public key {:?}", e))
+            })?;
+        Ok(Self {
+            credential,
+            signature_key,
+        })
+    }
+}
+
 #[cfg(test)]
 impl From<Credential> for ExternalSender {
     fn from(credential: Credential) -> Self {
@@ -48,9 +66,12 @@ impl ExternalSender {
         };
         let credential = Credential {
             credential_type: CredentialType::Basic,
-            credential: MlsCredentialType::Basic(credential)
+            credential: MlsCredentialType::Basic(credential),
         };
-        Self { signature_key, credential }
+        Self {
+            signature_key,
+            credential,
+        }
     }
 }