From 62f9e17694fee0171240bd223b31e80c57657d11 Mon Sep 17 00:00:00 2001 From: Mathieu Amiot Date: Thu, 2 May 2024 10:00:20 +0200 Subject: [PATCH] fix: Support legacy external senders with ECDSA --- crypto/src/mls/conversation/config.rs | 45 +++++++++++++-------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/crypto/src/mls/conversation/config.rs b/crypto/src/mls/conversation/config.rs index 4762f896aa..36c599ab3a 100644 --- a/crypto/src/mls/conversation/config.rs +++ b/crypto/src/mls/conversation/config.rs @@ -54,8 +54,13 @@ impl MlsCentral { cfg.external_senders = external_senders .into_iter() .map(|key| { - MlsConversationConfiguration::parse_external_sender(&key) - .or_else(|_| MlsConversationConfiguration::legacy_external_sender(key, &self.mls_backend)) + MlsConversationConfiguration::parse_external_sender(&key).or_else(|_| { + MlsConversationConfiguration::legacy_external_sender( + key, + cfg.ciphersuite.signature_algorithm(), + &self.mls_backend, + ) + }) }) .collect::>()?; Ok(()) @@ -152,12 +157,16 @@ impl MlsConversationConfiguration { /// This supports the legacy behaviour where the server was providing the external sender public key /// raw. This only supports Ed25519 // TODO: remove at some point when the backend API is not used anymore - fn legacy_external_sender(key: Vec, backend: &MlsCryptoProvider) -> CryptoResult { + fn legacy_external_sender( + key: Vec, + signature_scheme: SignatureScheme, + backend: &MlsCryptoProvider, + ) -> CryptoResult { backend .crypto() - .validate_signature_key(SignatureScheme::ED25519, &key[..]) + .validate_signature_key(signature_scheme, &key[..]) .map_err(MlsError::from)?; - let key = OpenMlsSignaturePublicKey::new(key.into(), SignatureScheme::ED25519).map_err(MlsError::from)?; + let key = OpenMlsSignaturePublicKey::new(key.into(), signature_scheme).map_err(MlsError::from)?; Ok(ExternalSender::new( key.into(), Credential::new_basic(Self::WIRE_SERVER_IDENTITY.into()), @@ -224,7 +233,7 @@ pub mod tests { use wasm_bindgen_test::*; use wire_e2e_identity::prelude::JwsAlgorithm; - use crate::{prelude::MlsConversationConfiguration, test_utils::*, CryptoError, MlsError}; + use crate::{prelude::MlsConversationConfiguration, test_utils::*}; wasm_bindgen_test_configure!(run_in_browser); @@ -313,22 +322,10 @@ pub mod tests { .signature_key_gen(case.signature_scheme()) .unwrap(); - match case.signature_scheme() { - SignatureScheme::ED25519 => { - assert!(cc - .mls_central - .set_raw_external_senders(&mut case.cfg.clone(), vec![pk]) - .is_ok()); - } - _ => { - assert!(matches!( - cc.mls_central - .set_raw_external_senders(&mut case.cfg.clone(), vec![pk]) - .unwrap_err(), - CryptoError::MlsError(MlsError::MlsCryptoError(openmls::prelude::CryptoError::InvalidKey)) - )); - } - } + assert!(cc + .mls_central + .set_raw_external_senders(&mut case.cfg.clone(), vec![pk]) + .is_ok()); }) }) .await @@ -350,10 +347,10 @@ pub mod tests { }; let jwk = wire_e2e_identity::prelude::generate_jwk(alg); - assert!(cc + let _ = cc .mls_central .set_raw_external_senders(&mut case.cfg.clone(), vec![jwk]) - .is_ok()); + .unwrap(); }) }) .await;