Revision control

Copy as Markdown

Other Tools

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Copyright by contributors to this project.
// SPDX-License-Identifier: (Apache-2.0 OR MIT)
use mls_rs_core::{crypto::CipherSuiteProvider, protocol_version::ProtocolVersion};
use crate::{client::MlsError, signer::Signable, KeyPackage};
#[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
pub(crate) async fn validate_key_package_properties<CSP: CipherSuiteProvider>(
package: &KeyPackage,
version: ProtocolVersion,
cs: &CSP,
) -> Result<(), MlsError> {
package
.verify(cs, &package.leaf_node.signing_identity.signature_key, &())
.await?;
// Verify that the protocol version matches
if package.version != version {
return Err(MlsError::ProtocolVersionMismatch);
}
// Verify that the cipher suite matches
if package.cipher_suite != cs.cipher_suite() {
return Err(MlsError::CipherSuiteMismatch);
}
// Verify that the public init key is a valid format for this cipher suite
cs.kem_public_key_validate(&package.hpke_init_key)
.map_err(|_| MlsError::InvalidInitKey)?;
// Verify that the init key and the leaf node public key are different
if package.hpke_init_key.as_ref() == package.leaf_node.public_key.as_ref() {
return Err(MlsError::InitLeafKeyEquality);
}
Ok(())
}