mls-spec 2.0.0

This crate is a repository of MLS / RFC9420-related data structures.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

use crate::{
    SensitiveBytes,
    defs::{Epoch, LeafIndex, ProtocolVersion, WireFormat, labels::KdfLabelKind},
    group::{GroupId, GroupIdRef},
};

pub const WIRE_FORMAT_MLS_TARGETED_MESSAGE: u16 = 0x0006;

#[derive(
    Debug,
    Clone,
    PartialEq,
    Eq,
    tls_codec::TlsSerialize,
    tls_codec::TlsDeserialize,
    tls_codec::TlsSize,
)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct TargetedMessageSenderAuthData {
    pub sender_leaf_index: LeafIndex,
    pub signature: SensitiveBytes,
    pub kem_output: SensitiveBytes,
}

#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
pub struct TargetedMessageTBM<'a> {
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub group_id: GroupIdRef<'a>,
    pub epoch: &'a Epoch,
    pub recipient_leaf_index: &'a LeafIndex,
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub authenticated_data: &'a [u8],
    pub sender_auth_data: &'a TargetedMessageSenderAuthData,
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct TargetedMessageTBS<'a> {
    pub group_id: GroupIdRef<'a>,
    pub epoch: &'a Epoch,
    pub recipient_leaf_index: &'a LeafIndex,
    pub authenticated_data: &'a [u8],
    pub sender_leaf_index: &'a LeafIndex,
    pub kem_output: &'a [u8],
    pub ciphertext: &'a [u8],
}

impl<'a> tls_codec::Size for TargetedMessageTBS<'a> {
    fn tls_serialized_len(&self) -> usize {
        ProtocolVersion::Mls10.tls_serialized_len()
            + WireFormat::new_unchecked(WireFormat::MLS_TARGETED_MESSAGE).tls_serialized_len()
            + crate::tlspl::bytes::tls_serialized_len(self.group_id)
            + self.epoch.tls_serialized_len()
            + self.recipient_leaf_index.tls_serialized_len()
            + crate::tlspl::bytes::tls_serialized_len(self.authenticated_data)
            + self.sender_leaf_index.tls_serialized_len()
            + crate::tlspl::bytes::tls_serialized_len(self.kem_output)
            + crate::tlspl::bytes::tls_serialized_len(self.ciphertext)
    }
}

impl<'a> tls_codec::Serialize for TargetedMessageTBS<'a> {
    fn tls_serialize<W: std::io::Write>(&self, writer: &mut W) -> Result<usize, tls_codec::Error> {
        let mut written = ProtocolVersion::Mls10.tls_serialize(writer)?;
        written +=
            WireFormat::new_unchecked(WireFormat::MLS_TARGETED_MESSAGE).tls_serialize(writer)?;
        written += crate::tlspl::bytes::tls_serialize(self.group_id, writer)?;
        written += self.epoch.tls_serialize(writer)?;
        written += self.recipient_leaf_index.tls_serialize(writer)?;
        written += crate::tlspl::bytes::tls_serialize(self.authenticated_data, writer)?;
        written += self.sender_leaf_index.tls_serialize(writer)?;
        written += crate::tlspl::bytes::tls_serialize(self.kem_output, writer)?;
        written += crate::tlspl::bytes::tls_serialize(self.ciphertext, writer)?;

        Ok(written)
    }
}

#[derive(
    Debug,
    Clone,
    PartialEq,
    Eq,
    tls_codec::TlsSerialize,
    tls_codec::TlsDeserialize,
    tls_codec::TlsSize,
)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct TargetedMessage {
    pub group_id: GroupId,
    pub epoch: Epoch,
    pub recipient_leaf_index: LeafIndex,
    pub authenticated_data: SensitiveBytes,
    pub encrypted_sender_auth_data: SensitiveBytes,
    pub ciphertext: SensitiveBytes,
}

#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
pub struct TargetedMessagePreSharedKeyId<'a> {
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub group_id: GroupIdRef<'a>,
    pub epoch: &'a Epoch,
}

impl TargetedMessagePreSharedKeyId<'_> {
    pub const LABEL: KdfLabelKind = KdfLabelKind::TargetedMessagePsk;
}

#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
pub struct TargetedMessageSenderAuthDataAAD<'a> {
    #[tls_codec(with = "crate::tlspl::bytes")]
    pub group_id: GroupIdRef<'a>,
    pub epoch: &'a Epoch,
    pub recipient_leaf_index: &'a LeafIndex,
}

#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct TargetedMessageContent {
    pub application_data: Vec<u8>,
    pub padding_len: usize,
}

impl tls_codec::Size for TargetedMessageContent {
    fn tls_serialized_len(&self) -> usize {
        crate::tlspl::tls_serialized_len_as_vlvec(self.application_data.len()) + self.padding_len
    }
}

impl tls_codec::Serialize for TargetedMessageContent {
    fn tls_serialize<W: std::io::Write>(&self, writer: &mut W) -> Result<usize, tls_codec::Error> {
        let mut written = crate::tlspl::bytes::tls_serialize(&self.application_data, writer)?;
        writer.write_all(&vec![0u8; self.padding_len][..])?;
        written += self.padding_len;
        Ok(written)
    }
}

impl tls_codec::Deserialize for TargetedMessageContent {
    fn tls_deserialize<R: std::io::Read>(bytes: &mut R) -> Result<Self, tls_codec::Error>
    where
        Self: Sized,
    {
        let application_data = crate::tlspl::bytes::tls_deserialize(bytes)?;
        let padding_len = crate::messages::PrivateMessageContent::consume_padding(bytes)?;
        Ok(Self {
            application_data,
            padding_len,
        })
    }
}