mls_spec/drafts/mls_extensions/
targeted_message.rs

1use crate::{
2    SensitiveBytes,
3    defs::{Epoch, LeafIndex, labels::KdfLabelKind},
4    group::GroupId,
5};
6
7#[derive(
8    Debug,
9    Clone,
10    PartialEq,
11    Eq,
12    tls_codec::TlsSerialize,
13    tls_codec::TlsDeserialize,
14    tls_codec::TlsSize,
15)]
16#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
17pub struct TargetedMessage {
18    pub group_id: GroupId,
19    pub epoch: Epoch,
20    pub recipient_leaf_index: LeafIndex,
21    pub authenticated_data: SensitiveBytes,
22    pub encrypted_sender_auth_data: SensitiveBytes,
23    pub hpke_ciphertext: SensitiveBytes,
24}
25
26#[derive(
27    Debug,
28    Clone,
29    Copy,
30    PartialEq,
31    Eq,
32    tls_codec::TlsSerialize,
33    tls_codec::TlsDeserialize,
34    tls_codec::TlsSize,
35)]
36#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
37// ? Nit - what is the actual type of this thing?
38#[repr(u8)]
39pub enum TargetedMessageAuthScheme {
40    HpkeAuthPsk = 0x00,
41    SignatureHpkePsk = 0x01,
42}
43
44#[derive(
45    Debug,
46    Clone,
47    PartialEq,
48    Eq,
49    tls_codec::TlsSerialize,
50    tls_codec::TlsDeserialize,
51    tls_codec::TlsSize,
52)]
53#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
54pub struct TargetedMessageSenderAuthData {
55    pub sender_leaf_index: LeafIndex,
56    pub authentication_scheme: TargetedMessageAuthScheme,
57    pub signature: SensitiveBytes,
58    pub kem_output: SensitiveBytes,
59}
60
61#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
62pub struct TargetedMessageTBM<'a> {
63    #[tls_codec(with = "crate::tlspl::bytes")]
64    pub group_id: &'a [u8],
65    pub epoch: &'a Epoch,
66    pub recipient_leaf_index: &'a LeafIndex,
67    #[tls_codec(with = "crate::tlspl::bytes")]
68    pub authenticated_data: &'a [u8],
69    pub sender_auth_data: &'a TargetedMessageSenderAuthData,
70}
71
72#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
73pub struct TargetedMessageTBS<'a> {
74    #[tls_codec(with = "crate::tlspl::bytes")]
75    pub group_id: &'a [u8],
76    pub epoch: &'a Epoch,
77    pub recipient_leaf_index: &'a LeafIndex,
78    #[tls_codec(with = "crate::tlspl::bytes")]
79    pub authenticated_data: &'a [u8],
80    pub sender_leaf_index: &'a LeafIndex,
81    pub authentication_scheme: &'a TargetedMessageAuthScheme,
82    #[tls_codec(with = "crate::tlspl::bytes")]
83    pub kem_output: &'a [u8],
84    #[tls_codec(with = "crate::tlspl::bytes")]
85    pub hpke_ciphertext: &'a [u8],
86}
87
88#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
89pub struct TargetedMessagePreSharedKeyId<'a> {
90    #[tls_codec(with = "crate::tlspl::bytes")]
91    pub group_id: &'a [u8],
92    pub epoch: &'a Epoch,
93}
94
95impl TargetedMessagePreSharedKeyId<'_> {
96    pub const LABEL: KdfLabelKind = KdfLabelKind::TargetedMessagePsk;
97}
98
99#[derive(Debug, Clone, PartialEq, Eq, tls_codec::TlsSerialize, tls_codec::TlsSize)]
100pub struct TargetedMessageSenderAuthDataAAD<'a> {
101    #[tls_codec(with = "crate::tlspl::bytes")]
102    pub group_id: &'a [u8],
103    pub epoch: &'a Epoch,
104    pub recipient_leaf_index: &'a LeafIndex,
105}