20887934276

Committed 11 Jan 2026 02:12AM UTC coverage: 95.727% (+0.06%) from 95.665%

Build # 20887934276

Build Type

push

github

Committed by

LukaJCB

Commit Message

Update to vitest v4

Run Details

409 of 417 branches covered (98.08%)

Branch coverage included in aggregate %.

2369 of 2485 relevant lines covered (95.33%)

80736.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.97

/src/messageProtectionPublic.ts

import {
  AuthenticatedContent,
  AuthenticatedContentProposalOrCommit,
  AuthenticatedContentTBM,
  createMembershipTag,
  verifyMembershipTag,
} from "./authenticatedContent.js"
import { CiphersuiteImpl } from "./crypto/ciphersuite.js"
import {
  FramedContent,
  signFramedContentApplicationOrProposal,
  toTbs,
  verifyFramedContentSignature,
} from "./framedContent.js"
import { GroupContext } from "./groupContext.js"
import { CryptoVerificationError, UsageError } from "./mlsError.js"
import { Proposal } from "./proposal.js"
import { ExternalPublicMessage, findSignaturePublicKey, PublicMessage } from "./publicMessage.js"
import { RatchetTree } from "./ratchetTree.js"
import { SenderNonMember } from "./sender.js"

export interface ProtectProposalPublicResult {
  publicMessage: PublicMessage
}

export async function protectProposalPublic(
  signKey: Uint8Array,
  membershipKey: Uint8Array,
  groupContext: GroupContext,
  authenticatedData: Uint8Array,
  proposal: Proposal,
  leafIndex: number,
  cs: CiphersuiteImpl,
): Promise<ProtectProposalPublicResult> {
  const framedContent: FramedContent = {
    groupId: groupContext.groupId,
    epoch: groupContext.epoch,
    sender: { senderType: "member", leafIndex },
    contentType: "proposal",
    authenticatedData,
    proposal,
  }

  const tbs = {
    protocolVersion: groupContext.version,
    wireformat: "mls_public_message",
    content: framedContent,
    senderType: "member",
    context: groupContext,
  } as const

  const auth = await signFramedContentApplicationOrProposal(signKey, tbs, cs)

  const authenticatedContent: AuthenticatedContent = {
    wireformat: "mls_public_message",
    content: framedContent,
    auth,
  }

  const msg = await protectPublicMessage(membershipKey, groupContext, authenticatedContent, cs)

  return { publicMessage: msg }
}

export async function protectExternalProposalPublic(
  signKey: Uint8Array,
  groupContext: GroupContext,
  authenticatedData: Uint8Array,
  proposal: Proposal,
  sender: SenderNonMember,
  cs: CiphersuiteImpl,
): Promise<ProtectProposalPublicResult> {
  const framedContent: FramedContent = {
    groupId: groupContext.groupId,
    epoch: groupContext.epoch,
    sender,
    contentType: "proposal",
    authenticatedData,
    proposal,
  }

  const tbs = {
    protocolVersion: groupContext.version,
    wireformat: "mls_public_message",
    content: framedContent,
    senderType: sender.senderType,
    context: groupContext,
  } as const

  const auth = await signFramedContentApplicationOrProposal(signKey, tbs, cs)

  const msg: ExternalPublicMessage = {
    content: framedContent,
    auth,
    senderType: sender.senderType,
  }

  return { publicMessage: msg }
}

export async function protectPublicMessage(
  membershipKey: Uint8Array,
  groupContext: GroupContext,
  content: AuthenticatedContent,
  cs: CiphersuiteImpl,
): Promise<PublicMessage> {
  if (content.content.contentType === "application") throw new UsageError("Can't make an application message public")

  if (content.content.sender.senderType == "member") {
    const authenticatedContent: AuthenticatedContentTBM = {
      contentTbs: toTbs(content.content, "mls_public_message", groupContext),
      auth: content.auth,
    }

    const tag = await createMembershipTag(membershipKey, authenticatedContent, cs.hash)
    return {
      content: content.content,
      auth: content.auth,
      senderType: "member",
      membershipTag: tag,
    }
  }

  return {
    content: content.content,
    auth: content.auth,
    senderType: content.content.sender.senderType,
  }
}

export interface ProtectCommitPublicResult {
  publicMessage: PublicMessage
}

export async function unprotectPublicMessage(
  membershipKey: Uint8Array,
  groupContext: GroupContext,
  ratchetTree: RatchetTree,
  msg: PublicMessage,
  cs: CiphersuiteImpl,
  overrideSignatureKey?: Uint8Array,
): Promise<AuthenticatedContentProposalOrCommit> {
  if (msg.content.contentType === "application") throw new UsageError("Can't make an application message public")

  if (msg.senderType === "member") {
    const authenticatedContent: AuthenticatedContentTBM = {
      contentTbs: toTbs(msg.content, "mls_public_message", groupContext),
      auth: msg.auth,
    }

    if (!(await verifyMembershipTag(membershipKey, authenticatedContent, msg.membershipTag, cs.hash)))
      throw new CryptoVerificationError("Could not verify membership")
  }

  const signaturePublicKey =
    overrideSignatureKey !== undefined
      ? overrideSignatureKey
      : findSignaturePublicKey(ratchetTree, groupContext, msg.content)

  const signatureValid = await verifyFramedContentSignature(
    signaturePublicKey,
    "mls_public_message",
    msg.content,
    msg.auth,
    groupContext,
    cs.signature,
  )

  if (!signatureValid) throw new CryptoVerificationError("Signature invalid")

  return {
    wireformat: "mls_public_message",
    content: msg.content,
    auth: msg.auth,
  }
}

1	import {
2	AuthenticatedContent,
3	AuthenticatedContentProposalOrCommit,
4	AuthenticatedContentTBM,
5	createMembershipTag,
6	verifyMembershipTag,
7	} from "./authenticatedContent.js"
8	import { CiphersuiteImpl } from "./crypto/ciphersuite.js"
9	import {
10	FramedContent,
11	signFramedContentApplicationOrProposal,
12	toTbs,
13	verifyFramedContentSignature,
14	} from "./framedContent.js"
15	import { GroupContext } from "./groupContext.js"
16	import { CryptoVerificationError, UsageError } from "./mlsError.js"
17	import { Proposal } from "./proposal.js"
18	import { ExternalPublicMessage, findSignaturePublicKey, PublicMessage } from "./publicMessage.js"
19	import { RatchetTree } from "./ratchetTree.js"
20	import { SenderNonMember } from "./sender.js"
21
22	export interface ProtectProposalPublicResult {
23	publicMessage: PublicMessage
24	}
25
26	export async function protectProposalPublic(
27	signKey: Uint8Array,
28	membershipKey: Uint8Array,
29	groupContext: GroupContext,
30	authenticatedData: Uint8Array,
31	proposal: Proposal,
32	leafIndex: number,
33	cs: CiphersuiteImpl,
34	): Promise<ProtectProposalPublicResult> {
35	const framedContent: FramedContent = {	45✔
36	groupId: groupContext.groupId,
37	epoch: groupContext.epoch,
38	sender: { senderType: "member", leafIndex },
39	contentType: "proposal",
40	authenticatedData,
41	proposal,
42	}
43
44	const tbs = {	45✔
45	protocolVersion: groupContext.version,
46	wireformat: "mls_public_message",
47	content: framedContent,
48	senderType: "member",
49	context: groupContext,
50	} as const
51
52	const auth = await signFramedContentApplicationOrProposal(signKey, tbs, cs)	45✔
53
54	const authenticatedContent: AuthenticatedContent = {	45✔
55	wireformat: "mls_public_message",
56	content: framedContent,
57	auth,
58	}
59
60	const msg = await protectPublicMessage(membershipKey, groupContext, authenticatedContent, cs)	45✔
61
62	return { publicMessage: msg }	45✔
63	}
64
65	export async function protectExternalProposalPublic(
66	signKey: Uint8Array,
67	groupContext: GroupContext,
68	authenticatedData: Uint8Array,
69	proposal: Proposal,
70	sender: SenderNonMember,
71	cs: CiphersuiteImpl,
72	): Promise<ProtectProposalPublicResult> {
73	const framedContent: FramedContent = {	38✔
74	groupId: groupContext.groupId,
75	epoch: groupContext.epoch,
76	sender,
77	contentType: "proposal",
78	authenticatedData,
79	proposal,
80	}
81
82	const tbs = {	38✔
83	protocolVersion: groupContext.version,
84	wireformat: "mls_public_message",
85	content: framedContent,
86	senderType: sender.senderType,
87	context: groupContext,
88	} as const
89
90	const auth = await signFramedContentApplicationOrProposal(signKey, tbs, cs)	38✔
91
92	const msg: ExternalPublicMessage = {	38✔
93	content: framedContent,
94	auth,
95	senderType: sender.senderType,
96	}
97
98	return { publicMessage: msg }	38✔
99	}
100
101	export async function protectPublicMessage(
102	membershipKey: Uint8Array,
103	groupContext: GroupContext,
104	content: AuthenticatedContent,
105	cs: CiphersuiteImpl,
106	): Promise<PublicMessage> {
107	if (content.content.contentType === "application") throw new UsageError("Can't make an application message public")	173✔
108
109	if (content.content.sender.senderType == "member") {	166✔
110	const authenticatedContent: AuthenticatedContentTBM = {	128✔
111	contentTbs: toTbs(content.content, "mls_public_message", groupContext),
112	auth: content.auth,
113	}
114
115	const tag = await createMembershipTag(membershipKey, authenticatedContent, cs.hash)	128✔
116	return {	128✔
117	content: content.content,
118	auth: content.auth,
119	senderType: "member",
120	membershipTag: tag,
121	}
122	}
123
124	return {	38✔
125	content: content.content,
126	auth: content.auth,
127	senderType: content.content.sender.senderType,
128	}
129	}
130
131	export interface ProtectCommitPublicResult {
132	publicMessage: PublicMessage
133	}
134
135	export async function unprotectPublicMessage(
136	membershipKey: Uint8Array,
137	groupContext: GroupContext,
138	ratchetTree: RatchetTree,
139	msg: PublicMessage,
140	cs: CiphersuiteImpl,
141	overrideSignatureKey?: Uint8Array,
142	): Promise<AuthenticatedContentProposalOrCommit> {
143	if (msg.content.contentType === "application") throw new UsageError("Can't make an application message public")	2,302✔
144
145	if (msg.senderType === "member") {	2,302✔
146	const authenticatedContent: AuthenticatedContentTBM = {	2,150✔
147	contentTbs: toTbs(msg.content, "mls_public_message", groupContext),
148	auth: msg.auth,
149	}
150
151	if (!(await verifyMembershipTag(membershipKey, authenticatedContent, msg.membershipTag, cs.hash)))	2,150✔
152	throw new CryptoVerificationError("Could not verify membership")	×
153	}
154
155	const signaturePublicKey =
156	overrideSignatureKey !== undefined	2,302✔
157	? overrideSignatureKey
158	: findSignaturePublicKey(ratchetTree, groupContext, msg.content)
159
160	const signatureValid = await verifyFramedContentSignature(	2,302✔
161	signaturePublicKey,
162	"mls_public_message",
163	msg.content,
164	msg.auth,
165	groupContext,
166	cs.signature,
167	)
168
169	if (!signatureValid) throw new CryptoVerificationError("Signature invalid")	2,302✔
170
171	return {	2,302✔
172	wireformat: "mls_public_message",
173	content: msg.content,
174	auth: msg.auth,
175	}
176	}

LukaJCB / ts-mls / 20887934276

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous