fix thread id calculation

Signed-off-by: Marc Schoolderman <[email protected]>
openwallet-foundation-labs · Jul 23, 2024 · f8c3496 · f8c3496
1 parent b1e6147
commit f8c3496
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 17 deletions.
diff --git a/examples/src/server.rs b/examples/src/server.rs
@@ -400,7 +400,7 @@ async fn websocket(stream: WebSocket, state: Arc<AppState>) {
 
             // if the sender is verified, decrypt the message
             let result = if let Some(sender_vid) = incoming_senders_read.get(&sender_id) {
-                let Ok((_, payload, _)) =
+                let Ok((_, payload)) =
                     tsp::crypto::open(receiver_vid, sender_vid, &mut encrypted_message)
                 else {
                     continue;

diff --git a/tsp/src/crypto/mod.rs b/tsp/src/crypto/mod.rs
@@ -84,7 +84,6 @@ pub fn seal_and_hash(
 pub type MessageContents<'a> = (
     Option<NonConfidentialData<'a>>,
     Payload<'a, &'a [u8], &'a mut [u8]>,
-    &'a [u8],
 );
 
 /// Decode a CESR Authentic Confidential Message, verify the signature and decrypt its contents
@@ -201,7 +200,7 @@ mod tests {
         )
         .unwrap();
 
-        let (received_nonconfidential_data, received_secret_message, _) =
+        let (received_nonconfidential_data, received_secret_message) =
             open(&alice, &bob, &mut message).unwrap();
 
         assert_eq!(received_nonconfidential_data.unwrap(), nonconfidential_data);

diff --git a/tsp/src/crypto/tsp_hpke.rs b/tsp/src/crypto/tsp_hpke.rs
@@ -47,14 +47,17 @@ where
 
     let secret_payload = match secret_payload {
         Payload::Content(data) => crate::cesr::Payload::GenericMessage(data),
-        Payload::RequestRelationship { route } => crate::cesr::Payload::DirectRelationProposal {
+        Payload::RequestRelationship {
+            route,
+            thread_id: _,
+        } => crate::cesr::Payload::DirectRelationProposal {
             nonce: fresh_nonce(&mut csprng),
             hops: route.unwrap_or_else(Vec::new),
         },
         Payload::AcceptRelationship { ref thread_id } => {
             crate::cesr::Payload::DirectRelationAffirm { reply: thread_id }
         }
-        Payload::RequestNestedRelationship { vid } => {
+        Payload::RequestNestedRelationship { vid, thread_id: _ } => {
             crate::cesr::Payload::NestedRelationProposal {
                 nonce: fresh_nonce(&mut csprng),
                 new_vid: vid,
@@ -210,6 +213,14 @@ where
         &tag,
     )?;
 
+    // micro-optimization: only compute the thread_id digest if we really need it; we cannot do this
+    // later since after constructing the resulting Payload, we are giving out mutable borrows
+    let thread_id = match crate::cesr::decode_payload(ciphertext)?.payload {
+        crate::cesr::Payload::DirectRelationProposal { .. }
+        | crate::cesr::Payload::NestedRelationProposal { .. } => crate::crypto::sha256(ciphertext),
+        _ => Default::default(),
+    };
+
     #[allow(unused_variables)]
     let DecodedPayload {
         payload,
@@ -230,12 +241,16 @@ where
         crate::cesr::Payload::GenericMessage(data) => Payload::Content(data as _),
         crate::cesr::Payload::DirectRelationProposal { hops, .. } => Payload::RequestRelationship {
             route: if hops.is_empty() { None } else { Some(hops) },
+            thread_id,
         },
         crate::cesr::Payload::DirectRelationAffirm { reply: &thread_id } => {
             Payload::AcceptRelationship { thread_id }
         }
         crate::cesr::Payload::NestedRelationProposal { new_vid, .. } => {
-            Payload::RequestNestedRelationship { vid: new_vid }
+            Payload::RequestNestedRelationship {
+                vid: new_vid,
+                thread_id,
+            }
         }
         crate::cesr::Payload::NestedRelationAffirm {
             new_vid,
@@ -260,10 +275,7 @@ where
         }
     };
 
-    // TODO: we cannot lend access to the raw bytes of the ciphertext, since they are mutably shared now;
-    // see issue #9 for changes to the THREAD_ID digest
-    let ciphertext = &[];
-    Ok((envelope.nonconfidential_data, secret_payload, ciphertext))
+    Ok((envelope.nonconfidential_data, secret_payload))
 }
 
 /// Generate N random bytes using the provided RNG

diff --git a/tsp/src/definitions/mod.rs b/tsp/src/definitions/mod.rs
@@ -119,12 +119,14 @@ pub enum Payload<'a, Bytes: AsRef<[u8]>, MaybeMutBytes: AsRef<[u8]> = Bytes> {
     },
     RequestRelationship {
         route: Option<Vec<VidData<'a>>>,
+        thread_id: Digest,
     },
     AcceptRelationship {
         thread_id: Digest,
     },
     RequestNestedRelationship {
         vid: VidData<'a>,
+        thread_id: Digest,
     },
     AcceptNestedRelationship {
         thread_id: Digest,

diff --git a/tsp/src/store.rs b/tsp/src/store.rs
@@ -440,7 +440,7 @@ impl Store {
             return Err(CryptoError::UnexpectedRecipient.into());
         };
 
-        let (_, payload, _) = crate::crypto::open(&*receiver, &*sender, message)?;
+        let (_, payload) = crate::crypto::open(&*receiver, &*sender, message)?;
 
         let (next_hop, path, inner_message) = match payload {
             Payload::RoutedMessage(hops, inner_message) => {
@@ -535,7 +535,7 @@ impl Store {
                     return Err(Error::UnverifiedSource(sender));
                 };
 
-                let (nonconfidential_data, payload, raw_bytes) =
+                let (nonconfidential_data, payload) =
                     crate::crypto::open(&*intended_receiver, &*sender_vid, message)?;
 
                 match payload {
@@ -567,11 +567,11 @@ impl Store {
                             opaque_payload: message.to_owned(),
                         })
                     }
-                    Payload::RequestRelationship { route } => {
+                    Payload::RequestRelationship { route, thread_id } => {
                         Ok(ReceivedTspMessage::RequestRelationship {
                             sender,
                             route: route.map(|vec| vec.iter().map(|vid| vid.to_vec()).collect()),
-                            thread_id: crate::crypto::sha256(raw_bytes),
+                            thread_id,
                             nested_vid: None,
                         })
                     }
@@ -608,15 +608,15 @@ impl Store {
 
                         Ok(ReceivedTspMessage::CancelRelationship { sender })
                     }
-                    Payload::RequestNestedRelationship { vid } => {
+                    Payload::RequestNestedRelationship { vid, thread_id } => {
                         let vid = std::str::from_utf8(vid)?;
                         self.add_nested_vid(vid)?;
                         self.set_parent_for_vid(vid, Some(&sender))?;
 
                         Ok(ReceivedTspMessage::RequestRelationship {
                             sender,
                             route: None,
-                            thread_id: crate::crypto::sha256(raw_bytes),
+                            thread_id,
                             nested_vid: Some(vid.to_string()),
                         })
                     }
@@ -708,7 +708,10 @@ impl Store {
             &*sender,
             &*receiver,
             None,
-            Payload::RequestRelationship { route },
+            Payload::RequestRelationship {
+                route,
+                thread_id: Default::default(),
+            },
         )?;
 
         let (transport, tsp_message) = if let Some(hop_list) = path {
@@ -806,6 +809,7 @@ impl Store {
             None,
             Payload::RequestNestedRelationship {
                 vid: nested_vid.vid().as_ref(),
+                thread_id: Default::default(),
             },
         )?;