UNPKG

ts-mls

Version:

[![CI](https://github.com/LukaJCB/ts-mls/actions/workflows/ci.yml/badge.svg)](https://github.com/LukaJCB/ts-mls/actions/workflows/ci.yml) [![npm version](https://badge.fury.io/js/ts-mls.svg)](https://badge.fury.io/js/ts-mls) [![Coverage Status](https://co

github.com/LukaJCB/ts-mls

LukaJCB/ts-mls

48 lines 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import { getCiphersuiteFromId, getCiphersuiteImpl, getCiphersuiteNameFromId, } from "../../src/crypto/ciphersuite"; import { encodeGroupContext } from "../../src/groupContext"; import { hexToBytes } from "@noble/ciphers/utils"; import json from "../../test_vectors/key-schedule.json"; import { initializeEpoch, mlsExporter } from "../../src/keySchedule"; for (const [index, x] of json.entries()) { test(`key-schedule test vectors ${index}`, async () => { const cipherSuite = x.cipher_suite; const impl = await getCiphersuiteImpl(getCiphersuiteFromId(cipherSuite)); await testKeySchedule(x.group_id, x.initial_init_secret, x.epochs, cipherSuite, impl); }); } async function testKeySchedule(group_id, initial_init_secret, epochs, cipher_suite, impl) { await epochs.reduce(async (prevInitSecret, epoch, index) => { const initSecret = await prevInitSecret; const gc = { version: "mls10", cipherSuite: getCiphersuiteNameFromId(cipher_suite), groupId: hexToBytes(group_id), epoch: BigInt(index), treeHash: hexToBytes(epoch.tree_hash), confirmedTranscriptHash: hexToBytes(epoch.confirmed_transcript_hash), extensions: [], }; // Verify that group context matches the provided group_context value expect(encodeGroupContext(gc)).toStrictEqual(hexToBytes(epoch.group_context)); const { keySchedule, joinerSecret, welcomeSecret } = await initializeEpoch(initSecret, hexToBytes(epoch.commit_secret), gc, hexToBytes(epoch.psk_secret), impl.kdf); expect(joinerSecret).toStrictEqual(hexToBytes(epoch.joiner_secret)); expect(welcomeSecret).toStrictEqual(hexToBytes(epoch.welcome_secret)); expect(keySchedule.initSecret).toStrictEqual(hexToBytes(epoch.init_secret)); expect(keySchedule.senderDataSecret).toStrictEqual(hexToBytes(epoch.sender_data_secret)); expect(keySchedule.encryptionSecret).toStrictEqual(hexToBytes(epoch.encryption_secret)); expect(keySchedule.exporterSecret).toStrictEqual(hexToBytes(epoch.exporter_secret)); expect(keySchedule.externalSecret).toStrictEqual(hexToBytes(epoch.external_secret)); expect(keySchedule.confirmationKey).toStrictEqual(hexToBytes(epoch.confirmation_key)); expect(keySchedule.membershipKey).toStrictEqual(hexToBytes(epoch.membership_key)); expect(keySchedule.resumptionPsk).toStrictEqual(hexToBytes(epoch.resumption_psk)); expect(keySchedule.epochAuthenticator).toStrictEqual(hexToBytes(epoch.epoch_authenticator)); //Verify the external_pub is the public key output from KEM.DeriveKeyPair(external_secret) const { publicKey } = await impl.hpke.deriveKeyPair(hexToBytes(epoch.external_secret)); expect(await impl.hpke.exportPublicKey(publicKey)).toStrictEqual(hexToBytes(epoch.external_pub)); //Verify the exporter.secret is the value output from MLS-Exporter(exporter.label, exporter.context, exporter.length) const exporter = await mlsExporter(keySchedule.exporterSecret, epoch.exporter.label, hexToBytes(epoch.exporter.context), epoch.exporter.length, impl); expect(exporter).toStrictEqual(hexToBytes(epoch.exporter.secret)); return keySchedule.initSecret; }, Promise.resolve(hexToBytes(initial_init_secret))); } //# sourceMappingURL=keySchedule.test.js.map