UNPKG

ts-mls

Version:

[![CI](https://github.com/LukaJCB/ts-mls/actions/workflows/ci.yml/badge.svg)](https://github.com/LukaJCB/ts-mls/actions/workflows/ci.yml) [![npm version](https://badge.fury.io/js/ts-mls.svg)](https://badge.fury.io/js/ts-mls) [![Coverage Status](https://co

github.com/LukaJCB/ts-mls

LukaJCB/ts-mls

103 lines 4.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import { mapDecoders } from "./codec/tlsDecoder.js"; import { contramapEncoders } from "./codec/tlsEncoder.js"; import { decodeVarLenData, encodeVarLenData } from "./codec/variableLength.js"; import { InternalError } from "./mlsError.js"; import { findFirstNonBlankAncestor, removeLeaves } from "./ratchetTree.js"; import { treeHash } from "./treeHash.js"; import { isLeaf, leafToNodeIndex, leafWidth, left, right, root, toLeafIndex, toNodeIndex, } from "./treemath.js"; import { constantTimeEqual } from "./util/constantTimeCompare.js"; export const encodeParentHashInput = contramapEncoders([encodeVarLenData, encodeVarLenData, encodeVarLenData], (i) => [i.encryptionKey, i.parentHash, i.originalSiblingTreeHash]); export const decodeParentHashInput = mapDecoders([decodeVarLenData, decodeVarLenData, decodeVarLenData], (encryptionKey, parentHash, originalSiblingTreeHash) => ({ encryptionKey, parentHash, originalSiblingTreeHash, })); function validateParentHashCoverage(parentIndices, coverage) { for (const index of parentIndices) { if ((coverage[index] ?? 0) !== 1) { return false; } } return true; } export async function verifyParentHashes(tree, h) { const parentNodes = tree.reduce((acc, cur, index) => { if (cur !== undefined && cur.nodeType === "parent") { return [...acc, index]; } else return acc; }, []); if (parentNodes.length === 0) return true; const coverage = await parentHashCoverage(tree, h); return validateParentHashCoverage(parentNodes, coverage); } /** * Traverse tree from bottom up, verifying that all non-blank parent nodes are covered by exactly one chain */ function parentHashCoverage(tree, h) { const leaves = tree.filter((_v, i) => isLeaf(toNodeIndex(i))); return leaves.reduce(async (acc, leafNode, leafIndex) => { if (leafNode === undefined) return acc; let currentIndex = leafToNodeIndex(toLeafIndex(leafIndex)); let updated = { ...(await acc) }; const rootIndex = root(leafWidth(tree.length)); while (currentIndex !== rootIndex) { const currentNode = tree[currentIndex]; // skip blank nodes if (currentNode === undefined) { continue; } // parentHashNodeIndex is the node index where the nearest non blank ancestor was const [parentHash, parentHashNodeIndex] = await calculateParentHash(tree, currentIndex, h); if (parentHashNodeIndex === undefined) { throw new InternalError("Reached root before completing parent hash coeverage"); } const expectedParentHash = getParentHash(currentNode); if (expectedParentHash !== undefined && constantTimeEqual(parentHash, expectedParentHash)) { const newCount = (updated[parentHashNodeIndex] ?? 0) + 1; updated = { ...updated, [parentHashNodeIndex]: newCount }; } else { // skip to next leaf break; } currentIndex = parentHashNodeIndex; } return updated; }, Promise.resolve({})); } function getParentHash(node) { if (node.nodeType === "parent") return node.parent.parentHash; else if (node.leaf.leafNodeSource === "commit") return node.leaf.parentHash; } /** * Calculcates parent hash for a given node or leaf and returns the node index of the parent or undefined if the given node is the root node. */ export async function calculateParentHash(tree, nodeIndex, h) { const rootIndex = root(leafWidth(tree.length)); if (nodeIndex === rootIndex) { return [new Uint8Array(), undefined]; } const parentNodeIndex = findFirstNonBlankAncestor(tree, nodeIndex); const parentNode = tree[parentNodeIndex]; if (parentNodeIndex === rootIndex && parentNode === undefined) { return [new Uint8Array(), parentNodeIndex]; } const siblingIndex = nodeIndex < parentNodeIndex ? right(parentNodeIndex) : left(parentNodeIndex); if (parentNode === undefined || parentNode.nodeType === "leaf") throw new InternalError("Expected non-blank parent Node"); const removedUnmerged = removeLeaves(tree, parentNode.parent.unmergedLeaves); const originalSiblingTreeHash = await treeHash(removedUnmerged, siblingIndex, h); const input = { encryptionKey: parentNode.parent.hpkePublicKey, parentHash: parentNode.parent.parentHash, originalSiblingTreeHash, }; return [await h.digest(encodeParentHashInput(input)), parentNodeIndex]; } //# sourceMappingURL=parentHash.js.map