The validity of a LeafNode needs to be verified at the following stages:
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0101 ¶ | Unknown | Verify that the credential in the LeafNode is valid, as described in Section 5.3.1. | notes:
no refs to code. no refs to tests. |
| valn0102 ¶ | Partial | Verify that the signature on the LeafNode is valid using signature_key. | notes:
code refs: no refs to tests. |
| valn0103 ¶ | Partial | Verify that the LeafNode is compatible with the group's parameters. If the GroupContext has a required_capabilities extension, then the required extensions, proposals, and credential types MUST be listed in the LeafNode's capabilities field. | notes:
no refs to code. test refs: |
| valn0104 ¶ | Partial | Verify that the credential type is supported by all members of the group, as specified by the capabilities field of each member's LeafNode, and that the capabilities field of this LeafNode indicates support for all the credential types currently in use by other members. | notes:
code refs: no refs to tests. |
| valn0105 ¶ | Partial | Verify the `lifetime` field: If the LeafNode appears in a message being sent by the client, e.g., a Proposal or a Commit, then the client MUST verify that the current time is within the range of the lifetime field. | notes:
code refs: no refs to tests. |
| valn0106 ¶ | Missing | Verify the `lifetime` field: If instead the LeafNode appears in a message being received by the client, e.g., a Proposal, a Commit, or a ratchet tree of the group the client is joining, it is RECOMMENDED that the client verifies that the current time is within the range of the lifetime field. (This check is not mandatory because the LeafNode might have expired in the time between when the message was sent and when it was received.) | no notes. no refs to code. no refs to tests. |
| valn0107 ¶ | Partial | Verify that the extensions in the LeafNode are supported by checking that the ID for each extension in the extensions field is listed in the capabilities.extensions field of the LeafNode. | notes:
code refs: no refs to tests. |
| valn0108 ¶ | Partial | Verify the `leaf_node_source` field: If the LeafNode appears in a KeyPackage, verify that leaf_node_source is set to key_package. | notes:
code refs: no refs to tests. |
| valn0109 ¶ | Partial | Verify the `leaf_node_source` field: If the LeafNode appears in an Update proposal, verify that leaf_node_source is set to update and that encryption_key represents a different public key than the encryption_key in the leaf node being replaced by the Update proposal. | notes:
code refs: no refs to tests. |
| valn0110 ¶ | Partial | Verify the `leaf_node_source` field: If the LeafNode appears in the leaf_node value of the UpdatePath in a Commit, verify that leaf_node_source is set to commit. | notes:
code refs: no refs to tests. |
| valn0111 ¶ | Partial | Verify that the following fields are unique among the members of the group: `signature_key` | notes:
code refs: no refs to tests. |
| valn0112 ¶ | Partial | Verify that the following fields are unique among the members of the group: `encryption_key` | notes:
code refs: no refs to tests. |
The validity of a KeyPackage needs to be verified at a few stages:
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0201 ¶ | Complete | Verify that the cipher suite and protocol version of the KeyPackage match those in the GroupContext. | no notes. no refs to code. test refs: |
| valn0202 ¶ | Unknown | Verify that the leaf_node of the KeyPackage is valid for a KeyPackage according to Section 7.3. | notes:
no refs to code. no refs to tests. |
| valn0203 ¶ | Partial | Verify that the signature on the KeyPackage is valid using the public key in `leaf_node.credential`. | notes:
code refs: no refs to tests. |
| valn0204 ¶ | Partial | Verify that the value of `leaf_node.encryption_key` is different from the value of the `init_key` field. | notes:
code refs: no refs to tests. |
A group member creating a `Commit` and a group member processing a `Commit` MUST verify that the list of committed proposals is valid using one of the following procedures, depending on whether the `Commit` is external or not. If the list of proposals is invalid, then the Commit message MUST be rejected as invalid.
For a regular, i.e., not external, Commit, the list is invalid if any of the following occurs:
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0301 ¶ | Partial | It contains an individual proposal that is invalid as specified invalid Section 12.1. | notes:
code refs: no refs to tests. |
| valn0302 ¶ | Partial | It contains an Update proposal generated by the committer. | notes:
code refs: no refs to tests. |
| valn0303 ¶ | Partial | It contains a Remove proposal that removes the committer. | no notes. code refs: no refs to tests. |
| valn0304 ¶ | Missing | It contains multiple Update and/or Remove proposals that apply to the same leaf. If the committer has received multiple such proposals they SHOULD prefer any Remove received, or the most recent Update if there are no Removes. | notes:
no refs to code. no refs to tests. |
| valn0305 ¶ | Missing | It contains multiple Add proposals that contain KeyPackages that represent the same client according to the application (for example, identical signature keys). | notes:
no refs to code. no refs to tests. |
| valn0306 ¶ | Missing | It contains an Add proposal with a KeyPackage that represents a client already in the group according to the application, unless there is a Remove proposal in the list removing the matching client from the group. | notes:
no refs to code. no refs to tests. |
| valn0307 ¶ | Partial | It contains multiple PreSharedKey proposals that reference then same PreSharedKeyID. | no notes. code refs: no refs to tests. |
| valn0308 ¶ | Complete | It contains multiple GroupContextExtension proposals. | no notes. code refs: test refs: |
| valn0309 ¶ | Missing | It contains a ReInit proposal together with any other proposal. If the committer has received other proposals during the epoch, they SHOULD prefer them over the ReInit proposal, allowing the ReInit to be resent and applied in a subsequent epoch. | notes:
no refs to code. no refs to tests. |
| valn0310 ¶ | Missing | It contains an ExternalInit proposal. | notes:
no refs to code. no refs to tests. |
| valn0311 ¶ | Missing | It contains a Proposal with a non-default proposal type that is not supported by some members of the group that will process the Commit (i.e., members being added or removed by the Commit do not need to support the proposal type). | notes:
no refs to code. no refs to tests. |
| valn0312 ¶ | Missing | After processing the Commit the ratchet tree is invalid, in particular, if it contains any leaf node that is invalid according to Section 7.3. | no notes. no refs to code. no refs to tests. |
A group member creating a `Commit` and a group member processing a `Commit` MUST verify that the list of committed proposals is valid using one of the following procedures, depending on whether the `Commit` is external or not. If the list of proposals is invalid, then the Commit message MUST be rejected as invalid.
For an external Commit, the list is valid if it contains only the following proposals (not necessarily in this order):
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0401 ¶ | Unknown | Exactly one ExternalInit | no notes. no refs to code. no refs to tests. |
| valn0402 ¶ | Missing | At most one Remove proposal, with which the joiner removes an old version of themselves. If a Remove proposal is present, then the LeafNode in the path field of the external Commit MUST meet the same criteria as would the LeafNode in an Update for the removed leaf (see Section 12.1.2). In particular, the credential in the LeafNode MUST present a set of identifiers that is acceptable to the application for the removed participant. | notes:
no refs to code. no refs to tests. |
| valn0403 ¶ | Unknown | Zero or more PreSharedKey proposals | no notes. no refs to code. no refs to tests. |
| valn0404 ¶ | Unknown | No other proposals | no notes. no refs to code. no refs to tests. |
An Add proposal requests that a client with a specified KeyPackage be added to the group.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0501 ¶ | Partial | An Add proposal is invalid if the KeyPackage is invalid according to Section 10.1. | notes:
code refs: no refs to tests. |
An Update proposal is a similar mechanism to Add with the distinction that it replaces the sender's LeafNode in the tree instead of adding a new leaf to the tree.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0601 ¶ | Partial | An Update proposal is invalid if the LeafNode is invalid for an Update proposal according to Section 7.3. | notes:
code refs: no refs to tests. |
A Remove proposal requests that the member with the leaf index removed be removed from the group.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0701 ¶ | Partial | A Remove proposal is invalid if the removed field does not identify a non-blank leaf node. | notes:
code refs: no refs to tests. |
A PreSharedKey proposal can be used to request that a pre-shared key be injected into the key schedule in the process of advancing the epoch.
A PreSharedKey proposal is invalid if any of the following is true:
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0801 ¶ | Missing | The PreSharedKey proposal is not being processed as part of a reinitialization of the group (see Section 11.2), and the PreSharedKeyID has psktype set to resumption and usage set to reinit. | notes:
no refs to code. no refs to tests. |
| valn0802 ¶ | Missing | The PreSharedKey proposal is not being processed as part of a subgroup branching operation (see Section 11.3), and the PreSharedKeyID has psktype set to resumption and usage set to branch. | notes:
no refs to code. no refs to tests. |
| valn0803 ¶ | Partial | The psk_nonce is not of length KDF.Nh. | notes:
code refs: no refs to tests. |
A ReInit proposal represents a request to reinitialize the group with different parameters, for example, to increase the version number or to change the cipher suite. The reinitialization is done by creating a completely new group and shutting down the old one.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn0901 ¶ | Unknown | A ReInit proposal is invalid if the version field is less than the version for the current group. | notes:
no refs to code. no refs to tests. |
A GroupContextExtensions proposal is used to update the list of extensions in the GroupContext for the group.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn1001 ¶ | Partial | A GroupContextExtensions proposal is invalid if it includes a required_capabilities extension and some members of the group do not support some of the required capabilities (including those added in the same Commit, and excluding those removed). | notes:
code refs: test refs: |
As described in Section 12.4, each Commit message may optionally contain an UpdatePath, with a new LeafNode and set of parent nodes for the sender's filtered direct path. For each parent node, the UpdatePath contains a new public key and encrypted path secret. The parent nodes are kept in the same order as the filtered direct path.
| id | status | description | notes & code refs |
|---|---|---|---|
| valn1101 ¶ | Partial | For each UpdatePathNode, the resolution of the corresponding copath node MUST exclude all new leaf nodes added as part of the current Commit. The length of the encrypted_path_secret vector MUST be equal to the length of the resolution of the copath node (excluding new leaf nodes), with each ciphertext being the encryption to the respective resolution node. | notes:
code refs: no refs to tests. |
A member of the group applies a Commit message by taking the following steps:
| id | status | description | notes & code refs |
|---|---|---|---|
| valn1201 ¶ | Partial | Verify that the epoch field of the enclosing FramedContent is equal to the epoch field of the current GroupContext object. | notes:
code refs: no refs to tests. |
| valn1202 ¶ | Partial | Unprotect the Commit using the keys from the current epoch: If the message is encoded as PublicMessage, verify the membership MAC using the membership_key. | notes:
code refs:
no refs to tests. |
| valn1203 ¶ | Partial | Verify the signature on the FramedContent message as described in Section 6.1. | notes:
code refs:
no refs to tests. |
| valn1204 ¶ | Partial | Verify that the proposals vector is valid according to the rules in Section 12.2. | notes:
code refs:
no refs to tests. |
| valn1205 ¶ | Unknown | Verify that all PreSharedKey proposals in the proposals vector are available. | notes:
no refs to code. no refs to tests. |
| valn1206 ¶ | Partial | Verify that the path value is populated if the proposals vector contains any Update or Remove proposals, or if it's empty. Otherwise, the path value MAY be omitted. | notes:
code refs: no refs to tests. |
| valn1207 ¶ | Missing | If the path value is populated, validate it and apply it to the tree: Validate the LeafNode as specified in Section 7.3. The leaf_node_source field MUST be set to commit. | no notes. no refs to code. no refs to tests. |
| valn1208 ¶ | Missing | If the path value is populated, validate it and apply it to the tree: Verify that the encryption_key value in the LeafNode is different from the committer's current leaf node. | no notes. no refs to code. no refs to tests. |
| valn1209 ¶ | Partial | If the path value is populated, validate it and apply it to the tree: Verify that none of the public keys in the UpdatePath appear in any node of the new ratchet tree. | notes:
code refs: no refs to tests. |