Move cipher suite into signing data

mls-rs-core/src/identity.rs

@@ -19,10 +19,11 @@ pub use signing_identity::*;
 #[cfg(feature = "x509")]
 pub use x509::*;
 
-use crate::crypto::SignatureSecretKey;
+use crate::crypto::{CipherSuite, SignatureSecretKey};
 
 #[derive(Clone, Debug, MlsEncode, MlsSize, MlsDecode, PartialEq)]
 pub struct SigningData {
     pub signing_identity: SigningIdentity,
     pub signing_key: SignatureSecretKey,
+    pub cipher_suite: CipherSuite,
 }

mls-rs/src/client.rs

@@ -434,15 +434,15 @@ where
     #[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen_ignore)]
     pub fn key_package_builder(
         &self,
-        signing_data: Option<(CipherSuite, SigningData)>,
+        signing_data: Option<SigningData>,
     ) -> Result<
         KeyPackageBuilder<<C::CryptoProvider as CryptoProvider>::CipherSuiteProvider>,
         MlsError,
     > {
         // TODO create provider inside key package builder
-        let (cipher_suite, signing_data) = signing_data.unzip();
-
-        let cipher_suite = cipher_suite
+        let cipher_suite = signing_data
+            .as_ref()
+            .map(|data| data.cipher_suite)
             .or(self.signing_identity.as_ref().map(|(_, cs)| *cs))
             // TODO no error fits
             .ok_or(MlsError::CipherSuiteMismatch)?;

mls-rs/src/external_client/builder.rs

@@ -274,11 +274,13 @@ impl<C: IntoConfig> ExternalClientBuilder<C> {
         self,
         signer: SignatureSecretKey,
         signing_identity: SigningIdentity,
+        cipher_suite: CipherSuite,
     ) -> ExternalClientBuilder<IntoConfigOutput<C>> {
         let mut c = self.0.into_config();
         c.0.signing_data = Some(SigningData {
             signing_identity,
             signing_key: signer,
+            cipher_suite,
         });
         ExternalClientBuilder(c)
     }
@@ -559,7 +561,7 @@ mod private {
 }
 
 use mls_rs_core::{
-    crypto::SignatureSecretKey,
+    crypto::{CipherSuite, SignatureSecretKey},
     identity::{IdentityProvider, SigningData, SigningIdentity},
 };
 use private::{Config, ConfigInner, IntoConfig};

mls-rs/src/external_client/group.rs

@@ -436,6 +436,7 @@ impl<C: ExternalClientConfig + Clone> ExternalGroup<C> {
         let SigningData {
             signing_key,
             signing_identity,
+            ..
         } = self.signing_data.as_ref().ok_or(MlsError::SignerNotFound)?;
 
         let external_senders_ext = self
@@ -1234,6 +1235,7 @@ mod tests {
         server.signing_data = Some(SigningData {
             signing_key: server_key,
             signing_identity: server_identity,
+            cipher_suite: TEST_CIPHER_SUITE,
         });
 
         let charlie_key_package =
@@ -1257,6 +1259,7 @@ mod tests {
         server.signing_data = Some(SigningData {
             signing_key: server_key,
             signing_identity: server_identity,
+            cipher_suite: TEST_CIPHER_SUITE,
         });
 
         let external_proposal = server.propose_remove(1, vec![]).await.unwrap();
@@ -1273,6 +1276,7 @@ mod tests {
         server.signing_data = Some(SigningData {
             signing_key: secret_key,
             signing_identity: signing_id,
+            cipher_suite: TEST_CIPHER_SUITE,
         });
 
         let charlie_key_package =
@@ -1305,6 +1309,7 @@ mod tests {
         server.signing_data = Some(SigningData {
             signing_key: server_key,
             signing_identity: server_identity,
+            cipher_suite: TEST_CIPHER_SUITE,
         });
 
         let res = server.propose_remove(1, vec![]).await;

mls-rs/src/group/resumption.rs

@@ -173,7 +173,7 @@ impl<C: ClientConfig + Clone> ReinitClient<C> {
     #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
     pub fn key_package_builder(
         &self,
-        signing_data: Option<(CipherSuite, SigningData)>,
+        signing_data: Option<SigningData>,
     ) -> Result<
         KeyPackageBuilder<<C::CryptoProvider as CryptoProvider>::CipherSuiteProvider>,
         MlsError,

mls-rs/src/key_package/builder.rs

@@ -98,6 +98,7 @@ impl<CP: CipherSuiteProvider> KeyPackageBuilder<CP> {
         let SigningData {
             signing_identity,
             signing_key,
+            ..
         } = self.signing_data;
 
         let (init_secret_key, public_init) = self
@@ -185,10 +186,13 @@ impl<CP> KeyPackageBuilder<CP> {
             .signing_identity
             .clone()
             .zip(client.signer.clone())
-            .map(|((signing_identity, _), signing_key)| SigningData {
-                signing_identity,
-                signing_key,
-            })
+            .map(
+                |((signing_identity, cipher_suite), signing_key)| SigningData {
+                    signing_identity,
+                    signing_key,
+                    cipher_suite,
+                },
+            )
             .or(signing_data)
             .ok_or(MlsError::SignerNotFound)?;
 

mls-rs/test_harness_integration/src/by_ref_proposal.rs

@@ -413,9 +413,10 @@ pub(crate) mod external_proposal {
             request: Request<CreateExternalSignerRequest>,
         ) -> Result<Response<CreateExternalSignerResponse>, Status> {
             let request = request.into_inner();
+            let cipher_suite = (request.cipher_suite as u16).into();
 
             let cs = OpensslCryptoProvider::new()
-                .cipher_suite_provider((request.cipher_suite as u16).into())
+                .cipher_suite_provider(cipher_suite)
                 .ok_or_else(|| Status::aborted("ciphersuite not supported"))?;
 
             let (secret_key, public_key) = cs.signature_key_generate().map_err(abort)?;
@@ -429,7 +430,7 @@ pub(crate) mod external_proposal {
             let ext_client = ExternalClientBuilder::new()
                 .crypto_provider(OpensslCryptoProvider::default())
                 .identity_provider(BasicIdentityProvider::new())
-                .signer(secret_key, signing_identity)
+                .signer(secret_key, signing_identity, cipher_suite)
                 .build();
 
             let signer_id = *ext_clients.keys().max().unwrap_or(&0);