Add an "exhaustive" deserialization method #267
Description
Description of feature:
mls_rs_codec::MlsDecode::mls_decode decodes the prefix of supplied bytes, but ignores any superfluous bytes. Ideally, there would be another method, e.g. mls_decode_exhaustive, which checks that all the bytes from the supplied slice were used in deserialization.
See this reproduction of the problem:
#[test]
fn reproduction_test() {
use mls_rs::identity::basic::BasicIdentityProvider;
use mls_rs::{Client, MlsMessage};
use mls_rs_codec::MlsEncode;
use mls_rs_core::crypto::{CipherSuite, CipherSuiteProvider, CryptoProvider};
use mls_rs_core::extension::ExtensionList;
use mls_rs_core::identity::{BasicCredential, SigningIdentity};
use mls_rs_crypto_rustcrypto::RustCryptoProvider;
let cipher_suite = CipherSuite::CURVE25519_AES128;
let crypto_provider = RustCryptoProvider::default();
let cipher_suite_provider = crypto_provider.cipher_suite_provider(cipher_suite).unwrap();
let (signature_secret_key, signature_public_key) =
cipher_suite_provider.signature_key_generate().unwrap();
let signing_identity = SigningIdentity::new(
BasicCredential::new(b"signing_identity".to_vec()).into_credential(),
signature_public_key,
);
let client = Client::builder()
.crypto_provider(crypto_provider)
.identity_provider(BasicIdentityProvider::default())
.signing_identity(signing_identity, signature_secret_key, cipher_suite)
.build();
let key_package_message = client
.generate_key_package_message(ExtensionList::default(), ExtensionList::default())
.unwrap();
let encoded_message_bytes = key_package_message.mls_encode_to_vec().unwrap();
let mut modified_encoded_message_bytes = encoded_message_bytes.clone();
modified_encoded_message_bytes.extend(b"foobar");
assert_ne!(encoded_message_bytes, modified_encoded_message_bytes);
assert_eq!(
MlsMessage::from_bytes(&encoded_message_bytes).unwrap(),
key_package_message
);
assert_eq!(
MlsMessage::from_bytes(&modified_encoded_message_bytes).unwrap(),
key_package_message
);
}Use case:
Our application deserializes payloads encoded with mls_rs_codec::MlsEncode. We prefer to have strict validation, in which unexpected bytes get rejected. The described behavior has already led once to an error being missed when a vector of bytes intented to be deserialized to one data type, correctly deserialized to a shorter data type.
Implementation discussion (Optional)
We have implemented a workaround where we check that mls_rs_codec::MlsSize of the decoded value equals the length of the input. However, it would be more performant if there was a method similar to mls_rs_codec::MlsDecode::mls_decode, that would return an error if the input slice was not fully read.