Group API to encrypt/decrypt using the leaf-node HPKE keys (#248)

* Adding functionality for a group member to HPKE encrypt a message to another member * formatting * adding a flag "non_domain_separated_hpke_encrypt_decrypt" to gate out the non-domain-separated HPKE encrypt/decrypt for members of a group * implementing safe encrypt/decrypt with context * adding comments * refactoring into helper functionsto avoid duplicating logic * fixing componentoperation * fixing the async build, fixing nostd build, fixing `the trait `FfiType` is not implemented for `HpkeCiphertext`` * fixing various build errors * efficiency refactor of componentoperationlabel * update version number --------- Co-authored-by: Ellen Arteca <[email protected]>
awslabs · Feb 5, 2025 · 44cec5b · 44cec5b
1 parent 7087fc8
commit 44cec5b
Show file tree

Hide file tree

Showing 4 changed files with 404 additions and 1 deletion.
diff --git a/mls-rs-core/src/crypto.rs b/mls-rs-core/src/crypto.rs
@@ -21,6 +21,10 @@ pub mod test_suite;
 #[derive(Clone, PartialEq, Eq, MlsSize, MlsEncode, MlsDecode)]
 #[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
+#[cfg_attr(
+    all(feature = "ffi", not(test)),
+    safer_ffi_gen::ffi_type(clone, opaque)
+)]
 /// Ciphertext produced by [`CipherSuiteProvider::hpke_seal`]
 pub struct HpkeCiphertext {
     #[mls_codec(with = "mls_rs_codec::byte_vec")]

diff --git a/mls-rs/Cargo.toml b/mls-rs/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "mls-rs"
-version = "0.44.1"
+version = "0.44.2"
 edition = "2021"
 description = "An implementation of Messaging Layer Security (RFC 9420)"
 homepage = "https://github.com/awslabs/mls-rs"
@@ -30,6 +30,7 @@ out_of_order = ["private_message"]
 prior_epoch = []
 by_ref_proposal = []
 psk = []
+non_domain_separated_hpke_encrypt_decrypt = []
 x509 = ["mls-rs-core/x509", "dep:mls-rs-identity-x509"]
 rfc_compliant = ["private_message", "custom_proposal", "out_of_order", "psk", "x509", "prior_epoch", "by_ref_proposal", "mls-rs-core/rfc_compliant"]
 last_resort_key_package_ext = ["mls-rs-core/last_resort_key_package_ext"]

diff --git a/mls-rs/src/group/component_operation.rs b/mls-rs/src/group/component_operation.rs
@@ -0,0 +1,26 @@
+use crate::client::MlsError;
+use alloc::vec::Vec;
+use mls_rs_codec::{MlsEncode, MlsSize};
+
+pub type ComponentID = u32;
+
+#[derive(Clone, Debug, PartialEq, MlsSize, MlsEncode)]
+pub struct ComponentOperationLabel<'a> {
+    label: &'static [u8],
+    component_id: ComponentID,
+    context: &'a [u8],
+}
+
+impl<'a> ComponentOperationLabel<'a> {
+    pub fn new(component_id: u32, context: &'a [u8]) -> Self {
+        Self {
+            label: b"MLS 1.0 Application",
+            component_id,
+            context,
+        }
+    }
+
+    pub fn get_bytes(&self) -> Result<Vec<u8>, MlsError> {
+        self.mls_encode_to_vec().map_err(Into::into)
+    }
+}