diff --git a/mls-rs/src/group/mod.rs b/mls-rs/src/group/mod.rs index 2c03f4a3..396243d4 100644 --- a/mls-rs/src/group/mod.rs +++ b/mls-rs/src/group/mod.rs @@ -620,6 +620,7 @@ where let hpke_ciphertext = self .cipher_suite_provider .hpke_seal(member_public_key, context_info, associated_data, plaintext) + .await .map_err(|e| MlsError::CryptoProviderError(e.into_any_error()))?; Ok(hpke_ciphertext) } @@ -630,8 +631,12 @@ where /// Returns `ciphertext` and `kem_output` inside `HpkeCiphertext`. /// /// WARNING: The message sender is not authenticated. - #[cfg(feature = "non_domain_separated_hpke_encrypt_decrypt")] - #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] + #[cfg(all(feature = "non_domain_separated_hpke_encrypt_decrypt", feature = "ffi"))] + #[cfg_attr( + not(mls_build_async), + maybe_async::must_be_sync, + safer_ffi_gen::safer_ffi_gen_ignore + )] pub async fn hpke_encrypt_to_recipient( &self, recipient_index: u32, @@ -694,6 +699,7 @@ where context_info, associated_data, ) + .await .map_err(|e| MlsError::CryptoProviderError(e.into_any_error()))?; Ok(plaintext) } @@ -704,8 +710,13 @@ where /// current member. /// /// WARNING: The message sender is not authenticated. - #[cfg(feature = "non_domain_separated_hpke_encrypt_decrypt")] - #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] + #[cfg(all(feature = "non_domain_separated_hpke_encrypt_decrypt", feature = "ffi"))] + #[cfg_attr( + not(mls_build_async), + // all(feature = "ffi", not(test)), + maybe_async::must_be_sync, + safer_ffi_gen::safer_ffi_gen_ignore + )] pub async fn hpke_decrypt_for_current_member( &self, context_info: &[u8], @@ -2461,9 +2472,11 @@ mod tests { let hpke_ciphertext = bob_group .hpke_encrypt_to_recipient(receiver_index, &context_info, None, plaintext) + .await .unwrap(); let hpke_decrypted = alice_group .hpke_decrypt_for_current_member(&context_info, None, hpke_ciphertext) + .await .unwrap(); assert_eq!(plaintext.to_vec(), hpke_decrypted); @@ -2491,6 +2504,7 @@ mod tests { None, plaintext, ) + .await .unwrap(); let hpke_decrypted = alice_group .safe_decrypt_with_context_for_current_member( @@ -2499,6 +2513,7 @@ mod tests { None, hpke_ciphertext, ) + .await .unwrap(); assert_eq!(plaintext.to_vec(), hpke_decrypted); @@ -2525,11 +2540,13 @@ mod tests { let hpke_ciphertext = bob .hpke_encrypt_to_recipient(receiver_index, &context_info, None, plaintext) + .await .unwrap(); // different recipient tries to decrypt - let hpke_decrypted = - carol.hpke_decrypt_for_current_member(&context_info, None, hpke_ciphertext); + let hpke_decrypted = carol + .hpke_decrypt_for_current_member(&context_info, None, hpke_ciphertext) + .await; // should fail because carol can't decrypt the message encrypted for alice assert_matches!(hpke_decrypted, Err(MlsError::CryptoProviderError(_))); @@ -2562,15 +2579,18 @@ mod tests { None, plaintext, ) + .await .unwrap(); // different recipient tries to decrypt - let hpke_decrypted = carol.safe_decrypt_with_context_for_current_member( - component_id, - &context_info, - None, - hpke_ciphertext, - ); + let hpke_decrypted = carol + .safe_decrypt_with_context_for_current_member( + component_id, + &context_info, + None, + hpke_ciphertext, + ) + .await; // should fail because carol can't decrypt the message encrypted for alice assert_matches!(hpke_decrypted, Err(MlsError::CryptoProviderError(_))); @@ -2599,6 +2619,7 @@ mod tests { Some(&associated_data), plaintext, ) + .await .unwrap(); // add carol to the group @@ -2608,6 +2629,7 @@ mod tests { // make sure alice can still decrypt let hpke_decrypted = alice .hpke_decrypt_for_current_member(&context_info, Some(&associated_data), hpke_ciphertext) + .await .unwrap(); assert_eq!(plaintext.to_vec(), hpke_decrypted); } @@ -2636,6 +2658,7 @@ mod tests { Some(&associated_data), plaintext, ) + .await .unwrap(); // add carol to the group @@ -2650,6 +2673,7 @@ mod tests { Some(&associated_data), hpke_ciphertext, ) + .await .unwrap(); assert_eq!(plaintext.to_vec(), hpke_decrypted); }