1 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 // Copyright by contributors to this project. 3 // SPDX-License-Identifier: (Apache-2.0 OR MIT) 4 5 use alloc::vec::Vec; 6 use zeroize::Zeroizing; 7 8 use crate::{crypto::CipherSuiteProvider, group::secret_tree::MessageKeyData}; 9 10 use super::reuse_guard::ReuseGuard; 11 12 #[derive(Debug, PartialEq, Eq)] 13 pub struct MessageKey(MessageKeyData); 14 15 impl MessageKey { new(key: MessageKeyData) -> MessageKey16 pub(crate) fn new(key: MessageKeyData) -> MessageKey { 17 MessageKey(key) 18 } 19 20 #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] encrypt<P: CipherSuiteProvider>( &self, provider: &P, data: &[u8], aad: &[u8], reuse_guard: &ReuseGuard, ) -> Result<Vec<u8>, P::Error>21 pub(crate) async fn encrypt<P: CipherSuiteProvider>( 22 &self, 23 provider: &P, 24 data: &[u8], 25 aad: &[u8], 26 reuse_guard: &ReuseGuard, 27 ) -> Result<Vec<u8>, P::Error> { 28 provider 29 .aead_seal( 30 &self.0.key, 31 data, 32 Some(aad), 33 &reuse_guard.apply(&self.0.nonce), 34 ) 35 .await 36 } 37 38 #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] decrypt<P: CipherSuiteProvider>( &self, provider: &P, data: &[u8], aad: &[u8], reuse_guard: &ReuseGuard, ) -> Result<Zeroizing<Vec<u8>>, P::Error>39 pub(crate) async fn decrypt<P: CipherSuiteProvider>( 40 &self, 41 provider: &P, 42 data: &[u8], 43 aad: &[u8], 44 reuse_guard: &ReuseGuard, 45 ) -> Result<Zeroizing<Vec<u8>>, P::Error> { 46 provider 47 .aead_open( 48 &self.0.key, 49 data, 50 Some(aad), 51 &reuse_guard.apply(&self.0.nonce), 52 ) 53 .await 54 } 55 } 56 57 // TODO: Write test vectors 58