pub trait Hpke: Debug + Send + Sync {
// Required methods
fn seal(
&self,
info: &[u8],
aad: &[u8],
plaintext: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Vec<u8>), Error>;
fn setup_sealer(
&self,
info: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>;
fn open(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
aad: &[u8],
ciphertext: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Vec<u8>, Error>;
fn setup_opener(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Box<dyn HpkeOpener + 'static>, Error>;
fn generate_key_pair(
&self,
) -> Result<(HpkePublicKey, HpkePrivateKey), Error>;
fn suite(&self) -> HpkeSuite;
// Provided method
fn fips(&self) -> bool { ... }
}
Expand description
An HPKE instance that can be used for base-mode single-shot encryption and decryption.
Required Methods§
sourcefn seal(
&self,
info: &[u8],
aad: &[u8],
plaintext: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Vec<u8>), Error>
fn seal( &self, info: &[u8], aad: &[u8], plaintext: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>
Seal the provided plaintext
to the recipient public key pub_key
with application supplied
info
, and additional data aad
.
Returns ciphertext that can be used with Self::open by the recipient to recover plaintext
using the same info
and aad
and the private key corresponding to pub_key
. RFC 9180
refers to pub_key
as pkR
.
sourcefn setup_sealer(
&self,
info: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>
fn setup_sealer( &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>
Set up a sealer context for the receiver public key pub_key
with application supplied info
.
Returns both an encapsulated ciphertext and a sealer context that can be used to seal
messages to the recipient. RFC 9180 refers to pub_key
as pkR
.
sourcefn open(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
aad: &[u8],
ciphertext: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Vec<u8>, Error>
fn open( &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], ciphertext: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Vec<u8>, Error>
Open the provided ciphertext
using the encapsulated secret enc
, with application
supplied info
, and additional data aad
.
Returns plaintext if the info
and aad
match those used with Self::seal, and
decryption with secret_key
succeeds. RFC 9180 refers to secret_key
as skR
.
sourcefn setup_opener(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Box<dyn HpkeOpener + 'static>, Error>
fn setup_opener( &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Box<dyn HpkeOpener + 'static>, Error>
Set up an opener context for the secret key secret_key
with application supplied info
.
Returns an opener context that can be used to open sealed messages encrypted to the
public key corresponding to secret_key
. RFC 9180 refers to secret_key
as skR
.
sourcefn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>
fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>
Generate a new public key and private key pair compatible with this HPKE instance.
Key pairs should be encoded as raw big endian fixed length integers sized based on the suite’s DH KEM algorithm.