Trait rustls::crypto::hpke::Hpke

source · 
pub trait Hpke: Debug + Send + Sync {
    // Required methods
    fn seal(
        &self,
        info: &[u8],
        aad: &[u8],
        plaintext: &[u8],
        pub_key: &HpkePublicKey,
    ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>;
    fn setup_sealer(
        &self,
        info: &[u8],
        pub_key: &HpkePublicKey,
    ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>;
    fn open(
        &self,
        enc: &EncapsulatedSecret,
        info: &[u8],
        aad: &[u8],
        ciphertext: &[u8],
        secret_key: &HpkePrivateKey,
    ) -> Result<Vec<u8>, Error>;
    fn setup_opener(
        &self,
        enc: &EncapsulatedSecret,
        info: &[u8],
        secret_key: &HpkePrivateKey,
    ) -> Result<Box<dyn HpkeOpener + 'static>, Error>;
    fn generate_key_pair(
        &self,
    ) -> Result<(HpkePublicKey, HpkePrivateKey), Error>;
    fn suite(&self) -> HpkeSuite;

    // Provided method
    fn fips(&self) -> bool { ... }
}
Expand description

An HPKE instance that can be used for base-mode single-shot encryption and decryption.

Required Methods§

source

fn seal( &self, info: &[u8], aad: &[u8], plaintext: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>

Seal the provided plaintext to the recipient public key pub_key with application supplied info, and additional data aad.

Returns ciphertext that can be used with Self::open by the recipient to recover plaintext using the same info and aad and the private key corresponding to pub_key. RFC 9180 refers to pub_key as pkR.

source

fn setup_sealer( &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>

Set up a sealer context for the receiver public key pub_key with application supplied info.

Returns both an encapsulated ciphertext and a sealer context that can be used to seal messages to the recipient. RFC 9180 refers to pub_key as pkR.

source

fn open( &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], ciphertext: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Vec<u8>, Error>

Open the provided ciphertext using the encapsulated secret enc, with application supplied info, and additional data aad.

Returns plaintext if the info and aad match those used with Self::seal, and decryption with secret_key succeeds. RFC 9180 refers to secret_key as skR.

source

fn setup_opener( &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Box<dyn HpkeOpener + 'static>, Error>

Set up an opener context for the secret key secret_key with application supplied info.

Returns an opener context that can be used to open sealed messages encrypted to the public key corresponding to secret_key. RFC 9180 refers to secret_key as skR.

source

fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>

Generate a new public key and private key pair compatible with this HPKE instance.

Key pairs should be encoded as raw big endian fixed length integers sized based on the suite’s DH KEM algorithm.

source

fn suite(&self) -> HpkeSuite

Return the HpkeSuite that this HPKE instance supports.

Provided Methods§

source

fn fips(&self) -> bool

Return whether the HPKE instance is FIPS compatible.

Implementors§

source§

impl<const KEY_SIZE: usize, const KDF_SIZE: usize> Hpke for HpkeAwsLcRs<KEY_SIZE, KDF_SIZE>

Available on crate feature aws_lc_rs only.