Trait Hpke 

pub trait Hpke:
    Debug
    + Send
    + Sync {
    // Required methods
    fn seal(
        &self,
        info: &[u8],
        aad: &[u8],
        plaintext: &[u8],
        pub_key: &HpkePublicKey,
    ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>;
    fn setup_sealer(
        &self,
        info: &[u8],
        pub_key: &HpkePublicKey,
    ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>;
    fn open(
        &self,
        enc: &EncapsulatedSecret,
        info: &[u8],
        aad: &[u8],
        ciphertext: &[u8],
        secret_key: &HpkePrivateKey,
    ) -> Result<Vec<u8>, Error>;
    fn setup_opener(
        &self,
        enc: &EncapsulatedSecret,
        info: &[u8],
        secret_key: &HpkePrivateKey,
    ) -> Result<Box<dyn HpkeOpener + 'static>, Error>;
    fn generate_key_pair(
        &self,
    ) -> Result<(HpkePublicKey, HpkePrivateKey), Error>;
    fn suite(&self) -> HpkeSuite;

    // Provided method
    fn fips(&self) -> bool { ... }
}

An HPKE instance that can be used for base-mode single-shot encryption and decryption.

Required Methods

fn seal( &self, info: &[u8], aad: &[u8], plaintext: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>

Seal the provided plaintext to the recipient public key pub_key with application supplied info, and additional data aad.

Returns ciphertext that can be used with Self::open by the recipient to recover plaintext using the same info and aad and the private key corresponding to pub_key. RFC 9180 refers to pub_key as pkR.

fn setup_sealer( &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>

Set up a sealer context for the receiver public key pub_key with application supplied info.

Returns both an encapsulated ciphertext and a sealer context that can be used to seal messages to the recipient. RFC 9180 refers to pub_key as pkR.

fn open( &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], ciphertext: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Vec<u8>, Error>

Open the provided ciphertext using the encapsulated secret enc, with application supplied info, and additional data aad.

Returns plaintext if the info and aad match those used with Self::seal, and decryption with secret_key succeeds. RFC 9180 refers to secret_key as skR.

fn setup_opener( &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Box<dyn HpkeOpener + 'static>, Error>

Set up an opener context for the secret key secret_key with application supplied info.

Returns an opener context that can be used to open sealed messages encrypted to the public key corresponding to secret_key. RFC 9180 refers to secret_key as skR.

fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>

Generate a new public key and private key pair compatible with this HPKE instance.

Key pairs should be encoded as raw big endian fixed length integers sized based on the suite’s DH KEM algorithm.

fn suite(&self) -> HpkeSuite

Return the HpkeSuite that this HPKE instance supports.

Provided Methods

fn fips(&self) -> bool

Return whether the HPKE instance is FIPS compatible.

Implementors

impl<const KEY_SIZE: usize, const KDF_SIZE: usize> Hpke for HpkeAwsLcRs<KEY_SIZE, KDF_SIZE>

Available on crate feature aws-lc-rs only.