pub trait Hpke:
Debug
+ Send
+ Sync {
// Required methods
fn seal(
&self,
info: &[u8],
aad: &[u8],
plaintext: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Vec<u8>), Error>;
fn setup_sealer(
&self,
info: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>;
fn open(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
aad: &[u8],
ciphertext: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Vec<u8>, Error>;
fn setup_opener(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Box<dyn HpkeOpener + 'static>, Error>;
fn generate_key_pair(
&self,
) -> Result<(HpkePublicKey, HpkePrivateKey), Error>;
fn suite(&self) -> HpkeSuite;
// Provided method
fn fips(&self) -> bool { ... }
}Expand description
An HPKE instance that can be used for base-mode single-shot encryption and decryption.
Required Methods§
sourcefn seal(
&self,
info: &[u8],
aad: &[u8],
plaintext: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Vec<u8>), Error>
fn seal( &self, info: &[u8], aad: &[u8], plaintext: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec<u8>), Error>
Seal the provided plaintext to the recipient public key pub_key with application supplied
info, and additional data aad.
Returns ciphertext that can be used with Self::open by the recipient to recover plaintext
using the same info and aad and the private key corresponding to pub_key. RFC 9180
refers to pub_key as pkR.
sourcefn setup_sealer(
&self,
info: &[u8],
pub_key: &HpkePublicKey,
) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>
fn setup_sealer( &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error>
Set up a sealer context for the receiver public key pub_key with application supplied info.
Returns both an encapsulated ciphertext and a sealer context that can be used to seal
messages to the recipient. RFC 9180 refers to pub_key as pkR.
sourcefn open(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
aad: &[u8],
ciphertext: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Vec<u8>, Error>
fn open( &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], ciphertext: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Vec<u8>, Error>
Open the provided ciphertext using the encapsulated secret enc, with application
supplied info, and additional data aad.
Returns plaintext if the info and aad match those used with Self::seal, and
decryption with secret_key succeeds. RFC 9180 refers to secret_key as skR.
sourcefn setup_opener(
&self,
enc: &EncapsulatedSecret,
info: &[u8],
secret_key: &HpkePrivateKey,
) -> Result<Box<dyn HpkeOpener + 'static>, Error>
fn setup_opener( &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, ) -> Result<Box<dyn HpkeOpener + 'static>, Error>
Set up an opener context for the secret key secret_key with application supplied info.
Returns an opener context that can be used to open sealed messages encrypted to the
public key corresponding to secret_key. RFC 9180 refers to secret_key as skR.
sourcefn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>
fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>
Generate a new public key and private key pair compatible with this HPKE instance.
Key pairs should be encoded as raw big endian fixed length integers sized based on the suite’s DH KEM algorithm.