// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // Copyright by contributors to this project. // SPDX-License-Identifier: (Apache-2.0 OR MIT)
#[derive(Debug)] #[cfg_attr(feature = "std", derive(thiserror::Error))] pubenum HpkeError { #[cfg_attr(feature = "std", error(transparent))]
KemError(AnyError), #[cfg_attr(feature = "std", error(transparent))]
KdfError(AnyError), #[cfg_attr(feature = "std", error(transparent))]
AeadError(AnyError), /// An invalid PSK was supplied. A PSK MUST have 32 bytes of entropy #[cfg_attr(feature = "std", error("PSK must be at least 32 bytes in length"))]
InsufficientPskLength, /// An AEAD nonce of incorrect length was supplied. #[cfg_attr(
feature = "std",
error("AEAD nonce of length {0} does not match the expected length {1}")
)]
IncorrectNonceLen(usize, usize), /// An AEAD key of incorrect length was supplied. #[cfg_attr(
feature = "std",
error("AEAD key of length {0} does not match the expected length {1}")
)]
IncorrectKeyLen(usize, usize), #[cfg_attr(
feature = "std",
error("Encryption API disabled due to export only AeadId")
)]
ExportOnlyMode, /// Max sequence number exceeded, currently allowed up to MAX u64 #[cfg_attr(feature = "std", error("Sequence number overflow"))]
SequenceNumberOverflow,
}
/// Based on RFC 9180 Single-Shot APIs. This function combines the action /// of the [setup_sender](Hpke::setup_sender) and then calling [seal](ContextS::seal) /// on the resulting [ContextS](self::ContextS). #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] pubasyncfn seal(
&self,
remote_key: &HpkePublicKey,
info: &[u8],
psk: Option<Psk<'_>>,
aad: Option<&[u8]>,
pt: &[u8],
) -> Result<HpkeCiphertext, HpkeError> { let (kem_output, mut ctx) = self.setup_sender(remote_key, info, psk).await?;
/// Generate an HPKE context using the base setup mode. This function returns a tuple /// containing the `enc` value that can be used as the input to /// [setup_receiver](Hpke::setup_receiver), as well as the [ContextS](self::ContextS) /// that can be used to generate AEAD ciphertexts. Note that for ECDH based kem /// functions, `remote_key` is expected to be in uncompressed public key format. #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] pubasyncfn setup_sender(
&self,
remote_key: &HpkePublicKey,
info: &[u8],
psk: Option<Psk<'_>>,
) -> Result<(Vec<u8>, ContextS<KDF, AEAD>), HpkeError> { let mode = self.base_mode(&psk);
let kem_res = self
.kem
.encap(remote_key)
.await
.map_err(|e| HpkeError::KemError(e.into_any_error()))?;
let ctx = self
.key_schedule(mode, kem_res.shared_secret(), info, psk)
.await?;
Ok((kem_res.enc().to_owned(), ContextS(ctx)))
}
/// Set up an HPKE context by receiving an `enc` value from the output of /// [setup_sender](Hpke::setup_sender) as well as your `local_secret` key based on /// the KEM type being used. This function returns an HPKE context that can be used for AEAD /// decryption. Note that for ECDH based kem functions, `local_secret` /// is expected to be in raw byte key format. #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] pubasyncfn setup_receiver(
&self,
enc: &[u8],
local_secret: &HpkeSecretKey,
local_public: &HpkePublicKey,
info: &[u8],
psk: Option<Psk<'_>>,
) -> Result<ContextR<KDF, AEAD>, HpkeError> { let mode = self.base_mode(&psk);
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.