hybrid/internal/hpke_context.h

*e7b1675dSTing-Kang Chang// Copyright 2022 Google LLC
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang//     http://www.apache.org/licenses/LICENSE-2.0
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
*e7b1675dSTing-Kang Chang// limitations under the License.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang///////////////////////////////////////////////////////////////////////////////
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#ifndef TINK_HYBRID_INTERNAL_HPKE_CONTEXT_H_
*e7b1675dSTing-Kang Chang#define TINK_HYBRID_INTERNAL_HPKE_CONTEXT_H_
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <stddef.h>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <memory>
*e7b1675dSTing-Kang Chang#include <string>
*e7b1675dSTing-Kang Chang#include <utility>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "absl/strings/string_view.h"
*e7b1675dSTing-Kang Chang#include "tink/hybrid/internal/hpke_context_boringssl.h"
*e7b1675dSTing-Kang Chang#include "tink/hybrid/internal/hpke_util.h"
*e7b1675dSTing-Kang Chang#include "tink/util/secret_data.h"
*e7b1675dSTing-Kang Chang#include "tink/util/statusor.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changnamespace crypto {
*e7b1675dSTing-Kang Changnamespace tink {
*e7b1675dSTing-Kang Changnamespace internal {
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang// Pair of string views for an HPKE payload (encapsulated key and ciphertext).
*e7b1675dSTing-Kang Changstruct HpkePayloadView {
*e7b1675dSTing-Kang Chang  HpkePayloadView(absl::string_view encapsulated_key,
*e7b1675dSTing-Kang Chang                  absl::string_view ciphertext)
*e7b1675dSTing-Kang Chang      : encapsulated_key(encapsulated_key), ciphertext(ciphertext) {}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  absl::string_view encapsulated_key;
*e7b1675dSTing-Kang Chang  absl::string_view ciphertext;
*e7b1675dSTing-Kang Chang};
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang// Creates HPKE payload `encapsulated_key` || `ciphertext` (i.e., Tink hybrid
*e7b1675dSTing-Kang Chang// encryption wire format described at
*e7b1675dSTing-Kang Chang// https://developers.google.com/tink/wire-format#hybrid_encryption).
*e7b1675dSTing-Kang Changstd::string ConcatenatePayload(absl::string_view encapsulated_key,
*e7b1675dSTing-Kang Chang                               absl::string_view ciphertext);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang// Splits `payload` into an `HpkePayloadView` struct.  The `kem` parameter is
*e7b1675dSTing-Kang Chang// used to determine how to split the payload.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// WARNING: The string pointed to by `payload` must outlive the returned object.
*e7b1675dSTing-Kang Changcrypto::tink::util::StatusOr<HpkePayloadView> SplitPayload(
*e7b1675dSTing-Kang Chang    const HpkeKem& kem, absl::string_view payload);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang// Represents an HPKE context for either a sender or a recipient.
*e7b1675dSTing-Kang Changclass HpkeContext {
*e7b1675dSTing-Kang Chang public:
*e7b1675dSTing-Kang Chang  // Sets up an HPKE sender context.  Returns an error if initialization
*e7b1675dSTing-Kang Chang  // fails.  Otherwise, returns a unique pointer to the sender context.
*e7b1675dSTing-Kang Chang  //
*e7b1675dSTing-Kang Chang  //   `params`: HPKE parameters (KEM, KDF, and AEAD).
*e7b1675dSTing-Kang Chang  //   `recipient_public_key`: KEM-encoding of recipient public key.
*e7b1675dSTing-Kang Chang  //   `info`: Application-specific context for key derivation.
*e7b1675dSTing-Kang Chang  static crypto::tink::util::StatusOr<std::unique_ptr<HpkeContext>> SetupSender(
*e7b1675dSTing-Kang Chang      const HpkeParams& params, absl::string_view recipient_public_key,
*e7b1675dSTing-Kang Chang      absl::string_view info);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  // Sets up an HPKE recipient context.  Returns an error if initialization
*e7b1675dSTing-Kang Chang  // fails.  Otherwise, returns a unique pointer to the recipient context.
*e7b1675dSTing-Kang Chang  //
*e7b1675dSTing-Kang Chang  //   `params`: HPKE parameters (KEM, KDF, and AEAD).
*e7b1675dSTing-Kang Chang  //   `recipient_private_key`: Recipient private key.
*e7b1675dSTing-Kang Chang  //   `encapsulated_key`: Encapsulated key.
*e7b1675dSTing-Kang Chang  //   `info`: Application-specific context for key derivation.
*e7b1675dSTing-Kang Chang  static crypto::tink::util::StatusOr<std::unique_ptr<HpkeContext>>
*e7b1675dSTing-Kang Chang  SetupRecipient(const HpkeParams& params,
*e7b1675dSTing-Kang Chang                 const util::SecretData& recipient_private_key,
*e7b1675dSTing-Kang Chang                 absl::string_view encapsulated_key, absl::string_view info);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  absl::string_view EncapsulatedKey() const {
*e7b1675dSTing-Kang Chang    return encapsulated_key_;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  // Performs an AEAD encryption of `plaintext` with `associated_data`. Returns
*e7b1675dSTing-Kang Chang  // an error if encryption fails.  Otherwise, returns the ciphertext.
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::string> Seal(
*e7b1675dSTing-Kang Chang      absl::string_view plaintext, absl::string_view associated_data) {
*e7b1675dSTing-Kang Chang    return context_->Seal(plaintext, associated_data);
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  // Performs an AEAD decryption of `ciphertext` with `associated_data`. Returns
*e7b1675dSTing-Kang Chang  // an error if decryption fails.  Otherwise, returns the plaintext.
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::string> Open(
*e7b1675dSTing-Kang Chang      absl::string_view ciphertext, absl::string_view associated_data) {
*e7b1675dSTing-Kang Chang    return context_->Open(ciphertext, associated_data);
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  // Exports `secret_length` bytes of secret material using `exporter_context`
*e7b1675dSTing-Kang Chang  // for the input context.  Returns an error if export fails.  Otherwise,
*e7b1675dSTing-Kang Chang  // returns a secret of the requested length.
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<util::SecretData> Export(
*e7b1675dSTing-Kang Chang      absl::string_view exporter_context, size_t secret_length) {
*e7b1675dSTing-Kang Chang    return context_->Export(exporter_context, secret_length);
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang private:
*e7b1675dSTing-Kang Chang  explicit HpkeContext(absl::string_view encapsulated_key,
*e7b1675dSTing-Kang Chang                       std::unique_ptr<HpkeContextBoringSsl> context)
*e7b1675dSTing-Kang Chang      : encapsulated_key_(encapsulated_key), context_(std::move(context)) {}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  const std::string encapsulated_key_;
*e7b1675dSTing-Kang Chang  const std::unique_ptr<HpkeContextBoringSsl> context_;
*e7b1675dSTing-Kang Chang};
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang}  // namespace internal
*e7b1675dSTing-Kang Chang}  // namespace tink
*e7b1675dSTing-Kang Chang}  // namespace crypto
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#endif  // TINK_HYBRID_INTERNAL_HPKE_CONTEXT_H_