xref: /aosp_15_r20/external/tink/cc/hybrid_decrypt.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #ifndef TINK_HYBRID_DECRYPT_H_
18 #define TINK_HYBRID_DECRYPT_H_
19 
20 #include <string>
21 
22 #include "absl/strings/string_view.h"
23 #include "tink/util/statusor.h"
24 
25 namespace crypto {
26 namespace tink {
27 
28 ///////////////////////////////////////////////////////////////////////////////
29 // The interface for hybrid decryption.
30 //
31 // Implementations of this interface are secure against adaptive
32 // chosen ciphertext attacks.  In addition to 'plaintext' the
33 // encryption takes an extra parameter 'context_info', which usually
34 // is public data implicit from the context, but should be bound to
35 // the resulting ciphertext: upon decryption the ciphertext allows for
36 // checking the integrity of 'context_info' (but there are no
37 // guarantees wrt. to secrecy or authenticity of 'context_info').
38 //
39 // WARNING: hybrid encryption does not provide authenticity, that is the
40 // recipient of an encrypted message does not know the identity of the sender.
41 // Similar to general public-key encryption schemes the security goal of
42 // hybrid encryption is to provide privacy only. In other words, hybrid
43 // encryption is secure if and only if the recipient can accept anonymous
44 // messages or can rely on other mechanisms to authenticate the sender.
45 //
46 // 'context_info' can be empty or null, but to ensure the correct
47 // decryption of the ciphertext the same value must be provided
48 // as was used during encryption operation (cf. HybridEncrypt-interface).
49 //
50 // A concrete instantiation of this interface can implement the
51 // binding of 'context_info' to the ciphertext in various ways, for
52 // example:
53 //
54 // - use 'context_info' as "associated data"-input for the employed
55 //   AEAD symmetric encryption (cf. https://tools.ietf.org/html/rfc5116).
56 // - use 'context_info' as "CtxInfo"-input for HKDF (if the implementation uses
57 //   HKDF as key derivation function, cf. https://tools.ietf.org/html/rfc5869).
58 class HybridDecrypt {
59  public:
60   // Decrypts 'ciphertext' verifying the integrity of 'context_info'.
61   virtual crypto::tink::util::StatusOr<std::string> Decrypt(
62       absl::string_view ciphertext, absl::string_view context_info) const = 0;
63 
64   virtual ~HybridDecrypt() = default;
65 };
66 
67 }  // namespace tink
68 }  // namespace crypto
69 
70 #endif  // TINK_HYBRID_DECRYPT_H_
71