Google Git
Sign in
boringssl / boringssl.git / 4c8bcf0da2951cacd8ed8eaa7fd2df4b22fca23b^! / . / include / openssl / hpke.h
commit4c8bcf0da2951cacd8ed8eaa7fd2df4b22fca23b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Apr 28 17:59:18 2023 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue May 02 19:22:24 2023 +0000
treedebe1c9ca7c545bfe0f68e3422f21d8af008b44d
parent051f891b2691be03da92d516c9f739823ef0541e [diff] [blame]
Implement the AuthEncap/AuthDecap HPKE modes

Relevant spec bits:
https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1
https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.3

Change-Id: Iddb151afc92f7a91beb9ca52caceec6cb5383206
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59387
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/include/openssl/hpke.h b/include/openssl/hpke.h
index 3ce6946..eaf5947 100644
--- a/include/openssl/hpke.h
+++ b/include/openssl/hpke.h

@@ -249,6 +249,34 @@
     const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
     const uint8_t *info, size_t info_len);
 
+// EVP_HPKE_CTX_setup_auth_sender implements the SetupAuthS HPKE operation. It
+// behaves like |EVP_HPKE_CTX_setup_sender| but authenticates the resulting
+// context with |key|.
+OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender(
+    EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
+    const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
+    const uint8_t *peer_public_key, size_t peer_public_key_len,
+    const uint8_t *info, size_t info_len);
+
+// EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing behaves like
+// |EVP_HPKE_CTX_setup_auth_sender|, but takes a seed to behave
+// deterministically. The seed's format depends on |kem|. For X25519, it is the
+// sender's ephemeral private key.
+OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
+    EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
+    const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
+    const uint8_t *peer_public_key, size_t peer_public_key_len,
+    const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len);
+
+// EVP_HPKE_CTX_setup_auth_recipient implements the SetupAuthR HPKE operation.
+// It behaves like |EVP_HPKE_CTX_setup_recipient| but checks the resulting
+// context was authenticated with |peer_public_key|.
+OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_recipient(
+    EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
+    const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
+    const uint8_t *info, size_t info_len, const uint8_t *peer_public_key,
+    size_t peer_public_key_len);
+
 
 // Using an HPKE context.
 //