Add EVP_HPKE_KEM_public_key_len and EVP_HPKE_KEM_private_key_len.
OHTTP will also need EVP_HPKE_KEM_public_key_len because the OHTTP Key
Config structure simply concatenates the public key with other fields.
I don't think it needs EVP_HPKE_KEM_private_key_len, but at this point
we may as well add it for consistency.
Change-Id: I7fb8fc1cc5e65b8531fd9da53f18aa99ec85386c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54605
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c
index e49b46d..f94b684 100644
--- a/crypto/hpke/hpke.c
+++ b/crypto/hpke/hpke.c
@@ -228,6 +228,14 @@
uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem) { return kem->id; }
+size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem) {
+ return kem->public_key_len;
+}
+
+size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem) {
+ return kem->private_key_len;
+}
+
size_t EVP_HPKE_KEM_enc_len(const EVP_HPKE_KEM *kem) { return kem->enc_len; }
void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key) {
diff --git a/include/openssl/hpke.h b/include/openssl/hpke.h
index c90dfb4..3ce6946 100644
--- a/include/openssl/hpke.h
+++ b/include/openssl/hpke.h
@@ -51,8 +51,24 @@
// will be one of the |EVP_HPKE_KEM_*| constants.
OPENSSL_EXPORT uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem);
+// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of an encoded public key
+// for all KEMs currently supported by this library.
+#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
+
+// EVP_HPKE_KEM_public_key_len returns the length of a public key for |kem|.
+// This value will be at most |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH|.
+OPENSSL_EXPORT size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem);
+
+// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of an encoded private
+// key for all KEMs currently supported by this library.
+#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
+
+// EVP_HPKE_KEM_private_key_len returns the length of a private key for |kem|.
+// This value will be at most |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH|.
+OPENSSL_EXPORT size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem);
+
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
-// shared secret, for all supported KEMs in this library.
+// shared secret, for all KEMs currently supported by this library.
#define EVP_HPKE_MAX_ENC_LENGTH 32
// EVP_HPKE_KEM_enc_len returns the length of the "enc", the encapsulated shared
@@ -140,28 +156,22 @@
// EVP_HPKE_KEY_kem returns the HPKE KEM used by |key|.
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key);
-// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of a public key for all
-// KEMs supported by this library.
-#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
-
// EVP_HPKE_KEY_public_key writes |key|'s public key to |out| and sets
// |*out_len| to the number of bytes written. On success, it returns one and
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
// Setting |max_out| to |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH| will ensure the public
-// key fits.
+// key fits. An exact size can also be determined by
+// |EVP_HPKE_KEM_public_key_len|.
OPENSSL_EXPORT int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key,
uint8_t *out, size_t *out_len,
size_t max_out);
-// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of a private key for
-// all KEMs supported by this library.
-#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
-
// EVP_HPKE_KEY_private_key writes |key|'s private key to |out| and sets
// |*out_len| to the number of bytes written. On success, it returns one and
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
// Setting |max_out| to |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH| will ensure the
-// private key fits.
+// private key fits. An exact size can also be determined by
+// |EVP_HPKE_KEM_private_key_len|.
OPENSSL_EXPORT int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key,
uint8_t *out, size_t *out_len,
size_t max_out);
