Struct Context 

pub struct Context<C, Role> { /* private fields */ }

The HPKE cryptographic context.

HPKE allows multiple encryption operations to be done based on a given setup transaction. Since the public key operations involved in setup are typically more expensive than symmetric encryption or decryption, this allows applications to amortize the cost of the public key operations, reducing the overall overhead.

In order to avoid nonce reuse, however, this encryption must be stateful. Each of the setup procedures above produces a role-specific context object that stores the AEAD and secret export parameters. The AEAD parameters consist of:

• The AEAD algorithm in use
• A secret key
• A base nonce base_nonce
• A sequence number (initially 0)

The secret export parameters consist of:

• The HPKE ciphersuite in use and
• An exporter_secret used for the secret export interface (see RFC 9180, Section 5.3)

Note that the RFC currently doesn’t define this. Also see https://github.com/cfrg/draft-irtf-cfrg-hpke/issues/161.

TODO: need pub?

Implementations

impl<C: Crypto> Context<C, Sender>

pub fn seal(&mut self, aad: &[u8], pt: &[u8]) -> Result<Vec<u8>, Error>

See seal_in_place.

Errors

See seal_in_place.

pub fn seal_in_place( &mut self, aad: &[u8], in_out: &mut Vec<u8>, ) -> Result<(), Error>

5.2. Encryption and Decryption

Encryption is unidirectional from sender to recipient. The sender’s context can encrypt a plaintext pt with associated data aad as follows:

def Context.Seal(aad, pt):
  ct = Seal(self.key, self.ComputeNonce(self.seq), aad, pt)
  self.IncrementSeq()
  return ct

See RFC 9180, Section 5.2 for details.

Errors

CryptoError, or message limit reached.

impl<C: Crypto> Context<C, Recipient>

pub fn open(&mut self, aad: &[u8], ct: &[u8]) -> Result<Vec<u8>, Error>

See open_in_place.

Errors

See open_in_place.

pub fn open_in_place( &mut self, aad: &[u8], in_out: &mut Vec<u8>, ) -> Result<(), Error>

5.2. Encryption and Decryption

The recipient’s context can decrypt a ciphertext ct with associated data aad as follows:

def Context.Open(aad, ct):
  pt = Open(self.key, self.ComputeNonce(self.seq), aad, ct)
  if pt == OpenError:
    raise OpenError
  self.IncrementSeq()
  return pt

See RFC 9180, Section 5.2 for details.

Errors

CryptoError, or message limit reached.

impl<C: Crypto, Role> Context<C, Role>

pub fn export( &self, exporter_context: &[u8], length: usize, ) -> Result<Okm, Error>

5.3. Secret Export

Takes a serialised exporter context as byte slice and a length for the output secret and returns an exporter secret as byte vector.

def Context.Export(exporter_context, L):
  return LabeledExpand(self.exporter_secret, "sec", exporter_context, L)

See RFC 9180, Section 5.3 for details.

Errors

See kdf::labeled_expand.