hpke_dispatch/
config.rs

1#[cfg(target_arch = "wasm32")]
2use wasm_bindgen::prelude::*;
3
4use crate::{
5    base_mode_open, base_mode_seal, Aead, EncappedKeyAndCiphertext, HpkeError, IdLookupError, Kdf,
6    Kem,
7};
8/**
9Config is an open struct that contains an ([`Aead`], [`Kdf`], [`Kem`])
10algorithmic triple. This can be used with [`Config::base_mode_seal`],
11[`Config::base_mode_open`], [`base_mode_seal`], or [`base_mode_open`].
12*/
13#[derive(Copy, Clone, Debug, PartialEq, Eq)]
14#[cfg_attr(target_arch = "wasm32", wasm_bindgen)]
15#[cfg_attr(
16    feature = "serde",
17    derive(serde_crate::Serialize, serde_crate::Deserialize)
18)]
19#[cfg_attr(feature = "serde", serde(crate = "serde_crate"))]
20pub struct Config {
21    /// the [authenticated encryption with additional data encryption function](crate::Aead) to be used
22    pub aead: Aead,
23    /// the [key derivation function](crate::Kdf) to be used
24    pub kdf: Kdf,
25    /// the [asymmetric key encapsulation mechanism](crate::Kem) to be used
26    pub kem: Kem,
27}
28
29#[cfg_attr(target_arch = "wasm32", wasm_bindgen)]
30impl Config {
31    /**
32    base_mode_seal provides an interface to [`hpke::single_shot_seal`] that does
33    not require compile time selection of an algorithm. Instead, the
34    selected algorithm is provided through the [`Config`] that this
35    method is called on.
36
37    Requires the `base-mode-seal` crate feature to be enabled.
38
39    # Errors
40
41    This will return an `Result::Err` variant if:
42
43     * we are unable to deserialize the recipient public key
44     * there is an error in key encapsultion
45     * there is an error in encryption
46
47     */
48    #[cfg(feature = "base-mode-seal")]
49    pub fn base_mode_seal(
50        &self,
51        recipient_public_key: &[u8],
52        info: &[u8],
53        plaintext: &[u8],
54        aad: &[u8],
55    ) -> Result<EncappedKeyAndCiphertext, HpkeError> {
56        base_mode_seal(self, recipient_public_key, info, plaintext, aad)
57    }
58
59    /**
60    base_mode_open provides an interface to [`hpke::single_shot_open`]
61    that does not require compile time selection of an
62    algorithm. Instead, the selected algorithm is provided through the
63    [`Config`] that this method is called on.
64
65    Requires the `base-mode-open` crate feature to be enabled.
66
67    # Errors
68
69    This will return an `Result::Err` variant if:
70
71    * we are unable to deserialize the private key or encapsulated key
72    * there is an error in key decapsulation
73    * there is an error in decryption
74
75    */
76    #[cfg(feature = "base-mode-open")]
77    pub fn base_mode_open(
78        &self,
79        private_key: &[u8],
80        encapped_key: &[u8],
81        info: &[u8],
82        ciphertext: &[u8],
83        aad: &[u8],
84    ) -> Result<Vec<u8>, HpkeError> {
85        base_mode_open(self, private_key, encapped_key, info, ciphertext, aad)
86    }
87
88    /// Attempt to convert three u16 ids into a valid config. The id mappings are defined in the draft.
89    #[allow(clippy::use_self)] // wasm_bindgen gets confused about Self
90    pub fn try_from_ids(aead_id: u16, kdf_id: u16, kem_id: u16) -> Result<Config, IdLookupError> {
91        Ok(Self {
92            aead: aead_id.try_into().map_err(|_| IdLookupError("aead"))?,
93            kdf: kdf_id.try_into().map_err(|_| IdLookupError("kdf"))?,
94            kem: kem_id.try_into().map_err(|_| IdLookupError("kem"))?,
95        })
96    }
97}