Expand description
HPKE
An implementation of HPKE with flexible crypto backends.
From the RFC:
This scheme provides a variant of public-key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one which authenticates possession of a pre-shared key, and two optional ones which authenticate possession of a KEM private key.
This version is compatible with draft-12, which is expected to be equivalent to the RFC.
Supported HPKE modes
- Base
- PSK
- Auth
- AuthPSK
Supported cipher suites
KEM
- DH KEM x25519
- DH KEM P256
AEAD
- AES GCM 128
- AES GCM 256
- ChaCha20 Poly1305
- Exporter only
KDF
- HKDF SHA-256
- HKDF SHA-384
- HKDF SHA-512
Crypto Backends
This crate does not implement the cryptographic primitives used itself. Instead it expects an implementation of the HpkeCrypto trait.
Modules
Prelude for HPKE. Include this to get access to all the public functions of HPKE.
Structs
The HPKE context. Note that the RFC currently doesn’t define this. Also see https://github.com/cfrg/draft-irtf-cfrg-hpke/issues/161.
The HPKE configuration struct.
This holds the configuration for HPKE but no state.
To use HPKE first instantiate the configuration with
let hpke = Hpke::new(mode, kem_mode, kdf_mode, aead_mode).
Now one can use the hpke configuration.
An HPKE key pair has an HPKE private and public key.
An HPKE private key is a byte vector.
An HPKE public key is a byte vector.