com.google.crypto.tink.hybrid.internal

Class HpkeContext

java.lang.Object

com.google.crypto.tink.hybrid.internal.HpkeContext

@ThreadSafe
public final class HpkeContext
extends Object

Hybrid Public Key Encryption (HPKE) context for either a sender or a recipient.

https://www.rfc-editor.org/rfc/rfc9180.html#name-creating-the-encryption-con

Method Summary

Modifier and Type	Method and Description
static HpkeContext	createAuthRecipientContext(byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey, HpkeKem kem, HpkeKdf kdf, HpkeAead aead, byte[] info, HpkePublicKey senderPublicKey) Creates HPKE recipient context with authentication according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.3.
static HpkeContext	createAuthSenderContext(HpkePublicKey recipientPublicKey, HpkeKem kem, HpkeKdf kdf, HpkeAead aead, byte[] info, HpkeKemPrivateKey senderPrivateKey) Creates HPKE sender context with authentication according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.3.
static HpkeContext	createRecipientContext(byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey, HpkeKem kem, HpkeKdf kdf, HpkeAead aead, byte[] info) Creates HPKE sender recipient context according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1-9.
byte[]	getEncapsulatedKey()
byte[]	open(byte[] ciphertext, byte[] associatedData) Performs AEAD decryption of ciphertext with associatedData according to ContextR.Open() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2-10.
byte[]	seal(byte[] plaintext, byte[] associatedData) Performs AEAD encryption of plaintext with associatedData according to ContextS.Seal() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2-8.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createAuthSenderContext

public static HpkeContext createAuthSenderContext(HpkePublicKey recipientPublicKey,
                                                  HpkeKem kem,
                                                  HpkeKdf kdf,
                                                  HpkeAead aead,
                                                  byte[] info,
                                                  HpkeKemPrivateKey senderPrivateKey)
                                           throws GeneralSecurityException

Creates HPKE sender context with authentication according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.3.

Parameters:

recipientPublicKey - recipient's public key (pkR)

kem - key encapsulation mechanism primitive

kdf - key derivation function primitive

aead - authenticated encryption with associated data primitive

info - application-specific information parameter to influence key generation

senderPrivateKey - sender's private key (skS)

Throws:

GeneralSecurityException

createRecipientContext

public static HpkeContext createRecipientContext(byte[] encapsulatedKey,
                                                 HpkeKemPrivateKey recipientPrivateKey,
                                                 HpkeKem kem,
                                                 HpkeKdf kdf,
                                                 HpkeAead aead,
                                                 byte[] info)
                                          throws GeneralSecurityException

Creates HPKE sender recipient context according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1-9.

Parameters:

encapsulatedKey - encapsulated key (enc)

recipientPrivateKey - recipient's private key (skR)

kem - key encapsulation mechanism primitive

kdf - key derivation function primitive

aead - authenticated encryption with associated data primitive

info - application-specific information parameter to influence key generation

Throws:

GeneralSecurityException

createAuthRecipientContext

public static HpkeContext createAuthRecipientContext(byte[] encapsulatedKey,
                                                     HpkeKemPrivateKey recipientPrivateKey,
                                                     HpkeKem kem,
                                                     HpkeKdf kdf,
                                                     HpkeAead aead,
                                                     byte[] info,
                                                     HpkePublicKey senderPublicKey)
                                              throws GeneralSecurityException

Creates HPKE recipient context with authentication according to KeySchedule() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.3.

Parameters:

encapsulatedKey - encapsulated key (enc)

recipientPrivateKey - recipient's private key (skR)

kem - key encapsulation mechanism primitive

kdf - key derivation function primitive

aead - authenticated encryption with associated data primitive

info - application-specific information parameter to influence key generation

senderPublicKey - sender's public key (pkS)

Throws:

GeneralSecurityException

getEncapsulatedKey

public byte[] getEncapsulatedKey()

seal

public byte[] seal(byte[] plaintext,
                   byte[] associatedData)
            throws GeneralSecurityException

Performs AEAD encryption of plaintext with associatedData according to ContextS.Seal() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2-8.

Returns:

ciphertext

Throws:

GeneralSecurityException

open

public byte[] open(byte[] ciphertext,
                   byte[] associatedData)
            throws GeneralSecurityException

Performs AEAD decryption of ciphertext with associatedData according to ContextR.Open() defined in https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2-10.

Returns:

plaintext

Throws:

GeneralSecurityException