123456789_123456789_123456789_123456789_123456789_

Module: OpenSSL::HPKE

Relationships & Source Files
Namespace Children
Classes:
Context, Suite
Exceptions:
HPKEError
Defined in: ext/openssl/ossl_hpke.c

Overview

Hybrid Public Key Encryption (HPKE) as defined in RFC 9180. HPKE encrypts messages to the holder of a public key by combining a Key Encapsulation Mechanism (KEM), a Key Derivation Function (KDF), and an AEAD scheme, which together form an Suite.

The sender encapsulates a key to the recipient and seals messages through an OpenSSL::HPKE::Context::Sender; the recipient decapsulates that key and opens the messages through an HPKE::Context::Receiver. Only HPKE base mode is currently supported.

Availability depends on the underlying OpenSSL: the HPKE API was added in ::OpenSSL 3.2.

Class Method Summary

Class Method Details

.keygen(suite) ⇒ pkey (mod_func)

Takes a HPKE::Suite and returns a public-private key pair in the form of PKey for the corresponding cipher suite.

[ GitHub ] 

  


# File 'ext/openssl/ossl_hpke.c', line 482



static VALUE
ossl_hpke_keygen(VALUE self, VALUE suite)
{
    EVP_PKEY *pkey;
    VALUE pkey_obj;
    OSSL_HPKE_SUITE *suite_st;
    /* as per RFC9180 section 7.1, the maximum size of Npk possible is 133 */
    unsigned char pub[133];
    size_t publen;

    if (!rb_obj_is_kind_of(suite, cSuite))
        ossl_raise(eHPKEError, "invalid suite specified");
    GetHpkeSuite(suite, suite_st);

    /* set to the maximum length first; OSSL_HPKE_keygen() shrinks it down */
    publen = 133;

    if(!OSSL_HPKE_keygen(*suite_st, pub, &publen, &pkey, NULL, 0, NULL, NULL)){
        ossl_raise(eHPKEError, "could not keygen");
    }

    pkey_obj = ossl_pkey_wrap(pkey);

    return pkey_obj;
}