diff options
Diffstat (limited to 'java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java')
-rw-r--r-- | java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java index 2a6a33b3c..e733d4739 100644 --- a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java +++ b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java @@ -48,6 +48,31 @@ interface HpkeKem { throws GeneralSecurityException; /** + * Similar to {@link encapsulate}, but the output additionally encodes an assurance that the KEM + * shared secret was generated by the holder of {@code senderPrivateKey}. Returns a {@link + * com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput} object that contains the raw shared + * secret and the encapsulated key. The HPKE RFC refers to this method as AuthEncap(), which is + * used by the sender. + * + * @throws GeneralSecurityException when either the shared secret cannot be generated or the + * shared secret cannot be encapsulated. + */ + HpkeKemEncapOutput authEncapsulate(byte[] recipientPublicKey, HpkeKemPrivateKey senderPrivateKey) + throws GeneralSecurityException; + + /** + * Extracts the shared secret from {@code encapsulatedKey} using {@code recipientPrivateKey}. The + * recipient is assured that the KEM shared secret was generated by the holder of the private key + * corresponding to {@code senderPublicKey}. Returns the raw shared secret. The HPKE RFC refers to + * this method as AuthDecap(), which is used by the recipient. + * + * @throws GeneralSecurityException if the shared secret cannot be extracted. + */ + byte[] authDecapsulate( + byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey, byte[] senderPublicKey) + throws GeneralSecurityException; + + /** * Returns the HPKE KEM algorithm identifier for the underlying KEM implementation. * * <p>More details at |