1 files changed, 25 insertions, 0 deletions

diff --git a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java
index 2a6a33b3c..e733d4739 100644
--- a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java
+++ b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeKem.java
@@ -48,6 +48,31 @@ interface HpkeKem {
       throws GeneralSecurityException;
 
   /**
+   * Similar to {@link encapsulate}, but the output additionally encodes an assurance that the KEM
+   * shared secret was generated by the holder of {@code senderPrivateKey}. Returns a {@link
+   * com.google.crypto.tink.hybrid.internal.HpkeKemEncapOutput} object that contains the raw shared
+   * secret and the encapsulated key. The HPKE RFC refers to this method as AuthEncap(), which is
+   * used by the sender.
+   *
+   * @throws GeneralSecurityException when either the shared secret cannot be generated or the
+   *     shared secret cannot be encapsulated.
+   */
+  HpkeKemEncapOutput authEncapsulate(byte[] recipientPublicKey, HpkeKemPrivateKey senderPrivateKey)
+      throws GeneralSecurityException;
+
+  /**
+   * Extracts the shared secret from {@code encapsulatedKey} using {@code recipientPrivateKey}. The
+   * recipient is assured that the KEM shared secret was generated by the holder of the private key
+   * corresponding to {@code senderPublicKey}. Returns the raw shared secret. The HPKE RFC refers to
+   * this method as AuthDecap(), which is used by the recipient.
+   *
+   * @throws GeneralSecurityException if the shared secret cannot be extracted.
+   */
+  byte[] authDecapsulate(
+      byte[] encapsulatedKey, HpkeKemPrivateKey recipientPrivateKey, byte[] senderPublicKey)
+      throws GeneralSecurityException;
+
+  /**
    * Returns the HPKE KEM algorithm identifier for the underlying KEM implementation.
    *
    * <p>More details at