third-party/fizz/src/fizz/crypto/hpke/DHKEM.h

   1 // Copyright 2004-present Facebook. All Rights Reserved.
   2
   3 #pragma once
   4
   5 #include <fizz/crypto/ECCurve.h>
   6 #include <fizz/crypto/exchange/OpenSSLKeyExchange.h>
   7 #include <fizz/crypto/hpke/Hkdf.h>
   8 #include <fizz/crypto/hpke/Types.h>
   9 #include <fizz/record/Types.h>
  10
  11 namespace fizz {
  12
  13 /**
  14  * This class implements the DHKEM functions as specified in this IETF RFC.
  15  * https://datatracker.ietf.org/doc/draft-irtf-cfrg-hpke/?include_text=1
  16  *
  17  */
  18 class DHKEM {
  19  public:
  20   struct EncapResult {
  21     std::unique_ptr<folly::IOBuf> sharedSecret;
  22     std::unique_ptr<folly::IOBuf> enc;
  23   };
  24
  25   DHKEM(
  26       std::unique_ptr<KeyExchange> kex,
  27       NamedGroup group,
  28       std::unique_ptr<fizz::hpke::Hkdf> hkdf);
  29
  30   /**
  31    * Generate an ephemeral, fixed-length symmetric key
  32    * (the KEM shared secret) and a fixed-length encapsulation of
  33    * that key that can be decapsulated by the holder of the private
  34    * key corresponding to "pk"
  35    */
  36   EncapResult encap(folly::ByteRange pkR);
  37
  38   /**
  39    * Use the private key "sk" to recover the
  40    * ephemeral symmetric key (the KEM shared secret) from its
  41    * encapsulated representation "enc"
  42    */
  43   std::unique_ptr<folly::IOBuf> decap(folly::ByteRange enc);
  44
  45   /**
  46    * Returns the HPKE KEM code point that this `DHKEM` instance implements.
  47    */
  48   hpke::KEMId getKEMId() const;
  49
  50  private:
  51   std::unique_ptr<folly::IOBuf> extractAndExpand(
  52       std::unique_ptr<folly::IOBuf> dh,
  53       std::unique_ptr<folly::IOBuf> kemContext);
  54   std::unique_ptr<KeyExchange> kex_;
  55   NamedGroup group_;
  56   std::unique_ptr<fizz::hpke::Hkdf> hkdf_;
  57 };
  58 } // namespace fizz