class OpenSSL::HPKE::Context::Receiver

The recipient’s side of an HPKE context. Decapsulates the sender’s key with decap and recovers messages with open.

Public Class Methods

new(suite) → receiver_context

Source

static VALUE
ossl_hpke_ctx_new_receiver(VALUE self, VALUE suite)
{
    ossl_hpke_ctx_t *data;
    OSSL_HPKE_SUITE *suite_st;

    if (RTYPEDDATA_DATA(self))
        ossl_raise(eHPKEError, "HPKE context is already initialized");
    if (!rb_obj_is_kind_of(suite, cSuite))
        ossl_raise(eHPKEError, "invalid suite specified");
    GetHpkeSuite(suite, suite_st);

    data = ALLOC(ossl_hpke_ctx_t);
    data->ctx = NULL;
    data->suite = *suite_st;

    data->ctx = OSSL_HPKE_CTX_new(OSSL_HPKE_MODE_BASE, data->suite,
                                  OSSL_HPKE_ROLE_RECEIVER, NULL, NULL);
    if (data->ctx == NULL) {
        ruby_xfree(data);
        ossl_raise(eHPKEError, "could not create ctx");
    }

    RTYPEDDATA_DATA(self) = data;
    return self;
}

Takes a OpenSSL::HPKE::Suite to generate a Context for the receiver. Currently assumes Base mode as the HPKE mode.

Public Instance Methods

decap(enc, priv, info) → true

Source

static VALUE
ossl_hpke_decap(VALUE self, VALUE enc, VALUE priv, VALUE info)
{
    ossl_hpke_ctx_t *data;
    EVP_PKEY *pkey;
    size_t enclen;
    size_t infolen;

    GetHpke(self, data);
    GetPKey(priv, pkey);

    StringValue(enc);
    StringValue(info);
    enclen = RSTRING_LEN(enc);
    infolen = RSTRING_LEN(info);

    if (OSSL_HPKE_decap(data->ctx, (unsigned char *)RSTRING_PTR(enc), enclen, pkey,
                        (unsigned char *)RSTRING_PTR(info), infolen) != 1) {
        ossl_raise(eHPKEError, "could not decap");
    }

    return Qtrue;
}

Takes the encapsulated key enc (a String produced by the sender’s Sender#encap), the receiver’s own private key (OpenSSL::PKey), and info string (application context information; value that separates the domain in which the key is used), and decapsulates the key to be used in subsequent operations. The info must be identical to the one given to Sender#encap. Returns true on success.

open(aad, ciphertext) → plaintext

Source

static VALUE
ossl_hpke_open(VALUE self, VALUE aad, VALUE ct)
{
    VALUE pt_obj;
    ossl_hpke_ctx_t *data;
    size_t ptlen, aadlen, ctlen;

    StringValue(aad);
    StringValue(ct);
    aadlen = RSTRING_LEN(aad);
    ctlen  = RSTRING_LEN(ct);
    ptlen = ctlen;

    pt_obj = rb_str_new(0, ptlen);

    GetHpke(self, data);

    if (OSSL_HPKE_open(data->ctx, (unsigned char *)RSTRING_PTR(pt_obj), &ptlen,
                       (unsigned char *)RSTRING_PTR(aad), aadlen,
                       (unsigned char *)RSTRING_PTR(ct), ctlen) != 1) {
        ossl_raise(eHPKEError, "could not open");
    }

    rb_str_resize(pt_obj, ptlen);

    return pt_obj;
}

Opens (decrypts) the ciphertext using the Context‘s AEAD and returns the recovered plaintext. aad is extra data authenticated with, but not encrypted into, the ciphertext, and must be identical to the aad supplied to Sender#seal, otherwise opening fails.