ring
ring copied to clipboard
briansmith
Base Mode HPKE
This is a draft of a base mode implementation of HPKE. Opening this up before implementing the other modes for early feedback. It also includes support for bidirectional encryption, since in practice, almost all applications require it.
@tanyav2 Thanks for doing this. Are you still interested in this? If so, I can review it soon.
Over in rustls we'd like to implement support for Encrypted Client Hello, which would ideally use this.
Failing that, the work in this PR could live in a separate crate but that would need a solution for #331 (happy to provide a PR for that if that is the preferred direction).
@ctz, I do think we should solve #331 regardless. In terms of the FIPS project I'm working on, my hope is that we'd implement HPKE outside of the FIPS boundary, by using an implementation of static ECDH that is within the FIPS boundary. Noise needs a solution for #331 anyway, and I believe that a solution for #331 is blocking the next phases of the HPKE implementation, from the "not implemented yet" comments I see in this PR.
Codecov Report
Attention: 61 lines in your changes are missing coverage. Please review.
Comparison is base (
08fcf4a) 93.02% compared to head (883ac53) 95.96%. Report is 1627 commits behind head on main.
| Files | Patch % | Lines |
|---|---|---|
| src/hpke.rs | 92.15% | 57 Missing :warning: |
| tests/hpke_tests.rs | 96.49% | 4 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #1462 +/- ##
==========================================
+ Coverage 93.02% 95.96% +2.93%
==========================================
Files 127 138 +11
Lines 18227 21601 +3374
Branches 195 226 +31
==========================================
+ Hits 16956 20729 +3773
+ Misses 1237 837 -400
- Partials 34 35 +1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}