Skip to content

Commit

Permalink
Remove HPKEMode enum as we always use Base anyway. (#32)
Browse files Browse the repository at this point in the history 
Motivation:

The HPKEMode enum makes no sense as we always use setupBaseS and setupBaseR anyway which only works in the case of the base mode.

Modifications:

Remove the HPKEMode enum and any usage of it

Result:

Simplify code
  • Loading branch information
@normanmaurer
normanmaurer authored Dec 28, 2023
1 parent 8c81c2f commit 241f2bd
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 103 deletions.
27 changes: 5 additions & 22 deletions ...main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleOHttpCryptoProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import io.netty.incubator.codec.hpke.AEADContext;
import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair;
import io.netty.incubator.codec.hpke.AsymmetricKeyParameter;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.HPKESenderContext;
import io.netty.incubator.codec.hpke.KDF;
Expand All @@ -43,8 +42,8 @@

public final class BouncyCastleOHttpCryptoProvider implements OHttpCryptoProvider {
public static final BouncyCastleOHttpCryptoProvider INSTANCE = new BouncyCastleOHttpCryptoProvider();

private final SecureRandom random = new SecureRandom();
private static final byte MODE_BASE = (byte) 0x00;

private BouncyCastleOHttpCryptoProvider() { }

Expand All @@ -68,11 +67,11 @@ private static BouncyCastleAsymmetricCipherKeyPair castOrThrow(AsymmetricCipherK
}

@Override
public HPKESenderContext setupHPKEBaseS(HPKEMode mode, KEM kem, KDF kdf, AEAD aead,
public HPKESenderContext setupHPKEBaseS(KEM kem, KDF kdf, AEAD aead,
AsymmetricKeyParameter pkR, byte[] info,
AsymmetricCipherKeyPair kpE) {
org.bouncycastle.crypto.hpke.HPKE hpke =
new org.bouncycastle.crypto.hpke.HPKE(mode.value(), kem.id(), kdf.id(), aead.id());
new org.bouncycastle.crypto.hpke.HPKE(MODE_BASE, kem.id(), kdf.id(), aead.id());
final org.bouncycastle.crypto.hpke.HPKEContextWithEncapsulation ctx;
if (kpE == null) {
ctx = hpke.setupBaseS(castOrThrow(pkR).param, info);
Expand All @@ -83,10 +82,10 @@ public HPKESenderContext setupHPKEBaseS(HPKEMode mode, KEM kem, KDF kdf, AEAD ae
}

@Override
public HPKERecipientContext setupHPKEBaseR(HPKEMode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc,
public HPKERecipientContext setupHPKEBaseR(KEM kem, KDF kdf, AEAD aead, byte[] enc,
AsymmetricCipherKeyPair skR, byte[] info) {
org.bouncycastle.crypto.hpke.HPKE hpke =
new org.bouncycastle.crypto.hpke.HPKE(mode.value(), kem.id(), kdf.id(), aead.id());
new org.bouncycastle.crypto.hpke.HPKE(MODE_BASE, kem.id(), kdf.id(), aead.id());
return new BouncyCastleHPKERecipientContext(hpke.setupBaseR(enc, castOrThrow(skR).pair, info));
}

Expand Down Expand Up @@ -253,20 +252,4 @@ public boolean isSupported(KDF kdf) {
return false;
}
}

@Override
public boolean isSupported(HPKEMode mode) {
if (mode == null) {
return false;
}
switch (mode) {
case Psk:
case Base:
case Auth:
case AuthPsk:
return true;
default:
return false;
}
}
}
20 changes: 2 additions & 18 deletions ...l/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLOHttpCryptoProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
import io.netty.incubator.codec.hpke.AEADContext;
import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair;
import io.netty.incubator.codec.hpke.AsymmetricKeyParameter;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.HPKESenderContext;
import io.netty.incubator.codec.hpke.KDF;
Expand Down Expand Up @@ -109,18 +108,9 @@ private static long boringSSLHPKEAEAD(AEAD aead) {
}
}

private static void validateMode(HPKEMode mode) {
// TODO: Also support AUTH
if (mode != HPKEMode.Base) {
throw new IllegalArgumentException("Mode not supported: " + mode);
}
}

@Override
public HPKESenderContext setupHPKEBaseS(
HPKEMode mode, KEM kem, KDF kdf, AEAD aead, AsymmetricKeyParameter pkR,
public HPKESenderContext setupHPKEBaseS(KEM kem, KDF kdf, AEAD aead, AsymmetricKeyParameter pkR,
byte[] info, AsymmetricCipherKeyPair kpE) {
validateMode(mode);
long boringSSLKem = boringSSLKEM(kem);
long boringSSLKdf = boringSSLKDF(kdf);
long boringSSLAead = boringSSLHPKEAEAD(aead);
Expand Down Expand Up @@ -161,9 +151,8 @@ private static byte[] encodedAsymmetricKeyParameter(AsymmetricKeyParameter param
}

@Override
public HPKERecipientContext setupHPKEBaseR(HPKEMode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc,
public HPKERecipientContext setupHPKEBaseR(KEM kem, KDF kdf, AEAD aead, byte[] enc,
AsymmetricCipherKeyPair skR, byte[] info) {
validateMode(mode);
// Validate that KEM is supported by BoringSSL
long boringSSLKem = boringSSLKEM(kem);
long boringSSLKdf = boringSSLKDF(kdf);
Expand Down Expand Up @@ -264,10 +253,5 @@ public boolean isSupported(KEM kem) {
public boolean isSupported(KDF kdf) {
return kdf == KDF.HKDF_SHA256;
}

@Override
public boolean isSupported(HPKEMode mode) {
return mode == HPKEMode.Base;
}
}

45 changes: 0 additions & 45 deletions codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKEMode.java
View file

This file was deleted.

16 changes: 3 additions & 13 deletions codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/OHttpCryptoProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,22 +34,20 @@ public interface OHttpCryptoProvider {
/**
* Establish a {@link HPKESenderContext} that can be used for encryption.
*
* @param mode the {@link HPKEMode} to use.
* @param kem the {@link KEM} to use.
* @param kdf the {@link KDF} to use.
* @param aead the {@link AEAD} to use.
* @param pkR the public key.
* @param info info parameter.
* @param kpE the ephemeral keypair or {@code null} if none should be used.
* @param kpE the ephemeral keypair that is used for the seed or {@code null} if none should be used.
* @return the context.
*/
HPKESenderContext setupHPKEBaseS(HPKEMode mode, KEM kem, KDF kdf, AEAD aead,
HPKESenderContext setupHPKEBaseS(KEM kem, KDF kdf, AEAD aead,
AsymmetricKeyParameter pkR, byte[] info, AsymmetricCipherKeyPair kpE);

/**
* Establish a {@link HPKERecipientContext} that can be used for decryption.
*
* @param mode the {@link HPKEMode} to use.
* @param kem the {@link KEM} to use.
* @param kdf the {@link KDF} to use.
* @param aead the {@link AEAD} to use.
Expand All @@ -58,7 +56,7 @@ HPKESenderContext setupHPKEBaseS(HPKEMode mode, KEM kem, KDF kdf, AEAD aead,
* @param info info parameter.
* @return the context.
*/
HPKERecipientContext setupHPKEBaseR(HPKEMode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc,
HPKERecipientContext setupHPKEBaseR(KEM kem, KDF kdf, AEAD aead, byte[] enc,
AsymmetricCipherKeyPair skR, byte[] info);

/**
Expand Down Expand Up @@ -113,12 +111,4 @@ HPKERecipientContext setupHPKEBaseR(HPKEMode mode, KEM kem, KDF kdf, AEAD aead,
* @return if supported.
*/
boolean isSupported(KDF kdf);

/**
* Returns {@code true} if the given {@link HPKEMode} is supported by the implementation, {@code false} otherwise.
*
* @param mode the {@link HPKEMode}.
* @return if supported.
*/
boolean isSupported(HPKEMode mode);
}
5 changes: 2 additions & 3 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import io.netty.incubator.codec.hpke.CryptoDecryptContext;
import io.netty.incubator.codec.hpke.CryptoEncryptContext;
import io.netty.buffer.ByteBuf;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.OHttpCryptoProvider;

Expand Down Expand Up @@ -107,8 +106,8 @@ private OHttpCryptoReceiver(Builder builder) {
} else {
this.responseNonce = builder.forcedResponseNonce;
}
this.context = provider.setupHPKEBaseR(HPKEMode.Base, ciphersuite.kem(), ciphersuite.kdf(),
ciphersuite.aead(), encapsulatedKey, keyPair, ciphersuite.createInfo(configuration.requestExportContext()));
this.context = provider.setupHPKEBaseR(ciphersuite.kem(), ciphersuite.kdf(), ciphersuite.aead(),
encapsulatedKey, keyPair, ciphersuite.createInfo(configuration.requestExportContext()));
try {
this.aead = ciphersuite.createResponseAEAD(provider, context, encapsulatedKey,
this.responseNonce, configuration.responseExportContext());
Expand Down
3 changes: 1 addition & 2 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
import io.netty.incubator.codec.hpke.CryptoDecryptContext;
import io.netty.incubator.codec.hpke.CryptoEncryptContext;
import io.netty.buffer.ByteBuf;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKESenderContext;
import io.netty.incubator.codec.hpke.OHttpCryptoProvider;

Expand Down Expand Up @@ -93,7 +92,7 @@ private OHttpCryptoSender(Builder builder) {

AsymmetricKeyParameter pkR = requireNonNull(builder.receiverPublicKey, "receiverPublicKey");
AsymmetricCipherKeyPair forcedEphemeralKeyPair = builder.forcedEphemeralKeyPair;
this.context = this.provider.setupHPKEBaseS(HPKEMode.Base, ciphersuite.kem(),
this.context = this.provider.setupHPKEBaseS(ciphersuite.kem(),
ciphersuite.kdf(), ciphersuite.aead(), pkR, ciphersuite.createInfo(configuration.requestExportContext()),
forcedEphemeralKeyPair);
}
Expand Down

0 comments on commit 241f2bd

Please sign in to comment.