From 6dd40405b006cfcce0ca271c831e107f250a07e4 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Wed, 20 Dec 2023 20:23:13 +0100 Subject: [PATCH] Split crypto related interfaces Motivation: When setup the HPKE context you either set it up for encryption or decryption. We should change our interfaces to reflect this and so guard the user from miss-usage. Modifications: Introduce sub-types to support either encryption or decryption Result: Guard users from incorrect setup and usage of context --- .../incubator/codec/hpke/AEADContext.java | 2 +- .../incubator/codec/hpke/CryptoContext.java | 26 +--------- .../codec/hpke/CryptoDecryptContext.java | 35 ++++++++++++++ .../codec/hpke/CryptoEncryptContext.java | 35 ++++++++++++++ ...ulation.java => HPKERecipientContext.java} | 20 ++------ ...apsulation.java => HPKESenderContext.java} | 6 +-- .../codec/hpke/OHttpCryptoProvider.java | 8 ++-- .../bouncycastle/BouncyCastleHPKEContext.java | 31 +----------- .../BouncyCastleHPKERecipientContext.java | 42 ++++++++++++++++ .../BouncyCastleHPKESenderContext.java | 48 +++++++++++++++++++ .../BouncyCastleOHttpCryptoProvider.java | 14 +++--- .../codec/ohttp/OHttpCiphersuite.java | 5 +- .../incubator/codec/ohttp/OHttpCrypto.java | 6 ++- .../codec/ohttp/OHttpCryptoReceiver.java | 11 +++-- .../codec/ohttp/OHttpCryptoSender.java | 13 ++--- 15 files changed, 204 insertions(+), 98 deletions(-) create mode 100644 codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoDecryptContext.java create mode 100644 codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoEncryptContext.java rename codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/{bouncycastle/BouncyCastleHPKEContextWithEncapsulation.java => HPKERecipientContext.java} (54%) rename codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/{HPKEContextWithEncapsulation.java => HPKESenderContext.java} (85%) create mode 100644 codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKERecipientContext.java create mode 100644 codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKESenderContext.java diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/AEADContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/AEADContext.java index 84373a1..9c5f17b 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/AEADContext.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/AEADContext.java @@ -19,6 +19,6 @@ * {@link CryptoContext} implementation of * AEAD encryption algorithm [RFC5116]. */ -public interface AEADContext extends CryptoContext { +public interface AEADContext extends CryptoDecryptContext, CryptoEncryptContext { // TODO: Move some methods in here. } diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoContext.java index 233d858..aec861f 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoContext.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoContext.java @@ -15,35 +15,11 @@ */ package io.netty.incubator.codec.hpke; -import io.netty.buffer.ByteBuf; - /** - * Cryptographic operations to encrypt and decrypt data. + * Context for Cryptographic operations. */ public interface CryptoContext extends AutoCloseable { - /** - * Authenticate and encrypt data. The {@link ByteBuf#readerIndex()} will be increased by the amount of - * data read and {@link ByteBuf#writerIndex()} by the bytes written. - * - * @param aad the AAD buffer - * @param pt the data to encrypt. - * @param out the buffer for writing into - * @throws CryptoException in case of an error. - */ - void seal(ByteBuf aad, ByteBuf pt, ByteBuf out) throws CryptoException; - - /** - * Authenticate and decrypt data. The {@link ByteBuf#readerIndex()} will be increased by the amount of - * data read and {@link ByteBuf#writerIndex()} by the bytes written. - * - * @param aad the AAD buffer - * @param ct the data to decrypt - * @param out the buffer for writing into. - * @throws CryptoException in case of an error. - */ - void open(ByteBuf aad, ByteBuf ct, ByteBuf out) throws CryptoException; - /** * Closes the {@link CryptoContext} and so release all resources. Calling any method after calling this method * might result in an {@link IllegalStateException}. diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoDecryptContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoDecryptContext.java new file mode 100644 index 0000000..de02e28 --- /dev/null +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoDecryptContext.java @@ -0,0 +1,35 @@ +/* + * Copyright 2023 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.incubator.codec.hpke; + +import io.netty.buffer.ByteBuf; + +/** + * {@link CryptoContext} that can be used for decryption. + */ +public interface CryptoDecryptContext extends CryptoContext { + + /** + * Authenticate and decrypt data. The {@link ByteBuf#readerIndex()} will be increased by the amount of + * data read and {@link ByteBuf#writerIndex()} by the bytes written. + * + * @param aad the AAD buffer + * @param ct the data to decrypt + * @param out the buffer for writing into. + * @throws CryptoException in case of an error. + */ + void open(ByteBuf aad, ByteBuf ct, ByteBuf out) throws CryptoException; +} diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoEncryptContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoEncryptContext.java new file mode 100644 index 0000000..83abf27 --- /dev/null +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/CryptoEncryptContext.java @@ -0,0 +1,35 @@ +/* + * Copyright 2023 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.incubator.codec.hpke; + +import io.netty.buffer.ByteBuf; + +/** + * {@link CryptoContext} that can be used for encryption. + */ +public interface CryptoEncryptContext extends CryptoContext { + + /** + * Authenticate and encrypt data. The {@link ByteBuf#readerIndex()} will be increased by the amount of + * data read and {@link ByteBuf#writerIndex()} by the bytes written. + * + * @param aad the AAD buffer + * @param pt the data to encrypt. + * @param out the buffer for writing into + * @throws CryptoException in case of an error. + */ + void seal(ByteBuf aad, ByteBuf pt, ByteBuf out) throws CryptoException; +} diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContextWithEncapsulation.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKERecipientContext.java similarity index 54% rename from codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContextWithEncapsulation.java rename to codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKERecipientContext.java index c198480..7bb0d87 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContextWithEncapsulation.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKERecipientContext.java @@ -13,20 +13,10 @@ * License for the specific language governing permissions and limitations * under the License. */ -package io.netty.incubator.codec.hpke.bouncycastle; +package io.netty.incubator.codec.hpke; - -import org.bouncycastle.crypto.hpke.HPKEContextWithEncapsulation; - -final class BouncyCastleHPKEContextWithEncapsulation extends BouncyCastleHPKEContext - implements io.netty.incubator.codec.hpke.HPKEContextWithEncapsulation { - - BouncyCastleHPKEContextWithEncapsulation(HPKEContextWithEncapsulation context) { - super(context); - } - - @Override - public byte[] encapsulation() { - return ((HPKEContextWithEncapsulation) context).getEncapsulation(); - } +/** + * {@link HPKEContext} that can be used for decryption. + */ +public interface HPKERecipientContext extends HPKEContext, CryptoDecryptContext { } diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKEContextWithEncapsulation.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKESenderContext.java similarity index 85% rename from codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKEContextWithEncapsulation.java rename to codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKESenderContext.java index 20648ce..8da1373 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKEContextWithEncapsulation.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/HPKESenderContext.java @@ -15,11 +15,11 @@ */ package io.netty.incubator.codec.hpke; + /** - * A {@link HPKEContext} which uses encapsulation. + * {@link HPKEContext} that can be used for encryption. */ -public interface HPKEContextWithEncapsulation extends HPKEContext { - +public interface HPKESenderContext extends HPKEContext, CryptoEncryptContext { /** * Return the bytes that are used for encapsulation. * diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/OHttpCryptoProvider.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/OHttpCryptoProvider.java index 2b1c676..c361236 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/OHttpCryptoProvider.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/OHttpCryptoProvider.java @@ -32,7 +32,7 @@ public interface OHttpCryptoProvider { AEADContext setupAEAD(AEAD aead, byte[] key, byte[] baseNonce); /** - * Establish a {@link HPKEContextWithEncapsulation} that can be used for encryption. + * Establish a {@link HPKESenderContext} that can be used for encryption. * * @param mode the {@link Mode} to use. * @param kem the {@link KEM} to use. @@ -43,11 +43,11 @@ public interface OHttpCryptoProvider { * @param kpE the ephemeral keypair or {@code null} if none should be used. * @return the context. */ - HPKEContextWithEncapsulation setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, AEAD aead, + HPKESenderContext setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, AEAD aead, AsymmetricKeyParameter pkR, byte[] info, AsymmetricCipherKeyPair kpE); /** - * Establish a {@link HPKEContext} that can be used for decryption. + * Establish a {@link HPKERecipientContext} that can be used for decryption. * * @param mode the {@link Mode} to use. * @param kem the {@link KEM} to use. @@ -58,7 +58,7 @@ HPKEContextWithEncapsulation setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, AEAD ae * @param info info parameter. * @return the context. */ - HPKEContext setupHPKEBaseR(Mode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc, + HPKERecipientContext setupHPKEBaseR(Mode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc, AsymmetricCipherKeyPair skR, byte[] info); /** diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContext.java index 7252766..1d4ef16 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContext.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKEContext.java @@ -22,27 +22,12 @@ import java.nio.ByteBuffer; -class BouncyCastleHPKEContext implements HPKEContext { +abstract class BouncyCastleHPKEContext implements HPKEContext { protected final org.bouncycastle.crypto.hpke.HPKEContext context; - private final BouncyCastleCryptoOperation seal; - private final BouncyCastleCryptoOperation open; - private boolean closed; BouncyCastleHPKEContext(org.bouncycastle.crypto.hpke.HPKEContext context) { this.context = context; - this.seal = new BouncyCastleCryptoOperation() { - @Override - protected byte[] execute(byte[] arg1, byte[] arg2, int offset2, int length2) throws InvalidCipherTextException { - return context.seal(arg1, arg2, offset2, length2); - } - }; - this.open = new BouncyCastleCryptoOperation() { - @Override - protected byte[] execute(byte[] arg1, byte[] arg2, int offset2, int length2) throws InvalidCipherTextException { - return context.open(arg1, arg2, offset2, length2); - } - }; } @Override @@ -63,19 +48,7 @@ public byte[] expand(byte[] prk, byte[] info, int length) { return context.expand(prk, info, length); } - @Override - public void seal(ByteBuf aad, ByteBuf pt, ByteBuf out) throws CryptoException { - checkClosed(); - seal.execute(aad, pt, out); - } - - @Override - public void open(ByteBuf aad, ByteBuf ct, ByteBuf out) throws CryptoException { - checkClosed(); - open.execute(aad, ct, out); - } - - private void checkClosed() { + protected void checkClosed() { if (closed) { throw new IllegalStateException("AEADContext closed"); } diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKERecipientContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKERecipientContext.java new file mode 100644 index 0000000..08260ed --- /dev/null +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKERecipientContext.java @@ -0,0 +1,42 @@ +/* + * Copyright 2023 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.incubator.codec.hpke.bouncycastle; + +import io.netty.buffer.ByteBuf; +import io.netty.incubator.codec.hpke.CryptoException; +import io.netty.incubator.codec.hpke.HPKERecipientContext; +import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.hpke.HPKEContext; + +final class BouncyCastleHPKERecipientContext extends BouncyCastleHPKEContext implements HPKERecipientContext { + private final BouncyCastleCryptoOperation open; + + BouncyCastleHPKERecipientContext(HPKEContext context) { + super(context); + open = new BouncyCastleCryptoOperation() { + @Override + protected byte[] execute(byte[] arg1, byte[] arg2, int offset2, int length2) throws InvalidCipherTextException { + return context.open(arg1, arg2, offset2, length2); + } + }; + } + + @Override + public void open(ByteBuf aad, ByteBuf ct, ByteBuf out) throws CryptoException { + checkClosed(); + open.execute(aad, ct, out); + } +} diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKESenderContext.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKESenderContext.java new file mode 100644 index 0000000..149a15d --- /dev/null +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleHPKESenderContext.java @@ -0,0 +1,48 @@ +/* + * Copyright 2023 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.incubator.codec.hpke.bouncycastle; + +import io.netty.buffer.ByteBuf; +import io.netty.incubator.codec.hpke.CryptoException; +import io.netty.incubator.codec.hpke.HPKESenderContext; +import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.hpke.HPKEContextWithEncapsulation; + +final class BouncyCastleHPKESenderContext extends BouncyCastleHPKEContext implements HPKESenderContext { + + private final BouncyCastleCryptoOperation seal; + public BouncyCastleHPKESenderContext(HPKEContextWithEncapsulation context) { + super(context); + this.seal = new BouncyCastleCryptoOperation() { + @Override + protected byte[] execute(byte[] arg1, byte[] arg2, int offset2, int length2) + throws InvalidCipherTextException { + return context.seal(arg1, arg2, offset2, length2); + } + }; + } + + @Override + public byte[] encapsulation() { + return ((HPKEContextWithEncapsulation) context).getEncapsulation(); + } + + @Override + public void seal(ByteBuf aad, ByteBuf pt, ByteBuf out) throws CryptoException { + checkClosed(); + seal.execute(aad, pt, out); + } +} diff --git a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleOHttpCryptoProvider.java b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleOHttpCryptoProvider.java index a3eceda..3e0702c 100644 --- a/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleOHttpCryptoProvider.java +++ b/codec-ohttp-hpke/src/main/java/io/netty/incubator/codec/hpke/bouncycastle/BouncyCastleOHttpCryptoProvider.java @@ -18,8 +18,8 @@ import io.netty.incubator.codec.hpke.AEADContext; import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair; import io.netty.incubator.codec.hpke.AsymmetricKeyParameter; -import io.netty.incubator.codec.hpke.HPKEContext; -import io.netty.incubator.codec.hpke.HPKEContextWithEncapsulation; +import io.netty.incubator.codec.hpke.HPKERecipientContext; +import io.netty.incubator.codec.hpke.HPKESenderContext; import io.netty.incubator.codec.hpke.OHttpCryptoProvider; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; @@ -62,7 +62,7 @@ private static BouncyCastleAsymmetricCipherKeyPair castOrThrow(AsymmetricCipherK } @Override - public HPKEContextWithEncapsulation setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, AEAD aead, + public HPKESenderContext setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, AEAD aead, AsymmetricKeyParameter pkR, byte[] info, AsymmetricCipherKeyPair kpE) { org.bouncycastle.crypto.hpke.HPKE hpke = @@ -73,15 +73,15 @@ public HPKEContextWithEncapsulation setupHPKEBaseS(Mode mode, KEM kem, KDF kdf, } else { ctx = hpke.setupBaseS(castOrThrow(pkR).param, info, castOrThrow(kpE).pair); } - return new BouncyCastleHPKEContextWithEncapsulation(ctx); + return new BouncyCastleHPKESenderContext(ctx); } @Override - public HPKEContext setupHPKEBaseR(Mode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc, - AsymmetricCipherKeyPair skR, byte[] info) { + public HPKERecipientContext setupHPKEBaseR(Mode mode, KEM kem, KDF kdf, AEAD aead, byte[] enc, + AsymmetricCipherKeyPair skR, byte[] info) { org.bouncycastle.crypto.hpke.HPKE hpke = new org.bouncycastle.crypto.hpke.HPKE(mode.value(), kem.id(), kdf.id(), aead.id()); - return new BouncyCastleHPKEContext(hpke.setupBaseR(enc, castOrThrow(skR).pair, info)); + return new BouncyCastleHPKERecipientContext(hpke.setupBaseR(enc, castOrThrow(skR).pair, info)); } @Override diff --git a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java index dd12f06..211e97f 100644 --- a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java +++ b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java @@ -15,6 +15,7 @@ */ package io.netty.incubator.codec.ohttp; +import io.netty.incubator.codec.hpke.AEADContext; import io.netty.incubator.codec.hpke.CryptoContext; import io.netty.incubator.codec.hpke.HPKEContext; import io.netty.incubator.codec.hpke.OHttpCryptoProvider; @@ -125,8 +126,8 @@ byte[] createResponseNonce() { /* * See https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#name-encapsulation-of-responses */ - CryptoContext createResponseAead(OHttpCryptoProvider provider, HPKEContext context, byte[] enc, - byte[] responseNonce, OHttpCryptoConfiguration configuration) { + AEADContext createResponseAead(OHttpCryptoProvider provider, HPKEContext context, byte[] enc, + byte[] responseNonce, OHttpCryptoConfiguration configuration) { int secretLength = Math.max(aead.nk(), aead.nn()); byte[] secret = context.export(configuration.responseExportContext(), secretLength); byte[] salt = Arrays.concatenate(enc, responseNonce); diff --git a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCrypto.java b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCrypto.java index b6bfa93..a3a5919 100644 --- a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCrypto.java +++ b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCrypto.java @@ -17,6 +17,8 @@ import io.netty.buffer.ByteBuf; import io.netty.buffer.Unpooled; +import io.netty.incubator.codec.hpke.CryptoDecryptContext; +import io.netty.incubator.codec.hpke.CryptoEncryptContext; import io.netty.incubator.codec.hpke.CryptoException; import io.netty.incubator.codec.hpke.CryptoContext; @@ -37,9 +39,9 @@ private static ByteBuf aad(boolean isFinal) { return isFinal ? Unpooled.wrappedBuffer(AAD_FINAL) : Unpooled.EMPTY_BUFFER; } - protected abstract CryptoContext encryptCrypto(); + protected abstract CryptoEncryptContext encryptCrypto(); - protected abstract CryptoContext decryptCrypto(); + protected abstract CryptoDecryptContext decryptCrypto(); protected abstract OHttpCryptoConfiguration configuration(); diff --git a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java index 5700aac..c42002e 100644 --- a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java +++ b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java @@ -17,9 +17,12 @@ import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair; import io.netty.incubator.codec.hpke.CryptoContext; +import io.netty.incubator.codec.hpke.CryptoDecryptContext; +import io.netty.incubator.codec.hpke.CryptoEncryptContext; import io.netty.incubator.codec.hpke.HPKEContext; import io.netty.buffer.ByteBuf; import io.netty.handler.codec.DecoderException; +import io.netty.incubator.codec.hpke.HPKERecipientContext; import io.netty.incubator.codec.hpke.OHttpCryptoProvider; import static java.util.Objects.requireNonNull; @@ -29,9 +32,9 @@ */ public final class OHttpCryptoReceiver extends OHttpCrypto { private final OHttpCryptoConfiguration configuration; - private final HPKEContext context; + private final HPKERecipientContext context; private final byte[] responseNonce; - private final CryptoContext aead; + private final CryptoEncryptContext aead; public final static class Builder { private OHttpCryptoProvider provider; @@ -120,12 +123,12 @@ public void writeResponseNonce(ByteBuf out) { } @Override - protected CryptoContext encryptCrypto() { + protected CryptoEncryptContext encryptCrypto() { return this.aead; } @Override - protected CryptoContext decryptCrypto() { + protected CryptoDecryptContext decryptCrypto() { return this.context; } diff --git a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java index 7534bee..3c19291 100644 --- a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java +++ b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java @@ -17,9 +17,10 @@ import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair; import io.netty.incubator.codec.hpke.AsymmetricKeyParameter; -import io.netty.incubator.codec.hpke.CryptoContext; -import io.netty.incubator.codec.hpke.HPKEContextWithEncapsulation; +import io.netty.incubator.codec.hpke.CryptoDecryptContext; +import io.netty.incubator.codec.hpke.CryptoEncryptContext; import io.netty.buffer.ByteBuf; +import io.netty.incubator.codec.hpke.HPKESenderContext; import io.netty.incubator.codec.hpke.OHttpCryptoProvider; import static java.util.Objects.requireNonNull; @@ -32,8 +33,8 @@ public final class OHttpCryptoSender extends OHttpCrypto { private final OHttpCryptoConfiguration configuration; private final OHttpCiphersuite ciphersuite; private final OHttpCryptoProvider provider; - private final HPKEContextWithEncapsulation context; - private CryptoContext aead; + private final HPKESenderContext context; + private CryptoDecryptContext aead; public static final class Builder { private OHttpCryptoProvider provider; @@ -134,12 +135,12 @@ public boolean readResponseNonce(ByteBuf in) { } @Override - protected CryptoContext encryptCrypto() { + protected CryptoEncryptContext encryptCrypto() { return context; } @Override - protected CryptoContext decryptCrypto() { + protected CryptoDecryptContext decryptCrypto() { return aead; }