Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

x/hpke/src/cipherSuiteNative.ts>CipherSuiteNative

A Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API.
dajiaji/hpke-js
Latest
class CipherSuiteNative
import { CipherSuiteNative } from "https://deno.land/x/hpke@1.2.9/src/cipherSuiteNative.ts";

The Hybrid Public Key Encryption (HPKE) ciphersuite, which is implemented using only Web Cryptography API.

This is the super class of CipherSuite and the same as @hpke/core#CipherSuite, which supports only the ciphersuites that can be implemented on the native Web Cryptography API. Therefore, the following cryptographic algorithms are not supported for now:

  • DHKEM(X25519, HKDF-SHA256)
  • DHKEM(X448, HKDF-SHA512)
  • ChaCha20Poly1305

In addtion, the HKDF functions contained in this class can only derive keys of the same length as the hashSize.

If you want to use the unsupported cryptographic algorithms above or derive keys longer than the hashSize, please use CipherSuite.

This class provides following functions:

  • Creates encryption contexts both for senders and recipients.
    • createSenderContext
    • createRecipientContext
  • Provides single-shot encryption API.
    • seal
    • open

The calling of the constructor of this class is the starting point for HPKE operations for both senders and recipients.

Examples

Use only ciphersuites supported by Web Cryptography API.

import {
  Aes128Gcm,
  DhkemP256HkdfSha256,
  HkdfSha256,
  CipherSuite,
} from "http://deno.land/x/hpke/mod.ts";

const suite = new CipherSuite({
  kem: new DhkemP256HkdfSha256(),
  kdf: new HkdfSha256(),
  aead: new Aes128Gcm(),
});

Use a ciphersuite which is currently not supported by Web Cryptography API.

import { Aes128Gcm, HkdfSha256, CipherSuite } from "http://deno.land/x/hpke/mod.ts";
// Use an extension module.
import { DhkemX25519HkdfSha256 } from "https://deno.land/x/hpke/x/dhkem-x25519/mod.ts";

const suite = new CipherSuite({
  kem: new DhkemX25519HkdfSha256(),
  kdf: new HkdfSha256(),
  aead: new Aes128Gcm(),
});

Constructors

new
CipherSuiteNative(params: CipherSuiteParams)

Properties

private
_aead: AeadInterface
private
_kdf: KdfInterface
private
_suiteId: Uint8Array
protected
_kem: KemInterface
readonly
aead

Gets the AEAD context of the ciphersuite.

readonly
kdf

Gets the KDF context of the ciphersuite.

readonly
kem

Gets the KEM context of the ciphersuite.

Methods

private
_keySchedule(
mode: Mode,
sharedSecret: ArrayBuffer,
): Promise<AeadParams>
private
_keyScheduleR(
mode: Mode,
sharedSecret: ArrayBuffer,
): Promise<RecipientContext>
private
_keyScheduleS(
mode: Mode,
sharedSecret: ArrayBuffer,
enc: ArrayBuffer,
): Promise<SenderContext>
private
_validateInputLength(params: KeyScheduleParams)
createRecipientContext(params: RecipientContextParams): Promise<RecipientContext>

Creates an encryption context for a recipient.

If the error occurred, throws DecapError | DeserializeError | ValidationError.

createSenderContext(params: SenderContextParams): Promise<SenderContext>

Creates an encryption context for a sender.

If the error occurred, throws DecapError | ValidationError.

open(
ct: ArrayBuffer,
aad?: ArrayBuffer,
): Promise<ArrayBuffer>

Decrypts a message from a sender.

If the error occurred, throws DecapError | DeserializeError | OpenError | ValidationError.

seal(
pt: ArrayBuffer,
aad?: ArrayBuffer,
): Promise<CipherSuiteSealResponse>

Encrypts a message to a recipient.

If the error occurred, throws EncapError | MessageLimitReachedError | SealError | ValidationError.