Hpke class

class cryptosyspki.Hpke

Hybrid Public Key Encryption (HPKE) functions.

class AeadAlg

AEAD functions supported for HPKE.

AES_128_GCM = 1312

Use the AEAD_AES_128_GCM authenticated encryption algorithm from RFC5116.

AES_256_GCM = 1344

Use the AEAD_AES_256_GCM authenticated encryption algorithm from RFC5116.

CHACHA20_POLY1305 = 1360

Use the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439.

NONE = 0

No AEAD algorithm

class CurveName

Supported ECDH curves for HPKE.

P_256 = 'P-256'

NIST curve P-256

P_384 = 'P-384'

NIST curve P-384

P_521 = 'P-521'

NIST curve P-521

X25519 = 'X25519'

ECDH curve X25519 from RFC7748

X448 = 'X448'

ECDH curve X448 from RFC7748

class OutputOpts

Options to format or re-encode output.

DEFAULT = 0

output as ephemeral "internal" key string.

Type:

Default

KEYASHEX = 196608

Output key in hex format compatible with test vectors in [RFC9180]

static derive_private_key(ikm, curveName, opts=0)

Derive an EC private key in a deterministic manner from input keying material using the DeriveKeyPair algorithm in RFC9180.

Parameters:

  • ikm (bytes) -- Input key material (ikm). This must have length in bytes at least as long as the key to be produced.

  • curveName (Hpke.CurveName) -- Name of ECDH curve.

  • opts (Hpke.OutputOpts) -- Output options (default=internal key format)

Returns:

Derived private key in string form.

Return type:

str

static labeled_expand(numbytes, prk, label, info, curveName, aeadalg=0)

Compute the output of the LabeledExpand function as defined in RFC9180.

Parameters:

  • numbytes (int) -- Required length (L) of output key material in bytes

  • prk (bytes) -- Pseudorandom key.

  • label (str) -- Label string.

  • info (bytes) -- Byte string info.

  • curveName (Hpke.CurveName) -- ECDH curve used in scheme. This will fix the KDF and HMAC to be used.

  • aeadalg (Hpke.AeadAlg) -- AEAD encryption algorithm used in the scheme or 0 to indicate KDF is being used inside a KEM algorithm.

Returns:

L bytes of output keying material.

Return type:

bytes

static labeled_extract(salt, label, ikm, curveName, aeadalg=0)

Compute the output of the LabeledExtract function as defined in RFC9180.

Parameters:

  • salt (bytes) -- Byte string salt.

  • label (str) -- Label string.

  • ikm (bytes) -- Input keying material (ikm).

  • curveName (Hpke.CurveName) -- ECDH curve used in scheme. This will fix the KDF and HMAC to be used.

  • aeadalg (Hpke.AeadAlg) -- AEAD encryption algorithm used in the scheme or 0 to indicate KDF is being used inside a KEM algorithm.

Returns:

A pseudorandom key of fixed length Nh bytes.

Return type:

bytes