xref: /aosp_15_r20/external/tink/python/tink/hybrid/_hybrid_encrypt.py (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""This module defines the interface for HybridEncrypt."""
16
17import abc
18
19
20class HybridEncrypt(metaclass=abc.ABCMeta):
21  """The interface for hybrid encryption.
22
23  Implementations of this interface are secure against adaptive
24  chosen ciphertext attacks.  In addition to 'plaintext' the
25  encryption takes an extra parameter 'context_info', which usually
26  is public data implicit from the context, but should be bound to
27  the resulting ciphertext: upon decryption the ciphertext allows for
28  checking the integrity of 'context_info' (but there are no
29  guarantees wrt. to secrecy or authenticity of 'context_info').
30
31  WARNING: hybrid encryption does not provide authenticity, that is the
32  recipient of an encrypted message does not know the identity of the sender.
33  Similar to general public-key encryption schemes the security goal of
34  hybrid encryption is to provide privacy only. In other words, hybrid
35  encryption is secure if and only if the recipient can accept anonymous
36  messages or can rely on other mechanisms to authenticate the sender.
37
38  'context_info' can be empty or null, but to ensure the correct
39  decryption of the resulting ciphertext the same value must be
40  provided for decryption operation (cf. HybridDecrypt-interface).
41
42  A concrete instantiation of this interface can implement the
43  binding of 'context_info' to the ciphertext in various ways, for
44  example:
45
46  - use 'context_info' as "associated data"-input for the employed
47    AEAD symmetric encryption (cf. https://tools.ietf.org/html/rfc5116).
48  - use 'context_info' as "CtxInfo"-input for HKDF (if the implementation uses
49    HKDF as key derivation function, cf. https://tools.ietf.org/html/rfc5869).
50  """
51
52  @abc.abstractmethod
53  def encrypt(self, plaintext: bytes, context_info: bytes) -> bytes:
54    """Encrypts plaintext binding context_info to the resulting ciphertext."""
55    raise NotImplementedError()
56