Added gnutls/hpke.h

Moved every HPKE-related definitions and
declarations from gnutls/abstract.h to
the new gnutls/hpke.h.

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

diff --git a/.gitignore b/.gitignore
index 952f1147219df5e25eddaa657223ecd02a736ae1..38694d3cd42edde1a59a3f6326f7366e5b588ebb 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -183,6 +183,7 @@ doc/stamp-vti
 doc/tpm-api.texi
 doc/version.texi
 doc/x509-api.texi
+doc/hpke-api.texi
 extra/includes/Makefile
 extra/includes/Makefile.in
 extra/libgnutls-openssl.la

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 7592675d038c36d0a924705a78facaee39671f71..3edcb2d1919ee374aaded34f96f9353b937db585 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -242,7 +242,7 @@ MAINTAINERCLEANFILES =
 API_FILES=gnutls-api.texi socket-api.texi x509-api.texi pkcs12-api.texi \
        tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \
        dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \
-       pkcs7-api.texi
+       pkcs7-api.texi hpke-api.texi
 
 MAINTAINERCLEANFILES += stamp_enums stamp_functions functions enums
 
@@ -397,6 +397,19 @@ ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h
        done
        mv -f $@-tmp $@
 
+hpke-api.texi: $(top_srcdir)/lib/includes/gnutls/hpke.h
+       echo "" > $@-tmp
+       cat $^ >$@-headers-tmp
+       for i in `$(PERL) $(top_srcdir)/doc/scripts/getfuncs.pl < $@-headers-tmp |sort|uniq`; do \
+               echo $(ECHO_N) "Creating documentation for $$i... " && \
+               $(PERL) $(srcdir)/scripts/gdoc -texinfo \
+                       -function $$i \
+                       $(C_SOURCE_FILES) >> $@-tmp && \
+               echo "ok"; \
+       done
+       rm -f $@-headers-tmp
+       mv -f $@-tmp $@
+
 # Generated texinfos.
 # for some reason it does not work when cross compiling
 if !WINDOWS

diff --git a/doc/doc.mk b/doc/doc.mk
index 17394afc4186fd1cc2b6030858c239a721724489..09d10a533ef42a0d491ecc45e732af0e5816e564 100644 (file)
--- a/doc/doc.mk
+++ b/doc/doc.mk
@@ -25,7 +25,8 @@ HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \
        $(top_srcdir)/lib/includes/gnutls/ocsp.h $(top_srcdir)/lib/includes/gnutls/tpm.h \
        $(top_srcdir)/libdane/includes/gnutls/dane.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h \
        $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h \
-       $(top_srcdir)/lib/includes/gnutls/pkcs7.h $(top_srcdir)/lib/includes/gnutls/socket.h
+       $(top_srcdir)/lib/includes/gnutls/pkcs7.h $(top_srcdir)/lib/includes/gnutls/socket.h \
+       $(top_srcdir)/lib/includes/gnutls/hpke.h
 
 C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/libdane/*.c
 C_X509_SOURCE_FILES = $(top_srcdir)/lib/x509/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/lib/system/certs.c

diff --git a/lib/hpke/helpers/hpke-key-management.h b/lib/hpke/helpers/hpke-key-management.h
index 5c117be58f3a63da785d5331140c7a4cbf9651f0..3a60c0b0408704c870e9b487d5ef1dbabdf207a5 100644 (file)
--- a/lib/hpke/helpers/hpke-key-management.h
+++ b/lib/hpke/helpers/hpke-key-management.h
@@ -28,7 +28,7 @@
 #include "config.h"
 #endif /* HAVE_CONFIG_H */
 
-#include <gnutls/abstract.h>
+#include <gnutls/hpke.h>
 
 #define GNUTLS_HPKE_MAX_DHKEM_PUBKEY_SIZE 133
 #define GNUTLS_HPKE_MAX_HASH_SIZE 64

diff --git a/lib/hpke/helpers/hpke-params.h b/lib/hpke/helpers/hpke-params.h
index bc41f79f86c7402012cf5e95e1e0a6694ea21c16..3fcae90dbd9ac5a4c631018601ea77f207ec88e4 100644 (file)
--- a/lib/hpke/helpers/hpke-params.h
+++ b/lib/hpke/helpers/hpke-params.h
@@ -28,7 +28,7 @@
 #include "config.h"
 #endif /* HAVE_CONFIG_H */
 
-#include "gnutls/abstract.h"
+#include "gnutls/hpke.h"
 
 int _gnutls_is_kem_dh(const gnutls_hpke_kem_t kem);
 

diff --git a/lib/includes/Makefile.am b/lib/includes/Makefile.am
index 42bec1c35ed1910aff09e2533ee58884addd9813..d89eb6d63b9d3a62cfd16bd2e869db8301dbf373 100644 (file)
--- a/lib/includes/Makefile.am
+++ b/lib/includes/Makefile.am
@@ -22,7 +22,7 @@ nobase_include_HEADERS = gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h        \
        gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h                \
        gnutls/abstract.h gnutls/dtls.h gnutls/ocsp.h gnutls/tpm.h      \
        gnutls/x509-ext.h gnutls/self-test.h gnutls/system-keys.h       \
-       gnutls/urls.h gnutls/pkcs7.h gnutls/socket.h
+       gnutls/urls.h gnutls/pkcs7.h gnutls/socket.h gnutls/hpke.h
 
 if ENABLE_CXX
 nobase_include_HEADERS += gnutls/gnutlsxx.h

diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 7549ab0a6c5725031342e9cfb44674424b016c45..8e60b1c737bb286b2d6644e8ba2160078c658856 100644 (file)
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -30,8 +30,6 @@
 #include <gnutls/openpgp.h>
 #include <gnutls/tpm.h>
 
-#include <stdint.h>
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -680,115 +678,6 @@ int gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
 int gnutls_pubkey_print(gnutls_pubkey_t pubkey,
                        gnutls_certificate_print_formats_t format,
                        gnutls_datum_t *out);
-
-/**
- * gnutls_hpke_kem_t:
- * @GNUTLS_HPKE_KEM_DHKEM_P256: DHKEM using P-256
- * @GNUTLS_HPKE_KEM_DHKEM_P384: DHKEM using P-384
- * @GNUTLS_HPKE_KEM_DHKEM_P521: DHKEM using P-521
- * @GNUTLS_HPKE_KEM_DHKEM_X25519: DHKEM using X25519
- * @GNUTLS_HPKE_KEM_DHKEM_X448: DHKEM using X448
- * Enumeration of HPKE KEM algorithms.
- */
-typedef enum gnutls_hpke_kem_t {
-       GNUTLS_HPKE_KEM_DHKEM_P256 = 0x0010,
-       GNUTLS_HPKE_KEM_DHKEM_P384 = 0x0011,
-       GNUTLS_HPKE_KEM_DHKEM_P521 = 0x0012,
-       GNUTLS_HPKE_KEM_DHKEM_X25519 = 0x0020,
-       GNUTLS_HPKE_KEM_DHKEM_X448 = 0x0021
-} gnutls_hpke_kem_t;
-
-/**
- * gnutls_hpke_kdf_t:
- * @GNUTLS_HPKE_KDF_HKDF_SHA256: HKDF using SHA-256
- * @GNUTLS_HPKE_KDF_HKDF_SHA384: HKDF using SHA-384
- * @GNUTLS_HPKE_KDF_HKDF_SHA512: HKDF using SHA-512
- * Enumeration of HPKE KDF algorithms.
- */
-typedef enum gnutls_hpke_kdf_t {
-       GNUTLS_HPKE_KDF_HKDF_SHA256 = 0x0001,
-       GNUTLS_HPKE_KDF_HKDF_SHA384 = 0x0002,
-       GNUTLS_HPKE_KDF_HKDF_SHA512 = 0x0003
-} gnutls_hpke_kdf_t;
-
-/**
- * gnutls_hpke_aead_t:
- * @GNUTLS_HPKE_AEAD_AES_128_GCM: AES-128-GCM
- * @GNUTLS_HPKE_AEAD_AES_256_GCM: AES-256-GCM
- * @GNUTLS_HPKE_AEAD_CHACHA20_POLY1305: ChaCha20-Poly1305
- * Enumeration of HPKE AEAD algorithms.
- */
-typedef enum gnutls_hpke_aead_t {
-       GNUTLS_HPKE_AEAD_AES_128_GCM = 0x0001,
-       GNUTLS_HPKE_AEAD_AES_256_GCM = 0x0002,
-       GNUTLS_HPKE_AEAD_CHACHA20_POLY1305 = 0x0003,
-       GNUTLS_HPKE_AEAD_EXPORT_ONLY = 0xFFFF
-} gnutls_hpke_aead_t;
-
-typedef enum gnutls_hpke_mode_t {
-       GNUTLS_HPKE_MODE_BASE = 0,
-       GNUTLS_HPKE_MODE_PSK = 1,
-       GNUTLS_HPKE_MODE_AUTH = 2,
-       GNUTLS_HPKE_MODE_AUTH_PSK = 3
-} gnutls_hpke_mode_t;
-
-typedef enum gnutls_hpke_role_t {
-       GNUTLS_HPKE_ROLE_SENDER = 0,
-       GNUTLS_HPKE_ROLE_RECEIVER = 1
-} gnutls_hpke_role_t;
-
-typedef struct gnutls_hpke_context_st *gnutls_hpke_context_t;
-
-int gnutls_hpke_context_init(gnutls_hpke_context_t *ctx,
-                            const gnutls_hpke_mode_t mode,
-                            const gnutls_hpke_role_t role,
-                            const gnutls_hpke_kem_t kem,
-                            const gnutls_hpke_kdf_t kdf,
-                            const gnutls_hpke_aead_t aead);
-
-int gnutls_hpke_context_deinit(gnutls_hpke_context_t ctx);
-
-int gnutls_hpke_context_set_psk(gnutls_hpke_context_t ctx,
-                               const gnutls_datum_t *psk,
-                               const gnutls_datum_t *psk_id);
-
-int gnutls_hpke_context_set_sender_privkey(gnutls_hpke_context_t ctx,
-                                          gnutls_privkey_t sender_privkey);
-
-int gnutls_hpke_context_set_sender_pubkey(gnutls_hpke_context_t ctx,
-                                         gnutls_pubkey_t sender_pubkey);
-
-size_t gnutls_hpke_context_get_enc_size(const gnutls_hpke_context_t ctx);
-
-int gnutls_hpke_encap(gnutls_hpke_context_t ctx, const gnutls_datum_t *info,
-                     gnutls_datum_t *enc, gnutls_pubkey_t receiver_pubkey);
-
-int gnutls_hpke_seal(gnutls_hpke_context_t ctx, const gnutls_datum_t *aad,
-                    const gnutls_datum_t *plaintext,
-                    gnutls_datum_t *ciphertext);
-
-int gnutls_hpke_decap(gnutls_hpke_context_t ctx, const gnutls_datum_t *info,
-                     const gnutls_datum_t *enc,
-                     gnutls_privkey_t receiver_privkey);
-
-int gnutls_hpke_open(gnutls_hpke_context_t ctx, const gnutls_datum_t *aad,
-                    const gnutls_datum_t *ciphertext,
-                    gnutls_datum_t *plaintext);
-
-int gnutls_hpke_context_set_ikme(gnutls_hpke_context_t ctx,
-                                const gnutls_datum_t *ikme);
-
-int gnutls_hpke_generate_keypair(const gnutls_hpke_kem_t kem,
-                                const gnutls_datum_t *ikm,
-                                gnutls_privkey_t *privkey,
-                                gnutls_pubkey_t *pubkey);
-
-int gnutls_hpke_get_seq(gnutls_hpke_context_t ctx, uint64_t *seq);
-int gnutls_hpke_set_seq(gnutls_hpke_context_t ctx, uint64_t seq);
-
-int gnutls_hpke_export(gnutls_hpke_context_t ctx,
-                      const gnutls_datum_t *exporter_context, const size_t L,
-                      gnutls_datum_t *secret);
 #ifdef __cplusplus
 }
 #endif

diff --git a/lib/includes/gnutls/hpke.h b/lib/includes/gnutls/hpke.h
new file mode 100644 (file)
index 0000000..0471475
--- /dev/null
+++ b/lib/includes/gnutls/hpke.h
@@ -0,0 +1,162 @@
+/*
+ * Copyright © 2026 David Dudas
+ *
+ * Author: David Dudas <david.dudas03@e-uvt.ro>
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+
+ *
+ */
+
+#ifndef GNUTLS_HPKE_H
+#define GNUTLS_HPKE_H
+
+#include <gnutls/gnutls.h>
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * gnutls_hpke_kem_t:
+ * @GNUTLS_HPKE_KEM_DHKEM_P256: DHKEM using P-256
+ * @GNUTLS_HPKE_KEM_DHKEM_P384: DHKEM using P-384
+ * @GNUTLS_HPKE_KEM_DHKEM_P521: DHKEM using P-521
+ * @GNUTLS_HPKE_KEM_DHKEM_X25519: DHKEM using X25519
+ * @GNUTLS_HPKE_KEM_DHKEM_X448: DHKEM using X448
+ * Enumeration of HPKE KEM algorithms.
+ */
+typedef enum gnutls_hpke_kem_t {
+       GNUTLS_HPKE_KEM_DHKEM_P256 = 0x0010,
+       GNUTLS_HPKE_KEM_DHKEM_P384 = 0x0011,
+       GNUTLS_HPKE_KEM_DHKEM_P521 = 0x0012,
+       GNUTLS_HPKE_KEM_DHKEM_X25519 = 0x0020,
+       GNUTLS_HPKE_KEM_DHKEM_X448 = 0x0021
+} gnutls_hpke_kem_t;
+
+/**
+ * gnutls_hpke_kdf_t:
+ * @GNUTLS_HPKE_KDF_HKDF_SHA256: HKDF using SHA-256
+ * @GNUTLS_HPKE_KDF_HKDF_SHA384: HKDF using SHA-384
+ * @GNUTLS_HPKE_KDF_HKDF_SHA512: HKDF using SHA-512
+ * Enumeration of HPKE KDF algorithms.
+ */
+typedef enum gnutls_hpke_kdf_t {
+       GNUTLS_HPKE_KDF_HKDF_SHA256 = 0x0001,
+       GNUTLS_HPKE_KDF_HKDF_SHA384 = 0x0002,
+       GNUTLS_HPKE_KDF_HKDF_SHA512 = 0x0003
+} gnutls_hpke_kdf_t;
+
+/**
+ * gnutls_hpke_aead_t:
+ * @GNUTLS_HPKE_AEAD_AES_128_GCM: AES-128-GCM
+ * @GNUTLS_HPKE_AEAD_AES_256_GCM: AES-256-GCM
+ * @GNUTLS_HPKE_AEAD_CHACHA20_POLY1305: ChaCha20-Poly1305
+ * Enumeration of HPKE AEAD algorithms.
+ */
+typedef enum gnutls_hpke_aead_t {
+       GNUTLS_HPKE_AEAD_AES_128_GCM = 0x0001,
+       GNUTLS_HPKE_AEAD_AES_256_GCM = 0x0002,
+       GNUTLS_HPKE_AEAD_CHACHA20_POLY1305 = 0x0003,
+       GNUTLS_HPKE_AEAD_EXPORT_ONLY = 0xFFFF
+} gnutls_hpke_aead_t;
+
+/**
+ * gnutls_hpke_mode_t:
+ * GNUTLS_HPKE_MODE_BASE: HPKE base mode
+ * GNUTLS_HPKE_MODE_PSK: HPKE psk mode
+ * GNUTLS_HPKE_MODE_AUTH: HPKE auth mode
+ * GNUTLS_HPKE_MODE_AUTH_PSK: HPKE auth+psk mode
+ * Enumeration of HPKE modes.
+ */
+typedef enum gnutls_hpke_mode_t {
+       GNUTLS_HPKE_MODE_BASE = 0,
+       GNUTLS_HPKE_MODE_PSK = 1,
+       GNUTLS_HPKE_MODE_AUTH = 2,
+       GNUTLS_HPKE_MODE_AUTH_PSK = 3
+} gnutls_hpke_mode_t;
+
+/**
+ * gnutls_hpke_role_t
+ * GNUTLS_HPKE_ROLE_SENDER: HPKE sender role
+ * GNUTLS_HPKE_ROLE_RECEIVER: HPKE receiver role
+ */
+typedef enum gnutls_hpke_role_t {
+       GNUTLS_HPKE_ROLE_SENDER = 0,
+       GNUTLS_HPKE_ROLE_RECEIVER = 1
+} gnutls_hpke_role_t;
+
+typedef struct gnutls_hpke_context_st *gnutls_hpke_context_t;
+
+int gnutls_hpke_context_init(gnutls_hpke_context_t *ctx,
+                            const gnutls_hpke_mode_t mode,
+                            const gnutls_hpke_role_t role,
+                            const gnutls_hpke_kem_t kem,
+                            const gnutls_hpke_kdf_t kdf,
+                            const gnutls_hpke_aead_t aead);
+
+int gnutls_hpke_context_deinit(gnutls_hpke_context_t ctx);
+
+int gnutls_hpke_context_set_psk(gnutls_hpke_context_t ctx,
+                               const gnutls_datum_t *psk,
+                               const gnutls_datum_t *psk_id);
+
+int gnutls_hpke_context_set_sender_privkey(gnutls_hpke_context_t ctx,
+                                          gnutls_privkey_t sender_privkey);
+
+int gnutls_hpke_context_set_sender_pubkey(gnutls_hpke_context_t ctx,
+                                         gnutls_pubkey_t sender_pubkey);
+
+size_t gnutls_hpke_context_get_enc_size(const gnutls_hpke_context_t ctx);
+
+int gnutls_hpke_encap(gnutls_hpke_context_t ctx, const gnutls_datum_t *info,
+                     gnutls_datum_t *enc, gnutls_pubkey_t receiver_pubkey);
+
+int gnutls_hpke_seal(gnutls_hpke_context_t ctx, const gnutls_datum_t *aad,
+                    const gnutls_datum_t *plaintext,
+                    gnutls_datum_t *ciphertext);
+
+int gnutls_hpke_decap(gnutls_hpke_context_t ctx, const gnutls_datum_t *info,
+                     const gnutls_datum_t *enc,
+                     gnutls_privkey_t receiver_privkey);
+
+int gnutls_hpke_open(gnutls_hpke_context_t ctx, const gnutls_datum_t *aad,
+                    const gnutls_datum_t *ciphertext,
+                    gnutls_datum_t *plaintext);
+
+int gnutls_hpke_context_set_ikme(gnutls_hpke_context_t ctx,
+                                const gnutls_datum_t *ikme);
+
+int gnutls_hpke_generate_keypair(const gnutls_hpke_kem_t kem,
+                                const gnutls_datum_t *ikm,
+                                gnutls_privkey_t *privkey,
+                                gnutls_pubkey_t *pubkey);
+
+int gnutls_hpke_get_seq(gnutls_hpke_context_t ctx, uint64_t *seq);
+int gnutls_hpke_set_seq(gnutls_hpke_context_t ctx, uint64_t seq);
+
+int gnutls_hpke_export(gnutls_hpke_context_t ctx,
+                      const gnutls_datum_t *exporter_context, const size_t L,
+                      gnutls_datum_t *secret);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // GNUTLS_HPKE_H

diff --git a/tests/hpke-tests.c b/tests/hpke-tests.c
index 9aee68d5433652bc3ba83c4e5293761bf3a80a62..8162e842463bcb4c7891d7cae0cc2072775a0525 100644 (file)
--- a/tests/hpke-tests.c
+++ b/tests/hpke-tests.c
@@ -28,6 +28,7 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
+#include <gnutls/hpke.h>
 #include <gnutls/abstract.h>
 
 #include "utils.h"