forked from tink-crypto/tink
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TINKHybridDecrypt.h
58 lines (52 loc) · 2.54 KB
/
TINKHybridDecrypt.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
/**
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
**************************************************************************
*/
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
/**
* The protocol for hybrid decryption.
*
* Implementations of this protocol are secure against adaptive chosen ciphertext attacks. In
* addition to @c ciphertext the encryption takes an extra parameter @c contextInfo, which usually
* is public data implicit from the context, but should be bound to the resulting ciphertext: upon
* decryption the ciphertext allows for checking the integrity of @c contextInfo (but there are no
* guarantees with regard to secrecy or authenticity of @c contextInfo).
*
* WARNING: Hybrid Encryption does not provide authenticity, that is the recipient of an encrypted
* message does not know the identity of the sender. Similar to general public-key encryption
* schemes the security goal of Hybrid Encryption is to provide privacy only. In other words,
* Hybrid Encryption is secure if and only if the recipient can accept anonymous messages or can
* rely on other mechanisms to authenticate the sender.
*
* @c contextInfo can be empty or nil, but to ensure the correct decryption of the ciphertext the
* same value must be provided as was used during encryption operation.
*
* A concrete instantiation of this interface can implement the binding of @c contextInfo to the
* ciphertext in various ways, for example:
*
* - Use @c contextInfo as "associated data"-input for the employed AEAD symmetric encryption
* (https://tools.ietf.org/html/rfc5116).
* - Use @c contextInfo as "CtxInfo"-input for HKDF (if the implementation uses HKDF as key
* derivation function: https://tools.ietf.org/html/rfc5869).
*/
@protocol TINKHybridDecrypt <NSObject>
/* Decrypts @c ciphertext verifying the integrity of @c contextInfo. */
- (nullable NSData *)decrypt:(NSData *)ciphertext
withContextInfo:(nullable NSData *)contextInfo
error:(NSError **)error;
@end
NS_ASSUME_NONNULL_END