Skip to content

Commit

Permalink
Fix revirew comments
Browse files Browse the repository at this point in the history
  • Loading branch information
hwupathum committed Mar 20, 2024
1 parent 934432b commit 0d981e6
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 20 deletions.
16 changes: 4 additions & 12 deletions ballerina/hpke.bal
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,14 @@
// specific language governing permissions and limitations
// under the License.

# Represents the supported HPKE algorithms.
public type HpkeAlgorithm KYBER768|RSA_KYBER768;

# Represent the supported symmetric key sizes for AES algorithm.
public type AesKeySize 16|24|32;

# Represents the encapsulated secret and the ciphertext used in Hybrid Public Key Encryption (HPKE).
#
# + algorithm - The hybrid public key encryption algorithm used
# + encapsulatedSecret - The encapsulated secret
# + cipherText - The encrypted data
public type HybridEncryptionResult record {|
HpkeAlgorithm algorithm;
byte[] encapsulatedSecret;
byte[] cipherText;
|};

Check warning on line 27 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L27

Added line #L27 was not covered by tests
Expand All @@ -46,13 +41,12 @@ public type HybridEncryptionResult record {|
# + publicKey - Public key used for encryption
# + symmetricKeySize - The length of the symmetric key (in bytes)
# + return - Encrypted data or else a `crypto:Error` if an error occurs
public isolated function encryptKyber768Hpke(byte[] input, PublicKey publicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|error {
public isolated function encryptKyber768Hpke(byte[] input, PublicKey publicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|Error {

Check warning on line 44 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L44

Added line #L44 was not covered by tests
EncapsulationResult encapsulationResult = check encapsulateKyber768Kem(publicKey);
byte[] sharedSecret = check hkdfSha256(encapsulationResult.sharedSecret, symmetricKeySize);
byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret;

Check warning on line 47 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L47

Added line #L47 was not covered by tests
byte[] ciphertext = check encryptAesEcb(input, sharedSecret);
return {

Check warning on line 49 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L49

Added line #L49 was not covered by tests
algorithm: KYBER768,
encapsulatedSecret: encapsulatedSecret,
cipherText: ciphertext
};
Expand All @@ -78,13 +72,12 @@ public isolated function encryptKyber768Hpke(byte[] input, PublicKey publicKey,
# + privateKey - The Kyber private key used for decryption
# + length - The length of the output (in bytes)
# + return - Decrypted data or else a `crypto:Error` if error occurs
public isolated function decryptKyber768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey privateKey, int length = 32) returns byte[]|error {
public isolated function decryptKyber768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey privateKey, int length = 32) returns byte[]|Error {

Check warning on line 75 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L75

Added line #L75 was not covered by tests
byte[] key = check decapsulateKyber768Kem(encapsulatedKey, privateKey);
key = check hkdfSha256(key, length);
return check decryptAesEcb(input, key);
}

Check warning on line 79 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L79

Added line #L79 was not covered by tests


# Returns the RsaKyber768-HPKE-encrypted value for the given data.
# ```ballerina
# string input = "Hello Ballerina";
Expand All @@ -106,13 +99,12 @@ public isolated function decryptKyber768Hpke(byte[] input, byte[] encapsulatedKe
# + kyberPublicKey - The Kyber public key used for encryption
# + symmetricKeySize - The length of the symmetric key (in bytes)
# + return - Encrypted data or else a `crypto:Error` if an error occurs
public isolated function encryptRsaKyber768Hpke(byte[] input, PublicKey rsaPublicKey, PublicKey kyberPublicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|error {
public isolated function encryptRsaKyber768Hpke(byte[] input, PublicKey rsaPublicKey, PublicKey kyberPublicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|Error {

Check warning on line 102 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L102

Added line #L102 was not covered by tests
EncapsulationResult hybridEncapsulationResult = check encapsulateRsaKyber768Kem(rsaPublicKey, kyberPublicKey);
byte[] sharedSecret = check hkdfSha256(hybridEncapsulationResult.sharedSecret, symmetricKeySize);
byte[] encapsulatedSecret = hybridEncapsulationResult.encapsulatedSecret;

Check warning on line 105 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L105

Added line #L105 was not covered by tests
byte[] ciphertext = check encryptAesEcb(input, sharedSecret);
return {

Check warning on line 107 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L107

Added line #L107 was not covered by tests
algorithm: RSA_KYBER768,
encapsulatedSecret: encapsulatedSecret,
cipherText: ciphertext
};
Expand Down Expand Up @@ -145,7 +137,7 @@ public isolated function encryptRsaKyber768Hpke(byte[] input, PublicKey rsaPubli
# + kyberPrivateKey - The Kyber private key used for decryption
# + length - The length of the output (in bytes)
# + return - Decrypted data or else a `crypto:Error` if error occurs
public isolated function decryptRsaKyber768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey rsaPrivateKey, PrivateKey kyberPrivateKey, int length = 32) returns byte[]|error {
public isolated function decryptRsaKyber768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey rsaPrivateKey, PrivateKey kyberPrivateKey, int length = 32) returns byte[]|Error {

Check warning on line 140 in ballerina/hpke.bal

View check run for this annotation

Codecov / codecov/patch

ballerina/hpke.bal#L140

Added line #L140 was not covered by tests
byte[] key = check decapsulateRsaKyber768Kem(encapsulatedKey, rsaPrivateKey, kyberPrivateKey);
key = check hkdfSha256(key, length);
return check decryptAesEcb(input, key);
Expand Down
1 change: 1 addition & 0 deletions ballerina/kdf.bal
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

import ballerina/jballerina.java;

# Returns HKDF (HMAC-based Key Derivation Function) using SHA-256 as the hash function.
Expand Down
3 changes: 3 additions & 0 deletions ballerina/kem.bal
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,14 @@
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

import ballerina/jballerina.java;

# Represents the supported KEM algorithms.
public type KemAlgorithm RSA|KYBER768|RSA_KYBER768;

# The `Kyber768` KEM algorithm.
public const KYBER768 = "KYBER768";
# The `RSA-Kyber768` KEM algorithm.
public const RSA_KYBER768 = "RSA_KYBER768";

Expand Down
11 changes: 3 additions & 8 deletions ballerina/private_public_key.bal
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,16 @@
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.

import ballerina/jballerina.java;
import ballerina/time;

# Represents the supported public key algorithms.
public type KeyAlgorithm RSA|KYBER768|DILITHIUM3;
# Represents the supported key algorithms.
public type KeyAlgorithm RSA;

# The `RSA` algorithm.
public const RSA = "RSA";

# The `Kyber768` algorithm.
public const KYBER768 = "KYBER768";

# The `Dilithium3` algorithm.
public const DILITHIUM3 = "DILITHIUM3";

# Represents the KeyStore-related configurations.
#
# + path - Path to the KeyStore file
Expand Down

0 comments on commit 0d981e6

Please sign in to comment.