API Reference¶

A Python implementation of HPKE. <https://pyhpke.readthedocs.io>

class pyhpke.AEADInterface[source]¶

Bases: object

The AEAD (Authenticated Encapsulation with Additional Data) interface.

property id: AEADId¶: The AEAD identifier.

property key_size: int¶: The AEAD key size.

property nonce_size: int¶: The AEAD nonce size.

property tag_size: int¶: The AEAD tag size.

import_key(key: bytes) → AEADKeyInterface[source]¶: Imports a byte string as an AEAD key.

class pyhpke.AEADKeyInterface[source]¶

Bases: object

The AEAD key interface.

seal(pt: bytes, nonce: bytes, aad: bytes = b'') → bytes[source]¶

Encrypts the specified message.

Parameters:

pt (bytes) – A plain text to be encrypted.
nonce (bytes) – A nonce for encryption.
aad (bytes) – Additional authenticated data.

Returns:

The encrypted data.

Return type:

bytes

Raises:

ValueError – Invalid arguments.
SealError – Failed to encrypt the plain text.

open(ct: bytes, nonce: bytes, aad: bytes = b'') → bytes[source]¶

Decrypts the specified message.

Parameters:

ct (bytes) – A cipher text to be decrypted.
nonce (bytes) – A nonce for encryption.
aad (bytes) – Additional authenticated data.

Returns:

The decrypted data.

Return type:

bytes

Raises:

ValueError – Invalid arguments.
OpenError – Failed to decrypt the cipher text.

class pyhpke.CipherSuite(kem: KEMInterface, kdf: KDFInterface, aead: AEADInterface)[source]¶

Bases: object

An HPKE cipher suite which consists of KEM, KDF and AEAD.

classmethod new(kem_id: KEMId, kdf_id: KDFId, aead_id: AEADId)[source]¶

Constructor of HPKE cipher suite.

Parameters:

kem_id (KEMId) – A KEM (Key Encapsulation Mechanism) identifier.
kdf_id (KDFId) – A KDF (Key Derivation Function) identifier.
aead_id (AEADId) – An AEAD (Authenticated Encryption with Additional Data) identifier.

Returns:

A CipherSuite object.

Return type:

bytes

property kem: KEMInterface¶: The KEM context in the cipher suite.

property kdf: KDFInterface¶: The KDF context in the cipher suite.

property aead: AEADInterface¶: The AEAD context in the cipher suite.

create_sender_context(pkr: KEMKeyInterface, info: bytes = b'', sks: KEMKeyInterface | None = None, psk: bytes = b'', psk_id: bytes = b'', eks: KEMKeyPair | None = None) → Tuple[bytes, ContextInterface][source]¶: Creates a sender context.

create_recipient_context(enc: bytes, skr: KEMKeyInterface, info: bytes = b'', pks: KEMKeyInterface | None = None, psk: bytes = b'', psk_id: bytes = b'') → ContextInterface[source]¶: Creates a recipient context.

seal(pkr: KEMKeyInterface, pt: bytes, info: bytes = b'', aad: bytes = b'', psk: bytes = b'', psk_id: bytes = b'', sks: KEMKeyInterface | None = None) → Tuple[bytes, bytes][source]¶: Does a single-shot encryption.

open(enc: bytes, skr: KEMKeyInterface, ct: bytes, info: bytes = b'', aad: bytes = b'', psk: bytes = b'', psk_id: bytes = b'', pks: KEMKeyInterface | None = None) → bytes[source]¶: Does a single-shot decryption.

class pyhpke.AEADId(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Bases: Enum

AES128_GCM = 1¶

AES256_GCM = 2¶

CHACHA20_POLY1305 = 3¶

EXPORT_ONLY = 65535¶

class pyhpke.KDFId(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Bases: Enum

HKDF_SHA256 = 1¶

HKDF_SHA384 = 2¶

HKDF_SHA512 = 3¶

class pyhpke.KEMId(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶

Bases: Enum

DHKEM_P256_HKDF_SHA256 = 16¶

DHKEM_P384_HKDF_SHA384 = 17¶

DHKEM_P521_HKDF_SHA512 = 18¶

DHKEM_X25519_HKDF_SHA256 = 32¶

DHKEM_X448_HKDF_SHA512 = 33¶

class pyhpke.ContextInterface[source]¶

Bases: object

seal(pt: bytes, aad: bytes = b'') → bytes[source]¶

open(ct: bytes, aad: bytes = b'') → bytes[source]¶

export(exporter_context: bytes, length: int) → bytes[source]¶

exception pyhpke.NotSupportedError[source]¶

Bases: PyHPKEError

An Exception occurred when the function is not supported.

exception pyhpke.OpenError[source]¶

Bases: PyHPKEError

An Exception occurred when an decryption process failed.

exception pyhpke.PyHPKEError[source]¶

Bases: Exception

Base class for all exceptions.

exception pyhpke.SealError[source]¶

Bases: PyHPKEError

An Exception occurred when an encryption process failed.

class pyhpke.KDFInterface[source]¶

Bases: object

The KDF (Key Derivation Function) interface.

property id: KDFId¶: The KDF identifier.

extract(salt: bytes, ikm: bytes) → bytes[source]¶

expand(prk: bytes, info: bytes, length: int) → bytes[source]¶

class pyhpke.KEMInterface[source]¶

Bases: object

The KEM (Key Encapsulation Mechanism) interface.

property id: KEMId¶: The KEM identifier.

deserialize_private_key(key: bytes) → KEMKeyInterface[source]¶

deserialize_public_key(key: bytes) → KEMKeyInterface[source]¶

encap(pkr: KEMKeyInterface, sks: KEMKeyInterface | None = None, eks: KEMKeyPair | None = None) → Tuple[bytes, bytes][source]¶

decap(enc: bytes, skr: KEMKeyInterface, pks: KEMKeyInterface | None = None) → bytes[source]¶

derive_key_pair(ikm: bytes) → KEMKeyPair[source]¶

class pyhpke.KEMKey[source]¶

Bases: object

A KEMKeyInterface Builder.

classmethod from_pyca_cryptography_key(k: Any) → KEMKeyInterface[source]¶: Creates an HPKE key from pyca/cryptography key object.

classmethod from_jwk(data: bytes | str | Dict[str, Any]) → KEMKeyInterface[source]¶: Creates an HPKE key from JWK (JSON Web Key).

classmethod from_pem(data: bytes | str) → KEMKeyInterface[source]¶: Creates an HPKE key from PEM-formatted key data.

class pyhpke.KEMKeyPair(sk: KEMKeyInterface, pk: KEMKeyInterface)[source]¶

Bases: object

property private_key: KEMKeyInterface¶

property public_key: KEMKeyInterface¶

class pyhpke.KEMKeyInterface(key: Any)[source]¶

Bases: object

The KEM key interface.

property raw: Any¶

to_private_bytes() → bytes[source]¶: Serializes the key to a byte string if it is private.

to_public_bytes() → bytes[source]¶: Serializes the key to a byte string if it is public.