Expose encapsulation and decapsulation.

teythoon · teythoon · commit d26c91b19256 · 2025-05-12T15:06:40.000+02:00
diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs
@@ -649,6 +649,34 @@ extern "C" {
         sig: *const c_uchar,
         siglen: size_t,
     ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate_init(
+        ctx: *mut EVP_PKEY_CTX,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_encapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        wrappedkey: *mut c_uchar,
+        wrappedkeylen: *mut size_t,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+    ) -> c_int;
+
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate_init(
+        ctx: *mut EVP_PKEY_CTX,
+        params: *const OSSL_PARAM,
+    ) -> c_int;
+    #[cfg(ossl300)]
+    pub fn EVP_PKEY_decapsulate(
+        ctx: *mut EVP_PKEY_CTX,
+        genkey: *mut c_uchar,
+        genkeylen: *mut size_t,
+        wrappedkey: *const c_uchar,
+        wrappedkeylen: size_t,
+    ) -> c_int;
 }
 
 const_ptr_api! {
diff --git a/openssl/src/pkey_ctx.rs b/openssl/src/pkey_ctx.rs
@@ -197,6 +197,18 @@ where
         Ok(())
     }
 
+    /// Prepares the context for encapsulateion using the public key.
+    #[corresponds(EVP_PKEY_encapsulate_init)]
+    #[inline]
+    pub fn encapsulate_init(&mut self) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_encapsulate_init(self.as_ptr(),
+                                               ptr::null()))?;
+        }
+
+        Ok(())
+    }
+
     /// Prepares the context for signature verification using the public key.
     #[corresponds(EVP_PKEY_verify_init)]
     #[inline]
@@ -250,6 +262,43 @@ where
         Ok(len)
     }
 
+    /// Performs a public key encapsulation operation.
+    #[corresponds(EVP_PKEY_encapsulate)]
+    pub fn encapsulate(&mut self, wrappedkey: Option<&mut [u8]>, genkey: Option<&mut [u8]>)
+                       -> Result<(usize, usize), ErrorStack>
+    {
+        let mut wrappedkey_len = wrappedkey.as_ref().map_or(0, |b| b.len());
+        let mut genkey_len = genkey.as_ref().map_or(0, |b| b.len());
+        unsafe {
+            cvt(ffi::EVP_PKEY_encapsulate(
+                self.as_ptr(),
+                wrappedkey.map_or(ptr::null_mut(), |b| b.as_mut_ptr()),
+                &mut wrappedkey_len,
+                genkey.map_or(ptr::null_mut(), |b| b.as_mut_ptr()),
+                &mut genkey_len,
+            ))?;
+        }
+
+        Ok((wrappedkey_len, genkey_len))
+    }
+
+    /// Like [`Self::encapsulate`] but appends ciphertext and key to a [`Vec`].
+    pub fn encapsulate_to_vec(&mut self, wrappedkey: &mut Vec<u8>, genkey: &mut Vec<u8>)
+                              -> Result<(usize, usize), ErrorStack>
+    {
+        let wrappedkey_base = wrappedkey.len();
+        let genkey_base = genkey.len();
+        let (wrappedkey_len, genkey_len) = self.encapsulate(None, None)?;
+        wrappedkey.resize(wrappedkey_base + wrappedkey_len, 0);
+        genkey.resize(genkey_base + genkey_len, 0);
+        let (wrappedkey_len, genkey_len) =
+            self.encapsulate(Some(&mut wrappedkey[wrappedkey_base..]),
+                             Some(&mut genkey[genkey_base..]))?;
+        wrappedkey.truncate(wrappedkey_base + wrappedkey_len);
+        genkey.truncate(genkey_base + genkey_len);
+        Ok((wrappedkey_len, genkey_len))
+    }
+
     /// Verifies the signature of data using the public key.
     ///
     /// Returns `Ok(true)` if the signature is valid, `Ok(false)` if the signature is invalid, and `Err` if an error
@@ -329,6 +378,17 @@ where
         Ok(())
     }
 
+    /// Prepares the context for decapsulation using the private key.
+    #[corresponds(EVP_PKEY_decapsulate_init)]
+    #[inline]
+    pub fn decapsulate_init(&mut self) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_decapsulate_init(self.as_ptr(), ptr::null()))?;
+        }
+
+        Ok(())
+    }
+
     /// Prepares the context for signing using the private key.
     #[corresponds(EVP_PKEY_sign_init)]
     #[inline]
@@ -384,6 +444,37 @@ where
         Ok(len)
     }
 
+    /// Performs a decapsulation operation using the private key.
+    #[corresponds(EVP_PKEY_decapsulate)]
+    pub fn decapsulate(&mut self, from: &[u8], to: Option<&mut [u8]>)
+                       -> Result<usize, ErrorStack>
+    {
+        let mut written = to.as_ref().map_or(0, |b| b.len());
+        unsafe {
+            cvt(ffi::EVP_PKEY_decapsulate(
+                self.as_ptr(),
+                to.map_or(ptr::null_mut(), |b| b.as_mut_ptr()),
+                &mut written,
+                from.as_ptr(),
+                from.len(),
+            ))?;
+        }
+
+        Ok(written)
+    }
+
+    /// Like [`Self::decapsulate`] but appends plaintext to a [`Vec`].
+    pub fn decapsulate_to_vec(&mut self, from: &[u8], out: &mut Vec<u8>)
+                              -> Result<usize, ErrorStack>
+    {
+        let base = out.len();
+        let len = self.decapsulate(from, None)?;
+        out.resize(base + len, 0);
+        let len = self.decapsulate(from, Some(&mut out[base..]))?;
+        out.truncate(base + len);
+        Ok(len)
+    }
+
     /// Signs the contents of `data`.
     ///
     /// If `sig` is set to `None`, an upper bound on the number of bytes required for the output buffer will be
