add HPKE bindings

openssl-sys/build/expando.c

@@ -63,6 +63,10 @@ RUST_CONF_OPENSSL_NO_EC
 RUST_CONF_OPENSSL_NO_EC2M
 #endif
 
+#ifdef OPENSSL_NO_ECX
+RUST_CONF_OPENSSL_NO_ECX
+#endif
+
 #ifdef OPENSSL_NO_ENGINE
 RUST_CONF_OPENSSL_NO_ENGINE
 #endif

openssl-sys/build/main.rs

@@ -120,7 +120,7 @@ fn check_ssl_kind() {
 }
 
 fn main() {
-    println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_SSL3_METHOD\", \"OPENSSL_NO_KRB5\", \"OPENSSL_NO_TLSEXT\", \"OPENSSL_NO_SRP\", \"OPENSSL_NO_RFC3779\", \"OPENSSL_NO_SHA\", \"OPENSSL_NO_NEXTPROTONEG\", \"OPENSSL_NO_ENGINE\", \"OPENSSL_NO_BUF_FREELISTS\", \"OPENSSL_NO_RC2\"))");
+    println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_COMP\", \"OPENSSL_NO_SOCK\", \"OPENSSL_NO_STDIO\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_SSL3_METHOD\", \"OPENSSL_NO_KRB5\", \"OPENSSL_NO_TLSEXT\", \"OPENSSL_NO_SRP\", \"OPENSSL_NO_RFC3779\", \"OPENSSL_NO_SHA\", \"OPENSSL_NO_NEXTPROTONEG\", \"OPENSSL_NO_ENGINE\", \"OPENSSL_NO_BUF_FREELISTS\", \"OPENSSL_NO_RC2\", \"OPENSSL_NO_ECX\"))");
 
     println!("cargo:rustc-check-cfg=cfg(openssl)");
     println!("cargo:rustc-check-cfg=cfg(libressl)");

openssl-sys/build/run_bindgen.rs

@@ -72,6 +72,10 @@ const INCLUDES: &str = "
 #if OPENSSL_VERSION_NUMBER >= 0x30200000
 #include <openssl/thread.h>
 #endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30200000
+#include <openssl/hpke.h>
+#endif
 ";
 
 #[cfg(feature = "bindgen")]

openssl-sys/src/handwritten/hpke.rs

@@ -0,0 +1,99 @@
+use super::super::*;
+use libc::*;
+
+extern "C" {
+    pub fn OSSL_HPKE_CTX_new(
+        mode: c_int,
+        suite: OSSL_HPKE_SUITE,
+        role: c_int,
+        libctx: *mut OSSL_LIB_CTX,
+        propq: *const c_char,
+    ) -> *mut OSSL_HPKE_CTX;
+    pub fn OSSL_HPKE_CTX_free(ctx: *mut OSSL_HPKE_CTX);
+    pub fn OSSL_HPKE_encap(
+        ctx: *mut OSSL_HPKE_CTX,
+        enc: *mut u8,
+        enclen: *mut usize,
+        pub_: *const u8,
+        publen: usize,
+        info: *const u8,
+        infolen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_seal(
+        ctx: *mut OSSL_HPKE_CTX,
+        ct: *mut u8,
+        ctlen: *mut usize,
+        aad: *const u8,
+        aadlen: usize,
+        pt: *const u8,
+        ptlen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_keygen(
+        suite: OSSL_HPKE_SUITE,
+        pub_: *mut u8,
+        publen: *mut usize,
+        priv_: *mut *mut EVP_PKEY,
+        ikm: *const u8,
+        ikmlen: usize,
+        libctx: *mut OSSL_LIB_CTX,
+        propq: *const c_char,
+    ) -> c_int;
+    pub fn OSSL_HPKE_decap(
+        ctx: *mut OSSL_HPKE_CTX,
+        enc: *const u8,
+        enclen: usize,
+        recippriv: *mut EVP_PKEY,
+        info: *const u8,
+        infolen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_open(
+        ctx: *mut OSSL_HPKE_CTX,
+        pt: *mut u8,
+        ptlen: *mut usize,
+        aad: *const u8,
+        aadlen: usize,
+        ct: *const u8,
+        ctlen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_export(
+        ctx: *mut OSSL_HPKE_CTX,
+        secret: *mut u8,
+        secretlen: usize,
+        label: *const u8,
+        labellen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_CTX_set1_authpriv(ctx: *mut OSSL_HPKE_CTX, priv_: *mut EVP_PKEY) -> c_int;
+    pub fn OSSL_HPKE_CTX_set1_authpub(
+        ctx: *mut OSSL_HPKE_CTX,
+        pub_: *const u8,
+        publen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_CTX_set1_psk(
+        ctx: *mut OSSL_HPKE_CTX,
+        pskid: *const c_char,
+        psk: *const u8,
+        psklen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_CTX_set1_ikme(
+        ctx: *mut OSSL_HPKE_CTX,
+        ikme: *const u8,
+        ikmelen: usize,
+    ) -> c_int;
+    pub fn OSSL_HPKE_CTX_set_seq(ctx: *mut OSSL_HPKE_CTX, seq: u64) -> c_int;
+    pub fn OSSL_HPKE_CTX_get_seq(ctx: *mut OSSL_HPKE_CTX, seq: *mut u64) -> c_int;
+    pub fn OSSL_HPKE_suite_check(suite: OSSL_HPKE_SUITE) -> c_int;
+    pub fn OSSL_HPKE_get_grease_value(
+        suite_in: *const OSSL_HPKE_SUITE,
+        suite: *mut OSSL_HPKE_SUITE,
+        enc: *mut u8,
+        enclen: *mut usize,
+        ct: *mut u8,
+        ctlen: usize,
+        libctx: *mut OSSL_LIB_CTX,
+        propq: *const c_char,
+    ) -> c_int;
+    pub fn OSSL_HPKE_str2suite(str_: *const c_char, suite: *mut OSSL_HPKE_SUITE) -> c_int;
+    pub fn OSSL_HPKE_get_ciphertext_size(suite: OSSL_HPKE_SUITE, clearlen: usize) -> usize;
+    pub fn OSSL_HPKE_get_public_encap_size(suite: OSSL_HPKE_SUITE) -> usize;
+    pub fn OSSL_HPKE_get_recommended_ikmelen(suite: OSSL_HPKE_SUITE) -> usize;
+}

openssl-sys/src/handwritten/mod.rs

@@ -12,6 +12,8 @@ pub use self::ec::*;
 pub use self::err::*;
 pub use self::evp::*;
 pub use self::hmac::*;
+#[cfg(ossl320)]
+pub use self::hpke::*;
 pub use self::kdf::*;
 pub use self::object::*;
 pub use self::ocsp::*;
@@ -51,6 +53,8 @@ mod ec;
 mod err;
 mod evp;
 mod hmac;
+#[cfg(ossl320)]
+mod hpke;
 mod kdf;
 mod object;
 mod ocsp;

openssl-sys/src/handwritten/types.rs

@@ -1144,3 +1144,15 @@ pub struct OSSL_PARAM {
 pub enum EVP_KDF {}
 #[cfg(ossl300)]
 pub enum EVP_KDF_CTX {}
+
+#[cfg(ossl320)]
+pub enum OSSL_HPKE_CTX {}
+
+#[cfg(ossl320)]
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct OSSL_HPKE_SUITE {
+    pub kem_id: u16,
+    pub kdf_id: u16,
+    pub aead_id: u16,
+}

openssl-sys/src/hpke.rs

@@ -0,0 +1,58 @@
+#[cfg(ossl320)]
+use crate::OSSL_HPKE_SUITE;
+use libc::c_int;
+
+#[cfg(ossl320)]
+pub const OSSL_HPKE_MODE_BASE: c_int = 0x00;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_MODE_PSK: c_int = 0x01;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_MODE_AUTH: c_int = 0x02;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_MODE_PSKAUTH: c_int = 0x03;
+
+#[cfg(ossl320)]
+pub const OSSL_HPKE_ROLE_SENDER: c_int = 0x00;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_ROLE_RECEIVER: c_int = 0x01;
+
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KEM_ID_P256: u16 = 0x10;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KEM_ID_P384: u16 = 0x11;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KEM_ID_P521: u16 = 0x12;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KEM_ID_X25519: u16 = 0x20;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KEM_ID_X448: u16 = 0x21;
+
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KDF_ID_HKDF_SHA256: u16 = 0x01;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KDF_ID_HKDF_SHA384: u16 = 0x02;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_KDF_ID_HKDF_SHA512: u16 = 0x03;
+
+#[cfg(ossl320)]
+pub const OSSL_HPKE_AEAD_ID_AES_GCM_128: u16 = 0x01;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_AEAD_ID_AES_GCM_256: u16 = 0x02;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_AEAD_ID_CHACHA_POLY1305: u16 = 0x03;
+#[cfg(ossl320)]
+pub const OSSL_HPKE_AEAD_ID_EXPORTONLY: u16 = 0xFFFF;
+
+#[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ECX")))]
+pub const OSSL_HPKE_SUITE_DEFAULT: OSSL_HPKE_SUITE = OSSL_HPKE_SUITE {
+    kem_id: OSSL_HPKE_KEM_ID_X25519,
+    kdf_id: OSSL_HPKE_KDF_ID_HKDF_SHA256,
+    aead_id: OSSL_HPKE_AEAD_ID_AES_GCM_128,
+};
+
+#[cfg(all(ossl320, osslconf = "OPENSSL_NO_ECX"))]
+pub const OSSL_HPKE_SUITE_DEFAULT: OSSL_HPKE_SUITE = OSSL_HPKE_SUITE {
+    kem_id: OSSL_HPKE_KEM_ID_P256,
+    kdf_id: OSSL_HPKE_KDF_ID_HKDF_SHA256,
+    aead_id: OSSL_HPKE_AEAD_ID_AES_GCM_128,
+};

openssl-sys/src/lib.rs

@@ -76,6 +76,7 @@ mod openssl {
     pub use self::evp::*;
     #[cfg(not(feature = "bindgen"))]
     pub use self::handwritten::*;
+    pub use self::hpke::*;
     pub use self::obj_mac::*;
     pub use self::ocsp::*;
     pub use self::pem::*;
@@ -106,6 +107,7 @@ mod openssl {
     mod evp;
     #[cfg(not(feature = "bindgen"))]
     mod handwritten;
+    mod hpke;
     mod obj_mac;
     mod ocsp;
     mod pem;

openssl/build.rs

@@ -7,7 +7,7 @@
 use std::env;
 
 fn main() {
-    println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_ARGON2\", \"OPENSSL_NO_RC2\"))");
+    println!("cargo:rustc-check-cfg=cfg(osslconf, values(\"OPENSSL_NO_OCB\", \"OPENSSL_NO_SM4\", \"OPENSSL_NO_SEED\", \"OPENSSL_NO_CHACHA\", \"OPENSSL_NO_CAST\", \"OPENSSL_NO_IDEA\", \"OPENSSL_NO_CAMELLIA\", \"OPENSSL_NO_RC4\", \"OPENSSL_NO_BF\", \"OPENSSL_NO_PSK\", \"OPENSSL_NO_DEPRECATED_3_0\", \"OPENSSL_NO_SCRYPT\", \"OPENSSL_NO_SM3\", \"OPENSSL_NO_RMD160\", \"OPENSSL_NO_EC2M\", \"OPENSSL_NO_OCSP\", \"OPENSSL_NO_CMS\", \"OPENSSL_NO_EC\", \"OPENSSL_NO_ARGON2\", \"OPENSSL_NO_RC2\", \"OPENSSL_NO_ECX\"))");
 
     println!("cargo:rustc-check-cfg=cfg(libressl)");
     println!("cargo:rustc-check-cfg=cfg(boringssl)");