Merge pull request private-attribution#1351 from tyurek/hybrid_impres…

…sion Hybrid Impression Report Encryption
akoshelev · Oct 22, 2024 · 9445928 · 9445928
2 parents 114006b + 45cadd2
commit 9445928
Show file tree

Hide file tree

Showing 6 changed files with 460 additions and 60 deletions.
diff --git a/ipa-core/src/hpke/info.rs b/ipa-core/src/hpke/info.rs
@@ -52,7 +52,7 @@ impl<'a> Info<'a> {
 
     /// Converts this instance into an owned byte slice that can further be used to create HPKE
     /// sender or receiver context.
-    pub(super) fn to_bytes(&self) -> Box<[u8]> {
+    pub(crate) fn to_bytes(&self) -> Box<[u8]> {
         let info_len = DOMAIN.len()
             + self.helper_origin.len()
             + self.site_domain.len()

diff --git a/ipa-core/src/hpke/mod.rs b/ipa-core/src/hpke/mod.rs
@@ -96,26 +96,21 @@ impl From<io::Error> for CryptError {
 /// If ciphertext cannot be opened for any reason.
 ///
 /// [`HPKE decryption`]: https://datatracker.ietf.org/doc/html/rfc9180#name-encryption-and-decryption
-pub fn open_in_place<'a, R: PrivateKeyRegistry>(
-    key_registry: &R,
+pub fn open_in_place<'a>(
+    sk: &IpaPrivateKey,
     enc: &[u8],
     ciphertext: &'a mut [u8],
-    info: &Info,
+    info: &[u8],
 ) -> Result<&'a [u8], CryptError> {
-    let key_id = info.key_id;
-    let info = info.to_bytes();
     let encap_key = <IpaKem as hpke::Kem>::EncappedKey::from_bytes(enc)?;
     let (ct, tag) = ciphertext.split_at_mut(ciphertext.len() - AeadTag::<IpaAead>::size());
     let tag = AeadTag::<IpaAead>::from_bytes(tag)?;
-    let sk = key_registry
-        .private_key(key_id)
-        .ok_or(CryptError::NoSuchKey(key_id))?;
 
     single_shot_open_in_place_detached::<_, IpaKdf, IpaKem>(
         &OpModeR::Base,
         sk,
         &encap_key,
-        &info,
+        info,
         ct,
         &[],
         &tag,
@@ -136,22 +131,16 @@ pub(crate) type Ciphertext<'a> = (
 
 /// ## Errors
 /// If the match key cannot be sealed for any reason.
-pub(crate) fn seal_in_place<'a, R: CryptoRng + RngCore, K: PublicKeyRegistry>(
-    key_registry: &K,
+pub(crate) fn seal_in_place<'a, R: CryptoRng + RngCore>(
+    pk: &IpaPublicKey,
     plaintext: &'a mut [u8],
-    info: &'a Info,
+    info: &[u8],
     rng: &mut R,
 ) -> Result<Ciphertext<'a>, CryptError> {
-    let key_id = info.key_id;
-    let info = info.to_bytes();
-    let pk_r = key_registry
-        .public_key(key_id)
-        .ok_or(CryptError::NoSuchKey(key_id))?;
-
     let (encap_key, tag) = single_shot_seal_in_place_detached::<IpaAead, IpaKdf, IpaKem, _>(
         &OpModeS::Base,
-        pk_r,
-        &info,
+        pk,
+        info,
         plaintext,
         &[],
         rng,
@@ -169,6 +158,7 @@ mod tests {
     use rand_core::{CryptoRng, RngCore, SeedableRng};
     use typenum::Unsigned;
 
+    use super::{PrivateKeyRegistry, PublicKeyRegistry};
     use crate::{
         ff::{Gf40Bit, Serializable as IpaSerializable},
         hpke::{open_in_place, seal_in_place, CryptError, Info, IpaAead, KeyPair, KeyRegistry},
@@ -231,9 +221,12 @@ mod tests {
             match_key.serialize(&mut plaintext);
 
             let (encap_key, ciphertext, tag) = seal_in_place(
-                &self.registry,
+                self.registry
+                    .public_key(info.key_id)
+                    .ok_or(CryptError::NoSuchKey(info.key_id))
+                    .unwrap(),
                 plaintext.as_mut_slice(),
-                &info,
+                &info.to_bytes(),
                 &mut self.rng,
             )
             .unwrap();
@@ -282,7 +275,14 @@ mod tests {
                 Self::SITE_DOMAIN,
             )
             .unwrap();
-            open_in_place(&self.registry, &enc.enc, enc.ct.as_mut(), &info)?;
+            open_in_place(
+                self.registry
+                    .private_key(info.key_id)
+                    .ok_or(CryptError::NoSuchKey(info.key_id))?,
+                &enc.enc,
+                enc.ct.as_mut(),
+                &info.to_bytes(),
+            )?;
 
             // TODO: fix once array split is a thing.
             Ok(XorReplicated::deserialize_infallible(
@@ -467,7 +467,8 @@ mod tests {
                     _ => panic!("bad test setup: only 5 fields can be corrupted, asked to corrupt: {corrupted_info_field}")
                 };
 
-                open_in_place(&suite.registry, &encryption.enc, &mut encryption.ct, &info).unwrap_err();
+                open_in_place(suite.registry.private_key(info.key_id)
+                .ok_or(CryptError::NoSuchKey(info.key_id))?, &encryption.enc, &mut encryption.ct, &info.to_bytes()).unwrap_err();
             }
         }
     }