Update hpke-rs requirement from 0.0.6 to 0.0.7 (openmls#395)

* Update hpke-rs requirement from 0.0.6 to 0.0.7

Updates the requirements on [hpke-rs](https://github.com/franziskuskiefer/hpke-rs) to permit the latest version.
- [Release notes](https://github.com/franziskuskiefer/hpke-rs/releases)
- [Commits](cryspen/hpke-rs@v0.0.6...v0.0.7)

Signed-off-by: dependabot[bot] <[email protected]>

* stop using deprecated types

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Franziskus Kiefer <[email protected]>

Cargo.toml

@@ -35,7 +35,7 @@ serde_json = "^1.0"
 tls-codec = { version = "0.1", path = "tls-codec", features = ["derive", "hpke"] }
 log = { version = "0.4", features = ["std"] }
 typetag = "0.1"
-hpke = { version = "0.0.6", package = "hpke-rs", features = ["hazmat", "serialization"] }
+hpke = { version = "0.0.7", package = "hpke-rs", features = ["hazmat", "serialization"] }
 evercrypt = { version = "0.0.8", features = ["serialization"] }
 itertools = {version = "0.10", optional = true}
 

src/ciphersuite/codec.rs

@@ -55,7 +55,7 @@ impl tls_codec::TlsSize for Signature {
     }
 }
 
-impl Codec for HPKEPublicKey {
+impl Codec for HpkePublicKey {
     fn encode(&self, buffer: &mut Vec<u8>) -> Result<(), CodecError> {
         encode_vec(VecSize::VecU16, buffer, self.as_slice())?;
         Ok(())

src/ciphersuite/mod.rs

@@ -15,7 +15,7 @@ pub(crate) use serde::{
 use std::hash::Hash;
 
 // re-export for other parts of the library when we can use it
-pub(crate) use hpke::{HPKEKeyPair, HPKEPrivateKey, HPKEPublicKey};
+pub(crate) use hpke::{HpkeKeyPair, HpkePrivateKey, HpkePublicKey};
 
 mod ciphersuites;
 mod codec;
@@ -600,7 +600,7 @@ impl Ciphersuite {
     /// HPKE single-shot encryption of `ptxt` to `pk_r`, using `info` and `aad`.
     pub(crate) fn hpke_seal(
         &self,
-        pk_r: &HPKEPublicKey,
+        pk_r: &HpkePublicKey,
         info: &[u8],
         aad: &[u8],
         ptxt: &[u8],
@@ -619,7 +619,7 @@ impl Ciphersuite {
     /// `pk_r`, using `info` and `aad`.
     pub(crate) fn hpke_seal_secret(
         &self,
-        pk_r: &HPKEPublicKey,
+        pk_r: &HpkePublicKey,
         info: &[u8],
         aad: &[u8],
         secret: &Secret,
@@ -632,7 +632,7 @@ impl Ciphersuite {
     pub(crate) fn hpke_open(
         &self,
         input: &HpkeCiphertext,
-        sk_r: &HPKEPrivateKey,
+        sk_r: &HpkePrivateKey,
         info: &[u8],
         aad: &[u8],
     ) -> Result<Vec<u8>, CryptoError> {
@@ -651,7 +651,7 @@ impl Ciphersuite {
     }
 
     /// Derive a new HPKE keypair from a given Secret.
-    pub(crate) fn derive_hpke_keypair(&self, ikm: &Secret) -> HPKEKeyPair {
+    pub(crate) fn derive_hpke_keypair(&self, ikm: &Secret) -> HpkeKeyPair {
         self.hpke.derive_key_pair(&ikm.value)
     }
 }

src/group/mls_group/create_commit.rs

@@ -215,7 +215,7 @@ impl MlsGroup {
 /// `EncryptedGroupSecrets`. In particular, the `group_secrets_bytes` are
 /// encrypted for the `public_key` into `encrypted_group_secrets` later.
 pub(crate) struct PlaintextSecret {
-    pub(crate) public_key: HPKEPublicKey,
+    pub(crate) public_key: HpkePublicKey,
     pub(crate) group_secrets_bytes: Vec<u8>,
     pub(crate) key_package_hash: Vec<u8>,
 }

src/key_packages/codec.rs

@@ -12,7 +12,7 @@ impl Codec for KeyPackage {
     fn decode(cursor: &mut Cursor) -> Result<Self, CodecError> {
         let protocol_version = ProtocolVersion::decode(cursor)?;
         let cipher_suite_name = CiphersuiteName::decode(cursor)?;
-        let hpke_init_key = HPKEPublicKey::decode(cursor)?;
+        let hpke_init_key = HpkePublicKey::decode(cursor)?;
         let credential = Credential::decode(cursor)?;
         let extensions = extensions_vec_from_cursor(cursor)?;
         let signature = Signature::decode(cursor)?;

src/key_packages/mod.rs

@@ -26,7 +26,7 @@ mod test_key_packages;
 pub struct KeyPackage {
     protocol_version: ProtocolVersion,
     ciphersuite: &'static Ciphersuite,
-    hpke_init_key: HPKEPublicKey,
+    hpke_init_key: HpkePublicKey,
     credential: Credential,
     extensions: Vec<Box<dyn Extension>>,
     signature: Signature,
@@ -146,7 +146,7 @@ impl KeyPackage {
     /// `init_key`.
     fn new(
         ciphersuite_name: CiphersuiteName,
-        hpke_init_key: HPKEPublicKey,
+        hpke_init_key: HpkePublicKey,
         credential_bundle: &CredentialBundle,
         extensions: Vec<Box<dyn Extension>>,
     ) -> Result<Self, KeyPackageError> {
@@ -219,12 +219,12 @@ impl KeyPackage {
     }
 
     /// Get a reference to the HPKE init key.
-    pub(crate) fn hpke_init_key(&self) -> &HPKEPublicKey {
+    pub(crate) fn hpke_init_key(&self) -> &HpkePublicKey {
         &self.hpke_init_key
     }
 
     /// Set a new HPKE init key.
-    pub(crate) fn set_hpke_init_key(&mut self, hpke_init_key: HPKEPublicKey) {
+    pub(crate) fn set_hpke_init_key(&mut self, hpke_init_key: HpkePublicKey) {
         self.hpke_init_key = hpke_init_key;
         self.encoded = self.unsigned_payload().unwrap();
     }
@@ -244,13 +244,13 @@ impl KeyPackage {
 #[cfg_attr(test, derive(PartialEq))]
 pub struct KeyPackageBundle {
     pub(crate) key_package: KeyPackage,
-    pub(crate) private_key: HPKEPrivateKey,
+    pub(crate) private_key: HpkePrivateKey,
     pub(crate) leaf_secret: Secret,
 }
 
 /// Public `KeyPackageBundle` functions.
 impl KeyPackageBundle {
-    /// Create a new `KeyPackageBundle` with a fresh `HPKEKeyPair`.
+    /// Create a new `KeyPackageBundle` with a fresh `HpkeKeyPair`.
     /// See `new_with_keypair` and `new_with_version` for details.
     /// This key package will have the default MLS version. Use `new_with_version`
     /// to get a key package bundle for a specific MLS version.
@@ -270,7 +270,7 @@ impl KeyPackageBundle {
     }
 
     /// Create a new `KeyPackageBundle` with
-    /// * a fresh `HPKEKeyPair`
+    /// * a fresh `HpkeKeyPair`
     /// * the provided MLS version
     /// * the first cipher suite in the `ciphersuites` slice
     /// * the provided `extensions`
@@ -328,7 +328,7 @@ impl KeyPackageBundle {
         ciphersuites: &[CiphersuiteName],
         credential_bundle: &CredentialBundle,
         mut extensions: Vec<Box<dyn Extension>>,
-        key_pair: HPKEKeyPair,
+        key_pair: HpkeKeyPair,
         leaf_secret: Secret,
     ) -> Result<Self, KeyPackageError> {
         if ciphersuites.is_empty() {
@@ -437,11 +437,11 @@ impl KeyPackageBundle {
         )
     }
 
-    /// Assembles a new KeyPackageBundle from a KeyPackage, a HPKEPrivateKey,
+    /// Assembles a new KeyPackageBundle from a KeyPackage, a HpkePrivateKey,
     /// and a leaf secret
     fn new_from_values(
         key_package: KeyPackage,
-        private_key: HPKEPrivateKey,
+        private_key: HpkePrivateKey,
         leaf_secret: Secret,
     ) -> Self {
         Self {
@@ -455,7 +455,7 @@ impl KeyPackageBundle {
 /// Crate visible `KeyPackageBundle` functions.
 impl KeyPackageBundle {
     /// Update the private key in the bundle.
-    pub(crate) fn _set_private_key(&mut self, private_key: HPKEPrivateKey) {
+    pub(crate) fn _set_private_key(&mut self, private_key: HpkePrivateKey) {
         self.private_key = private_key;
     }
 
@@ -469,8 +469,8 @@ impl KeyPackageBundle {
         &mut self.key_package
     }
 
-    /// Get a reference to the `HPKEPrivateKey`.
-    pub(crate) fn private_key(&self) -> &HPKEPrivateKey {
+    /// Get a reference to the `HpkePrivateKey`.
+    pub(crate) fn private_key(&self) -> &HpkePrivateKey {
         &self.private_key
     }
 

src/messages/codec.rs

@@ -299,7 +299,7 @@ impl Codec for PublicGroupState {
         let tree_hash = decode_vec(VecSize::VecU8, cursor)?;
         let interim_transcript_hash = decode_vec(VecSize::VecU8, cursor)?;
         let extensions = extensions_vec_from_cursor(cursor)?;
-        let external_pub = HPKEPublicKey::decode(cursor)?;
+        let external_pub = HpkePublicKey::decode(cursor)?;
         let signer_index = LeafIndex::from(u32::decode(cursor)?);
         let signature = Signature::decode(cursor)?;
         Ok(Self {

src/messages/mod.rs

@@ -318,7 +318,7 @@ pub struct PublicGroupState {
     pub(crate) tree_hash: Vec<u8>,
     pub(crate) interim_transcript_hash: Vec<u8>,
     pub(crate) extensions: Vec<Box<dyn Extension>>,
-    pub(crate) external_pub: HPKEPublicKey,
+    pub(crate) external_pub: HpkePublicKey,
     pub(crate) signer_index: LeafIndex,
     pub(crate) signature: Signature,
 }
@@ -403,7 +403,7 @@ pub(crate) struct PublicGroupStateTbs<'a> {
     pub(crate) tree_hash: &'a [u8],
     pub(crate) interim_transcript_hash: &'a [u8],
     pub(crate) extensions: &'a [Box<dyn Extension>],
-    pub(crate) external_pub: &'a HPKEPublicKey,
+    pub(crate) external_pub: &'a HpkePublicKey,
 }
 
 impl<'a> PublicGroupStateTbs<'a> {

src/schedule/kat_key_schedule.rs

@@ -20,7 +20,7 @@ use crate::{
 #[cfg(test)]
 use crate::test_util::{read, write};
 
-use hpke::HPKEKeyPair;
+use hpke::HpkeKeyPair;
 use serde::{self, Deserialize, Serialize};
 
 use super::CommitSecret;
@@ -49,7 +49,7 @@ struct Epoch {
     membership_key: String,
     resumption_secret: String,
 
-    external_pub: String, // TLS serialized HPKEPublicKey
+    external_pub: String, // TLS serialized HpkePublicKey
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, Default)]
@@ -74,7 +74,7 @@ fn generate(
     EpochSecrets,
     Vec<u8>,
     GroupContext,
-    HPKEKeyPair,
+    HpkeKeyPair,
 ) {
     let tree_hash = randombytes(ciphersuite.hash_length());
     let commit_secret = CommitSecret::random(ciphersuite);

src/schedule/mod.rs

@@ -118,7 +118,7 @@ use crate::tree::index::LeafIndex;
 use crate::tree::secret_tree::SecretTree;
 use crate::{ciphersuite::Mac, group::GroupContext, prelude::MembershipTag};
 use crate::{
-    ciphersuite::{AeadKey, AeadNonce, Ciphersuite, HPKEKeyPair, Secret},
+    ciphersuite::{AeadKey, AeadNonce, Ciphersuite, HpkeKeyPair, Secret},
     config::ProtocolVersion,
     messages::ConfirmationTag,
 };
@@ -594,7 +594,7 @@ impl ExternalSecret {
     }
 
     /// Derive the external keypair for External Commits
-    pub(crate) fn derive_external_keypair(&self, ciphersuite: &Ciphersuite) -> HPKEKeyPair {
+    pub(crate) fn derive_external_keypair(&self, ciphersuite: &Ciphersuite) -> HpkeKeyPair {
         ciphersuite.derive_hpke_keypair(&self.secret)
     }
 

src/tree/codec.rs

@@ -45,7 +45,7 @@ impl Codec for ParentNode {
         Ok(())
     }
     fn decode(cursor: &mut Cursor) -> Result<Self, CodecError> {
-        let public_key = HPKEPublicKey::decode(cursor)?;
+        let public_key = HpkePublicKey::decode(cursor)?;
         let unmerged_leaves = decode_vec(VecSize::VecU32, cursor)?;
         let parent_hash = decode_vec(VecSize::VecU8, cursor)?;
         Ok(ParentNode {
@@ -74,7 +74,7 @@ impl Codec for UpdatePathNode {
         Ok(())
     }
     fn decode(cursor: &mut Cursor) -> Result<Self, CodecError> {
-        let public_key = HPKEPublicKey::decode(cursor)?;
+        let public_key = HpkePublicKey::decode(cursor)?;
         let encrypted_path_secret = decode_vec(VecSize::VecU32, cursor)?;
         Ok(UpdatePathNode {
             public_key,

src/tree/hashes.rs

@@ -40,13 +40,13 @@ use tls_codec::Serialize;
 
 use super::node::ParentNode;
 use super::*;
-use crate::ciphersuite::{Ciphersuite, HPKEPublicKey};
+use crate::ciphersuite::{Ciphersuite, HpkePublicKey};
 use crate::key_packages::KeyPackage;
 
 pub(crate) struct ParentHashInput<'a> {
-    pub(crate) public_key: &'a HPKEPublicKey,
+    pub(crate) public_key: &'a HpkePublicKey,
     pub(crate) parent_hash: &'a [u8],
-    pub(crate) original_child_resolution: Vec<&'a HPKEPublicKey>,
+    pub(crate) original_child_resolution: Vec<&'a HpkePublicKey>,
 }
 
 impl<'a> ParentHashInput<'a> {
@@ -119,9 +119,9 @@ impl<'a> ParentNodeTreeHashInput<'a> {
 // === Parent hashes ===
 
 impl RatchetTree {
-    /// The list of HPKEPublicKey values of the nodes in the resolution of
+    /// The list of HpkePublicKey values of the nodes in the resolution of
     /// `index` but with the `unmerged_leaves` of the parent node omitted.
-    pub(crate) fn original_child_resolution(&self, index: NodeIndex) -> Vec<&HPKEPublicKey> {
+    pub(crate) fn original_child_resolution(&self, index: NodeIndex) -> Vec<&HpkePublicKey> {
         // Build the exclusion list that consists of the unmerged leaves of the parent
         // node
         let mut unmerged_leaves = vec![];

src/tree/mod.rs

@@ -359,7 +359,7 @@ impl RatchetTree {
                 .continue_path_secrets(&self.ciphersuite, secret, &common_path);
 
         // Extract public keys from UpdatePath
-        let update_path_public_keys: Vec<HPKEPublicKey> = update_path
+        let update_path_public_keys: Vec<HpkePublicKey> = update_path
             .nodes
             .iter()
             .map(|node| node.public_key.clone())
@@ -484,7 +484,7 @@ impl RatchetTree {
     /// Encrypt the path secrets to the co path and return the update path.
     fn encrypt_to_copath(
         &self,
-        public_keys: Vec<HPKEPublicKey>,
+        public_keys: Vec<HpkePublicKey>,
         group_context: &[u8],
         new_leaves_indexes: HashSet<&NodeIndex>,
     ) -> Result<Vec<UpdatePathNode>, TreeError> {
@@ -555,7 +555,7 @@ impl RatchetTree {
     /// along `path`
     pub(crate) fn validate_public_keys(
         &self,
-        public_keys: &[HPKEPublicKey],
+        public_keys: &[HpkePublicKey],
         path: &[NodeIndex],
     ) -> Result<(), TreeError> {
         if public_keys.len() != path.len() {
@@ -576,7 +576,7 @@ impl RatchetTree {
     /// Merges `public_keys` into the tree along the `path`
     pub(crate) fn merge_public_keys(
         &mut self,
-        public_keys: &[HPKEPublicKey],
+        public_keys: &[HpkePublicKey],
         path: &[NodeIndex],
     ) -> Result<(), TreeError> {
         debug_assert_eq!(public_keys.len(), path.len());
@@ -799,7 +799,7 @@ impl ApplyProposalsValues {
 /// ```
 #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
 pub struct UpdatePathNode {
-    pub public_key: HPKEPublicKey,
+    pub public_key: HpkePublicKey,
     pub encrypted_path_secret: Vec<HpkeCiphertext>,
 }
 

src/tree/node.rs

@@ -68,7 +68,7 @@ impl Node {
     }
 
     /// Returns the public HPKE key of either node type.
-    pub fn public_hpke_key(&self) -> Option<&HPKEPublicKey> {
+    pub fn public_hpke_key(&self) -> Option<&HpkePublicKey> {
         match self.node_type {
             NodeType::Leaf => self.key_package.as_ref().map(|kp| kp.hpke_init_key()),
             NodeType::Parent => self
@@ -140,22 +140,22 @@ impl Node {
 /// Content of a parent node.
 #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
 pub struct ParentNode {
-    pub(crate) public_key: HPKEPublicKey,
+    pub(crate) public_key: HpkePublicKey,
     pub(crate) unmerged_leaves: Vec<u32>,
     pub(crate) parent_hash: Vec<u8>,
 }
 
 impl ParentNode {
     /// Creates a new `ParentNode` from the provided values.
-    pub fn new(public_key: HPKEPublicKey, unmerged_leaves: &[u32], parent_hash: &[u8]) -> Self {
+    pub fn new(public_key: HpkePublicKey, unmerged_leaves: &[u32], parent_hash: &[u8]) -> Self {
         Self {
             public_key,
             unmerged_leaves: unmerged_leaves.to_vec(),
             parent_hash: parent_hash.to_vec(),
         }
     }
     /// Returns the node's HPKE public key
-    pub fn public_key(&self) -> &HPKEPublicKey {
+    pub fn public_key(&self) -> &HpkePublicKey {
         &self.public_key
     }
     /// Sets the node's parent hash