pub fn SetupPSKS(
config: HPKEConfig,
pkR: &HpkePublicKey,
info: &Info,
psk: &Psk,
psk_id: &PskId,
randomness: Randomness
) -> SenderContextResultExpand description
Authentication using a Pre-Shared Key - Sender
This variant extends the base mechanism by allowing the recipient to
authenticate that the sender possessed a given PSK. The PSK also improves
confidentiality guarantees in certain adversary models, as described in the
security properties. We assume that both parties have been provisioned with
both the PSK value psk and another byte string psk_id that is used to identify
which PSK should be used.
The primary difference from the base case is that the psk and psk_id values
are used as ikm inputs to the KDF (instead of using the empty string). The
PSK MUST have at least 32 bytes of entropy and SHOULD be of length Nh bytes
or longer. See the PSK Recommendations for a more detailed discussion.
def SetupPSKS(pkR, info, psk, psk_id):
shared_secret, enc = Encap(pkR)
return enc, KeyScheduleS(mode_psk, shared_secret, info, psk, psk_id)