hyperledger-archives · troyronda · Apr 17, 2020 · Mar 31, 2020
diff --git a/.codecov.yaml b/.codecov.yaml
@@ -14,3 +14,5 @@ coverage:
 
 ignore:
   - "test/bdd"  # ignore bdd tests
+  - "protos"
+  - "pkg/crypto/tinkcrypto/primitive/proto"
diff --git a/go.sum b/go.sum
@@ -225,6 +225,7 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262 h1:qsl9y/CJx34tuA7QCPNp86JNJe4spst6Ff8MjvPUdPg=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c h1:97SnQk1GYRXJgvwZ8fadnxDOWfKvkNQHH3CtZntPSrM=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/pkg/crypto/tinkcrypto/primitive/composite/api/composite_decrypt.go b/pkg/crypto/tinkcrypto/primitive/composite/api/composite_decrypt.go
@@ -0,0 +1,19 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package api
+
+// CompositeDecrypt will decrypt a `ciphertext` representing a composite encryption with a protected cek for the
+// recipient caller of this interface. In order to get the plaintext embedded, this type is configured with the
+// recipient key type that will decrypt the embedded cek first. This type is used mainly for repudiation requests where
+// the sender identity remains unknown using ECDH-ES key wrapping with an ephemeral sender key.
+type CompositeDecrypt interface {
+	// Decrypt operation: decrypts ciphertext representing a serialized EncryptedData (mainly extracted from a
+	// JWE message) for a given recipient. It extracts the underlying secure material then executes key unwrapping of
+	// the cek and the AEAD decrypt primitive.
+	// returns resulting plaintext extracted from the serialized object.
+	Decrypt(cipherText, additionalData []byte) ([]byte, error)
+}
diff --git a/pkg/crypto/tinkcrypto/primitive/composite/api/composite_encrypt.go b/pkg/crypto/tinkcrypto/primitive/composite/api/composite_encrypt.go
@@ -0,0 +1,16 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package api
+
+// CompositeEncrypt will encrypt a `plaintext` using AEAD primitive and ECDH-ES key wrapping by recipient
+// It returns the resulting serialized JWE []byte. This type is used mainly for repudiation requests where the sender
+// identity remains unknown to the recipient in a serialized EncryptedData envelope (used mainly to build JWE messages).
+type CompositeEncrypt interface {
+	// Encrypt operation: encrypts plaintext with aad represented as the list of recipient's corresponding public keys
+	// Returns resulting EncryptedData wrapping ciphertext and the recipients protected keys or error if failed.
+	Encrypt(plainText, aad []byte) ([]byte, error)
+}