



@deftypefun {int} {gnutls_hpke_encap} (gnutls_hpke_context_t @var{ctx}, const gnutls_datum_t * @var{info}, gnutls_datum_t * @var{enc}, const gnutls_pubkey_t @var{receiver_pubkey}, const gnutls_privkey_t @var{sender_privkey}, const gnutls_datum_t * @var{psk}, const gnutls_datum_t * @var{psk_id})
@var{ctx}: The HPKE context to use for encapsulation.

@var{info}: The application-specific information to be included in the key schedule (optional).

@var{enc}: A pointer to a gnutls_datum_t structure where the encapsulated key will be stored.

@var{receiver_pubkey}: The receiver's public key to use for encapsulation.

@var{sender_privkey}: The sender's private key needed for AuthEncap operation (optional).

@var{psk}: The pre-shared key (optional).

@var{psk_id}: The pre-shared key identifier (optional).

This function performs the encapsulation operation of HPKE. It
generates an encapsulated key ( @code{enc} ) that can be sent to the
receiver, who can then use it to derive the shared secret.

The function checks that the context is properly initialized and
that the provided parameters are valid. It also checks that the
context is in the correct role (@code{GNUTLS_HPKE_ROLE_SENDER} ) for
encapsulation.

This function must be used once per HPKE context and before any
calls to @code{gnutls_hpke_seal()} .

The function will allocate memory for  @code{enc} , and the caller is
responsible for freeing this memory using @code{gnutls_free()}  when it is
no longer needed.

 @code{receiver_pubkey} must be a valid public key that is compatible with
the KEM algorithm specified in the HPKE context.

For @code{GNUTLS_HPKE_MODE_AUTH}  or @code{GNUTLS_HPKE_MODE_AUTH_PSK} ,
 @code{sender_privkey} must be a valid private key that can be used for
authentication. For @code{GNUTLS_HPKE_MODE_PSK}  or
@code{GNUTLS_HPKE_MODE_AUTH_PSK} , a pre-shared key ( @code{psk} ) and its
identifier ( @code{psk_id} ) must be supplied.

@strong{Returns:} 0 on success, or a negative error code on failure

@strong{Since:} 3.8.13
@end deftypefun
