Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AEAD handling #247

Merged
merged 4 commits into from
Nov 12, 2024
Merged

Improve AEAD handling #247

merged 4 commits into from
Nov 12, 2024

Conversation

twiss
Copy link
Member

@twiss twiss commented Nov 11, 2024
edited
Loading

  • In the v2 API, use AEAD if all public keys support it
  • Add SerializeSymmetricKeyEncryptedAEADReuseKey
    Allow explicitly indicating whether AEAD is supported when creating an SKESK packet, instead of looking at config.AEAD(), as the config is no longer reliable, and we shouldn't mix SKESKv3 and SEIPDv2, for example.
  • Deprecate SerializeEncryptedKey[WithHiddenOption] and SerializeSymmetricKeyEncryptedReuseKey
    These functions don't allow explicitly indicating whether AEAD is supported and are thus prone to misuse. The *AEAD versions should be used instead.
  • Improve documentation
    Document that the aeadSupported parameter passed to SerializeEncryptedKeyAEAD[withHiddenOption], SerializeSymmetricKeyEncryptedAEADReuseKey, and SerializeSymmetricallyEncrypted must match.

twiss added 2 commits November 11, 2024 17:33
@twiss
[v2] Use AEAD if all public keys support it
63e3da1
@twiss
Add SerializeSymmetricKeyEncryptedAEADReuseKey
ee67844 
Allow explicitly indicating whether AEAD is supported when creating
an SKESK packet, instead of looking at config.AEAD().

The config is no longer reliable, and we shouldn't mix SKESKv3 and
SEIPDv2, for example.
@twiss twiss requested a review from lubux November 11, 2024 16:41
twiss added 2 commits November 11, 2024 17:45
@twiss
Deprecate SerializeEncryptedKey[WithHiddenOption] and SerializeSymmet…
1efe4a0 
…ricKeyEncryptedReuseKey

These functions don't allow explicitly indicating whether AEAD is
supported and are thus prone to misuse. The *AEAD versions should
be used instead.
@twiss
Improve documentation
531d9f5 
Document that the `aeadSupported` parameter passed to
`SerializeEncryptedKeyAEAD[withHiddenOption]`,
`SerializeSymmetricKeyEncryptedAEADReuseKey`, and
`SerializeSymmetricallyEncrypted` must match.
@twiss twiss merged commit 33a08b3 into main Nov 12, 2024
8 checks passed
@twiss twiss deleted the improve-aead branch November 12, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lubux lubux lubux approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twiss @lubux