-
Notifications
You must be signed in to change notification settings - Fork 43
-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AEAD interface improvements #74
Comments
JOSE transmits the ciphertext and tag separately, thus an interface such as: val decrypt_raw : key -> nonce -> adata -> ciphertext -> tag -> plaintext option
val encrypt_raw : key -> nonce -> adata -> plaintext -> ciphertext * tag could be useful (NB: the names |
on a separate note, there could be (measurable) speedup of AEAD encryption if the allocated cipher-stream is extended by tag-size (i.e. Cstruct.len msg + tag_size) -- thus a Cstruct.append can be avoided (which is costly since it allocates and memmoves). |
similarly, the Chacha20 implementation -- where djb does 64 bit nonce and 64 bit counter -- while IETF does 96 bit nonce and 32 bit counter -- could be functorised to allow more static checkng (and fewer conditional branches at runtime in the hot loop [incrementing the counter]). |
Came here to ask for |
@anmonteiro currently, |
See #171 which integrates "of_secret", "tag_size" and also "authenticate_encrypt_tag" and "authenticate_decrypt_tag". Any feedback on the PR is welcome. |
* mirage-crypto: improve AEAD API #74 #144 - provide tag_size and of_secret - CCM now only with mac length / tag size of 16 bytes, all other possible mac sizes are not exposed. - provide authenticate_encrypt_tag and authenticate_decrypt_tag: Both functions do not treat the tag and encrypted data uniform, but return them separately (or receive them separately).
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
It would be good to enhance the interface with:
To achieve this, CCM needs to take the maclen as functor argument (instead of as argument to
of_secret
). This is fine since the call site usually defines (by protocol spec) how long the tag should be. Unclear how to avoid defining CCM_4, CCM_6, CCM_8, CCM_10, CCM_12, CCM_14, CCM_16 - maybe allow the user to construct them themselves (i.e. exposing S.Core and CCM_of).The text was updated successfully, but these errors were encountered: