-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
::aead::{SealingKey, OpeningKey} how to prepend nonce to packet? #570
Comments
@jac-cbi as requested. Your use case makes sense, and I understand the pain points you are experiencing with the API. If I am understanding your use case correctly, you want to know the nonce that will be used in the call to encryption so that you can include that nonce in the header you will be including with the ciphertext, and you are using that header as the AAD that will be used in computing the tag. Is that correct? This is currently awkward with the API if you are trying to limit yourself to just the Likely these operations aren't happening in lock-step on both sides, so on the decryptor side you could parse the Nonce out of the header received from the encryptor, and have a custom Now looking at the encryptor side there is some challenges. We could add an API that returns the I don't think it makes sense for our library to have a notion of the header, it's format, whether Nonce is or is not a field in that header, whether the whole header is included in the AAD or not. I think the best course of action is likely to use a combiantion of Unless there is a misunderstanding in your requirement "need to include the nonce in the header (aad'd as well)", if the Nonce itself doesn't need to be included in the AAD in your use case, then we are open to adding a function variant that returns the Nonce that was used from the provided sequence. |
@jac-cbi any feedback on the above? |
Hello! We just released aws-lc-rs v1.12.0. 🎉 We believe our latest release provides the APIs needed to resolve the issue reported here. The new APIs and examples of how to use them can be found in our documentation here. This issue will now be closed. If you continue to have this or other problems after upgrading, feel free to re-open this issue or open a new one. Thanks for your help in improving our library! |
Problem:
I'm attempting to use
aws_lc_rs::aead
to encrypt and decrypt packets. The AEAD in-place should work fine. However, I need to include the nonce in the header (aad'd as well).I'm currently using
Counter64
to get the ball rolling, but I see no way to extract the nonce used for encryption so that I might add it to the header. And, afaict, it doesn't add it itself.How is this intended to be done? The Ring API + AWS enhancements(?) really constrains the use of the Nonce, and for good reason. I must be missing something, how are users of this crate passing the Nonce to the receiver for decryption to succeed?
Note: that embedded systems are in scope, so I'm avoiding use of the allocator anywhere I know exactly how long buffers need to be (header_len + data_len + tag_len and so forth)
Note2:
RandomizedNonceKey
is not suitable for my use case because it doesn't allow me to set the first nonce and then increment the nonce. My design relies heavily on two devices to arrive at the same shared secret, then deriving from that everything necessary to perform encryption and decryption. this includes the nonces.Solution:
Ideally, I'd like
.seal_in_place_separate_tag()
to return(tag, nonce)
so that I can append and prepend as needed. However, that sucks from an API to support perspective...What am I missing?
EDIT: Please @ me, I'm not on GitHub regularly
The text was updated successfully, but these errors were encountered: