-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encapsulation and ECIES (v2) #222
base: main
Are you sure you want to change the base?
Conversation
Also provide ECIES algorithm.
Another thing I am noticing in the additions for 1.3 - there are a lot of new key-returning functions. The list of 'key creation' functions is repeated about 8 times in the spec, and these are getting quite chunky now with over 10 such functions. It might be worth reviewing those passages and simplifying the wording, and references to ALL of these APIs. |
* Use "key-encapsulation algorithm"
* Permit INVALID_SIGNATURE error for authentication failure * Include probablistic failure as additional reason for non-guarantee (e.g. ML-KEM) * Add note to NOT report padding errors in a distinct manner
Updated:
|
Leave 0x0b for key-wrapping, and use 0x0c for encapsulation.
Decided that |
Starting from #220 - this PR:
Some open issues:The encapsulation data sizing macro names. On other APIs, we typically name these after the function and the output parameter - but that would result inPSA_ENCAPSULATE_ENCAPSULATION_SIZE()
which seems somewhat repetitive. I have currently gone withPSA_ENCAPSULATION_SIZE()
, as the variable name is pretty distinctive.Should we consistently call this 'Encapsulation', 'Key encapsulation', or 'Key encapsulation mechanism'? - currently the text is mostly a mix of the first two.The output key is variously referred to as 'output key', 'shared output key', 'shared secret', and 'shared secret key'. Is there a best/preferred term for this in this API?If a decapsulation algorithm has an explicit failure (returns an error if the decapsulation fails rather than the wrong key), what error code should we use? (INVALID_ARGUMENT, or INVALID_SIGNATURE, or something else?).This PR provides the API foundations for ML-KEM (#95).