feat(aead): re-introduce ContextTag on the revised Cipher/Decipher traits#190
Open
coderdan wants to merge 3 commits into
Open
feat(aead): re-introduce ContextTag on the revised Cipher/Decipher traits#190coderdan wants to merge 3 commits into
coderdan wants to merge 3 commits into
Conversation
…aits PR #148 redesigned the Cipher/Encrypt/Decipher/Decrypt traits and dropped the old ContextTag, which referenced the pre-redesign API. Re-introduce it as an encrypt-side wrapper so the type system, not the call site, guarantees a value's context tag is always bound as AAD — the one piece of behaviour raw tuple AAD cannot enforce. In the revised API, AAD is threaded through Encrypt at seal time but injected into the Decipher by the concrete cipher at open time, so ContextTag implements Encrypt and folds (extra_aad, tag) into the AAD, while ContextTag::aad / aad_with rebuild the matching AAD for the cipher's decrypt entry point. refine nests tags into a PAE-encoded tuple for hierarchical context. The Encrypt impl bounds the tag on IntoAad<'static> (owned tags and &'static str) and re-borrows the encoded Aad for the call lifetime via covariance, sidestepping the HRTB that an Encrypt-level lifetime used to carry. Covered by mock-cipher unit tests in vitaminc-aead and an end-to-end AES-256-GCM roundtrip suite in vitaminc-encrypt (wrong/omitted/refined context all fail).
…h_aad Put extra_aad before tag so the decrypt-side helper mirrors encrypt_with_aad(cipher, extra_aad) and the bound (extra_aad, tag) tuple, reducing the chance of a silent same-typed argument swap. Returned bytes are unchanged. Addresses #190 review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR #148 redesigned the Cipher/Encrypt/Decipher/Decrypt traits and dropped the
old ContextTag, which referenced the pre-redesign API. Re-introduce it as an
encrypt-side wrapper so the type system, not the call site, guarantees a value's
context tag is always bound as AAD — the one piece of behaviour raw tuple AAD
cannot enforce.
In the revised API, AAD is threaded through Encrypt at seal time but injected
into the Decipher by the concrete cipher at open time, so ContextTag implements
Encrypt and folds (extra_aad, tag) into the AAD, while ContextTag::aad /
aad_with rebuild the matching AAD for the cipher's decrypt entry point. refine
nests tags into a PAE-encoded tuple for hierarchical context.
The Encrypt impl bounds the tag on IntoAad<'static> (owned tags and &'static
str) and re-borrows the encoded Aad for the call lifetime via covariance,
sidestepping the HRTB that an Encrypt-level lifetime used to carry.
Covered by mock-cipher unit tests in vitaminc-aead and an end-to-end AES-256-GCM
roundtrip suite in vitaminc-encrypt (wrong/omitted/refined context all fail).