Question: Exposing the tag in AES-GCM #144
Comments
|
See #74 for AEAD interface improvements. A PR that revises this API is welcome. |
|
Closing as this is being tracked in #74 (and good news, likely by the end of tomorrow there'll be a fresh release with a revised API) |
|
Please let me know if #171 fits your use case well? |
hannesm
added a commit
that referenced
this issue
Feb 5, 2023
* mirage-crypto: improve AEAD API #74 #144 - provide tag_size and of_secret - CCM now only with mac length / tag size of 16 bytes, all other possible mac sizes are not exposed. - provide authenticate_encrypt_tag and authenticate_decrypt_tag: Both functions do not treat the tag and encrypted data uniform, but return them separately (or receive them separately).
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 5, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 5, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 5, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 9, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 11, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
hannesm
added a commit
to hannesm/opam-repository
that referenced
this issue
Feb 13, 2023
…age, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) CHANGES: - BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (mirage/mirage-crypto#168 @hannesm, reported by @bikallem mirage/mirage-crypto#158) This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt" in your dune file (or in META requires, or in _tags). - AEAD API improvements: provide tag_size, of_secret, and functions that deal with the tag separately (mirage/mirage-crypto#171 @hannesm, fixes mirage/mirage-crypto#74 mirage/mirage-crypto#144 @orbitz @anmonteiro) Only CCM16 (with tag size 16) is now exposed, the former API does not exist anymore (passing `~maclen` to `of_secret`), according to sherlocode the only usage was CCM16 anyways This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16" and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key" Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be "Mirage_crypto.Cipher_block.S.CCM16" - BREAKING unify RNG initialization (reported by @talex5 in mirage/mirage-crypto#155, fixes mirage/mirage-crypto#160, PR mirage/mirage-crypto#162 @hannesm) This means: - "Mirage_crypto_rng_lwt.initialize ()" should now be "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)" - "Mirage_crypto_rng_unix.initialize ()" should now be "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)" - remove mirage 3 cross-compilation runes (mirage/mirage-crypto#163 @hannesm) - CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (mirage/mirage-crypto#170 @hannesm, fixes mirage/mirage-crypto#169 thanks to @bikallem @talex5) - CI: use miage 4 (mirage/mirage-crypto#166 @hannesm)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm encrypting something in Ocaml and decrypting it in PyCryptodome. In PyCryptodome, the tag is explicitly exposed and passed in for verification and in mirage-crypto it's implicit. See the PyCryptodome example here:
https://pycryptodome.readthedocs.io/en/latest/src/examples.html#encrypt-data-with-rsa
What's annoying is that I cannot run the PyCryptodome decryption with verification because I don't have the tag. And when I decrypt it in PyCryptodome I need to explicitly remove the tag by slicing out the last 16 bytes.
Does anyone understand why these interfaces are different? And should the tag be exposed in this interface to work with other libraries?
The text was updated successfully, but these errors were encountered: