Skip to content

Releases: symbolicsoft/hpke-ng

hpke-ng v0.1.0

08 Jun 09:24
@nadimkobeissi nadimkobeissi
v0.1.0
b3a28f3
This commit was signed with the committer’s verified signature.
nadimkobeissi Nadim Kobeissi
SSH Key Fingerprint: X7cuv3JshmfzNjWtNZgpBUNJmSSZIgFVBST7bPGWVQc
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
hpke-ng v0.1.0 Latest
Latest
  • Breaking: Context is split into one-directional SenderContext and ReceiverContext. setup_sender_* now returns SenderContext (exposes seal + export); setup_receiver_* returns ReceiverContext (exposes open + export). Neither implements Clone. A sender and the matching receiver derive the identical (key, base_nonce), so a single type that could both seal and open made using one session in both directions a catastrophic AEAD (key, nonce) reuse — the split turns that misuse into a compile error. For a bidirectional channel, run a separate HPKE setup per direction or derive independent per-direction keys via export (RFC 9180 §9.8).
  • New HpkeError::InvalidKeyMaterial variant. ML-KEM-768/1024 derive_key_pair requires exactly 64 bytes of (d, z) seed (draft-connolly-cfrg-hpke-mlkem §3.2); any other IKM length now returns InvalidKeyMaterial rather than a less specific error.
  • Internal hardening: the key schedule is split into PSK-free (Base/Auth) and PSK-bearing (PSK/AuthPSK) fast paths selected by sealed PskFreeMode / PskMode marker tags instead of a raw u8 mode byte. Routing a PSK mode through the PSK-free path (or vice versa) is now a compile error. The tags are #[doc(hidden)] and not part of the public API.
Assets 2
Loading

hpke-ng v0.1.0-rc.3

09 May 11:43
@nadimkobeissi nadimkobeissi
v0.1.0-rc.3
1cacf12
This commit was signed with the committer’s verified signature.
nadimkobeissi Nadim Kobeissi
SSH Key Fingerprint: X7cuv3JshmfzNjWtNZgpBUNJmSSZIgFVBST7bPGWVQc
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
hpke-ng v0.1.0-rc.3 Pre-release
Pre-release
  • Performance: cache the recipient's serialized public key in DhPrivateKey<D> so DH decap/auth_decap skip the per-call base-point scalar multiplication (X25519 decap −41%, P-curve decap proportionally larger).
  • Performance: cache the expanded x_wing::DecapsulationKey in XWingPrivateKey (X-Wing decap −38% — same trick as ML-KEM, previously missed for X-Wing).
  • Performance: cache the parsed EncapsulationKey in PQ public-key wrappers (ML-KEM encap −30% to −37%, X-Wing encap −14%).
  • Performance: Aead trait now exposes a cached Cipher associated type built once via Aead::init at key schedule time; AES-GCM Context::seal skips the per-call key schedule + GHash precompute. Sealed trait — no external impact.
  • Performance: Kdf::extract / expand accept piecewise slices (&[&[u8]]) to avoid materialising labeled-IKM/info Vecs. Sealed trait — no external impact.
  • Across 62 head-to-head benchmarks vs hpke-rs, hpke-ng now wins 43 (was 27), ties 14, loses 5 — losses are all on derive_key_pair/generate paths the one-time cost paid for the per-call decap/encap savings.
Loading

hpke-ng v0.1.0-rc.2

08 May 12:36
@nadimkobeissi nadimkobeissi
v0.1.0-rc.2
f9dda08
This commit was signed with the committer’s verified signature.
nadimkobeissi Nadim Kobeissi
SSH Key Fingerprint: X7cuv3JshmfzNjWtNZgpBUNJmSSZIgFVBST7bPGWVQc
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
hpke-ng v0.1.0-rc.2 Pre-release
Pre-release
  • Expose sk_to_bytes which serializes a private key to bytes (zeroized on drop).
Loading

hpke-ng v0.1.0-rc.1

08 May 08:12
@nadimkobeissi nadimkobeissi
v0.1.0-rc.1
b9d1d4b
This commit was signed with the committer’s verified signature.
nadimkobeissi Nadim Kobeissi
SSH Key Fingerprint: X7cuv3JshmfzNjWtNZgpBUNJmSSZIgFVBST7bPGWVQc
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
hpke-ng v0.1.0-rc.1 Pre-release
Pre-release
Loading