On Mon, 2024-07-08 at 12:58 -0500, Orie Steele wrote:
> "alg": "HPKE-P256-SHA256+A128KW" // for key encryption
>
> and ...
>
> "alg": "HPKE-P256-SHA256", // for "integrated encryption"
> "enc": "A128GCM",
>
> I'm hoping that "HPKE-P256-SHA256-A128GCM" is ok for both cases, and the
> presence of "enc" is sufficient to distinguish them... but if folks
> disagree, feel free to propose something that makes this clearer.
>
Looking at my implementation[1] having something like:
"alg": "HPKE",
"enc": "HPKE-P256-SHA256-[A128KW/A128GCM]"
may avoid a lot of special casing
Here is the current simplified sequence of operations:
alg = self._jwa_keymgmt(jh.get('alg', None))
enc = self._jwa_enc(jh.get('enc', None))
...
key = key.get_keys(self.jose_header['kid'])
...
cek = alg.unwrap(key, enc.wrap_key_size, enckey, header)
data = enc.decrypt(cek, aad, iv, ciphertext, tag)
self.cek = cek
If the alg function was just a way to prepare the inputs internally and
pass them all as the "cek", where the enc function actually perform
direct vs indirect wrapping, most of the other internal abstractions
would remain the same.
having only "alg" would require completely special casing everything
from deserialization downwards about HPKE with a completely separate
parallel path all the way down into the algorithms.
If the JWE handling for HPKE makes it too alien, it may be a better
path to have a JWH defined that is not a JWE at all ... (including a
compact serialization that cannot be mistaken by a JWS or a JWE
hopefully)
[1]: https://github.com/latchset/jwcrypto/blob/main/jwcrypto/jwe.py
--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
