On Wed, Jun 12, 2024 at 06:31:23PM +0530, tirumal reddy wrote: > On Wed, 12 Jun 2024 at 13:14, Ilari Liusvaara <[email protected]> > wrote: > > > When working on figuring out how to patch the encryption and decryption > > procedures for this mode, I noticed that if the direct encryption > > operation step produces headers, the resulting JWE can not be serialized > > with compact encoding. RFC7516 prohibits bulk encryption stop from > > producing headers (only allowing it to produce JWE Ciphertext and > > Authentication Tag outputs). > > > > This arises because the produced headers must be unprotected (due to > > hard cyclic dependency), and compact serialization not allowing > > unprotected headers. The RFC7516 prohibition on headers means all > > bulk encryption algorithms can work in compact serialization. > > > > The cyclic dependency can be prevented by invoking the SetupBaseS to get > the HPKE context and HPKE enc. The HPKE context is then used to invoke the > Seal function with "aad" and "pt" as parameters. The "ek'' parameter can be > within the JWE protected header.
The aad is input to the algorithm direct encryption operation used by the mode, so this does not break the cycle. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
