oak icon indicating copy to clipboard operation
oak copied to clipboard

Published 20 hours ago verified publisher icon project-oak

Contribute to the Rust HPKE crate

Open ipetr0v opened this issue 2 years ago • 3 comments

There is an existing implementation of the RFC 9180 Hybrid Public Key Encryption in Rust: https://crates.io/crates/hpke

But this implementation lacks the bidirectional encryption, which is explained in the RFC but in the Security Considerations section - so it's technically not a part of the protocol.

We need bidirectional encryption for our remote attestation use-cases - so we need to think about contributing to this crate, and making it work with bidirectional encryption.

ipetr0v avatar Feb 23 '23 13:02 ipetr0v

cc @tiziano88 @conradgrobler @sidtelang

ipetr0v avatar Feb 23 '23 13:02 ipetr0v

Also the default-features include x25519-dalek, which we would want to remove from our codebase: https://github.com/rozbb/rust-hpke/blob/b53f23ca707efe78051dec5330dd18e6007e2384/Cargo.toml#L17-L18

We probably need to split p256 into a separate feature, so we won't have to rely on the default-features.

ipetr0v avatar Feb 24 '23 16:02 ipetr0v

Another contribution that we could make is to allow serialization for the Context objects.

We cannot share private keys with the enclave application and only want to share session keys/contexts. But it would require sending them iver gRPC.

ipetr0v avatar Aug 03 '23 12:08 ipetr0v