Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore AES-GCM as the cipher mode across all implementations #16

Open
gnarea opened this issue Nov 25, 2020 · 0 comments
Open

Restore AES-GCM as the cipher mode across all implementations #16

gnarea opened this issue Nov 25, 2020 · 0 comments
Labels
bug Something isn't working libs Applicable to the JS/JVM/etc libraries
Milestone
General Availability

Comments

@gnarea
Copy link
Member

gnarea commented Nov 25, 2020
edited
Loading

As a workaround for PeculiarVentures/PKI.js#287, I had to downgrade the cipher mode from GCM to CBC across the board. This is OK for the current phase of Relaynet, but the lack of authenticated encryption is going to block the eventual General Availability of Relaynet.

Note that the lack of support for AES-GCM is a violation of RS-018: https://specs.relaynet.network/RS-018#symmetric-ciphers

The eventual fix should reinstate support for AES-GCM and make it the default, whilst still supporting AES-CBC for backwards compatibility.

See also:
@gnarea gnarea added bug Something isn't working libs Applicable to the JS/JVM/etc libraries labels Nov 25, 2020
@gnarea gnarea added this to the General Availability milestone Nov 25, 2020
gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Nov 25, 2020
@gnarea
fix(CMS): Downgrade AES cipher mode to CBC
12965ff 
Fixes relaycorp/awala-gateway-internet#204

See also: relaycorp/relayverse#16
@gnarea gnarea mentioned this issue Nov 25, 2020
Merged
kodiakhq bot pushed a commit to relaycorp/relaynet-core-js that referenced this issue Nov 25, 2020
@gnarea
fix(CMS): Downgrade AES cipher mode from GCM to CBC (#189)
a1f1536 
Fixes relaycorp/awala-gateway-internet#204

See also: relaycorp/relayverse#16
gnarea added a commit to relaycorp/awala-jvm that referenced this issue Nov 25, 2020
@gnarea
fix(CMS): Downgrade AES cipher mode from GCM to CBC
ddc554a 
Fixes relaycorp/awala-gateway-internet#204

See also: relaycorp/relayverse#16
@gnarea gnarea mentioned this issue Nov 25, 2020
Merged
github-actions bot pushed a commit to relaycorp/relaynet-core-js that referenced this issue Nov 25, 2020
@kodiakhq
fix(CMS): Downgrade AES cipher mode from GCM to CBC (#189)
fa61fea 
Fixes relaycorp/awala-gateway-internet#204

See also: relaycorp/relayverse#16 [skip ci] a1f1536
kodiakhq bot pushed a commit to relaycorp/awala-jvm that referenced this issue Nov 25, 2020
@gnarea
fix(CMS): Downgrade AES cipher mode from GCM to CBC (#98)
297d5e7 
Fixes relaycorp/awala-gateway-internet#204

See also: relaycorp/relayverse#16
@gnarea gnarea mentioned this issue Nov 25, 2020
Merged
gnarea added a commit to relaycorp/relaynet-gateway-android that referenced this issue Nov 25, 2020
@gnarea
fix: Upgrade Relaynet library to use AES-CBC
c2af469 
See: relaycorp/relayverse#16

The counterpart to this change will land on the server in a few minutes: relaycorp/awala-gateway-internet#299
@gnarea gnarea mentioned this issue Nov 25, 2020
Merged
kodiakhq bot pushed a commit to relaycorp/relaynet-gateway-android that referenced this issue Nov 25, 2020
@gnarea
fix: Upgrade Relaynet library to use AES-CBC (#201)
ab22c5e 
This change will allow the Android GW to (de)encrypt cargo exchanged with the public gateway. See: relaycorp/relayverse#16

The counterpart to this change will land on the server in a few minutes: relaycorp/awala-gateway-internet#299
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working libs Applicable to the JS/JVM/etc libraries
Projects
None yet
Milestone
General Availability
Development

No branches or pull requests
1 participant
@gnarea