log.Fatalln("invalid private keys len")
}
var from *sign.PubData
- if kem.From != nil {
- if bytes.Equal(kem.From, bytes.Repeat([]byte{0}, 32)) {
+ if kem.Auth != nil && *kem.Auth {
+ if kem.From == nil {
kem.From = assumeFrom
}
var signed *sign.Signed
log.Fatalln("invalid private keys len")
}
var from *sign.PubData
- if kem.From != nil {
- if bytes.Equal(kem.From, bytes.Repeat([]byte{0}, 32)) {
+ if kem.Auth != nil && *kem.Auth {
+ if kem.From == nil {
kem.From = assumeFrom
}
var signed *sign.Signed
if err != nil {
log.Fatal(err)
}
- if *noFrom {
- kem.From = bytes.Repeat([]byte{0}, 32)
- } else {
+ {
+ t := true
+ kem.Auth = &t
+ }
+ if !*noFrom {
kem.From = fromId
}
}
if err != nil {
log.Fatal(err)
}
- if *noFrom {
- kem.From = bytes.Repeat([]byte{0}, 32)
- } else {
+ {
+ t := true
+ kem.Auth = &t
+ }
+ if !*noFrom {
kem.From = fromId
}
}
A string `keks:"a"`
CEK []byte `keks:"cek"`
To []byte `keks:"to,omitempty"`
+ Auth *bool `keks:"auth,omitempty"`
From []byte `keks:"from,omitempty"`
// balloon-blake2b-hkdf related
-Public-key based [cm/kem/]s provides sender authentication
-*only* if "/kem/*/from" field is specified. It should contain public
-key's "/data/id", but may be equal to 256-bit zeros, to explicitly
-specify that sender's public key is used, but it is anonymous and
-hidden. It is not specified how recipient should find corresponding
-sender's key that way -- implementation/protocol specific.
+Public-key based [cm/kem/]s provides sender authentication *only* if
+"/kem/*/auth" field is set. "/kem/*/from" field may contain public
+key's "/data/id", otherwise sender is hidden. It is not specified
+how recipient should find corresponding sender's key that way --
+implementation/protocol specific.
Optional "/pubs" is a list public keys, which may be used to supply
-sender's public key(s). Public keys may be encrypted, to hide the actual
-deanonymisation contents.
+sender's public key(s). Public keys may be encrypted, to hide the
+actual deanonymisation contents.
{field ukm {bin} len=16} {# additional keying material}
{field pub {bin} >0} {# sender's ephemeral public key}
{field to {with fpr} optional} {# recipient's public key}
+ {field auth {bool} optional}
{field from {with fpr} optional} {# sender's public key}
}
{field cek {bin} >0} {# wrapped CEK}
{field encap {bin} >0}
{field to {with fpr} optional} {# recipient's public key}
+ {field auth {bool} optional}
{field from {with fpr} optional} {# sender's public key}
}