BrianSipos
commented
1 year ago One hypothetical way to do this is instead of a simple AAD Scope as is now:
AAD-scope = uint .bits AAD-scope-flags
AAD-scope-flags = &(
has-primary-ctx: 0,
has-target-ctx: 1,
has-security-ctx: 2,
)it changes to flags per block number:
AAD-scope = {
block-num: uint,
use-content: uint .bits AAD-scope-flags
}
AAD-scope-flags = &(
AAD-metadata: 0,
AAD-btsd: 1,
)with logic about how to handle special cases like:
- for block number 0 (primary block) the
use-contentflags are ignored (it's always the whole primary block), and - for block number of the BPSec security or BPSec target block the
AAD-btsdmust always be unset.
Doing it this way keeps compatibility with the earlier (and BPSec default SC) when the scope contains primary, security, or target blocks with only AAD-metadata bit set.
Rather than be limited to just the primary block and the target block metadata, it would be helpful if the AAD Scope was able to specify block metadata and/or BTSD for other non-target blocks.
This would allow encrypting or signing the payload block #1 and require that it arrives with extension blocks #4 and #5, for example. The block metadata just ensures that it exists with the same type, the BTSD ensures that it has the same content.
Without this I can encrypt the payload with a BCB but have no ability to ensure needed plaintext extensions are untouched without additional BIBs.