Secretstream API with state serialization

[stnmtz]

Hi there,

I would like to use the secretstream API with libsodium.JS and would like to serialize the respective state of the stream - as the stream should be re-used over multiple restarts of the application. However, I don't see a possibility to save/load a stream's state with libsodium.js (neither with the libsodium API), as the stream's state is always an address which I guess is a pointer to the actual state within the Webassembly memory.

As such, I guess that the secretstream API is only intended for session-based (online) streams rather than a long-running stream with offline messages?

Would it be possible to have a state serialization API, something like secretstream_state(stream) returning the current state of the stream? Or is there another possibility to access the stream's state over libsodium.js which I haven't seen yet?

Best Regards

[jedisct1]

Hi!

The state is crypto_secretstream_xchacha20poly1305_statebytes() bytes, starting at the pointer. It doesn't contain any indirections or internal pointers, so the state can be saved and loaded as is.

A serialization API wouldn't do anything except directly copy these bytes, something you can already do.

I'm not sure that having an explicit API would be a good idea, as it would encourage state reuse, that would completely ruin the scheme's security guarantees.

But you can always read these bytes from the JavaScript code if this is something you really need.