Open geonnave opened 1 month ago
Right now the library only supports Cipher Suite 2: AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256.
We should support more cipher suites, and also enable negotiation of cipher suites.
According to the spec...
Implementations MUST support cipher suites 2 and 3 (note that these only differ in the size of the MAC length)
Cipher suites 0-3, based on AES-CCM, are intended for constrained IoT where message overhead is a very important factor:
0. AES-CCM-16-64-128, SHA-256, 8, X25519, EdDSA, AES‑CCM‑16‑64‑128, SHA-256 1. AES-CCM-16-128-128, SHA‑256, 16, X25519, EdDSA, AES‑CCM‑16‑64‑128, SHA-256 2. AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256 3. AES-CCM-16-128-128, SHA-256, 16, P-256, ES256, AES-CCM-16-64-128, SHA-256
Ciphers with ChaCha/Poly:
4. ChaCha20/Poly1305, SHA-256, 16, X25519, EdDSA, ChaCha20/Poly1305, SHA-256 5. ChaCha20/Poly1305, SHA-256, 16, P-256, ES256, ChaCha20/Poly1305, SHA-256
I agree on the plan outlined here! We should also discuss in parallel with this how to enable support for multiple authentication methods.
support for multiple authentication methods.
Tracked in #278.
Right now the library only supports Cipher Suite 2: AES-CCM-16-64-128, SHA-256, 8, P-256, ES256, AES-CCM-16-64-128, SHA-256.
We should support more cipher suites, and also enable negotiation of cipher suites.
Some background
According to the spec...
Implementations MUST support cipher suites 2 and 3 (note that these only differ in the size of the MAC length)
Cipher suites 0-3, based on AES-CCM, are intended for constrained IoT where message overhead is a very important factor:
Ciphers with ChaCha/Poly:
Plan