Skip to content

Feat/crypto registry aes gcm siv #759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Mehrn0ush wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Feat/crypto registry aes gcm siv #759

Mehrn0ush wants to merge 3 commits into from
+17 −7

Conversation

@Mehrn0ush
Copy link
Contributor

@Mehrn0ush Mehrn0ush commented Jan 1, 2026

As discussed in ticket #758, this PR adds AES-GCM-SIV as an AEAD variant to the Cryptography Registry.

Fixes #758

Details

  • Adds standardized AES-GCM-SIV (RFC 8452) as an ae variant under the existing AES family

Scope

  • Registry data only (schema/cryptography-defs.json)
  • No schema or specification behavior changes

@Mehrn0ush Mehrn0ush requested a review from a team as a code owner January 1, 2026 15:03
@stevespringett stevespringett added the cap: cryptography Capability: Cryptography (CBOM) label Jan 2, 2026
bhess
bhess suggested changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @Mehrn0ush, for adding AES-GCM-SIV, this looks good to me.

Please check my comment regarding the pattern.
I also noticed some changes duplicated from your other PRs (XChaCha20, TUAK, and bcrypt). You might want to remove those from this PR to ensure a clean merge.

schema/cryptography-defs.json
"url": "https://doi.org/10.17487/RFC8452"
}
],
"pattern": "AES[-(128|192|256)]-GCM-SIV[-{tagLength}][-{ivLength}]",
Copy link
Contributor

@bhess bhess Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After reading the RFC, I understand that in AES-GCM-SIV the tagLength and ivLength are fixed at 16 bytes and 12 bytes, respectively. Since these values are well-defined by the RFC, the [-{tagLength}][-{ivLength}] portion can be removed from the pattern.

@stevespringett stevespringett added the cap: cryptography-registry Capability: Cryptography Registry label Jan 8, 2026
@jkowalleck jkowalleck requested a review from Copilot January 15, 2026 13:03
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds AES-GCM-SIV support to the Cryptography Registry as requested in issue #758. However, it also includes several unrelated changes that were not mentioned in the PR description.

Changes:

  • Adds AES-GCM-SIV (RFC 8452) as an AEAD variant to the AES family
  • Adds XChaCha20-Poly1305 to ChaCha20 family variants (not mentioned in PR description)
  • Removes BLAKE2b-HMAC variant (not mentioned in PR description)
  • Fixes spelling errors in TUAK patterns (TUAC -> TUAK)
  • Fixes typo in bcrypt pattern (closing parenthesis -> closing brace)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

schema/cryptography-defs.json
Comment on lines +481 to +484
},
{
"pattern": "XChaCha20-Poly1305",
"primitive": "ae"
Copy link

Copilot AI Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The addition of XChaCha20-Poly1305 is not mentioned in the PR description or issue #758. This change should either be removed from this PR and submitted separately with appropriate justification, or the PR description should be updated to explain why this variant is being added.

Suggested change
},
{
"pattern": "XChaCha20-Poly1305",
"primitive": "ae"

Copilot uses AI. Check for mistakes.
schema/cryptography-defs.json
Comment on lines 947 to 950
{
"pattern": "BLAKE2s-(160|256)",
"primitive": "hash"
},
{
"pattern": "BLAKE2b-(160|256|384|512)-HMAC",
"primitive": "mac"
}
Copy link

Copilot AI Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The removal of the BLAKE2b-HMAC variant (lines 944-946 in the original) is not mentioned in the PR description or issue #758. This deletion should either be reverted and submitted in a separate PR with appropriate justification, or the PR description should be updated to explain why this variant is being removed.

Copilot uses AI. Check for mistakes.
stevespringett
stevespringett requested changes Jan 15, 2026
View reviewed changes
Copy link
Member

@stevespringett stevespringett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the pattern based on the suggestion from @bhess

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stevespringett stevespringett stevespringett requested changes

+1 more reviewer

@bhess bhess bhess requested changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Defect]: Missing AES-GCM-SIV AEAD variant in Cryptography Registry

3 participants

@Mehrn0ush @bhess @stevespringett