bdfb0b2775
Previously encryptPayload() used empty AAD, allowing ciphertext to be replayed across different contexts. Now includes header fields as AAD: - ephemeral_pubkey: Binds to sender identity - timestamp: Replay protection (5 min window) - service_type: Context binding (WORLD/FEED/MESSAGE/DIRECT) API changes: - encryptPayload() now requires service_type parameter - decryptPayload() now requires expected_service_type parameter - EncryptedPayload extended with timestamp and service_type fields - New error types: ServiceTypeMismatch, TimestampTooOld, TimestampInFuture Security: Ciphertext is now cryptographically bound to sender, timestamp, and service context. Replay and context confusion attacks are prevented via AAD verification during decryption. Fixes P0 security audit issue: Missing AAD in AEAD Encryption |
||
|---|---|---|
| .. | ||
| l0-transport | ||
| l1-identity | ||
| l1-membrane | ||
| l2-federation | ||
| l2-membrane | ||
| l2_session | ||
| LICENSE | ||