Document probe points for generic cryptographic operations

Question

Document probe points for generic cryptographic operations

Opened this issue a year ago · 1 comments

It would make sense to define some probe points for generic crypto operations, in a protocol agnostic way, for example:

pk::sign, pk::encrypt, pk::decrypt, aead::encrypt, aead::decrypt context names
hash::algorithm, pk::algorithm, pk::key_size, aead::algorithm events

Maybe we could use OID for *::algorithm events if it is not too much burden to parse.

Answer 1 · 2024-04-02T09:41:42.000Z

Some PQC algorithms don't yet have OIDs, and maybe some of them (think NTRU Prime in OpenSSH) might not get them soon, either. On the other hand, I also don't have a better suggestion other than implementation-defined strings, which might be even worse.