Miroslav Lichvar c8e57f4350 nts: change ntskeys format to support different algorithms ...

Specify the AEAD ID for each key saved in the ntskeys file instead of
one ID for all keys. Keep support for loading files in the old format.

This will allow servers to save their keys after upgrading to a new
version with AES-128-GCM-SIV support before the loaded AES-SIV-CMAC-256
keys are rotated out.

If an unsupported key is found, don't load any keys. Also, change the
severity of the error message from debug to error.

2022-10-19 15:50:39 +02:00

27 KiB

Raw Blame History

View Raw