Support passing context with AEAD interface

[david-bain]

Help us help you

We are using Tink extensively to provide encryption for calls through out GRPC proxy as part of our platform offering.

Is your feature request related to a problem?

The problem we are seeing is that we are unable to link our encrypt and decryption lower level functionality, such as calling out to our KMS to our app workflow traces. This is because the tink.AEAD interface functions to not accept a context so the linking context back to the original GRPC request is lost.

What sort of feature would you like to see?

It would be very useful for the encrypt and decrypt functions under the tink.AEAD interface to support passing the context in.
This would support:

• Properly linked spans and traces back to the parent spans of the higher functions
• Cancel/timeout of external API calls, such as when a remote KMS is called during encrypt/decrypt

Passing the context is part of GCP/AWS cloud api calls and is generally a standard method for any remote API call.

Have you considered any alternative solutions?

I can't think of an alternative solution

Would you like to add additional context?

You can see this issue in the gpc-kms encrypt/decrypt functions that have lost context and therefore can

[tholenst]

Note: tink-crypto/tink#255 asked for the same thing and is much older.

[scorpionknifes]

Hey I'm interested in working on this, does this proposal need to be approved? This interface change is breaking and looks like it would require a major bump.

[juergw]

We agree that this is an issue that we should address, and we plan to work on this in the next months. And yes, it is a bit tricky because we don't want to break current users of AEAD, and we probably also don't want to do a major version increase because of this. So I don't think this is a good candidate for contributions.

[juergw]

We have planed to add this, but we don't have a timeline for it yet.