14547d9 · Oversight

v0.4.11: hardware-keys completion across every reference implementation

Closes the OSGT-HW-P256-v1 surface in Python and the browser viewer
to match what shipped in Rust + the seal-side container path on main:

- oversight_core.crypto: wrap_dek_for_recipient_p256 +
  unwrap_dek_p256 accepting EllipticCurvePrivateKey, PKCS#8 bytes,
  or raw integer scalar (10/10 unit tests).
- oversight_core.container: SUITE_HW_P256_V1_ID = 3 in
  SUITE_ID_TO_NAME so the binary container dispatcher recognizes the
  new suite the same way Rust does.
- viewer.js: decryptSealedHwP256 + suite-id-3 dispatch using the
  vendored noble/curves p256 module. SUITE_NAMES knows the third
  suite name so the inspector displays "OSGT-HW-P256-v1" instead of
  "unknown(3)".
- viewer/vendor: noble-curves-nist-2.2.0.js + 2 transitive deps
  (sha2.js, hmac.js) with imports rewritten to relative paths so the
  inspector stays offline-capable. SHAs recorded.
- viewer/samples: tutorial-hw-p256.sealed + identity, generated by a
  new tools/gen_hw_p256_sample.py (no oqs dependency, runs anywhere
  with cryptography installed).
- viewer/index.html: imports the noble/curves p256 module, threads it
  through to decryptSealed as a 5th argument, "Load hardware P-256
  tutorial identity" button + sample link. Explanatory copy now
  describes all three suites.
- SPEC.md sec 4.1.3 + sec 5.2: per-suite wrapped_dek shapes, KDF
  info strings, and AAD values pinned. Cross-suite mismatch rule
  codified.

Public API additive throughout. v0.4.10 callers unchanged. The only
remaining hardware-keys piece is PivKeyProvider (PKCS#11 binding to
actual tokens) and the corresponding --recipient-hw CLI flag.

14547d9 Zion Boggan committed on May 8, 2026 (1 month ago)

CHANGELOG.md +8 -1

		@@ -1,6 +1,13 @@
		# Oversight CHANGELOG

	-	## Unreleased
	+	## v0.4.11 - 2026-05-08 Hardware-keys completion: Python parity, browser support, end-to-end seal
	+
	+	The `OSGT-HW-P256-v1` suite is now implemented end-to-end across all
	+	three reference implementations: Rust core, Python core, and the
	+	public browser inspector. Every layer of the protocol ships every
	+	suite. The only piece deferred to a follow-up is the `PivKeyProvider`
	+	(PKCS#11 binding to actual hardware tokens) and the matching
	+	`--recipient-hw` CLI flag.

		- **`oversight_core.crypto`: Python parity for `OSGT-HW-P256-v1`
		(2026-05-08).** New `wrap_dek_for_recipient_p256` and `unwrap_dek_p256`

README.md +19 -0

		@@ -110,6 +110,25 @@ The attribute command runs a 5-phase pipeline:
		4. Multi-layer Bayesian fusion combining all evidence into ranked candidates
		5. Content fingerprint comparison (winnowing + sentence hashing) as a last resort when all watermarks are stripped

	+	## What's new in v0.4.11
	+
	+	Hardware-keys completion across every reference implementation. v0.4.11
	+	finishes what v0.4.10 started. The `OSGT-HW-P256-v1` suite now ships
	+	end-to-end in `oversight_core.crypto` (Python: `wrap_dek_for_recipient_p256`,
	+	`unwrap_dek_p256` accepting `EllipticCurvePrivateKey`, PKCS#8 bytes, or raw
	+	integer scalars), in `oversight-container` (`seal_hw_p256` +
	+	`open_sealed_with_provider` polymorphic dispatch on `suite_id`), in the
	+	manifest schema (`Recipient.p256_pub` optional field, deserialization
	+	back-compatible), and in the public browser inspector at
	+	<https://oversightprotocol.dev/viewer/> via vendored `@noble/curves` P-256
	+	ECDH. Every existing classic and hybrid call site is unchanged. The
	+	container's existing rule that the unsigned `suite_id` header must match
	+	the signed `manifest.suite` covers cross-suite-mixing attacks for free.
	+	A new `tools/gen_hw_p256_sample.py` produces the public viewer's
	+	`tutorial-hw-p256.sealed` fixture without needing `oqs` or hardware. The
	+	last piece of the hardware story, `PivKeyProvider` against PKCS#11, is
	+	the next bounded follow-up.
	+
		## What's new in v0.4.10

		Hardware-keys foundation. `oversight-crypto` now exposes a

oversight_core/__init__.py +1 -1

		@@ -31,4 +31,4 @@ __all__ = [
		"l3_policy",
		]

	-	__version__ = "0.4.10"
	+	__version__ = "0.4.11"

pyproject.toml +1 -1

		@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

		[project]
		name = "oversight-protocol"
	-	version = "0.4.10"
	+	version = "0.4.11"
		description = "Open protocol for cryptographic data provenance, recipient attribution, and leak detection."
		readme = "README.md"
		license = {text = "Apache-2.0"}