Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add v6 SKESK #2207

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add v6 SKESK #2207

wants to merge 4 commits into from

Conversation

TJ-91
Copy link
Contributor

@TJ-91 TJ-91 commented Mar 26, 2024

I added generating and parsing of v6 SKESK packets. They work similarly to the already implemented AEAD stuff, but use SEIPDv2 instead, and also, use HKDF for key derivation.

I added the Crypto Refresh test vectors for EAX/OCB, as well as an encrypt-decrypt test.

Further, I added the rnp_op_encrypt_enable_skesk_v6() API call that enables creating v6 SKESK. In the CLI it can be activated with --enable-v6-skesk.

The default behaviour for SKESK should be the same as before, even when compiling with ENABLE_CRYPTO_REFRESH.

Copy link

codecov bot commented Apr 8, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.81%. Comparing base (0fc76d5) to head (15d6195).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2207   +/-   ##
=======================================
  Coverage   84.81%   84.81%           
=======================================
  Files         116      116           
  Lines       23292    23292           
=======================================
  Hits        19755    19755           
  Misses       3537     3537           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@falko-strenzke
Copy link
Contributor

When this gets merged RNP would also need a way to control whether to use the v6 SKESK or the v5 SKESK via FFI or CLI.
@TJ-91 @ni4


/* Use SEIPDv2 for SKESK if enabled and preconditions are met */
if (handler->ctx->enable_skesk_v6 && handler->ctx->aalg != PGP_AEAD_NONE &&
skeycount > 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: what is the meaning of skeycount in this context?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

    pkeycount = handler->ctx->recipients.size();
    skeycount = handler->ctx->passwords.size();

These are the number of SKESK or PKESK packets.

When writing the code I assumed that only one of those variables is non-zero, meaning, we have distinct cases for symmetric and asymmetric encryption. I now think that is a wrong assumption and you can actually use PKESK and SKESK packets simultaniously for the same SEIPD message.

Thus, I will need to adapt the logic here to also take into account the v2-SEIPD capability of the "PKESK recipients".

@TJ-91
Copy link
Contributor Author

TJ-91 commented Sep 23, 2024

@ni4 from my view this could be merged. Do you have any comments on the PR?

Copy link
Contributor

@ni4 ni4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@ni4
Copy link
Contributor

ni4 commented Sep 23, 2024

@ni4 from my view this could be merged. Do you have any comments on the PR?

@TJ-91 looks good, thanks. Let's wait for one more approval.

@ni4
Copy link
Contributor

ni4 commented Oct 4, 2024

@TJ-91 Could you please resolve conflicts here? I'm not seem able to push to this branch. Thanks!

@TJ-91
Copy link
Contributor Author

TJ-91 commented Oct 7, 2024

@ni4 I rebased (but now checks fail like on main)

@ni4
Copy link
Contributor

ni4 commented Oct 7, 2024

@TJ-91 Thanks. Windows and lint CI failure must be fixed via the PR #2282, so it seems another rebase would be needed once that PR is merged )

@ni4
Copy link
Contributor

ni4 commented Oct 29, 2024

@TJ-91 there is some merge conflict here.

@TJ-91
Copy link
Contributor Author

TJ-91 commented Oct 29, 2024

@TJ-91 there is some merge conflict here.

I rebased

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants