Add v6 SKESK by TJ-91 · Pull Request #2207 · rnpgp/rnp

TJ-91 · 2024-03-26T15:38:18Z

I added generating and parsing of v6 SKESK packets. They work similarly to the already implemented AEAD stuff, but use SEIPDv2 instead, and also, use HKDF for key derivation.

I added the Crypto Refresh test vectors for EAX/OCB, as well as an encrypt-decrypt test.

Further, I added the rnp_op_encrypt_enable_skesk_v6() API call that enables creating v6 SKESK. In the CLI it can be activated with --enable-v6-skesk.

The default behaviour for SKESK should be the same as before, even when compiling with ENABLE_CRYPTO_REFRESH.

codecov · 2024-04-08T09:38:06Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.46%. Comparing base (0d5c2b9) to head (646380f).

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #2207    +/-   ##
========================================
  Coverage   85.46%   85.46%            
========================================
  Files         126      126            
  Lines       22713    22477   -236     
========================================
- Hits        19411    19210   -201     
+ Misses       3302     3267    -35

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

falko-strenzke · 2024-04-24T14:19:02Z

When this gets merged RNP would also need a way to control whether to use the v6 SKESK or the v5 SKESK via FFI or CLI.
@TJ-91 @ni4

falko-strenzke · 2024-06-04T08:20:11Z

src/librepgp/stream-write.cpp

+
+    /* Use SEIPDv2 for SKESK if enabled and preconditions are met */
+    if (handler->ctx->enable_skesk_v6 && handler->ctx->aalg != PGP_AEAD_NONE &&
+        skeycount > 0) {


Question: what is the meaning of skeycount in this context?

pkeycount = handler->ctx->recipients.size(); skeycount = handler->ctx->passwords.size();

These are the number of SKESK or PKESK packets.

When writing the code I assumed that only one of those variables is non-zero, meaning, we have distinct cases for symmetric and asymmetric encryption. I now think that is a wrong assumption and you can actually use PKESK and SKESK packets simultaniously for the same SEIPD message.

Thus, I will need to adapt the logic here to also take into account the v2-SEIPD capability of the "PKESK recipients".

TJ-91 · 2024-09-23T12:48:50Z

@ni4 from my view this could be merged. Do you have any comments on the PR?

ni4

LGTM, thanks!

ni4 · 2024-09-23T13:36:34Z

@ni4 from my view this could be merged. Do you have any comments on the PR?

@TJ-91 looks good, thanks. Let's wait for one more approval.

ni4 · 2024-10-04T10:19:37Z

@TJ-91 Could you please resolve conflicts here? I'm not seem able to push to this branch. Thanks!

TJ-91 · 2024-10-07T08:34:43Z

@ni4 I rebased (but now checks fail like on main)

ni4 · 2024-10-07T09:10:09Z

@TJ-91 Thanks. Windows and lint CI failure must be fixed via the PR #2282, so it seems another rebase would be needed once that PR is merged )

ni4 · 2024-10-29T09:49:32Z

@TJ-91 there is some merge conflict here.

TJ-91 · 2024-10-29T10:31:08Z

@TJ-91 there is some merge conflict here.

I rebased

src/librepgp/stream-write.cpp

TJ-91 · 2025-07-15T08:24:49Z

@ni4 I rebased again and all checks pass. Is it ready to merge?

TJ-91 force-pushed the add-v6-skesk branch from b50719b to 4e365aa Compare March 26, 2024 15:41

TJ-91 force-pushed the add-v6-skesk branch from 9343721 to b74386c Compare April 8, 2024 11:10

falko-strenzke mentioned this pull request Apr 25, 2024

Overview of Branches pqc-thunderbird/rnp#69

Closed

falko-strenzke approved these changes Jun 4, 2024

View reviewed changes

TJ-91 force-pushed the add-v6-skesk branch from 979a001 to 9ea7901 Compare June 11, 2024 12:26

TJ-91 force-pushed the add-v6-skesk branch from 9ea7901 to fad6ff8 Compare September 20, 2024 08:07

ni4 approved these changes Sep 23, 2024

View reviewed changes

ni4 requested review from desvxx and ronaldtse September 23, 2024 13:36

TJ-91 force-pushed the add-v6-skesk branch from fad6ff8 to 059acad Compare October 7, 2024 08:03

TJ-91 force-pushed the add-v6-skesk branch from 059acad to 58d0f72 Compare October 17, 2024 14:07

TJ-91 force-pushed the add-v6-skesk branch from 58d0f72 to 34711b0 Compare October 29, 2024 10:30

TJ-91 force-pushed the add-v6-skesk branch from 34711b0 to 530c53c Compare November 4, 2024 09:31

TJ-91 force-pushed the add-v6-skesk branch from 530c53c to 15d6195 Compare November 12, 2024 09:09

TJ-91 mentioned this pull request Jul 14, 2025

Update PQC Draft to Version 12 #2355

Open

TJ-91 force-pushed the add-v6-skesk branch from 15d6195 to 9da228e Compare July 14, 2025 13:28

github-advanced-security bot found potential problems Jul 14, 2025

View reviewed changes

src/librepgp/stream-write.cpp Fixed Show fixed Hide fixed

add v6 SKESK

646380f

TJ-91 force-pushed the add-v6-skesk branch from 9da228e to 646380f Compare July 15, 2025 07:37

Conversation

TJ-91 commented Mar 26, 2024

Uh oh!

codecov bot commented Apr 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

falko-strenzke commented Apr 24, 2024

Uh oh!

falko-strenzke Jun 4, 2024

Choose a reason for hiding this comment

Uh oh!

TJ-91 Jun 4, 2024

Choose a reason for hiding this comment

Uh oh!

TJ-91 commented Sep 23, 2024

Uh oh!

ni4 left a comment

Choose a reason for hiding this comment

Uh oh!

ni4 commented Sep 23, 2024

Uh oh!

ni4 commented Oct 4, 2024

Uh oh!

TJ-91 commented Oct 7, 2024

Uh oh!

ni4 commented Oct 7, 2024

Uh oh!

ni4 commented Oct 29, 2024

Uh oh!

TJ-91 commented Oct 29, 2024

Uh oh!

Uh oh!

TJ-91 commented Jul 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov bot commented Apr 8, 2024 •

edited

Loading