-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add PQC support to the Proton branch #231
Draft
lubux
wants to merge
42
commits into
Proton
Choose a base branch
from
feat/pqc
base: Proton
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Commits on Aug 28, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 29bcd2a - Browse repository at this point
Copy the full SHA 29bcd2aView commit details -
Configuration menu - View commit details
-
Copy full SHA for bd59a91 - Browse repository at this point
Copy the full SHA bd59a91View commit details -
openpgp: Add support for symmetric subkeys (#74)
It is sometimes useful to encrypt data under some symmetric key. While this was possible to do using passphrase-derived keys, there was no support for long-term storage of the keys that was used to encrypt the key packets. To solve this, a new type of key is introduced. This key will hold a symmetric key, and will be used for both encryption and decryption of data. Specifically, as with asymmetric keys, the actual data will be encrypted using a session key, generated ad-hoc for these data. Then, instead of using a public key to encrypt the session key, the persistent symmetric key will be used instead, to produce a, so to say, Key Encrypted Key Packet. Conversly, instead of using a private key to decrypt the session key, the same symmetric key will be used. Then, the decrypted session key can be used to decrypt the data packet, as usual. As with the case of AEAD keys, it is sometimes useful to "sign" data with a persistent, symmetric key. This key holds a symmetric key, which can be used for both signing and verifying the integrity of data. While not strictly needed, the signature process will first generate a digest of the data-to-be-signed, and then the key will be used to sign the digest, using an HMAC construction. For technical reasons, related to this implenetation of the openpgp protocol, the secret key material is also stored in the newly defined public key types. Future contributors must take note of this, and not export or serialize that key in a way that it will be publicly availabe. Since symmetric keys do not have a public and private part, there is no point serializing the internal "public key" structures. Thus, symmetric keys are skipped when serialing the public part of a keyring.
Configuration menu - View commit details
-
Copy full SHA for 783ef59 - Browse repository at this point
Copy the full SHA 783ef59View commit details -
Configuration menu - View commit details
-
Copy full SHA for 37452a3 - Browse repository at this point
Copy the full SHA 37452a3View commit details -
Configuration menu - View commit details
-
Copy full SHA for febcea6 - Browse repository at this point
Copy the full SHA febcea6View commit details -
Configuration menu - View commit details
-
Copy full SHA for c2b7cfe - Browse repository at this point
Copy the full SHA c2b7cfeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 197f38d - Browse repository at this point
Copy the full SHA 197f38dView commit details -
Configuration menu - View commit details
-
Copy full SHA for c7c4f36 - Browse repository at this point
Copy the full SHA c7c4f36View commit details -
Configuration menu - View commit details
-
Copy full SHA for 34e4fe1 - Browse repository at this point
Copy the full SHA 34e4fe1View commit details -
Configuration menu - View commit details
-
Copy full SHA for d86ac43 - Browse repository at this point
Copy the full SHA d86ac43View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3a0e6ac - Browse repository at this point
Copy the full SHA 3a0e6acView commit details -
Configuration menu - View commit details
-
Copy full SHA for 53b20e9 - Browse repository at this point
Copy the full SHA 53b20e9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5a964bd - Browse repository at this point
Copy the full SHA 5a964bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for a7a9cdc - Browse repository at this point
Copy the full SHA a7a9cdcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 972ccd8 - Browse repository at this point
Copy the full SHA 972ccd8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 66300b5 - Browse repository at this point
Copy the full SHA 66300b5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8815d5b - Browse repository at this point
Copy the full SHA 8815d5bView commit details -
Configuration menu - View commit details
-
Copy full SHA for e7d584c - Browse repository at this point
Copy the full SHA e7d584cView commit details -
Generate an AEAD subkey when requesting an HMAC primary key.
Configuration menu - View commit details
-
Copy full SHA for e68b818 - Browse repository at this point
Copy the full SHA e68b818View commit details -
Full PQC support (+12 squashed commits)
Squashed commits: Update KDF to use SHA3-256 [5ff62f7] WIP: bump to draft-ietf-openpgp-pqc-01 [3949477] Import CIRCL fork with ML-KEM and ML-DSA [5033a18] Update implementation from draft v1 to v3 - Remove v6 binding for PQC KEMs - Update KDF - Update reference comments - Rename SPHINCS+ to SLH-DSA - Rename Dilithium to ML-DSA - Rename Kyber to ML-KEM - Add vectors generated with RNP - Fix misc bugs and improve tests [c53e2e3] Add benchmarking [d832873] Add read-write tests [8254a42] Bind PQC packets to v6 [21f33d3] Change testdata for Kyber keys and prepare for v6 PKESK [fa295de] Change domain separation [c5bc3c1] Add SPHINCS+ signature support [603ced6] Add references and clean code [9b26049] Prefer PQ keys [6e5ec9c] Add hybrid Kyber + ECDH, Dilithium + EC/EdDSA support
Configuration menu - View commit details
-
Copy full SHA for d537e95 - Browse repository at this point
Copy the full SHA d537e95View commit details -
Configuration menu - View commit details
-
Copy full SHA for 11bb422 - Browse repository at this point
Copy the full SHA 11bb422View commit details -
Configuration menu - View commit details
-
Copy full SHA for bd63291 - Browse repository at this point
Copy the full SHA bd63291View commit details
Commits on Sep 12, 2024
-
Configuration menu - View commit details
-
Copy full SHA for f8daf26 - Browse repository at this point
Copy the full SHA f8daf26View commit details -
Configuration menu - View commit details
-
Copy full SHA for b68ddfb - Browse repository at this point
Copy the full SHA b68ddfbView commit details -
Configuration menu - View commit details
-
Copy full SHA for bce1652 - Browse repository at this point
Copy the full SHA bce1652View commit details -
Configuration menu - View commit details
-
Copy full SHA for 972f2c6 - Browse repository at this point
Copy the full SHA 972f2c6View commit details -
feat: Update to latest circle version
- Update to Fips compliant algorithms
Configuration menu - View commit details
-
Copy full SHA for 28c613e - Browse repository at this point
Copy the full SHA 28c613eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 820b6b5 - Browse repository at this point
Copy the full SHA 820b6b5View commit details
Commits on Sep 24, 2024
-
Configuration menu - View commit details
-
Copy full SHA for a993e70 - Browse repository at this point
Copy the full SHA a993e70View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2e3a702 - Browse repository at this point
Copy the full SHA 2e3a702View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8be8c23 - Browse repository at this point
Copy the full SHA 8be8c23View commit details
Commits on Sep 27, 2024
-
Configuration menu - View commit details
-
Copy full SHA for e9782f8 - Browse repository at this point
Copy the full SHA e9782f8View commit details
Commits on Oct 11, 2024
-
Configuration menu - View commit details
-
Copy full SHA for bcbd610 - Browse repository at this point
Copy the full SHA bcbd610View commit details -
Configuration menu - View commit details
-
Copy full SHA for d8b79f7 - Browse repository at this point
Copy the full SHA d8b79f7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 384a0e0 - Browse repository at this point
Copy the full SHA 384a0e0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 86c81cb - Browse repository at this point
Copy the full SHA 86c81cbView commit details
Commits on Oct 21, 2024
-
Aron Wussler committed
Oct 21, 2024 Configuration menu - View commit details
-
Copy full SHA for 7032100 - Browse repository at this point
Copy the full SHA 7032100View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1fed2e1 - Browse repository at this point
Copy the full SHA 1fed2e1View commit details -
feat: Integrate ML-DSA seed fromat
- openpgp-pqc/draft-openpgp-pqc#146 - Replace draft-ietf-openpgp-pqc-04 with draft-ietf-openpgp-pqc-05
Configuration menu - View commit details
-
Copy full SHA for 2961a8b - Browse repository at this point
Copy the full SHA 2961a8bView commit details -
feat: Update kem key combinder to latest version
openpgp-pqc/draft-openpgp-pqc#150 changed the order of fields in the hash.
Configuration menu - View commit details
-
Copy full SHA for edda65f - Browse repository at this point
Copy the full SHA edda65fView commit details -
Configuration menu - View commit details
-
Copy full SHA for f961bdd - Browse repository at this point
Copy the full SHA f961bddView commit details -
Configuration menu - View commit details
-
Copy full SHA for 88c1313 - Browse repository at this point
Copy the full SHA 88c1313View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.