WIP: PQC: Implement draft RFC for SLH-DSA (shake128s variant only) #17
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To enable stored messages to be protected using symmetric key encryption and validated using message authentication codes, this set of changes adds support for storing symmetric key material as Secret Key Packets, symmetric key encrypted session keys as Public Key Encrypted Session Key Packets, and MAC tags as Signature Packets. Co-authored-by: Konstantinos Andrikopoulos <kandrikopoulos@proton.ch> Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
Update implementation to reflect spec changes to KDF params (v2 -> v255) and new forwarding-related key flag (0x40).
…rypt autoforwarded messages (#8) These subkeys must not have the standard encryption flags (EtEr) set, as they are not supposed to be used for direct messages. Also: - preserve 'forwarded communication' key flag when reformatting - fix bug allowing to decrypt forwarded messages by setting `config.allowInsecureDecryptionWithSigningKeys` instead of `config.allowForwardedMessages` - add TS definition for `config.allowForwardedMessages`
…llocation (#14) Also, make `ARGON2_WASM_MEMORY_THRESHOLD_RELOAD` a static class property, to be able to change its value.
To ensure compatibility with older mobile clients, which may not support verifying SHA3 message signatures
Much faster than tweetnacl, and no constant-timeness required. We are not using v2 for now, despite being smaller, because it relies on bigint literals, and it requires polyfilling the WebCrypto lib manually in Node < 19.
Implements Draft 6 with custom KEM combiner (https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/) Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
Implements Draft 6 (https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/). Also, chunk ML-KEM and ML-DSA together in lightweight bundle. Noble-curves had to be updated to v1.7.0 to ensure the same version of noble-hashes is used as noble-post-quantum, making it possible to reuse the sha3 code/chunk across libs.
…SA WebCrypto operations Fallback to JS code instead of throwing.
Which also drops ECDH-KEM CCA-conversion. This variant is yet to be adopted under draft 7, hence official test vectors aren't available for now. See openpgp-pqc/draft-openpgp-pqc#161 .
Implements Draft 6 (https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/). NB: signing is currently too slow to be usable (10+ seconds).
larabr
force-pushed
the
main
branch
6 times, most recently
from
cbed563 to
b7fc9a7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements Draft 6 (https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/).
NB: this implementation of SLH-DSA signing is currently too slow to be usable (10+ seconds).
This PR is intended as a proof-of-concept to generate and verify test-vectors across implementations.