rnp icon indicating copy to clipboard operation
rnp copied to clipboard

Published 20 hours ago verified publisher icon rnpgp

Update draft 06

Open TJ-91 opened this issue 1 year ago • 2 comments

This PR updates to the newest PQC draft version, as well as fixes v6 signature salt.

V6 / RFC 9580

  • correctly implement v6 salt for document signatures (was only properly working for key signatures before)
    • change HashList for use with salt
    • implement v6 OPS with salt
    • gracefully fail when verifying v6 cleartext signatures by skipping them. Due to the salt that is detected at the end, two passes are required which requires further changes to the code.
  • add Ed448/X448 standalone algorithms

PQC

  • final PQC NIST standard algorithms
  • update to PQC draft version 06: KEM Combiner, SLH-DSA parameters, Test Vectors, ...
    • -06 is not-yet published but will be -05 with fixed test vectors
  • Add X448 and Ed448 for composite PQC combinations

Botan

  • Both ENABLE_CRYPTO_REFRESH and ENABLE_PQC now require Botan 3.6.
    • Ed448/X448 only available from 3.4
    • ML-KEM / ML-DSA / SLH-DSA final NIST standards available from Botan 3.6
    • Supporting partial features from lower Botan versions would mean to either have lots of deprecation warnings or have special code for the different versions.

TJ-91 avatar Nov 04 '24 16:11 TJ-91

Codecov Report

Attention: Patch coverage is 95.74468% with 2 lines in your changes missing coverage. Please review.

Project coverage is 84.81%. Comparing base (0fc76d5) to head (9b25a0c). Report is 157 commits behind head on main.

Files with missing lines Patch % Lines
src/librepgp/stream-packet.cpp 93.33% 1 Missing :warning:
src/librepgp/stream-sig.cpp 83.33% 1 Missing :warning:
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2287   +/-   ##
=======================================
  Coverage   84.81%   84.81%           
=======================================
  Files         116      116           
  Lines       23292    23311   +19     
=======================================
+ Hits        19755    19772   +17     
- Misses       3537     3539    +2

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Nov 04 '24 16:11 codecov[bot]

Fedora tests fail due to building with Botan 3.3.0, same as building Fuzzers with 3.4.0.

@ni4 do you have any feedback / comments for the PR?

TJ-91 avatar Nov 19 '24 15:11 TJ-91

closing in favor of #2355

TJ-91 avatar Jul 14 '25 08:07 TJ-91