rnp icon indicating copy to clipboard operation
rnp copied to clipboard

Published 20 hours ago verified publisher icon rnpgp

PQC and Crypto Refresh Updates

Open TJ-91 opened this issue 11 months ago • 1 comments

Some further improvements to the code. The changes to PQC and Crypto Refresh are all guarded by ifdefs. Please make sure that you are satisfied with the "General Changes" which contain changes to the default RNP build.

PQC Changes

  • Adapt to new draft version https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02
    • New Algorithm IDs (private/experimental) and a PKESKv3 wire format change.
  • some cli / key gen changes
  • add API call: rnp_key_sphincsplus_get_param(), so that the parameter set of the key can be retrieved.
  • Add CMake Flag ENABLE_PQC_MLKEM_IPD. Will use MLKEM-ipd implementation of Botan instead of Kyber Round 3 Submission. This is only available in a PR branch for Botan, yet to be released in an official Botan version.
  • Make it possible to compile PQC without compiling Crypto Refresh.

Crypto Refresh Changes

  • Add key features subpacket to direct-key signatures
  • Add AEAD Ciphersuite Preferences subpacket

General Changes

  • subkey encryption: changed logic in ffi_pass_callback_stdin(), see Commit 9401d6a8225f6de87fb66c4e8da454391561349e
    • before, only caches the password for one subkey
    • now uses a subkey counter and stores it for all subkeys that follow
    • needed for a PQC certificate option where 2 subkeys are created
  • replace pgp_key_feature_t with uint32_t in several places, see Commit 4feee73936068dd760513724814cc2b6f0756f20

TJ-91 avatar Mar 06 '24 10:03 TJ-91

Codecov Report

Attention: Patch coverage is 84.61538% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 77.42%. Comparing base (86c0cfd) to head (1b94354).

Files Patch % Lines
src/librepgp/stream-sig.cpp 0.00% 2 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2194      +/-   ##
==========================================
+ Coverage   77.32%   77.42%   +0.09%     
==========================================
  Files         194      193       -1     
  Lines       37742    37466     -276     
==========================================
- Hits        29184    29007     -177     
+ Misses       8558     8459      -99

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Mar 06 '24 10:03 codecov[bot]

@ni4 does this PR look good to you? Are there any known problems with the two failing tests or did I introduce a bug?

TJ-91 avatar Mar 21 '24 12:03 TJ-91

@TJ-91 Thanks, I'll make a review. I retastarted failed CI runs, there are some issues which rarely happens on random occassions/random data (like this one, particularly hit on Windows: https://github.com/randombit/botan/issues/3812 ).

ni4 avatar Mar 22 '24 13:03 ni4

Thanks, the tests passed now

TJ-91 avatar Mar 26 '24 13:03 TJ-91

Thanks for the comments, hope this fixes them. I force pushed because I overlooked some comments

TJ-91 avatar Mar 27 '24 16:03 TJ-91

done :+1:

TJ-91 avatar Apr 02 '24 07:04 TJ-91

done 👍

Looks like there are some memory leaks in PQC tests. Other seem to be just random failures, which happens sometimes.

ni4 avatar Apr 02 '24 10:04 ni4

The leaks seem to be fixed now

TJ-91 avatar Apr 02 '24 13:04 TJ-91

The leaks seem to be fixed now

Should be good to go now, thanks!

ni4 avatar Apr 02 '24 17:04 ni4