-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for ML-KEM PKESK and adding PQC CLI tests #2221
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2221 +/- ##
==========================================
- Coverage 84.02% 83.99% -0.03%
==========================================
Files 114 114
Lines 23062 23066 +4
==========================================
- Hits 19377 19374 -3
- Misses 3685 3692 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
The only failing runners are those that use @ni4 Is it possible that you review this PR in the weeks to come? We have a few other updates in order to make RNP conforming to the PQC draft version 03, see pqc-thunderbird/rnp#69. |
@falko-strenzke Yeah, Botan head introduced changes to FFI aead handling, which is not compatible with our understanding of how it should work :) I'm working on a fix. Sure, I'll review. Feel free to re-ping me if I'll dive into something other. |
@ni4 I just wanted to ask if you currently have a time plan when you will be able to work on this PR. We have one other open PR and a number of other feature branches (listed in this wiki page ), for which we would also make PRs as soon as the existing ones move forward. |
@falko-strenzke sorry, I postponed this because of the issue on vcpkg side, which causes CI to fail (and we cannot merge with failing CI): microsoft/vcpkg#40276 |
3e12bb1
to
701c882
Compare
@ni4 now all checks pass, can you check if it's ready to merge? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see the review comments.
src/lib/pgp-key.cpp
Outdated
@@ -471,6 +471,19 @@ find_suitable_key(pgp_op_t op, pgp_key_t *key, rnp::KeyProvider *key_provider, b | |||
if (!cur || !cur->usable_for(op)) { | |||
continue; | |||
} | |||
#if defined(ENABLE_PQC) | |||
/* prefer PQC over non-PQC. Assume non-PQC key is only there for backwards |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should force PQC here without any flag set by the user. Imagine somebody generated PQC subkey, but still has to continue communicate with people whose software doesn't support PQC yet. This should be done via some flag or something like this, set via rnp_op_encrypt
(or just ignored for now).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This implementation choice is due to the PQC draft stating in 8.1 Key Preferences:
When encrypting to a certificate that has both a valid PQ/T and a valid traditional encryption subkey, an implementation SHOULD use the PQ/T subkey only.
The idea is that PQC encryption is favored in order to mitigate store-now-decrypt-later type attacks and the key has an ECC component to hedge against ML-KEM being broken.
If I'm not mistaken, the code will also prefer PQC signature subkeys. For this scenario, I share your concerns, and it should not be chosen by default. It seems I overlooked this when writing the code. Would you be ok with changing the code such that it only prefers PQC-encryption subkeys but not signature subkeys? This should not cause any interoperability problems since in that scenario both the sender and recipient support PQC and other recipients are not affected by the PKESK (it's not addressed to them and they should ignore it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TJ-91 I still think that it's better to leave this decision to the caller in both casses, probably introducing flag like RNP_KEY_PREFER_PQC
to the rnp_key_get_default_key()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ni4 Ok. It's now implemented for the encryption case only, since I think it doesn't make too much sense for signatures. I also added a test for it.
src/tests/cli_tests.py
Outdated
@@ -398,6 +409,7 @@ def rnp_encrypt_and_sign_file(src, dst, recipients, encrpswd, signers, signpswd, | |||
if ret != 0: | |||
raise_err('rnp encrypt-and-sign failed', err) | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this empty line here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@ni4 sorry for bothering you with this. Before adding the last commit, all checks passed. Now codecov says, there is less code coverage: First, I don't add new untested cases in the new commit. You can check it yourself here: 8e59c0c . So it's unintuitive to me that adding this commit makes codecov fail now. Second, when looking at https://app.codecov.io/gh/rnpgp/rnp/pull/2221, the overview of changed files suggest that the first 4 files change 0% and the last file actually changes +0.01%, meaning more coverage. Third, in the indirect changes tab, I get a few lines that are not even remotely correlated to the patch but it seems to affect the code coverage for this patch negatively. Fourth, the codecov report only lists 2 commits, not sure what this is about, since the PR has 16 commits. All in all I'm confused and not sure how to proceed. |
@TJ-91 No worries, it's codecov who bothers, not you :) At some point I spent a while trying to understand it's behaviour and it's actually quite simple. The coverage decrease is caused by two reasons:
Once these two issues are fixed I'll just ping you to rebase/repush, will this work for you? |
@ni4 yes, of course, thank you! |
Fix for ML-KEM PKESK decryption failure.
Added PQC CLI tests that are executed only for RNP build that supports PQC.