Fix for ML-KEM PKESK and adding PQC CLI tests #2221
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2221 +/- ##
=======================================
Coverage 84.65% 84.66%
=======================================
Files 116 116
Lines 23422 23426 +4
=======================================
+ Hits 19829 19833 +4
Misses 3593 3593 ☔ View full report in Codecov by Sentry. |
|
The only failing runners are those that use @ni4 Is it possible that you review this PR in the weeks to come? We have a few other updates in order to make RNP conforming to the PQC draft version 03, see pqc-thunderbird/rnp#69. |
|
@falko-strenzke Yeah, Botan head introduced changes to FFI aead handling, which is not compatible with our understanding of how it should work :) I'm working on a fix. Sure, I'll review. Feel free to re-ping me if I'll dive into something other. |
|
@ni4 I just wanted to ask if you currently have a time plan when you will be able to work on this PR. We have one other open PR and a number of other feature branches (listed in this wiki page ), for which we would also make PRs as soon as the existing ones move forward. |
|
@falko-strenzke sorry, I postponed this because of the issue on vcpkg side, which causes CI to fail (and we cannot merge with failing CI): microsoft/vcpkg#40276 |
falko-strenzke
force-pushed
the
pqc-cli-tests
branch
from
3e12bb1 to
701c882
Compare
|
@ni4 now all checks pass, can you check if it's ready to merge? |
src/lib/pgp-key.cpp
Outdated
| @@ -471,6 +471,19 @@ find_suitable_key(pgp_op_t op, pgp_key_t *key, rnp::KeyProvider *key_provider, b | |||
| if (!cur || !cur->usable_for(op)) { | |||
| continue; | |||
| } | |||
| #if defined(ENABLE_PQC) | |||
| /* prefer PQC over non-PQC. Assume non-PQC key is only there for backwards | |||
There was a problem hiding this comment.
I don't think we should force PQC here without any flag set by the user. Imagine somebody generated PQC subkey, but still has to continue communicate with people whose software doesn't support PQC yet. This should be done via some flag or something like this, set via rnp_op_encrypt (or just ignored for now).
There was a problem hiding this comment.
This implementation choice is due to the PQC draft stating in 8.1 Key Preferences:
When encrypting to a certificate that has both a valid PQ/T and a valid traditional encryption subkey, an implementation SHOULD use the PQ/T subkey only.
The idea is that PQC encryption is favored in order to mitigate store-now-decrypt-later type attacks and the key has an ECC component to hedge against ML-KEM being broken.
If I'm not mistaken, the code will also prefer PQC signature subkeys. For this scenario, I share your concerns, and it should not be chosen by default. It seems I overlooked this when writing the code. Would you be ok with changing the code such that it only prefers PQC-encryption subkeys but not signature subkeys? This should not cause any interoperability problems since in that scenario both the sender and recipient support PQC and other recipients are not affected by the PKESK (it's not addressed to them and they should ignore it).
There was a problem hiding this comment.
@TJ-91 I still think that it's better to leave this decision to the caller in both casses, probably introducing flag like RNP_KEY_PREFER_PQC to the rnp_key_get_default_key().
There was a problem hiding this comment.
@ni4 Ok. It's now implemented for the encryption case only, since I think it doesn't make too much sense for signatures. I also added a test for it.
src/tests/cli_tests.py
Outdated
| @@ -398,6 +409,7 @@ def rnp_encrypt_and_sign_file(src, dst, recipients, encrpswd, signers, signpswd, | |||
| if ret != 0: | |||
| raise_err('rnp encrypt-and-sign failed', err) | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Do we need this empty line here?
|
@ni4 sorry for bothering you with this. Before adding the last commit, all checks passed. Now codecov says, there is less code coverage: First, I don't add new untested cases in the new commit. You can check it yourself here: 8e59c0c . So it's unintuitive to me that adding this commit makes codecov fail now. Second, when looking at https://app.codecov.io/gh/rnpgp/rnp/pull/2221, the overview of changed files suggest that the first 4 files change 0% and the last file actually changes +0.01%, meaning more coverage. Third, in the indirect changes tab, I get a few lines that are not even remotely correlated to the patch but it seems to affect the code coverage for this patch negatively. Fourth, the codecov report only lists 2 commits, not sure what this is about, since the PR has 16 commits. All in all I'm confused and not sure how to proceed. |
|
@TJ-91 No worries, it's codecov who bothers, not you :) At some point I spent a while trying to understand it's behaviour and it's actually quite simple. The coverage decrease is caused by two reasons:
Once these two issues are fixed I'll just ping you to rebase/repush, will this work for you? |
|
@ni4 yes, of course, thank you! |
include/rnp/rnp.h
Outdated
| @@ -104,6 +104,9 @@ typedef uint32_t rnp_result_t; | |||
| * Flags for default key selection. | |||
| */ | |||
| #define RNP_KEY_SUBKEYS_ONLY (1U << 0) | |||
| #if defined(RNP_EXPERIMENTAL_CRYPTO_REFRESH) | |||
There was a problem hiding this comment.
Should we use PQC define here?
src/librepgp/stream-ctx.h
Outdated
| @@ -108,6 +110,9 @@ typedef struct rnp_ctx_t { | |||
| bool no_wrap{}; /* do not wrap source in literal data packet */ | |||
| #if defined(ENABLE_CRYPTO_REFRESH) | |||
| bool enable_pkesk_v6{}; /* allows pkesk v6 if list of recipients is suitable */ | |||
| #endif | |||
| #if defined(ENABLE_CRYPTO_REFRESH) | |||
There was a problem hiding this comment.
Should we use PQC define here?
src/tests/cli_tests.py
Outdated
| if not found_this_entry: | ||
| raise RuntimeError("did not match the expected UI choice for algorithm: " + expected_line) | ||
|
|
||
| """ zzz_ prefix makes it the last test. This is a workaround against a gnupg import error with the |
There was a problem hiding this comment.
This should be better worked out by using the separate home folder, like it is done in test_subkey_binding_on_uid and others.
There was a problem hiding this comment.
Good suggestion, I changed it
src/tests/cli_tests.py
Outdated
| self.verify_pqc_algo_ui_nb_to_algo_ui_str(stdout, algo_ui_exp_strs) | ||
| verified_algo_nums = True | ||
|
|
||
| #gpg_import_pubring() |
There was a problem hiding this comment.
You mean checking for the UI strings? The idea was that changing the UI will likely make this test not do what it should do, so we fail explicitly here
There was a problem hiding this comment.
Nope, just commented out code lines.
There was a problem hiding this comment.
Ok great, then I think it's ready. I just force-pushed a minor correction and hopefully the pipeline has no hiccups
|
Having two approvals let's finally merge this. Thanks all! |
Fix for ML-KEM PKESK decryption failure.
Added PQC CLI tests that are executed only for RNP build that supports PQC.