Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update draft 06 #2287

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Update draft 06 #2287

wants to merge 15 commits into from

Conversation

TJ-91
Copy link
Contributor

@TJ-91 TJ-91 commented Nov 4, 2024

This PR updates to the newest PQC draft version, as well as fixes v6 signature salt.

V6 / RFC 9580

  • correctly implement v6 salt for document signatures (was only properly working for key signatures before)
    • change HashList for use with salt
    • implement v6 OPS with salt
    • gracefully fail when verifying v6 cleartext signatures by skipping them. Due to the salt that is detected at the end, two passes are required which requires further changes to the code.
  • add Ed448/X448 standalone algorithms

PQC

  • final PQC NIST standard algorithms
  • update to PQC draft version 06: KEM Combiner, SLH-DSA parameters, Test Vectors, ...
    • -06 is not-yet published but will be -05 with fixed test vectors
  • Add X448 and Ed448 for composite PQC combinations

Botan

  • Both ENABLE_CRYPTO_REFRESH and ENABLE_PQC now require Botan 3.6.
    • Ed448/X448 only available from 3.4
    • ML-KEM / ML-DSA / SLH-DSA final NIST standards available from Botan 3.6
    • Supporting partial features from lower Botan versions would mean to either have lots of deprecation warnings or have special code for the different versions.

@codecov Codecov
Copy link

codecov bot commented Nov 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 95.74468% with 2 lines in your changes missing coverage. Please review.

Project coverage is 84.81%. Comparing base (0fc76d5) to head (9b25a0c).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
src/librepgp/stream-packet.cpp 93.33% 1 Missing ⚠️
src/librepgp/stream-sig.cpp 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2287   +/-   ##
=======================================
  Coverage   84.81%   84.81%           
=======================================
  Files         116      116           
  Lines       23292    23311   +19     
=======================================
+ Hits        19755    19772   +17     
- Misses       3537     3539    +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

TJ-91 added 14 commits November 11, 2024 15:42
@TJ-91
change parametrized SPHINCS+ to separate SPHINCS+ algorithms
c42055c
@TJ-91
improve v6 enc test
00dede5
@TJ-91
fix key generation PQC hash requirements
44a55cd 
... for rnp_generate_key_ex
add roundtrip test for PQC certs
clang-format
@TJ-91
Update PQC to draft-05
22cfa76 
require Botan 3.6.0 for PQC
switch to final NIST PQC standards
update KMAC Key Combiner
@TJ-91
update C-R code to botan 3.6.0
cb08bbc
@TJ-91
add X448/Ed448 (PQC and standalone)
aec0f30
@TJ-91
make parsing PKESK key length more clear
6828799
@TJ-91
update order in KEM combiner: PQ first
4fa2d0c
@TJ-91
update PQC test vectors; partially implement V6 OPS
6b91e82
@TJ-91
fix v6 signature salt and add some test vectors
017efb7 
fail gracefully on parsing v6 cleartext sigs
@TJ-91
Some cleanup and refactoring
eb55b4c
@TJ-91
update PQC test vectors to -06 draft
746a6bb
@TJ-91
fix pqc signature hash binding
49e0159
@TJ-91
sensible values in ec_curves for Ed448/X448
a584014
@TJ-91
Copy link
Contributor Author

TJ-91 commented Nov 19, 2024

Fedora tests fail due to building with Botan 3.3.0, same as building Fuzzers with 3.4.0.

@ni4 do you have any feedback / comments for the PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@TJ-91