search

pqc-thunderbird / rnp

Manual clone of the repository https://github.com/rnpgp/rnp
Other
0 stars 0 forks source link

AEAD test with more variation #21

Closed falko-strenzke closed 1 month ago

falko-strenzke commented 1 year ago
TJ-91 commented 1 year ago

I added some more variation.

When explicitly setting None via rnp_op_encrypt_set_aead, we override it in init_encrypted_dst to PGP_AEAD_OCB. This is due to the fact that we choose PKESKv6 and AEAD is required. I think it's reasonable behaviour but perhaps we should ask the maintainers whether or not the explicitly requested mode should be honored. This would mean to a) either explicitly fail with an error or b) revert to PKESKv3.

It should be noted, that we are calling both rnp_op_encrypt_enable_pkesk_v6 and rnp_op_encrypt_set_aead, so setting None in the latter is contradictory in itself. Perhaps the inconsistent settings should be cought when setting either of the options and the other option is inconsistent with the currently set option.

ni4 commented 1 year ago

It should be noted, that we are calling both rnp_op_encrypt_enable_pkesk_v6 and rnp_op_encrypt_set_aead, so setting None in the latter is contradictory in itself.

For me best solution in this case would be to fail with INVALID_PARAMETER error and some explanatory message via FFI_LOG(), as it is definitely something which should not happen.

falko-strenzke commented 5 months ago

TODO: Check whether sufficient coverage now

falko-strenzke commented 1 month ago

I added another test for TwoFish in test_ffi_encrypt_pk_with_v6_key in the branch https://github.com/pqc-thunderbird/rnp/tree/update-draft-03. PR to follow. (see https://github.com/pqc-thunderbird/rnp/issues/69 for an overview of our dev branches).

Coverage is sufficient now from my point of view.