Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-103786

Update crypto policies to support PQC in rpm-sequoia [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • Low
    • 1
    • rhel-security-crypto
    • 26
    • 0.5
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25August
    • Hide

      AC1) There is /etc/crypto-policies/back-ends/rpm-sequoia.config

      AC2) There is no /etc/crypto-policies/back-ends/sequoia.confi

      AC3) sequioa-policy-config-check from EPEL validates generated policies for both base policies and when PQ subpolicy is applied

      AC4) Base policies disable "mlkem768-x25519", "mlkem1024-x448", "mldsa65-ed25519" and "mldsa87-ed448" and list them under ignore_invalid

      AC5) PQ subpolicy enables all of the "mlkem768-x25519", "mlkem1024-x448", "mldsa65-ed25519" and "mldsa87-ed448" for rpm-sequoia and lists them under ignore_invalid

      Show
      AC1) There is /etc/crypto-policies/back-ends/rpm-sequoia.config AC2) There is no /etc/crypto-policies/back-ends/sequoia.confi AC3) sequioa-policy-config-check from EPEL validates generated policies for both base policies and when PQ subpolicy is applied AC4) Base policies disable "mlkem768-x25519", "mlkem1024-x448", "mldsa65-ed25519" and "mldsa87-ed448" and list them under ignore_invalid AC5) PQ subpolicy enables all of the "mlkem768-x25519", "mlkem1024-x448", "mldsa65-ed25519" and "mldsa87-ed448" for rpm-sequoia and lists them under ignore_invalid
    • Pass
    • Enabled
    • Automated
    • Enhancement
    • Hide
      Feature, enhancement: Crypto policies support PQC algorithms for Sequoia
      Reason: The Sequoia introduced support for PQC in OpenPGP
      Result: The Sequoia and RPM can use PQC signatures.
      Show
      Feature, enhancement: Crypto policies support PQC algorithms for Sequoia Reason: The Sequoia introduced support for PQC in OpenPGP Result: The Sequoia and RPM can use PQC signatures.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Following https://issues.redhat.com/browse/RHEL-98732.

      RHEL-9 now has rust-rpm-sequoia-1.9.0.1-1.el9, but no policy for rpm-sequoia. We should provide one.

              asosedki@redhat.com Alexander Sosedkin
              asosedki@redhat.com Alexander Sosedkin
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: