GHSA-RC6V-5RMX-W5MV: Partial Fix for Arnika PQC Key Handling

Vulnerability

GHSA-RC6V-5RMX-W5MV describes a multi-vector issue in Arnika prior to v1.0.1: UDP replay weaknesses, insecure PQC key file handling that can induce silent cryptographic downgrade behavior, and disabled TLS verification. The supplied commit evidence shows the PQC path was previously insufficiently validated. In config/config.go, the vulnerable logic only checked for file non-existence, which means an existing but empty or overly permissive key file could pass initial validation and later influence protocol behavior in unsafe ways.

The patch context also indicates downgrade-sensitive runtime behavior in main.go: when the PQC key material is empty, the application now aborts in required modes and only falls back with an explicit warning in non-required modes. That change is relevant because silent acceptance of invalid PQC material can collapse the intended cryptographic posture without a hard failure.

stat, err := os.Stat(config.PQCPSKFile)
if err != nil {
if stat.Size() == 0 {
	return nil, fmt.Errorf("[ERROR] PQC PSK file is empty")
}
mode := stat.Mode()
if mode&0077 != 0 {
	return nil, fmt.Errorf("[ERROR] PQC PSK file has insecure permissions (group/world readable/writable): %o", mode&0777)
}

Source-grounded references: commit efbd980, GitHub Security Advisory, CVE Reports summary.

Patch

The patch introduces three concrete hardening measures in the provided diff set.

1. PQC PSK file validation: config/config.go now performs a stat-based validation of the configured PQC PSK file, rejecting empty files and files with group/world permissions. This directly addresses a local secret-handling weakness and reduces the chance that malformed or exposed key material is accepted.

2. Regression tests: config/config_test.go adds coverage for acceptable 0600 permissions and rejects insecure modes such as 0644, 0647, and 0660. This is a strong signal that the maintainers intended to enforce strict file confidentiality semantics going forward.

3. Runtime downgrade handling: main.go now aborts when PQC is required and the PQC key is empty, while preserving an explicit warning-based fallback only in non-required modes. This is better than silent continuation because it makes downgrade behavior mode-dependent and visible in logs.

} else if len(pqc) == 0 {
	if cfg.IsPQCRequired() {
		msg = fmt.Sprintf("[ERROR] %s PQC key is empty. Abort since mode is set to %s", logPrefix, cfg.Mode)
		return
	}
	log.Printf("[WARNING] %s PQC key is empty, switching to QKD key since mode is set to %s", logPrefix, cfg.Mode)
}

There is also a .gitignore addition for /security, but that is repository hygiene rather than a direct runtime mitigation.

Review

Pros

• The patch clearly strengthens PQC secret ingestion by rejecting empty files and insecure file modes, which is an appropriate control for local key material.
• The added tests are concrete and security-relevant, covering both valid and invalid permission cases.
• The runtime behavior in main.go reduces silent downgrade risk by converting one class of invalid PQC state into a hard failure when the configured mode requires PQC.
• The changes are low-complexity and likely low-regression for deployments already using proper secret file permissions.

Cons

• The advisory scope is broader than the visible patch. The provided commit snippets do not show any replay-protection changes for UDP traffic, such as nonce tracking, sequence validation, anti-replay windows, or state-machine hardening.
• The provided evidence also does not show any TLS verification remediation. There is no visible change to TLS client configuration, certificate validation, or removal of insecure verification flags.
• The config/config.go snippet as presented appears structurally incomplete around err handling, so the exact control flow cannot be fully validated from the excerpt alone.
• Even for the PQC path, the patch focuses on file existence/emptiness/permissions; it does not, in the shown snippets, prove stronger semantic validation of key contents beyond non-empty presence.

Verdict

Partial fix.

Based on the supplied sources, the patch convincingly addresses the PQC key file handling portion of GHSA-RC6V-5RMX-W5MV and improves downgrade visibility in one runtime path. However, the advisory explicitly includes UDP replay vulnerabilities and disabled TLS verification, and the provided commit evidence does not demonstrate fixes for either class. For engineers evaluating upgrade sufficiency, v1.0.1 should be treated as a meaningful hardening release for PQC secret handling, but not as a source-demonstrated complete remediation of the full advisory unless additional commits or code paths outside the supplied diff can be produced. Primary references: commit efbd980 and GitHub advisory.