Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

liboqs r3 update #10

Merged
merged 2 commits into from
Feb 8, 2021
+114 −57
Merged

liboqs r3 update #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
feafebe
liboqs r3 update
baentsch Feb 8, 2021
0634af8
update ssltest patch and README
baentsch Feb 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ localCheckout: &localCheckout
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
jobs:
ubuntu_bionic:
ubuntu_focal:
description: A template for running OQS-OpenSSL tests on x64 Ubuntu Bionic Docker VMs
docker:
- image: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
- image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
Expand All @@ -40,6 +40,6 @@ workflows:
version: 2.1
build:
jobs:
- ubuntu_bionic:
name: ubuntu-bionic
- ubuntu_focal:
name: ubuntu-focal
context: openquantumsafe
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,12 @@ server returns details about the established connection.

Any [available KEM algorithm](https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_1_1-stable#key-exchange) can be selected by passing it in the `-groups` option.

### Note on randomness provider

`oqsprovider` does not implement its own [DRBG](https://csrc.nist.gov/glossary/term/Deterministic_Random_Bit_Generator). Therefore by default it relies on OpenSSL to provide one. Thus, either the default or fips provider must be loaded for OQS algorithms to have access to OpenSSL-provided randomness. Check out [OpenSSL provider documentation](https://www.openssl.org/docs/manmaster/man7/provider.html) and/or [OpenSSL command line options](https://www.openssl.org/docs/manmaster/man1/openssl.html) on how to facilitate this. Or simply use the sample command lines documented in this README.

This dependency could be eliminated by building `liboqs` without OpenSSL support ([OQS_USE_OPENSSL=OFF](https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs#OQS_USE_OPENSSL)), which of course would be an unusual approach for an OpenSSL-OQS provider.

Team
----
The Open Quantum Safe project is led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/) at the University of Waterloo.
Expand Down
40 changes: 35 additions & 5 deletions oqsprov/oqs_kmgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -422,14 +422,41 @@ static void *dilithium3_gen_init(void *provctx, int selection)
{
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, 0);
}
static void *dilithium4_new_key(void *provctx)
static void *dilithium5_new_key(void *provctx)
{
return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_4, "dilithium4", 0, NULL);
return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5", 0, NULL);
}

static void *dilithium4_gen_init(void *provctx, int selection)
static void *dilithium5_gen_init(void *provctx, int selection)
{
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_4, 0);
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, 0);
}
static void *dilithium2_aes_new_key(void *provctx)
{
return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "dilithium2_aes", 0, NULL);
}

static void *dilithium2_aes_gen_init(void *provctx, int selection)
{
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, 0);
}
static void *dilithium3_aes_new_key(void *provctx)
{
return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3_aes, "dilithium3_aes", 0, NULL);
}

static void *dilithium3_aes_gen_init(void *provctx, int selection)
{
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3_aes, 0);
}
static void *dilithium5_aes_new_key(void *provctx)
{
return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5_aes, "dilithium5_aes", 0, NULL);
}

static void *dilithium5_aes_gen_init(void *provctx, int selection)
{
return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5_aes, 0);
}

static void *falcon512_new_key(void *provctx)
Expand Down Expand Up @@ -952,7 +979,10 @@ static void *sntrup857_gen_init(void *provctx, int selection)
MAKE_KEYMGMT_FUNCTIONS(oqs_sig_default)
MAKE_KEYMGMT_FUNCTIONS(dilithium2)
MAKE_KEYMGMT_FUNCTIONS(dilithium3)
MAKE_KEYMGMT_FUNCTIONS(dilithium4)
MAKE_KEYMGMT_FUNCTIONS(dilithium5)
MAKE_KEYMGMT_FUNCTIONS(dilithium2_aes)
MAKE_KEYMGMT_FUNCTIONS(dilithium3_aes)
MAKE_KEYMGMT_FUNCTIONS(dilithium5_aes)
MAKE_KEYMGMT_FUNCTIONS(falcon512)
MAKE_KEYMGMT_FUNCTIONS(falcon1024)
MAKE_KEYMGMT_FUNCTIONS(picnicl1full)
Expand Down
17 changes: 13 additions & 4 deletions oqsprov/oqs_sig.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,13 +77,22 @@ static int get_oqs_oid(unsigned char* oidbuf, const char *oqs_name) {
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.9999.1.1", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_2, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.6.4.3", 1), &oidbuf);
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.7.4.4", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_3, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.6.5.4", 1), &oidbuf);
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.7.6.5", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_4, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.6.6.5", 1), &oidbuf);
if (!strcmp(OQS_SIG_alg_dilithium_5, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.7.8.7", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_2_aes, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.11.4.4", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_3_aes, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.11.6.5", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_dilithium_5_aes, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.6.1.4.1.2.267.11.8.7", 1), &oidbuf);
else
if (!strcmp(OQS_SIG_alg_falcon_512, oqs_name))
return i2d_ASN1_OBJECT(OBJ_txt2obj("1.3.9999.3.1", 1), &oidbuf);
Expand Down
15 changes: 12 additions & 3 deletions oqsprov/oqsprov.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,10 @@ extern const OSSL_DISPATCH oqs_signature_functions[];
extern const OSSL_DISPATCH oqs_oqs_sig_default_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium4_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium2_aes_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium3_aes_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_dilithium5_aes_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_picnicl1full_keymgmt_functions[];
Expand Down Expand Up @@ -105,7 +108,10 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = {
ALG("oqs_sig_default", oqs_signature_functions),
ALG("dilithium2", oqs_signature_functions),
ALG("dilithium3", oqs_signature_functions),
ALG("dilithium4", oqs_signature_functions),
ALG("dilithium5", oqs_signature_functions),
ALG("dilithium2_aes", oqs_signature_functions),
ALG("dilithium3_aes", oqs_signature_functions),
ALG("dilithium5_aes", oqs_signature_functions),
ALG("falcon512", oqs_signature_functions),
ALG("falcon1024", oqs_signature_functions),
ALG("picnicl1full", oqs_signature_functions),
Expand Down Expand Up @@ -170,7 +176,10 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = {
ALG("oqs_sig_default", oqs_oqs_sig_default_keymgmt_functions),
ALG("dilithium2", oqs_dilithium2_keymgmt_functions),
ALG("dilithium3", oqs_dilithium3_keymgmt_functions),
ALG("dilithium4", oqs_dilithium4_keymgmt_functions),
ALG("dilithium5", oqs_dilithium5_keymgmt_functions),
ALG("dilithium2_aes", oqs_dilithium2_aes_keymgmt_functions),
ALG("dilithium3_aes", oqs_dilithium3_aes_keymgmt_functions),
ALG("dilithium5_aes", oqs_dilithium5_aes_keymgmt_functions),
ALG("falcon512", oqs_falcon512_keymgmt_functions),
ALG("falcon1024", oqs_falcon1024_keymgmt_functions),
ALG("picnicl1full", oqs_picnicl1full_keymgmt_functions),
Expand Down
5 changes: 4 additions & 1 deletion test/oqs_test_signatures.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@ static const char *sigalg_names[] = {
"oqs_sig_default",
"dilithium2",
"dilithium3",
"dilithium4",
"dilithium5",
"dilithium2_aes",
"dilithium3_aes",
"dilithium5_aes",
"falcon512",
"falcon1024",
"picnicl1full",
Expand Down
80 changes: 40 additions & 40 deletions test/ssltestlib.c.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--- ../openssl/test/helpers/ssltestlib.c 2021-01-29 06:04:14.149923710 +0100
+++ ssltestlib.c 2021-01-29 14:29:59.662075688 +0100
--- ../openssl/test/helpers/ssltestlib.c 2021-02-08 08:19:42.774106452 +0100
+++ ssltestlib.c 2021-02-08 08:44:55.882989246 +0100
@@ -9,14 +9,7 @@

#include <string.h>
Expand Down Expand Up @@ -112,62 +112,62 @@
return NULL;
}
return meth_always_retry;
@@ -695,39 +685,38 @@

if (*sctx != NULL)
serverctx = *sctx;
- else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)))
+ else if ((serverctx = SSL_CTX_new_ex(libctx, NULL, sm)) == NULL)
goto err;
@@ -695,14 +685,14 @@
if (sctx != NULL) {
if (*sctx != NULL)
serverctx = *sctx;
- else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)))
+ else if (!(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)))
goto err;
}

if (cctx != NULL) {
if (*cctx != NULL)
clientctx = *cctx;
- else if (!TEST_ptr(clientctx = SSL_CTX_new_ex(libctx, NULL, cm)))
+ else if ((clientctx = SSL_CTX_new_ex(libctx, NULL, cm)) == NULL)
+ else if (!(clientctx = SSL_CTX_new_ex(libctx, NULL, cm)))
goto err;
}

if ((min_proto_version > 0
- && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
- min_proto_version)))
+ && !SSL_CTX_set_min_proto_version(serverctx,
+ min_proto_version))
|| (max_proto_version > 0
- && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
- max_proto_version))))
+ && !SSL_CTX_set_max_proto_version(serverctx,
+ max_proto_version)))
@@ -720,28 +710,28 @@

if (serverctx != NULL
&& ((min_proto_version > 0
- && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
+ && !(SSL_CTX_set_min_proto_version(serverctx,
min_proto_version)))
|| (max_proto_version > 0
- && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
+ && !(SSL_CTX_set_max_proto_version(serverctx,
max_proto_version)))))
goto err;
if (clientctx != NULL
&& ((min_proto_version > 0
- && !TEST_true(SSL_CTX_set_min_proto_version(clientctx,
- min_proto_version)))
+ && !SSL_CTX_set_min_proto_version(clientctx,
+ min_proto_version))
+ && !(SSL_CTX_set_min_proto_version(clientctx,
min_proto_version)))
|| (max_proto_version > 0
- && !TEST_true(SSL_CTX_set_max_proto_version(clientctx,
- max_proto_version)))))
+ && !SSL_CTX_set_max_proto_version(clientctx,
+ max_proto_version))))
+ && !(SSL_CTX_set_max_proto_version(clientctx,
max_proto_version)))))
goto err;

if (certfile != NULL && privkeyfile != NULL) {
if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) {
- if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
- SSL_FILETYPE_PEM), 1)
- || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx,
- privkeyfile,
+ if ((SSL_CTX_use_certificate_file(serverctx, certfile,
+ SSL_FILETYPE_PEM) != 1)
+ || (SSL_CTX_use_PrivateKey_file(serverctx,
privkeyfile,
- SSL_FILETYPE_PEM), 1)
- || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
+ if (SSL_CTX_use_certificate_file(serverctx, certfile,
+ SSL_FILETYPE_PEM) <= 0
+ || SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
+ SSL_FILETYPE_PEM) <= 0
+ || SSL_CTX_check_private_key(serverctx) <= 0)
+ SSL_FILETYPE_PEM)!=1)
+ || (SSL_CTX_check_private_key(serverctx)!=1))
goto err;
}

@@ -828,15 +817,15 @@
@@ -843,15 +833,15 @@

if (*sssl != NULL)
serverssl = *sssl;
Expand All @@ -187,7 +187,7 @@
goto error;

SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio);
@@ -865,28 +854,28 @@
@@ -880,28 +870,28 @@

if (*sssl != NULL)
serverssl = *sssl;
Expand Down Expand Up @@ -224,7 +224,7 @@
goto error;

/* Set Non-blocking IO behaviour */
@@ -939,9 +928,9 @@
@@ -954,9 +944,9 @@
}

if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
Expand All @@ -236,7 +236,7 @@
clienterr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
@@ -957,9 +946,9 @@
@@ -972,9 +962,9 @@
if (!servererr && rets <= 0
&& err != SSL_ERROR_WANT_READ
&& err != SSL_ERROR_WANT_X509_LOOKUP) {
Expand All @@ -248,7 +248,7 @@
servererr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
@@ -973,20 +962,20 @@
@@ -988,20 +978,20 @@
if (rets > 0 && retc <= 0) {
if (SSL_read(serverssl, buf, sizeof(buf)) > 0) {
/* We don't expect this to succeed! */
Expand All @@ -272,7 +272,7 @@
return 0;
}
if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) {
@@ -995,7 +984,7 @@
@@ -1010,7 +1000,7 @@
* give the DTLS timer a chance to do something. We only do this for
* the first few times to prevent hangs.
*/
Expand All @@ -281,7 +281,7 @@
}
} while (retc <=0 || rets <= 0);

@@ -1022,10 +1011,9 @@
@@ -1037,10 +1027,9 @@
*/
for (i = 0; i < 2; i++) {
if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
Expand Down