restrict libctx test to oqsprovider #620
Conversation
Signed-off-by: Michael Baentsch <[email protected]>
Signed-off-by: Michael Baentsch <[email protected]>
baentsch
changed the title
test/oqs_test_libctx.c
Outdated
| EVP_PKEY_keygen_init(ctx) && EVP_PKEY_generate(ctx, key); | ||
| testresult = | ||
| (ctx = EVP_PKEY_CTX_new_from_name( | ||
| libctx, kemalg_name, "provider=oqsprovider")) != NULL && |
There was a problem hiding this comment.
Due to the CI failure, you will need to use "?provider=oqsprovider" instead.
There was a problem hiding this comment.
Nope - the test will fail (later on) if oqsprovider cannot load. It'd be much better to completely skip the test in such case. But then again, what's the point in testing a provider that cannot load?
There was a problem hiding this comment.
I do not understand what exactly fails? You mean that you do some negative testing without oqsprovider not loaded? If so, these tests are really useless and should be dropped.
There was a problem hiding this comment.
The test for correctness of classical key parts in hybrid keys will fail if oqsprovider cannot load (see here) as it is only oqsprovider that has parameters that permit this check.
There was a problem hiding this comment.
Ah, I was confused with the aarch64-cross-compilation test failure.
There was a problem hiding this comment.
ok to resolve then such as to merge in case someone from the OQS team gets around to approving this?
There was a problem hiding this comment.
Just a minor comment: The property query of restricting to oqsprovider should also be employed within the signature generation procedure (here), right?
There was a problem hiding this comment.
Good catch @RodriM11 . Thanks!
Signed-off-by: Michael Baentsch <[email protected]>
| testresult = (ctx = EVP_PKEY_CTX_new_from_name(libctx, sigalg_name, | ||
| NULL)) != NULL && | ||
| testresult = (ctx = EVP_PKEY_CTX_new_from_name( | ||
| libctx, sigalg_name, OQSPROV_PROPQ)) != NULL && | ||
| EVP_PKEY_keygen_init(ctx) && EVP_PKEY_generate(ctx, key) && | ||
| (mdctx = EVP_MD_CTX_new()) != NULL && | ||
| EVP_DigestSignInit_ex(mdctx, NULL, "SHA512", libctx, NULL, |
There was a problem hiding this comment.
I guess the OQSPROV_PROPQ should also be present on the EVP_DigestSignInit_ex/EVP_DigestVerifyInit_ex, right?
There was a problem hiding this comment.
No: oqsprovider does not contain SHA implementations.
There was a problem hiding this comment.
Yes, that was my doubt as well, because documentation clearly states that "If the provider supports fetching the digest then it may use the props argument for the properties to be used during the fetch". But then I saw that the property query is also being used in here, which is an operation where I would assume the property query provider=oqsprovider would be desired (as it is done in the KEM tests, for example). But, if I understand correctly, oqsprovider will later fetch the digest to use without that property query (here), although is true that openssl will at first try to use the property query to fetch the digest (here) and that could pose problematic, specially in the future. I'm sure I am missing something, so I apologize for the confusion I might be creating.
There was a problem hiding this comment.
No confusion nor need to apologize -- I'm in fact very glad that someone else but just me checks these code paths! In this case, though, I do not see a path leading to something other than the loading of a digest. And that must be fulfilled by something other than oqsprovider (default or fips provider, notably -- whatever is loaded into the NULL/default libctx). If you see a path to something different, please let me know (where): Thanks in advance!
There was a problem hiding this comment.
My point is that the property query passed to the EVP_DigestSignInit_ex (or analogue for Verify) is not only used for the query properties of the digest (which, of course, should not be fetched from oqsprovider), it is also employed in the underlying EVP_PKEY_CTX *of the EVP_MD_CTX * to use (see here), and if the property query provider=oqsprovider is desired on that EVP_PKEY_CTX * (like, for example, is employed in the "analogue" for Encapsulation/Decapsulation in KEMs (e.g. here), then there would indeed be a "problem". But I'm sure there is a reason why on that particular EVP_PKEY_CTX * the requirement of provider=oqsprovider is not needed.
There was a problem hiding this comment.
I'm sure there is a reason why on that particular EVP_PKEY_CTX * the requirement of provider=oqsprovider is not needed.
Well, I'm not so sure now as your argument looks plausible. The only "reason" I see is that tests of this logic within the feature branch with standardized PQC algs passed that didn't pass before. Unfortunately, due to another problem with ML-DSA all tests are breaking now and I think it is best to wait with further work until the feature/ml-dsa branch is functionally far enough to serve as guidance for an update of oqsprovider with regard to the openssl naming.
There was a problem hiding this comment.
I agree. I imagine is not a problem now, but it could be once the default provider has an implementation of the same signature algorithm as the one someone would be working with on oqsprovider (like it will soon happen).
Additionally, on a (quick) look, if you interpret the underlying OpenSSL procedure do_sigver_init , it seems like it does not account for the hypothetical of having different providers for the pkey operation and the digest to employ (if different providers have both implementations of one of them), since are both being impacted from the same property query, and this could potentially be used to restrict from which to take each implementation.
And I imagine there is little oqsprovider could do on that regard, as you cannot avoid the prop query received (since it might be any other thing like fips, etc...). The only possibility I see would maybe be to have an OSSL_PARAM for this fact, but even with that, do_sigver_init is using the same propq for two different purposes (which now, since they are maintaining some legacy code, is not a failure (the hash will be fetch with a digestByName approach) but it might be in the future.
There was a problem hiding this comment.
"?provider=oqsprovider" query could be used in this case to prefer the algorithm implementation from oqsprovider if available there.
There was a problem hiding this comment.
In this scenario I agree that this would solve the problem: since oqsprovider does not have any digest implementation, the digest fetch would be done via the default provider, while the pkey operation would be given priority to oqsprovider.
What I was pointing out is that openssl code would not account for the existance of two providers both of which have an implementation of the same digest and pkey operation to be used since they are both affected from the same property queries, but (in the case that is of interest) it is not a matter of oqsprovider in any case.
| (ctx = EVP_PKEY_CTX_new_from_name( | ||
| libctx, sigalg_name, "provider=oqsprovider")) != NULL && | ||
| (ctx = EVP_PKEY_CTX_new_from_name(libctx, sigalg_name, | ||
| OQSPROV_PROPQ)) != NULL && | ||
| EVP_PKEY_keygen_init(ctx) && EVP_PKEY_generate(ctx, &key) && | ||
| (mdctx = EVP_MD_CTX_new()) != NULL && | ||
| EVP_DigestSignInit_ex(mdctx, NULL, "SHA512", libctx, NULL, key, |
There was a problem hiding this comment.
Same here :-) No, Thanks.
Restrict libctx test to
oqsprovideras it is usingoqsproviderspecific features