-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update oqs-provider scripts for R4 #165
base: master
Are you sure you want to change the base?
Conversation
Just added the current (limited) set of certificates that the script currently generates, see f772596 |
@johngray-dev @praveksharma @ounsworth @feventura can I ask your feedback on this? |
Thank you for updating this @romen! The new r4 scripts look good to me. I was wondering whether it would be easier to just remove Sphincs and Dilithium since other providers aren't submitting artefacts for those anymore. Looks like oqsprovider is behind on SLH-DSA, ML-DSA, and the CMS artefacts. Am I missing anything? |
Yes, oqsprovider is behind on everything... If you look at the automated results matrix is essentially shows everyone as partial validation because oqs fails on everything... Event the OQS composite signatures implementation is behind. |
I was just going off of algorithm availability. This table doesn't include OQS results because it hasn't been updated with the results from this branch. Am I looking at the table? |
This isn't exactly surprising as the underlying
That is surprising given open-quantum-safe/oqs-provider#549. --> Which code version is being used in these tests? Has anyone created a current dockerfile with code from "main" for these tests as I did a long time ago in preparation for a hackathon? If it's still that old image run, failing interop is rather logical :-) @praveksharma ? |
The artifacts in this PR have been generated using Which reports: $ OPENSSL_CONF=/dev/null openssl list -provider oqsprovider -providers -verbose
Providers:
oqsprovider
name: OpenSSL OQS Provider
version: 0.7.1-dev
status: active
build info: OQS Provider v.0.7.1-dev (8680f17) based on liboqs v.0.11.1-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size) |
To be fair, we did just publish draft-lamps-composite-signatures-03 on October 21st. I don't think Felipe has had time to update it yet. It does require use of the ML-DSA context, so ML-DSA would need to be offically supported before composite signatures can be updated. Thanks for all the work you do to make this available to us! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM. Are there any outstanding items that need to be addressed prior to merging?
Thanks @CBonnell ! Looking at the CI artifacts, it seems we are not getting results/failures on the compat matrix output for all the algs, am I missing something or reading the output in the wrong way? |
For example in the |
Hi @romen, I think what you are seeing is correct. There are no r4 artifacts in the https://github.com/IETF-Hackathon/pqc-certificates/tree/master/providers/oqs-provider directory, so oqsprovider will not appear in the top-level table of producers. |
Here is my attempt at fixing the contents of the
oqs-provider
provider.generate
andverify
gen.sh
,check.sh
and the R3 versions fromoqs-openssl111
oqs-openssl111
are using config files which load providers, so I am not sure they work at all against the OQS OpenSSL 1.1.1 fork, so maybe that folder also needs some maintentancegen_r4.sh
andcheck_r4.sh
, adhering to the new formatartifacts_certs_r4.zip
with the (currently limited) set of certificates thatgen_r4.sh
generatesPlease provide feedback so I can improve the quality of this PR.