Update test server build script: liboqs-0.10.1 & oqs-provider-0.6.1-r…

…c1 (#272)

* update to nginx 1.25.4 & reference composite sigs in html
update test server build script to use liboqs 0.10.0

Signed-off-by: Basil Hess <[email protected]>

* Update to final 0.6.0 release

Signed-off-by: Basil Hess <[email protected]>

* Update to liboqs 0.10.1 and oqs-provider 0.6.1-rc1, update nginx version

Signed-off-by: Basil Hess <[email protected]>

---------

Signed-off-by: Basil Hess <[email protected]>

nginx/fulltest/Dockerfile

@@ -3,11 +3,11 @@
 # First: global build arguments:
 
 # liboqs build type variant; maximum portability of image:
-ARG LIBOQS_VERSION=0.9.2
+ARG LIBOQS_VERSION=0.10.1
 
 ARG OPENSSL_VERSION=master
 
-ARG OQS_PROVIDER_VERSION=0.5.2
+ARG OQS_PROVIDER_VERSION=0.6.1-rc1
 
 ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"
 
@@ -23,10 +23,10 @@ ARG CONFIGDIR="/"
 ARG SIG_ALG="dilithium3"
 
 # defines the list of default groups to be activated in nginx-openssl config:
-ARG DEFAULT_GROUPS=x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024
+ARG DEFAULT_GROUPS=x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:x25519_kyber768:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024
 
 # define the nginx version to include
-ARG NGINX_VERSION=1.25.3
+ARG NGINX_VERSION=1.26.1
 
 # Define the degree of parallelism when building the image; leave the number away only if you know what you are doing
 ARG MAKE_DEFINES="-j"
@@ -81,7 +81,7 @@ RUN mkdir -p ${OSSLDIR}/ssl && cp /opt/openssl/apps/openssl.cnf ${OSSLDIR}/ssl/
 # build oqsprovider
 WORKDIR /opt/oqs-provider
 
-RUN ln -s /opt/nginx/include/oqs ${OSSLDIR}/include && rm -rf build && cmake -DCMAKE_C_STANDARD_LIBRARIES="-ldl" -DOPENSSL_ROOT_DIR=${OSSLDIR} -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B build && cmake --build build && mkdir -p ${OSSLDIR}/lib64/ossl-modules && cp build/lib/oqsprovider.so ${OSSLDIR}/lib64/ossl-modules && rm -rf ${INSTALLDIR}/lib64
+RUN ln -s /opt/nginx/include/oqs ${OSSLDIR}/include && rm -rf build && cmake -DCMAKE_C_STANDARD_LIBRARIES="-ldl -pthread" -DOPENSSL_ROOT_DIR=${OSSLDIR} -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B build && cmake --build build && mkdir -p ${OSSLDIR}/lib64/ossl-modules && cp build/lib/oqsprovider.so ${OSSLDIR}/lib64/ossl-modules && rm -rf ${INSTALLDIR}/lib64
 
 WORKDIR ${INSTALLDIR}
 
@@ -156,4 +156,4 @@ COPY --from=intermediate ${CAROOTDIR} ${CAROOTDIR}
 RUN tar czvf oqs-nginx-${LIBOQS_VERSION}.tgz ${BASEDIR}
 
 # Package for root CA cert and key
-RUN tar czvf oqs-testserver-rootca-${LIBOQS_VERSION}.tgz ${CAROOTDIR}
+RUN tar czvf oqs-testserver-rootca-${LIBOQS_VERSION}.tgz ${CAROOTDIR}

nginx/fulltest/build_ubuntu.sh

@@ -9,7 +9,7 @@
 docker build --no-cache -t oqs-nginx-fulltest-provider .
 
 # Copy deployment tar from image
-docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.9.2.tgz .
+docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.10.1.tgz .
 
 # Copy root ca tar from image
-docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-testserver-rootca-0.9.2.tgz .
+docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-testserver-rootca-0.10.1.tgz .

nginx/fulltest/index-template

@@ -33,6 +33,7 @@ tr:nth-child(even) {
 <p>This nginx server supports</p>
 <ul>
 <li>the TLS1.3 specification with QSC enhancement as specified in <a href="https://tools.ietf.org/html/draft-ietf-tls-hybrid-design-06">https://tools.ietf.org/html/draft-ietf-tls-hybrid-design-06</a>.</li>
+<li>The signature algorithms with prefix mldsa*_ are composite signatures as specified in <a href="https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/10">https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/10</a>.</li>
 <li>Code points/curve IDs of KEM algorithms are implemented with the highest numbers available for each algorithm listed <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md">here</a>. </li>
 <li>Code points/OIDs of SIG algorithms are implemented with the highest numbers available for each algorithm as listed <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md">here</a>. </li>
 </ul>
@@ -82,7 +83,7 @@ tr:nth-child(even) {
 
 <p>For automated testing, a JSON file encoding all available SIG/KEM combinations and the respective ports where they can be found is <a href="assignments.json">available for download here</a>. <i>We explicitly want to warn that algorithm/port combinations are subject to change. Be sure to download the most current JSON file before testing.</i></p>
 
-<p>Note: The designator "*" below for key exchange algorithms should not be understood that the port referenced supports any possible KEM, but only all those KEMs configured into the underlying nginx server as default groups. This can be set when building the server via the <a href="https://github.com/open-quantum-safe/oqs-demos/blob/main/nginx/fulltest/Dockerfile#L25-L26">DEFAULT_GROUPS</a> configuration option. The default algorithm list is: <pre>x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024.</pre></p>
+<p>Note: The designator "*" below for key exchange algorithms should not be understood that the port referenced supports any possible KEM, but only all those KEMs configured into the underlying nginx server as default groups. This can be set when building the server via the <a href="https://github.com/open-quantum-safe/oqs-demos/blob/main/nginx/fulltest/Dockerfile#L25-L26">DEFAULT_GROUPS</a> configuration option. The default algorithm list is: <pre>x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:x25519_kyber768:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024.</pre></p>
 
 <table>
   <tr>