How to enable all signature algorithms for TLS

[KainAlive]

Hi,

The README of the oqs-provider repo states that:

In addition, algorithms not denoted with "*" above are not enabled for TLS operations. This designation can be changed by
modifying the "enabled" flags in the main algorithm configuration file.

Is there a straight forward way to activate the algorithms? I looked through the documentation, but cannot find the "enabled" flag that is stated anywhere in the configuration (I'm guessing the generate.yml is meant).
I followed the default building instructions that are used in all demo dockerfiles and adapted them a bit:

FROM debian:bookworm-slim AS builder

# Default location where all binaries wind up:
ARG INSTALLDIR=/opt/oqssa
ARG MAKE_DEFINES="-j12"
ARG DEFAULT_GROUPS="x25519:x448:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024"
ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"

# Installing dependencies:
# [...]

# Download liboqs
RUN  git clone -b main --depth 1 --recurs \
https://github.com/open-quantum-safe/liboqs.git

# Build liboqs
WORKDIR /opt/liboqs
RUN mkdir build
WORKDIR /opt/liboqs/build
RUN cmake -GNinja ${LIBOQS_BUILD_DEFINES} -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${INSTALLDIR} ..
RUN ninja
# Run tests
# RUN ninja run_tests

# Install liboqs
RUN ninja install

# ==== OpenSSL ====
WORKDIR /opt
RUN git clone --depth 1 --branch master https://github.com/openssl/openssl.git

# build openSSL
WORKDIR /opt/openssl
RUN LDFLAGS="-Wl,-rpath -Wl,${INSTALLDIR}/lib64" ./config shared --prefix=${INSTALLDIR} && \
    make ${MAKE_DEFINES} && make install_sw install_ssldirs;

ENV PATH="${INSTALLDIR}/bin:${PATH}"
   
# ==== oqs openssl provider ====
WORKDIR /opt

# Download oqs-provider
RUN git clone --depth 1 --recurs -b main \
https://github.com/open-quantum-safe/oqs-provider

# Build oqs-provider
WORKDIR /opt/oqs-provider
RUN mkdir build
WORKDIR /opt/oqs-provider/build
RUN cmake -GNinja -DOPENSSL_ROOT_DIR=${INSTALLDIR} -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH=${INSTALLDIR} ..
RUN ninja
RUN cp /opt/oqs-provider/build/lib/oqsprovider.so /opt/oqssa/lib64/

# Activate the oqs provider systemwide
WORKDIR /opt

ENV PATH="${INSTALLDIR}/bin:${INSTALLDIR}/python/bin:${PATH}"

RUN sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" /opt/oqssa/ssl/openssl.cnf && \
sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\nmodule = \/opt\/oqssa\/lib64\/oqsprovider.so/g" /opt/oqssa/ssl/openssl.cnf && \
sed -i "s/providers = provider_sect/providers = provider_sect\nssl_conf = ssl_sect\n\n\[ssl_sect\]\nsystem_default = system_default_sect\n\n\[system_default_sect\]\nGroups = \$ENV\:\:DEFAULT_GROUPS\n/g" /opt/oqssa/ssl/openssl.cnf && \
sed -i "s/\# Use this in order to automatically load providers/\# Set default KEM groups if not set via environment variable\nKDEFAULT_GROUPS = $DEFAULT_GROUPS\n\n# Use this in order to automatically load providers/g" /opt/oqssa/ssl/openssl.cnf && \
sed -i "s/HOME\t\t\t= ./HOME\t\t= .\nDEFAULT_GROUPS\t= ${DEFAULT_GROUPS}/g" /opt/oqssa/ssl/openssl.cnf


ENV OPENSSL=${INSTALLDIR}/bin/openssl
ENV OPENSSL_CNF=${INSTALLDIR}/ssl/openssl.cnf

Running openssl s_client -connect test.openquantumsafe.org:6147 returns

Connecting to 158.177.128.14
CONNECTED(00000003)
801BBAC2097F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:907:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 398 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I'm guessing that this is due to the signature algorithm (falcon512).
Interestingly, using dilithium3 as signature algorithm results in a successful handshake, even-though it also is presumably disabled for TLS.
Am I missing something? Or are these signature types not yet supported in the oqs-provider?

[KainAlive]

Well, turns out that I didn't read properly 😅. The README states that algorithms not denoted with a * are not enabled. That explains why I couldn't find the flag in the configuration. But I still don't understand why dilithium as a signature works, but falcon does not.

[baentsch]

dilithium as a signature works, but falcon does not.

What makes you state this? Please provide commands that do/do not work for dilithium/falcon respectively, ideally in a form of a bug report

[KainAlive]

What makes you state this?

I used openssl s_client -connect test.openquantumsafe.org:6147 (falcon512 + kyber512) and openssl s_client -connect test.openquantumsafe.org:6091 (dilithium2 + kyber512) to try the different KEM and signature algorithms.

The requests for the dilithium one succeeds:

[...]
subject=CN=test.openquantumsafe.org
issuer=CN=oqstest_intermediate_dilithium2
---
No client certificate CA names sent
Peer signature type: dilithium2
---
SSL handshake has read 9849 bytes and written 1652 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 128 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
DONE

The request for the server using falcon fails during the handshake:

Connecting to 158.177.128.14
CONNECTED(00000003)
803B08A3FA7F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:907:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 402 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I think that this is due to the signature function used. I will create a bug report if this turns out to be a bug and not a mistake on my side :) .

[baentsch]

OK, this approach opens the risk that you (may) have mismatching liboqs versions. Be sure to use one of our docker images matching the code on the interop server. Alternatively, create a local client/server setup (then guaranteed to have the same code/library version) following these steps.

[KainAlive]

Ah okay, I created a local instance of the test server and here the handshake works perfectly fine. I guess the version mismatch on my side caused the error, since I used the latest main branches of liboqs and oqs-provider. Thanks for the help!

Out of curiosity, why does the version mismatch affect the falcon algorithm, but not dilithium?

[baentsch]

why does the version mismatch affect the falcon algorithm, but not dilithium

Falcon was updated in 0.10.0, Dilithium was not.

[KainAlive]

Okay, thanks again for the clarification! I will close the discussion :)