-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prepare 240 for merge #301
Prepare 240 for merge #301
Conversation
@baentsch after a lot of figuring stuff out, it seems this PR has passed all CI tests and ready for review, |
fixing the other failed checks |
Thanks for the contribution and taking this on!
Hmm -- there's still quite some CI failing... Also --knowing this is a Draft not ready for review-- please allow me anyway to already comment that the changes visible should not survive a code generation run ( |
Nope. My bad: I was expecting to see changes to the template files themselves. But you avoided that (need I assumed) by manually creating loads of new entries in the So what are your plans to move this to "Ready for Review"? Iron out CI issues? Align the code points with "main" (see the comment in |
@baentsch So right now I wanted to iron out the CI issues. I just fixed the asan Security Check test failure so that check should pass now. What do you think I should add? Should I do more sigalgs other than dilithium? Also I tried to change the YAML such that the hash-n-sign sigalgs would just be mixed with but I wasn't exactly sure how that should have been formatted. |
Yes, that would have been my suggestion (also was with the original PR): By adding (support for) more algs, the mechanisms to be added to automatically "mix in" the various digests to the sigalgs need to be created and exercized.
This would be defined by YAML -- should be the same syntax as with the current hybrids being "mixed in". What might be more convoluted are the changes to the generator to properly process such list of hashes-with-OIDs-and-codepoints. But honestly, I'd leave that to you: Either one manually writes YML statements for each new alg combination to be added (you decide how many/which ones are needed) or creates code to automate this for many algorithms. I typically prefer the latter as it makes |
Okay cool I'll do this!
And yeah this would be a lot of work. I'll first try the manual approach and see where that gets us. |
675fbfb
to
a588655
Compare
@baentsch , quick update. Added all the hash-n-sign algs listed in this list. Every test is passing except for tlssig and its only failing on a handful of algs (See below). Figuring this out now.
|
OK. FWIW, some CI failures should be fixed when you re-base to latest "main". |
…and via a specific test method
decided to skip over sig algs whose hash alg isnt currently supported
ran the Security Checks workflow locally and passed all tests
9263390
to
30a1fd1
Compare
@baentsch do you have any hunch on why only the above mentioned sigalgs are failing? The error code that seems to represent the cause has to do with SSL_ERROR_ZERO_RETURN. For context, the test certs are being generated and verified just fine. I also re-based with main. |
I'm afraid I don't (see any "communalities"): Plain as well as Hybrid algs.... Weird. This will possibly require some serious OpenSSL debugging... I'd start with just activating OpenSSL logging. But gdb may lead to quicker insights... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks much better now (passes all tests locally), Thanks! Looking at the IDs (code points), it seems they are simply manually assigned sequentially. Is there no other implementation using other IDs, e.g., in https://github.com/IETF-Hackathon/pqc-certificates with which this could be tested for interoperability? Do you intend to automate the config writing somewhat? All combinations now must be manually created (and maintained), right? Also sensible would be a mechanism to assert no IDs are duplicated (as per the last problem): Stuff for subsequent PRs?
@baentsch I definitely think the config needs to be automated and checked for duplicates. My thinking is that this should be its own PR. Which I of course would love to take on |
@@ -405,17 +405,98 @@ sigs: | |||
pretty_name: 'Dilithium2' | |||
oqs_meth: 'OQS_SIG_alg_dilithium_2' | |||
oid: '1.3.6.1.4.1.2.267.7.4.4' | |||
code_point: '0xfea0' | |||
code_point: '0xfe98' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is impossible: How can OID remain the same but code point change? Please explain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What exactly is the relationship between OID and code point? Or what should it be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO it should be a one-to-one relationship as per TLS1.3: If it were not, TLS clients and servers using different algorithm implementations, but the same code point would not interoperate and nobody would understand why. This of course only is a problem until an algorithm gets standardized
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again for all the work that went into this @trigpolynom ! When going over it I noticed many code point changes without corresponding/matching OID changes: Why has this been done? Inadvertent? Matching up with other implementations? This needs to be clarified before merge.
Also, the sheer size (number of algorithms added) of this code change makes me nervous: Would it be conceivable to wrap this into a config variable, e.g., "OQS_ENABLE_HASHNSIGN"? By how much does the size of the provider grow with hashnsign? What's the smallest provider that can be configured/built now? This is a "nice to know" for me but possibly relevant for users, so any insight?
// #ifndef DECODER_PROVIDER | ||
// # error Macro DECODER_PROVIDER undefined | ||
// #endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why you commented on these three lines?
set_tests_properties(oqs_test_hashnsign | ||
PROPERTIES ENVIRONMENT "OPENSSL_MODULES=${OQS_PROV_BINARY_DIR};OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/openssl-ca.cnf" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should indent this line.
It makes me think that we don't have a style guide for our CMake files…
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we not have one for CMake files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we not have one for CMake files?
Not that I knew of -- pointers welcome.
@baentsch and @thb-sb . Thank you for these comments and suggestions, they are super helpful. I'll get to the requested changes ASAP. (Going on vaction this week, but will dive in when i get back). I'll also investigate the effect on the size of the provider that hashnsign has. Perhaps it is best if the addition of the new sigalgs is configurable and automated by a new method in generate.py? |
Yes, this sounds like a doable approach.
Thanks for letting us know. Enjoy the holiday season then. |
Recently picked this back up. Thinking that a good bit of refactoring needs to occur to make it configurable. |
this seems to be a good thing to monitor regarding this functionality: |
What's your take as to how to move this PR forward, @trigpolynom ? Are you expecting input from either @thb-sb or myself? Do you want to put this into hiatus (Draft mode) until there's more clarity on the mailing list? Or even close for now? |
@baentsch Given where the conversation is in the mailing list. I would vote for closing for now. |
Just glancing over the discussion(s) I tend to agree... Thanks again for your work @trigpolynom and please consider submitting a new PR as and when the dust settled. |
This PR is a fix for #239. It builds on #240 in order to make hash-n-sign available to digital signature implementation.
See the list of OIDs for reference. In this PR I only implemented dilithium2 hash-n-sign algs given this comment by @baentsch.