Standalone ctest (open-quantum-safe#184)

* enable precondition-free ctest * unload provider starting with 3.1 to circumvent 3.0.2 crash Signed-off-by: Felipe Ventura <[email protected]>
EntrustCorporation · Mar 13, 2024 · eecc084 · eecc084
1 parent c883d9c
commit eecc084
Show file tree

Hide file tree

Showing 11 changed files with 124 additions and 197 deletions.
diff --git a/oqs-template/generate.py b/oqs-template/generate.py
@@ -222,10 +222,6 @@ def load_config(include_disabled_sigs=False):
 config = complete_config(config)
 
 
-populate('test/oqs_test_signatures.c', config, '/////')
-populate('test/oqs_test_kems.c', config, '/////')
-populate('test/oqs_test_groups.c', config, '/////')
-populate('test/oqs_test_endecode.c', config, '/////')
 populate('oqsprov/oqsencoders.inc', config, '/////')
 populate('oqsprov/oqsdecoders.inc', config, '/////')
 populate('oqsprov/oqs_prov.h', config, '/////')

diff --git a/oqs-template/test/oqs_test_endecode.c/signature_cases.fragment b/oqs-template/test/oqs_test_endecode.c/signature_cases.fragment
diff --git a/oqs-template/test/oqs_test_kems.c/kem_cases.fragment b/oqs-template/test/oqs_test_kems.c/kem_cases.fragment
diff --git a/oqs-template/test/oqs_test_signatures.c/signature_cases.fragment b/oqs-template/test/oqs_test_signatures.c/signature_cases.fragment
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -45,7 +45,7 @@ add_test(
     COMMAND oqs_test_tlssig
             "oqsprovider"
             "${CMAKE_CURRENT_SOURCE_DIR}/oqs.cnf"
-            "${CMAKE_CURRENT_BINARY_DIR}/../../tmp"
+            "${CMAKE_CURRENT_BINARY_DIR}/tmp"
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
 )
 set_tests_properties(oqs_tlssig

diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c
@@ -49,39 +49,6 @@ static ENDECODE_PARAMS test_params_list[] = {
                                                                                          OSSL_KEYMGMT_SELECT_ALL_PARAMETERS},
 };
 
-static const char *sigalg_names[] = {
-///// OQS_TEMPLATE_FRAGMENT_SIGNATURE_CASES_START
-#ifdef OQS_ENABLE_SIG_dilithium_2
-        "dilithium2","p256_dilithium2","rsa3072_dilithium2",
-#endif
-#ifdef OQS_ENABLE_SIG_dilithium_3
-        "dilithium3","p384_dilithium3",
-#endif
-#ifdef OQS_ENABLE_SIG_dilithium_5
-        "dilithium5","p521_dilithium5",
-#endif
-#ifdef OQS_ENABLE_SIG_falcon_512
-        "falcon512","p256_falcon512","rsa3072_falcon512",
-#endif
-#ifdef OQS_ENABLE_SIG_falcon_1024
-        "falcon1024","p521_falcon1024",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple
-        "sphincssha2128fsimple","p256_sphincssha2128fsimple","rsa3072_sphincssha2128fsimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple
-        "sphincssha2128ssimple","p256_sphincssha2128ssimple","rsa3072_sphincssha2128ssimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple
-        "sphincssha2192fsimple","p384_sphincssha2192fsimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple
-        "sphincsshake128fsimple","p256_sphincsshake128fsimple","rsa3072_sphincsshake128fsimple",
-#endif
-
-///// OQS_TEMPLATE_FRAGMENT_SIGNATURE_CASES_END
-};
-
 static EVP_PKEY *oqstest_make_key(const char *type, EVP_PKEY *template,
                                   OSSL_PARAM *genparams) {
     EVP_PKEY *pkey = NULL;
@@ -236,7 +203,9 @@ static int test_oqs_encdec(const char *sigalg_name) {
 
 int main(int argc, char *argv[]) {
     size_t i;
-    int errcnt = 0, test = 0;
+    int errcnt = 0, test = 0, query_nocache;
+    OSSL_PROVIDER *oqsprov = NULL;
+    const OSSL_ALGORITHM *sigalgs;
 
     T((libctx = OSSL_LIB_CTX_new()) != NULL);
     T(argc == 3);
@@ -251,23 +220,37 @@ int main(int argc, char *argv[]) {
     dfltprov = OSSL_PROVIDER_load(keyctx, "default");
     keyprov = OSSL_PROVIDER_load(keyctx, modulename);
 
-    for (i = 0; i < nelem(sigalg_names); i++) {
-        if (test_oqs_encdec(sigalg_names[i])) {
+    oqsprov = OSSL_PROVIDER_load(libctx, modulename);
+
+    sigalgs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE, &query_nocache);
+
+    if (sigalgs) {
+      for (; sigalgs->algorithm_names != NULL; sigalgs++) {
+        if (test_oqs_encdec(sigalgs->algorithm_names)) {
             fprintf(stderr,
                     cGREEN "  Encoding/Decoding test succeeded: %s" cNORM "\n",
-                    sigalg_names[i]);
+                    sigalgs->algorithm_names);
         } else {
             fprintf(stderr,
                     cRED "  Encoding/Decoding test failed: %s" cNORM "\n",
-                    sigalg_names[i]);
+                    sigalgs->algorithm_names);
             ERR_print_errors_fp(stderr);
             errcnt++;
         }
+      }
+    }
+    else {
+            fprintf(stderr,
+                    cRED "  No signature algorithms found" cNORM "\n");
+            ERR_print_errors_fp(stderr);
+            errcnt++;
     }
 
     OSSL_LIB_CTX_free(libctx);
     OSSL_PROVIDER_unload(dfltprov);
     OSSL_PROVIDER_unload(keyprov);
+    if (OPENSSL_VERSION_PREREQ(3,1))
+        OSSL_PROVIDER_unload(oqsprov); // avoid crash in 3.0.x
     OSSL_LIB_CTX_free(keyctx);
 
     TEST_ASSERT(errcnt == 0)

diff --git a/test/oqs_test_kems.c b/test/oqs_test_kems.c
@@ -10,69 +10,6 @@ static OSSL_LIB_CTX *libctx = NULL;
 static char *modulename = NULL;
 static char *configfile = NULL;
 
-#define ECP_NAME(secbits, oqsname) \
-    (secbits == 128 ? "p256_" #oqsname "" : \
-     secbits == 192 ? "p384_" #oqsname "" : \
-                      "p521_" #oqsname "")
-#define ECX_NAME(secbits, oqsname) \
-    (secbits == 128 ? "x25519_" #oqsname "" : \
-                        "x448_" #oqsname "")
-
-#define KEMALG3(NAMES, SECBITS) \
-  "" #NAMES "", ECP_NAME(SECBITS, NAMES), ECX_NAME(SECBITS, NAMES)
-#define KEMALG2(NAMES, SECBITS) \
-  "" #NAMES "", ECP_NAME(SECBITS, NAMES)
-
-static const char *kemalg_names[] = {
-///// OQS_TEMPLATE_FRAGMENT_KEM_CASES_START
-#ifdef OQS_ENABLE_KEM_frodokem_640_aes
-    KEMALG3(frodo640aes, 128),
-#endif
-#ifdef OQS_ENABLE_KEM_frodokem_640_shake
-    KEMALG3(frodo640shake, 128),
-#endif
-#ifdef OQS_ENABLE_KEM_frodokem_976_aes
-    KEMALG3(frodo976aes, 192),
-#endif
-#ifdef OQS_ENABLE_KEM_frodokem_976_shake
-    KEMALG3(frodo976shake, 192),
-#endif
-#ifdef OQS_ENABLE_KEM_frodokem_1344_aes
-    KEMALG2(frodo1344aes, 256),
-#endif
-#ifdef OQS_ENABLE_KEM_frodokem_1344_shake
-    KEMALG2(frodo1344shake, 256),
-#endif
-#ifdef OQS_ENABLE_KEM_kyber_512
-    KEMALG3(kyber512, 128),
-#endif
-#ifdef OQS_ENABLE_KEM_kyber_768
-    KEMALG3(kyber768, 192),
-#endif
-#ifdef OQS_ENABLE_KEM_kyber_1024
-    KEMALG2(kyber1024, 256),
-#endif
-#ifdef OQS_ENABLE_KEM_bike_l1
-    KEMALG3(bikel1, 128),
-#endif
-#ifdef OQS_ENABLE_KEM_bike_l3
-    KEMALG3(bikel3, 192),
-#endif
-#ifdef OQS_ENABLE_KEM_bike_l5
-    KEMALG2(bikel5, 256),
-#endif
-#ifdef OQS_ENABLE_KEM_hqc_128
-    KEMALG3(hqc128, 128),
-#endif
-#ifdef OQS_ENABLE_KEM_hqc_192
-    KEMALG3(hqc192, 192),
-#endif
-#ifdef OQS_ENABLE_KEM_hqc_256
-    KEMALG2(hqc256, 256),
-#endif
-///// OQS_TEMPLATE_FRAGMENT_KEM_CASES_END
-};
-
 static int test_oqs_kems(const char *kemalg_name)
 {
   EVP_MD_CTX *mdctx = NULL;
@@ -134,7 +71,9 @@ static int test_oqs_kems(const char *kemalg_name)
 int main(int argc, char *argv[])
 {
   size_t i;
-  int errcnt = 0, test = 0;
+  int errcnt = 0, test = 0, query_nocache;
+  OSSL_PROVIDER *oqsprov = NULL;
+  const OSSL_ALGORITHM *kemalgs;
 
   T((libctx = OSSL_LIB_CTX_new()) != NULL);
   T(argc == 3);
@@ -144,19 +83,23 @@ int main(int argc, char *argv[])
   T(OSSL_LIB_CTX_load_config(libctx, configfile));
 
   T(OSSL_PROVIDER_available(libctx, modulename));
-
-  for (i = 0; i < nelem(kemalg_names); i++) {
-    if (test_oqs_kems(kemalg_names[i])) {
-      fprintf(stderr,
-              cGREEN "  KEM test succeeded: %s" cNORM "\n",
-              kemalg_names[i]);
-    } else {
-      fprintf(stderr,
-              cRED "  KEM test failed: %s" cNORM "\n",
-              kemalg_names[i]);
-      ERR_print_errors_fp(stderr);
-      errcnt++;
-    }
+  oqsprov = OSSL_PROVIDER_load(libctx, modulename);
+
+  kemalgs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_KEM, &query_nocache);
+  if (kemalgs) {
+      for (; kemalgs->algorithm_names != NULL; kemalgs++) {
+            if (test_oqs_kems(kemalgs->algorithm_names)) {
+              fprintf(stderr,
+                 cGREEN "  KEM test succeeded: %s" cNORM "\n",
+                 kemalgs->algorithm_names);
+            } else {
+              fprintf(stderr,
+                 cRED "  KEM test failed: %s" cNORM "\n",
+                 kemalgs->algorithm_names);
+              ERR_print_errors_fp(stderr);
+              errcnt++;
+            }
+      }
   }
 
   OSSL_LIB_CTX_free(libctx);

diff --git a/test/oqs_test_signatures.c b/test/oqs_test_signatures.c
@@ -14,38 +14,6 @@ static char *certsdir = NULL;
 static char *srpvfile = NULL;
 static char *tmpfilename = NULL;
 
-static const char *sigalg_names[] = {
-///// OQS_TEMPLATE_FRAGMENT_SIGNATURE_CASES_START
-#ifdef OQS_ENABLE_SIG_dilithium_2
-  "dilithium2","p256_dilithium2","rsa3072_dilithium2",
-#endif
-#ifdef OQS_ENABLE_SIG_dilithium_3
-  "dilithium3","p384_dilithium3",
-#endif
-#ifdef OQS_ENABLE_SIG_dilithium_5
-  "dilithium5","p521_dilithium5",
-#endif
-#ifdef OQS_ENABLE_SIG_falcon_512
-  "falcon512","p256_falcon512","rsa3072_falcon512",
-#endif
-#ifdef OQS_ENABLE_SIG_falcon_1024
-  "falcon1024","p521_falcon1024",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple
-  "sphincssha2128fsimple","p256_sphincssha2128fsimple","rsa3072_sphincssha2128fsimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple
-  "sphincssha2128ssimple","p256_sphincssha2128ssimple","rsa3072_sphincssha2128ssimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple
-  "sphincssha2192fsimple","p384_sphincssha2192fsimple",
-#endif
-#ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple
-  "sphincsshake128fsimple","p256_sphincsshake128fsimple","rsa3072_sphincsshake128fsimple",
-#endif
-///// OQS_TEMPLATE_FRAGMENT_SIGNATURE_CASES_END
-};
-
 // sign-and-hash must work with and without providing a digest algorithm
 static int test_oqs_signatures(const char *sigalg_name)
 {
@@ -124,7 +92,9 @@ static int test_oqs_signatures(const char *sigalg_name)
 int main(int argc, char *argv[])
 {
   size_t i;
-  int errcnt = 0, test = 0;
+  int errcnt = 0, test = 0, query_nocache;
+  OSSL_PROVIDER *oqsprov = NULL;
+  const OSSL_ALGORITHM *sigalgs;
 
   T((libctx = OSSL_LIB_CTX_new()) != NULL);
   T(argc == 3);
@@ -134,19 +104,23 @@ int main(int argc, char *argv[])
   T(OSSL_LIB_CTX_load_config(libctx, configfile));
 
   T(OSSL_PROVIDER_available(libctx, modulename));
-
-  for (i = 0; i < nelem(sigalg_names); i++) {
-    if (test_oqs_signatures(sigalg_names[i])) {
-      fprintf(stderr,
-              cGREEN "  Signature test succeeded: %s" cNORM "\n",
-              sigalg_names[i]);
-    } else {
-      fprintf(stderr,
-              cRED "  Signature test failed: %s" cNORM "\n",
-              sigalg_names[i]);
-      ERR_print_errors_fp(stderr);
-      errcnt++;
-    }
+  oqsprov = OSSL_PROVIDER_load(libctx, modulename);
+
+  sigalgs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE, &query_nocache);
+  if (sigalgs) {
+      for (; sigalgs->algorithm_names != NULL; sigalgs++) {
+        if (test_oqs_signatures(sigalgs->algorithm_names)) {
+          fprintf(stderr,
+                  cGREEN "  Signature test succeeded: %s" cNORM "\n",
+                  sigalgs->algorithm_names);
+        } else {
+          fprintf(stderr,
+                  cRED "  Signature test failed: %s" cNORM "\n",
+                  sigalgs->algorithm_names);
+          ERR_print_errors_fp(stderr);
+          errcnt++;
+        }
+      }
   }
 
   OSSL_LIB_CTX_free(libctx);

diff --git a/test/oqs_test_tlssig.c b/test/oqs_test_tlssig.c
@@ -9,6 +9,10 @@
 
 #include <openssl/trace.h>
 
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+
 static OSSL_LIB_CTX *libctx = NULL;
 static char *modulename = NULL;
 static char *configfile = NULL;
@@ -35,6 +39,19 @@ static int test_oqs_tlssig(const char *sig_name)
 
   sprintf(certpath, "%s%s%s%s", certsdir, sep, sig_name, "_srv.crt");
   sprintf(privkeypath, "%s%s%s%s", certsdir, sep, sig_name, "_srv.key");
+  /* ensure certsdir exists */
+  if (mkdir(certsdir, 0700)) {
+      if (errno != EEXIST) {
+         fprintf(stderr, "Couldn't create certsdir %s: Err = %d\n", certsdir, errno);
+         ret = -1;
+         goto err;
+      }
+  }
+  if (!create_cert_key(libctx, (char*)sig_name, certpath, privkeypath)) {
+      fprintf(stderr, "Cert/keygen failed for %s at %s/%s\n", sig_name, certpath, privkeypath);
+      ret = -1; goto err;
+  }
+
   testresult =
     create_tls1_3_ctx_pair(libctx, &sctx, &cctx, certpath, privkeypath);
 
@@ -77,8 +94,8 @@ static int test_signature(const OSSL_PARAM params[], void *data)
 {
     int ret = 0;
     int *errcnt = (int *) data;
-    // Change define over to OSSL... once upstream update is done
     const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_SIGALG_NAME);
+
     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
         ret = -1;
         goto err;