Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oqs-provider with openssl speed command - unknown algorithm #385

Closed
dalibor-rada opened this issue Apr 4, 2024 · 5 comments
Closed

oqs-provider with openssl speed command - unknown algorithm #385

dalibor-rada opened this issue Apr 4, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@dalibor-rada
Copy link

Describe the bug
Cannot use the openssl speed command for postquantum algorithms supported via liboqs with oqs-provider.

To Reproduce
Steps to reproduce the behavior:
Have a fresh Ubuntu 22.04.3 LTS
liboqs
$ sudo apt install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz
python3-yaml valgrind
$ git clone -b main https://github.com/open-quantum-safe/liboqs.git
$ cd liboqs
$ mkdir build && cd build
$ cmake -GNinja ..
$ ninja
$ ninja install
oqs-provider
download and unzip latest version 0.5.3
$ cd into_oqs-provider_folder
$ scripts/fullbuild.sh
$ scripts/runtests.sh
$ cmake --install _build
edit the openssl.cnf file (https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md#activation, section
Configuration file)
$ openssl speed kyber512

Expected behavior
This set of commands should led to the benchmark of postquantum algorithms via openssl speed command.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS: Ubuntu 22.04.3 LTS
  • OpenSSL version 3.0.2
  • oqsprovider version 0.5.3

openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl list -providers
providers:
default
name: OpenSSL Default Provider
version: 3.0.2
status: active
oqsprovider
name: OpenSSL OQS Provider
version: 0.5.3
status: active

image
image

the runtest.sh script output this:
Test setup:
LD_LIBRARY_PATH=/home/student/oqs-provider-0.5.3/.local/lib
OPENSSL_APP=openssl
OPENSSL_CONF=/home/student/oqs-provider-0.5.3/scripts/openssl-ca.cnf
OPENSSL_MODULES=/home/student/oqs-provider-0.5.3/_build/lib
Version information:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Providers:
default
name: OpenSSL Default Provider
version: 3.0.2
status: active
build info: 3.0.2
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
oqsprovider
name: OpenSSL OQS Provider
version: 0.5.3
status: active
build info: OQS Provider v.0.5.3 () based on liboqs v.0.10.1-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
Cert gen/verify, CMS sign/verify, CA tests for all enabled OQS signature algorithms commencing:
.......................
External interop tests commencing
Cloudflare:
kex=X25519Kyber768Draft00
kex=X25519Kyber512Draft00
Test project /home/student/oqs-provider-0.5.3/_build
Start 1: oqs_signatures
1/5 Test #1: oqs_signatures ................... Passed 10.81 sec
Start 2: oqs_kems
2/5 Test #2: oqs_kems ......................... Passed 0.73 sec
Start 3: oqs_groups
3/5 Test #3: oqs_groups ....................... Passed 1.06 sec
Start 4: oqs_tlssig
4/5 Test #4: oqs_tlssig ....................... Passed 0.01 sec
Start 5: oqs_endecode
5/5 Test #5: oqs_endecode ..................... Passed 28.83 sec

100% tests passed, 0 tests failed out of 5

Total Test time (real) = 41.44 sec

All oqsprovider tests passed.
@dalibor-rada dalibor-rada added the bug Something isn't working label Apr 4, 2024
@baentsch
Copy link
Member

baentsch commented Apr 4, 2024

This is close to impossible: Please ascertain that you have configured openssl correctly by running openssl list -kem-algorithms. This should list all KEMs, including "kyber512". If it does not, your config file is wrong. If it is right, this happens:

openssl list -kem-algorithms
  { 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default
  { 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default
  { 1.3.101.110, X25519 } @ default
  { 1.3.101.111, X448 } @ default
  frodo640aes @ oqsprovider
  p256_frodo640aes @ oqsprovider
  x25519_frodo640aes @ oqsprovider
  frodo640shake @ oqsprovider
  p256_frodo640shake @ oqsprovider
  x25519_frodo640shake @ oqsprovider
  frodo976aes @ oqsprovider
  p384_frodo976aes @ oqsprovider
  x448_frodo976aes @ oqsprovider
  frodo976shake @ oqsprovider
  p384_frodo976shake @ oqsprovider
  x448_frodo976shake @ oqsprovider
  frodo1344aes @ oqsprovider
  p521_frodo1344aes @ oqsprovider
  frodo1344shake @ oqsprovider
  p521_frodo1344shake @ oqsprovider
  kyber512 @ oqsprovider
  p256_kyber512 @ oqsprovider
  x25519_kyber512 @ oqsprovider
  kyber768 @ oqsprovider
  p384_kyber768 @ oqsprovider
  x448_kyber768 @ oqsprovider
  x25519_kyber768 @ oqsprovider
  p256_kyber768 @ oqsprovider
  kyber1024 @ oqsprovider
  p521_kyber1024 @ oqsprovider
  mlkem512 @ oqsprovider
  p256_mlkem512 @ oqsprovider
  x25519_mlkem512 @ oqsprovider
  mlkem768 @ oqsprovider
  p384_mlkem768 @ oqsprovider
  x448_mlkem768 @ oqsprovider
  x25519_mlkem768 @ oqsprovider
  p256_mlkem768 @ oqsprovider
  mlkem1024 @ oqsprovider
  p521_mlkem1024 @ oqsprovider
  p384_mlkem1024 @ oqsprovider
  bikel1 @ oqsprovider
  p256_bikel1 @ oqsprovider
  x25519_bikel1 @ oqsprovider
  bikel3 @ oqsprovider
  p384_bikel3 @ oqsprovider
  x448_bikel3 @ oqsprovider
  bikel5 @ oqsprovider
  p521_bikel5 @ oqsprovider
  hqc128 @ oqsprovider
  p256_hqc128 @ oqsprovider
  x25519_hqc128 @ oqsprovider
  hqc192 @ oqsprovider
  p384_hqc192 @ oqsprovider
  x448_hqc192 @ oqsprovider
  hqc256 @ oqsprovider
  p521_hqc256 @ oqsprovider

openssl speed -seconds 1 kyber512 
Doing kyber512 keygen ops for 1s: 105155 kyber512 KEM keygen ops in 0.99s
Doing kyber512 encaps ops for 1s: 105618 kyber512 KEM encaps ops in 0.97s
Doing kyber512 decaps ops for 1s: 144551 kyber512 KEM decaps ops in 1.00s
version: 3.2.1
built on: Thu Feb 29 13:50:36 2024 UTC
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
CPUINFO: OPENSSL_ia32cap=0x7ed8320b078bffff:0x40069c219c97a9
                               keygen    encaps    decaps keygens/s  encaps/s  decaps/s
                   kyber512 0.000009s 0.000009s 0.000007s  106217.2  108884.5  144551.0

@dalibor-rada
Copy link
Author

Hello,

thank you for you answer. I appreciate it. I did the installation again. Again the same problem. I checked the openssl list -kem-algorithms command, and it says just the same as you said it should:
image
but, then openssl speed remains the same:
image.

I have no idea what to do. There's another screen - of the openssl.cnf file:
image.

I'd be grateful for any further advice, please.

@dalibor-rada
Copy link
Author

UPDT: I tried the same procedure on Debian, and got the same error with unknown algorithm. Am I really doing the right thing?

@baentsch
Copy link
Member

baentsch commented Apr 6, 2024

I think you do (the right thing). The only idea I have left is that you should try running a more recent openssl version: 3.0.2 has many problems wrt Providers...

@dalibor-rada
Copy link
Author

Yep, you're right. Upgrade to OpenSSL 3.2.1 helped. Thank you for effort :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baentsch @dalibor-rada