Add CMS automated tests with OpenSSL 3.6 (#247)

Add CMS automated tests with OpenSSL 3.6

Author: danvangeest

.github/workflows/artifact_validation.yaml

@@ -40,6 +40,27 @@ jobs:
         with:
           name: Compatibility_openssl_csv
           path: ./output/
+  openssl36_validation:
+    runs-on: ubuntu-latest
+    container: ubuntu:24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install OpenSSL 3.6
+        run: |
+            apt update
+            apt install -y zip gnupg
+            apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
+            echo "deb http://deb.debian.org/debian experimental main" > /etc/apt/sources.list
+            apt update
+            apt install -y openssl/experimental
+      - name: Test CMS artifacts with OpenSSL 3.6
+        run: ./src/test_cms_v3_openssl.sh
+      - name: Save artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: Compatibility_openssl36_csv
+          path: ./output/
   ssai_validation:
     runs-on: ubuntu-latest
     container: jethrolow/quantcrypt_validator
@@ -100,7 +121,7 @@ jobs:
   build_results_html:
     runs-on: ubuntu-latest
     container: ubuntu:latest
-    needs: [bc_validation, openssl_validation, ssai_validation, composite_ref_impl_validation]
+    needs: [bc_validation, openssl_validation, openssl36_validation, ssai_validation, composite_ref_impl_validation]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -124,6 +145,11 @@ jobs:
         with:
           name: Compatibility_openssl_csv
           path: output/
+      - name: Get OpenSSL 3.6 results from previous job
+        uses: actions/download-artifact@v4
+        with:
+          name: Compatibility_openssl36_csv
+          path: output/
       - name: Get SSAI results from previous job
         uses: actions/download-artifact@v4
         with:
@@ -138,8 +164,10 @@ jobs:
         run: ./src/rebuild_results_certs_r5.sh
       - name: Build compat matrix (cms_v3)
         run: ./src/rebuild_results_cms_v3.sh
-      - name: Copy output files (automated r5/v1)
-        run: cp ./docs/pqc_hackathon_results_certs_r5_automated_tests.html ./output/certs/bc_certs.log ./output/certs/openssl_certs.log ./output/certs/ssai_certs.log ./output/certs/composite-sigs-ref-impl.log ./output/certs/composite-kem-ref-impl.log ./docs/gh-pages
+      - name: Copy output files (automated certs_r5)
+        run: cp ./docs/pqc_hackathon_results_certs_r5_automated_tests.html ./output/certs/bc_certs.log ./output/certs/openssl_certs.log ./output/certs/ssai_certs.log ./output/certs/composite-sigs-ref-impl.log ./output/certs/composite-kem-ref-impl.log ./output/cms/openssl_cms.log ./docs/gh-pages
+      - name: Copy output files (automated cms_v3)
+        run: cp ./docs/pqc_hackathon_results_cms_v3_automated_tests.html ./output/cms/openssl_cms.log ./docs/gh-pages
       - name: Copy output files (manual r5/v1)
         run: cp ./docs/pqc_hackathon_results_certs_r5.html ./docs/pqc_hackathon_results_cms_v1.html ./docs/gh-pages
       - name: Copy output files (manual r5/v3)

docs/gh-pages/index.html

@@ -6,6 +6,7 @@
 <body>
     <p>Test matrix generated with the automated test suite:</p>
     <p><a href="pqc_hackathon_results_certs_r5_automated_tests.html">pqc_hackathon_results_certs_r5_automated_tests.html</a></p>
+    <p><a href="pqc_hackathon_results_cms_v3_automated_tests.html">pqc_hackathon_results_cms_v3_automated_tests.html</a></p>
     <br>
     <p>Test matrix generated from manually-uploaded test results:</p>
     <p><a href="pqc_hackathon_results_certs_r5.html">pqc_hackathon_results_certs_r5.html</a></p>
@@ -17,6 +18,7 @@
     <p><a href="composite-sigs-ref-impl.log">composite-sigs-ref-impl.log</a></p>
     <p><a href="composite-kem-ref-impl.log">composite-kem-ref-impl.log</a></p>
     <p><a href="openssl_certs.log">openssl_certs.log</a></p>
+    <p><a href="openssl_cms.log">openssl_cms.log</a></p>
     <p><a href="ssai_certs.log">ssai_certs.log</a></p>
 </body>
 </html>

docs/pqc_hackathon_results_cms_v3.html

@@ -1,7 +1,7 @@
 <h1 id="ietf-pqc-hackathon-cms-interoperability-results">IETF PQC
 Hackathon CMS Interoperability Results</h1>
 <style> table { border-collapse: collapse; width:auto !important; } th, td { border: solid black 1px; padding: 0 1ex; } col { width: auto !important; } </style>
-<p>Generated: 2025-11-02 14:52 UTC</p>
+<p>Generated: 2025-11-02 20:07 UTC</p>
 <h1 id="algorithms-submitted">Algorithms Submitted</h1>
 <p>✅ = passing all verifiers<br>◒ = passing some verifiers<br>⚪︎ = not
 passing any verifiers<br>Columns represent producers who submitted

docs/pqc_hackathon_results_cms_v3.md

@@ -5,7 +5,7 @@ IETF PQC Hackathon CMS Interoperability Results
 
 <style> table { border-collapse: collapse; width:auto !important; } th, td { border: solid black 1px; padding: 0 1ex; } col { width: auto !important; } </style>
 
-Generated: 2025-11-02 14:52 UTC
+Generated: 2025-11-02 20:07 UTC
 
 
 # Algorithms Submitted

readme.md

@@ -154,13 +154,13 @@ Within `providers/<provider_name>/[implementation_name/]`
 - artifacts_cms_v3.zip
   - `artifacts_cms_v3/` subfolder which will contain the artifacts
   - `artifacts_cms_v3/expected_plaintext.txt` # The message which was encrypted and can be compared against the decrypted artifacts.
-  - `artifacts_cms_v3/ukm.txt` # The User Keying Material (UKM) included in some of the enveloped messages.
   - `artifacts_cms_v3/ta.der` # ML-DSA-44 trust anchor used to sign the end-entity certificates.
   - `artifacts_cms_v3/<friendly>-<oid>_ee.der` # The KEM certificate that the message is enveloped to.
-  - `artifacts_cms_v3/<friendly>-<oid>_both_priv.der` # The private KEM key to decrypt the enveloped messages.
+  - `artifacts_cms_v3/<friendly>-<oid>_priv.der` # The private KEM key to decrypt the enveloped messages.
   - `artifacts_cms_v3/<friendly>-<oid>_kemri_ukm.der` # An Enveloped artifact using KEMRI’s UKM field and one of the MTI KDFs for the KEM algorithm.
   - `artifacts_cms_v3/<friendly>-<oid>_kemri_auth.der` # An AuthEnveloped artifact using KEMRI without UKM and one of the MTI KDFs for the KEM algorithm.
   - `artifacts_cms_v3/<friendly>-<oid>_kemri_<kdf>.der` # Enveloped artifacts using KEMRI without UKM, and the specified KDF. Implementations must provide artifacts for each of the MTI KDFs for the OID, and may provide artifacts for other KDFs.
+  - `artifacts_cms_v3/<friendly>-<oid>_kemri_auth_<kdf>.der` # An AuthEnveloped artifact using KEMRI without UKM and the specified KDF.
   - `artifacts_cms_v3/<friendly>-<oid>_signed_attrs.der` # Signed artifact, with attached content and signed attributes.
 
 #### Friendly
@@ -169,7 +169,7 @@ Per https://github.com/IETF-Hackathon/pqc-certificates/issues/96 we would like a
 
 #### Trust Anchor
 
-A trust anchor isn't necessary to verify the KEMRecipientInfo artifacts, but some implementations may find it useful. We're using dilithium2 at the moment since some might not have implemented ML-DSA.ipd.
+A trust anchor isn't necessary to verify the KEMRecipientInfo artifacts, but some implementations may find it useful. We're using ML-DSA-44.
 
 #### DER vs PEM
 
@@ -188,14 +188,21 @@ Each RFC will specify mandatory KDFs, and probably allow for others as well. You
 | I-D/RFC | Algorithm | MTI KDF | `<kdf> string` |
 | - | - | - | - |
 | rfc5990bis | RSA-KEM | KDF3 w/ SHA-256 | id-kdf-kdf3 |
-| cms-kyber | ML-KEM-512 | KMAC128-KDF\* | id-kmac128\* |
-| cms-kyber | ML-KEM-768 | KMAC256-KDF\* | id-kmac256\* |
-| cms-kyber | ML-KEM-1024 | KMAC256-KDF\* | id-kmac256\* |
-| - | kyber512 | KMAC256-KDF\* | id-kmac128\* |
-| - | kyber768 | KMAC256-KDF\* | id-kmac256\* |
-| - | kyber1024 | KMAC256-KDF\* | id-kmac256\* |
-
-\* The MTI artifacts were updated to KMAC-based KDFs in draft-ietf-lamps-cms-kyber-03.
+| cms-kyber | ML-KEM-512 | HKDF with SHA256 | id-alg-hkdf-with-sha256 |
+| cms-kyber | ML-KEM-768 | HKDF with SHA256 | id-alg-hkdf-with-sha256 |
+| cms-kyber | ML-KEM-1024 | HKDF with SHA256 | id-alg-hkdf-with-sha256 |
+| TBD | id-MLKEM768-RSA2048-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-RSA3072-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-RSA4096-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-X25519-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-ECDH-P256-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-ECDH-P384-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM1024-RSA3072-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM1024-ECDH-P384-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM1024-X448-SHA3-256 | KMAC256-KDF | id-kmac256 |
+| TBD | id-MLKEM1024-ECDH-P521-SHA3-256 | KMAC256-KDF | id-kmac256 |
 
 ### CMP -- artifacts_cmp.zip
 

src/rebuild_results_cms_v3.sh

@@ -14,4 +14,10 @@ python3 src/pqc_report_writer_common.py docs/oid_mapping.md pqc_hackathon_result
 
 # convert to html
 pandoc -f markdown pqc_hackathon_results_cms_v3.md > pqc_hackathon_results_cms_v3.html
-mv pqc_hackathon_results_cms_v3.md pqc_hackathon_results_cms_v3.html docs
+mv pqc_hackathon_results_cms_v3.md pqc_hackathon_results_cms_v3.html docs
+
+if [ -d ./output/cms ]; then
+    python3 src/pqc_report_writer_common.py docs/oid_mapping.md pqc_hackathon_results_cms_v3_automated_tests.md "Certificate Automated Verification" $(find ./output/cms -name "*.csv")
+    pandoc -f markdown pqc_hackathon_results_cms_v3_automated_tests.md > pqc_hackathon_results_cms_v3_automated_tests.html
+    mv pqc_hackathon_results_cms_v3_automated_tests.md pqc_hackathon_results_cms_v3_automated_tests.html docs
+fi

src/test_cms_v3_openssl.sh

@@ -0,0 +1,189 @@
+#!/bin/bash
+
+set -x
+
+echo "Running OpenSSL 3.6 verifier." | tee $logfile
+
+certsdir="artifacts_cms_v3"
+cmszip="artifacts_cms_v3.zip"
+inputdir="./providers"
+outputdir="./output/cms"
+logfile=$outputdir/openssl_cms.log
+
+# Start the results CSV file
+mkdir -p $outputdir
+printf "Build time: %s\n\n" "$(date)" | tee -a $logfile
+
+alreadyTestedSigOIDs=";"
+alreadyTestedKEMOIDs=";"
+
+check_signed_attrs() {
+    signed_attrs=$1
+    ta_file=$2
+
+    openssl cms -verify -no_check_time -in $signed_attrs -inform DER -CAfile $ta_file
+    if [ $? -ne 0 ]; then
+        echo "ERROR: verifying signed attributes" | tee -a $logfile
+        return 1
+    fi
+
+    return 0
+}
+
+# Requires an input: the TA file to test
+test_signed_attrs () {
+    signed_attrs_file=$1
+    resultsfile=$2
+
+    output=""
+    signed_attrs_filename=$(basename $signed_attrs_file)
+
+    # strip off the friendly name
+    signed_attrs_fileBasename=$(echo $signed_attrs_filename | egrep -o '[^-]*_signed_attrs.der$')
+
+    # strip off the file suffix to get the OID name
+    if [ $(expr match "$signed_attrs_fileBasename" ".*_signed_attrs\.der$") != 0 ]; then
+        oid=${signed_attrs_fileBasename%_signed_attrs.der}
+    else  # It's some other filename
+        printf "\nERROR: file name is not in the expected format: %s\n" $signed_attrs_file | tee -a $logfile
+        return
+    fi
+
+    # some artifacts submit multiple copies of the same cert as .pem, .der, etc. Just skip the second one
+    if [ $(expr match "$alreadyTestedSigOIDs" ".*\;$oid\;.*") != 0 ]; then
+        printf "\nWarning: %s has been submitted multiple times by this provider. Skipping\n" $oid | tee -a $logfile
+        return
+    fi
+
+    openssl list --signature-algorithms --kem-algorithms | grep " $oid,"
+    if [ $? != 0 ]; then
+        printf "\nSkipping %s, unsupported\n" $signed_attrs_filename | tee -a $logfile
+        return
+    fi
+
+    alreadyTestedSigOIDs=${alreadyTestedSigOIDs}$oid";"
+
+    printf "\nTesting signed attributes %s\n" $signed_attrs_file | tee -a $logfile
+    output+=$(check_signed_attrs $signed_attrs_file $(dirname $signed_attrs_file)/ta.der)
+    status=$?
+    if [ $status != 0 ]; then
+        echo "Signed Attributes Result: FAIL" | tee -a $logfile
+        echo "${oid},N" >> $resultsfile
+    else
+        echo "Signed Attributes Result: SUCCESS" | tee -a $logfile
+        echo "${oid},Y" >> $resultsfile
+    fi
+
+    # log it to file and to stdout
+    echo "$output" | tee -a $logfile
+}
+
+check_kemri() {
+    eefile=$1
+    oid=$2
+
+    priv_key=$( find $(dirname $eefile) -name "*${oid}*_priv.der" -print -quit )
+    kemri_base=${eefile%_ee.der}
+    for kemri_file in ${kemri_base}_kemri*.der; do
+        if [[ "$kemri_file" == *"kmac"* ]]; then
+            printf "\nSkipping KMAC %s\n" $kemri_file | tee -a $logfile
+            continue
+        fi
+        OUTFILE=$(mktemp)
+        rm -f $OUTFILE
+
+        printf "\nTesting KEMRI %s\n" $kemri_file | tee -a $logfile
+
+        openssl cms -decrypt -inform DER -in ${kemri_file} -recip ${eefile} \
+            -inkey ${priv_key} -keyform DER -out $OUTFILE
+        if [ $? -ne 0 ]; then
+            echo "ERROR: Decrypting KEMRI" | tee -a $logfile
+            return 1
+        fi
+        rm -f $OUTFILE
+    done
+
+    return 0
+}
+
+# Requires an input: the TA file to test
+test_kemri() {
+    eefile=$1
+    resultsfile=$2
+
+    output=""
+    eefileBasename=$(basename $eefile)
+
+    # strip off the friendly name
+    eefileBasename=$(echo $eefileBasename | egrep -o '[^-]*_ee.der$')
+
+    # strip off the file suffix to get the OID name
+    if [ $(expr match "$eefileBasename" ".*_ee\.der$") != 0 ]; then
+        oid=${eefileBasename%_ee.der}
+    else  # It's some other filename
+        printf "\nERROR: file name is not in the expected format: %s\n" $eefile | tee -a $logfile
+        return
+    fi
+
+    # some artifacts submit multiple copies of the same cert as .pem, .der, etc. Just skip the second one
+    if [ $(expr match "$alreadyTestedKEMOIDs" ".*\;$oid\;.*") != 0 ]; then
+        printf "\nWarning: %s has been submitted multiple times by this provider. Skipping\n" $oid | tee -a $logfile
+        return
+    fi
+
+    openssl list --signature-algorithms --kem-algorithms | grep " $oid,"
+    if [ $? != 0 ]; then
+        printf "\nSkipping %s, unsupported\n" $eefileBasename | tee -a $logfile
+        return
+    fi
+
+    alreadyTestedKEMOIDs=${alreadyTestedKEMOIDs}$oid";"
+
+    printf "\nTesting EE %s\n" $eefile | tee -a $logfile
+    output+=$(check_kemri $eefile $oid)
+    status=$?
+    if [ $status != 0 ]; then
+        echo "KemRecipientInfo Result: FAIL" | tee -a $logfile
+        echo "${oid},N" >> $resultsfile
+    else
+        echo "KemRecipientInfo Result: SUCCESS" | tee -a $logfile
+        echo "${oid},Y" >> $resultsfile
+    fi
+
+    # log it to file and to stdout
+    echo "$output" | tee -a $logfile
+}
+
+# First, recurse into any provider dir
+for providerdir in $(ls -d $inputdir/*/); do
+    provider=$(basename $providerdir)
+
+    printf "\n**** BEGIN provider %s **** \n" $provider | tee -a $logfile
+
+    # process certs
+    zip=${providerdir}$cmszip
+    if ! [ -f $zip ]; then
+        continue
+    fi
+    unzipdir=${providerdir}$certsdir
+    printf "\nUnzipping %s to %s\n" $zip $unzipdir | tee -a $logfile
+    unzip -o $zip -d $unzipdir
+
+    resultsfile=${outputdir}/${provider}_openssl.csv
+    echo "key_algorithm_oid,test_result" > $resultsfile  # CSV header row
+
+    alreadyTestedSigOIDs=";"  # for a guard to skip testing the same cert multiple times
+    alreadyTestedKEMOIDs=";"  # for a guard to skip testing the same cert multiple times
+    # test each signed attributes fileartifact
+    for signed_attrs_file in $(find $unzipdir \( -iname "*_signed_attrs.der" \)); do
+        test_signed_attrs "$signed_attrs_file" "$resultsfile"
+    done
+    # test each KEMRI artifact
+    for eefile in $(find $unzipdir \( -iname "*_ee.der" \)); do
+        test_kemri "$eefile" "$resultsfile"
+    done
+
+    printf "\n**** DONE provider %s **** \n" $provider | tee -a $logfile
+done
+
+printf "\n**** DONE **** \n" | tee -a $logfile