liboqs: check whether Kyber768 is compiled in

In the default build configuration of liboqs 0.10.1, Kyber768 is
disabled. This adds a guard against it and skip tests if not
available.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/devel/dlwrap/oqs.syms b/devel/dlwrap/oqs.syms
index 8f067b2dd30ef321d411a61ea8b85fea7d28e1ea..413f887598b2d5955cd071ff0333fbc657a12ae9 100644 (file)
--- a/devel/dlwrap/oqs.syms
+++ b/devel/dlwrap/oqs.syms
@@ -1,6 +1,7 @@
 OQS_SHA3_set_callbacks
 OQS_init
 OQS_destroy
+OQS_KEM_alg_is_enabled
 OQS_KEM_new
 OQS_KEM_encaps
 OQS_KEM_decaps

diff --git a/lib/dlwrap/oqsfuncs.h b/lib/dlwrap/oqsfuncs.h
index 95c1b083dc1df60a5c69380400f28b531b8a2004..4aa0ba4ab4c2303a361cdecc889af5f2513f1a45 100644 (file)
--- a/lib/dlwrap/oqsfuncs.h
+++ b/lib/dlwrap/oqsfuncs.h
@@ -7,6 +7,7 @@ VOID_FUNC(void, OQS_init, (void), ())
 VOID_FUNC(void, OQS_destroy, (void), ())
 VOID_FUNC(void, OQS_SHA3_set_callbacks, (struct OQS_SHA3_callbacks *new_callbacks), (new_callbacks))
 VOID_FUNC(void, OQS_randombytes_custom_algorithm, (void (*algorithm_ptr)(uint8_t *, size_t)), (algorithm_ptr))
+FUNC(int, OQS_KEM_alg_is_enabled, (const char *method_name), (method_name))
 FUNC(OQS_KEM *, OQS_KEM_new, (const char *method_name), (method_name))
 FUNC(OQS_STATUS, OQS_KEM_keypair, (const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key), (kem, public_key, secret_key))
 FUNC(OQS_STATUS, OQS_KEM_encaps, (const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key), (kem, ciphertext, shared_secret, public_key))

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index eb8c44459d9ece84e38efb4c8a57b8f5eabebd0c..8a987ed12180f547162d1ce4b7353d754839fe88 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -704,7 +704,9 @@ static int _wrap_nettle_pk_encaps(gnutls_pk_algorithm_t algo,
                OQS_KEM *kem = NULL;
                OQS_STATUS rc;
 
-               if (_gnutls_liboqs_ensure() < 0)
+               if (_gnutls_liboqs_ensure() < 0 ||
+                   !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                           OQS_KEM_alg_kyber_768))
                        return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
 
                kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
@@ -765,7 +767,9 @@ static int _wrap_nettle_pk_decaps(gnutls_pk_algorithm_t algo,
                OQS_KEM *kem = NULL;
                OQS_STATUS rc;
 
-               if (_gnutls_liboqs_ensure() < 0)
+               if (_gnutls_liboqs_ensure() < 0 ||
+                   !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                           OQS_KEM_alg_kyber_768))
                        return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
 
                kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
@@ -2359,7 +2363,9 @@ static int _wrap_nettle_pk_exists(gnutls_pk_algorithm_t pk)
                return 1;
 #ifdef HAVE_LIBOQS
        case GNUTLS_PK_EXP_KYBER768:
-               return _gnutls_liboqs_ensure() == 0;
+               return _gnutls_liboqs_ensure() == 0 &&
+                      GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                              OQS_KEM_alg_kyber_768);
 #endif
        default:
                return 0;
@@ -2997,7 +3003,9 @@ static int pct_test(gnutls_pk_algorithm_t algo,
                break;
 #ifdef HAVE_LIBOQS
        case GNUTLS_PK_EXP_KYBER768:
-               if (_gnutls_liboqs_ensure() < 0) {
+               if (_gnutls_liboqs_ensure() < 0 ||
+                   !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                           OQS_KEM_alg_kyber_768)) {
                        ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
                        goto cleanup;
                }
@@ -3736,12 +3744,12 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
                OQS_KEM *kem = NULL;
                OQS_STATUS rc;
 
-#ifdef HAVE_LIBOQS
-               if (_gnutls_liboqs_ensure() < 0) {
+               if (_gnutls_liboqs_ensure() < 0 ||
+                   !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                           OQS_KEM_alg_kyber_768)) {
                        ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
                        goto cleanup;
                }
-#endif
 
                not_approved = true;
 
@@ -4038,8 +4046,9 @@ static int wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo,
        }
 #ifdef HAVE_LIBOQS
        case GNUTLS_PK_EXP_KYBER768:
-               ret = _gnutls_liboqs_ensure();
-               if (ret < 0)
+               if (_gnutls_liboqs_ensure() < 0 ||
+                   !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
+                           OQS_KEM_alg_kyber_768))
                        ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
                break;
 #endif

diff --git a/tests/pqc-hybrid-kx.sh b/tests/pqc-hybrid-kx.sh
index b587587bd210b1524ca9680c65eeab931c86b783..6d47105fa0b435ace7eb55b2cc713061e9d0714b 100644 (file)
--- a/tests/pqc-hybrid-kx.sh
+++ b/tests/pqc-hybrid-kx.sh
@@ -31,6 +31,10 @@ if ! test -x "${CLI}"; then
        exit 77
 fi
 
+if ! "${CLI}" --list | grep '^Public Key Systems: .*Kyber768.*' >/dev/null; then
+       exit 77
+fi
+
 . "${srcdir}/scripts/common.sh"
 testdir=`create_testdir pqc-hybrid-kx`