open-quantum-safe / liboqs-rust Goto Github PK
View Code? Open in Web Editor NEWRust bindings for liboqs
Home Page: https://openquantumsafe.org/
License: Apache License 2.0
Rust bindings for liboqs
Home Page: https://openquantumsafe.org/
License: Apache License 2.0
I am currently trying to write a FreeBSD port (i.e. distribution package) for the rosenpass project. In the process of doing that I noticed that it bundles a static copy of liboqs through your crate. This is unfortunate. We would strongly prefer if the project instead linked against liboqs.so
so we can fix potential security issues in a single place.
Would it be possible for you to permit linking against a shared library instead of building and linking your own static copy of the code?
The files contained in liboqs/.Cmake
are required for building. When vendoring the dependencies of rosenpass (e.g. for packaging), cargo vendor
does not include these files, since dotfiles are usually excluded, unless they are explicitly included using include in the manifest.
cd rosenpass
cargo vendor rosen-vendor --respect-source-config
ls rosen-vendor/oqs-sys/liboqs/.Cmake
In the primary C library, linking to OpenSSL is disabled on Windows. However, in this crate, it is enabled by default on all platforms. Without --no-default-features
, this causes a number of compilation errors on Windows when trying to build oqs
in the build script.
Please consider not linking to OpenSSL by default, especially on Windows, although it causes installation headaches on all platforms.
Trying to get CI on my pull request to go green, the MacOS build fails with
ld: library 'crypto' not found
I don't think there is a particular OS-specific impact of the new code and no new library code is being invoked -
it looks like the cause of the error may be a library upgrade.
At least when using Classic-McEliece-8192128f
, generating keys causes a stack overflow. It occurs when func
is called here.
Minimal reproducible example:
fn main() {
let kem = Kem::new(Algorithm::ClassicMcEliece8192128f).unwrap();
let (pubkey, secret) = kem.keypair().unwrap();
}
How to encrypt message with the symetric key of kem when i generated a shared secret?
eg: https://github.com/open-quantum-safe/liboqs-rust/blob/main/oqs/src/lib.rs#L31, how can i use b_kem_ss
to encrypt message?
would be very helpful for packager.
Using
oqs = { version="0.7.2", default-features = false, features = ["kyber"] }
I get when building
Compiling oqs-sys v0.7.2
error: failed to run custom build command for `oqs-sys v0.7.2`
Caused by:
process didn't exit successfully: `/Users/bas/scm/rust-hpke/target/debug/build/oqs-sys-450355f50f2b9656/build-script-build` (exit status: 101)
--- stdout
CMAKE_TOOLCHAIN_FILE_x86_64-apple-darwin = None
CMAKE_TOOLCHAIN_FILE_x86_64_apple_darwin = None
HOST_CMAKE_TOOLCHAIN_FILE = None
CMAKE_TOOLCHAIN_FILE = None
CMAKE_GENERATOR_x86_64-apple-darwin = None
CMAKE_GENERATOR_x86_64_apple_darwin = None
HOST_CMAKE_GENERATOR = None
CMAKE_GENERATOR = None
CMAKE_PREFIX_PATH_x86_64-apple-darwin = None
CMAKE_PREFIX_PATH_x86_64_apple_darwin = None
HOST_CMAKE_PREFIX_PATH = None
CMAKE_PREFIX_PATH = None
CMAKE_x86_64-apple-darwin = None
CMAKE_x86_64_apple_darwin = None
HOST_CMAKE = None
CMAKE = None
running: "cmake" "/Users/bas/.cargo/registry/src/github.com-1ecc6299db9ec823/oqs-sys-0.7.2/liboqs" "-DCMAKE_OSX_ARCHITECTURES=x86_64" "-DOQS_BUILD_ONLY_LIB=Yes" "-DOQS_DIST_BUILD=Yes" "-DOQS_ENABLE_KEM_BIKE=No" "-DOQS_ENABLE_KEM_CLASSIC_MCELIECE=No" "-DOQS_ENABLE_KEM_FRODOKEM=No" "-DOQS_ENABLE_KEM_HQC=No" "-DOQS_ENABLE_KEM_KYBER=Yes" "-DOQS_ENABLE_KEM_NTRU=No" "-DOQS_ENABLE_KEM_NTRUPRIME=No" "-DOQS_ENABLE_KEM_SABER=No" "-DOQS_ENABLE_KEM_SIDH=No" "-DOQS_ENABLE_KEM_SIKE=No" "-DOQS_ENABLE_SIG_DILITHIUM=No" "-DOQS_ENABLE_SIG_FALCON=No" "-DOQS_ENABLE_SIG_PICNIC=No" "-DOQS_ENABLE_SIG_RAINBOW=No" "-DOQS_ENABLE_SIG_SPHINCS=No" "-DOQS_USE_OPENSSL=No" "-DCMAKE_INSTALL_PREFIX=/Users/bas/scm/rust-hpke/target/debug/build/oqs-sys-d30719a70bf74e8d/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64 -arch x86_64" "-DCMAKE_C_COMPILER=/usr/bin/cc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64 -arch x86_64" "-DCMAKE_CXX_COMPILER=/usr/bin/c++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64 -arch x86_64" "-DCMAKE_ASM_COMPILER=/usr/bin/cc" "-DCMAKE_BUILD_TYPE=Release"
-- Configuring done (0.1s)
-- Generating done (0.3s)
-- Build files have been written to: /Users/bas/scm/rust-hpke/target/debug/build/oqs-sys-d30719a70bf74e8d/out/build
running: "cmake" "--build" "." "--target" "oqs" "--config" "Release"
[ 0%] Built target xkcp_low_keccakp_1600_plain64
[ 1%] Built target xkcp_low_keccakp_1600_avx2
[ 1%] Building C object src/kem/kyber/CMakeFiles/kyber_1024_90s_avx2.dir/pqcrystals-kyber_kyber1024-90s_avx2/indcpa.c.o
[ 1%] Building C object src/common/CMakeFiles/common.dir/aes/aes.c.o
[ 2%] Built target xkcp_low_keccakp_1600times4_avx2
[ 3%] Built target xkcp_low_keccakp_1600times4_serial
[ 4%] Building C object src/kem/kyber/CMakeFiles/kyber_512_ref.dir/kem_kyber_512.c.o
[ 5%] Building ASM object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/basemul.S.o
[ 5%] Building C object src/kem/kyber/CMakeFiles/kyber_512_ref.dir/pqcrystals-kyber_kyber512_ref/cbd.c.o
[ 6%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/cbd.c.o
[ 7%] Building C object src/kem/kyber/CMakeFiles/kyber_768_ref.dir/kem_kyber_768.c.o
[ 8%] Building ASM object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/basemul.S.o
[ 9%] Building C object src/common/CMakeFiles/common.dir/aes/aes_c.c.o
[ 9%] Building C object src/kem/kyber/CMakeFiles/kyber_1024_90s_avx2.dir/pqcrystals-kyber_kyber1024-90s_avx2/kem.c.o
[ 10%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/cbd.c.o
[ 10%] Building C object src/common/CMakeFiles/common.dir/aes/aes128_ni.c.o
[ 11%] Building C object src/common/CMakeFiles/common.dir/aes/aes256_ni.c.o
[ 11%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/consts.c.o
[ 12%] Building C object src/kem/kyber/CMakeFiles/kyber_1024_90s_avx2.dir/pqcrystals-kyber_kyber1024-90s_avx2/poly.c.o
[ 12%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/consts.c.o
[ 13%] Building C object src/kem/kyber/CMakeFiles/kyber_1024_90s_avx2.dir/pqcrystals-kyber_kyber1024-90s_avx2/rejsample.c.o
[ 14%] Building ASM object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/fq.S.o
[ 15%] Building C object src/common/CMakeFiles/common.dir/sha2/sha2.c.o
[ 16%] Building ASM object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/fq.S.o
[ 16%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/indcpa.c.o
[ 16%] Building C object src/common/CMakeFiles/common.dir/sha2/sha2_c.c.o
[ 16%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/indcpa.c.o
[ 17%] Building ASM object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/invntt.S.o
[ 18%] Building C object src/common/CMakeFiles/common.dir/sha3/xkcp_sha3.c.o
[ 19%] Building ASM object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/invntt.S.o
[ 19%] Building C object src/common/CMakeFiles/common.dir/sha3/xkcp_sha3x4.c.o
[ 20%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/kem.c.o
[ 21%] Building C object src/common/CMakeFiles/common.dir/common.c.o
[ 27%] Built target kyber_1024_90s_avx2
[ 28%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/kem.c.o
[ 28%] Building ASM object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/ntt.S.o
[ 29%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/poly.c.o
[ 30%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/polyvec.c.o
[ 30%] Building ASM object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/ntt.S.o
[ 31%] Building C object src/common/CMakeFiles/common.dir/pqclean_shims/nistseedexpander.c.o
[ 31%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/rejsample.c.o
[ 31%] Building C object src/common/CMakeFiles/common.dir/pqclean_shims/fips202.c.o
[ 32%] Building ASM object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/shuffle.S.o
[ 33%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/poly.c.o
[ 34%] Building C object src/common/CMakeFiles/common.dir/pqclean_shims/fips202x4.c.o
[ 35%] Building C object src/common/CMakeFiles/common.dir/rand/rand.c.o
[ 36%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/polyvec.c.o
[ 36%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/symmetric-shake.c.o
[ 36%] Building C object src/common/CMakeFiles/common.dir/rand/rand_nist.c.o
[ 36%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/rejsample.c.o
[ 37%] Building C object src/kem/kyber/CMakeFiles/kyber_768_avx2.dir/pqcrystals-kyber_kyber768_avx2/verify.c.o
[ 38%] Building ASM object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/shuffle.S.o
[ 38%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/symmetric-shake.c.o
[ 39%] Building C object src/kem/kyber/CMakeFiles/kyber_512_avx2.dir/pqcrystals-kyber_kyber512_avx2/verify.c.o
[ 39%] Built target kyber_768_avx2
[ 39%] Built target kyber_512_avx2
[ 39%] Built target common
--- stderr
/Users/bas/.cargo/registry/src/github.com-1ecc6299db9ec823/oqs-sys-0.7.2/liboqs/src/kem/kyber/kem_kyber_512.c:9:31: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
OQS_KEM *OQS_KEM_kyber_512_new() {
^
void
1 error generated.
make[3]: *** [src/kem/kyber/CMakeFiles/kyber_512_ref.dir/kem_kyber_512.c.o] Error 1
make[3]: *** Waiting for unfinished jobs....
/Users/bas/.cargo/registry/src/github.com-1ecc6299db9ec823/oqs-sys-0.7.2/liboqs/src/kem/kyber/kem_kyber_768.c:9:31: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
OQS_KEM *OQS_KEM_kyber_768_new() {
^
void
1 error generated.
make[3]: *** [src/kem/kyber/CMakeFiles/kyber_768_ref.dir/kem_kyber_768.c.o] Error 1
make[2]: *** [src/kem/kyber/CMakeFiles/kyber_768_ref.dir/all] Error 2
make[2]: *** Waiting for unfinished jobs....
make[2]: *** [src/kem/kyber/CMakeFiles/kyber_512_ref.dir/all] Error 2
make[1]: *** [src/CMakeFiles/oqs.dir/rule] Error 2
make: *** [oqs] Error 2
thread 'main' panicked at '
command did not execute successfully, got: exit status: 2
build script failed, must exit now', /Users/bas/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.50/src/lib.rs:1098:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Rust version:
stable-x86_64-apple-darwin (default)
rustc 1.67.1 (d5a82bbd2 2023-02-07)
Functions like ciphertext_from_bytes
should really not panic on user input.
When building on Windows, this error occurs and the build fails:
Chef@WJ68NAB4 ~\App\shared
$ cargo build
Blocking waiting for file lock on package cache
Updating git repository `https://github.com/open-quantum-safe/liboqs-rust`
Updating crates.io index
Blocking waiting for file lock on package cache
Blocking waiting for file lock on package cache
Blocking waiting for file lock on build directory
Compiling regex-syntax v0.6.22
Compiling regex v1.4.3
Compiling env_logger v0.8.3
Compiling bindgen v0.57.0
Compiling oqs-sys v0.5.0 (https://github.com/open-quantum-safe/liboqs-rust?branch=main#67abcfcb)
error: failed to run custom build command for `oqs-sys v0.5.0 (https://github.com/open-quantum-safe/liboqs-rust?branch=main#67abcfcb)`
Caused by:
process didn't exit successfully: `C:\Users\Chef\App\shared\target\debug\build\oqs-sys-318ffd7313b93664\build-script-build` (exit code: 101)
--- stderr
CMake Warning:
Manually-specified variables were not used by the project:
CMAKE_BUILD_TYPE
CMAKE_CXX_FLAGS
CMAKE_CXX_FLAGS_RELEASE
thread 'main' panicked at '
command did not execute successfully, got: exit code: 1
build script failed, must exit now', C:\Users\Chef\.cargo\registry\src\github.com-1ecc6299db9ec823\cmake-0.1.45\src\lib.rs:894:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Versions:
Hi guys,
I've got a crate that depends on the new version of liboqs-sys
being published. I'm not sure what the usual publish cadence is for Rust, but I'm super excited to see it ๐
Thanks in advance!
Compiling on host x86_64-windows-pc-msvc returns an error:
Compiling oqs-sys v0.1.0 (C:\foo\oqs-rs\oqs-sys)
Compiling oqs v0.1.0 (C:\foo\oqs-rs\oqs)
error: could not find native static library `oqs`, perhaps an -L flag is missing?
(On a side note, I merely cloned the repo and tried running a simple unit test in a parent crate):
#[test]
fn test_oqs() {
oqs::init();
let alice = oqs::kem::Kem::new(oqs::kem::Algorithm::Firesaber).unwrap();
let (public_key, secret_key) = alice.keypair().unwrap();
let bob = oqs::kem::Kem::new(oqs::kem::Algorithm::Firesaber).unwrap();
let (ciphertext, bob_symmetric_key) = bob.encapsulate(public_key.as_ref()).unwrap();
let alice_symmetric_key = alice.decapsulate(secret_key.as_ref(), ciphertext.as_ref()).unwrap();
assert_eq!(alice_symmetric_key.as_ref(), bob_symmetric_key.as_ref());
}
Took a look at the codebase - code looks sharp. Well done. Would really like to get this to work to replace your pqcrypto crate for "real world" purposes (startup).
At the moment, this crate is only expected to work on intel. We might want to set up CI for ARMv8 and next figure out the relevant CMake flags etc.
I'm trying to build project for multiple architectures but it fails on aarch64 due to a mismatch of the ssize_t
and the pointer size. Full error message below. I see that it's possible to set --no-size_t-is-usize
but wonder if that's the correct way to do so, I see that ops-sys
explicitly sets this option to true in build.rs
.
error: failed to run custom build command for oqs-sys v0.9.1+liboqs-0.9.0 (https://github.com/open-quantum-safe/liboqs-rust.git?rev=07e569027cf4dcaa5991cf2f16d63b0363957327#07e56902)
Caused by:
process didn't exit successfully: `/home/aparcar/openwrt/build_dir/target-aarch64_generic_musl/rosenpass-72f68c9bac3b1b3cd09110493f9b953f6dc29eff/target/release/build/oqs-sys-80409713af391698/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=LIBOQS_NO_VENDOR
cargo:rerun-if-env-changed=LIBOQS_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=LIBOQS_STATIC
cargo:rerun-if-env-changed=LIBOQS_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=SYSROOT
cargo:rerun-if-env-changed=LIBOQS_STATIC
cargo:rerun-if-env-changed=LIBOQS_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rustc-link-search=native=/home/aparcar/openwrt/staging_dir/target-aarch64_generic_musl/usr/lib
cargo:rustc-link-lib=oqs
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=LIBOQS_STATIC
cargo:rerun-if-env-changed=LIBOQS_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_STATIC
cargo:rerun-if-env-changed=PKG_CONFIG_ALL_DYNAMIC
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_PATH_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_PATH
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_LIBDIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_aarch64-unknown-linux-musl
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_aarch64_unknown_linux_musl
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
--- stderr
thread 'main' panicked at /home/aparcar/openwrt/dl/cargo/registry/src/index.crates.io-6f17d22bba15001f/bindgen-0.69.4/codegen/mod.rs:912:25:
assertion `left == right` failed: Target platform requires `--no-size_t-is-usize`. The size of `ssize_t` (4) does not match the target pointer size (8)
left: 4
right: 8
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Currently it is possible to create a PublicKeyRef from bytes using public_key_from_bytes.
It is also possible to derive a PublicKeyRef from PublicKey.
However there seems to be no mechanism at all to generate a PublicKey struct from bytes.
Things that don't work include
Would it be possible to include PublicKey struct creation from bytes?
We're currently using the liboqs version numbering scheme, which does make it clear which version we're bundling. However, that also means that we can't really release patch versions. This is sometimes a problem: #189
One possibility would be to do the following: Release 0.7.2
as 7.2.0
so that we can actually issue patch releases.
I'm on Win 10, VS code. Adding oqs = "" or oqs-sys = "" in Cargo.toml causes a build step to occur which fails with this message:
CMake Error at C:/Program Files/CMake/share/cmake-3.20/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder
Installing OpenSSL and setting OPENSSL_ROOT_DIR environment variable as the message suggests has no effect.
Need to add:
I can't build my project for x86 with a musl libc due to open-quantum-safe/liboqs#1442 , and as I see there is no way to trigger the aforementioned CMake option using the rust wrapper, and due to #190 I can also not substitute the version of liboqs used externally ๐
This crate does not vendor correctly, This is caused (AFAIK) by a (long standing) bug-feature in cargo but triggered by liboqs submodule. Nevertheless victim is this crate.
Some distributions build packages with Rust software using cargo vendor
method. This allows for reproducible builds and builds without Internet access. (Without creation of a lot of build dependency packages).) With this bug, though, oqs-sys
crate does not vendored correctly, causing build failures of dependent packages.
How to reproduce. I'm building Rosenpass:
rosenpass$ cargo vendor
rosenpass$ cat > .cargo/config.toml <<EOF
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF
rosenpass$ cargo build --offline
...
error: failed to run custom build command for `oqs-sys v0.7.2`
Caused by:
process didn't exit successfully: `/home/vt/src/rosenpass/target/debug/build/oqs-sys-0a39e907fb61174b/build-script-build` (exit status: 101)
--- stdout
CMAKE_TOOLCHAIN_FILE_x86_64-unknown-linux-gnu = None
CMAKE_TOOLCHAIN_FILE_x86_64_unknown_linux_gnu = None
HOST_CMAKE_TOOLCHAIN_FILE = None
CMAKE_TOOLCHAIN_FILE = None
CMAKE_GENERATOR_x86_64-unknown-linux-gnu = None
CMAKE_GENERATOR_x86_64_unknown_linux_gnu = None
HOST_CMAKE_GENERATOR = None
CMAKE_GENERATOR = None
CMAKE_PREFIX_PATH_x86_64-unknown-linux-gnu = None
CMAKE_PREFIX_PATH_x86_64_unknown_linux_gnu = None
HOST_CMAKE_PREFIX_PATH = None
CMAKE_PREFIX_PATH = None
CMAKE_x86_64-unknown-linux-gnu = None
CMAKE_x86_64_unknown_linux_gnu = None
HOST_CMAKE = None
CMAKE = None
running: "cmake" "/home/vt/src/rosenpass/vendor/oqs-sys/liboqs" "-DOQS_BUILD_ONLY_LIB=Yes" "-DOQS_DIST_BUILD=Yes" "-DOQS_ENABLE_KEM_BIKE=No" "-DOQS_ENABLE_KEM_CLASSIC_MCELIECE=Yes" "-DOQS_ENABLE_KEM_FRODOKEM=No" "-DOQS_ENABLE_KEM_HQC=No" "-DOQS_ENABLE_KEM_KYBER=Yes" "-DOQS_ENABLE_KEM_NTRU=No" "-DOQS_ENABLE_KEM_NTRUPRIME=No" "-DOQS_ENABLE_KEM_SABER=No" "-DOQS_ENABLE_KEM_SIDH=No" "-DOQS_ENABLE_KEM_SIKE=No" "-DOQS_ENABLE_SIG_DILITHIUM=No" "-DOQS_ENABLE_SIG_FALCON=No" "-DOQS_ENABLE_SIG_PICNIC=No" "-DOQS_ENABLE_SIG_RAINBOW=No" "-DOQS_ENABLE_SIG_SPHINCS=No" "-DOQS_USE_OPENSSL=No" "-DCMAKE_INSTALL_PREFIX=/home/vt/src/rosenpass/target/debug/build/oqs-sys-fb1d27fcfe285523/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_C_COMPILER=/usr/bin/cc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_CXX_COMPILER=/usr/bin/c++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_ASM_COMPILER=/usr/bin/cc" "-DCMAKE_BUILD_TYPE=Release"
-- Configuring incomplete, errors occurred!
See also "/home/vt/src/rosenpass/target/debug/build/oqs-sys-fb1d27fcfe285523/out/build/CMakeFiles/CMakeOutput.log".
--- stderr
CMake Error at CMakeLists.txt:111 (include):
include could not find requested file:
.CMake/compiler_opts.cmake
CMake Error at CMakeLists.txt:112 (include):
include could not find requested file:
.CMake/alg_support.cmake
thread 'main' panicked at '
command did not execute successfully, got: exit status: 1
build script failed, must exit now', /home/vt/src/rosenpass/vendor/cmake/src/lib.rs:1104:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
This is happened because liboqs's https://github.com/open-quantum-safe/liboqs/blob/main/CMakeLists.txt#L117 tries to include .cmake files from dot-directory .CMake/
.
include(.CMake/compiler_opts.cmake)
include(.CMake/alg_support.cmake)
And cargo is filtering out directories like these.
(They once fixed this for dotfiles but not for directories.)
Workaround for me was to copy files from registry
(from previous non-offline build) into vendor
tree:
rsync -a ~/.cargo/registry/src/github.com-1ecc6299db9ec823/oqs-sys-0.7.2/liboqs/.CMake/ vendor/oqs-sys/liboqs/.CMake/
It seems that currently there is not other method, except by fixing cargo or renaming .CMake
dir in liboqs
.
Currently, the PublicKey types etc are completely generic. It might make sense to move them into schemes, as their size restrictions etc could then be set up correctly. However, I think this might have some downsides because you're dealing with ?Sized
types
I'm seeing some lint warnings in the CI output, e.g. about putting variables into format!("{variable}")
calls directly.
Currently, the build.rs
of oqs-sys
is configured so that oqs is recompiled every time cargo build
is executed. This really takes the fun away from cargo watch
etc., as it blows the time of a cargo build
with an already filled target/
to 20 seconds+.
https://doc.rust-lang.org/cargo/reference/build-scripts.html#change-detection provides some guidance on how to refine the behavior in this regard.
The version currently on crates.io is a bit out-of-date. Notably: it contains a bunch of round-2 implementations still.
However, we can't bump to version 0.4.0 because that would match the round-2 release number of liboqs, which we're ahead of.
Bumping to version 0.5.0 would be confusing, as that's the next liboqs release.
The best solution seems to be to just wait for version 0.5.0 of liboqs to be released, after which we'll follow liboqs releases.
MacOS Monterey 12.4, Xcode-13.4.1.
$ rustc -V --verbose
rustc 1.61.0
binary: rustc
commit-hash: unknown
commit-date: unknown
host: x86_64-apple-darwin
release: 1.61.0
LLVM version: 14.0.0
$
$ cargo test
Compiling oqs-sys v0.7.1 (/Users/ur20980/src/liboqs-rust/oqs-sys)
Compiling oqs v0.7.1 (/Users/ur20980/src/liboqs-rust/oqs)
Finished test [unoptimized + debuginfo] target(s) in 2.91s
Running unittests src/lib.rs (target/debug/deps/oqs-efd60abe37588300)
running 614 tests
test kem::BikeL3::test_get_algorithm_back ... ok
test kem::BikeL1::test_get_algorithm_back ... ok
test kem::BikeL3::test_enabled ... ok
test kem::BikeL1::test_version ... ok
test kem::BikeL3::test_name ... ok
test kem::BikeL1::test_name ... ok
test kem::BikeL1::test_enabled ... ok
test kem::BikeL3::test_version ... ok
test kem::ClassicMcEliece348864::test_enabled ... ok
test kem::ClassicMcEliece348864::test_get_algorithm_back ... ok
test kem::ClassicMcEliece348864::test_version ... ok
test kem::ClassicMcEliece348864::test_name ... ok
test kem::ClassicMcEliece348864f::test_enabled ... ok
test kem::ClassicMcEliece348864f::test_get_algorithm_back ... ok
test kem::ClassicMcEliece348864f::test_version ... ok
test kem::ClassicMcEliece348864f::test_name ... ok
test kem::ClassicMcEliece460896::test_enabled ... ok
test kem::ClassicMcEliece460896::test_get_algorithm_back ... ok
test kem::ClassicMcEliece460896::test_name ... ok
test kem::ClassicMcEliece460896::test_version ... ok
test kem::ClassicMcEliece460896f::test_enabled ... ok
test kem::ClassicMcEliece460896f::test_get_algorithm_back ... ok
test kem::ClassicMcEliece460896f::test_name ... ok
test kem::ClassicMcEliece460896f::test_version ... ok
test kem::ClassicMcEliece6688128::test_enabled ... ok
test kem::ClassicMcEliece6688128::test_get_algorithm_back ... ok
test kem::ClassicMcEliece6688128::test_name ... ok
test kem::ClassicMcEliece6688128::test_version ... ok
test kem::ClassicMcEliece6688128f::test_enabled ... ok
test kem::ClassicMcEliece6688128f::test_get_algorithm_back ... ok
test kem::ClassicMcEliece6688128f::test_name ... ok
test kem::ClassicMcEliece6688128f::test_version ... ok
test kem::ClassicMcEliece6960119::test_enabled ... ok
test kem::ClassicMcEliece6960119::test_get_algorithm_back ... ok
test kem::ClassicMcEliece6960119::test_name ... ok
test kem::ClassicMcEliece6960119::test_version ... ok
test kem::ClassicMcEliece6960119f::test_enabled ... ok
test kem::ClassicMcEliece6960119f::test_get_algorithm_back ... ok
test kem::ClassicMcEliece6960119f::test_name ... ok
test kem::ClassicMcEliece6960119f::test_version ... ok
test kem::ClassicMcEliece8192128::test_enabled ... ok
test kem::ClassicMcEliece8192128::test_get_algorithm_back ... ok
test kem::ClassicMcEliece8192128::test_name ... ok
test kem::ClassicMcEliece8192128::test_version ... ok
test kem::ClassicMcEliece8192128f::test_enabled ... ok
test kem::ClassicMcEliece8192128f::test_get_algorithm_back ... ok
test kem::ClassicMcEliece8192128f::test_name ... ok
test kem::ClassicMcEliece8192128f::test_version ... ok
test kem::Firesaber::test_enabled ... ok
test kem::Firesaber::test_get_algorithm_back ... ok
test kem::Firesaber::test_name ... ok
. . . . .
test kem::SidhP751::test_version ... ok
test kem::SidhP751Compressed::test_enabled ... ok
thread 'kem::ClassicMcEliece8192128::test_encaps_decaps' has overflowed its stack
fatal runtime error: stack overflow
error: test failed, to rerun pass '-p oqs --lib'
Caused by:
process didn't exit successfully: `/Users/ur20980/src/liboqs-rust/target/debug/deps/oqs-efd60abe37588300` (signal: 6, SIGABRT: process abort signal)
Also, if I already have liboqs
built and installed - is there any way to use it, instead of rebuilding liboqs within this package?
In the conversation thread here, we discussed how to make oqs's C library compile to WASM. The build script and anything else internal should be modified to support compilation to the common WASM targets here for the rust crate, that way no modification is needed for users of this library.
no_std
as a feature to turn on makes less sense than turning off std
as a feature.
Probably hold off before more feature / API changes are necessary.
RustCrypto has finally decided what traits they want to have for KEMs and Signature schemes. We should probably make sure our types implement those traits as well.
See also rustpq/pqcrypto#40
Hi, could you help me please to resolve this dependencies issue?
I'm using Ubuntu 24 and Tauri
/usr/include/limits.h:124:16: fatal error: 'limits.h' file not found
thread 'main' panicked at /home/alu/.cargo/registry/src/index.crates.io-6f17d22bba15001f/oqs-sys-0.9.1+liboqs-0.9.0/build.rs:33:10:
Unable to generate bindings: ClangDiagnostic("/usr/include/limits.h:124:16: fatal error: 'limits.h' file not found\n")
Full log:
Full log here: [LOG](https://pastebin.com/MVJx5dAL)
The repo that is not working:
https://github.com/Avarok-Cybersecurity/citadel-workspace
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.