Sync from SUSE:SLFO:Main liboqs revision 8cdadc6f0acc4382e8acfb052501f41c

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

baselibs.conf

@@ -0,0 +1,2 @@
+liboqs4
+liboqs-devel

liboqs-fix-build.patch

@@ -0,0 +1,174 @@
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h
+@@ -30,12 +30,13 @@
+ #endif
+ 
+ #define crypto_kem_keypair KYBER_NAMESPACE(keypair)
+-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
++
+ 
+ #define crypto_kem_enc KYBER_NAMESPACE(enc)
+-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
+ 
+ #define crypto_kem_dec KYBER_NAMESPACE(dec)
+-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
+ 
+ #endif
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h
+@@ -30,12 +30,15 @@
+ #endif
+ 
+ #define crypto_kem_keypair KYBER_NAMESPACE(keypair)
+-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
++
+ 
+ #define crypto_kem_enc KYBER_NAMESPACE(enc)
+-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
++
+ 
+ #define crypto_kem_dec KYBER_NAMESPACE(dec)
+-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
++
+ 
+ #endif
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h
+@@ -30,12 +30,14 @@
+ #endif
+ 
+ #define crypto_kem_keypair KYBER_NAMESPACE(keypair)
+-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]);
++
+ 
+ #define crypto_kem_enc KYBER_NAMESPACE(enc)
+-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]);
++
+ 
+ #define crypto_kem_dec KYBER_NAMESPACE(dec)
+-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]);
+ 
+ #endif
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c
+@@ -20,8 +20,7 @@
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_keypair(uint8_t *pk,
+-                       uint8_t *sk)
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   indcpa_keypair(pk, sk);
+@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_enc(uint8_t *ct,
+-                   uint8_t *ss,
+-                   const uint8_t *pk)
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
+ {
+   uint8_t buf[2*KYBER_SYMBYTES];
+   /* Will contain key, coins */
+@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
+ *
+ * On failure, ss will contain a pseudo-random value.
+ **************************************************/
+-int crypto_kem_dec(uint8_t *ss,
+-                   const uint8_t *ct,
+-                   const uint8_t *sk)
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   int fail;
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c
+@@ -20,8 +20,7 @@
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_keypair(uint8_t *pk,
+-                       uint8_t *sk)
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   indcpa_keypair(pk, sk);
+@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_enc(uint8_t *ct,
+-                   uint8_t *ss,
+-                   const uint8_t *pk)
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
+ {
+   uint8_t buf[2*KYBER_SYMBYTES];
+   /* Will contain key, coins */
+@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
+ *
+ * On failure, ss will contain a pseudo-random value.
+ **************************************************/
+-int crypto_kem_dec(uint8_t *ss,
+-                   const uint8_t *ct,
+-                   const uint8_t *sk)
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   int fail;
+Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c
+@@ -20,8 +20,7 @@
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_keypair(uint8_t *pk,
+-                       uint8_t *sk)
++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   indcpa_keypair(pk, sk);
+@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk,
+ *
+ * Returns 0 (success)
+ **************************************************/
+-int crypto_kem_enc(uint8_t *ct,
+-                   uint8_t *ss,
+-                   const uint8_t *pk)
++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES])
+ {
+   uint8_t buf[2*KYBER_SYMBYTES];
+   /* Will contain key, coins */
+@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct,
+ *
+ * On failure, ss will contain a pseudo-random value.
+ **************************************************/
+-int crypto_kem_dec(uint8_t *ss,
+-                   const uint8_t *ct,
+-                   const uint8_t *sk)
++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES])
+ {
+   size_t i;
+   int fail;

liboqs-fix-prototypemismatch.patch

@@ -0,0 +1,17 @@
+Index: liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
+===================================================================
+--- liboqs-0.8.0.orig/src/kem/frodokem/kem_frodokem.h
++++ liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h
+@@ -11,9 +11,9 @@
+ #define OQS_KEM_frodokem_640_aes_length_ciphertext 9720
+ #define OQS_KEM_frodokem_640_aes_length_shared_secret 16
+ OQS_KEM *OQS_KEM_frodokem_640_aes_new(void);
+-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(uint8_t *public_key, uint8_t *secret_key);
+-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(unsigned char *public_key, unsigned char *secret_key);
++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(unsigned char *ciphertext, unsigned char *shared_secret, const unsigned char *public_key);
++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(unsigned char *shared_secret, const unsigned char *ciphertext, const unsigned char *secret_key);
+ #endif
+ 
+ #ifdef OQS_ENABLE_KEM_frodokem_640_shake

liboqs.changes

@@ -0,0 +1,100 @@
+-------------------------------------------------------------------
+Tue Jan 23 15:19:41 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.9.2:
+  - Fixed potential non-constant-time behaviour in Kyber based on https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196  
+    (bsc#1219614)
+  - Kyber: C, AVX2, and aarch64 implementation updated
+
+-------------------------------------------------------------------
+Sun Dec 24 10:00:49 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.9.1:
+  - Key encapsulation mechanisms
+
+    - Kyber: C, AVX2, and aarch64 implementation updated
+
+-------------------------------------------------------------------
+Fri Oct 13 07:31:49 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.9.0
+
+  This release features an update to the Classic McEliece KEM, bringing it
+  in line with NIST Round 4. It also adds or updates ARM implementations
+  for Kyber,   Dilithium, and Falcon.
+
+- major library version 4
+
+-------------------------------------------------------------------
+Thu Jun  8 07:14:12 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.8.0
+  This release features many algorithm updates, including removal
+  of algorithms and variants no longer proceeding through NIST
+  standardization and updates to newer versions.  See the detailed list
+  of algorithm updates below.
+
+  Key encapsulation mechanisms:
+
+  - BIKE: updated to Round 4 version.
+  - Kyber: 90s variants were removed.
+  - NTRU Prime: All variants were removed, except for sntrup761.
+  - Saber: removed.
+
+  Digital signature schemes
+
+  - Dilithium; AES variants were removed.
+  - Falcon: updated to the 2023-02-07 version.
+  - Picnic: removed.
+  - Rainbow: removed.
+  - SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
+
+  Other changes
+
+  - Add Cryptographic Bill of Materials (CBOM)
+  - Improve building on ARM platforms
+  - Improve performance when using OpenSSL 3 for symmetric cryptography
+  - Increment shared object library version
+  - New configure-time options for algorithm selections
+  - pkgconfig file now available
+
+- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream
+- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream
+
+- liboqs is now liboqs.so.3.
+
+-------------------------------------------------------------------
+Wed Mar 29 06:38:25 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- liboqs-fix-prototypemismatch.patch: fixed uint8_t* vs unsigned char* mismatch
+- disable -Werror for now.
+
+-------------------------------------------------------------------
+Tue Nov 15 16:10:18 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Ship the README.md mentioned in the description.
+- Compact descriptions.
+
+-------------------------------------------------------------------
+Sat Jul  2 07:21:42 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
+
+- Add upstream changes:
+  * 0001-Add-support-for-powerpc64.-1160.patch
+  * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
+- Spec cleanup
+
+-------------------------------------------------------------------
+Tue Jan 25 07:48:57 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Stop building with march=native to get reproducible binaries (boo#1100677)
+
+-------------------------------------------------------------------
+Sun Jan  2 18:26:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Trim redundancies from description. Remove old specfile
+  constructs.
+
+-------------------------------------------------------------------
+Fri Nov 12 13:08:09 UTC 2021 - Marcus Meissner <meissner@suse.com>
+
+- initial import of the liboqs Open Quantum Safe library, version 0.7.1

liboqs.spec

@@ -0,0 +1,103 @@
+#
+# spec file for package liboqs
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           liboqs
+Version:        0.9.2
+Release:        0
+Summary:        C library for quantum-resistant cryptographic algorithms
+License:        MIT
+Group:          Productivity/Security
+URL:            https://github.com/open-quantum-safe/liboqs/
+Source:         https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
+Source1:        baselibs.conf
+Patch0:         liboqs-fix-build.patch
+Patch1:         liboqs-fix-prototypemismatch.patch
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  libopenssl-devel
+
+%description
+liboqs is a C library for quantum-resistant cryptographic algorithms.
+See the bundled README.md for particular limitations on intended use.
+
+%package -n liboqs4
+Summary:        C library for quantum-resistant cryptographic algorithms
+Group:          System/Libraries
+
+%description -n liboqs4
+liboqs is a C library for quantum-resistant cryptographic algorithms.
+See the bundled README.md for particular limitations on intended use.
+
+%package devel
+Summary:        Headers for liboqs, a library for quantum-resistant cryptography
+Group:          Development/Languages/C and C++
+Requires:       liboqs4 = %{version}
+
+%description devel
+liboqs is a C library for quantum-resistant cryptographic algorithms.
+See the bundled README.md for particular limitations on intended use.
+
+%prep
+%autosetup -p1
+
+%build
+export RPM_OPT_FLAGS="%{optflags} -std=gnu11"
+
+# 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder
+# exists
+cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON
+
+pushd build
+%cmake_build
+popd
+
+%install
+%cmake_install
+
+# need to find out what cmake option is needed
+mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
+
+#if [ "%{_lib}" != "lib" ]; then
+  # mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
+#fi
+
+rmdir %{buildroot}%{_prefix}/local/
+
+%post -n liboqs4 -p /sbin/ldconfig
+%postun -n liboqs4 -p /sbin/ldconfig
+
+%files -n liboqs4
+%license LICENSE.txt
+%{_libdir}/liboqs.so.%version
+%{_libdir}/liboqs.so.4
+%doc README.md
+
+%files devel
+%license LICENSE.txt
+%dir %{_includedir}/oqs
+%{_includedir}/oqs/*
+%{_libdir}/liboqs.so
+%{_libdir}/pkgconfig/liboqs.pc
+%dir %{_libdir}/cmake/
+%dir %{_libdir}/cmake/liboqs/
+%{_libdir}/cmake/liboqs/liboqsTargets-noconfig.cmake
+%{_libdir}/cmake/liboqs/liboqsTargets.cmake
+%{_libdir}/cmake/liboqs/liboqsConfig.cmake
+%{_libdir}/cmake/liboqs/liboqsConfigVersion.cmake
+
+%changelog