From 32976f0de63e1a6107edf14b79fe7ebfa703d927edbaed5fc2f4dca18c088c9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 15:25:37 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main liboqs revision 8cdadc6f0acc4382e8acfb052501f41c --- .gitattributes | 23 ++++ 0.9.2.tar.gz | 3 + baselibs.conf | 2 + liboqs-fix-build.patch | 174 +++++++++++++++++++++++++++++ liboqs-fix-prototypemismatch.patch | 17 +++ liboqs.changes | 100 +++++++++++++++++ liboqs.spec | 103 +++++++++++++++++ 7 files changed, 422 insertions(+) create mode 100644 .gitattributes create mode 100644 0.9.2.tar.gz create mode 100644 baselibs.conf create mode 100644 liboqs-fix-build.patch create mode 100644 liboqs-fix-prototypemismatch.patch create mode 100644 liboqs.changes create mode 100644 liboqs.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0.9.2.tar.gz b/0.9.2.tar.gz new file mode 100644 index 0000000..9bf4138 --- /dev/null +++ b/0.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a708c058d4d9dcf5568245439b526fa480180f1fa4541adf21b1d094dc9e0590 +size 3321090 diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..47862aa --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,2 @@ +liboqs4 +liboqs-devel diff --git a/liboqs-fix-build.patch b/liboqs-fix-build.patch new file mode 100644 index 0000000..1d96bb2 --- /dev/null +++ b/liboqs-fix-build.patch @@ -0,0 +1,174 @@ +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.h +@@ -30,12 +30,13 @@ + #endif + + #define crypto_kem_keypair KYBER_NAMESPACE(keypair) +-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); ++ + + #define crypto_kem_enc KYBER_NAMESPACE(enc) +-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); + + #define crypto_kem_dec KYBER_NAMESPACE(dec) +-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); + + #endif +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.h +@@ -30,12 +30,15 @@ + #endif + + #define crypto_kem_keypair KYBER_NAMESPACE(keypair) +-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); ++ + + #define crypto_kem_enc KYBER_NAMESPACE(enc) +-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); ++ + + #define crypto_kem_dec KYBER_NAMESPACE(dec) +-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); ++ + + #endif +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.h +@@ -30,12 +30,14 @@ + #endif + + #define crypto_kem_keypair KYBER_NAMESPACE(keypair) +-int crypto_kem_keypair(uint8_t *pk, uint8_t *sk); ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]); ++ + + #define crypto_kem_enc KYBER_NAMESPACE(enc) +-int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]); ++ + + #define crypto_kem_dec KYBER_NAMESPACE(dec) +-int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]); + + #endif +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c +@@ -20,8 +20,7 @@ + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_keypair(uint8_t *pk, +- uint8_t *sk) ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + indcpa_keypair(pk, sk); +@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_enc(uint8_t *ct, +- uint8_t *ss, +- const uint8_t *pk) ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) + { + uint8_t buf[2*KYBER_SYMBYTES]; + /* Will contain key, coins */ +@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, + * + * On failure, ss will contain a pseudo-random value. + **************************************************/ +-int crypto_kem_dec(uint8_t *ss, +- const uint8_t *ct, +- const uint8_t *sk) ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + int fail; +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c +@@ -20,8 +20,7 @@ + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_keypair(uint8_t *pk, +- uint8_t *sk) ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + indcpa_keypair(pk, sk); +@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_enc(uint8_t *ct, +- uint8_t *ss, +- const uint8_t *pk) ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) + { + uint8_t buf[2*KYBER_SYMBYTES]; + /* Will contain key, coins */ +@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, + * + * On failure, ss will contain a pseudo-random value. + **************************************************/ +-int crypto_kem_dec(uint8_t *ss, +- const uint8_t *ct, +- const uint8_t *sk) ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + int fail; +Index: liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c +=================================================================== +--- liboqs-0.8.0.orig/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c ++++ liboqs-0.8.0/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c +@@ -20,8 +20,7 @@ + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_keypair(uint8_t *pk, +- uint8_t *sk) ++int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + indcpa_keypair(pk, sk); +@@ -48,9 +47,7 @@ int crypto_kem_keypair(uint8_t *pk, + * + * Returns 0 (success) + **************************************************/ +-int crypto_kem_enc(uint8_t *ct, +- uint8_t *ss, +- const uint8_t *pk) ++int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], uint8_t ss[KYBER_SSBYTES], const uint8_t pk[KYBER_PUBLICKEYBYTES]) + { + uint8_t buf[2*KYBER_SYMBYTES]; + /* Will contain key, coins */ +@@ -91,9 +88,7 @@ int crypto_kem_enc(uint8_t *ct, + * + * On failure, ss will contain a pseudo-random value. + **************************************************/ +-int crypto_kem_dec(uint8_t *ss, +- const uint8_t *ct, +- const uint8_t *sk) ++int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], const uint8_t ct[KYBER_CIPHERTEXTBYTES], const uint8_t sk[KYBER_SECRETKEYBYTES]) + { + size_t i; + int fail; diff --git a/liboqs-fix-prototypemismatch.patch b/liboqs-fix-prototypemismatch.patch new file mode 100644 index 0000000..df3ef56 --- /dev/null +++ b/liboqs-fix-prototypemismatch.patch @@ -0,0 +1,17 @@ +Index: liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h +=================================================================== +--- liboqs-0.8.0.orig/src/kem/frodokem/kem_frodokem.h ++++ liboqs-0.8.0/src/kem/frodokem/kem_frodokem.h +@@ -11,9 +11,9 @@ + #define OQS_KEM_frodokem_640_aes_length_ciphertext 9720 + #define OQS_KEM_frodokem_640_aes_length_shared_secret 16 + OQS_KEM *OQS_KEM_frodokem_640_aes_new(void); +-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(uint8_t *public_key, uint8_t *secret_key); +-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +-OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); ++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(unsigned char *public_key, unsigned char *secret_key); ++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(unsigned char *ciphertext, unsigned char *shared_secret, const unsigned char *public_key); ++OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(unsigned char *shared_secret, const unsigned char *ciphertext, const unsigned char *secret_key); + #endif + + #ifdef OQS_ENABLE_KEM_frodokem_640_shake diff --git a/liboqs.changes b/liboqs.changes new file mode 100644 index 0000000..7407246 --- /dev/null +++ b/liboqs.changes @@ -0,0 +1,100 @@ +------------------------------------------------------------------- +Tue Jan 23 15:19:41 UTC 2024 - Marcus Meissner + +- updated to 0.9.2: + - Fixed potential non-constant-time behaviour in Kyber based on https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 + (bsc#1219614) + - Kyber: C, AVX2, and aarch64 implementation updated + +------------------------------------------------------------------- +Sun Dec 24 10:00:49 UTC 2023 - Marcus Meissner + +- updated to 0.9.1: + - Key encapsulation mechanisms + + - Kyber: C, AVX2, and aarch64 implementation updated + +------------------------------------------------------------------- +Fri Oct 13 07:31:49 UTC 2023 - Marcus Meissner + +- updated to 0.9.0 + + This release features an update to the Classic McEliece KEM, bringing it + in line with NIST Round 4. It also adds or updates ARM implementations + for Kyber, Dilithium, and Falcon. + +- major library version 4 + +------------------------------------------------------------------- +Thu Jun 8 07:14:12 UTC 2023 - Marcus Meissner + +- updated to 0.8.0 + This release features many algorithm updates, including removal + of algorithms and variants no longer proceeding through NIST + standardization and updates to newer versions. See the detailed list + of algorithm updates below. + + Key encapsulation mechanisms: + + - BIKE: updated to Round 4 version. + - Kyber: 90s variants were removed. + - NTRU Prime: All variants were removed, except for sntrup761. + - Saber: removed. + + Digital signature schemes + + - Dilithium; AES variants were removed. + - Falcon: updated to the 2023-02-07 version. + - Picnic: removed. + - Rainbow: removed. + - SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed + + Other changes + + - Add Cryptographic Bill of Materials (CBOM) + - Improve building on ARM platforms + - Improve performance when using OpenSSL 3 for symmetric cryptography + - Increment shared object library version + - New configure-time options for algorithm selections + - pkgconfig file now available + +- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream +- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream + +- liboqs is now liboqs.so.3. + +------------------------------------------------------------------- +Wed Mar 29 06:38:25 UTC 2023 - Marcus Meissner + +- liboqs-fix-prototypemismatch.patch: fixed uint8_t* vs unsigned char* mismatch +- disable -Werror for now. + +------------------------------------------------------------------- +Tue Nov 15 16:10:18 UTC 2022 - Jan Engelhardt + +- Ship the README.md mentioned in the description. +- Compact descriptions. + +------------------------------------------------------------------- +Sat Jul 2 07:21:42 UTC 2022 - Christophe Giboudeaux + +- Add upstream changes: + * 0001-Add-support-for-powerpc64.-1160.patch + * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch +- Spec cleanup + +------------------------------------------------------------------- +Tue Jan 25 07:48:57 UTC 2022 - Bernhard Wiedemann + +- Stop building with march=native to get reproducible binaries (boo#1100677) + +------------------------------------------------------------------- +Sun Jan 2 18:26:29 UTC 2022 - Jan Engelhardt + +- Trim redundancies from description. Remove old specfile + constructs. + +------------------------------------------------------------------- +Fri Nov 12 13:08:09 UTC 2021 - Marcus Meissner + +- initial import of the liboqs Open Quantum Safe library, version 0.7.1 diff --git a/liboqs.spec b/liboqs.spec new file mode 100644 index 0000000..5a45cb7 --- /dev/null +++ b/liboqs.spec @@ -0,0 +1,103 @@ +# +# spec file for package liboqs +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: liboqs +Version: 0.9.2 +Release: 0 +Summary: C library for quantum-resistant cryptographic algorithms +License: MIT +Group: Productivity/Security +URL: https://github.com/open-quantum-safe/liboqs/ +Source: https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz +Source1: baselibs.conf +Patch0: liboqs-fix-build.patch +Patch1: liboqs-fix-prototypemismatch.patch +BuildRequires: cmake +BuildRequires: doxygen +BuildRequires: libopenssl-devel + +%description +liboqs is a C library for quantum-resistant cryptographic algorithms. +See the bundled README.md for particular limitations on intended use. + +%package -n liboqs4 +Summary: C library for quantum-resistant cryptographic algorithms +Group: System/Libraries + +%description -n liboqs4 +liboqs is a C library for quantum-resistant cryptographic algorithms. +See the bundled README.md for particular limitations on intended use. + +%package devel +Summary: Headers for liboqs, a library for quantum-resistant cryptography +Group: Development/Languages/C and C++ +Requires: liboqs4 = %{version} + +%description devel +liboqs is a C library for quantum-resistant cryptographic algorithms. +See the bundled README.md for particular limitations on intended use. + +%prep +%autosetup -p1 + +%build +export RPM_OPT_FLAGS="%{optflags} -std=gnu11" + +# 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder +# exists +cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON + +pushd build +%cmake_build +popd + +%install +%cmake_install + +# need to find out what cmake option is needed +mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix} + +#if [ "%{_lib}" != "lib" ]; then + # mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir} +#fi + +rmdir %{buildroot}%{_prefix}/local/ + +%post -n liboqs4 -p /sbin/ldconfig +%postun -n liboqs4 -p /sbin/ldconfig + +%files -n liboqs4 +%license LICENSE.txt +%{_libdir}/liboqs.so.%version +%{_libdir}/liboqs.so.4 +%doc README.md + +%files devel +%license LICENSE.txt +%dir %{_includedir}/oqs +%{_includedir}/oqs/* +%{_libdir}/liboqs.so +%{_libdir}/pkgconfig/liboqs.pc +%dir %{_libdir}/cmake/ +%dir %{_libdir}/cmake/liboqs/ +%{_libdir}/cmake/liboqs/liboqsTargets-noconfig.cmake +%{_libdir}/cmake/liboqs/liboqsTargets.cmake +%{_libdir}/cmake/liboqs/liboqsConfig.cmake +%{_libdir}/cmake/liboqs/liboqsConfigVersion.cmake + +%changelog