Merge pull request #15 from christianpaquin/cp-update-oqs

Updated OQS

crypto/oqs/oqs_sig.c

@@ -124,7 +124,7 @@ int pkey_oqs_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     return 0;
   }
 
-  if (OQS_SIG_sign(oqs_ctx->s, oqs_ctx->sk, tbs, tbslen, sig, siglen) != 1) {
+  if (OQS_SIG_sign(oqs_ctx->s, oqs_ctx->sk, tbs, tbslen, sig, siglen) != OQS_SUCCESS) {
     OQSerr(0, ERR_R_FATAL);
     return 0;
   }
@@ -142,7 +142,7 @@ int pkey_oqs_verify(EVP_PKEY_CTX *ctx,
     return 0;
   }
 
-  if (OQS_SIG_verify(oqs_ctx->s, oqs_ctx->pk, tbs, tbslen, sig, siglen) != 1) {
+  if (OQS_SIG_verify(oqs_ctx->s, oqs_ctx->pk, tbs, tbslen, sig, siglen) != OQS_SUCCESS) {
     OQSerr(0, ERR_R_FATAL);
     return 0;
   }
@@ -219,7 +219,7 @@ int pkey_oqs_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
   if (!oqs_ctx || !oqs_ctx->s || !oqs_ctx->sk || !oqs_ctx->pk ) {
     goto err;
   }
-  if (OQS_SIG_keygen(oqs_ctx->s, oqs_ctx->sk, oqs_ctx->pk) != 1) {
+  if (OQS_SIG_keygen(oqs_ctx->s, oqs_ctx->sk, oqs_ctx->pk) != OQS_SUCCESS) {
     goto err;
   }
 

ssl/s3_clnt.c

@@ -3145,7 +3145,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 		    */
                 }
 
-                if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
+                if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != OQS_SUCCESS) {
                     SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                     goto err;
                 }
@@ -3307,7 +3307,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 		*/
             } 
 
-            if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
+            if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != OQS_SUCCESS) {
                 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                 goto err;
             }

ssl/s3_srvr.c

@@ -1922,7 +1922,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 
 
-                if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != 1) {
+                if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != OQS_SUCCESS) {
                     SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                     goto err;
                 }
@@ -2003,7 +2003,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 
 
-            if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != 1) {
+            if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != OQS_SUCCESS) {
                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                 goto err;
             }
@@ -3027,7 +3027,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 
 #ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
         if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_MSR) || (alg_k & SSL_kOQSKEX_SIDH_IQC_REF) || (alg_k & SSL_kOQSKEX_CODE_MCBITS) || (alg_k & SSL_kOQSKEX_NTRU) /*|| (alg_k & SSL_kOQSKEX_MLWE_KYBER)*/) {
-            if (OQS_KEX_alice_1(s->s3->tmp.oqskex_kex, s->s3->tmp.oqskex_priv, clnt_oqskex_msg, clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
+            if (OQS_KEX_alice_1(s->s3->tmp.oqskex_kex, s->s3->tmp.oqskex_priv, clnt_oqskex_msg, clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != OQS_SUCCESS) {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
@@ -3080,7 +3080,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         memcpy(clnt_oqskex_msg, p, clnt_oqskex_msg_len);
         p += clnt_oqskex_msg_len;
 
-        if (OQS_KEX_alice_1(s->s3->tmp.oqskex_kex, s->s3->tmp.oqskex_priv, clnt_oqskex_msg, clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
+        if (OQS_KEX_alice_1(s->s3->tmp.oqskex_kex, s->s3->tmp.oqskex_priv, clnt_oqskex_msg, clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != OQS_SUCCESS) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
             goto err;
         }

vendor/liboqs/.gitignore

@@ -36,6 +36,8 @@ include
 /test_sig
 /test_rand
 /test_aes
+/minimal_kex_oqs
+/minimal_sig_oqs
 
 # Debug files
 *.dSYM/
@@ -60,6 +62,7 @@ VisualStudio/**/*.user
 external
 !src/sig_picnic/external
 src/sig_picnic/external/build/**
+src/sig_picnic/external/msbuild/**
 /temp/
 
 # Travis files

vendor/liboqs/.travis-tests.sh

@@ -46,7 +46,7 @@ if [[ ${ENABLE_KEX_RLWE_NEWHOPE} == 0 ]];then
   enable_disable_str+=" --disable-kex-rlwe-newhope"
 fi
 
-if [[ ${ENABLE_KEX_SIDH_CLN16} == 0 ]];then
+if [[ ${ENABLE_KEX_SIDH_MSR} == 0 ]];then
   enable_disable_str+=" --disable-kex-sidh-cln16"
 fi
 

vendor/liboqs/.travis.yml

@@ -9,7 +9,7 @@ matrix:
     env:
     - ENABLE_SIDH_IQC_REF=1
     - ENABLE_KEX_LWE_FRODO=0
-    - ENABLE_KEX_SIDH_CLN16=0
+    - ENABLE_KEX_SIDH_MSR=0
     - ENABLE_SIG_PICNIC=0
     - USE_OPENSSL=1
     - ENABLE_KEX_RLWE_NEWHOPE_AVX2=1

vendor/liboqs/.travis/global-namespace-check.sh

@@ -1,15 +1,17 @@
 #!/bin/bash
 
-if [[ $(nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru|picnic|Keccak]') ]];
+REGEX=' T [_]?(OQS|ntru|picnic|Keccak|.*SIKEp503|.*SIDHp503|.*SIKEp751|.*SIDHp751|.*shake128|.*shake256|rand_bytes|cpu_supports|uint64_from_char_array|uint64_to_char_array|print_hex|ntt_double|rec|aligned_alloc|aligned_free)'
+
+if [[ $(nm -g liboqs.a | grep ' T ' | grep -E -v -i "$REGEX") ]];
 then
-	tput setaf 1;
-	echo "Code contains the following non-namespaced global symbols; see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for function naming conventions.";
-	tput sgr 0
-	nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru|picnic|Keccak]'
-	exit 1;
+    tput setaf 1;
+    echo "Code contains the following non-namespaced global symbols; see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for function naming conventions.";
+    tput sgr 0
+    nm -g liboqs.a | grep ' T ' | grep -E -v -i "$REGEX"
+    exit 1;
 else
-	tput setaf 2;
-	echo "Code adheres to the project standards (global namespace).";
-	tput sgr 0
-	exit 0;
+    tput setaf 2;
+    echo "Code adheres to the project standards (global namespace).";
+    tput sgr 0
+    exit 0;
 fi;

vendor/liboqs/Makefile.am

@@ -56,6 +56,7 @@ endif
 
 installheaderdir=$(includedir)/oqs
 installheader_HEADERS=config.h \
+	src/common/oqs.h \
 	src/common/common.h \
 	src/crypto/aes/aes.h \
 	src/crypto/rand/rand.h \
@@ -92,17 +93,20 @@ if USE_SIDH_IQC
 	cp src/kex_sidh_iqc_ref/kex_sidh_iqc_ref.h $(includedir)/oqs
 endif
 
-
-noinst_bin_PROGRAMS = test_rand test_kex test_aes
-
 libmerge_external.la:
 if USE_SIG_PICNIC
 	mkdir -p temp && cp liboqs.a temp/ && cp src/sig_picnic/external/build/libpicnic_static.a temp/
 	cd temp && ar x liboqs.a && ar x libpicnic_static.a && ar cr liboqs.a *.o && ranlib liboqs.a && mv liboqs.a ../.libs
 	cd .. && rm -rf temp
 endif
 
-noinst_bin_PROGRAMS = test_rand test_kex test_aes test_sig
+noinst_bin_PROGRAMS = test_kex test_aes test_rand
+if USE_KEX_LWE_FRODO
+noinst_bin_PROGRAMS += minimal_kex_oqs
+endif
+if USE_SIG_PICNIC
+noinst_bin_PROGRAMS += test_sig minimal_sig_oqs
+endif
 
 noinst_bindir=$(prefix)/tests
 test_kex_LDADD =  liboqs.la -lm
@@ -119,6 +123,7 @@ if USE_SIDH_IQC
 test_kex_LDADD += -L$(GMP_DIR)/lib -lgmp
 endif
 
+if USE_SIG_PICNIC
 test_sig_LDADD =  liboqs.la -lm
 test_sig_SOURCES = src/sig/test_sig.c
 test_sig_CPPFLAGS = -I./include
@@ -127,6 +132,33 @@ if USE_OPENSSL
 test_sig_LDADD += -L$(OPENSSL_DIR)/lib -lcrypto
 endif
 
+minimal_sig_oqs_LDADD =  liboqs.la -lm
+minimal_sig_oqs_SOURCES = src/sig/minimal_sig_oqs.c
+minimal_sig_oqs_CPPFLAGS = -I./include
+minimal_sig_oqs_CPPFLAGS += $(AM_CPPFLAGS)
+if USE_OPENSSL
+minimal_sig_oqs_LDADD += -L$(OPENSSL_DIR)/lib -lcrypto
+endif
+
+endif # USE_SIG_PICNIC
+
+if USE_KEX_LWE_FRODO
+minimal_kex_oqs_LDADD =  liboqs.la -lm
+minimal_kex_oqs_SOURCES = src/kex/minimal_kex_oqs.c
+minimal_kex_oqs_CPPFLAGS = -I./include
+minimal_kex_oqs_CPPFLAGS += $(AM_CPPFLAGS)
+if USE_MCBITS
+minimal_kex_oqs_LDADD += -L${SODIUM_DIR}/lib -lsodium
+endif
+if USE_OPENSSL
+minimal_kex_oqs_LDADD += -L$(OPENSSL_DIR)/lib -lcrypto
+endif
+if USE_SIDH_IQC
+minimal_kex_oqs_LDADD += -L$(GMP_DIR)/lib -lgmp
+endif
+
+endif # USE_KEX_LWE_FRODO
+
 test_aes_LDADD =  liboqs.la -lm
 test_aes_SOURCES = src/crypto/aes/test_aes.c
 test_aes_CPPFLAGS = -I./include
@@ -147,18 +179,26 @@ else
 if USE_AES_NI
 test_rand_CPPFLAGS += -maes -msse2
 endif
-endif
+endif # USE_OPENSSL
+
 
 test: clean-tests
 	make
 	./test_kex --quiet
 	./test_rand --quiet
 	./test_aes
+if USE_SIG_PICNIC
 	./test_sig
-
+	./minimal_sig_oqs
+endif
+if USE_KEX_LWE_FRODO
+	./minimal_kex_oqs
+endif
+
 links:
 	$(MKDIR_P) include/oqs
 	cp -f config.h include/oqs
+	cp -f src/common/oqs.h include/oqs
 	cp -f src/common/common.h include/oqs
 	cp -f src/crypto/aes/aes.h include/oqs
 	cp -f src/crypto/rand/rand.h include/oqs
@@ -190,13 +230,19 @@ endif
 clean-local:
 	rm -f liboqs.a
 	rm -rf include
+if USE_KEX_LWE_FRODO
+	rm -f minimal_kex_oqs
+endif
+if USE_SIG_PICNIC
+	rm -f test_sig
+	rm -f minimal_sig_oqs
+endif
 if USE_SIDH_IQC
 	rm -f sample_params
 endif
 
-
 clean-tests:
-	rm -f test_kex test_rand test_aes test_sig
+	rm -f test_kex test_rand test_aes
 
 prettyprint:
 	find src -name '*.c' -o -name '*.h' | grep -v sig_picnic/external* | grep -v "kex_rlwe_newhope/avx2" | grep -v "kex_sidh_msr" | xargs $(CLANGFORMAT) -style=file -i

vendor/liboqs/README.md

@@ -71,7 +71,8 @@ This will generate:
 - `test_aes`: A simple test harness for AES.  This will test the correctness of the C implementation (and of the AES-NI implementation, if not disabled) of AES, and will compare the speed of these implementations against OpenSSL's AES implementation.
 - `test_kex`: A simple test harness for the default key exchange algorithm.  This will output key exchange messages; indicate whether the parties agree on the session key or not over a large number of trials; and measure the distance of the sessions keys from uniform using statistical distance.
 - `test_sig`: A simple test harness for the signature algorithms.
-
+- `minimal_kex_oqs`: A minimal runnable example showing the usage of KEX API.
+- `minimal_sig_oqs`: A minimal runnable example showing the usage of SIG API.
 ### Running
 
 To run the tests, simply type:
@@ -172,7 +173,11 @@ Flags for all the configured algorithms are generated in config.h file.
 Building and running on Windows
 -------------------------------
 
-Windows binaries can be generated using the Visual Studio solution in the VisualStudio folder.  Builds have been tested on Windows 10.
+Windows binaries can be generated using the Visual Studio solution in the VisualStudio folder. Builds have been tested on Windows 10.
+
+CMake (https://cmake.org/download/) is required and must be installed before building the Visual Studio solution.
+
+The supported schemes are defined in the projects' winconfig.h file.
 
 McBits is disabled by default in the Visual Studio build; follow these steps to enable it:
 
@@ -181,8 +186,6 @@ McBits is disabled by default in the Visual Studio build; follow these steps to
 - Add the sodium "src/include" location to the "Additional Include Directories" in the oqs project C properties.
 - Add the libsodium library to the "Additional Dependencies" in the `test_kex` project Linker properties.
 
-Picnic is not currently supported in the Visual Studio build.
-
 Building for Android
 --------------------
 

vendor/liboqs/VisualStudio/liboqs.sln

@@ -20,6 +20,16 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test_sig", "test_sig\test_s
 		{DCFEFB81-4696-45D2-9FCA-351CCFC13C74} = {DCFEFB81-4696-45D2-9FCA-351CCFC13C74}
 	EndProjectSection
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minimal_kex_oqs", "minimal_kex_oqs\minimal_kex_oqs.vcxproj", "{52C06207-5AE8-460F-999F-1F4AF2E06B25}"
+	ProjectSection(ProjectDependencies) = postProject
+		{DCFEFB81-4696-45D2-9FCA-351CCFC13C74} = {DCFEFB81-4696-45D2-9FCA-351CCFC13C74}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minimal_sig_oqs", "minimal_sig_oqs\minimal_sig_oqs.vcxproj", "{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}"
+	ProjectSection(ProjectDependencies) = postProject
+		{DCFEFB81-4696-45D2-9FCA-351CCFC13C74} = {DCFEFB81-4696-45D2-9FCA-351CCFC13C74}
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|x64 = Debug|x64
@@ -96,6 +106,38 @@ Global
 		{990D1E9C-75E0-4E17-8514-6DA0858BC17C}.ReleaseDLL|x64.Build.0 = ReleaseDLL|x64
 		{990D1E9C-75E0-4E17-8514-6DA0858BC17C}.ReleaseDLL|x86.ActiveCfg = ReleaseDLL|Win32
 		{990D1E9C-75E0-4E17-8514-6DA0858BC17C}.ReleaseDLL|x86.Build.0 = ReleaseDLL|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Debug|x64.ActiveCfg = Debug|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Debug|x64.Build.0 = Debug|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Debug|x86.ActiveCfg = Debug|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Debug|x86.Build.0 = Debug|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.DebugDLL|x64.ActiveCfg = DebugDLL|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.DebugDLL|x64.Build.0 = DebugDLL|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.DebugDLL|x86.ActiveCfg = Debug|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.DebugDLL|x86.Build.0 = Debug|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Release|x64.ActiveCfg = Release|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Release|x64.Build.0 = Release|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Release|x86.ActiveCfg = Release|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.Release|x86.Build.0 = Release|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.ReleaseDLL|x64.ActiveCfg = ReleaseDLL|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.ReleaseDLL|x64.Build.0 = ReleaseDLL|x64
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.ReleaseDLL|x86.ActiveCfg = Release|Win32
+		{52C06207-5AE8-460F-999F-1F4AF2E06B25}.ReleaseDLL|x86.Build.0 = Release|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Debug|x64.ActiveCfg = Debug|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Debug|x64.Build.0 = Debug|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Debug|x86.ActiveCfg = Debug|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Debug|x86.Build.0 = Debug|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.DebugDLL|x64.ActiveCfg = DebugDLL|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.DebugDLL|x64.Build.0 = DebugDLL|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.DebugDLL|x86.ActiveCfg = Debug|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.DebugDLL|x86.Build.0 = Debug|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Release|x64.ActiveCfg = Release|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Release|x64.Build.0 = Release|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Release|x86.ActiveCfg = Release|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.Release|x86.Build.0 = Release|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.ReleaseDLL|x64.ActiveCfg = ReleaseDLL|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.ReleaseDLL|x64.Build.0 = ReleaseDLL|x64
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.ReleaseDLL|x86.ActiveCfg = Release|Win32
+		{0B75FD61-D29F-43FE-9D6D-EDE3B5289C66}.ReleaseDLL|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE