From 160c0a967538fbba10e6c0ecb283566da39c1d2f Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Sun, 24 Mar 2024 21:21:34 -0400 Subject: [PATCH 1/2] Remove NIST KAT random APIs In cc453db4a6e02d97bf5fc974840ace881ffa6da1 of liboqs, NIST KAT random helpers were removed from the public API interface of liboqs, causing liboqs-go to fail to build. Remove these functions as there's no way to support them anymore (and likely don't have much value). Signed-off-by: Alexander Scheel --- examples/rand/rand.go | 16 ++-------------- oqs/rand/rand.go | 24 ------------------------ 2 files changed, 2 insertions(+), 38 deletions(-) diff --git a/examples/rand/rand.go b/examples/rand/rand.go index b86170d..375673a 100644 --- a/examples/rand/rand.go +++ b/examples/rand/rand.go @@ -3,10 +3,11 @@ package main import ( "fmt" - "github.com/open-quantum-safe/liboqs-go/oqs" "log" "runtime" + "github.com/open-quantum-safe/liboqs-go/oqs" + oqsrand "github.com/open-quantum-safe/liboqs-go/oqs/rand" // RNG support ) @@ -22,19 +23,6 @@ func CustomRNG(randomArray []byte, bytesToRead int) { func main() { fmt.Println("liboqs version: " + oqs.LiboqsVersion()) - if err := oqsrand.RandomBytesSwitchAlgorithm("NIST-KAT"); err != nil { - log.Fatal(err) - } - // set the entropy seed to some values - var entropySeed [48]byte - for i := 0; i < 48; i++ { - entropySeed[i] = byte(i) - } - if err := oqsrand.RandomBytesNistKatInit256bit(entropySeed, nil); err != nil { - log.Fatal(err) - } - fmt.Printf("%-18s% X\n", "NIST-KAT: ", oqsrand.RandomBytes(32)) - if err := oqsrand.RandomBytesCustomAlgorithm(CustomRNG); err != nil { log.Fatal(err) } diff --git a/oqs/rand/rand.go b/oqs/rand/rand.go index 155cc5e..b0edd46 100644 --- a/oqs/rand/rand.go +++ b/oqs/rand/rand.go @@ -72,30 +72,6 @@ func RandomBytesSwitchAlgorithm(algName string) error { return nil } -// RandomBytesNistKatInit256bit initializes the NIST DRBG with the entropyInput -// seed, which must be 48 exactly bytes long. The personalizationString is an -// optional personalization string, which, if non-empty, must be at least 48 -// bytes long. The security parameter is 256 bits. -func RandomBytesNistKatInit256bit(entropyInput [48]byte, - personalizationString []byte) error { - lenStr := len(personalizationString) - if lenStr > 0 { - if lenStr < 48 { - return errors.New("the personalization string must be either " + - "empty or at least 48 bytes long") - } - - C.OQS_randombytes_nist_kat_init_256bit( - (*C.uint8_t)(unsafe.Pointer(&entropyInput[0])), - (*C.uint8_t)(unsafe.Pointer(&personalizationString[0]))) - return nil - } - C.OQS_randombytes_nist_kat_init_256bit( - (*C.uint8_t)(unsafe.Pointer(&entropyInput[0])), - (*C.uint8_t)(unsafe.Pointer(nil))) - return nil -} - // RandomBytesCustomAlgorithm switches RandomBytes to use the given function. // This allows additional custom RNGs besides the provided ones. The provided // RNG function must have the same signature as RandomBytesInPlace, From 48119c422d891cec1c1e0f6f71c2b52e9a840059 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Sun, 24 Mar 2024 21:25:29 -0400 Subject: [PATCH 2/2] Fix tests with newer Go versions This uses fmt.Sprintf("%v", ...) to format numbers; per newer Go toolchain versions: > conversion from int to string yields a string of one rune, > not a string of digits (did you mean fmt.Sprint(x)?) This fixes `go test ./...`. Signed-off-by: Alexander Scheel --- examples/client_server_kem/client/client_kem.go | 4 ++-- examples/client_server_kem/server/server_kem.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/client_server_kem/client/client_kem.go b/examples/client_server_kem/client/client_kem.go index 5bd904c..636d401 100644 --- a/examples/client_server_kem/client/client_kem.go +++ b/examples/client_server_kem/client/client_kem.go @@ -64,8 +64,8 @@ func main() { log.Fatal(err) } else if n != client.Details().LengthCiphertext { log.Fatal(errors.New("client expected to read " + - string(client.Details().LengthCiphertext) + " bytes, but instead " + - "read " + string(n))) + fmt.Sprintf("%v", client.Details().LengthCiphertext) + " bytes, but instead " + + "read " + fmt.Sprintf("%v", n))) } // decapsulate the secret and extract the shared secret diff --git a/examples/client_server_kem/server/server_kem.go b/examples/client_server_kem/server/server_kem.go index 4fbc56e..8318324 100644 --- a/examples/client_server_kem/server/server_kem.go +++ b/examples/client_server_kem/server/server_kem.go @@ -97,8 +97,8 @@ func handleConnection(conn net.Conn, kemName string) { log.Fatal(err) } else if n != server.Details().LengthPublicKey { log.Fatal(errors.New("server expected to read " + - string(server.Details().LengthPublicKey) + " bytes, but instead " + - "read " + string(n))) + fmt.Sprintf("%v", server.Details().LengthPublicKey) + " bytes, but instead " + + "read " + fmt.Sprintf("%v", n))) } // encapsulate the secret @@ -112,8 +112,8 @@ func handleConnection(conn net.Conn, kemName string) { if err != nil { log.Fatal(err) } else if n != server.Details().LengthCiphertext { - log.Fatal(errors.New("server expected to write " + string(server. - Details().LengthCiphertext) + " bytes, but instead wrote " + string(n))) + log.Fatal(errors.New("server expected to write " + fmt.Sprintf("%v", server. + Details().LengthCiphertext) + " bytes, but instead wrote " + fmt.Sprintf("%v", n))) } log.Printf("\nConnection #%d - server shared secret:\n% X ... % X\n\n",