open-quantum-safe / liboqs-go Goto Github PK

Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release.

The latest version of Go is 1.21.4. The version of Go used by liboqs-go is 1.15. Go 1.15 was released over 3 years ago on the 11th August 2020, and support ended over 2 years ago on the 16th August 2021.

A number of CVEs have been detected in Go versions 1.15 to 1.20. Please consider upgrading Go to latest version 1.21.4 to make use of security fixes.

https://go.dev/doc/devel/release#go1.21.minor

Getting error at the time of running example on macOS M2

➜  liboqs-go git:(main) ✗ go run examples/kem/kem.go
dyld[42155]: Library not loaded: @rpath/liboqs.5.dylib
  Referenced from: <DBF89507-DB7A-3F7C-9615-5772DFC7161B> /private/var/folders/rk/z7t2cqnn6xx5qrzcm2pfqkxh0000gn/T/go-build1068723308/b001/exe/kem
  Reason: no LC_RPATH's found
signal: abort trap

E.g., https://app.circleci.com/pipelines/github/open-quantum-safe/liboqs-go/67/workflows/ff6a4e56-dcca-40b8-819c-06e00fc85a4f/jobs/129

Shall we considering have a container image release on github?

If I pull the openquantumsafe/go from the docker hub on my AMD Ryzen 7 7700X, every test pass and the container is working.

If I do the same on my Intel Laptop with an Intel Core i7 10710U, the tests are not passing and I get the following error:

2023/01/10 19:03:20 Correctness -  HQC-256
SIGILL: illegal instruction
PC=0x7f59ab0a35c8 m=0 sigcode=2
signal arrived during cgo execution
instruction bytes: 0x62 0xf2 0x7d 0x28 0x7c 0xc7 0x62 0xf3 0x65 0x28 0x1f 0xc8 0x4 0x62 0xf3 0x5d

goroutine 35 [syscall]:
runtime.cgocall(0x4fc130, 0xc00016bca8)
        /usr/lib/go-1.18/src/runtime/cgocall.go:157 +0x5c fp=0xc00016bc80 sp=0xc00016bc48 pc=0x4069bc
github.com/open-quantum-safe/liboqs-go/oqs._Cfunc_OQS_KEM_keypair(0x2181460, 0xc00016e000, 0xc000170000)
        _cgo_gotypes.go:199 +0x4c fp=0xc00016bca8 sp=0xc00016bc80 pc=0x4f566c
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair.func1(0xc00016bd18?, {0xc00016e000, 0xc0001120a0?, 0x2?})
        /home/liboqs-go/oqs/oqs.go:175 +0x76 fp=0xc00016bce8 sp=0xc00016bca8 pc=0x4f68d6
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair(0xc00016be30)
        /home/liboqs-go/oqs/oqs.go:175 +0x94 fp=0xc00016bd28 sp=0xc00016bce8 pc=0x4f67d4
github.com/open-quantum-safe/liboqs-go/oqstests.testKEMCorrectness({0xc00012e050, 0x7}, 0x0, 0xc000105380)
        /home/liboqs-go/oqstests/kem_test.go:39 +0x1ec fp=0xc00016bec8 sp=0xc00016bd28 pc=0x4f84ac
github.com/open-quantum-safe/liboqs-go/oqstests.TestKeyEncapsulationCorrectness(0xc000105380)
        /home/liboqs-go/oqstests/kem_test.go:92 +0x3a5 fp=0xc00016bf70 sp=0xc00016bec8 pc=0x4f8fc5
testing.tRunner(0xc000105380, 0x536a10)
        /usr/lib/go-1.18/src/testing/testing.go:1439 +0x102 fp=0xc00016bfc0 sp=0xc00016bf70 pc=0x4b6f42
testing.(*T).Run.func1()
        /usr/lib/go-1.18/src/testing/testing.go:1486 +0x2a fp=0xc00016bfe0 sp=0xc00016bfc0 pc=0x4b7dea
runtime.goexit()
        /usr/lib/go-1.18/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00016bfe8 sp=0xc00016bfe0 pc=0x466d21
created by testing.(*T).Run
        /usr/lib/go-1.18/src/testing/testing.go:1486 +0x35f

goroutine 1 [chan receive]:
testing.(*T).Run(0xc0001051e0, {0x5319a5?, 0x4b6ca5?}, 0x536a10)
        /usr/lib/go-1.18/src/testing/testing.go:1487 +0x37a
testing.runTests.func1(0xc0001051e0?)
        /usr/lib/go-1.18/src/testing/testing.go:1839 +0x6e
testing.tRunner(0xc0001051e0, 0xc000050cd8)
        /usr/lib/go-1.18/src/testing/testing.go:1439 +0x102
testing.runTests(0xc000130140?, {0x5f8680, 0x7, 0x7}, {0x7f59aa6f2a68?, 0x40?, 0x0?})
        /usr/lib/go-1.18/src/testing/testing.go:1837 +0x457
testing.(*M).Run(0xc000130140)
        /usr/lib/go-1.18/src/testing/testing.go:1719 +0x5d9
main.main()
        _testmain.go:59 +0x1aa

rax    0x1f
rbx    0x7ffcc0e91260
rcx    0xd20fe8398e6f61c1
rdx    0x63
rdi    0x1af3
rsi    0x5b7708
rbp    0x7ffcc0e91210
rsp    0x7ffcc0e8e840
r8     0x0
r9     0x22141d0
r10    0x7f59aab844d0
r11    0xa97a873ed334c5a3
r12    0x189
r13    0x83
r14    0x20
r15    0x7ffcc0e8e860
rip    0x7f59ab0a35c8
rflags 0x10202
cs     0x33
fs     0x0
gs     0x0

Seems like the build is not portable. Maybe CPU information from the CI build system is leaking into the docker image.

The calling function cannot get the private key exported from the called function.
Bellow are my calling function (TestGenerateKeyPQC) and the called function(GenerateKeyPQC)，and I want to get the secretKey through GenerateKeyPQC，however, when I execute TestGenerateKeyPQC，I can not gain the secretKey.

func TestGenerateKeyPQC(t *testing.T) {
	sigName := "Dilithium2"
	sk := GenerateKeyPQC(sigName)
	fmt.Println("sk2: ", sk)
}

func GenerateKeyPQC(sigName string) []byte {
	signer := oqs.Signature{}
	defer signer.Clean() // clean up even in case of panic

	if err := signer.Init(sigName, nil); err != nil {
		log.Fatal(err)
	}

	signer.GenerateKeyPair()
	sk := signer.ExportSecretKey()
	fmt.Println("sk: ", sk)
	return sk
}

here is the result, if anyone know what is wrong with the code, please tell me, i am really appreciate.

Hi, is there any way to use my code with custom signer from OQS library?

I am getting the following error:

Error creating certificate: x509: certificate private key does not implement crypto.Signer

Here is my code:

package main

import (
	"crypto/rand"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"fmt"
	"math/big"
	"os"
	"time"

	"github.com/open-quantum-safe/liboqs-go/oqs"
)

func generateDilithium2KeyPair() ([]byte, []byte, error) {
	// Initialize liboqs
	quantumKeys := oqs.Signature{}
	defer quantumKeys.Clean()

	// Initialize liboqs-go
	err := quantumKeys.Init("Dilithium2", nil)
	if err != nil {
		return nil, nil, fmt.Errorf("Error initializing liboqs-go: %v", err)
	}

	// Generate key pair
	publicKey, err := quantumKeys.GenerateKeyPair()
	if err != nil {
		return nil, nil, fmt.Errorf("Error generating key pair: %v", err)
	}

	// Export private key
	privateKey := quantumKeys.ExportSecretKey()

	return publicKey, privateKey, nil
}

func generateCertificate(publicKey []byte, privateKey []byte) ([]byte, error) {

	// Create a self-signed certificate
	template := x509.Certificate{
		SerialNumber:          big.NewInt(1),
		Subject:               pkix.Name{CommonName: "Dilithium Cert"},
		NotBefore:             time.Now(),                           // Valid from the start
		NotAfter:              time.Now().Add(365 * 24 * time.Hour), // Valid for 1 year
		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		BasicConstraintsValid: true,
	}

	fmt.Println("Getting error at this step.")
	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey, privateKey)
	if err != nil {
		return nil, fmt.Errorf("Error creating certificate: %v", err)
	}

	return certDER, nil
}

func main() {
	// Step 1: Generate Dilithium2 Key Pair
	publicKey, privateKey, err := generateDilithium2KeyPair()
	if err != nil {
		fmt.Println(err)
		return
	}

	// Step 2: Generate X.509 Certificate
	certDER, err := generateCertificate(publicKey, privateKey)
	if err != nil {
		fmt.Println(err)
		return
	}

	// Step 3: Save Certificate to a file
	certFile, err := os.Create("example.crt")
	if err != nil {
		fmt.Println("Error creating certificate file:", err)
		return
	}
	defer certFile.Close()

	pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})

	fmt.Println("Certificate generated successfully.")
}

Dear OQS team,

I have the following code:

	signer := oqs.Signature{}
	defer signer.Clean()
	if err := signer.Init(sigName, nil); err != nil {
		log.Fatal(err)
	}
	publicKey, err := signer.GenerateKeyPair()
	if err != nil {
		log.Fatal(err)
	}
	secretKey := signer.ExportSecretKey()

	fmt.Printf("\nSecret key:\n% X ... % X\n", secretKey[0:8], secretKey[len(secretKey)-8:])
	fmt.Printf("\nPublic key:\n% X ... % X\n", publicKey[0:8], publicKey[len(publicKey)-8:])

I am confused as to why the output the value of secretKey is always 00 00 00 ... whereas the publicKey variable is always randomly generated, e.g. 09 19 5D ... It seems that providing a []byte to signer.Init() as the second argument makes no difference in this case.

I thought that GenerateKeyPair() would generate both a private key and a public key. Am I wrong about this? Sorry if this is an obvious mistake, I am new to Go and cryptography in general.

Using Windows 10 64-bit and 1.15.2 64-bit.

• Taimoor

Here is my env:
win10 x64
go ver: 1.18.1
cgo:msys Mingw64-gcc
liboqs built from msvc 2019 with SHARDE-LIB=ON
cmd:$ go run example\kem\kem.go
code:
examples/kem/kem.go:line16
kemName := "Classic-McEliece-348864"
I tried to set GOGC=800 but didn't work, meanwhile other kem schemes worked just fine

Output:
Enabled KEMs:
[Classic-McEliece-348864 Classic-McEliece-348864f Classic-McEliece-460896 Classic-McEliece-460896f Classic-McEliece-6688128 Classic-McEliece-6688128f Classic-McEliece-6960119 Classic-McEliece-6960119f Classic-McEliece-8192128 Classic-McEliece-8192128f HQC-128 HQC-192 HQC-256 Kyber512 Kyber768 Kyber1024 Kyber512-90s Kyber768-90s Kyber1024-90s NTRU-HPS-2048-509 NTRU-HPS-2048-677 NTRU-HPS-4096-821 NTRU-HPS-4096-1229 NTRU-HRSS-701 NTRU-HRSS-1373 ntrulpr653 ntrulpr761 ntrulpr857 ntrulpr1277 sntrup653 sntrup761 sntrup857 sntrup1277 LightSaber-KEM Saber-KEM FireSaber-KEM FrodoKEM-640-AES FrodoKEM-640-SHAKE FrodoKEM-976-AES FrodoKEM-976-SHAKE FrodoKEM-1344-AES FrodoKEM-1344-SHAKE SIDH-p434 SIDH-p503 SIDH-p610 SIDH-p751 SIDH-p434-compressed SIDH-p503-compressed SIDH-p610-compressed SIDH-p751-compressed SIKE-p434 SIKE-p503 SIKE-p610 SIKE-p751 SIKE-p434-compressed SIKE-p503-compressed SIKE-p610-compressed SIKE-p751-compressed]
Exception 0xc00000fd 0x1 0xdf34003000 0x7fff6e1e2a67
PC=0x7fff6e1e2a67
signal arrived during external code execution

runtime.cgocall(0x7ff78ca788e0, 0xc00014bc18)
D:/dev/Go/src/runtime/cgocall.go:157 +0x4a fp=0xc00014bbf0 sp=0xc00014bbb8 pc=0x7ff78c9e378a
github.com/open-quantum-safe/liboqs-go/oqs._Cfunc_OQS_KEM_keypair(0x286712750c0, 0xc000180000, 0xc000174000)
_cgo_gotypes.go:197 +0x5a fp=0xc00014bc18 sp=0xc00014bbf0 pc=0x7ff78ca7617a
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair.func1(0xc00014bca8?, {0xc000180000, 0xc00014e008?, 0xc000164000?})
D:/dev/src/golang/liboqs-go-0.7.1/oqs/oqs.go:170 +0x76 fp=0xc00014bc58 sp=0xc00014bc18 pc=0x7ff78ca771d6
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair(0xc00014bef0)
D:/dev/src/golang/liboqs-go-0.7.1/oqs/oqs.go:170 +0x94 fp=0xc00014bcb8 sp=0xc00014bc58 pc=0x7ff78ca77094
main.main()
D:/dev/src/golang/liboqs-go-0.7.1/examples/kem/kem.go:24 +0x1b2 fp=0xc00014bf80 sp=0xc00014bcb8 pc=0x7ff78ca780f2
runtime.main()
D:/dev/Go/src/runtime/proc.go:250 +0x1fe fp=0xc00014bfe0 sp=0xc00014bf80 pc=0x7ff78ca168be
runtime.goexit()
D:/dev/Go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00014bfe8 sp=0xc00014bfe0 pc=0x7ff78ca3d2e1
rax 0x2c0b0
rbx 0x5800
rcx 0x1
rdi 0xdf34019120
rsi 0x2
rbp 0xdf33fe50e0
rsp 0xdf34011078
r8 0x800
r9 0x5800
r10 0xdf33fe4000
r11 0xdf34003000
r12 0x800
r13 0x400
r14 0x2
r15 0x2
rip 0x7fff6e1e2a67
rflags 0x10287
cs 0x33
fs 0x53
gs 0x2b

The pacman command should have just a single S - pacman -Ss mingw64/mingw-w64-x86_64-gcc mingw64/mingw-w64-x86_64-pkg-config. the second s searches and doesn't install.

Hi team,

May I know do we have any plan to use buildx to provide docker build for Mac M1?
as when I try to run docker build, some apt package is out of date.

#5 145.0 However the following packages replace it:
#5 145.0    git-svn
#5 145.0 
#5 145.0 E: Version '1:2.34.1-1ubuntu1.5' for 'git' was not found
------
executor failed running [/bin/sh -c apt-get update && apt-get install --no-install-recommends -y   ca-certificates=20211016 -V   gcc=4:11.2.0-1ubuntu1 -V   gcc-multilib=4:11.2.0-1ubuntu1 -V   git=1:2.34.1-1ubuntu1.5 -V   golang=2:1.18~0ubuntu2 -V   pkg-config=0.29.2-1ubuntu3 -V && apt-get clean && rm -rf /var/lib/apt/lists/*]: exit code: 100

and according to go version def, maybe we can update go version to 1.18 or 1.20?
https://github.com/open-quantum-safe/liboqs-go/blob/main/go.mod#L3

Does liboqs-go support static linking against liboqs?

I would like to build a statically linked Go executable without external depdendencies..

Hi,

I have been using ECDSA.go and elliptic.curve. In these libraries there is an interface to enable easier usage of public and private keys. This could be useful to allow coding irrespective of the size and types of input for public and private keys.

crypto/eliptic

type Curve interface {
// Params returns the parameters for the curve.
Params() *CurveParams
// IsOnCurve reports whether the given (x,y) lies on the curve.
IsOnCurve(x, y *big.Int) bool
// Add returns the sum of (x1,y1) and (x2,y2)
Add(x1, y1, x2, y2 *big.Int) (x, y big.Int)
// Double returns 2(x,y)
Double(x1, y1 *big.Int) (x, y big.Int)
// ScalarMult returns k(Bx,By) where k is a number in big-endian form.
ScalarMult(x1, y1 *big.Int, k []byte) (x, y big.Int)
// ScalarBaseMult returns kG, where G is the base point of the group
// and k is an integer in big-endian form.
ScalarBaseMult(k []byte) (x, y *big.Int)
}

ECDSA

import "crypto/ecdsa"

type PublicKey struct {
elliptic.Curve
X, Y *big.Int
}

Could add interface to oqs.go