open-quantum-safe / liboqs-go Goto Github PK
View Code? Open in Web Editor NEWGo bindings for liboqs
Home Page: https://openquantumsafe.org/
License: MIT License
Go bindings for liboqs
Home Page: https://openquantumsafe.org/
License: MIT License
Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release.
The latest version of Go is 1.21.4. The version of Go used by liboqs-go is 1.15. Go 1.15 was released over 3 years ago on the 11th August 2020, and support ended over 2 years ago on the 16th August 2021.
A number of CVEs have been detected in Go versions 1.15 to 1.20. Please consider upgrading Go to latest version 1.21.4 to make use of security fixes.
Getting error at the time of running example on macOS M2
➜ liboqs-go git:(main) ✗ go run examples/kem/kem.go
dyld[42155]: Library not loaded: @rpath/liboqs.5.dylib
Referenced from: <DBF89507-DB7A-3F7C-9615-5772DFC7161B> /private/var/folders/rk/z7t2cqnn6xx5qrzcm2pfqkxh0000gn/T/go-build1068723308/b001/exe/kem
Reason: no LC_RPATH's found
signal: abort trap
Shall we considering have a container image release on github?
If I pull the openquantumsafe/go from the docker hub on my AMD Ryzen 7 7700X, every test pass and the container is working.
If I do the same on my Intel Laptop with an Intel Core i7 10710U, the tests are not passing and I get the following error:
2023/01/10 19:03:20 Correctness - HQC-256
SIGILL: illegal instruction
PC=0x7f59ab0a35c8 m=0 sigcode=2
signal arrived during cgo execution
instruction bytes: 0x62 0xf2 0x7d 0x28 0x7c 0xc7 0x62 0xf3 0x65 0x28 0x1f 0xc8 0x4 0x62 0xf3 0x5d
goroutine 35 [syscall]:
runtime.cgocall(0x4fc130, 0xc00016bca8)
/usr/lib/go-1.18/src/runtime/cgocall.go:157 +0x5c fp=0xc00016bc80 sp=0xc00016bc48 pc=0x4069bc
github.com/open-quantum-safe/liboqs-go/oqs._Cfunc_OQS_KEM_keypair(0x2181460, 0xc00016e000, 0xc000170000)
_cgo_gotypes.go:199 +0x4c fp=0xc00016bca8 sp=0xc00016bc80 pc=0x4f566c
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair.func1(0xc00016bd18?, {0xc00016e000, 0xc0001120a0?, 0x2?})
/home/liboqs-go/oqs/oqs.go:175 +0x76 fp=0xc00016bce8 sp=0xc00016bca8 pc=0x4f68d6
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair(0xc00016be30)
/home/liboqs-go/oqs/oqs.go:175 +0x94 fp=0xc00016bd28 sp=0xc00016bce8 pc=0x4f67d4
github.com/open-quantum-safe/liboqs-go/oqstests.testKEMCorrectness({0xc00012e050, 0x7}, 0x0, 0xc000105380)
/home/liboqs-go/oqstests/kem_test.go:39 +0x1ec fp=0xc00016bec8 sp=0xc00016bd28 pc=0x4f84ac
github.com/open-quantum-safe/liboqs-go/oqstests.TestKeyEncapsulationCorrectness(0xc000105380)
/home/liboqs-go/oqstests/kem_test.go:92 +0x3a5 fp=0xc00016bf70 sp=0xc00016bec8 pc=0x4f8fc5
testing.tRunner(0xc000105380, 0x536a10)
/usr/lib/go-1.18/src/testing/testing.go:1439 +0x102 fp=0xc00016bfc0 sp=0xc00016bf70 pc=0x4b6f42
testing.(*T).Run.func1()
/usr/lib/go-1.18/src/testing/testing.go:1486 +0x2a fp=0xc00016bfe0 sp=0xc00016bfc0 pc=0x4b7dea
runtime.goexit()
/usr/lib/go-1.18/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00016bfe8 sp=0xc00016bfe0 pc=0x466d21
created by testing.(*T).Run
/usr/lib/go-1.18/src/testing/testing.go:1486 +0x35f
goroutine 1 [chan receive]:
testing.(*T).Run(0xc0001051e0, {0x5319a5?, 0x4b6ca5?}, 0x536a10)
/usr/lib/go-1.18/src/testing/testing.go:1487 +0x37a
testing.runTests.func1(0xc0001051e0?)
/usr/lib/go-1.18/src/testing/testing.go:1839 +0x6e
testing.tRunner(0xc0001051e0, 0xc000050cd8)
/usr/lib/go-1.18/src/testing/testing.go:1439 +0x102
testing.runTests(0xc000130140?, {0x5f8680, 0x7, 0x7}, {0x7f59aa6f2a68?, 0x40?, 0x0?})
/usr/lib/go-1.18/src/testing/testing.go:1837 +0x457
testing.(*M).Run(0xc000130140)
/usr/lib/go-1.18/src/testing/testing.go:1719 +0x5d9
main.main()
_testmain.go:59 +0x1aa
rax 0x1f
rbx 0x7ffcc0e91260
rcx 0xd20fe8398e6f61c1
rdx 0x63
rdi 0x1af3
rsi 0x5b7708
rbp 0x7ffcc0e91210
rsp 0x7ffcc0e8e840
r8 0x0
r9 0x22141d0
r10 0x7f59aab844d0
r11 0xa97a873ed334c5a3
r12 0x189
r13 0x83
r14 0x20
r15 0x7ffcc0e8e860
rip 0x7f59ab0a35c8
rflags 0x10202
cs 0x33
fs 0x0
gs 0x0
Seems like the build is not portable. Maybe CPU information from the CI build system is leaking into the docker image.
The calling function cannot get the private key exported from the called function.
Bellow are my calling function (TestGenerateKeyPQC) and the called function(GenerateKeyPQC),and I want to get the secretKey through GenerateKeyPQC,however, when I execute TestGenerateKeyPQC,I can not gain the secretKey.
func TestGenerateKeyPQC(t *testing.T) {
sigName := "Dilithium2"
sk := GenerateKeyPQC(sigName)
fmt.Println("sk2: ", sk)
}
func GenerateKeyPQC(sigName string) []byte {
signer := oqs.Signature{}
defer signer.Clean() // clean up even in case of panic
if err := signer.Init(sigName, nil); err != nil {
log.Fatal(err)
}
signer.GenerateKeyPair()
sk := signer.ExportSecretKey()
fmt.Println("sk: ", sk)
return sk
}
here is the result, if anyone know what is wrong with the code, please tell me, i am really appreciate.
Hi, is there any way to use my code with custom signer from OQS library?
I am getting the following error:
Error creating certificate: x509: certificate private key does not implement crypto.Signer
Here is my code:
package main
import (
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"os"
"time"
"github.com/open-quantum-safe/liboqs-go/oqs"
)
func generateDilithium2KeyPair() ([]byte, []byte, error) {
// Initialize liboqs
quantumKeys := oqs.Signature{}
defer quantumKeys.Clean()
// Initialize liboqs-go
err := quantumKeys.Init("Dilithium2", nil)
if err != nil {
return nil, nil, fmt.Errorf("Error initializing liboqs-go: %v", err)
}
// Generate key pair
publicKey, err := quantumKeys.GenerateKeyPair()
if err != nil {
return nil, nil, fmt.Errorf("Error generating key pair: %v", err)
}
// Export private key
privateKey := quantumKeys.ExportSecretKey()
return publicKey, privateKey, nil
}
func generateCertificate(publicKey []byte, privateKey []byte) ([]byte, error) {
// Create a self-signed certificate
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{CommonName: "Dilithium Cert"},
NotBefore: time.Now(), // Valid from the start
NotAfter: time.Now().Add(365 * 24 * time.Hour), // Valid for 1 year
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
fmt.Println("Getting error at this step.")
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey, privateKey)
if err != nil {
return nil, fmt.Errorf("Error creating certificate: %v", err)
}
return certDER, nil
}
func main() {
// Step 1: Generate Dilithium2 Key Pair
publicKey, privateKey, err := generateDilithium2KeyPair()
if err != nil {
fmt.Println(err)
return
}
// Step 2: Generate X.509 Certificate
certDER, err := generateCertificate(publicKey, privateKey)
if err != nil {
fmt.Println(err)
return
}
// Step 3: Save Certificate to a file
certFile, err := os.Create("example.crt")
if err != nil {
fmt.Println("Error creating certificate file:", err)
return
}
defer certFile.Close()
pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
fmt.Println("Certificate generated successfully.")
}
Dear OQS team,
I have the following code:
signer := oqs.Signature{}
defer signer.Clean()
if err := signer.Init(sigName, nil); err != nil {
log.Fatal(err)
}
publicKey, err := signer.GenerateKeyPair()
if err != nil {
log.Fatal(err)
}
secretKey := signer.ExportSecretKey()
fmt.Printf("\nSecret key:\n% X ... % X\n", secretKey[0:8], secretKey[len(secretKey)-8:])
fmt.Printf("\nPublic key:\n% X ... % X\n", publicKey[0:8], publicKey[len(publicKey)-8:])
I am confused as to why the output the value of secretKey
is always 00 00 00 ...
whereas the publicKey
variable is always randomly generated, e.g. 09 19 5D ...
It seems that providing a []byte
to signer.Init()
as the second argument makes no difference in this case.
I thought that GenerateKeyPair()
would generate both a private key and a public key. Am I wrong about this? Sorry if this is an obvious mistake, I am new to Go and cryptography in general.
Using Windows 10 64-bit and 1.15.2 64-bit.
Here is my env:
win10 x64
go ver: 1.18.1
cgo:msys Mingw64-gcc
liboqs built from msvc 2019 with SHARDE-LIB=ON
cmd:$ go run example\kem\kem.go
code:
examples/kem/kem.go:line16
kemName := "Classic-McEliece-348864"
I tried to set GOGC=800 but didn't work, meanwhile other kem schemes worked just fine
Output:
Enabled KEMs:
[Classic-McEliece-348864 Classic-McEliece-348864f Classic-McEliece-460896 Classic-McEliece-460896f Classic-McEliece-6688128 Classic-McEliece-6688128f Classic-McEliece-6960119 Classic-McEliece-6960119f Classic-McEliece-8192128 Classic-McEliece-8192128f HQC-128 HQC-192 HQC-256 Kyber512 Kyber768 Kyber1024 Kyber512-90s Kyber768-90s Kyber1024-90s NTRU-HPS-2048-509 NTRU-HPS-2048-677 NTRU-HPS-4096-821 NTRU-HPS-4096-1229 NTRU-HRSS-701 NTRU-HRSS-1373 ntrulpr653 ntrulpr761 ntrulpr857 ntrulpr1277 sntrup653 sntrup761 sntrup857 sntrup1277 LightSaber-KEM Saber-KEM FireSaber-KEM FrodoKEM-640-AES FrodoKEM-640-SHAKE FrodoKEM-976-AES FrodoKEM-976-SHAKE FrodoKEM-1344-AES FrodoKEM-1344-SHAKE SIDH-p434 SIDH-p503 SIDH-p610 SIDH-p751 SIDH-p434-compressed SIDH-p503-compressed SIDH-p610-compressed SIDH-p751-compressed SIKE-p434 SIKE-p503 SIKE-p610 SIKE-p751 SIKE-p434-compressed SIKE-p503-compressed SIKE-p610-compressed SIKE-p751-compressed]
Exception 0xc00000fd 0x1 0xdf34003000 0x7fff6e1e2a67
PC=0x7fff6e1e2a67
signal arrived during external code execution
runtime.cgocall(0x7ff78ca788e0, 0xc00014bc18)
D:/dev/Go/src/runtime/cgocall.go:157 +0x4a fp=0xc00014bbf0 sp=0xc00014bbb8 pc=0x7ff78c9e378a
github.com/open-quantum-safe/liboqs-go/oqs._Cfunc_OQS_KEM_keypair(0x286712750c0, 0xc000180000, 0xc000174000)
_cgo_gotypes.go:197 +0x5a fp=0xc00014bc18 sp=0xc00014bbf0 pc=0x7ff78ca7617a
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair.func1(0xc00014bca8?, {0xc000180000, 0xc00014e008?, 0xc000164000?})
D:/dev/src/golang/liboqs-go-0.7.1/oqs/oqs.go:170 +0x76 fp=0xc00014bc58 sp=0xc00014bc18 pc=0x7ff78ca771d6
github.com/open-quantum-safe/liboqs-go/oqs.(*KeyEncapsulation).GenerateKeyPair(0xc00014bef0)
D:/dev/src/golang/liboqs-go-0.7.1/oqs/oqs.go:170 +0x94 fp=0xc00014bcb8 sp=0xc00014bc58 pc=0x7ff78ca77094
main.main()
D:/dev/src/golang/liboqs-go-0.7.1/examples/kem/kem.go:24 +0x1b2 fp=0xc00014bf80 sp=0xc00014bcb8 pc=0x7ff78ca780f2
runtime.main()
D:/dev/Go/src/runtime/proc.go:250 +0x1fe fp=0xc00014bfe0 sp=0xc00014bf80 pc=0x7ff78ca168be
runtime.goexit()
D:/dev/Go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc00014bfe8 sp=0xc00014bfe0 pc=0x7ff78ca3d2e1
rax 0x2c0b0
rbx 0x5800
rcx 0x1
rdi 0xdf34019120
rsi 0x2
rbp 0xdf33fe50e0
rsp 0xdf34011078
r8 0x800
r9 0x5800
r10 0xdf33fe4000
r11 0xdf34003000
r12 0x800
r13 0x400
r14 0x2
r15 0x2
rip 0x7fff6e1e2a67
rflags 0x10287
cs 0x33
fs 0x53
gs 0x2b
The pacman command should have just a single S - pacman -Ss mingw64/mingw-w64-x86_64-gcc mingw64/mingw-w64-x86_64-pkg-config. the second s searches and doesn't install.
Hi team,
May I know do we have any plan to use buildx to provide docker build for Mac M1?
as when I try to run docker build, some apt package is out of date.
#5 145.0 However the following packages replace it:
#5 145.0 git-svn
#5 145.0
#5 145.0 E: Version '1:2.34.1-1ubuntu1.5' for 'git' was not found
------
executor failed running [/bin/sh -c apt-get update && apt-get install --no-install-recommends -y ca-certificates=20211016 -V gcc=4:11.2.0-1ubuntu1 -V gcc-multilib=4:11.2.0-1ubuntu1 -V git=1:2.34.1-1ubuntu1.5 -V golang=2:1.18~0ubuntu2 -V pkg-config=0.29.2-1ubuntu3 -V && apt-get clean && rm -rf /var/lib/apt/lists/*]: exit code: 100
and according to go version def, maybe we can update go version to 1.18 or 1.20?
https://github.com/open-quantum-safe/liboqs-go/blob/main/go.mod#L3
Does liboqs-go support static linking against liboqs?
I would like to build a statically linked Go executable without external depdendencies..
Hi,
I have been using ECDSA.go and elliptic.curve. In these libraries there is an interface to enable easier usage of public and private keys. This could be useful to allow coding irrespective of the size and types of input for public and private keys.
crypto/eliptic
type Curve interface {
// Params returns the parameters for the curve.
Params() *CurveParams
// IsOnCurve reports whether the given (x,y) lies on the curve.
IsOnCurve(x, y *big.Int) bool
// Add returns the sum of (x1,y1) and (x2,y2)
Add(x1, y1, x2, y2 *big.Int) (x, y big.Int)
// Double returns 2(x,y)
Double(x1, y1 *big.Int) (x, y big.Int)
// ScalarMult returns k(Bx,By) where k is a number in big-endian form.
ScalarMult(x1, y1 *big.Int, k []byte) (x, y big.Int)
// ScalarBaseMult returns kG, where G is the base point of the group
// and k is an integer in big-endian form.
ScalarBaseMult(k []byte) (x, y *big.Int)
}
ECDSA
import "crypto/ecdsa"
type PublicKey struct {
elliptic.Curve
X, Y *big.Int
}
Could add interface to oqs.go
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.