Skip to content

Prepare v0.11.0 release#8

Merged
romen merged 65 commits into
QUBIP:masterfrom
romen:nt/relprep/0.11.0
Apr 28, 2026
Merged

Prepare v0.11.0 release#8
romen merged 65 commits into
QUBIP:masterfrom
romen:nt/relprep/0.11.0

Conversation

@romen

@romen romen commented Apr 28, 2026

Copy link
Copy Markdown
Member

0.11.0 - 2026-04-28

⚠ BREAKING CHANGES

  • (propquery) provider=aurora is now set on all algorithms
  • (propquery) x.author=QUBIP instead of x.author='QUBIP'
  • (propquery) aurora.adapter=<adapter> instead of x.qubip.adapter='<adapter>'

🚀 Features

  • (helpers) Add concat_cstr macro for const CStr composition
  • Allow a selection flag of 0 in decoders
  • Don't panic on wrong size in load()
  • (pqclean) Support decoding of seed and both private key formats for pure ML-DSA
  • (pqclean) Don't panic on unsupported composite private key encodings
  • (pqclean) Re-derive expanded key from seed and ensure it matches the decoded one
  • (provider) Add new mldsa-native-rs adapter
  • (provider) Use mldsa_native instead of pqclean among default adapters
  • (adapters/common) Implement TryFrom<&[u8; N]> for Signature
  • (mldsa_native) Implement decoding of both-seed-and-expanded DER private key format for pure MLDSA
  • (mldsa_native) Re-derive expanded key from seed and ensure it matches the decoded one
  • (mldsa_native, pqclean) Add ASN.1 definitions for composite ML-DSA keys
  • (mldsa_native) Implement v0.9-compatible composite ASN.1 encodings
  • (pqclean) Make seed optional in MLDSA and composites
  • (pqclean) Enable OSSL_FUNC_SIGNATURE_SIGN/VERIFY in dispatch table
  • (rustcrypto) Enable OSSL_FUNC_SIGNATURE_SIGN/VERIFY in dispatch table
  • (slhdsa_c) Enable OSSL_FUNC_SIGNATURE_SIGN/VERIFY in dispatch table
  • (mldsa_native) Enable OSSL_FUNC_SIGNATURE_SIGN/VERIFY in dispatch table

🐛 Bug Fixes

  • We must check for NULL before Box::from_raw
  • (docs) Reference FIPS 204 tables for ML-DSA const tests
  • (adapters/pqclean) Report correct ed25519 backend in description string
  • (mldsa_native) Encode pure MLDSA private keys with correct ASNPrivateKey variant
  • (build) Ensure build.rs reruns on ASN.1 file changes

🚜 Refactor

  • Replace LazyLock with OnceLock for CStr statics
  • (provider) Remove unused data field
  • Move helpers and macros to separate module
  • (provider) Add provider=aurora to property definitions
  • (adapters) Inherit property strings from parent modules
  • (properties) Remove quotes from property values
  • (properties) Remove x. prefix from qubip.adapter property
  • (adapters) Compose PROPERTY_DEFINITION with concat_cstr!
  • (properties) Rename qubip.adapter to aurora.adapter
  • (all adapters) Align common decoder and encoder logic across adapters

🧪 Testing

  • (openssl_certs) Ensure we actually verify the self-signature
  • Optionally skip difficult-to-satisfy ML-DSA privkey decoding wycheproof tests
  • Add CLI tests for sign/verify through pkeyutl
  • Make decode tests more generic
  • Add backward-compatibility tests for aurora v0.10.0 artifacts
  • Make the old list_all_algorithms test specific for transcoders
  • Add new basic test to list provided key managers
  • Add backward-compatibility tests for aurora v0.9.0 artifacts
  • Env-based cargo flags for integration test build
  • Test also with (non-default) pqclean adapter

romen and others added 30 commits February 18, 2026 19:48
Switch from `LazyLock` to `OnceLock` for static `CString` values in
`ProviderInstance` methods. This change improves compatibility and
clarifies intent, as `OnceLock` is now the preferred synchronization
primitive for single initialization. Also, update the initialization
logic to use instance fields where appropriate.


Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I160d558b871bb605732306c1f027a9926a6a6964
The `data` field in the `ProviderInstance` struct was unused and has been
removed to simplify the struct definition. Corresponding initialization
code has also been deleted.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ie274b00cd9c7dfbedfca93eaf6775dda6a6a6964
Moved common macros and helper functions (such as `handleResult!`, 
`function_path!`, and logging utilities) from `lib.rs` into a new 
`helpers.rs` module. This improves code organization and reusability. 
Updated imports and macro usages accordingly.

Also added an `examine_core_parameters` function to the new helpers
module.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: If4c85b581f92e59019bf200b8ef25d346a6a6964
Update all property definition strings to remove single quotes around
property values (e.g., x.author=QUBIP instead of x.author='QUBIP').
This affects encoder/decoder property constants, macro invocations,
and related test assertions.

The change aligns with more user friendly property string format: none
of the existing values required the adoption of single or double quotes,
and OpenSSL does not consistently treat quoted/unquoted strings as
equivalent when they have a valid canonical unquoted representation.


Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I96ef2a8b176070c33fbeab348b5bea576a6a6964
This commit updates all occurrences of the `x.qubip.adapter` property to
`qubip.adapter` across the codebase and tests.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I496a7dd5075b87bf2c3c36c1ee7a50df6a6a6964
Introduce the `concat_cstr` macro, leveraging the `constcat` crate, to
enable compile-time concatenation of `&CStr` and string literal segments
into a new `&'static CStr`. This macro ensures no runtime allocation,
full compile-time validation, and is useful for building hierarchical or
nested C string constants for FFI, logging, or property keys.

Also update dependencies in Cargo.toml and Cargo.lock to include
`constcat` and set the minimum Rust version to 1.85.
Refactor all adapter modules to compose their PROPERTY_DEFINITION
constants using concat_cstr! and a shared base property from the parent
module. This reduces duplication and ensures consistent property strings
across all adapters and transcoders. Updates macro usage and all
implementations to accept expressions for property definitions.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I976e416c2f287290727bbffabdb1d6e76a6a6964
Include "provider=aurora" in the root PROPERTY_DEFINITION to explicitly
identify the provider.

All adapters extend from this CStr and inherit the change.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ie4f11a733d53a17a007751b979dc06ba6a6a6964
Update all property definitions and related test assertions to use
`aurora.adapter` instead of `qubip.adapter`. This change ensures
consistency with the current project naming.


Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I37654522dcfb8538888da287fc2f39096a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I45243700381bcdf4301c9a993f006c636a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I8002de1bdd2cb72cacbfe4ae705e4ae36a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Icbf11cd4ccbd13a25ce84f82e79cb8846a6a6964
This does not change the test coverage or behavior, it just moves things
around in preparation for reusing the same "decode_tests" architecture
for different sources than the openssl 3.5 files we have now.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Idfa332578397b95d2b9e52309563e6bf6a6a6964
…ith aurora v0.10.0

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Iad6f016b2f0726c8412a0a0bb9b2cb616a6a6964
… v0.10.0 artifacts

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I79f121c3c3e8605822c61eaa5a9cf1386a6a6964
…roof tests

The "private key vector out of range" tests cover the case in which a
private key is malformed in a certain way, but none of the
implementations we use are capable of detecting that case, so for now we
manually skip those tests.
…struct

When generating a key, we now generate the seed ourselves (so that we
can store it), instead of relying on mldsa-native-rs's internal RNG.
If the openssl github link once pointed to a listing of what these
values should be, it doesn't anymore; better to cite the source.
ashaindlin and others added 23 commits April 21, 2026 16:35
…private key format for pure MLDSA

Doing it this way does mean that the expanded form of the key is
re-generated even though it's already available in the decoded data, but
it has the advantage of not requiring any API change in PrivateKey.
… for transcoders

The prior version of this test, essentially looking at the output of
`openssl list -all-algorithms` has been disabled for quite some time,
since the test was not particularly significant, given that the existing
regex only matched the listed output for encoders and decoders.

The fix here is to keep the regex, but make the intent of the test
specific for transcoders: as of OpenSSL 3.2.2 only transcoders are
listed alongside their registered properties, and we want to check
those.

We will add a new simpler tests in a separate commit, to check that our
provider provides at least one algorithm: we will list only key managers
and tailor the regex for that.

NOTE: consuming the output of `openssl list` is inherently fragile, as
      OpenSSL makes no promises about the output format of this tool!

Fixes: #12
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I5caaed6febdff03a954080d19c873cd46a6a6964
…managers

This test is simpler than the one on transcoders, which can check the
registered properties, but it can cover also algorithms that do not have
associated transcoders.

NOTE: consuming the output of `openssl list` is inherently fragile, as
      OpenSSL makes no promises about the output format of this tool!

Fixes: #12
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I7caa34cb6cddaf32430955a2d20417c96a6a6964
…ent module

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I144356d2495dea677f792f0d24ac978b6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I8216b2504adac800976097d1054f4b0a6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I41cb7ad9ebf0747174da0ee94c5709a76a6a6964
…able

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I0133144f53b9112fee3d803aa9ef6d806a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ic6399d714350350ac4fb3cea611e486f6a6a6964
… table

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I316f95ebb630cb8dd8f81732e52aa03a6a6a6964
This encoding is not actually from
<https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-sigs-19#name-asn1-module>.

The specified serialization format for composite ML-DSA keys is as raw bytes, not as ASN.1, but
since it's a common pattern in the aurora adapters to use rasn-generated types for encoding and
decoding, we have these for familiarity/uniformity.

Specifically, we need to maintain compatibility with the encodings used
in aurora v0.10.0.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I7335b0b91a89534a00f4793ebb651daf6a6a6964
Add `cargo:rerun-if-changed` for each ASN.1 file to ensure build.rs is
rerun when any ASN.1 source changes.
Also refactor to use an array for ASN.1 file paths and pass them
collectively to the rasn compiler.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I3e9269792ab4e963011c609f66f5ac726a6a6964
…or aurora v0.9.0 artifacts

⚠️  BROKEN! :This only adds the tests, which currently fail for Composite-MLDSA.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: If51f72ffba94d79581cef68f637bb9e56a6a6964
The `data/asn1/X509-Composite-ML-DSA-2025.asn` module now has a private
key definition that allows both the 0-tagged OCTET STRING encodings from
v0.10 and the default-tagged OCTET STRING encodings from v0.9 to be
decoded.

The constant `SECRETKEY_LEN` in the keymgmt modules has been split into
separate `SECRETKEY_{SEED,EXPANDED}_LEN` constants, and the
corresponding associated constant `PrivateKey::PQ_PRIVATE_KEY_LEN` has
been split into separate
`PrivateKey::PQ_PRIVATE_KEY_{SEED,EXPANDED}_LEN` constants.
`PrivateKey::byte_len()` has been split into
`PrivateKey::byte_len_{seed,expanded}()`.

`PrivateKey::encode()` has new helper functions for encoding each half
of the key.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I138e4107de6d6303bf64dffadea0643e6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ia1e357184fb0cadff316a8994eb3ea2b6a6a6964
For quite some time now, all integration tests trigger a `cargo build`
during setup to ensure the aurora cdylib exists and is up-to-date.

Because feature selection from `cargo test` is not passed through, we
use environment variables to control build flags:

- TEST_QUIET_BUILD: set to "0", "false", "no", or "off" to disable `--quiet` (default: enabled)
- TEST_NO_DEFAULT_FEATURES: set to "1", "true", "yes", or "on" to enable `--no-default-features`
- TEST_FEATURES: set to a comma-separated feature list to pass to `--features` (spaces are not supported)

This ad hoc system improves flexibility for integration test builds.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ic43fba7476ff13103128749aed10349e6a6a6964
* we add `jaq`, as a cargo-accessible alternative to `jq`)
* through `jaq` we evaluate the features.default list in Cargo.toml
* swap `mldsa_native_adapter` for `pqclean_adapter` in
  features.default_adapters
* use the resulting list to specify the alternative set of features
  which effectively is `default - mldsa_native_adapter +
  pqclean_adapter`


Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I529f77ebcd7c9f09ac9e42b2a2abf7cf6a6a6964
… adapters

Standardize decoder_functions.rs and encoder_functions.rs implementations
across all adapters and algorithms.
This ensures consistent handling of keypair decoding, public key
derivation, and logging.
Also, unify the addition of plain text encoders for private and public
keys where applicable.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: If93980644c56d83147c79b28a443939f6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ib036bc6930beb62360ced5eadb056ef76a6a6964
- Update the Digital Signatures table to reflect new default adapters.
- Update links and recommendations to refer newer version of drafts
  (only editorial changes, no technical changes)
  * draft-ietf-lamps-pq-composite-sigs-19
  * RFC 9909. This improves clarity and ensures documentation matches

This improves clarity and ensures documentation matches
current implementation and standards.

Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Id7740a565a35b4434d8b33e0d4ccb65c6a6a6964
@romen romen self-assigned this Apr 28, 2026
romen added 3 commits April 28, 2026 22:12
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Ic152a48c1b375da8299a5063e93869d96a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I70c05f06a3d0d5ade96e29d2d9c7a0756a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: Iba8238127e31a8f9052d568cd92dd0ee6a6a6964
@romen romen marked this pull request as ready for review April 28, 2026 19:27
@romen romen merged commit 7de8630 into QUBIP:master Apr 28, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants