Prepare v0.11.0 release#8
Merged
Merged
Conversation
Switch from `LazyLock` to `OnceLock` for static `CString` values in `ProviderInstance` methods. This change improves compatibility and clarifies intent, as `OnceLock` is now the preferred synchronization primitive for single initialization. Also, update the initialization logic to use instance fields where appropriate. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I160d558b871bb605732306c1f027a9926a6a6964
The `data` field in the `ProviderInstance` struct was unused and has been removed to simplify the struct definition. Corresponding initialization code has also been deleted. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ie274b00cd9c7dfbedfca93eaf6775dda6a6a6964
Moved common macros and helper functions (such as `handleResult!`, `function_path!`, and logging utilities) from `lib.rs` into a new `helpers.rs` module. This improves code organization and reusability. Updated imports and macro usages accordingly. Also added an `examine_core_parameters` function to the new helpers module. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: If4c85b581f92e59019bf200b8ef25d346a6a6964
Update all property definition strings to remove single quotes around property values (e.g., x.author=QUBIP instead of x.author='QUBIP'). This affects encoder/decoder property constants, macro invocations, and related test assertions. The change aligns with more user friendly property string format: none of the existing values required the adoption of single or double quotes, and OpenSSL does not consistently treat quoted/unquoted strings as equivalent when they have a valid canonical unquoted representation. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I96ef2a8b176070c33fbeab348b5bea576a6a6964
This commit updates all occurrences of the `x.qubip.adapter` property to `qubip.adapter` across the codebase and tests. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I496a7dd5075b87bf2c3c36c1ee7a50df6a6a6964
Introduce the `concat_cstr` macro, leveraging the `constcat` crate, to enable compile-time concatenation of `&CStr` and string literal segments into a new `&'static CStr`. This macro ensures no runtime allocation, full compile-time validation, and is useful for building hierarchical or nested C string constants for FFI, logging, or property keys. Also update dependencies in Cargo.toml and Cargo.lock to include `constcat` and set the minimum Rust version to 1.85.
Refactor all adapter modules to compose their PROPERTY_DEFINITION constants using concat_cstr! and a shared base property from the parent module. This reduces duplication and ensures consistent property strings across all adapters and transcoders. Updates macro usage and all implementations to accept expressions for property definitions. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I976e416c2f287290727bbffabdb1d6e76a6a6964
Include "provider=aurora" in the root PROPERTY_DEFINITION to explicitly identify the provider. All adapters extend from this CStr and inherit the change. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ie4f11a733d53a17a007751b979dc06ba6a6a6964
Update all property definitions and related test assertions to use `aurora.adapter` instead of `qubip.adapter`. This change ensures consistency with the current project naming. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I37654522dcfb8538888da287fc2f39096a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I45243700381bcdf4301c9a993f006c636a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I8002de1bdd2cb72cacbfe4ae705e4ae36a6a6964
See https://github.com/openssl/openssl/blob/openssl-3.2.2/providers/implementations/encode_decode/decode_der2key.c#L214-L221 "The caller is allowed to specify 0 as a selection mark, to have the structure and key type guessed."
…ats for pure ML-DSA
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Icbf11cd4ccbd13a25ce84f82e79cb8846a6a6964
This does not change the test coverage or behavior, it just moves things around in preparation for reusing the same "decode_tests" architecture for different sources than the openssl 3.5 files we have now. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Idfa332578397b95d2b9e52309563e6bf6a6a6964
…ith aurora v0.10.0 Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Iad6f016b2f0726c8412a0a0bb9b2cb616a6a6964
… v0.10.0 artifacts Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I79f121c3c3e8605822c61eaa5a9cf1386a6a6964
…roof tests The "private key vector out of range" tests cover the case in which a private key is malformed in a certain way, but none of the implementations we use are capable of detecting that case, so for now we manually skip those tests.
…struct When generating a key, we now generate the seed ourselves (so that we can store it), instead of relying on mldsa-native-rs's internal RNG.
If the openssl github link once pointed to a listing of what these values should be, it doesn't anymore; better to cite the source.
…private key format for pure MLDSA Doing it this way does mean that the expanded form of the key is re-generated even though it's already available in the decoded data, but it has the advantage of not requiring any API change in PrivateKey.
…tches the decoded one
… for transcoders
The prior version of this test, essentially looking at the output of
`openssl list -all-algorithms` has been disabled for quite some time,
since the test was not particularly significant, given that the existing
regex only matched the listed output for encoders and decoders.
The fix here is to keep the regex, but make the intent of the test
specific for transcoders: as of OpenSSL 3.2.2 only transcoders are
listed alongside their registered properties, and we want to check
those.
We will add a new simpler tests in a separate commit, to check that our
provider provides at least one algorithm: we will list only key managers
and tailor the regex for that.
NOTE: consuming the output of `openssl list` is inherently fragile, as
OpenSSL makes no promises about the output format of this tool!
Fixes: #12
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I5caaed6febdff03a954080d19c873cd46a6a6964
…managers
This test is simpler than the one on transcoders, which can check the
registered properties, but it can cover also algorithms that do not have
associated transcoders.
NOTE: consuming the output of `openssl list` is inherently fragile, as
OpenSSL makes no promises about the output format of this tool!
Fixes: #12
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I7caa34cb6cddaf32430955a2d20417c96a6a6964
…ent module Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I144356d2495dea677f792f0d24ac978b6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I8216b2504adac800976097d1054f4b0a6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I41cb7ad9ebf0747174da0ee94c5709a76a6a6964
…able Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I0133144f53b9112fee3d803aa9ef6d806a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ic6399d714350350ac4fb3cea611e486f6a6a6964
… table Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I316f95ebb630cb8dd8f81732e52aa03a6a6a6964
This encoding is not actually from <https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-sigs-19#name-asn1-module>. The specified serialization format for composite ML-DSA keys is as raw bytes, not as ASN.1, but since it's a common pattern in the aurora adapters to use rasn-generated types for encoding and decoding, we have these for familiarity/uniformity. Specifically, we need to maintain compatibility with the encodings used in aurora v0.10.0. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I7335b0b91a89534a00f4793ebb651daf6a6a6964
Add `cargo:rerun-if-changed` for each ASN.1 file to ensure build.rs is rerun when any ASN.1 source changes. Also refactor to use an array for ASN.1 file paths and pass them collectively to the rasn compiler. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I3e9269792ab4e963011c609f66f5ac726a6a6964
…or aurora v0.9.0 artifacts⚠️ BROKEN! :This only adds the tests, which currently fail for Composite-MLDSA. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: If51f72ffba94d79581cef68f637bb9e56a6a6964
The `data/asn1/X509-Composite-ML-DSA-2025.asn` module now has a private
key definition that allows both the 0-tagged OCTET STRING encodings from
v0.10 and the default-tagged OCTET STRING encodings from v0.9 to be
decoded.
The constant `SECRETKEY_LEN` in the keymgmt modules has been split into
separate `SECRETKEY_{SEED,EXPANDED}_LEN` constants, and the
corresponding associated constant `PrivateKey::PQ_PRIVATE_KEY_LEN` has
been split into separate
`PrivateKey::PQ_PRIVATE_KEY_{SEED,EXPANDED}_LEN` constants.
`PrivateKey::byte_len()` has been split into
`PrivateKey::byte_len_{seed,expanded}()`.
`PrivateKey::encode()` has new helper functions for encoding each half
of the key.
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com>
Change-Id: I138e4107de6d6303bf64dffadea0643e6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ia1e357184fb0cadff316a8994eb3ea2b6a6a6964
For quite some time now, all integration tests trigger a `cargo build` during setup to ensure the aurora cdylib exists and is up-to-date. Because feature selection from `cargo test` is not passed through, we use environment variables to control build flags: - TEST_QUIET_BUILD: set to "0", "false", "no", or "off" to disable `--quiet` (default: enabled) - TEST_NO_DEFAULT_FEATURES: set to "1", "true", "yes", or "on" to enable `--no-default-features` - TEST_FEATURES: set to a comma-separated feature list to pass to `--features` (spaces are not supported) This ad hoc system improves flexibility for integration test builds. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ic43fba7476ff13103128749aed10349e6a6a6964
* we add `jaq`, as a cargo-accessible alternative to `jq`) * through `jaq` we evaluate the features.default list in Cargo.toml * swap `mldsa_native_adapter` for `pqclean_adapter` in features.default_adapters * use the resulting list to specify the alternative set of features which effectively is `default - mldsa_native_adapter + pqclean_adapter` Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I529f77ebcd7c9f09ac9e42b2a2abf7cf6a6a6964
… adapters Standardize decoder_functions.rs and encoder_functions.rs implementations across all adapters and algorithms. This ensures consistent handling of keypair decoding, public key derivation, and logging. Also, unify the addition of plain text encoders for private and public keys where applicable. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: If93980644c56d83147c79b28a443939f6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ib036bc6930beb62360ced5eadb056ef76a6a6964
- Update the Digital Signatures table to reflect new default adapters. - Update links and recommendations to refer newer version of drafts (only editorial changes, no technical changes) * draft-ietf-lamps-pq-composite-sigs-19 * RFC 9909. This improves clarity and ensures documentation matches This improves clarity and ensures documentation matches current implementation and standards. Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Id7740a565a35b4434d8b33e0d4ccb65c6a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Ic152a48c1b375da8299a5063e93869d96a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: I70c05f06a3d0d5ade96e29d2d9c7a0756a6a6964
Signed-off-by: Nicola Tuveri <nic.tuv@gmail.com> Change-Id: Iba8238127e31a8f9052d568cd92dd0ee6a6a6964
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
0.11.0 - 2026-04-28
⚠ BREAKING CHANGES
provider=aurorais now set on all algorithmsx.author=QUBIPinstead ofx.author='QUBIP'aurora.adapter=<adapter>instead ofx.qubip.adapter='<adapter>'🚀 Features
seedandbothprivate key formats for pure ML-DSA🐛 Bug Fixes
Box::from_raw🚜 Refactor
provider=aurorato property definitions🧪 Testing