CircleCI tests failing on main #427
Comments
SWilson4
added
bug
|
This is due to issue #1815. However, it's not readily apparent because of a bug in our CI logic: the "build" step appeared to have passed: https://app.circleci.com/pipelines/github/open-quantum-safe/oqs-provider/1444/workflows/c02d99f6-46ed-4e91-9384-0b740596d184/jobs/6805. |
|
This is not just one but two bugs -- 1) CCI build failure must not be considered a pass 2) stateful hash based API include order is not OK; see also open-quantum-safe/oqs-demos#281 |
|
The current approach is when stateful Keygen and Sign operations are not defined, we fallback to assign I think it's better if we define the From #ifndef OQS_ALLOW_STFL_KEY_AND_SIG_GEN
#define OQS_SIG_STFL OQS_SIG
to (move the #ifdef to include/exclude Keygen and Sign) /**
* Stateful signature scheme object
*/
typedef struct OQS_SIG_STFL {
/**
* A local ordinal representing the LMS/XMSS OID parameter of the signature scheme.
* This OID is unrelated to ASN.1 OID, it's only for LMS/XMSS internal usage.
*/
uint32_t oid;
/** Printable string representing the name of the signature scheme. */
const char *method_name;
/**
* Printable string representing the version of the cryptographic algorithm.
*
* Implementations with the same method_name and same alg_version will be interoperable.
* See README.md for information about algorithm compatibility.
*/
const char *alg_version;
/** Whether the signature offers EUF-CMA security (TRUE) or not (FALSE). */
bool euf_cma;
/** The (maximum) length, in bytes, of public keys for this signature scheme. */
size_t length_public_key;
/** The (maximum) length, in bytes, of secret keys for this signature scheme. */
size_t length_secret_key;
/** The (maximum) length, in bytes, of signatures for this signature scheme. */
size_t length_signature;
#ifdef OQS_ALLOW_STFL_KEY_AND_SIG_GEN
/**
* Keypair generation algorithm.
*
* Caller is responsible for allocating sufficient memory for `public_key`
* based on the `length_*` members in this object or the per-scheme
* compile-time macros `OQS_SIG_STFL_*_length_*`.
*
* @param[out] public_key The public key is represented as a byte string.
* @param[out] secret_key The secret key object
* @return OQS_SUCCESS or OQS_ERROR
*/
OQS_STATUS (*keypair)(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
/**
* Signature generation algorithm.
*
* For stateful signatures, there is always a limited number of signatures that can be used,
* The private key signature counter is increased by one once a signature is successfully generated,
* When the signature counter reaches the maximum number of available signatures, the signature generation always fails.
*
* Caller is responsible for allocating sufficient memory for `signature`,
* based on the `length_*` members in this object or the per-scheme
* compile-time macros `OQS_SIG_STFL_*_length_*`.
*
* @param[out] signature The signature on the message is represented as a byte string.
* @param[out] signature_len The length of the signature.
* @param[in] message The message to sign is represented as a byte string.
* @param[in] message_len The length of the message to sign.
* @param[in] secret_key The secret key object pointer.
* @return OQS_SUCCESS or OQS_ERROR
*
* @note Internally, if `lock/unlock` functions and `mutex` are set, it will attempt to lock the private key and unlock
* the private key after the Signing operation is completed.
*/
OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key);
#endif
/**
* Signature verification algorithm.
*
* @param[in] message The message is represented as a byte string.
* @param[in] message_len The length of the message.
* @param[in] signature The signature on the message is represented as a byte string.
* @param[in] signature_len The length of the signature.
* @param[in] public_key The public key is represented as a byte string.
* @return OQS_SUCCESS or OQS_ERROR
*/
OQS_STATUS (*verify)(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
/**
* Query the number of remaining signatures.
*
* The remaining signatures are the number of signatures available before the private key runs out of its total signature and expires.
*
* @param[out] remain The number of remaining signatures
* @param[in] secret_key The secret key object pointer.
* @return OQS_SUCCESS or OQS_ERROR
*/
OQS_STATUS (*sigs_remaining)(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key);
/**
* Query the total number of signatures.
*
* The total number of signatures is the constant number present in how many signatures can be generated from a private key.
*
* @param[out] total The total number of signatures
* @param[in] secret_key The secret key key object pointer.
* @return OQS_SUCCESS or OQS_ERROR
*/
OQS_STATUS (*sigs_total)(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key);
} OQS_SIG_STFL;What do you think? @ashman-p @dstebila @baentsch @SWilson4 ? |
|
The drawback of this proposal is that oqsprovider then needs new code to handle |
|
What about simply forward-declaring OQS_SIG in #ifndef OQS_ALLOW_STFL_KEY_AND_SIG_GEN
typedef struct OQS_SIG OQS_SIG;
#define OQS_SIG_STFL OQS_SIG
// ...
#endif //OQS_ALLOW_STFL_KEY_AND_SIG_GEN |
Could work. But why is the existing include of |
When the application includes |
So would undef'ing this in |
I suspect the latter, and local experimentation seems to confirm this 😜 |
|
Resolved by open-quantum-safe/liboqs#1820: CI on |
CircleCI is failing on the current main, 8b3d460. However, it passed on the same ref a couple of days ago. Possible causes: merge of open-quantum-safe/liboqs#1650? CircleCI bug?
The text was updated successfully, but these errors were encountered: