Remove external encoding lib (open-quantum-safe#460)

* remove external encoding lib option

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>

* remove CCI ubuntu tests

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>

---------

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>

.circleci/config.yml

@@ -16,122 +16,6 @@ localCheckout: &localCheckout
     git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
     cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
 jobs:
-  ubuntu:
-    description: A template for running OQS-OpenSSL tests on x64 Ubuntu Docker VMs
-    parameters:
-      IMAGE:
-        description: "docker image to use."
-        type: string
-      CMAKE_ARGS:
-        description: "Arguments to pass to CMake."
-        type: string
-      OPENSSL_PREINSTALL:
-        description: "OpenSSL version preinstalled."
-        type: string
-      OQS_PROVIDER_BUILD_STATIC:
-        description: "Build oqsprovider as a static library"
-        type: boolean
-        default: false
-    docker:
-      - image: << parameters.IMAGE >>
-    steps:
-      - setup_remote_docker
-      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
-      - run:
-          name: Clone and build liboqs (<< parameters.CMAKE_ARGS >>)
-          command: |
-             git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
-             cd liboqs && mkdir _build && cd _build &&
-             cmake -GNinja << parameters.CMAKE_ARGS >> -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install &&
-             cd .. && cd .. && pwd
-      - when:
-          condition:
-            not:
-              equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
-          steps:
-            - run:
-                name: Clone and build OpenSSL(3)
-                command: |
-                   git clone --branch master https://github.com/openssl/openssl.git openssl &&
-                   cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
-            - run:
-                name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support)
-                command: |
-                  oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>"
-                  if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-                    oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON"
-                  fi
-                  mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd ..
-                  if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-                    file _build/lib/oqsprovider.a
-                  fi
-      - when:
-          condition:
-              equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
-          steps:
-            - run:
-                name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support)
-                command: |
-                  oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>"
-                  if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-                    oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON"
-                  fi
-                  mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd ..
-                  if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-                    file _build/lib/oqsprovider.a
-                  fi
-      - run:
-          name: Run tests
-          command: |
-             if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-               ctest --test-dir _build/
-             else
-               ./scripts/runtests.sh -V
-             fi
-      - run:
-          name: Run tests (with encodings, positive and negative test)
-          command: |
-            if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-              ./scripts/runtests_encodings.sh -V > log
-              if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
-                 cat log
-                 ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-              else
-                 cat log
-              fi
-            fi
-      - run:
-          name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >>) with NOPUBKEY_IN_PRIVKEY and QSC encoding support
-          command: |
-            oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>"
-            if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-              oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON"
-            fi
-            rm -rf _build && mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja
-            if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-              file _build/lib/oqsprovider.a
-            fi
-      - run:
-          name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON)
-          command: |
-             if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-               ctest --test-dir _build/
-             else
-               ./scripts/runtests.sh -V
-             fi
-      - run:
-          name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON, with encodings, positive and negative test)
-          command: |
-            if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-              ./scripts/runtests_encodings.sh -V
-              if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
-                 cat log
-                 ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-              else
-                 cat log
-              fi
-            fi
-
   macOS:
     description: A template for running tests on macOS
     parameters:
@@ -208,37 +92,6 @@ jobs:
              else
                ./scripts/runtests.sh -V
              fi
-      - run:
-          name: Build OQS-OpenSSL provider with QSC encoding support
-          command: |
-             oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>"
-             if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-               oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON"
-             fi
-             rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja
-             if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-               file _build/lib/oqsprovider.a
-             fi
-      - run:
-          name: Run tests
-          command: |
-             if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-               ctest --test-dir _build/ --output-on-failure
-             else
-               ./scripts/runtests.sh -V
-             fi
-      - run:
-          name: Run tests (with encodings)
-          command: |
-            if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then
-              ./scripts/runtests_encodings.sh -V > log
-              if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
-                 cat log
-                 ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
-              else
-                 cat log
-              fi
-            fi
 
   trigger-downstream-ci:
     docker:
@@ -264,22 +117,6 @@ workflows:
   version: 2.1
   build:
     jobs:
-      - ubuntu:
-          name: ubuntu-focal
-          IMAGE: openquantumsafe/ci-ubuntu-focal-x86_64:latest
-          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
-          OPENSSL_PREINSTALL: openssl@1
-      - ubuntu:
-          name: ubuntu-jammy
-          IMAGE: openquantumsafe/ci-ubuntu-jammy:latest
-          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD
-          OPENSSL_PREINSTALL: openssl@3
-      - ubuntu:
-          name: ubuntu-jammy-static
-          IMAGE: openquantumsafe/ci-ubuntu-jammy:latest
-          OQS_PROVIDER_BUILD_STATIC: true
-          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD
-          OPENSSL_PREINSTALL: openssl@3
       - macOS:
           name: macOS-noopenssl
           CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF

ALGORITHMS.md

@@ -283,40 +283,3 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li
 | p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->
 
-# Key Encodings
-
-By setting environment variables, oqs-provider can be configured to encode keys (subjectPublicKey and and privateKey ASN.1 structures) according to the following IETF drafts:
-
-- https://datatracker.ietf.org/doc/draft-uni-qsckeys-dilithium/00/
-- https://datatracker.ietf.org/doc/draft-uni-qsckeys-falcon/00/
-- https://datatracker.ietf.org/doc/draft-uni-qsckeys-sphincsplus/00/
-
-<!--- OQS_TEMPLATE_FRAGMENT_ENCODINGS_START -->
-|Environment Variable | Permissible Values |
-| --- | --- |
-|`OQS_ENCODING_DILITHIUM2`|`draft-uni-qsckeys-dilithium-00/sk-pk`|
-|`OQS_ENCODING_DILITHIUM3`|`draft-uni-qsckeys-dilithium-00/sk-pk`|
-|`OQS_ENCODING_DILITHIUM5`|`draft-uni-qsckeys-dilithium-00/sk-pk`|
-|`OQS_ENCODING_FALCON512`|`draft-uni-qsckeys-falcon-00/sk-pk`|
-|`OQS_ENCODING_FALCONPADDED512`|`draft-uni-qsckeys-falcon-00/sk-pk`|
-|`OQS_ENCODING_FALCON1024`|`draft-uni-qsckeys-falcon-00/sk-pk`|
-|`OQS_ENCODING_FALCONPADDED1024`|`draft-uni-qsckeys-falcon-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHA2256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-|`OQS_ENCODING_SPHINCSSHAKE256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`|
-<!--- OQS_TEMPLATE_FRAGMENT_ENCODINGS_END -->
-
-By setting `OQS_ENCODING_<ALGORITHM>_ALGNAME` environment variables, the corresponding algorithm names are set. The names are documented in the [`qsc_encoding.h`](https://github.com/Quantum-Safe-Collaboration/qsc-key-encoder/blob/main/include/qsc_encoding.h) header file of the encoder library.
-
-If no environment variable is set, or if an unknown value is set, the default is 'no' encoding, meaning that key serialization uses the 'raw' keys of the crypto implementations. If unknown values are set as environment variables, a run-time error will be raised.
-
-The test script `scripts/runtests_encodings.sh` (instead of `scripts/runtests.sh`) can be used for a test run with all supported encodings activated.

CMakeLists.txt

@@ -38,13 +38,6 @@ if(${NOPUBKEY_IN_PRIVKEY})
 else()
     message(STATUS "Build will store public keys in PKCS#8 structures")
 endif()
-option(USE_ENCODING_LIB "Build with external encoding library for SPKI/PKCS#8 " OFF)
-if(${USE_ENCODING_LIB})
-    message(STATUS "Build will include external encoding library for SPKI/PKCS#8")
-    add_compile_definitions( USE_ENCODING_LIB )
-else()
-    message(STATUS "Build will not include external encoding library for SPKI/PKCS#8")
-endif()
 
 option(OQS_PROVIDER_BUILD_STATIC "Build a static library instead of a shared library" OFF)
 if(OQS_PROVIDER_BUILD_STATIC AND BUILD_SHARED_LIBS)

CONFIGURE.md

@@ -39,13 +39,6 @@ location for the OS.
 This uses the [`find_package`](https://cmake.org/cmake/help/latest/command/find_package.html)
 command in `cmake`, which checks for local builds of a package at `<PackageName>_DIR`
 
-### USE_ENCODING_LIB
-
-By setting `-DUSE_ENCODING_LIB=<ON/OFF>` at compile-time, oqs-provider can be
-compiled with with an an external encoding library `qsc-key-encoder`.
-Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md).
-The default value is `OFF`.
-
 ### NOPUBKEY_IN_PRIVKEY
 
 By setting this to "ON", it can be specified to omit explicitly serializing

CONTRIBUTING.md

@@ -32,9 +32,14 @@ Thus, any PR should revisit and possibly update this file suitably.
 
 This project has adopted the [OpenSSL coding style](https://www.openssl.org/policies/technical/coding-style.html).
 To check adherence of any new code to this, it therefore is highly recommended to
-run the following command in the project main directory prior to finishing a PR:
+run the following commands in the project main directory prior to finishing a PR:
 
     find oqsprov -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format --dry-run --Werror
+    find test -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format --dry-run --Werror
+
+If errors are reported, consider replacing `--dry-run --Werror` with `-i` to
+enable in-place correction of the coding errors, or correct the code manually
+to pass this CI acceptance test.
 
 ### Running CI locally
 

oqsprov/CMakeLists.txt

@@ -5,20 +5,6 @@ execute_process(
   OUTPUT_VARIABLE GIT_COMMIT_HASH
   OUTPUT_STRIP_TRAILING_WHITESPACE
 )
-if (USE_ENCODING_LIB)
-  include(ExternalProject)
-  set(encoder_LIBRARY ${CMAKE_BINARY_DIR}/install/lib/${CMAKE_STATIC_LIBRARY_PREFIX}qsc_key_encoder${CMAKE_STATIC_LIBRARY_SUFFIX})
-  set(encoder_LIBRARY_INCLUDE ${CMAKE_BINARY_DIR}/install/include)
-  ExternalProject_Add(encoder
-      GIT_REPOSITORY https://github.com/Quantum-Safe-Collaboration/qsc-key-encoder.git
-      GIT_TAG main
-      CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/install -DCMAKE_BUILD_TYPE=Release
-      UPDATE_DISCONNECTED 1
-      BUILD_BYPRODUCTS ${encoder_LIBRARY}
-  )
-  add_library(qsc_key_encoder STATIC IMPORTED)
-  set_target_properties(qsc_key_encoder PROPERTIES IMPORTED_LOCATION ${encoder_LIBRARY})
-endif()
 add_definitions(-DOQSPROVIDER_VERSION_TEXT="${OQSPROVIDER_VERSION_TEXT}")
 message(STATUS "Building commit ${GIT_COMMIT_HASH} in ${CMAKE_SOURCE_DIR}")
 add_definitions(-DOQS_PROVIDER_COMMIT=" \(${GIT_COMMIT_HASH}\)")
@@ -38,9 +24,6 @@ if(OQS_PROVIDER_BUILD_STATIC)
 endif()
 
 add_library(oqsprovider ${OQS_LIBRARY_TYPE} ${PROVIDER_SOURCE_FILES})
-if (USE_ENCODING_LIB)
-  add_dependencies(oqsprovider encoder)
-endif()
 set_target_properties(oqsprovider
     PROPERTIES
     PREFIX ""
@@ -87,10 +70,6 @@ else()
 endif()
 
 target_link_libraries(oqsprovider PUBLIC OQS::oqs ${OPENSSL_CRYPTO_LIBRARY} ${OQS_ADDL_SOCKET_LIBS})
-if (USE_ENCODING_LIB)
-  target_link_libraries(oqsprovider PUBLIC qsc_key_encoder)
-  target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE})
-endif()
 
 install(TARGETS oqsprovider
         LIBRARY DESTINATION "${OPENSSL_MODULES_PATH}"