Skip to content

Commit

Permalink
Merge pull request #192 from expressvpn/CVPN-1554-remove-liboqs-and-u…
Browse files Browse the repository at this point in the history
…se-new-wolfssl

CVPN-1554 Remove liboqs and use WolfSSL's implementations
  • Loading branch information
kp-thomas-yau authored Nov 18, 2024
2 parents 8366f61 + ab01e98 commit 070fd55
Show file tree
Hide file tree
Showing 10 changed files with 3,600 additions and 209 deletions.
145 changes: 5 additions & 140 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 0 additions & 3 deletions deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,6 @@ wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
skip = [
{ name = "bindgen", version = "0.68.1" },
]

[sources]
unknown-registry = "deny"
Expand Down
15 changes: 2 additions & 13 deletions wolfssl-sys/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,10 @@ bindgen = "0.70"
autotools = "0.2"
build-target = "0.4.0"

[dependencies.oqs-sys]
version = "0.9.1"
default-features = false
features = ["kyber"]
optional = true

[features]
default = []
default = ["postquantum"]
debug = []
postquantum = ["dep:oqs-sys"]


[package.metadata.cargo-all-features]
# Not an actual feature
denylist = ["oqs-sys"]
postquantum = []

[[example]]
name = "connect_pq"
Expand Down
35 changes: 14 additions & 21 deletions wolfssl-sys/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,13 @@ fn copy_wolfssl(dest: &Path) -> std::io::Result<PathBuf> {
}

const PATCH_DIR: &str = "patches";
const PATCHES: &[&str] = &["disable-falcon-dilithium.patch"];
const PATCHES: &[&str] = &[
"include-private-key-fields-for-kyber.patch",
"make-kyber-mlkem-available.patch",
"fix-kyber-mlkem-benchmark.patch",
"fix-mlkem-get-curve-name.patch",
"fix-kyber-get-curve-name.patch",
];

/**
* Apply patch to wolfssl-src
Expand Down Expand Up @@ -90,6 +96,8 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {
.disable_shared()
// Disable sys ca certificate store
.disable("sys-ca-certs", None)
// Disable dilithium
.disable("dilithium", None)
// Enable AES bitsliced implementation (cache attack safe)
.enable("aes-bitsliced", None)
// Enable Curve25519
Expand Down Expand Up @@ -118,7 +126,7 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {
.enable("supportedcurves", None)
// Enable TLS/1.3
.enable("tls13", None)
// Enable liboqs, etc
// Enable kyber, etc
.enable("experimental", None)
// CFLAGS
.cflag("-g")
Expand All @@ -137,21 +145,10 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {
}

if cfg!(feature = "postquantum") {
// Post Quantum support is provided by liboqs
if let Some(include) = std::env::var_os("DEP_OQS_ROOT") {
let oqs_path = Path::new(&include);
conf.cflag(format!(
"-I{}",
oqs_path.join("build/include/").to_str().unwrap()
));
conf.ldflag(format!(
"-L{}",
oqs_path.join("build/lib/").to_str().unwrap()
));
conf.with("liboqs", None);
} else {
panic!("Post Quantum requested but liboqs appears to be missing?");
}
// Enable Kyber
conf.enable("kyber", Some("all,original"))
// SHA3 is needed for using WolfSSL's implementation of Kyber/ML-KEM
.enable("sha3", None);
}

match build_target::target_arch().unwrap() {
Expand Down Expand Up @@ -291,10 +288,6 @@ fn main() -> std::io::Result<()> {
// Tell cargo to tell rustc to link in WolfSSL
println!("cargo:rustc-link-lib=static=wolfssl");

if cfg!(feature = "postquantum") {
println!("cargo:rustc-link-lib=static=oqs");
}

println!(
"cargo:rustc-link-search=native={}",
wolfssl_install_dir.join("lib").to_str().unwrap()
Expand Down
32 changes: 0 additions & 32 deletions wolfssl-sys/patches/disable-falcon-dilithium.patch

This file was deleted.

Loading

0 comments on commit 070fd55

Please sign in to comment.