Merge pull request #529 from open-quantum-safe/ps-libjade

Add build option to toggle libjade implementations in liboqs

.github/workflows/linux.yml

@@ -16,6 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         cmake-params: [ "", "-DOQS_KEM_ENCODERS=ON" ]
+        libjade-build: ["ON", "OFF"]
     container:
       image: openquantumsafe/ci-ubuntu-jammy:latest
     env:
@@ -25,7 +26,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
       - name: Full build
-        run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh
+        run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test
@@ -38,6 +39,9 @@ jobs:
       fail-fast: false
       matrix:
         ossl-branch: [openssl-3.1.0, master]
+        libjade-build:
+          - "ON" 
+          - "OFF"
         include:
           - name: alpine
             container: openquantumsafe/ci-alpine-amd64:latest
@@ -55,7 +59,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
       - name: Full build
-        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
+        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test

.github/workflows/macos.yml

@@ -15,6 +15,9 @@ jobs:
         os:
           - macos-13
           - macos-12
+        libjade-build:
+# build with -DOQS_LIBJADE_BUILD=ON when building for algorithms with libjade implementations
+          - "OFF"
 # eventually build for other alg sets, if CCI use is discontinued
         params:
           - oqsconfig: -DOQS_ALGS_ENABLED=STD
@@ -59,7 +62,7 @@ jobs:
           key: ${{ runner.os }}-openssl32
       - name: build liboqs
         run: |
-           cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs ${{ matrix.params.oqsconfig }} -S . -B _build
+           cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs -DOQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ${{ matrix.params.oqsconfig }} -S . -B _build
            cmake --build _build
            cmake --install _build
         working-directory: liboqs

CONFIGURE.md

@@ -37,7 +37,7 @@ This environment variable lets you specify additional flags to pass to `cmake` e
 For example, in order to point `cmake` to a specific library, you might run:
 
 ```
-$ env CMAKE_PARAMS="-DOPENSSL_CRYPTO_LIBRARY=/opt/lib64/libcrypto.so" bash scripts/fullbuild.sh
+env CMAKE_PARAMS="-DOPENSSL_CRYPTO_LIBRARY=/opt/lib64/libcrypto.so" bash scripts/fullbuild.sh
 ```
 
 ### liboqs_DIR
@@ -186,6 +186,20 @@ facilitated by setting the `liboqs` build option `-DOQS_ALGS_ENABLED=STD` when b
 `liboqs`. The list of algorithms supported by `oqs-provider` is defined by
 the contents of the file `generate.yml` documented in the [pre-build configuration](#pre-build-configuration).
 
+### OQS_LIBJADE_BUILD
+
+This environment variable lets you specify the build option `-DOQS_LIBJADE_BUILD` for building liboqs when using the `fullbuild.sh` script. If this environment variable is not set `fullbuild.sh` defaults to building liboqs with `-DOQS_LIBJADE_BUILD=ON`.
+
+When building liboqs with `-DOQS_LIBJADE_BUILD=ON`, default implementations of post-quantum algorithms are replaced with formally verified implementations sourced from [libjade](https://github.com/formosa-crypto/libjade) (if liboqs provides such an implementation.) Please refer to [liboqs documentation](https://github.com/open-quantum-safe/liboqs/blob/main/CONFIGURE.md#oqs_libjade_build) to see which algorithms have formally verified implementations and learn more about the `-DOQS_LIBJADE_BUILD` build option.
+
+For example, in order to build liboqs with `-DOQS_LIBJADE_BUILD=OFF`, you might run:
+
+```
+env OQS_LIBJADE_BUILD="OFF" bash scripts/fullbuild.sh
+```
+
+Alternatively, the string `-DOQS_LIBJADE_BUILD=` along with its value may be passed to the `fullbuild.sh` script via the [`CMAKE_PARAMS`](#cmake_params) environment variable.
+
 ## Runtime options
 
 The `openssl` [property selection mechanism](https://www.openssl.org/docs/manmaster/man7/property.html)

scripts/fullbuild.sh

@@ -39,6 +39,12 @@ else
    export DOQS_ALGS_ENABLED="-DOQS_ALGS_ENABLED=$OQS_ALGS_ENABLED"
 fi
 
+if [ -z "$OQS_LIBJADE_BUILD"]; then
+   export DOQS_LIBJADE_BUILD="-DOQS_LIBJADE_BUILD=ON"
+else
+   export DOQS_LIBJADE_BUILD="-DOQS_LIBJADE_BUILD=$OQS_LIBJADE_BUILD"
+fi
+
 if [ -z "$OPENSSL_INSTALL" ]; then
  openssl version | grep "OpenSSL 3" > /dev/null 2>&1
  #if [ \($? -ne 0 \) -o \( ! -z "$OPENSSL_BRANCH" \) ]; then
@@ -109,7 +115,7 @@ if [ -z $liboqs_DIR ]; then
   #    STD: only include NIST standardized algorithms
   #    NIST_R4: only include algorithms in round 4 of the NIST competition
   #    All: include all algorithms supported by liboqs (default)
-  cd liboqs && cmake -GNinja $CMAKE_PARAMS $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B _build && cd _build && ninja && ninja install && cd ../..
+  cd liboqs && cmake -GNinja $CMAKE_PARAMS $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION $DOQS_LIBJADE_BUILD -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B _build && cd _build && ninja && ninja install && cd ../..
   if [ $? -ne 0 ]; then
       echo "liboqs build failed. Exiting."
       exit -1