From b7b86c14f4472ab4c645d96aa6ef4039900cacb7 Mon Sep 17 00:00:00 2001 From: Vlad Gheorghiu Date: Wed, 27 Mar 2024 15:20:53 -0400 Subject: [PATCH] Version 0.10.0 (#37) Version 0.10.0 --- .config-static/liboqs-go.pc | 9 + .config-static/liboqs-go.pc.linux | 9 + .config-static/liboqs-go.pc.win64 | 9 + .config/{liboqs.pc => liboqs-go.pc} | 6 +- .../{liboqs.pc.linux => liboqs-go.pc.linux} | 6 +- .../{liboqs.pc.win64 => liboqs-go.pc.win64} | 6 +- .github/workflows/go.yml | 10 +- CHANGES.md | 69 ++++++ CHANGES.txt | 48 ----- LICENSE | 2 +- README.md | 202 +++++++++++------- RELEASE.md | 30 +-- .../client_server_kem/client/client_kem.go | 14 +- .../client_server_kem/server/server_kem.go | 18 +- examples/kem/kem.go | 2 +- examples/rand/rand.go | 14 +- examples/sig/sig.go | 2 +- oqs/oqs.go | 9 +- oqs/rand/rand.go | 4 +- oqstests/kem_test.go | 26 +-- oqstests/sig_test.go | 39 ++-- 21 files changed, 320 insertions(+), 214 deletions(-) create mode 100644 .config-static/liboqs-go.pc create mode 100644 .config-static/liboqs-go.pc.linux create mode 100644 .config-static/liboqs-go.pc.win64 rename .config/{liboqs.pc => liboqs-go.pc} (61%) rename .config/{liboqs.pc.linux => liboqs-go.pc.linux} (61%) rename .config/{liboqs.pc.win64 => liboqs-go.pc.win64} (61%) create mode 100644 CHANGES.md delete mode 100644 CHANGES.txt diff --git a/.config-static/liboqs-go.pc b/.config-static/liboqs-go.pc new file mode 100644 index 0000000..d1482c1 --- /dev/null +++ b/.config-static/liboqs-go.pc @@ -0,0 +1,9 @@ +LIBOQS_INCLUDE_DIR=/usr/local/include +LIBOQS_LIB_DIR=/usr/local/lib + +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 +Cflags: -I${LIBOQS_INCLUDE_DIR} +Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' +Libs: -L${LIBOQS_LIB_DIR} -Wl,-Bstatic -loqs -lcrypto -Wl,-Bdynamic diff --git a/.config-static/liboqs-go.pc.linux b/.config-static/liboqs-go.pc.linux new file mode 100644 index 0000000..d1482c1 --- /dev/null +++ b/.config-static/liboqs-go.pc.linux @@ -0,0 +1,9 @@ +LIBOQS_INCLUDE_DIR=/usr/local/include +LIBOQS_LIB_DIR=/usr/local/lib + +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 +Cflags: -I${LIBOQS_INCLUDE_DIR} +Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' +Libs: -L${LIBOQS_LIB_DIR} -Wl,-Bstatic -loqs -lcrypto -Wl,-Bdynamic diff --git a/.config-static/liboqs-go.pc.win64 b/.config-static/liboqs-go.pc.win64 new file mode 100644 index 0000000..6189111 --- /dev/null +++ b/.config-static/liboqs-go.pc.win64 @@ -0,0 +1,9 @@ +LIBOQS_INCLUDE_DIR=C:/liboqs/include +LIBOQS_LIB_DIR=C:/liboqs/lib + +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 +Cflags: -I${LIBOQS_INCLUDE_DIR} +Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' +Libs: -L${LIBOQS_LIB_DIR} -Wl,-Bstatic -loqs -lcrypto -Wl,-Bdynamic diff --git a/.config/liboqs.pc b/.config/liboqs-go.pc similarity index 61% rename from .config/liboqs.pc rename to .config/liboqs-go.pc index b3c1c47..c69933b 100644 --- a/.config/liboqs.pc +++ b/.config/liboqs-go.pc @@ -1,9 +1,9 @@ LIBOQS_INCLUDE_DIR=/usr/local/include LIBOQS_LIB_DIR=/usr/local/lib -Name: liboqs -Description: C library for quantum resistant cryptography -Version: 0.9.0 +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 Cflags: -I${LIBOQS_INCLUDE_DIR} Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' Libs: -L${LIBOQS_LIB_DIR} -loqs diff --git a/.config/liboqs.pc.linux b/.config/liboqs-go.pc.linux similarity index 61% rename from .config/liboqs.pc.linux rename to .config/liboqs-go.pc.linux index 7a313c0..c69933b 100644 --- a/.config/liboqs.pc.linux +++ b/.config/liboqs-go.pc.linux @@ -1,9 +1,9 @@ LIBOQS_INCLUDE_DIR=/usr/local/include LIBOQS_LIB_DIR=/usr/local/lib -Name: liboqs -Description: C library for quantum resistant cryptography -Version: 0.8.0 +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 Cflags: -I${LIBOQS_INCLUDE_DIR} Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' Libs: -L${LIBOQS_LIB_DIR} -loqs diff --git a/.config/liboqs.pc.win64 b/.config/liboqs-go.pc.win64 similarity index 61% rename from .config/liboqs.pc.win64 rename to .config/liboqs-go.pc.win64 index c8c7fa3..2a8c2a5 100644 --- a/.config/liboqs.pc.win64 +++ b/.config/liboqs-go.pc.win64 @@ -1,9 +1,9 @@ LIBOQS_INCLUDE_DIR=C:/liboqs/include LIBOQS_LIB_DIR=C:/liboqs/lib -Name: liboqs -Description: C library for quantum resistant cryptography -Version: 0.8.0 +Name: liboqs-go +Description: Go bindings for liboqs, a C library for quantum resistant cryptography +Version: 0.10.0 Cflags: -I${LIBOQS_INCLUDE_DIR} Ldflags: '-extldflags "-Wl,-stack_size -Wl,0x1000000"' Libs: -L${LIBOQS_LIB_DIR} -loqs diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index c07e216..996f015 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -2,11 +2,11 @@ name: GitHub actions on: push: - branches: [ "**" ] + branches: ["**"] pull_request: - branches: [ "**" ] + branches: ["**"] repository_dispatch: - types: [ "**" ] + types: ["**"] env: BUILD_TYPE: Debug @@ -19,7 +19,7 @@ jobs: build: strategy: matrix: - os: [ ubuntu-latest, macos-latest, windows-latest ] + os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: @@ -67,7 +67,7 @@ jobs: if: matrix.os == 'windows-latest' shell: cmd run: | - copy .\.config\liboqs.pc.win64 ${{env.WIN_PKG_CONFIG_PATH}}\liboqs.pc + copy .\.config\liboqs-go.pc.win64 ${{env.WIN_PKG_CONFIG_PATH}}\liboqs-go.pc - name: Run examples Windows if: matrix.os == 'windows-latest' diff --git a/CHANGES.md b/CHANGES.md new file mode 100644 index 0000000..da2e68f --- /dev/null +++ b/CHANGES.md @@ -0,0 +1,69 @@ +# Version 0.10.0 - March 27, 2024 + +- Bumped Go version to 1.21 +- Replaced ["CHANGES"] by ["CHANGES.md"], as we now use Markdown format to + keep track of changes in new releases +- Removed the NIST PRNG as the latter is no longer exposed by liboqs' public + API +- Added the + [".config-static"](https://github.com/open-quantum-safe/liboqs-go/tree/main/.config-static) + pkg-config configuration directory for linking statically against liboqs, see + ["README.md"](https://github.com/open-quantum-safe/liboqs-go/blob/main/README.md) + for more details. + +# Version 0.9.0 - October 30, 2023 + +- No modifications, release bumped to match the latest release of liboqs + +# Version 0.8.0 - July 5, 2023 + +- This is a maintenance release, minor fixes +- Minimalistic Docker support +- Go minimum required version bumped to 1.15 +- Removed AppVeyor and CircleCI, all continuous integration is now done via + GitHub actions + +# Version 0.7.2 - August 26, 2022 + +- Added liboqs library version retrieval function `LiboqsVersion() string` + +# Version 0.7.1 - January 5, 2022 + +- Release numbering updated to match liboqs +- Switched continuous integration from Travis CI to CircleCI, we now support + macOS & Linux (CircleCI) and Windows (AppVeyor) + +# Version 0.4.0 - November 28, 2020 + +- Bugfixes +- Renamed 'master' branch to 'main' + +# Version 0.3.0 - June 10, 2020 + +- Full Windows support and AppVeyor continuous integration +- Minor fixes + +# Version 0.2.2 - December 10, 2019 + +- Changed panics to errors in the API + +# Version 0.2.1 - November 7, 2019 + +- Added a client/server KEM over TCP/IP example + +# Version 0.2.0 - November 2, 2019 + +- Minor API change to account for Go naming conventions +- Concurrent unit testing + +# Version 0.1.2 - October 31, 2019 + +- Added support for RNGs from `` + +# Version 0.1.1 - October 24, 2019 + +- Added support for Go modules + +# Version 0.1.0 - October 22, 2019 + +- Initial release diff --git a/CHANGES.txt b/CHANGES.txt deleted file mode 100644 index f8d46fd..0000000 --- a/CHANGES.txt +++ /dev/null @@ -1,48 +0,0 @@ -Pre-release - - Bumped Go version to 1.21 - -Version 0.9.0 - October 30, 2023 - - No modifications, release bumped to match the latest release of liboqs - -Version 0.8.0 - July 5, 2023 - - This is a maintenance release, minor fixes - - Minimalistic Docker support - - Go minimum required version bumped to 1.15 - - Removed AppVeyor and CircleCI, all continuous integration is now done - via GitHub actions - -Version 0.7.2 - August 26, 2022 - - Added liboqs library version retrieval function - LiboqsVersion() string - -Version 0.7.1 - January 5, 2022 - - Release numbering updated to match liboqs - - Switched continuous integration from Travis CI to CircleCI, we now - support macOS & Linux (CircleCI) and Windows (AppVeyor) - -Version 0.4.0 - November 28, 2020 - - Bugfixes - - Renamed 'master' branch to 'main' - -Version 0.3.0 - June 10, 2020 - - Full Windows support and AppVeyor continuous integration - - Minor fixes - -Version 0.2.2 - December 10, 2019 - - Changed panics to errors in the API - -Version 0.2.1 - November 7, 2019 - - Added a client/server KEM over TCP/IP example - -Version 0.2.0 - November 2, 2019 - - Minor API change to account for Go naming conventions - - Concurrent unit testing - -Version 0.1.2 - October 31, 2019 - - Added support for RNGs from - -Version 0.1.1 - October 24, 2019 - - Added support for Go modules - -Version 0.1.0 - October 22, 2019 - - Initial release diff --git a/LICENSE b/LICENSE index b8fac1b..a945cbb 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019-2023 Open Quantum Safe +Copyright (c) 2019-2024 Open Quantum Safe Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 70034be..57403fc 100644 --- a/README.md +++ b/README.md @@ -11,18 +11,22 @@ The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. -**liboqs-go** offers a Go wrapper for -the [Open Quantum Safe](https://openquantumsafe.org/) [liboqs](https://github.com/open-quantum-safe/liboqs/) C library, -which is a C library for quantum-resistant cryptographic algorithms. - -liboqs-go is a Go package, hence in the following it is assumed that you have access to a Go compliant environment. -liboqs-go has been extensively tested on Linux, macOS and Windows platforms. Continuous integration is provided via +**liboqs-go** offers a Go wrapper for the +[Open Quantum Safe](https://openquantumsafe.org/) +[liboqs](https://github.com/open-quantum-safe/liboqs/) C library, which is a C +library for quantum-resistant cryptographic algorithms. + +liboqs-go is a Go package, hence in the following it is assumed that you have +access to a Go compliant environment. liboqs-go has been extensively tested on +Linux, macOS and Windows platforms. Continuous integration is provided via GitHub actions. The project contains the following files and directories: - **`oqs/oqs.go`: main package file for the wrapper** -- `.config/liboqs.pc`: `pkg-config` configuration file needed by `cgo` +- `.config/liboqs-go.pc`: `pkg-config` configuration file needed by `cgo` +- `.config-static/liboqs-go.pc`: `pkg-config` configuration file needed by + `cgo` when linking statically against liboqs - `examples`: usage examples, including a client/server KEM over TCP/IP - `oqstests`: unit tests @@ -36,41 +40,48 @@ The project contains the following files and directories: , [clang](https://clang.llvm.org) , [MSYS2](https://www.msys2.org/) etc. - [Go 1.21 or later](https://go.dev/) -- `pkg-config` (use `sudo apt-get install pkg-config` to install on Ubuntu/Debian-based Linux platforms or install it - via a third-party compiler such as [MSYS2](https://www.msys2.org/) on Windows) -- If using Windows, you need a C compiler supported by `cgo` added to your `PATH` environment variable; currently, the +- `pkg-config` (use `sudo apt-get install pkg-config` to install on + Ubuntu/Debian-based Linux platforms or install it + via a third-party compiler such as [MSYS2](https://www.msys2.org/) on + Windows) +- If using Windows, you need a C compiler supported by `cgo` added to your + `PATH` environment variable; currently, the + best supported ones are provided by [MSYS2](https://www.msys2.org/) - and [`tdm-gcc`](https://jmeubank.github.io/tdm-gcc/); [Cygwin](https://www.cygwin.com/) is **not yet supported** - by `cgo`; we recommend using MSYS2 since it also contains `pkg-config` as a package; to install `gcc` and `pkg-config` - under MSYS2, please execute in a MSYS2 terminal - window `pacman -S mingw64/mingw-w64-x86_64-gcc mingw64/mingw-w64-x86_64-pkg-config`, then add the corresponding - installation location (e.g, `C:\msys64\mingw64\bin`) to your `PATH` environment variable by - executing `set PATH=%PATH%;C:\msys64\mingw64\bin`. **Very important:** make sure that the `PATH` entry to the `gcc` - and `pkg-config` provided by `MSYS2`comes ** before** - any other (if any) `gcc` and `pkg-config` executables you may have installed (e.g. such as the ones provided - by [Cygwin](https://www.cygwin.com)). To verify, type into a Command Prompt `gcc --version`, and you should get an - output like + and [`tdm-gcc`](https://jmeubank.github.io/tdm-gcc/); + [Cygwin](https://www.cygwin.com/) is **not yet supported** + by `cgo`; we recommend using MSYS2 since it also contains `pkg-config` as a + package; to install `gcc` and `pkg-config` under MSYS2, please execute in a + MSYS2 terminal window + `pacman -S mingw64/mingw-w64-x86_64-gcc mingw64/mingw-w64-x86_64-pkg-config`, + then add the corresponding installation location (e.g, + `C:\msys64\mingw64\bin`) to your `PATH` environment variable by executing + `set PATH=%PATH%;C:\msys64\mingw64\bin`. **Very important:** make sure that + the `PATH` entry to the `gcc` and `pkg-config` provided by `MSYS2`comes + **before** any other (if any) `gcc` and `pkg-config` executables you may have + installed (e.g. such as the ones provided + by [Cygwin](https://www.cygwin.com)). To verify, type into a Command Prompt + `gcc --version`, and you should get an output such as > gcc (Rev3, Built by MSYS2 project) 9.1.0 -- If using Windows, you *may* need Go 1.21, as some earlier versions of Go produce some linker errors when - running `cgo` - --- ## Functional restrictions Please note that on some platforms not all algorithms are supported: -- macOS/Darwin: The Rainbow and Classic-McEliece algorithm families as well as HQC-256 do not work. +- macOS/Darwin: The Rainbow and Classic-McEliece algorithm families as well as + HQC-256 do not work. - Windows: The Rainbow and Classic-McEliece algorithm families do not work. --- ## Installation -In the rest of this document, we assume you execute commands from inside the `$HOME` directory on UNIX-like systems, or -from inside the %USERPROFILE% on Windows. +In the rest of this document, we assume you execute commands from inside the +`$HOME` directory on UNIX-like systems, or from inside the `%USERPROFILE%` on +Windows. ### Configure, build and install liboqs @@ -103,8 +114,9 @@ Panel tool or execute in a Command Prompt, e.g., set PATH=%PATH%;C:\Program Files (x86)\liboqs\bin ``` -You can change liboqs' installation directory by configuring the build to use an -alternative path, e.g., `C:\liboqs`, by replacing the first CMake line above by +You can change liboqs' installation directory by configuring the build to use +an alternative path, e.g., `C:\liboqs`, by replacing the first CMake line above +by ```shell cmake -S liboqs -B liboqs/build -DCMAKE_INSTALL_PREFIX="C:\liboqs" -DBUILD_SHARED_LIBS=ON @@ -118,32 +130,62 @@ Execute in a Terminal/Console/Administrator Command Prompt git clone --depth=1 https://github.com/open-quantum-safe/liboqs-go ``` -Next, you must modify the following lines -in [`$HOME/liboqs-go/.config/liboqs.pc`](https://github.com/open-quantum-safe/liboqs-go/tree/main/.config/liboqs.pc) +Next, you must modify the following lines in +[`$HOME/liboqs-go/.config/liboqs-go.pc`](https://github.com/open-quantum-safe/liboqs-go/tree/main/.config/liboqs-go.pc) LIBOQS_INCLUDE_DIR=/usr/local/include LIBOQS_LIB_DIR=/usr/local/lib -so they correspond to your liboqs include/lib installation directories. On Windows, **using forward slashes `/` and not +so they correspond to your liboqs include/lib installation directories. On +Windows, **using forward slashes `/` and not back-slashes**, e.g., LIBOQS_INCLUDE_DIR=C:/Program Files (x86)/liboqs/bin LIBOQS_LIB_DIR=C:/Program Files (x86)/liboqs/lib -Finally, you must add/append the `$HOME/liboqs-go/.config` directory to the `PKG_CONFIG_PATH` environment variable, -i.e., on UNIX-like systems execute in a terminal +Finally, you must add/append the `$HOME/liboqs-go/.config` directory to the +`PKG_CONFIG_PATH` environment variable, i.e., on UNIX-like systems execute in a +terminal ```shell export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$HOME/liboqs-go/.config ``` -or, on Windows platforms, use the "Edit the system environment variables" Control Panel tool or execute in a Command -Prompt +or, on Windows platforms, use the "Edit the system environment variables" +Control Panel tool or execute in a Command Prompt ```shell set PKG_CONFIG_PATH=%PKG_CONFIG_PATH%;$HOME/liboqs-go/.config ``` +### Linking statically against liboqs - excluding macOS/OS X platforms + +Replace `.config` with `.config-static` when setting the `PKG_CONFIG_PATH` +environment variable above. This assumes that you previously compiled and +installed the static version of liboqs, i.e., you did not pass +`-DBUILD_SHARED_LIBS=ON` to CMake when configuring liboqs above. + +Note that `.config-static/liboqs-go.pc` links statically against OpenSSL as +well. In case you don't have OpenSSL installed, remove the `-lcrypto` from the +last line of `.config-static/liboqs-go.pc`, and make sure you compiled liboqs +without OpenSSL, i.e., pass the `-DOQS_USE_OPENSSL=OFF` CMake flag when +configuring liboqs, otherwise you will get linker errors. + +**Important:** Ensure that you run `go clean -cache` before building or +running, so `pkg-config` refreshes its cache. + +### Linking statically against liboqs - macOS/OS X platforms + +The macOS/OS X linker does not allow choosing static vs dynamic linking when +both static and dynamic versions of a library are installed. In this case, the +dynamic version will always be chosen by the linker. Hence, to link statically +agains liboqs on macOS/OS X, make sure you have not installed the dynamic +version of liboqs anywhere on your system, and use the `.config` (not +`.config-static`) when setting the `PKG_CONFIG_PATH` environment variable. + +**Important:** Ensure that you run `go clean -cache` before building or +running. + ### Run the examples From inside the `liboqs-go` directory, execute @@ -176,7 +218,7 @@ cd liboqs-go go test -v ./oqstests ``` -On Windows, you may need to replace forward-slashes `/` by back-slashes `\'. +On Windows, you may need to replace forward-slashes `/` by back-slashes `\`. --- @@ -186,20 +228,22 @@ liboqs-go can be imported into Go programs with ```go import ( -"github.com/open-quantum-safe/liboqs-go/oqs" + "github.com/open-quantum-safe/liboqs-go/oqs" ) - ``` -The examples in the [`examples`](https://github.com/open-quantum-safe/liboqs-go/tree/main/examples) directory are -self-explanatory and provide more details about the wrapper's API. +The examples in the +[`examples`](https://github.com/open-quantum-safe/liboqs-go/tree/main/examples) +directory are self-explanatory and provide more details about the wrapper's +API. --- ## Documentation -The `liboqs-go` wrapper is fully documented using the Go standard documentation conventions. For example, to read the -full documentation about the `oqs.Signature.Verify` method, execute from inside the `liboqs-go` directory +The `liboqs-go` wrapper is fully documented using the Go standard documentation +conventions. For example, to read the full documentation about the +`oqs.Signature.Verify` method, execute from inside the `liboqs-go` directory ```shell go doc liboqs-go/oqs.Signature.Verify @@ -214,14 +258,15 @@ go doc liboqs-go/oqs/rand.RandomBytes For automatically-generated documentation in HTML format, click [here](https://pkg.go.dev/github.com/open-quantum-safe/liboqs-go/oqs). -For the RNG-related documentation, click [here](https://pkg.go.dev/github.com/open-quantum-safe/liboqs-go/oqs/rand). +For the RNG-related documentation, click +[here](https://pkg.go.dev/github.com/open-quantum-safe/liboqs-go/oqs/rand). --- ## Docker -A self-explanatory minimalistic Docker file is provided -in [`Dockerfile`](https://github.com/open-quantum-safe/liboqs-go/tree/main/Dockerfile). +A self-explanatory minimalistic Docker file is provided in +[`Dockerfile`](https://github.com/open-quantum-safe/liboqs-go/tree/main/Dockerfile). Build the image by executing @@ -241,61 +286,72 @@ Or, run the unit tests with docker run -it oqs-go sh -c "cd liboqs-go && go test -v ./oqstests" ``` -In case you want to use the Docker container as a development environment, mount your current project in the Docker -container with +In case you want to use the Docker container as a development environment, +mount your current project in the Docker container with ```shell -docker run --rm -it --workdir=/app -v ${PWD}:/app oqs-go /bin/bash +docker run --rm -it --workdir=/app -v ${PWD}:/app oqs-go /bin/bash ``` --- ## Limitations and security -liboqs is designed for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant -algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical -or quantum computers. - -We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying -potentially quantum-resistant algorithms. liboqs does not intend to "pick winners", and we strongly recommend that -applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum -cryptography. - -We acknowledge that some parties may want to begin deploying post-quantum cryptography prior to the conclusion of the -NIST standardization project. We strongly recommend that any attempts to do make use of so-called -**hybrid cryptography**, in which post-quantum public-key algorithms are used alongside traditional public key -algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional +liboqs is designed for prototyping and evaluating quantum-resistant +cryptography. Security of proposed quantum-resistant algorithms may rapidly +change as research advances, and may ultimately be completely insecure against +either classical or quantum computers. + +We believe that the NIST Post-Quantum Cryptography standardization project is +currently the best avenue to identifying potentially quantum-resistant +algorithms. liboqs does not intend to "pick winners", and we strongly recommend +that applications and protocols rely on the outcomes of the NIST +standardization project when deploying post-quantum cryptography. + +We acknowledge that some parties may want to begin deploying post-quantum +cryptography prior to the conclusion of the NIST standardization project. We +strongly recommend that any attempts to do make use of so-called +**hybrid cryptography**, in which post-quantum public-key algorithms are used +alongside traditional public key algorithms (like RSA or elliptic curves) so +that the solution is at least no less secure than existing traditional cryptography. Just like liboqs, liboqs-go is provided "as is", without warranty of any kind. -See [LICENSE](https://github.com/open-quantum-safe/liboqs-go/blob/main/LICENSE) for the full disclaimer. +See [LICENSE](https://github.com/open-quantum-safe/liboqs-go/blob/main/LICENSE) +for the full disclaimer. --- ## License liboqs-go is licensed under the MIT License; -see [LICENSE](https://github.com/open-quantum-safe/liboqs-go/blob/main/LICENSE) for details. +see [LICENSE](https://github.com/open-quantum-safe/liboqs-go/blob/main/LICENSE) +for details. --- ## Team -The Open Quantum Safe project is led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) -and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/) at the University of Waterloo. +The Open Quantum Safe project is led by +[Douglas Stebila](https://www.douglas.stebila.ca/research/) and +[Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/) at the University of +Waterloo. -liboqs-go was developed by [Vlad Gheorghiu](https://vsoftco.github.io) at softwareQ Inc. and University of Waterloo. +liboqs-go was developed by [Vlad Gheorghiu](https://vsoftco.github.io) at +[softwareQ Inc.](https://www.softwareq.ca) and at the University of Waterloo. --- ## Support -Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian -Centre for Cyber Security. +Financial support for the development of Open Quantum Safe has been provided by +Amazon Web Services and the Canadian Centre for Cyber Security. -We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source -code to OQS, including Amazon Web Services, evolutionQ, softwareQ, and Microsoft Research. +We'd like to make a special acknowledgement to the companies who have dedicated +programmer time to contribute source code to OQS, including Amazon Web +Services, evolutionQ, softwareQ, and Microsoft Research. -Research projects which developed specific components of OQS have been supported by various research grants, including -funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding -acknowledgments. +Research projects which developed specific components of OQS have been +supported by various research grants, including funding from the Natural +Sciences and Engineering Research Council of Canada (NSERC); see the source +papers for funding acknowledgments. diff --git a/RELEASE.md b/RELEASE.md index 9c20b86..4baae0a 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,31 +1,35 @@ -# liboqs-go version 0.9.0 +# liboqs-go version 0.10.0 --- ## About -The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More -information on OQS can be found on our website https://openquantumsafe.org/ and on GitHub -at https://github.com/open-quantum-safe/. +The **Open Quantum Safe (OQS) project** has the goal of developing and +prototyping quantum-resistant cryptography. More information on OQS can be +found on our website https://openquantumsafe.org/ and on GitHub at +https://github.com/open-quantum-safe/. -**liboqs** is an open source C library for quantum-resistant cryptographic algorithms. See more about liboqs -at [https://github.com/open-quantum-safe/liboqs/](https://github.com/open-quantum-safe/liboqs/), including a list of -supported algorithms. +**liboqs** is an open source C library for quantum-resistant cryptographic +algorithms. See more about liboqs at +[https://github.com/open-quantum-safe/liboqs/](https://github.com/open-quantum-safe/liboqs/), +including a list of supported algorithms. -**liboqs-go** is an open source Go wrapper for the liboqs C library for quantum-resistant cryptographic algorithms. -Details about liboqs-go can be found in [README.md](https://github.com/open-quantum-safe/liboqs-go/blob/main/README.md). +**liboqs-go** is an open source Go wrapper for the liboqs C library for +quantum-resistant cryptographic algorithms. Details about liboqs-go can be +found in +[README.md](https://github.com/open-quantum-safe/liboqs-go/blob/main/README.md). See in particular limitations on intended use. --- ## Release notes -This release of liboqs-go was released on October 30, 2023. Its release page on -GitHub is https://github.com/open-quantum-safe/liboqs-go/releases/tag/0.9.0. +This release of liboqs-go was released on March 27, 2024. Its release page on +GitHub is https://github.com/open-quantum-safe/liboqs-go/releases/tag/0.10.0. --- ## What's New -This is the 12th release of liboqs-go. For a list of changes -see [CHANGES.txt](https://github.com/open-quantum-safe/liboqs-go/blob/main/CHANGES.txt). +This is the 13th release of liboqs-go. For a list of changes see +[CHANGES.md](https://github.com/open-quantum-safe/liboqs-go/blob/main/CHANGES.md). diff --git a/examples/client_server_kem/client/client_kem.go b/examples/client_server_kem/client/client_kem.go index 636d401..2ac21a1 100644 --- a/examples/client_server_kem/client/client_kem.go +++ b/examples/client_server_kem/client/client_kem.go @@ -1,4 +1,4 @@ -// key encapsulation TCP client Go example +// Key encapsulation TCP client Go example package main import ( @@ -29,11 +29,11 @@ func main() { } defer conn.Close() // clean up even in case of panic - // construct the KEM client + // Construct the KEM client client := oqs.KeyEncapsulation{} defer client.Clean() // clean up even in case of panic - // receive the KEM name from the server + // Receive the KEM name from the server kemName, err := bufio.NewReader(conn).ReadString('\n') if err != nil { log.Fatal(errors.New("client cannot receive the " + @@ -41,7 +41,7 @@ func main() { } kemName = kemName[:len(kemName)-1] // remove the '\n' - // initialize the KEM client and generate the key pairs + // Initialize the KEM client and generate the key pairs if err := client.Init(kemName, nil); err != nil { log.Fatal(err) } @@ -50,14 +50,14 @@ func main() { log.Fatal(err) } - // send the client public key to the server + // Send the client public key to the server _, err = conn.Write(clientPublicKey) if err != nil { log.Fatal(errors.New("client cannot send the public key to the " + "server")) } - // listen for reply from the server, e.g. for the encapsulated secret + // Listen for reply from the server, e.g. for the encapsulated secret ciphertext := make([]byte, client.Details().LengthCiphertext) n, err := io.ReadFull(conn, ciphertext) if err != nil { @@ -68,7 +68,7 @@ func main() { "read " + fmt.Sprintf("%v", n))) } - // decapsulate the secret and extract the shared secret + // Decapsulate the secret and extract the shared secret sharedSecretClient, err := client.DecapSecret(ciphertext) if err != nil { log.Fatal(err) diff --git a/examples/client_server_kem/server/server_kem.go b/examples/client_server_kem/server/server_kem.go index 8318324..2898a32 100644 --- a/examples/client_server_kem/server/server_kem.go +++ b/examples/client_server_kem/server/server_kem.go @@ -1,4 +1,4 @@ -// key encapsulation TCP server Go example +// Key encapsulation TCP server Go example package main import ( @@ -63,13 +63,13 @@ func main() { if err != nil { log.Fatal(err) } - // listen indefinitely (until explicitly stopped, e.g. with CTRL+C in UNIX) + // Listen indefinitely (until explicitly stopped, e.g. with CTRL+C in UNIX) for { conn, err := ln.Accept() if err != nil { log.Fatal(err) } - // handle connections concurrently + // Handle connections concurrently go handleConnection(conn, kemName) } } @@ -77,20 +77,20 @@ func main() { func handleConnection(conn net.Conn, kemName string) { defer conn.Close() // clean up even in case of panic - // send KEM name to client first + // Send KEM name to client first _, err := fmt.Fprintln(conn, kemName) if err != nil { log.Fatal(errors.New("server cannot send the KEM name to the client")) } - // construct and initialize the KEM server + // Construct and initialize the KEM server server := oqs.KeyEncapsulation{} defer server.Clean() // clean up even in case of panic if err := server.Init(kemName, nil); err != nil { log.Fatal(err) } - // read the public key sent by the client + // Read the public key sent by the client clientPublicKey := make([]byte, server.Details().LengthPublicKey) n, err := io.ReadFull(conn, clientPublicKey) if err != nil { @@ -101,13 +101,13 @@ func handleConnection(conn net.Conn, kemName string) { "read " + fmt.Sprintf("%v", n))) } - // encapsulate the secret + // Encapsulate the secret ciphertext, sharedSecretServer, err := server.EncapSecret(clientPublicKey) if err != nil { log.Fatal(err) } - // then send ciphertext to client and close the connection + // Then send ciphertext to client and close the connection n, err = conn.Write(ciphertext) if err != nil { log.Fatal(err) @@ -120,6 +120,6 @@ func handleConnection(conn net.Conn, kemName string) { counter.Val(), sharedSecretServer[0:8], sharedSecretServer[len(sharedSecretServer)-8:]) - // increment the connection number + // Increment the connection number counter.Add() } diff --git a/examples/kem/kem.go b/examples/kem/kem.go index 1c96d0e..ed804e0 100644 --- a/examples/kem/kem.go +++ b/examples/kem/kem.go @@ -1,4 +1,4 @@ -// key encapsulation Go example +// Key encapsulation Go example package main import ( diff --git a/examples/rand/rand.go b/examples/rand/rand.go index 375673a..c966388 100644 --- a/examples/rand/rand.go +++ b/examples/rand/rand.go @@ -1,4 +1,4 @@ -// various RNGs Go example +// Various RNGs Go example package main import ( @@ -7,7 +7,6 @@ import ( "runtime" "github.com/open-quantum-safe/liboqs-go/oqs" - oqsrand "github.com/open-quantum-safe/liboqs-go/oqs/rand" // RNG support ) @@ -23,21 +22,20 @@ func CustomRNG(randomArray []byte, bytesToRead int) { func main() { fmt.Println("liboqs version: " + oqs.LiboqsVersion()) + if err := oqsrand.RandomBytesSwitchAlgorithm("system"); err != nil { + log.Fatal(err) + } + fmt.Printf("%18s% X\n", "System (default): ", oqsrand.RandomBytes(32)) if err := oqsrand.RandomBytesCustomAlgorithm(CustomRNG); err != nil { log.Fatal(err) } fmt.Printf("%-18s% X\n", "Custom RNG: ", oqsrand.RandomBytes(32)) - // we do not yet support OpenSSL under Windows + // We do not yet support OpenSSL under Windows if runtime.GOOS != "windows" { if err := oqsrand.RandomBytesSwitchAlgorithm("OpenSSL"); err != nil { log.Fatal(err) } fmt.Printf("%-18s% X\n", "OpenSSL: ", oqsrand.RandomBytes(32)) } - - if err := oqsrand.RandomBytesSwitchAlgorithm("system"); err != nil { - log.Fatal(err) - } - fmt.Printf("%18s% X\n", "System (default): ", oqsrand.RandomBytes(32)) } diff --git a/examples/sig/sig.go b/examples/sig/sig.go index f1780b6..4d8d22f 100644 --- a/examples/sig/sig.go +++ b/examples/sig/sig.go @@ -1,4 +1,4 @@ -// signature Go example +// Signature Go example package main import ( diff --git a/oqs/oqs.go b/oqs/oqs.go index 30e562f..7e5fc1d 100644 --- a/oqs/oqs.go +++ b/oqs/oqs.go @@ -2,7 +2,7 @@ package oqs // import "github.com/open-quantum-safe/liboqs-go/oqs" /* -#cgo pkg-config: liboqs +#cgo pkg-config: liboqs-go #include */ import "C" @@ -188,7 +188,8 @@ func (kem *KeyEncapsulation) ExportSecretKey() []byte { // EncapSecret encapsulates a secret using a public key and returns the // corresponding ciphertext and shared secret. func (kem *KeyEncapsulation) EncapSecret(publicKey []byte) (ciphertext, - sharedSecret []byte, err error) { + sharedSecret []byte, err error, +) { if len(publicKey) != kem.algDetails.LengthPublicKey { return nil, nil, errors.New("incorrect public key length") } @@ -218,7 +219,6 @@ func (kem *KeyEncapsulation) DecapSecret(ciphertext []byte) ([]byte, error) { if len(kem.secretKey) != kem.algDetails.LengthSecretKey { return nil, errors.New("incorrect secret key length, make sure you " + "specify one in Init() or run GenerateKeyPair()") - } sharedSecret := make([]byte, kem.algDetails.LengthSharedSecret) @@ -428,7 +428,8 @@ func (sig *Signature) Sign(message []byte) ([]byte, error) { // Verify verifies the validity of a signed message, returning true if the // signature is valid, and false otherwise. func (sig *Signature) Verify(message []byte, signature []byte, - publicKey []byte) (bool, error) { + publicKey []byte, +) (bool, error) { if len(publicKey) != sig.algDetails.LengthPublicKey { return false, errors.New("incorrect public key length") } diff --git a/oqs/rand/rand.go b/oqs/rand/rand.go index b0edd46..7073056 100644 --- a/oqs/rand/rand.go +++ b/oqs/rand/rand.go @@ -4,7 +4,7 @@ package rand // import "github.com/open-quantum-safe/liboqs-go/oqs/rand" /**************** Callbacks ****************/ /* -#cgo pkg-config: liboqs +#cgo pkg-config: liboqs-go #include typedef void (*algorithm_ptr)(uint8_t*, size_t); void algorithmPtr_cgo(uint8_t*, size_t); @@ -63,7 +63,7 @@ func RandomBytesInPlace(randomArray []byte, bytesToRead int) { } // RandomBytesSwitchAlgorithm switches the core OQS_randombytes to use the -// specified algorithm. Possible values are "system", "NIST-KAT", "OpenSSL". +// specified algorithm. Possible values are "system" and "OpenSSL". // See liboqs header for more details. func RandomBytesSwitchAlgorithm(algName string) error { if C.OQS_randombytes_switch_algorithm(C.CString(algName)) != C.OQS_SUCCESS { diff --git a/oqstests/kem_test.go b/oqstests/kem_test.go index 93d4ef8..2976a89 100644 --- a/oqstests/kem_test.go +++ b/oqstests/kem_test.go @@ -3,13 +3,13 @@ package oqstests import ( "bytes" - "github.com/open-quantum-safe/liboqs-go/oqs/rand" "log" "runtime" "sync" "testing" "github.com/open-quantum-safe/liboqs-go/oqs" + "github.com/open-quantum-safe/liboqs-go/oqs/rand" ) // disabledKEMPatterns lists KEMs for which unit testing is disabled @@ -33,7 +33,7 @@ func testKEMCorrectness(kemName string, threading bool, t *testing.T) { var client, server oqs.KeyEncapsulation defer client.Clean() defer server.Clean() - // ignore potential errors everywhere + // Ignore potential errors everywhere _ = client.Init(kemName, nil) _ = server.Init(kemName, nil) clientPublicKey, _ := client.GenerateKeyPair() @@ -54,7 +54,7 @@ func testKEMWrongCiphertext(kemName string, threading bool, t *testing.T) { var client, server oqs.KeyEncapsulation defer client.Clean() defer server.Clean() - // ignore potential errors everywhere + // Ignore potential errors everywhere _ = client.Init(kemName, nil) _ = server.Init(kemName, nil) clientPublicKey, _ := client.GenerateKeyPair() @@ -69,19 +69,19 @@ func testKEMWrongCiphertext(kemName string, threading bool, t *testing.T) { // TestKeyEncapsulationCorrectness tests the correctness of all enabled KEMs. func TestKeyEncapsulationCorrectness(t *testing.T) { - // disable some KEMs in macOS/OSX + // Disable some KEMs in macOS/OSX if runtime.GOOS == "darwin" { disabledKEMPatterns = []string{"Classic-McEliece", "HQC-256"} } - // disable some KEMs in OpenIndiana + // Disable some KEMs in OpenIndiana if runtime.GOOS == "illumos" { disabledKEMPatterns = []string{"Classic-McEliece"} } - // disable some KEMs in Windows + // Disable some KEMs in Windows if runtime.GOOS == "windows" { disabledKEMPatterns = []string{"Classic-McEliece"} } - // first test KEMs that belong to noThreadKEMPatterns[] in the main + // First test KEMs that belong to noThreadKEMPatterns[] in the main // goroutine, due to issues with stack size being too small in macOS or // Windows cnt := 0 @@ -96,7 +96,7 @@ func TestKeyEncapsulationCorrectness(t *testing.T) { testKEMCorrectness(kemName, false, t) } } - // test the remaining KEMs in separate goroutines + // Test the remaining KEMs in separate goroutines wgKEMCorrectness.Add(len(oqs.EnabledKEMs()) - cnt) for _, kemName := range oqs.EnabledKEMs() { if stringMatchSlice(kemName, disabledKEMPatterns) { @@ -115,15 +115,15 @@ func TestKeyEncapsulationWrongCiphertext(t *testing.T) { if runtime.GOOS == "darwin" { disabledKEMPatterns = []string{"Classic-McEliece", "HQC-256"} } - // disable some KEMs in OpenIndiana + // Disable some KEMs in OpenIndiana if runtime.GOOS == "illumos" { disabledKEMPatterns = []string{"Classic-McEliece"} } - // disable some KEMs in Windows + // Disable some KEMs in Windows if runtime.GOOS == "windows" { disabledKEMPatterns = []string{"Classic-McEliece"} } - // first test KEMs that belong to noThreadKEMPatterns[] in the main + // First test KEMs that belong to noThreadKEMPatterns[] in the main // goroutine, due to issues with stack size being too small in macOS or // Windows cnt := 0 @@ -132,13 +132,13 @@ func TestKeyEncapsulationWrongCiphertext(t *testing.T) { cnt++ continue } - // issues with stack size being too small + // Issues with stack size being too small if stringMatchSlice(kemName, noThreadKEMPatterns) { cnt++ testKEMWrongCiphertext(kemName, false, t) } } - // test the remaining KEMs in separate goroutines + // Test the remaining KEMs in separate goroutines wgKEMWrongCiphertext.Add(len(oqs.EnabledKEMs()) - cnt) for _, kemName := range oqs.EnabledKEMs() { if stringMatchSlice(kemName, disabledKEMPatterns) { diff --git a/oqstests/sig_test.go b/oqstests/sig_test.go index 05d0aba..1dbda39 100644 --- a/oqstests/sig_test.go +++ b/oqstests/sig_test.go @@ -6,9 +6,8 @@ import ( "sync" "testing" - "github.com/open-quantum-safe/liboqs-go/oqs/rand" - "github.com/open-quantum-safe/liboqs-go/oqs" + "github.com/open-quantum-safe/liboqs-go/oqs/rand" ) // disabledSigPatterns lists sigs for which unit testing is disabled @@ -35,7 +34,7 @@ func testSigCorrectness(sigName string, msg []byte, threading bool, t *testing.T var signer, verifier oqs.Signature defer signer.Clean() defer verifier.Clean() - // ignore potential errors everywhere + // Ignore potential errors everywhere _ = signer.Init(sigName, nil) _ = verifier.Init(sigName, nil) pubKey, _ := signer.GenerateKeyPair() @@ -56,7 +55,7 @@ func testSigWrongSignature(sigName string, msg []byte, threading bool, t *testin var signer, verifier oqs.Signature defer signer.Clean() defer verifier.Clean() - // ignore potential errors everywhere + // Ignore potential errors everywhere _ = signer.Init(sigName, nil) _ = verifier.Init(sigName, nil) pubKey, _ := signer.GenerateKeyPair() @@ -78,7 +77,7 @@ func testSigWrongPublicKey(sigName string, msg []byte, threading bool, t *testin var signer, verifier oqs.Signature defer signer.Clean() defer verifier.Clean() - // ignore potential errors everywhere + // Ignore potential errors everywhere _ = signer.Init(sigName, nil) _ = verifier.Init(sigName, nil) pubKey, _ := signer.GenerateKeyPair() @@ -93,16 +92,16 @@ func testSigWrongPublicKey(sigName string, msg []byte, threading bool, t *testin // TestSignatureCorrectness tests all enabled signatures. func TestSignatureCorrectness(t *testing.T) { - // disable some sigs in macOS/OSX + // Disable some sigs in macOS/OSX if runtime.GOOS == "darwin" { disabledSigPatterns = []string{"Rainbow-III", "Rainbow-V"} } - // disable some sigs in Windows + // Disable some sigs in Windows if runtime.GOOS == "windows" { disabledSigPatterns = []string{"Rainbow-V"} } msg := []byte("This is our favourite message to sign") - // first test sigs that belong to noThreadSigPatterns[] in the main + // First test sigs that belong to noThreadSigPatterns[] in the main // goroutine, due to issues with stack size being too small in macOS or // Windows cnt := 0 @@ -111,13 +110,13 @@ func TestSignatureCorrectness(t *testing.T) { cnt++ continue } - // issues with stack size being too small + // Issues with stack size being too small if stringMatchSlice(sigName, noThreadSigPatterns) { cnt++ testSigCorrectness(sigName, msg, false, t) } } - // test the remaining sigs in separate goroutines + // Test the remaining sigs in separate goroutines wgSigCorrectness.Add(len(oqs.EnabledSigs()) - cnt) for _, sigName := range oqs.EnabledSigs() { if stringMatchSlice(sigName, disabledSigPatterns) { @@ -133,16 +132,16 @@ func TestSignatureCorrectness(t *testing.T) { // TestSignatureWrongSignature tests the wrong signature regime of all enabled // signatures. func TestSignatureWrongSignature(t *testing.T) { - // disable some sigs in macOS/OSX + // Disable some sigs in macOS/OSX if runtime.GOOS == "darwin" { disabledSigPatterns = []string{"Rainbow-III", "Rainbow-V"} } - // disable some sigs in Windows + // Disable some sigs in Windows if runtime.GOOS == "windows" { disabledSigPatterns = []string{"Rainbow-V"} } msg := []byte("This is our favourite message to sign") - // first test sigs that belong to noThreadSigPatterns[] in the main + // First test sigs that belong to noThreadSigPatterns[] in the main // goroutine, due to issues with stack size being too small in macOS or // Windows cnt := 0 @@ -151,13 +150,13 @@ func TestSignatureWrongSignature(t *testing.T) { cnt++ continue } - // issues with stack size being too small + // Issues with stack size being too small if stringMatchSlice(sigName, noThreadSigPatterns) { cnt++ testSigWrongSignature(sigName, msg, false, t) } } - // test the remaining sigs in separate goroutines + // Test the remaining sigs in separate goroutines wgSigWrongSignature.Add(len(oqs.EnabledSigs()) - cnt) for _, sigName := range oqs.EnabledSigs() { if stringMatchSlice(sigName, disabledSigPatterns) { @@ -174,16 +173,16 @@ func TestSignatureWrongSignature(t *testing.T) { // TestSignatureWrongPublicKey tests the wrong public key regime of all // enabled signatures. func TestSignatureWrongPublicKey(t *testing.T) { - // disable some sigs in macOS/OSX + // Disable some sigs in macOS/OSX if runtime.GOOS == "darwin" { disabledSigPatterns = []string{"Rainbow-III", "Rainbow-V"} } - // disable some sigs in Windows + // Disable some sigs in Windows if runtime.GOOS == "windows" { disabledSigPatterns = []string{"Rainbow-V"} } msg := []byte("This is our favourite message to sign") - // first test sigs that belong to noThreadSigPatterns[] in the main + // First test sigs that belong to noThreadSigPatterns[] in the main // goroutine, due to issues with stack size being too small in macOS or // Windows cnt := 0 @@ -192,13 +191,13 @@ func TestSignatureWrongPublicKey(t *testing.T) { cnt++ continue } - // issues with stack size being too small + // Issues with stack size being too small if stringMatchSlice(sigName, noThreadSigPatterns) { cnt++ testSigWrongPublicKey(sigName, msg, false, t) } } - // test the remaining sigs in separate goroutines + // Test the remaining sigs in separate goroutines wgSigWrongPublicKey.Add(len(oqs.EnabledSigs()) - cnt) for _, sigName := range oqs.EnabledSigs() { if stringMatchSlice(sigName, disabledSigPatterns) {