Make internal API available to (only) test programs

CMakeLists.txt

@@ -139,13 +139,15 @@ endif()
 set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h
                    ${PROJECT_SOURCE_DIR}/src/common/common.h
                    ${PROJECT_SOURCE_DIR}/src/common/rand/rand.h
-                   ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
-                   ${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
-                   ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
-                   ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h
                    ${PROJECT_SOURCE_DIR}/src/kem/kem.h
                    ${PROJECT_SOURCE_DIR}/src/sig/sig.h)
 
+set(INTERNAL_HEADERS ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
+                     ${PROJECT_SOURCE_DIR}/src/common/rand/rand_nist.h
+                     ${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
+                     ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
+                     ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h)
+
 if(${OQS_ENABLE_KEM_BIKE})
     set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/bike/kem_bike.h)
 endif()
@@ -177,6 +179,7 @@ endif()
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
 execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
 execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
+execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
 configure_file(src/oqsconfig.h.cmake ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
 set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
 

docs/.Doxyfile

@@ -876,9 +876,6 @@ WARN_LOGFILE           =
 
 INPUT                  = src/common/common.h \
                          src/common/rand/rand.h \
-                         src/common/aes/aes.h \
-                         src/common/sha2/sha2.h \
-                         src/common/sha3/sha3.h \
                          src/kem/kem.h \
                          src/sig/sig.h \
                          README.md \

src/CMakeLists.txt

@@ -53,21 +53,32 @@ add_library(oqs kem/kem.c
                 sig/sig.c
                 ${SIG_OBJS}
                 ${COMMON_OBJS})
+
+# Internal library to be used only by test programs
+add_library(oqs-internal ${INTERNAL_OBJS})
+
 set(COMMON_OBJS ${COMMON_OBJS} PARENT_SCOPE)
-set(_ALL_OBJS ${KEM_OBJS} ${SIG_OBJS} ${COMMON_OBJS} $<TARGET_OBJECTS:oqs>)
-set(ALL_OBJS ${_ALL_OBJS} PARENT_SCOPE)
 if(DEFINED SANITIZER_LD_FLAGS)
     target_link_libraries(oqs PUBLIC ${SANITIZER_LD_FLAGS})
+    target_link_libraries(oqs-internal PUBLIC ${SANITIZER_LD_FLAGS})
 endif()
 if(${OQS_USE_OPENSSL})
     target_link_libraries(oqs PRIVATE ${OPENSSL_CRYPTO_LIBRARY})
+    target_link_libraries(oqs-internal PRIVATE ${OPENSSL_CRYPTO_LIBRARY})
 endif()
 
 target_include_directories(oqs
                            PUBLIC
                            "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>"
                            "$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>"
 )
+
+target_include_directories(oqs-internal
+                           PUBLIC
+                           "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>"
+                           "$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>"
+)
+
 set_target_properties(oqs
     PROPERTIES
     ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
@@ -77,6 +88,14 @@ set_target_properties(oqs
     # For Windows DLLs
     RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin")
 
+set_target_properties(oqs-internal
+    PROPERTIES
+    C_VISIBILITY_PRESET default
+    ARCHIVE_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
+    LIBRARY_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/lib"
+    # For Windows DLLs
+    RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}/bin")
+
 configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/Config.cmake.in
   "${CMAKE_CURRENT_BINARY_DIR}/liboqsConfig.cmake"
   INSTALL_DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/liboqs

src/common/CMakeLists.txt

@@ -4,6 +4,7 @@ include(CheckSymbolExists)
 
 # initialize to avoid --warn-uninitialized report
 set(_COMMON_OBJS "")
+set(_INTERNAL_OBJS "")
 
 if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR
    CMAKE_C_COMPILER_ID MATCHES "Clang")
@@ -75,22 +76,32 @@ add_library(common OBJECT ${AES_IMPL}
                           ${SHA3_IMPL}
                           ${OSSL_HELPERS}
                           common.c
-                          pqclean_shims/nistseedexpander.c
                           pqclean_shims/fips202.c
                           pqclean_shims/fips202x4.c
-                          rand/rand.c
-                          rand/rand_nist.c)
+                          rand/rand.c)
+
+# Implementations of the internal API to be exposed to test programs
+add_library(internal OBJECT ${AES_IMPL}
+                            ${SHA2_IMPL}
+                            ${SHA3_IMPL}
+                            ${OSSL_HELPERS}
+                            common.c
+                            rand/rand_nist.c)
+set_property(TARGET internal PROPERTY C_VISIBILITY_PRESET default)
 
 if(${OQS_USE_OPENSSL})
     target_include_directories(common PRIVATE ${OPENSSL_INCLUDE_DIR})
+    target_include_directories(internal PRIVATE ${OPENSSL_INCLUDE_DIR})
 else()
     check_symbol_exists(getentropy "unistd.h;sys/random.h" CMAKE_HAVE_GETENTROPY)
     if(${CMAKE_HAVE_GETENTROPY})
         target_compile_definitions(common PRIVATE OQS_HAVE_GETENTROPY)
+        target_compile_definitions(internal PRIVATE OQS_HAVE_GETENTROPY)
     endif()
 endif()
 if(CMAKE_USE_PTHREADS_INIT)
     target_link_libraries(common PRIVATE Threads::Threads)
+    target_link_libraries(internal PRIVATE Threads::Threads)
 endif()
 
 # check available functions to perform aligned mallocs
@@ -100,14 +111,17 @@ check_symbol_exists(memalign malloc.h CMAKE_HAVE_MEMALIGN)
 
 if(CMAKE_HAVE_ALIGNED_ALLOC)
     target_compile_definitions(common PRIVATE OQS_HAVE_ALIGNED_ALLOC)
+    target_compile_definitions(internal PRIVATE OQS_HAVE_ALIGNED_ALLOC)
 endif()
 
 if(CMAKE_HAVE_POSIX_MEMALIGN)
     target_compile_definitions(common PRIVATE OQS_HAVE_POSIX_MEMALIGN)
+    target_compile_definitions(internal PRIVATE OQS_HAVE_POSIX_MEMALIGN)
 endif()
 
 if(CMAKE_HAVE_MEMALIGN)
     target_compile_definitions(common PRIVATE OQS_HAVE_MEMALIGN)
+    target_compile_definitions(internal PRIVATE OQS_HAVE_MEMALIGN)
 endif()
 
 # check if explicit_bzero exists or memset_s
@@ -116,15 +130,20 @@ check_symbol_exists(memset_s string.h CMAKE_HAVE_MEMSET_S)
 
 if(CMAKE_HAVE_EXPLICIT_BZERO)
     target_compile_definitions(common PRIVATE OQS_HAVE_EXPLICIT_BZERO)
+    target_compile_definitions(internal PRIVATE OQS_HAVE_EXPLICIT_BZERO)
 endif()
 
 if(CMAKE_HAVE_MEMSET_S)
     target_compile_definitions(common PRIVATE OQS_HAVE_MEMSET_S)
+    target_compile_definitions(internal PRIVATE OQS_HAVE_MEMSET_S)
 endif()
 
 if(${OQS_ENABLE_SHA3_xkcp_low}) # using XKCP
     set(_COMMON_OBJS ${_COMMON_OBJS} ${XKCP_LOW_OBJS})
+    set(_INTERNAL_OBJS ${_INTERNAL_OBJS} ${XKCP_LOW_OBJS})
 endif()
 
 set(_COMMON_OBJS ${_COMMON_OBJS} $<TARGET_OBJECTS:common>)
 set(COMMON_OBJS ${_COMMON_OBJS} PARENT_SCOPE)
+set(_INTERNAL_OBJS ${_INTERNAL_OBJS} $<TARGET_OBJECTS:internal>)
+set(INTERNAL_OBJS ${_INTERNAL_OBJS} PARENT_SCOPE)

src/common/aes/aes.h

@@ -1,6 +1,9 @@
 /**
  * \file aes.h
- * \brief Header defining the API for OQS AES
+ * \brief Header defining the API for OQS AES; not part of the public OQS API
+ *
+ * <b>Note this is not part of the OQS public API: implementations within liboqs can use these
+ * functions, but external consumers of liboqs should not use these functions.</b>
  *
  * SPDX-License-Identifier: MIT
  */

src/common/rand/rand.c

@@ -18,7 +18,6 @@
 #include <oqs/oqs.h>
 
 void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read);
-void OQS_randombytes_nist_kat(uint8_t *random_array, size_t bytes_to_read);
 #ifdef OQS_USE_OPENSSL
 void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read);
 #endif
@@ -34,9 +33,6 @@ OQS_API OQS_STATUS OQS_randombytes_switch_algorithm(const char *algorithm) {
 	if (0 == strcasecmp(OQS_RAND_alg_system, algorithm)) {
 		oqs_randombytes_algorithm = &OQS_randombytes_system;
 		return OQS_SUCCESS;
-	} else if (0 == strcasecmp(OQS_RAND_alg_nist_kat, algorithm)) {
-		oqs_randombytes_algorithm = &OQS_randombytes_nist_kat;
-		return OQS_SUCCESS;
 	} else if (0 == strcasecmp(OQS_RAND_alg_openssl, algorithm)) {
 #ifdef OQS_USE_OPENSSL
 		oqs_randombytes_algorithm = &OQS_randombytes_openssl;

src/common/rand/rand.h

@@ -20,8 +20,6 @@ extern "C" {
 
 /** Algorithm identifier for system PRNG. */
 #define OQS_RAND_alg_system "system"
-/** Algorithm identifier for NIST deterministic RNG for KATs. */
-#define OQS_RAND_alg_nist_kat "NIST-KAT"
 /** Algorithm identifier for using OpenSSL's PRNG. */
 #define OQS_RAND_alg_openssl "OpenSSL"
 
@@ -61,15 +59,6 @@ OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, s
  */
 OQS_API void OQS_randombytes(uint8_t *random_array, size_t bytes_to_read);
 
-/**
- * Initializes the NIST DRBG with a given seed and with 256-bit security.
- *
- * @param[in] entropy_input The seed; must be exactly 48 bytes
- * @param[in] personalization_string An optional personalization string;
- * may be NULL; if not NULL, must be at least 48 bytes long
- */
-OQS_API void OQS_randombytes_nist_kat_init_256bit(const uint8_t *entropy_input, const uint8_t *personalization_string);
-
 #if defined(__cplusplus)
 } // extern "C"
 #endif