diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake index 06f8178c4..12fd384b7 100644 --- a/.CMake/alg_support.cmake +++ b/.CMake/alg_support.cmake @@ -368,3 +368,42 @@ if(ARCH STREQUAL "x86_64" AND OQS_USE_AVX2_INSTRUCTIONS) cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake256_256s_simple_avx2 "" ON "OQS_ENABLE_SIG_sphincs_shake256_256s_simple" OFF) endif() ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END + +if(OQS_MINIMAL_BUILD) + # Set every OQS_ENABLE_* variable =OFF unless it one of the following. + # 1. the switch for the default algorithm's family, e.g OQS_ENABLE_KEM_KYBER + # 2. the switch for the default algorithm, e.g. OQS_ENABLE_KEM_kyber_768. + # 3. the switch for platform-specific ("_aesni" or "_avx2") implementation of + # the default algorithm, e.g. OQS_ENABLE_KEM_kyber_768_avx2. + + string(REPLACE "OQS_KEM_alg_" "OQS_ENABLE_KEM_" default_kem_switch ${OQS_KEM_DEFAULT}) + string(REPLACE "OQS_SIG_alg_" "OQS_ENABLE_SIG_" default_sig_switch ${OQS_SIG_DEFAULT}) + string(TOUPPER ${default_kem_switch} default_kem_switch_upper) # The default kem's family is a prefix of this string. + string(TOUPPER ${default_sig_switch} default_sig_switch_upper) + + get_cmake_property(_vars VARIABLES) + foreach (_var ${_vars}) + if(_var MATCHES "^OQS_ENABLE_..._" AND NOT _var MATCHES "_AVAILABLE$") + set(${_var} OFF) + # Case 1, family name + if(${default_kem_switch_upper} MATCHES "^${_var}" + OR ${default_sig_switch_upper} MATCHES "^${_var}") + set(${_var} ON) + endif() + # Case 2, exact match + if(${_var}X STREQUAL ${default_kem_switch}X + OR ${_var}X STREQUAL ${default_sig_switch}X) + set(${_var} ON) + endif() + # Case 3, platform specific + string(REPLACE "_aesni" "" _var_base ${_var}) + string(REPLACE "_avx2" "" _var_base ${_var_base}) + if(${_var}_AVAILABLE) + if(${_var_base}X STREQUAL ${default_kem_switch}X + OR ${_var_base}X STREQUAL ${default_sig_switch}X) + set(${_var} ON) + endif() + endif() + endif() + endforeach() +endif() diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake index baf593dd3..44d8d4469 100644 --- a/.CMake/compiler_opts.cmake +++ b/.CMake/compiler_opts.cmake @@ -1,8 +1,5 @@ # SPDX-License-Identifier: MIT -option(OQS_PORTABLE_BUILD "Ensure the resulting library is portable. This implies having run-time checks for CPU extensions." ON) -option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF) - if(CMAKE_C_COMPILER_ID MATCHES "Clang") add_compile_options(-Werror) add_compile_options(-Wall) diff --git a/.circleci/config.yml b/.circleci/config.yml index d9a271ba8..d7c06d548 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,6 +4,17 @@ require_stylecheck: &require_stylecheck requires: - stylecheck +require_buildcheck: &require_buildcheck + requires: + - stylecheck + - buildcheck + +require_testapproval: &require_testapproval + requires: + - stylecheck + - buildcheck + - testapproval + # CircleCI doesn't handle large file sets properly for local builds # https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 localCheckout: &localCheckout @@ -32,6 +43,34 @@ jobs: name: Check that doxygen can parse the documentation command: mkdir -p build/docs && doxygen docs/.Doxyfile + buildcheck: + description: Test that we can build a single KEM/Signature pair as part of a minimal build. + parameters: + CONTAINER: + description: "The docker container to use." + type: string + CMAKE_ARGS: + description: "Arguments to pass to CMake." + type: string + default: '' + KEM_NAME: + description: "The KEM to build." + type: string + SIG_NAME: + description: "The signature scheme to build." + type: string + docker: + - image: << parameters.CONTAINER >> + steps: + - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally + - run: + name: Configure + command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> -DOQS_MINIMAL_BUILD=ON -DOQS_KEM_DEFAULT=OQS_KEM_alg_<< parameters.KEM_NAME >> -DOQS_SIG_DEFAULT=OQS_SIG_alg_<< parameters.SIG_NAME >> .. && cmake -LA .. + - run: + name: Build + command: ninja + working_directory: build + linux_x64: description: A template for running liboqs tests on x64 Linux Docker VMs parameters: @@ -204,52 +243,67 @@ workflows: equal: [ main, << pipeline.git.branch >> ] jobs: - stylecheck - - linux_x64: + - buildcheck: <<: *require_stylecheck + context: openquantumsafe + CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest + KEM_NAME: kyber_768 + SIG_NAME: dilithium_3 + - testapproval: + <<: *require_buildcheck + type: approval + - linux_x64: + <<: *require_buildcheck name: alpine-noopenssl context: openquantumsafe CONTAINER: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=OFF - linux_x64: - <<: *require_stylecheck + <<: *require_buildcheck name: alpine context: openquantumsafe CONTAINER: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON + # Disabling centos-8 and debian-buster. + # Re-enable if specific configurations (package versions etc) that need to be tested are identified. + #- linux_x64: + # <<: *require_buildcheck + # name: centos-8 + # context: openquantumsafe + # CONTAINER: openquantumsafe/ci-centos-8-amd64:latest + # CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Release -DOQS_PORTABLE_BUILD=OFF + #- linux_x64: + # <<: *require_buildcheck + # name: debian-buster + # context: openquantumsafe + # CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest - linux_x64: - <<: *require_stylecheck - name: centos-8 - context: openquantumsafe - CONTAINER: openquantumsafe/ci-centos-8-amd64:latest - CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Release -DOQS_PORTABLE_BUILD=OFF - - linux_x64: - <<: *require_stylecheck - name: debian-buster - context: openquantumsafe - CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest - - linux_x64: - <<: *require_stylecheck + <<: *require_buildcheck name: ubuntu-focal-noopenssl context: openquantumsafe CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=OFF - linux_x64: - <<: *require_stylecheck + <<: *require_buildcheck name: ubuntu-focal-shared-noopenssl context: openquantumsafe CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON PYTEST_ARGS: --ignore=tests/test_namespace.py --numprocesses=auto - linux_x64: - <<: *require_stylecheck + <<: *require_buildcheck name: ubuntu-focal-clang9 context: openquantumsafe CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 - linux_x64: - <<: *require_stylecheck + <<: *require_buildcheck name: address-sanitizer context: openquantumsafe + filters: + branches: + only: + - /^audit.*/ CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address PYTEST_ARGS: --ignore=tests/test_portability.py --numprocesses=auto @@ -266,27 +320,27 @@ workflows: # SPHINCS exhausts memory on CircleCI servers # for these configurations. - arm_emulated: - <<: *require_stylecheck + <<: *require_testapproval name: arm64 ARCH: arm64 CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF - arm_emulated: - <<: *require_stylecheck + <<: *require_testapproval name: armhf ARCH: armhf CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF - arm_emulated: - <<: *require_stylecheck + <<: *require_testapproval name: armel ARCH: armel CMAKE_ARGS: -DCMAKE_BUILD_TYPE=Release -DOQS_ENABLE_SIG_SPHINCS=OFF - macOS: - <<: *require_stylecheck + <<: *require_buildcheck name: macOS-noopenssl CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF - macOS: - <<: *require_stylecheck + <<: *require_buildcheck name: macOS-shared CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON diff --git a/CMakeLists.txt b/CMakeLists.txt index af282da07..fc87f315e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -35,9 +35,14 @@ endif() if(WIN32) set(CMAKE_GENERATOR_CC cl) endif() -include(.CMake/compiler_opts.cmake) +option(OQS_PORTABLE_BUILD "Ensure the resulting library is portable. This implies having run-time checks for CPU extensions." ON) +option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF) +option(OQS_MINIMAL_BUILD "Only build the default KEM and Signature schemes." OFF) + +include(.CMake/compiler_opts.cmake) include(.CMake/alg_support.cmake) + if(OQS_USE_OPENSSL) if(NOT DEFINED OPENSSL_ROOT_DIR) if(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Darwin")