POSIX User Space

If you want to build the leancrypto shared library, use the provided Meson build system:

  1. Setup: meson setup build

  2. Compile: meson compile -C build

  3. Test: meson test -C build --suite regression

  4. Install: meson install -C build

Testing

The leancrypto build system contains the following types of testing. To execute all tests in unison, invoke meson test -C build:

  • Regression testing: invoked with meson test -C build --suite regression

  • Performance testing: invoked with meson test -C build --suite performance

Limiting the Size of leancrypto

Using Meson, the leancrypto library can be limited in size by deselecting the different algorithms not required. With the following command, all options can be listed:

meson configure build

Each option can be deselected by using the meson command meson configure build -D<option>=disabled.

However, some dependencies exist which are reported by Meson. For example, SHA-3 support is needed for all post-quantum algorithms.

NOTE: All offered options are considered to be selectable independent of each other, except when Meson complains. However, unfortunately it is not feasible to test all permutations. Thus, it is possible that some permutations of options may cause compilation errors. If you spot such, please report them at the Github Issue Tracker to have them resolved.

Example: Compiling Post-Quantum-Algorithms Only

The following command disables all algorithms except the post-quantum asymmetric algorithms approved by NIST without their hybrid algorithms, but including all relevant accelerations:

meson setup build \
 -Dascon=disabled \
 -Dascon_keccak=disabled \
 -Dbike_5=disabled \
 -Dbike_3=disabled \
 -Dbike_1=disabled \
 -Dkyber_x25519=disabled \
 -Ddilithium_ed25519=disabled \
 -Dx509_parser=disabled \
 -Dx509_generator=disabled \
 -Dpkcs7_parser=disabled \
 -Dpkcs7_generator=disabled \
 -Dsha2-256=disabled \
 -Dsha2-512=disabled \
 -Dchacha20=disabled \
 -Dchacha20_drng=disabled \
 -Ddrbg_hash=disabled \
 -Ddrbg_hmac=disabled \
 -Dhash_crypt=disabled \
 -Dhmac=disabled \
 -Dhkdf=disabled \
 -Dkdf_ctr=disabled \
 -Dkdf_fb=disabled \
 -Dkdf_dpi=disabled \
 -Dpbkdf2=disabled \
 -Dkmac_drng=disabled \
 -Dcshake_drng=disabled \
 -Dhotp=disabled \
 -Dtotp=disabled \
 -Daes_block=disabled \
 -Daes_cbc=disabled \
 -Daes_ctr=disabled \
 -Daes_kw=disabled \
 -Dapps=disabled

Example: Compiling ML-KEM Support Only

The following command disables all algorithms except ML-KEM without the hybrid algorithms, but including all relevant accelerations:

meson setup build \
 -Dascon=disabled \
 -Dascon_keccak=disabled \
 -Dbike_5=disabled \
 -Dbike_3=disabled \
 -Dbike_1=disabled \
 -Dkyber_x25519=disabled \
 -Ddilithium_ed25519=disabled \
 -Dx509_parser=disabled \
 -Dx509_generator=disabled \
 -Dpkcs7_parser=disabled \
 -Dpkcs7_generator=disabled \
 -Dsha2-256=disabled \
 -Dsha2-512=disabled \
 -Dchacha20=disabled \
 -Dchacha20_drng=disabled \
 -Ddrbg_hash=disabled \
 -Ddrbg_hmac=disabled \
 -Dhash_crypt=disabled \
 -Dhmac=disabled \
 -Dhkdf=disabled \
 -Dkdf_ctr=disabled \
 -Dkdf_fb=disabled \
 -Dkdf_dpi=disabled \
 -Dpbkdf2=disabled \
 -Dkmac_drng=disabled \
 -Dcshake_drng=disabled \
 -Dhotp=disabled \
 -Dtotp=disabled \
 -Daes_block=disabled \
 -Daes_cbc=disabled \
 -Daes_ctr=disabled \
 -Daes_kw=disabled \
 -Dapps=disabled \
 -Ddilithium_87=disabled \
 -Ddilithium_65=disabled \
 -Ddilithium_44=disabled \
 -Dsphincs_shake_256s=disabled \
 -Dsphincs_shake_256f=disabled \
 -Dsphincs_shake_192s=disabled \
 -Dsphincs_shake_192f=disabled \
 -Dsphincs_shake_128s=disabled \
 -Dsphincs_shake_128f=disabled

Example: Compiling SHA2-256 Support Only

The following command disables all algorithms except SHA2-256 including all relevant accelerations which yields a shared library of 43kBytes on Intel 64-bit systems:

meson setup build \
 -Dascon=disabled \
 -Dascon_keccak=disabled \
 -Dbike_5=disabled \
 -Dbike_3=disabled \
 -Dbike_1=disabled \
 -Dkyber_x25519=disabled \
 -Ddilithium_ed25519=disabled \
 -Dx509_parser=disabled \
 -Dx509_generator=disabled \
 -Dpkcs7_parser=disabled \
 -Dpkcs7_generator=disabled \
 -Dsha2-512=disabled \
 -Dchacha20=disabled \
 -Dchacha20_drng=disabled \
 -Ddrbg_hash=disabled \
 -Ddrbg_hmac=disabled \
 -Dhash_crypt=disabled \
 -Dhmac=disabled \
 -Dhkdf=disabled \
 -Dkdf_ctr=disabled \
 -Dkdf_fb=disabled \
 -Dkdf_dpi=disabled \
 -Dpbkdf2=disabled \
 -Dkmac_drng=disabled \
 -Dcshake_drng=disabled \
 -Dhotp=disabled \
 -Dtotp=disabled \
 -Daes_block=disabled \
 -Daes_cbc=disabled \
 -Daes_ctr=disabled \
 -Daes_kw=disabled \
 -Dapps=disabled \
 -Ddilithium_87=disabled \
 -Ddilithium_65=disabled \
 -Ddilithium_44=disabled \
 -Dsphincs_shake_256s=disabled \
 -Dsphincs_shake_256f=disabled \
 -Dsphincs_shake_192s=disabled \
 -Dsphincs_shake_192f=disabled \
 -Dsphincs_shake_128s=disabled \
 -Dsphincs_shake_128f=disabled \
 -Dkmac=disabled \
 -Dkyber_1024=disabled \
 -Dkyber_768=disabled \
 -Dkyber_512=disabled \
 -Dsha3=disabled \
 -Dxdrbg=disabled