search

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
https://developers.google.com/tink
Apache License 2.0
13.47k stars 1.18k forks source link

HPKE + cmake (c++): Missing transitive target? #679

Closed sschnug closed 1 year ago

sschnug commented 1 year ago

Original Issue

While trying to build a simple demo project doing Hybrid Encryption based on the official example cc/examples/hybrid_encryption (but flattening / isolating / simplifying everything into a fresh tink-external project) using cmake i stumbled upon the following issue:

This nearly example-identical cmake config:

cmake_minimum_required(VERSION 3.8)
project(tink_poc CXX)

set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_STANDARD 17)

add_subdirectory(third_party/tink)

add_executable(example cli_example/example.cc cli_example/util.cc)
target_include_directories(example PUBLIC)
target_link_libraries(example tink::static absl::flags_parse)

leads to this error during linking:

/tink_poc/cli_example/example.cc:92: undefined reference to `crypto::tink::RegisterHpke()'

Remark: example.cc has these parts (without the original macros/flags) and compiles (until linking)

#include "tink/hybrid/hpke_config.h"
...
result = crypto::tink::RegisterHpke();
if (!result.ok()) return result;

Workaround

I fixed this and verified the correct working of the example built by explicitly declaring the target: tink_internal_hybrid_hpke_config in the cmake config:

...
add_executable(example cli_example/example.cc cli_example/util.cc)
target_include_directories(example PUBLIC)
target_link_libraries(example tink::static absl::flags_parse tink_internal_hybrid_hpke_config)      # <- CHANGE

Question

This explicit declaration looks like something which should have been automatically added when declaring tink::static.

As this example currently seems to be a second-class citizen when cmake (instead of bazel) is used (https://github.com/google/tink/commit/68ea64916bcf6bdce07c926ef0d844f34c0d6da8), it's hard to tell if this is oversight or if there is a good reason for this?

Version

tink @ 27b061bb = 1.7.0

(Ubuntu 20.04, cmake version 3.21.3)

Remark / Thanks

The library, docs and examples look really nice in general!

morambro commented 1 year ago

Hi @sschnug as you correctly pointed out, HPKE is not exposed by tink::static, and ideally it should be there; Unfortunately, simply adding it to tink::static would break compatibility with OpenSSL. So the exclusion is intentional :)

If you use BoringSSL, adding the tink_internal_hybrid_hpke_config target is the only option AFAICT.

morambro commented 1 year ago

Closing this issue. Feel free to reopen it if there are any further issues/clarifications needed!