The constant-time tests have been failing for mlkem-native as check_sk changed it's name and is no no longer recognized as an exception.
This function processes exclusively public data in the secret key and it's, hence, okay to branch both inside the function and depending on the return value.
This commit renames the function in the constant_time exceptions file.
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
signed_msg and signed_msg_len aren't used as
output parameters anywhere.
Hence, remove their occurrences.
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Use OQS_MEM_secure_free() instead of
OQS_MEM_insecure_free() for secret key objects.
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
* Update mlkem-native to v1.0.0
This commit updates mlkem-native to the first stable release v1.0.0.
This also removes a patch that was needed for an older version of mlkem-native.
Resolves https://github.com/open-quantum-safe/liboqs/issues/2110
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
* Skip failing CI test (#2157)
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
* Check for NULL dereference before using secure free
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
* Skip failing CI test (#2157)
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
* Use OQS_MEM_cleanse() instead of memset()
This is needed for secret objects as memset
maybe optimized out by the compiler.
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
* Skip failing CI test (#2157)
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Promote @SWilson4 from Committer to Maintainer [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Document Michael's leave of absence [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Remove John Schanck from the list of current committers [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Keep @SWilson4 on the list of Committers [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run scorecard workflow with models:read
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Remove all permissions for scorecard workflow
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add security-events and id-token perms
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Clean up comments
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update commit-to-main and weekly calls
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Temporarily disable HQC
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Add logic to disable algorithms by default
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Initial derive keypair commit
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add pqcrystals-ml_kem_ipd.patch
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Fix encaps key in scheme and revert whitespace changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Hopefully corrected patch file
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Corrected missing derand in kem_scheme
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Fix indentation
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
derand testing tentative changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add missing function declarations
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add template for avx2 derand functions
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
WIP: Add changes for coin length
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Update patch to include coin lengths
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Bootstrap
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Conditional copy
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Separate coins variable into two distinct variables
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Add derand fixes
- Add support for BIKE, FrodoKEM, sntrup
- Add hooks for testing
- Add missing kem comment to documentation
- Don't run decaps() in test_kem_derand if encaps_derand() fails
- Add markdown documentation changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
WIP trying to fix build errors
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix remaining build issues
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Resolve unused parameter issues for BIKE
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Resolve unused paramter issues for FrodoKEM
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix whitespace inconsistency
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix whitepace issue
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Insert unused attributes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Void all unused parameters
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Use tab instead of spaces in kem_scheme
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix kem_derand python tests
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Initialize coins in test_kem_derand
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update patch to work with mlkem-native
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update docs generation and templating
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream [full tests] [extended tests]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Don't call randombytes on zero-length arrays
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run format script
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Remove encaps_derand support
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Skip encaps/decaps in test_kem_derand
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Refactor test code
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* s/coins/seed/g
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Improve output
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Improve formatting [full tests] [extended tests]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Eddy Kim <Eddy.M.Kim@outlook.com>
* Add link to security response process [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add security support info to PLATFORMS.md [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add SECURITY.md to Doxyfile
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Fix links for Doxygen
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* remove pqcrystals ml-kem patch that is no longer needed
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
* Update mlkem-native to v1.0.0-beta [full tests] [extended tests]
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
---------
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
liboqsTargets.cmake is supposed to be adjacent liboqsConfig.cmake for the
latter to be functional. This change ensure that this condition is met in
the build directory, allowing other CMake projects to build against a liboqs
build directory (as should be possible, implied by the use of 'export()').
Signed-off-by: Richard Levitte <richard@levitte.org>
* Add threat model
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Update language around constant-time goals
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Update SECURITY.md
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update example files to use ML-KEM and ML-DSA
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Call example_sig_stfl in test_cmdline.py
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Bump jinja2 in /scripts/copy_from_upstream in the pip group (#2036)
Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja).
Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)
---
updated-dependencies:
- dependency-name: jinja2
dependency-type: direct:production
dependency-group: pip
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL (#2043)
* Do not assume OpenSSL memory functions when libcrypto is dlopened
Otherwise, when the OQS_DLOPEN_OPENSSL is defined but OpenSSL is
used only partially, e.g., with OQS_USE_SHA3_OPENSSL=ON, there will be
some unresolved symbols in the final artifact:
```
$ cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
$ ninja
$ nm -g lib/liboqs.so.0.12.1-dev | grep '^[[:space:]]*U '
U __assert_fail@GLIBC_2.2.5
U CRYPTO_free
U CRYPTO_malloc
U dlopen@GLIBC_2.34
U dlsym@GLIBC_2.34
```
Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Wrap OpenSSL memory functions with OSSL_FUNC
This enables those OpenSSL memory functions can be either resolved at
build time or at run-time through dlopen. Note that we use CRYPTO_*
functions instead of OPENSSL_* as the latter are defined as a macro
and cannot be dynamically resolved.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---------
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* Added sig_stfl.h path to .Doxyfile INPUT setting
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* added sig_stfl path to .Doxyfile INPUT setting
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* Update to public Ubuntu 24.04 ARM runner [full tests] (#2050)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* Added Doxygen comments of algorithm identifiers until XMSSMT
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* commit
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* NVIDIA: Adding cuPQC as a backend for ML-KEM. (#2044)
* Adding cuPQC as a backend for ML-KEM.
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
* Fixing transposition error that left out OQS_USE_CUPQC in CMake system.
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
* Add CMake dependent options for cupqc. Fixed formatting in kem_ml_kem_####.c and kem/family/kem_scheme.c
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
* Move cupqc_ml-kem source files to correctly named dir
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Stop piggybacking on pqcrystals-kyber-standard and move cupqc_ml-kem metadata to separate upstream repo
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Update licensing information
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Update PLATFORMS.md
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Fix kem_family cmakelists template
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Run copy_from_upsream.py and pull updated upstream
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Add cupqc build test to basic.yml
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Move cupqc build test from basic.yml to linux.yml
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Fix error in linux.yml
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* fixup! Fix error in linux.yml
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Redo cupqc build check
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Supply default CUDA arch to cupqc-buildcheck configuration stage
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Specify CUDAXX in cupqc-buildcheck
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
* Make cuPQC_DIR explicit in cupqc-buildcheck
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
---------
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* added all algorithm identifiers Doxyfile comments for sig_stfl
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* added additional Doxygen comments to sig_stfl.h
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* fixed formatting
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* fixed return types errors
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
* included sig_stfl API Doxygen documentation [full tests]
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daiki Ueno <dueno@redhat.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Steven I Reeves <sreeves@nvidia.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
