* Disable strict aliasing on SPHINCS+-SHAKE
Fixes#2210
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Missed a few variants
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Removed upstream `name: pqcrystals-dilithium` and signature `name: dilithium` from `copy_from_upstream.yml`.
Removed everything under `src/sig/dilithium`
Re-run `copy_from_upstream.py -d copy`, which produced downstream changes to various build files.
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* remove Dilithium entries from kats.json
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* remove Dilithium entries from constant_time tests
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Removed dilithium.yml and dilithium.md. Re-run copy_from_upstream.py, which also updated README.md and cbom.json
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Removed Dilithium from FUZZING.md
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* removed license information about pqclean Dilithium and pqcrystals-dilithium from README.md. README.md still mentions Dilithium but only to say that it has been excluded
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Upgraded CONFIGURE.md minimal build example to ML-KEM-768 and ML-DSA-44
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Upgraded C++ sig linking test to ML-DSA-44; also added option to make the test fail hard if the algorithm is not enabled
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* remove Dilithium from GitHub action workflows
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* removed Dilithium from zephyr configuration and examples
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Removed scripts/copy_from_upstream/patches/pqclean-dilithium-arm-randomized-signing.patch
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Removed dilithium from upstream.name==pqclean.ignore
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* Removed orphaned patches
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
---------
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* patch ICICLE ML-KEM to include enc_derand, but they are not tested
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
* copy_from_upstream.py added deterministic encapsulation info to NTRU docs
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
---------
Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
This commit includes following changes:
* Revert "Removed NTRU. (#1335)"
* Replace the uses of malloc with OQS_MEM_malloc
* Add a derandomized keypair function
* Add "all" entries of NTRU algorithms to the KATs file
* Fix reflecting the removal of NTRU from PQClean
* Update NTRU documents with the latest manners
* Change the CODEOWNERS of NTRU KEM
Signed-off-by: Saito Masataka <saitomst@intellilink.co.jp>
* update CROSS to version 2.2
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
* in CROSS-RSDPG memset vector to 0 before AVX2 exponentiation
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
* in CROSS-RSDPG memset vector to 0 before AVX2 exponentiation
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
* Upgrade Jinja to 3.1.6
As per
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
use of Jinja 3.1.5 has a vulnerability. It's probably not an incredible problem,
but it would be best to upgrade these packages to stay updated with bugfixes.
This follows the Nix flake model where the inputs are not pinned explicitly, so
'updating' them will actually increment their versions.
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
* Fixed requirements merge conflict
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
---------
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
* Update mlkem-native to v1.0.0
This commit updates mlkem-native to the first stable release v1.0.0.
This also removes a patch that was needed for an older version of mlkem-native.
Resolves https://github.com/open-quantum-safe/liboqs/issues/2110
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
* Skip failing CI test (#2157)
* Skip failing CI test
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Fix typo
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
---------
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
* Temporarily disable HQC
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
* Add logic to disable algorithms by default
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Initial derive keypair commit
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add pqcrystals-ml_kem_ipd.patch
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Fix encaps key in scheme and revert whitespace changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Hopefully corrected patch file
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Corrected missing derand in kem_scheme
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Fix indentation
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
derand testing tentative changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add missing function declarations
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Add template for avx2 derand functions
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
WIP: Add changes for coin length
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Update patch to include coin lengths
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Bootstrap
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Conditional copy
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Separate coins variable into two distinct variables
Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Add derand fixes
- Add support for BIKE, FrodoKEM, sntrup
- Add hooks for testing
- Add missing kem comment to documentation
- Don't run decaps() in test_kem_derand if encaps_derand() fails
- Add markdown documentation changes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
WIP trying to fix build errors
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix remaining build issues
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Resolve unused parameter issues for BIKE
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Resolve unused paramter issues for FrodoKEM
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix whitespace inconsistency
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix whitepace issue
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Insert unused attributes
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Void all unused parameters
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Use tab instead of spaces in kem_scheme
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Run copy_from_upstream
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Fix kem_derand python tests
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Initialize coins in test_kem_derand
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update patch to work with mlkem-native
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update docs generation and templating
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream [full tests] [extended tests]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Don't call randombytes on zero-length arrays
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run format script
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Remove encaps_derand support
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Skip encaps/decaps in test_kem_derand
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Refactor test code
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* s/coins/seed/g
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Improve output
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Improve formatting [full tests] [extended tests]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Eddy Kim <Eddy.M.Kim@outlook.com>
* Add link to security response process [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add security support info to PLATFORMS.md [skip ci]
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add SECURITY.md to Doxyfile
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Fix links for Doxygen
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* remove pqcrystals ml-kem patch that is no longer needed
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
* Update mlkem-native to v1.0.0-beta [full tests] [extended tests]
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
---------
Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
* Update script info
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Pull ML-DSA from pq-crystals upstream.
* Removes ML-DSA-ipd
* Adds support for context strings to OQS SIG API.
* Adding _with_ctx_str APIs, templating
* Adds ACVP tests for ML-DSA
* export symbols for acvp tests (dynamic linking)
* remove IPD intermediate values
* adds flag for ctx support
* Update constant-time passes after line nubmer and function name changes
* Update KATs
* API with checks for signatures without ctx support
* Additional test for signatures with ctx
* Change alg_version to FIPS204
* Update ML-DSA security claim to SUF-CMA, according to FIPS204
* Update src/sig/sig.h
* Fix test_alg_info
---------
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Update patch to include version number change
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Run copy_from_upstream
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Generate patch with git diff
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
---------
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add a --delete option to copy_from_upstream to remove unwanted implementation subdirectories.
* Enable the --delete option in CI to detect files included by mistake
* Switch to git status --porcelain in CI for script stability
* Remove unused SPHINCS+ aarch64 implementation using the --delete option
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
* Add speed_sig_stfl
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* Fix speed_sig_stfl.c: limit timing with max sig ops & provide required secure keystore with dummy keystore
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* Cleanup speed_sig_stfl.c
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* speed_sig_stfl: fix for LMS (secure store context must not be NULL), refresh key when out of sigs for sig benchmark
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* tests/speed_sig_stfl.c: astyle fix
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* tests/speed_sig_stfl.c: stfl sig benchmarks require intermittent resetting of secret key
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* speed_sig_stfl: add speed_sig_stfl to: README scripts/nogress.sh tests/test_speed.py
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* test_speed.py: limit testing of stfl sigs to parameters with 2^10 max sigs
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* scripts/nogress.sh: limit regression tests on stfl sigs to only algorithms with 2^10 max sigs
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* speed_sig_stfl.c: astyle fix
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* speed_sig_stfl: 1) fix use-after-free bug. 2) Simply return success if keygen and sign are not enabled.
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
---------
Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
* [#1823] replace malloc/calloc/strdup/free with openssl allocator
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] update memory allocator for copy_from_upstream
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] Use OpenSSL Memory Allocator for BIKE, FrodoKEM, and NTRUPrime
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* [#1823] Add Comments for Doxygen
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* include openssl/crypto.h and resolve conflict varible for ntru
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add openssl version check to fix build error
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Fix build for OQS_DLOPEN_OPENSSL
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* remove OQS_MEM_free
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add allocator check in tests/test_code_conventions.py
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add IGNORE memory-check
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Delect checked allocation functions
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Revert back p_param to p for sntrup
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add allocator check for '.c', '.h', '.fragment'
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add NULL for previous checked allocation
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Add fprintf error for abort cases
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* use OQS_EXIT_IF_NULLPTR for checked malloc cases
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
---------
Signed-off-by: Songling Han <shan@paloaltonetworks.com>
* Refactor liboqs CI to utilize reusable workflows
* Add CI.md documentation file
* Update all Focal jobs to Noble (the latest Ubuntu LTS)
* Minor fixes to address issues related to the update (CT files / syntax / static analysis)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
