Compare commits

...

338 Commits

Author SHA1 Message Date
Aiden Fox Ivey
50185c6e72
Zeroize memory in SHA3 implementation (#2171)
* Add OQS_MEM_aligned_secure_free convenience fn

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>

* Rewrite SHA3 aligned frees to zeroize

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>

---------

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
2025-06-20 14:12:12 -04:00
Marcel Cornu
8f926065eb
Add AVX512VL-Optimized SHA3/SHAKE Implementations (#2167)
* Add SHA3-256/384/512 and SHAKE128/256 AVX512VL implementations

Co-authored-by: Tomasz Kantecki <tomasz.kantecki@intel.com>
Co-authored-by: Erdinc Ozturk <erdinc.ozturk@intel.com>
Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Signed-off-by: Tomasz Kantecki <tomasz.kantecki@intel.com>

* AVX512VL SHA3 is added as an extension of XKCP implementation

Co-authored-by: Marcel Cornu <marcel.d.cornu@intel.com>
Signed-off-by: Tomasz Kantecki <tomasz.kantecki@intel.com>
Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

* Add SHA3-384 tests

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

* Update namespace test to include SHA3

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

* Release SHA3 context after triggering dispatcher

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

* Add linux CI for OQS_USE_SHA3_AVX512VL=OFF config

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

* Add AVX512 emulation to linux CI

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>

---------

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Signed-off-by: Tomasz Kantecki <tomasz.kantecki@intel.com>
Co-authored-by: Tomasz Kantecki <tomasz.kantecki@intel.com>
Co-authored-by: Erdinc Ozturk <erdinc.ozturk@intel.com>
2025-06-20 13:37:32 -04:00
Aiden Fox Ivey
47b8fdd404
Adding code coverage (#2148)
* First stab at adding coverage tests

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Install dependencies for coveralls action

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Integrate code coverage into CI

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Properly parallelize

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Refine test coverage

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Ignore unused exclude path error

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update exclude path

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Fix Markdown formatting

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Pin dependencies

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update workflow badge path

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>

* Fix path in CI.md

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>

* Remove unnecessary call to install curl

Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-06-19 14:45:44 -04:00
Douglas Stebila
6218d54496
Benchmarking comments only on alerts (#2168)
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2025-06-18 11:38:44 -04:00
Pablo Gutiérrez
a56b796271
increased alert threshold (#2166)
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
2025-06-16 10:50:07 -04:00
Nathaniel Brough
8d9cfd7f33
test: Add basic kem fuzz testing (#2133)
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
2025-06-12 10:03:59 -04:00
Pablo Gutiérrez
d745d35938
Continuous Benchmarking using Github Actions (#2134)
* Added workflows and script for speed beanchmarking

Signed-off-by: Pablo Gutiérrez Félix <pablogf@uma.es>

* changed branch push to main

Signed-off-by: Pablo Gutiérrez Félix <pablogf@uma.es>

* Added SPDX-License-Identifer

Signed-off-by: Pablo Gutiérrez Félix <pablogf@uma.es>

* Fixed github security warnings

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Fixed github security warnings 2

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Fixes after commit-to-main tests

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

---------

Signed-off-by: Pablo Gutiérrez Félix <pablogf@uma.es>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
2025-06-11 09:38:44 -04:00
Matthias J. Kannwischer
708b1052d5
Adjust constan-time test exception for mlkem-native [extended tests] (#2162)
The constant-time tests have been failing for mlkem-native as check_sk changed it's name and is no no longer recognized as an exception.
This function processes exclusively public data in the secret key and it's, hence, okay to branch both inside the function and depending on the return value.

This commit renames the function in the constant_time exceptions file.

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
2025-06-10 08:49:19 -04:00
Sadiq Hussain M
a47d8926c9
tests: Check OQS_STATUS of RNG and fstore functions (#2153) 2025-06-06 13:26:31 -04:00
h2parson
f06ade9406
Wycheproof (#2145)
* added wycheproof vectors for mlkem

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* astyle formatting

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* add license and remove unused vars

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* random_bytes_free

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* remove unused rc

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* add assert

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* initialize variables before branching

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* fix dead code warning

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* explicit json encoding and helpers run subprocess addedd

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* styling

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* fixing dead code and linux issues

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>

* Skip failing CI test (#2157)

* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hayden Parsons <h2parson@eduroam-campus-10-36-104-59.campus-dynamic.uwaterloo.ca>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2025-06-05 19:47:02 -04:00
Sadiq Hussain M
9aa76bc130
tests: Remove unused variables (#2152)
signed_msg and signed_msg_len aren't used as
output parameters anywhere.
Hence, remove their occurrences.

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
2025-06-05 09:00:37 -04:00
Sadiq Hussain M
bf14f5fce2
tests: Use secure free for secret key objects (#2149)
Use OQS_MEM_secure_free() instead of
OQS_MEM_insecure_free() for secret key objects.

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
2025-06-05 09:00:20 -04:00
Matthias J. Kannwischer
4784356bd1
Update mlkem-native to v1.0.0 (#2146)
* Update mlkem-native to v1.0.0

This commit updates mlkem-native to the first stable release v1.0.0.

This also removes a patch that was needed for an older version of mlkem-native.
Resolves https://github.com/open-quantum-safe/liboqs/issues/2110

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

* Skip failing CI test (#2157)

* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2025-06-05 08:59:49 -04:00
Sadiq Hussain M
894547b15c
Check for NULL dereference before using secure free (#2151)
* Check for NULL dereference before using secure free

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>

* Skip failing CI test (#2157)

* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2025-06-04 16:18:45 -04:00
Sadiq Hussain M
65ed00c2f1
Use OQS_MEM_cleanse() instead of memset() (#2158)
* Use OQS_MEM_cleanse() instead of memset()

This is needed for secret objects as memset
maybe optimized out by the compiler.

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>

* Skip failing CI test (#2157)

* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2025-06-04 16:18:36 -04:00
Douglas Stebila
1e8222339b
Skip failing CI test (#2157)
* Skip failing CI test

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2025-06-04 08:09:16 -04:00
M-AlNoaimi
51bf0b6b94
Add support for context string signing in signature algorithms (#2142)
Signed-off-by: M-AlNoaimi <26318936+M-AlNoaimi@users.noreply.github.com>
2025-05-28 06:46:00 -04:00
Abhinav Saxena
b75bfb8c56
Update ACVP vectors to latest release (#2131)
Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>
2025-05-02 21:07:50 -04:00
Jan Adriaan Leegwater
429c98ee7e
Integrate SNOVA into liboqs (#2109)
* Integrate SNOVA into liboqs

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Remove SNOVA_66_15_3

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Add ARM NEON

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Update, tighter constant_time passes and issues [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Update remote commit

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Review comments SWilson4 [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Fix newline at end of file [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Restrict zephyr algorithms to the low stack ones. [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Disable SNOVA_24_5_5 in zephyr test [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Fix typos in KAT [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

* Use Constant Time version for sign [full tests] [extended tests]

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>

---------

Signed-off-by: Jan Adriaan Leegwater <info@vacuas.nl>
2025-05-01 11:41:57 -04:00
Pravek Sharma
9c68f3d7e4
Change cupqc upstream repo (#2115)
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2025-04-25 12:09:39 -04:00
Aiden Fox Ivey
f8766fa696
Update Nix flake inputs (#2126)
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
2025-04-25 11:35:44 -04:00
Spencer Wilson
1dfa5beaba
Promote @SWilson4 from Committer to Maintainer [skip ci] (#2120)
* Promote @SWilson4 from Committer to Maintainer [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Document Michael's leave of absence [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Remove John Schanck from the list of current committers [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Keep @SWilson4 on the list of Committers [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-04-21 09:57:38 -04:00
Khalid
5d4a3caee0
Restrict -Wno-maybe-uninitialized to GCC and fix stack size typo (#2111)
Signed-off-by: Khalid Alraddady <187553667+hawazyn@users.noreply.github.com>
Co-authored-by: Khalid Alraddady <187553667+hawazyn@users.noreply.github.com>
2025-04-21 09:36:14 -04:00
Pravek Sharma
23360d41be
Switch to dev mode (#2125)
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2025-04-17 12:35:10 -04:00
Pravek Sharma
85cac74dab
0.13.0 release (#2119)
* Bump version string

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update release notes

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update security notes

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Remove rc1 tags

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add link to OQS survey in RELEASE.md

Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update RELEASE.md with HQC remark

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update release date

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add survey link to README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2025-04-17 11:05:33 -04:00
Spencer Wilson
3cedd464f7
Fix PR workflow runs (#2123)
* Run scorecard workflow with models:read

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Remove all permissions for scorecard workflow

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Add security-events and id-token perms

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Clean up comments

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update commit-to-main and weekly calls

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-04-11 07:30:01 -04:00
Douglas Stebila
a7d698ca9c
Temporarily disable HQC (#2122)
* Temporarily disable HQC

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Add logic to disable algorithms by default

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-04-11 05:47:21 -04:00
Spencer Wilson
6337a8424d
Add support caveat (#2114)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-03-24 20:01:09 -04:00
Martin Kröning
a20597ce83
build: search unistd.h separately from sys/random.h for getentropy (#2104)
Signed-off-by: Martin Kröning <martin.kroening@eonerc.rwth-aachen.de>
2025-03-20 12:58:16 -04:00
Basil Hess
fe11b6a9fd
Update nist-round in UOV and MAYO data sheet (#2105)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2025-03-19 11:56:15 -04:00
Spencer Wilson
3ca1a36909
Add DeriveKeyPair API (#2070)
* Initial derive keypair commit

Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Add pqcrystals-ml_kem_ipd.patch

Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Fix encaps key in scheme and revert whitespace changes

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Hopefully corrected patch file

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Corrected missing derand in kem_scheme

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Fix indentation

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Run copy_from_upstream

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

derand testing tentative changes

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Add missing function declarations

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Add template for avx2 derand functions

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Run copy_from_upstream

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

WIP: Add changes for coin length

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>

Update patch to include coin lengths

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Bootstrap

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Conditional copy

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Run copy_from_upstream

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Separate coins variable into two distinct variables

Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Add derand fixes

- Add support for BIKE, FrodoKEM, sntrup
- Add hooks for testing
- Add missing kem comment to documentation
- Don't run decaps() in test_kem_derand if encaps_derand() fails
- Add markdown documentation changes

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

WIP trying to fix build errors

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Fix remaining build issues

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Resolve unused parameter issues for BIKE

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Resolve unused paramter issues for FrodoKEM

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Fix whitespace inconsistency

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Fix whitepace issue

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Insert unused attributes

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Void all unused parameters

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Use tab instead of spaces in kem_scheme

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Run copy_from_upstream

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Fix kem_derand python tests

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

Initialize coins in test_kem_derand

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update patch to work with mlkem-native

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update docs generation and templating

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Run copy_from_upstream [full tests] [extended tests]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Don't call randombytes on zero-length arrays

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Run format script

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Remove encaps_derand support

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Run copy_from_upstream

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Skip encaps/decaps in test_kem_derand

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Refactor test code

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* s/coins/seed/g

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Improve output

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Improve formatting [full tests] [extended tests]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Eddy Kim <Eddy.M.Kim@outlook.com>
2025-03-18 14:40:07 -04:00
Basil Hess
940d2d0bb8
chore: update MAYO version in datasheet (#2103)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2025-03-18 11:10:20 -04:00
Marco Gianvecchio
8ee6039c74
Add bitflip test for trivial SUF-CMA forgeries (#2090)
* add bitflip test to test_sig.c
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* format code
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* - add sig->suf_cma
- add command-line argument to test_sig.c (the number of bitflips)
- update CROSS upstream to SUF-CMA
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* %d to %ld for size_t bitflips

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* cast argument bitflips to size_t
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* replace atoi() with strtol()
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* cast bit_index to %llu

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* update bitflip tests:
- revert CROSS to EUF-CMA
- add test_bitflip_message
- exclude stateful signatures for now
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* remove bitflips_as_str in printf
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* test_bitflip as a single function, add support for stateful signatures
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* add OQS_TEST_CT_DECLASSIFY after test_bitflip_stfl
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* [extended tests]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* more OQS_TEST_CT_DECLASSIFY [extended tests]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* patch dilithium to add suf-cma
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* run copy_from_upstream.py
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* SUF-CMA in dilithium docs, run copy_from_upstream.py
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* correct sizeof in OQS_randombytes call (thank you @SWilson4!)
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* factor bitflip testing functions out into test_helpers.c
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* --allow-multiple-definition for Windows .dll in test_kem_mem
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* --allow-multiple-definition for Windows .dll in test_sig and test_sig_stfl
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

---------

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
2025-03-14 11:53:05 -04:00
Matthias J. Kannwischer
8ed50816c1
Add UOV (#2094)
* update_docs_from_yaml.py: Do not rely on SPHINCS being last

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

* allow pqov namespace

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

* add uov implementations [full tests] [extended tests]

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

* Typo [skip ci]

Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>

* add UOV to NIST_SIG_ONRAMP

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

---------

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Thing-han, Lim <15379156+potsrevennil@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Basil Hess <bhe@zurich.ibm.com>
2025-03-10 10:33:27 -04:00
Spencer Wilson
bf515a3609
Bump version to 0.13.0-dev [skip ci] (#2099)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-03-07 17:41:17 -05:00
Spencer Wilson
526506f67a
Add references to security response process (#2077)
* Add link to security response process [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Add security support info to PLATFORMS.md [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Add SECURITY.md to Doxyfile

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Fix links for Doxygen

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-03-07 17:40:57 -05:00
Matthias J. Kannwischer
726400dfe6
Update mlkem-native to v1.0.0-beta (#2092)
* remove pqcrystals ml-kem patch that is no longer needed

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

* Update mlkem-native to v1.0.0-beta [full tests] [extended tests]

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

---------

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
2025-03-07 13:43:02 -05:00
Basil Hess
fa5f792906
Update MAYO to NIST round 2 (#2095)
* Update MAYO to NIST round 2 [full tests] [extended tests] [trigger downstream]

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* Update mayo yml with neon

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2025-03-07 18:31:41 +01:00
Aiden Fox Ivey
d4eb7a6d61
Add Nix flake, instructions, and Nix CI (#1970)
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
2025-03-05 14:41:38 -05:00
Matthias J. Kannwischer
5450d7c2ee
Update actions/cache to v4.2.2 [full tests] (#2093)
Github recently turned off their old caching APIs:
https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

liboqs' CI started failing with the following error message for me:
This request has been automatically failed because it uses a deprecated version of `actions/cache: e12d46a63a90f2fae62d114769bbf2a179198b5c`. Please update your workflow to use v3/v4 of actions/cache to avoid interruptions.

This commit updates to the newer version of actions/cache that is using the
new Github APIs.

Note that Github's blog post is misleading. A lot more versions than v1/v2 are
being disabled including v3.3.3 that is used in liboqs - see
https://github.com/actions/cache/discussions/1510

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
2025-03-03 07:46:41 -05:00
Abhinav Saxena
38725ba063
Add checks for ML-KEM keys (#2009)
* add checks for ML-KEM keys

* add mod(3329) using barrett reduction

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>
2025-02-26 10:31:13 +01:00
Pablo Gutiérrez
c2a6559c22
Added alg_version details to test output (#2080)
* Added alg_version details as test output

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
2025-02-25 17:21:11 +01:00
Richard Levitte
f5a044874d
Ensure that building against liboqs build directory works (#2086)
liboqsTargets.cmake is supposed to be adjacent liboqsConfig.cmake for the
latter to be functional.  This change ensure that this condition is met in
the build directory, allowing other CMake projects to build against a liboqs
build directory (as should be possible, implied by the use of 'export()').

Signed-off-by: Richard Levitte <richard@levitte.org>
2025-02-24 17:00:42 -05:00
Michael Baentsch
ef47d9af27
improving CONTRIBUTING.md for maintainability [skip ci] (#2081)
Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2025-02-21 18:18:07 +01:00
Marco Gianvecchio
77917043c4
Update CROSS to version 2.0 (#2078)
* Update CROSS to version 2.0
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* implementations-switch-on-runtime-cpu-features: false in CROSS [skip ci]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* update KAT "all" for CROSS [extended tests]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* update cross.md [extended tests]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* correct call stack in the suppression file for CROSS [extended tests]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

---------

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
2025-02-20 07:51:12 +01:00
Douglas Stebila
063ed784e0
Add threat model (#2033)
* Add threat model

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update language around constant-time goals

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update SECURITY.md

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-02-19 16:41:04 -05:00
Pravek Sharma
5afca64205
Disable cupqc-buildcheck (#2075)
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2025-02-10 16:48:01 -05:00
Spencer Wilson
0a23450d06
GitHub runner updates (#2069)
* Add macos-15 runner; update gcc version [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Don't run libjade on macos-15; remove gcc 13 patch

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Add windows-2025 runner [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Refactor matrix [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update actionlint config

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Update PLATFORMS.md [skip ci]

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Specify gcc-14

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-02-10 09:18:26 -05:00
Spencer Wilson
b80240c348
Update example files (#2071)
* Update example files to use ML-KEM and ML-DSA

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Call example_sig_stfl in test_cmdline.py

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-02-07 15:22:07 -05:00
Basil Hess
a554b36dd3
Import ML-KEM from mlkem-native/PQ code package (#2041)
* Integrate ML-KEM from mlkem-native [full tests] [extended tests]

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2025-02-04 16:26:27 +01:00
Pablo Gutiérrez
47612ee6d8
Update sig_stfl Doxygen documentation (#2059)
* Bump jinja2 in /scripts/copy_from_upstream in the pip group (#2036)

Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja).

Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL (#2043)

* Do not assume OpenSSL memory functions when libcrypto is dlopened

Otherwise, when the OQS_DLOPEN_OPENSSL is defined but OpenSSL is
used only partially, e.g., with OQS_USE_SHA3_OPENSSL=ON, there will be
some unresolved symbols in the final artifact:

```
$ cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
$ ninja
$ nm -g lib/liboqs.so.0.12.1-dev | grep '^[[:space:]]*U '
                 U __assert_fail@GLIBC_2.2.5
                 U CRYPTO_free
                 U CRYPTO_malloc
                 U dlopen@GLIBC_2.34
                 U dlsym@GLIBC_2.34
```

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* Wrap OpenSSL memory functions with OSSL_FUNC

This enables those OpenSSL memory functions can be either resolved at
build time or at run-time through dlopen. Note that we use CRYPTO_*
functions instead of OPENSSL_* as the latter are defined as a macro
and cannot be dynamically resolved.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

---------

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Added sig_stfl.h path to .Doxyfile INPUT setting

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* added sig_stfl path to .Doxyfile INPUT setting

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Update to public Ubuntu 24.04 ARM runner [full tests] (#2050)

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* Added Doxygen comments of algorithm identifiers until XMSSMT

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* commit

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* NVIDIA: Adding cuPQC as a backend for ML-KEM. (#2044)

* Adding cuPQC as a backend for ML-KEM.

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Fixing transposition error that left out OQS_USE_CUPQC in CMake system.

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Add CMake dependent options for cupqc. Fixed formatting in kem_ml_kem_####.c and kem/family/kem_scheme.c

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Move cupqc_ml-kem source files to correctly named dir

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Stop piggybacking on pqcrystals-kyber-standard and move cupqc_ml-kem metadata to separate upstream repo

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update licensing information

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update PLATFORMS.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix kem_family cmakelists template

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upsream.py and pull updated upstream

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add cupqc build test to basic.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Move cupqc build test from basic.yml to linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix error in linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fixup! Fix error in linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Redo cupqc build check

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Supply default CUDA arch to cupqc-buildcheck configuration stage

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Specify CUDAXX in cupqc-buildcheck

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Make cuPQC_DIR explicit in cupqc-buildcheck

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Steven Reeves <sreeves@nvidia.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* added all algorithm identifiers Doxyfile comments  for sig_stfl

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* added additional Doxygen comments to sig_stfl.h

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* fixed formatting

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* fixed return types errors

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

* included sig_stfl API Doxygen documentation [full tests]

Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>
Signed-off-by: Pablo Gutiérrez <pablogf@uma.es>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Steven Reeves <sreeves@nvidia.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daiki Ueno <dueno@redhat.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Steven I Reeves <sreeves@nvidia.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
2025-02-03 12:46:29 -05:00
Basil Hess
7eb9af7aba
Build with latest zephyr container failing, pinning 0.27.4 [full tests] (#2063)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2025-02-03 12:45:49 -05:00
Daiki Ueno
f877812314
Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL (#2058)
As a follow-up of commit 64bceb37fafa9b90cf228965079de9ebd77a83b9,
this checks that the library artifacts don't contain any unresolved
symbols from libcrypto.so when it is dynamically loaded.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-01-29 14:15:00 -05:00
Abhinav Saxena
4b34efeaec
Update ACVP vectors for KEM and DSA (#2051)
* add latest ACVP vector tests

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* minor script improvements

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* fix build issues

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* fix build issues

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* minor improvements

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* test file improvements

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

---------

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>
2025-01-29 14:11:47 -05:00
Steven I Reeves
6a16ac68b5
NVIDIA: Adding cuPQC as a backend for ML-KEM. (#2044)
* Adding cuPQC as a backend for ML-KEM.

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Fixing transposition error that left out OQS_USE_CUPQC in CMake system.

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Add CMake dependent options for cupqc. Fixed formatting in kem_ml_kem_####.c and kem/family/kem_scheme.c

Signed-off-by: Steven Reeves <sreeves@nvidia.com>

* Move cupqc_ml-kem source files to correctly named dir

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Stop piggybacking on pqcrystals-kyber-standard and move cupqc_ml-kem metadata to separate upstream repo

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update licensing information

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update PLATFORMS.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix kem_family cmakelists template

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upsream.py and pull updated upstream

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add cupqc build test to basic.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Move cupqc build test from basic.yml to linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix error in linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fixup! Fix error in linux.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Redo cupqc build check

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Supply default CUDA arch to cupqc-buildcheck configuration stage

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Specify CUDAXX in cupqc-buildcheck

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Make cuPQC_DIR explicit in cupqc-buildcheck

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Steven Reeves <sreeves@nvidia.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
2025-01-27 18:17:05 -05:00
Spencer Wilson
99affa6935
Update to public Ubuntu 24.04 ARM runner [full tests] (#2050)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2025-01-26 13:10:19 -05:00
Daiki Ueno
64bceb37fa
Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL (#2043)
* Do not assume OpenSSL memory functions when libcrypto is dlopened

Otherwise, when the OQS_DLOPEN_OPENSSL is defined but OpenSSL is
used only partially, e.g., with OQS_USE_SHA3_OPENSSL=ON, there will be
some unresolved symbols in the final artifact:

```
$ cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH ..
$ ninja
$ nm -g lib/liboqs.so.0.12.1-dev | grep '^[[:space:]]*U '
                 U __assert_fail@GLIBC_2.2.5
                 U CRYPTO_free
                 U CRYPTO_malloc
                 U dlopen@GLIBC_2.34
                 U dlsym@GLIBC_2.34
```

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* Wrap OpenSSL memory functions with OSSL_FUNC

This enables those OpenSSL memory functions can be either resolved at
build time or at run-time through dlopen. Note that we use CRYPTO_*
functions instead of OPENSSL_* as the latter are defined as a macro
and cannot be dynamically resolved.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

---------

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-01-15 15:55:51 -05:00
dependabot[bot]
cc61cb046d
Bump jinja2 in /scripts/copy_from_upstream in the pip group (#2036)
Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja).


Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-08 21:28:46 -05:00
Spencer Wilson
af78b87869
Update PQClean commit and delete patch for HQC (#2026)
* Update script info

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Run copy_from_upstream

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-12-22 00:34:13 -05:00
Nigel Jones
d35017e3e9
#1830 update scorecard to v5 (gh action 2.4.0) (#1890)
* #1830 update scorecard to v5 (gh action 2.4.0)

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

* Pin action version in unix.yml

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

* Schedule only, no PR. Minor updates to scorecard

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

---------

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-12-21 17:49:23 +01:00
Spencer Wilson
416778ecc2
Trigger liboqs-java and liboqs-rust downstream CI (#2021)
* Trigger liboqs-java CI on commits to main

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Trigger liboqs-rust CI on commits to main

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-12-17 13:17:54 -05:00
Iyán
51708b699e
Remove hardcoded build paths & modify basic workflow to build in random path (#2019)
* Remove hardcoded build paths

This fixes #2018 using `helpers.get_current_build_dir_name()`

Signed-off-by: Iyán Méndez Veiga <me@iyanmv.com>

* Use a random build path in the basic build test

Signed-off-by: Iyán Méndez Veiga <me@iyanmv.com>

---------

Signed-off-by: Iyán Méndez Veiga <me@iyanmv.com>
2024-12-13 17:08:35 -05:00
Douglas Stebila
dd1706bc9b
Update upload-artifact action to v4 (#2017)
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2024-12-11 07:11:21 +01:00
Abhinav Saxena
bbf1dbec29
Minor changes to ML_DSA ACVP tests (#2007)
* minor improvements to dsa acvp tests

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* check method for NULL before dereferencing

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* change ctxlen to 256

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

---------

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>
2024-12-09 20:49:38 -05:00
zhaixiaojuan
ee0da46c9e
Add loongarch64 support (#2010)
Signed-off-by: zhaixiaojuan <zhaixiaojuan@loongson.cn>
2024-12-09 20:46:44 -05:00
Douglas Stebila
6f17ad7c35
Bump version to 0.12.1-dev (#2015)
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2024-12-09 20:46:07 -05:00
Douglas Stebila
f4b96220e4
0.12.0 release (#2011)
* Release notes for 0.12.0 release

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update changelog [skip ci]

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Wording in release notes [skip ci]

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-12-09 20:27:54 -05:00
Douglas Stebila
d0d0413dc9
Create liboqs 0.12.0 release candidate 1 (#2006)
* Update version numbers for 0.12.0-rc1

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update list of supported versions

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update release notes for 0.12.0-rc1

Fixes #1990 and #2004.

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Fix typo and workding [skip ci]

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>

* Revise wording on API removal

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Update release date for rc1 [skip ci]

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-29 11:50:15 -05:00
Douglas Stebila
3224d553ef
Add defines for OQS version components (#2000)
* Add defines for OQS version components

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Set OQS_VERSION_TEXT based on new OQS_VERSION_* macros

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Make OQS_VERSION_PRE_RELEASE optionally defined

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Add documentation about OQS_VERSION macros

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Clarify wording about definition of OQS_VERSION_PRE_RELEASE

Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Signed-off-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-26 08:11:56 -05:00
Basil Hess
d9c214cc64
Add ML-DSA / FIPS 204 final (#1919)
* Pull ML-DSA from pq-crystals upstream.
* Removes ML-DSA-ipd
* Adds support for context strings to OQS SIG API.
* Adding _with_ctx_str APIs, templating
* Adds ACVP tests for ML-DSA
* export symbols for acvp tests (dynamic linking)
* remove IPD intermediate values
* adds flag for ctx support
* Update constant-time passes after line nubmer and function name changes
* Update KATs
* API with checks for signatures without ctx support
* Additional test for signatures with ctx
* Change alg_version to FIPS204
* Update ML-DSA security claim to SUF-CMA, according to FIPS204
* Update src/sig/sig.h
* Fix test_alg_info

---------
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-26 13:45:10 +01:00
Spencer Wilson
25206cdcb8
Set ML-KEM alg_version to "FIPS203" (#1997)
* Update patch to include version number change

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Run copy_from_upstream

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Generate patch with git diff

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-26 04:24:48 -05:00
Norman Ashley
fbaf871a4a
Fix LMS crash (#1998)
* Fix LMS crash

Signed-off-by: Norman Ashley <nashley@cisco.com>

* Fixed compile issue on Mac

Signed-off-by: Norman Ashley <nashley@cisco.com>

---------

Signed-off-by: Norman Ashley <nashley@cisco.com>
2024-11-24 03:13:48 -05:00
Spencer Wilson
cce1bfde4e Run copy_from_upstream.py
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-21 05:50:03 -08:00
Spencer Wilson
95f904bcaa Add patch to fix HQC decapsulation
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-21 05:50:03 -08:00
Abhinav Saxena
507d03009c
Test Improvements for ML-KEM (#1947)
* test improvements for ML-KEM

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* update length type from int to size_t

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* fix windows dll + compilation issues

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* fix windows tests for ACVP vectors

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* fix build failure in vector_kem

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* remove const qualifier from prng_op_stream

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* add macros instead of hardcoding & declasify values before use

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* add ML-KEM rejection tests in seperate function

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* add ciphertext corruption test for kem rejection

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

* add conditional compilation for ML-KEM tests

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>

---------

Signed-off-by: Abhinav Saxena <abhinav.saxena@thalesgroup.com>
2024-11-13 13:30:57 +01:00
Daiki Ueno
2ee908df24
Avoid OpenSSL functions being called unconditionally at OQS_destroy (#1982)
When OQS_DLOPEN_OPENSSL is designated and low-level primitives are
overridden with OQS_*_set_callbacks, OQS_destroy still indirectly
calls EVP_*_free from OpenSSL. This adds a extra NULL check to
avoid that.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-11-12 11:11:15 -05:00
Spencer Wilson
77aa1455e5
Update PLATFORMS.md / re-enable CROSS on s390x (#1988)
* Complete the revival of Travis and CROSS

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Add Travis badge to README

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-12 08:10:27 +01:00
ChinoUkaegbu
8c5e88197b
Add CI badges to README.md (#1987)
Signed-off-by: ChinoUkaegbu <77782533+ChinoUkaegbu@users.noreply.github.com>
2024-11-11 15:32:13 -05:00
Marco Gianvecchio
1dfb70bca8
imported fix from CROSS upstream: endianness-aware csprng (#1983)
* Revert "Disable erroring TravisCI build"

This reverts commit b59d78c0f02455da91ce8a34fa742c2b063ccddd.

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* disable cross on s390x

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* remove status badge

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* imported fix from CROSS upstream: endianness-aware csprng

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* reenable cross on s390x
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* fix more endianness issues, add file creation to copy_from_upstream.py
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* revert: add file creation to copy_from_upstream.py
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
Co-authored-by: Basil Hess <bhe@zurich.ibm.com>
2024-11-11 13:14:40 -05:00
Basil Hess
e26d36ead9
Revert "Disable erroring TravisCI build" (#1960)
* Revert "Disable erroring TravisCI build"

This reverts commit b59d78c0f02455da91ce8a34fa742c2b063ccddd.

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* disable cross on s390x

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

* remove status badge

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-11-11 08:09:42 +01:00
Spencer Wilson
8bf124f1fc
Remove macos-12 runner due to GitHub deprecation. (#1977)
See https://github.com/actions/runner-images/issues/10721.

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-05 11:23:34 -05:00
Spencer Wilson
f7f6af0895
Remove SPHINCS+ aarch64 code (#1972)
* Add a --delete option to copy_from_upstream to remove unwanted implementation subdirectories.
* Enable the --delete option in CI to detect files included by mistake
* Switch to git status --porcelain in CI for script stability
* Remove unused SPHINCS+ aarch64 implementation using the --delete option

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-11-04 16:55:30 -05:00
Nathaniel Brough
35cc700fe5
Make random/functions determinisitic during fuzzing (#1974)
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
2024-11-03 10:33:25 -05:00
Aiden Fox Ivey
05257da106
add C++ linking test (#1971)
Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
2024-11-01 14:05:39 -04:00
Nathaniel Brough
60af4a99e2
Adapt existing sig fuzz harness including more algorithms (#1955)
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
2024-11-01 14:05:04 -04:00
Norman Ashley
3c8bde1b08
Add new API to cleanup OpenSSL threads. (#1959)
* Add new API to clean up OpenSSL threads.

Signed-off-by: Norman Ashley <nashley@cisco.com>

* Updates per review comments.

Signed-off-by: Norman Ashley <nashley@cisco.com>

* Update format

Signed-off-by: Norman Ashley <nashley@cisco.com>

* Apply suggestions from code review

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Norman Ashley <nashley@cisco.com>

---------

Signed-off-by: Norman Ashley <nashley@cisco.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-10-30 12:20:05 -04:00
Douglas Stebila
7132473264
Update CODEOWNERS (#1943)
* Update CODEOWNERS

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

* Additional codeowners changes

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

---------

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2024-10-23 10:22:56 -04:00
Marc Stevens
90030a4ae4
Add benchmarking for stateful hash based schemes: speed_sig_stfl (#1952)
* Add speed_sig_stfl

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* Fix speed_sig_stfl.c: limit timing with max sig ops & provide required secure keystore with dummy keystore

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* Cleanup speed_sig_stfl.c

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* speed_sig_stfl: fix for LMS (secure store context must not be NULL), refresh key when out of sigs for sig benchmark

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* tests/speed_sig_stfl.c: astyle fix

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* tests/speed_sig_stfl.c: stfl sig benchmarks require intermittent resetting of secret key

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* speed_sig_stfl: add speed_sig_stfl to: README scripts/nogress.sh tests/test_speed.py

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* test_speed.py: limit testing of stfl sigs to parameters with 2^10 max sigs

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* scripts/nogress.sh: limit regression tests on stfl sigs to only algorithms with 2^10 max sigs

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* speed_sig_stfl.c: astyle fix

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

* speed_sig_stfl: 1) fix use-after-free bug. 2) Simply return success if keygen and sign are not enabled.

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>

---------

Signed-off-by: cr-marcstevens <github@marc-stevens.nl>
2024-10-22 09:16:56 -04:00
songlingatpan
1d92135e80
[#1823] replace malloc/calloc/strdup/free with openssl allocator (#1926)
* [#1823] replace malloc/calloc/strdup/free with openssl allocator

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* [#1823] update memory allocator for copy_from_upstream

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* [#1823] Use OpenSSL Memory Allocator for BIKE, FrodoKEM, and NTRUPrime

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* [#1823] Add Comments for Doxygen

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* include openssl/crypto.h and resolve conflict varible for ntru

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add openssl version check to fix build error

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Fix build for OQS_DLOPEN_OPENSSL

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* remove OQS_MEM_free

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add allocator check in tests/test_code_conventions.py

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add IGNORE memory-check

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Delect checked allocation functions

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Revert back p_param to p for sntrup

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add allocator check for '.c', '.h', '.fragment'

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add NULL for previous checked allocation

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* Add fprintf error for abort cases

Signed-off-by: Songling Han <shan@paloaltonetworks.com>

* use OQS_EXIT_IF_NULLPTR for checked malloc cases

Signed-off-by: Songling Han <shan@paloaltonetworks.com>


---------

Signed-off-by: Songling Han <shan@paloaltonetworks.com>
2024-10-19 07:21:51 +02:00
Nathaniel Brough
0310631c5f
Add a basic fuzz testing harness for Dilithium2 (#1905)
* Add a basic fuzz testing harness for dilithium2

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>

* Add basic build checks for fuzz tests

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>

---------

Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-10-18 13:16:23 -04:00
Tobias Frauenschläger
81b4452b9a
Fix for Zephyr CI (#1953)
* Revert to latest Zephyr SDK container
* Fix for Zephyr build (missing include for ptrdiff_t)
* Zephyr CI tests are now using Zepyhr V3.4 (minimal supported version)
  and Zephyr V3.7 (current LTS release)

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-10-17 11:16:22 -04:00
Basil Hess
9aa2e1481c
Downgrade zephyr container to v0.26.14 to avoid build failures [full tests] (#1949)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-10-09 16:34:16 +02:00
Basil Hess
329869f559
Update CBOM format to upstream v1.6 (#1834)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-10-03 14:37:24 +02:00
Steen Rasmussen
7f4c89b26f
Don't include dlfcn.h for Windows (#1936)
Signed-off-by: Steen Rasmussen <steen.rasmussen@dencrypt.dk>
Co-authored-by: Steen Rasmussen <steen.rasmussen@dencrypt.dk>
2024-09-30 19:52:06 -04:00
Iyán
a5528768a1
Remove hardcoded build patch from test script (#1938)
If a user has passed a custom build path to cmake, and then calls for
example `ninja -C <custom_build_path> run_tests`, the script
test_acvp_vectors.py fails due to having "build" harcoded in the calls.

Instead, let's use `helpers.get_current_build_dir_name()` to get the build
path and use that instead. This is already done in other scripts (e.g.,
test_binary.py)

Signed-off-by: Iyán Méndez Veiga <me@iyanmv.com>
2024-09-27 15:10:33 -04:00
Spencer Wilson
c4a54769be
Bump version to 0.11.1-dev (#1940)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-09-27 13:56:27 -04:00
Pravek Sharma
26f83d082c
0.11.0 release (#1939)
* Bump version string; update release and security notes.

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Complete release notes

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Remove references to profiling, liboqs-java, and liboqs-dotnet

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Bump SOVERSION

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* Remove "rc1"

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>

* fixup! Remove "rc1"

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fixup! Update README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix release date in RELEASE.md

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-09-27 12:04:09 -04:00
Douglas Stebila
18db4c6a3d
Change README links to be doxygen-friendly (#1927)
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2024-09-25 11:34:35 -04:00
Pravek Sharma
306140ebb5
Patch Kyber to fix ASAN error on ARM64 (#1922)
* Update oldpqclean kyber patches.

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add co-authors. [skip ci]

Co-Authored-By: Kyle Nekritz <knekritz@meta.com>
Co-Authored-By: Mingtao Yang <mingtao@meta.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Kyle Nekritz <knekritz@meta.com>
Co-authored-by: Mingtao Yang <mingtao@meta.com>
2024-09-13 12:10:17 -04:00
JP Lomas
a7bfc8d6ac
Check workflows for issues during CI (#1916)
* Check workflows for issues during CI

This PR adds an Actionlint workflow to validate GH actions as per #1866

This is an updated version of PR #1880, taking into account the discussion on that contribution.

Signed-off-by: JP Lomas <jp@theqrl.org>

* CONTRIBUTING.md update

Documents actionlint use as part of CI basic workflow including instructions of running locally.

Signed-off-by: JP Lomas <jp@theqrl.org>

* Update .github/workflows/basic.yml

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: JP Lomas <jp.lomas@gmail.com>

---------

Signed-off-by: JP Lomas <jp@theqrl.org>
Signed-off-by: JP Lomas <jp.lomas@gmail.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-09-11 16:32:06 -04:00
Spencer Wilson
b37c937a64
Refactor liboqs CI and update Ubuntu images (#1909)
* Refactor liboqs CI to utilize reusable workflows
* Add CI.md documentation file
* Update all Focal jobs to Noble (the latest Ubuntu LTS)
* Minor fixes to address issues related to the update (CT files / syntax / static analysis)

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-09-09 10:43:59 -04:00
Marco Gianvecchio
d93a431aaf
Add CROSS (#1881)
* add CROSS upstream

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* add KATs

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* add docs

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* add Zephyr config

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* run copy_from_upstream.py

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* fix: counter i in generate_merkle_proof shadows previous declaration

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* "claimed-security" is BUFF (instead of EUF-CMA)

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* add CROSS to NIST_SIG_ONRAMP

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* "claimed-security" is set to EUF-CMA by liboqs

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* don't use threads for CROSS variants with large stack usage

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* int defines in api.h don't need to be "L"

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* added auxiliary-submitters

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* fixed indentation
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* disabled variants with large stack usage in zephyr

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* added contributors
[trigger downstream]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* updated codeowners and contributors
[trigger downstream]
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

* moved test from ubuntu-focal-clang15 to ubuntu-jammy-clang14
Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>

---------

Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Pravek Sharma <sharmapravek@gmail.com>
2024-09-03 15:45:37 -04:00
Pravek Sharma
6d92fc4a6e
Update checkout action in weekly.yml (#1908)
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2024-08-27 16:11:18 -04:00
Basil Hess
dc4deaa4e1
Add ML-KEM / FIPS203 final (#1899)
* Add ML-KEM
* Add ACVP vectors for ML-KEM
* Removes ML-KEM-ipd

---------
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-08-27 18:57:04 +02:00
Douglas Stebila
8d173c5e97
Remove old ad hoc CI for Apple M1 (#1907)
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
2024-08-27 10:13:28 -04:00
Sergey Fedorov
0a8ec57414
CMakeLists: add ppc case (#1816)
Signed-off-by: Sergey Fedorov <barracuda@macos-powerpc.org>
2024-08-27 16:09:41 +02:00
Pravek Sharma
a6e0bfcb75
Fix incorrect formatting in unix.yml (#1902)
* fix GH action file unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* add additional test entries under include for testing libjade in unix.yml and weekly.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2024-08-26 16:38:57 -04:00
Spencer Wilson
66f713f550
Update OpenSSH downstream branch to OQS-v9 (#1898)
* Trigger GitHub CI for OpenSSH OQS-v9

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-08-22 09:51:54 -04:00
Basil Hess
6a24482eac
Disable erroring TravisCI build (#1901)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-08-22 13:14:07 +02:00
Loganaden Velvindron
9901a286ca
Use explicit_memset if available. NetBSD has support for it: (#1872)
https://man.netbsd.org/NetBSD-10.0/explicit_memset.3

Work done together with Ritesh Gomind & Ali Koheeallee
from University of Mauritius RICRG while porting liboqs to NetBSD.

Signed-off-by: Loganaden Velvindron <logan@cyberstorm.mu>
2024-08-20 09:13:44 -04:00
Pravek Sharma
e520ec1c38
Integrate Kyber from libjade (#1745)
* Add copy_from_libjade.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Modify copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add patches for libjade Kyber code

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update alg_support.cmake templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM famiy templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Correct copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Modify copy_from_upstream.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM family templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix KEM family templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix KEM family templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update templates for build system files

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update build system files

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix add_enable_by_alg_conditional.libjade

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM family templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update copy_from_upstream.yml with libjade implementation info

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Edit KEM templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix KEM temlates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Run copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add libjade_shim

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Add jasmin/libjade namespaces to test_binary.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update testing

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Allow manually triggering CI tests

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Change container for upstreamcheck in unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Edit unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Edit unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Restrict copying of code from libjade repo to relevant files

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Remove irrelevant libjade code

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Remove redundant KEM templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update KEM template to accomodate new dir structure

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Debug: tweak unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Re-build libjade with jasmin version used in CI

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Debug: undo unix.yml tweak

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Allow MSVC to ignore libjade_shims

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Simplify name scheme for libjade code

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update alg docs, libjade code name scheme, and license

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update copy_from_upstream documentation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix copy_from_upstream.py and simply libjade code name scheme

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update alg docs and CBOM

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Correct alg doc generation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Generate CBOM with unique bom-ref

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Cleanup unix.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix patches to include api.c; fix kem templates

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix kyber patch

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* turn off weekly constant time tests for libjade implementations

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update documentation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* change upstream to stable libjade release

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix kyber documentation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix kyber documentation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix kem template again

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix weekly.yml and unix.yml to test libjade code

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* rename libjade asm files from *.s to *.S

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* end libjade_kyber*/api.c files with newline

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix kem template to prevent duplicate symbols in object files

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix indentation in weekly.yml

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* skip testing libjade on macos-14 in CI

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* use release tag/branch with libjade upstream url instead of commit

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix build error when OQS_ENABLE_LIBJADE_KEM_ALG=OFF

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* initialize LIBJADE_RANDOMBYTES when OQS_LIBJADE_BUILD=OFF

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* remove redundant comment

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix comment typo

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* make string explicit when comparing with variable in cmake

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* add libjade kyber licensing to README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* remove reference to oldpqclean_kyber* code from libjade if branchin kem_kyber_*.c

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update CMakeLists.txt

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* track jasminc version in copy_from_libjade.yml; check jasminc version in copy_from_upstream.py

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* add OQS_LIBJADE_BUILD to build flags output

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* remove link from CONFIGURE.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Update libjade to dual license

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Patch gcc version for MacOS CI runs

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix doc generation

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* Fix libjade docs

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* fix license info in README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update libjade_randombytes spdx-license

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-08-18 12:02:37 -04:00
Spencer Wilson
fc2264d150
Fix overflow in example_sig_stfl (credit @wangweij) (#1887)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-08-12 15:54:11 -04:00
Spencer Wilson
4f8c9e2c67
Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux (#1873)
* Don't hardcode OPENSSL_ROOT_DIR to /usr on Linux

* Run buildcheck with latest docker image

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-08-09 13:14:47 -04:00
Spencer Wilson
2acfd964b9
Fix downstream CI trigger (#1857)
Explicitly use secret variable in GitHub Actions workflow

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-30 13:16:28 -04:00
Spencer Wilson
3488f0a598
Check return value of fscanf in LMS/XMSS KAT tests (#1874)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-29 17:43:09 -04:00
Spencer Wilson
841e903b05
Quick fixes from Trail of Bits audit Week 1 (#1869)
* Remove unused variables from CI workflows

* Add missing OpenSSL guards

* Fix broken link and misplaced comment in common.c

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-29 11:01:03 -04:00
Spencer Wilson
45972eaa42
Add a convenience script for consistent astyle formatting (#1861)
* Add script to format code in a CI container

* Update CONTRIBUTING.md to document script
---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-26 08:39:10 -04:00
Spencer Wilson
2f02bf44e3
Move from CircleCI to GitHub Actions (#1849)
Duplicate jobs from the CircleCI workflow as closely as possible in GitHub Actions. Remove Ubuntu Bionic / i386 support in CI.

---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-24 13:07:57 -04:00
Basil Hess
476f8352d0
ML-KEM NIST tests, fix order of d and z (#1854)
* ML-KEM NIST tests, fix order of d and z

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-07-24 08:45:22 +02:00
Basil Hess
0f837591c7
Fix passes.json entries for MAYO (#1852)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-07-22 16:58:29 +02:00
Spencer Wilson
62e9026bd6
Use cmake -LA -N instead of cmake -LA in CI (#1848)
To ensure that there are no unwanted no side effects when the library config is printed.
---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-07-21 09:30:11 -04:00
Andrés Vega
60cd3d83c9
Fix CI status badges for CircleCI and Travis CI (#1844)
- Update CircleCI badge to use shield style
- Correct Travis CI badge URL and use shields.io for better customization
- Remove redundant text labels preceding badges

Signed-off-by: Andrés Vega <av@monkey.org>
2024-07-18 14:14:58 -04:00
dependabot[bot]
5670edf59f Bump zipp in /scripts/copy_from_upstream in the pip group
Bumps the pip group in /scripts/copy_from_upstream with 1 update: [zipp](https://github.com/jaraco/zipp).


Updates `zipp` from 3.4.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](https://github.com/jaraco/zipp/compare/v3.4.0...v3.19.1)

---
updated-dependencies:
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-16 11:28:26 -04:00
Basil Hess
4cc88845e8
Add MAYO signature scheme from NIST onramp (#1707)
Add MAYO signature scheme from NIST onramp, C and AVX2 versions
Add AES128CTR to common code

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-07-13 21:38:01 +02:00
Daiki Ueno
26feef2e8a
Expose callback API for replacing low-level cryptographic primitives (#1832)
This makes the callback API to replace low-level cryptographic
implementation public again after open-quantum-safe#1667.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-11 11:53:46 -04:00
Nigel Jones
d2089c5017
Add OpenSSF scorecard
pinned python/gh action dependencies, explicit action permissions 
Fixes #1706

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-07-01 15:03:56 +02:00
Duc Tri Nguyen
51ddd33cc0
Add XMSS-SHAKE256_{10, 16, 20}_256 parameters (#1819)
* add XMSS-SHAKE256_*_256 parameters

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

* [trigger downstream]

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

---------

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
2024-06-25 15:29:30 +00:00
Duc Tri Nguyen
e3f05cbfba
add XMSS-SHAKE256_*_192 parameters (#1818)
make server astyle happy

update xmss.yml

update algorithm list and README



clean up



[trigger downstream]

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
2024-06-18 18:31:43 +00:00
Duc Tri Nguyen
5e3111617b
Add XMSS-SHA256_{10, 16, 20}_192 parameters (#1817)
* add XMSS-SHA2_*_192 parameters

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

make astyle happy

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

update xmss.md

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

update algorithm list

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

* [trigger downstream]

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

* format xmss.md

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

* [trigger downstream]

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>

---------

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
2024-06-18 13:34:21 -04:00
Spencer Wilson
21ab5930f0
Increment version [skip ci] (#1813)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-06-18 13:31:43 -04:00
qnfm
c8a2beb5a6
Fix test_alg_info.py on Windows platform (#1821)
* Fix test_alg_info.py on Windows platform

Signed-off-by: zinag <uzinag@163.com>

* Remove incorrect print

Signed-off-by: zinag <uzinag@163.com>

---------

Signed-off-by: zinag <uzinag@163.com>
2024-06-17 09:19:22 -04:00
Spencer Wilson
6ee5de2522
Move Linux ARM64 "build" test from CircleCI to GitHub Actions (#1814)
---------

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-06-11 15:47:30 -04:00
Spencer Wilson
39688e908b
Forward-declare OQS_SIG type in sig_stfl.h (#1820)
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-06-11 14:55:29 -04:00
Norman Ashley
971173ad82
Add Stateful Signature (XMSS and LMS) (#1650)
Add support for LMS and XMSS. Key generation and signing are disabled behind a feature flag labelled "hazardous experimental."

---------

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Norman Ashley <nashley@cisco.com>
Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
Co-authored-by: Duc Nguyen <106774416+ducnguyen-sb@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Duc Nguyen <ductri.nguyen@sandboxquantum.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Jason Goertzen <133878263+jgoertzen-sb@users.noreply.github.com>
2024-06-05 15:59:40 -04:00
Nigel Jones
0a89cf6fd4 ensure no autoupdate
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-06-05 12:18:10 +02:00
Nigel Jones
8066012110 add back gcc override
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-06-05 12:18:10 +02:00
Nigel Jones
41699656cd remove gcc override to validate gcc change resulted in build success (and this fails)
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-06-05 12:18:10 +02:00
Nigel Jones
9ae06c545f Force gcc 13.2.0 over 13.3.0
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2024-06-05 12:18:10 +02:00
Basil Hess
982c762c24 Pull Kyber/ML-KEM CT-Fix from upstream
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-06-05 12:02:05 +02:00
Basil Hess
755c023102
Fix for incorrect macros in signatures. (#1799)
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
2024-05-28 16:25:59 +02:00
Bence Mali
7eecda6095
Errors not printed when OPENSSL_NO_STDIO is set (#1774)
Signed-off-by: Bence Mali <bence.mali@tresorit.com>
2024-05-20 17:51:32 +02:00
Bence Mali
9c097d997c
use OPENSSL_cleanse if OpenSSL is used (#1773)
Signed-off-by: Bence Mali <bence.mali@tresorit.com>
2024-05-20 17:51:03 +02:00
Dmitry Belyavskiy
a5ec23cf19
Algorithm selection clarification (#1784)
Resolves: #1781

Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com>
2024-05-07 16:00:13 +02:00
dependabot[bot]
4b8d10d65f
Bump jinja2 from 3.1.3 to 3.1.4 in /scripts/copy_from_upstream (#1782)
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-07 08:49:10 -04:00
Ry Jones
b392919f6e Add workflow dispatch to action
Signed-off-by: Ry Jones <ry@linux.com>
2024-05-04 08:37:39 -07:00
Pravek Sharma
a23046ffce
Fix README.md to work with Doxygen release 1.10.0 (#1775)
* fix link in README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* simplify linux and mac link in README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update Doxyfile

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update CI to use /scripts/run_doxygen.sh

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
2024-05-03 15:21:47 -04:00
Vlad Gheorghiu
9c8db18ec1
Update README.md (#1769)
fixed typo in link

Signed-off-by: Vlad Gheorghiu <vsoftco@gmail.com>
2024-04-25 11:33:38 -04:00
Michael Baentsch
2bb1d2584c
restrict Windows platform support documentation [skip ci] (#1762)
Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2024-04-23 17:53:27 +02:00
d0p1
edfed5f0b9
fix build shared lib on msys (#1758)
Signed-off-by: d0p1 <contact@d0p1.eu>
2024-04-23 11:37:34 -04:00
carson radtke
7b6d9f3326 add compile_commands.json to .gitignore
We set CMAKE_EXPORT_COMPILE_COMMANDS=ON so the compilation database is
automatically exported to the build directory. However, many language
servers expect this file to be in the project root directory, so a common
post-build step is to:

```shell
$ ln -s <build-directory>/compile_commands.json
```

This PR enables developers to do this without having to worry about
accidentally commiting a symlink file.

Signed-off-by: carson radtke <nosrac925@gmail.com>
2024-04-15 17:07:47 -07:00
Weijun Wang
6f0c46187c
remove "maximum" words for various length fields (#1747)
Signed-off-by: Weijun Wang <weijun.wang@oracle.com>
2024-04-09 10:13:13 -04:00
Eddy Kim
cfc41f7560
Refactor OpenSSL Implementation of SHA3 SHAKE to use new Squeeze API (#1694)
* Refactor OQS OpenSSL SHA3 SHAKE to use new EVP_DigestSqueeze() #1539

* Add OpenSSL 3.3.0 test and conditional fix

* Update ref to use human readable commit tag

Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-04-07 19:27:15 +02:00
matlimatli
701dea5d2a
Allow windows linking of test programs (#1751)
The kat_kem and kat_sig programs could not be linked when building natively on windows. This was caused by multiple definitions of symbols. By using the /FORCE:MULTIPLE compiler option, this is allowed, similar in spirit to what was already used for cross-compiling to Windows.

Fixes #1749

Signed-off-by: Mattias Lindblad <matlin@gmail.com>
2024-04-07 19:00:08 +02:00
Daiki Ueno
32afec8fcc
Add option to dynamically load libcrypto.so.* (#1603)
* sha2: Use EVP_MD_CTX_free instead of EVP_MD_CTX_destroy

According to the manual page, EVP_MD_CTX_destroy has been renamed to
EVP_MD_CTX_free in OpenSSL 1.1.0 and only provided as a compatibility
macro in later OpenSSL releases:
https://www.openssl.org/docs/man1.1.1/man3/EVP_MD_CTX_free.html

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* ossl_helpers: Use pthread_once instead of CRYPTO_THREAD_run_once

Throughout the code base, liboqs uses pthread_once for one-shot
initialization and falls back to thread-unsafe code if it is not
supported nor enabled on the system.  For consistency and to remove
additional dependency on OpenSSL, this switches the use of
CRYPTO_THREAD_run_once with that.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* Make common algorithms pluggable

This allows applications to replace the implementation of common
cryptographic algorithms at runtime, by setting callback functions for
each operations with OQS_AES_set_callbacks, OQS_SHA2_set_callbacks,
OQS_SHA3_set_callbacks, and OQS_SHA3_x4_callbacks.  Those functions
may be called once before OQS_init; otherwise the default
implementation will be used.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* Add option to dynamically load libcrypto.so.*

This adds OQS_DLOPEN_OPENSSL build option to use OpenSSL through
dynamically loaded libcrypto.so.* with dlopen, instead of linking to
the library at build time.

That way the applications could use their favorite implementation of
common cryptographic primitives without pulling in the OpenSSL as a
hard dependency.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* Add tests for OQS_*_set_callbacks

This adds tests that exercise OQS_*_set_callbacks by overriding one of
the function of each and ensuring the wrapper function is called.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

---------

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-04-05 16:20:17 +02:00
PI
7a6df815bb
Document Fix (#1735)
Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com>
2024-04-04 14:01:52 -04:00
Michael Baentsch
5ac9bcfb2f
switching to dev mode again (#1743)
* switching to dev mode again

* activating backwards compatible pip3 mode

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2024-04-03 15:19:33 +02:00
Amir Ayupov
3dd478e157 [NFCI] Move Keccak rhotates tables to rodata
rhotates tables are placed to .text section which confuses tools such as
BOLT. Move them to rodata to unbreak and avoid polluting icache/iTLB
with data.

1. Update patch file using the steps in scripts/copy_from_xkcp/README
2. Apply the updated patch with scripts/copy_from_xkcp/package.sh

Sync with XKCP upstream: https://github.com/XKCP/XKCP/pull/137
Similar fix in OpenSSL: https://github.com/openssl/openssl/pull/21440
Redo of https://github.com/open-quantum-safe/liboqs/pull/1508

Signed-off-by: Amir Ayupov <aaupov@fb.com>
2024-04-02 10:49:03 -04:00
Douglas Stebila
36be57445d
0.10.0 release (#1734)
* Bump version string, add release notes, dates, and update support level

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>

---------

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2024-03-23 13:34:28 +01:00
Tobias Frauenschläger
d183ed3266 Minor update for the Zephyr port
* Make ML-KEM and ML-DSA user configurable using Kconfig
* Enable ML-KEM and ML-DA by default
* Disable Kyber and Dilithium Round 3 by default

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-03-15 11:26:37 -04:00
Spencer Wilson
1bc6d11ef4
Always build "internal" library as static (#1725)
* Always build oqs-internal library as static

Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-03-13 10:56:00 +01:00
Michael Baentsch
d03535006c
improve algorithm documentation [skip ci] (#1721)
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-03-07 14:35:04 -05:00
Spencer Wilson
565ab5c5f1
Fix SPHINCS+ naming in CT json file [skip ci] (#1720) 2024-03-07 10:48:54 -05:00
Basil Hess
0961090529
Fix for alg_support.cmake (#1716)
* Ensure aliases are activated with cmake
* Updates alg_support fragments: ensure that dependencies (aliases and platform-specific code) are activated after applying filter_algs
* Adds bike_l5 to NIST_R4 algorithms
* add CI test for aliases
* remove ml_kem ipds from STD filter_algs
* decouple name and alias
* fixing vector tests
2024-03-07 11:18:15 +01:00
Spencer Wilson
7e5dbaf2e8
Support Falcon PADDED format (#1710)
Additionally:
- re-enable Falcon-1024 in weekly KAT tests
- Update Falcon licence documentation
- Update deprecated CircleCI image
2024-03-06 12:02:43 -05:00
Michael Baentsch
bdce954010
fix documentation generation (#1715) 2024-03-04 15:11:27 +01:00
Michael Baentsch
9ede9e232b
remove references to unsupported openssh [skip ci] (#1713) 2024-03-04 08:59:12 +01:00
Tobias Frauenschläger
5690baebe4
Fix for the Zephyr CI tests (#1714)
Create only a minimal Zephyr installation to run CI tests and increase timeout of the Signature test.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-03-01 09:40:08 -05:00
Jason Goertzen
890a6aa448
Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] (#1699)
This PR updates the OpenSSL link to point to oqs-provider now that OpenSSL1.1.1 is deprecated.

Co-authored-by: Martyrshot martyrshot@gmail.com <>
2024-02-27 17:42:58 +01:00
Spencer Wilson
c119f20f63
Move macOS CI tests to GitHub Actions; add M1 CI tests (#1709)
* Move all CircleCI macOS jobs to GitHub

* Unify macOS and Linux workflows so that both pend minimal tests

* Fix a build warning on macOS
2024-02-27 10:35:53 -05:00
Basil Hess
154ae5cc33
Small fixes after adding ML-* (#1702)
* - Fixes list_standardized_algs fragment
- Fixes fetch_values.sh script to (re-)generate ML-* vectors

* consider aliases in STD filter
2024-02-23 09:38:57 +01:00
Basil Hess
60adf53107
Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors (#1626)
Pulls ML-DSA-ipd and ML-KEM-ipd
Adds test cases with NIST supplied test vectors for ML-DSA/ML-KEM
Adds aliases (ML-<name> are aliases of ML-<name>-ipd)
[trigger downstream]
2024-02-19 10:28:28 +01:00
Jason Goertzen
6b06e87255
update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] (#1701) 2024-02-17 11:46:05 -06:00
Spencer Wilson
ac164b4084
Fix bug in cross-compilation for Windows; update CI (#1696) 2024-02-13 10:43:27 -05:00
Jolene Tan
f371848268
set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin (#1695) 2024-02-12 17:15:02 +01:00
Michael Baentsch
3e34ed1854
properly document release support level [skip ci] (#1688) 2024-02-08 15:35:36 +01:00
Spencer Wilson
f468d212f2
Update Markdown from YAML (#1690) 2024-02-07 16:32:06 -05:00
Spencer Wilson
da3dab860d
Update SPHINCS+ "clean" suppression files (#1683) 2024-02-07 13:30:32 -05:00
Spencer Wilson
dea517016c
Update McEliece suppression files for generic config (#1677) 2024-02-07 13:27:07 -05:00
Spencer Wilson
f1f11b5a16
Rename weekly runs and skip Falcon-1024 (#1684) 2024-02-07 13:25:50 -05:00
Martyrshot martyrshot@gmail.com
61b5e8caef Fix link in GOVERNANCE.md 2024-02-06 10:32:10 -05:00
Spencer Wilson
64b7921e34
Trigger oqs-provider release tests on releases or as requested (#1654)
Add CI functionality to trigger the oqs-provider release test workflow on `release.published` events.

The workflow will also be triggered manually on commits whose message ends in "[trigger downstream]".
2024-02-05 09:54:50 -05:00
Spencer Wilson
3b103f8495
Discontinue AppVeyor CI testing (#1682) 2024-02-05 09:05:08 -05:00
Jolene Tan
670cefd429
set_available_cpu_extensions with pthread_once (#1671) 2024-02-01 13:35:50 +01:00
Jolene Tan
688bdb431f
find_package(Threads) regardless of BUILD_ONLY_LIB (#1653)
* find_package(Threads) regardless of BUILD_ONLY_LIB

* New macro OQS_USE_PTHREADS conditioned on embedded
2024-01-31 09:17:56 +01:00
Spencer Wilson
6bce0103a0
Update BIKE documentation to exclude x86 (#1679)
* Update BIKE documentation to exclude x86; clarify comments in
alg_support

* Update Markdown
2024-01-30 16:03:15 -05:00
Spencer Wilson
7c56bcb6ce
Test against all 100 KAT values (#1560)
Run full KAT tests weekly. All should pass except Falcon-1024, which is pending upstream changes.

---------

Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2024-01-30 16:01:46 -05:00
Spencer Wilson
f606d3d326
Fix memory sanitizer compile flag (#1680) 2024-01-30 16:00:00 -05:00
Douglas Stebila
2f4a25c8de Minor wording changes based on suggestions 2024-01-23 09:59:30 -05:00
Douglas Stebila
901cff8fd2 Update GOVERNANCE.md [skip ci]
Co-authored-by: Jason Goertzen <Martyrshot@gmail.com>
2024-01-23 09:59:30 -05:00
Michael Baentsch
0f245e76be Update GOVERNANCE.md
Co-authored-by: Jason Goertzen <Martyrshot@gmail.com>
2024-01-23 09:59:30 -05:00
Michael Baentsch
5fcc0def3e Update GOVERNANCE.md
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-01-23 09:59:30 -05:00
Douglas Stebila
7f67d9175b Some more language about contributors 2024-01-23 09:59:30 -05:00
Douglas Stebila
d7c03c328b Edits to governance document 2024-01-23 09:59:30 -05:00
Michael Baentsch
3f67c90e9f explicitly adding lazy consensus as primary governance principle 2024-01-23 09:59:30 -05:00
Michael Baentsch
ce26db233b first cut at governance file [skip ci] 2024-01-23 09:59:30 -05:00
Spencer Wilson
93c5d489c7 Remove reference to old BIKE variants from CONFIGURE.md [skip ci] 2024-01-22 15:25:42 -05:00
Spencer Wilson
cc453db4a6
Make internal API available to (only) test programs (#1667)
* Separate public and internal headers

* Add necessary #include statements in FrodoKem code

* Build oqs-internal library

* Link test programs with oqs-internal

* Update header file documentation

* Refactor test Makefile

* Move rand_nist to internal API only

* Delete nistseedexpander shim

* Remove internal headers from Doxyfile
2024-01-22 09:03:35 -05:00
Douglas Stebila
88b69e441b Clarify that copyright is held by authors and not the project itself 2024-01-18 12:55:41 -05:00
Tobias Frauenschläger
61e0fa99da Zephyr: CMake fixes
* Minor fixes for the `CMakeLists.txt` file in the `zephyr` directory
propably happened during rebasing of #1641.
* Minor improvements to the Zephyr specific CMake workarounds
* RiscV distinct board references have been removed to
support all RiscV boards Zephyr supports.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-16 14:51:59 +01:00
trigpolynom
bb23b3f61b
Riscv zephyr support (#1641)
* added riscv32 to zephyr (qemu)

* added to PLATFORMS.md
2024-01-14 08:37:50 +01:00
dependabot[bot]
5bee5aa2dd
Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream (#1661)
* Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream

Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.3 to 3.1.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/2.11.3...3.1.3)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump MarkupSafe version for compatibility with Jinja2

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-01-14 08:34:18 +01:00
Tobias Frauenschläger
eb4b71d207
Zephyr: fixes for platform support (#1658)
This commit fixes platform support for Zephyr. Mainly, x86_64 has been
missing. Furthermore, the 32/64 bit handling has been improved and
simplified.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-13 07:36:48 +01:00
dependabot[bot]
62d0ec258c
Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream (#1659)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.37 to 3.1.41.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.37...3.1.41)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-12 10:01:57 -05:00
Spencer Wilson
c2c969c028 Run copy_from_upstream 2024-01-08 11:51:01 -05:00
Spencer Wilson
0e0c2cfb18 Update to most recent Kyber commit 2024-01-08 11:51:01 -05:00
Spencer Wilson
1356ad102a Run copy_from_upstream 2024-01-08 11:51:01 -05:00
Spencer Wilson
2336702600 Update Kyber ARM patch to reflect pq-crystals/kyber@272125f 2024-01-08 11:51:01 -05:00
Pravek Sharma
bf294f9ba1 Run copy_from_upstream.py 2024-01-08 11:51:01 -05:00
Pravek Sharma
e33e7614f9 Update copy_from_upstream.py 2024-01-08 11:51:01 -05:00
Michael Baentsch
ed86578c03
Correct cmake version requirement (#1643)
* upgrade minimum cmake version supported: cmake 3.15 is first version accepting object lists for TARGET_OBJECTS
2024-01-04 11:05:47 +01:00
cothan
b19697422f Update tests/constant_time/sig/passes/falcon_keygen
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2024-01-02 12:28:13 -05:00
cothan
f123fdc73a fix space 2024-01-02 12:28:13 -05:00
cothan
985336718f fix avx2 constant time 2024-01-02 12:28:13 -05:00
cothan
acc915dfdf fix falcon generic 2024-01-02 12:28:13 -05:00
Spencer Wilson
acac4e998a
Fix BIKE constant-time errors (#1632)
* Document BIKE CT issues

* Document / fix BIKE constant-time errors

* Revert "< 64" comparison change

* Add and use secure_cmpeq64_mask function

* Remove unnecessary static_assert
2024-01-02 09:40:34 -05:00
Basil Hess
6982f4c28f
Adds patch to aarch64 Kyber pulled from PQClean for variable-time division in poly_tomsg. (#1636) 2023-12-26 12:12:07 +01:00
Tobias Frauenschläger
4906c3fc88
Add support for embedded Zephyr RTOS (#1621)
* Zephyr RTOS support

This commit adds initial support for the zephyr operating system. Some
minor changes to the library build system have been made for it to be
compilable with zephyr. Furthermore, we added support for an embedded
build option to disable standard library methods for random number
generation.

* Zephyr: added algorithm selection

The algorithms can now be selected with Kconfig. Per default, we only
enable the algorithms selected by NIST to be standardized. However, all
supported algorithms can be enabled or disabled individually on a per
project basis.

* Zephyr: added testable samples

Added two sample applications within the zephyr directory for KEMs and
Signatures. These are also intended for CI testing.

* Zephyr: added CI tests

* Zephyr: Add documentation

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-20 08:20:56 +01:00
Michael Baentsch
8449e54649
platform support documentation (#1605)
* add platform support documentation

* Add CT-tested Tier 0

* Downgrade ppc and s390x to Tier 3

---------

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2023-12-16 14:31:51 +01:00
Basil Hess
0febc30848
pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) 2023-12-15 19:41:51 +01:00
Basil Hess
cd67eed98c
update .travis.yml (#1629) 2023-12-14 20:07:08 +01:00
Spencer Wilson
d1e99b3f85
Ensure generic OQS_OPT_TARGET in weekly CT tests (#1618) 2023-12-06 12:00:20 -05:00
Michael Baentsch
78e65bf143
add uninstall support (#1604) 2023-11-07 16:59:03 -05:00
Spencer Wilson
aeac3a441d
Pull new HQC implementation from upstream (#1585)
* Update Sphincs+ PQClean patch

* Don't apply PQClean Dilithium and Kyber patches

* Run copy_from_upstream; don't apply Dilithium and Kyber changes

* Run HQC KATs with custom PRNG

* Satisfy astyle

* Add licence for common code

* Fix CI build errors

* Update HQC version, OQS version, and SOVERSION

* Move HQC PRNG into test file

* Satisfy astyle

* Fix SHA3 link error

* Reset HQC issues/passes

* fixup! Fix SHA3 link error

* fix kat_kem linkage to make HQC PR pass CI (#1601)

* fix kat_kem linkage

* remove armhf CI support

* Revert "remove armhf CI support"

This reverts commit af759bbf743bb3ecc2e7315cf10c1785e93bcc05.

---------

Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2023-11-06 16:40:50 -05:00
Vlad Gheorghiu
b94ee464e9
minor updates (#1600)
* minor updates

* Update README.md [skip ci]

---------

Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2023-11-02 21:07:11 -04:00
Jolene Tan
1bb9887e8a
Call Keccak_(X4_)Dispatch with pthread_once (#1549)
* Call Keccak_(X4_)Dispatch with pthread_once

* Link Threads in common and tests
2023-11-01 10:09:08 +01:00
Michael Baentsch
02da5677ea
enable several pqclean upstreams (#1595) 2023-10-30 16:43:10 +01:00
Michael Baentsch
bd943ce5ee
Run copy_from_upstream and test (#1589)
* update docs from copy_from_upstream

* move cleanup code to the end to ensure documentation patches survive
2023-10-30 06:32:31 +01:00
Iyán
bac716cc91
Add section to CONFIGURE.md link (#1578)
Without it, doxygen (at least, version 1.9.8) gives the following error:
unable to resolve reference to '/liboqs/CONFIGURE.md' for \ref command

This makes scripts/run_doxygen.sh return exit code 1 instead of 0, and
causes `ninja gen_docs` to fail
2023-10-18 14:19:03 -04:00
Jolene Tan
b7f35d76c5
Use CMAKE_USE_PTHREADS_INIT (#1576) 2023-10-18 14:17:53 -04:00
Michael Baentsch
b7c623e732
PR template update & OpenSSL clarification (#1582)
* add test requirement to PR template

* add OpenSSL 1.1.1 caveat

* remove OQS-OpenSSL111 and OQS-BoringSSL from PR template checklist

* add link to documentation of OPENSSL_ROOT_DIR
2023-10-17 06:30:03 +02:00
Douglas Stebila
7c3a0e9aa7 liboqs 0.9.0 release 2023-10-12 16:42:15 -04:00
dependabot[bot]
3982ff7c39
Bump gitpython from 3.1.35 to 3.1.37 in /scripts/copy_from_upstream (#1575)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.35 to 3.1.37.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.35...3.1.37)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:37:07 -04:00
Michael Baentsch
a80fdf8ee4
add community standard documentation [skip ci] (#1565) 2023-10-04 08:10:52 +02:00
Spencer Wilson
f0326a4220
liboqs 0.9.0 release candidate 1 (#1570)
* Update version number and add release notes

* Fix noregress script

* Fix date in release notes
2023-09-29 15:31:56 -04:00
Pravek Sharma
cdc8a971c6
Update Classic McEliece supression files (#1568) 2023-09-28 16:30:11 -04:00
Spencer Wilson
a6b4e57ec5
Set OQS_DIST_BUILD=OFF for weekly Haswell constant-time tests (#1567) 2023-09-28 10:47:10 -04:00
Pravek Sharma
1e094b136b
Fix weekly.yml to skip McEliece (#1562) 2023-09-27 16:11:56 -04:00
Raihaan Shouhell
352cd051f2
build: set folder as ./build/test when using VS (#1557)
This aligns the output folder for tests much like other
platforms.
2023-09-22 16:08:15 +02:00
Raihaan Shouhell
007219c347
ci: github actions CI for Windows x86 and x64 (#1554)
* ci: add windows x86 builds

* ci: run windows tests
2023-09-20 14:46:50 -04:00
Pravek Sharma
e6c650c2ef
Document Falcon constant time errors (#1552)
* Document Falcon constant time errors.

* Update McEliece docs.

* Update Falcon YML to include aarch64 implementation

* Correct Falcon docs.

---------

Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
2023-09-18 13:04:41 -04:00
Raihaan Shouhell
b8a0bc72dd
Add Windows ARM64 support (#1545) 2023-09-13 15:09:40 +02:00
Raihaan Shouhell
cc313b2b88
Add CI for apple mobile platforms (#1546)
* ci: add CI for apple mobile platforms

* ci: run github actions on pull request
2023-09-13 09:08:14 -04:00
Spencer Wilson
f761b06c3d
Pull Neon implementation of Falcon from PQClean (#1547)
Pull aarch64 implementation of Falcon from PQClean

---------

Co-authored-by: Duc Nguyen <ductri.nguyen@sandboxquantum.com>
2023-09-13 08:59:11 -04:00
Pravek Sharma
7ef422a6f5
Update Classic McEliece suppression files (#1541)
* Update McEliece supression files.

* Update McEliece advisories.

* Update weekly constant time test workflow.

* Update weekly constant time test workflow. Update McEliece supression files.

* Update BIKE advisories.

* Restored BIKE advisories. Deleted unused BIKE supressions.
2023-09-13 08:46:45 -04:00
dependabot[bot]
456015c16f
Bump gitpython from 3.1.34 to 3.1.35 in /scripts/copy_from_upstream (#1551)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.34 to 3.1.35.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.34...3.1.35)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-12 19:42:38 +02:00
Raihaan Shouhell
b3b0fbb16c
Prefer arc4random on Apple platforms (#1544)
* Prefer arc4random_buf on Apple platforms

We swap from getentropy() to arc4random_buf on Apple
platforms as Apple's documentation discourages its use.

This also allows us to not have to use SecCopyRandomBytes
which can fail. arc4random_buf() however never fails.

* Remove linking to unused Security framework
2023-09-10 11:24:52 -04:00
dependabot[bot]
0dafd4f02c
Bump gitpython from 3.1.32 to 3.1.34 in /scripts/copy_from_upstream (#1538)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.32 to 3.1.34.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.34)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 07:59:51 +02:00
Michael Baentsch
f2f9076693
re-enable armhf speed testing (#1535) 2023-08-28 08:51:32 +02:00
Raihaan Shouhell
914764c9cc
Add CI for android (#1531) 2023-08-22 14:05:44 -04:00
dependabot[bot]
dcecd03d3c
Bump gitpython from 3.1.30 to 3.1.32 in /scripts/copy_from_upstream (#1524)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.30 to 3.1.32.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.32)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-15 11:22:12 -04:00
Pravek Sharma
348ab36bbe
Update Classic McEliece supression files (#1527)
* Update constant suppression supression files for Round 4 Classic McEliece.

* Update constant suppression supression files for Round 4 Classic McEliece.
2023-08-15 10:48:54 -04:00
Michael Baentsch
ebf4638ab9
Bump XCode (#1526)
* update XCode version in CCI

* add OpenSSL to MacOS CCI
2023-08-12 11:58:25 -04:00
Douglas Stebila
d14825a755
Pull Falcon updates from PQClean (#1523)
c3abebf4ab
2023-08-10 13:43:23 -04:00
Basil Hess
be678118a5
kyber/dilithium aarch64 pull from pqclean + patches (#1512)
* fix compiler warning/error in aes256_armv8.c

* pull pqclean+paches

* pull pqclean+paches

* remove old patches & update algorithm md/yml

* add new patches

* add patch with fixes for arm/kyber768+kyber1024

* update licenses in yamls and mds

* update kyber/dil suppression files

* removes superfluous pqclean Makefiles & updates copy_from_upstream script to handle this case

* update license infos
2023-08-04 16:52:49 -04:00
Michael Baentsch
6c20a7ddeb
update BIKE documentation [skip ci] (#1509) 2023-07-18 17:03:36 +02:00
Pravek Sharma
0b64ca3c91
Update Classic McEliece (#1470)
* Update Classic McEliece

* Run copy_from_upstream.py

* Change crypto_declassify.h license

* Remove old McEliece vec/avx directories

* Add add_compile_options(-Wno-language-extension-token) to comipler_opts.cmake

* Fix CI errors. Reduce McEliece optimisation from -03 to -01. Patch PQClean McEliece.

* Update liboqs version number. Fix comments.

* Increment SOVERSION.

* Update Classic McEliece advisories. Replace

* Update Classic McEliece documentation YAML. Update KEM CMakeLists Jinja template.
2023-07-17 09:43:45 -04:00
Spencer Wilson
f032c20961
Trigger liboqs-python CI via GitHub API (#1507)
Trigger the CI for liboqs-python using the GitHub API in the `trigger-downstream-ci` job. The API call is made using a personal access token for the oqs-bot machine user, which is stored in a CircleCI environment variable for the liboqs project.
2023-07-11 15:52:19 -04:00
Nigel Jones
93e784725e
README correction to docs path & additional gitignore to macos + vscode (#1503)
* Add .DS_Store (macOS) to .gitignore

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

* Correct path to built docs in README

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

* Add Visual Studio Code .vscode & Jetbrains .idea to .gitignore

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>

---------

Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
2023-07-02 17:02:22 -04:00
Michael Baentsch
65adc841c9
create deb package and retain as artifact (#1501) 2023-06-27 07:05:15 +02:00
Douglas Stebila
55cc72796f Remove @xvzcf from CODEOWNERS [skip ci] 2023-06-19 10:46:18 -04:00
Michael Baentsch
d81c64cc0f
update version and remove CCI triggers (#1498) 2023-06-15 06:02:47 +02:00
Vitalio
f0e6b8646c
Fix libdir value in liboqs.pc (#1496)
Libdir is not always '/usr/lib' and its value is different between
distributions and architectures. Set it from CMAKE_INSTALL_LIBDIR.
Also, set includedir in a similar way.

Currently, this incorrect setting did not produce incorrect output by
pkg-config --libs because pkg-config strips 'system library paths' form
the output. But in non-standard build environments this may cause
incorrect linking.

Issue: https://github.com/open-quantum-safe/liboqs/issues/1495

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2023-06-11 14:10:48 -04:00
Douglas Stebila
db08f12b5a liboqs 0.8.0 release 2023-06-07 20:50:36 -04:00
Douglas Stebila
b2ad3f97c3
Fix SPHINCS+ constant-time suppression files (#1480)
* Update SPHINCS+ AVX2 suppression files

* FIx names of SPHINCS+ algs in constant_time passes

* More SPHINCS+ suppressiosn

* SPHINCS SHAKE suppressions.

* Changed suppression annotations.

* Uncommented file name annotations.

---------

Co-authored-by: xvzcf <xvzcf@users.noreply.github.com>
2023-06-06 20:21:25 -04:00
Douglas Stebila
3e25479c16
Don't use cycle counter on ARM32 (#1485) 2023-05-31 20:02:45 -04:00
Douglas Stebila
7728f20d4d 0.8.0-rc1 2023-05-22 19:41:41 -04:00
Michael Baentsch
6e1f49aa48
Patch AVX2 support: No Win for Sphincs+ (#1478) 2023-05-20 12:38:14 -04:00
Douglas Stebila
36f3994388
Update SPHINCS+ specification version [skip ci] (#1477) 2023-05-19 11:36:48 -04:00
Michael Baentsch
aaa5695ae2
protect ossl cleanup from multithreading errors (#1472) 2023-05-18 17:22:37 -04:00
Douglas Stebila
e11e2d1048
Extend test_hash to cover more input lengths (#1468) 2023-05-18 13:00:39 -04:00
Goutam Tamvada
4d10a58abc
Renamed sphincs-sha256-X to sphincs-sha2-X and sphincs-shake256-X to sphincs-shake-X. (#1467)
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2023-05-17 13:12:03 -04:00
Michael Baentsch
5f5eee8428
once OSSL init (#1469) 2023-05-17 14:58:44 +02:00
Michael Baentsch
b63d5c068f
relax OpenSSL initialization error handling (#1463)
* relax OpenSSL initialization error handling
2023-05-17 07:18:16 +02:00
Douglas Stebila
35b1bf2704
Remove remaining references to SPHINCS+-Haraka, Kyber 90s, Dilithium-AES (#1465)
* Delete Haraka references

* Delete Kyber90s and Dilithium-AES source code and references

* Delete more references to Dilithium-AES
2023-05-16 12:27:12 -04:00
Douglas Stebila
fd1b89724a
Update SPHINCS+ (#1420)
* Switch to new PQClean commit for SPHINCS+ and remove old patch file

* Improve "compilability" on Apple M1 (ARM) (#1421)

* correct ARM SHA3 extension addition

* correct compile option for ARM SHA

* correct SHA3 enablement

* Remove SPHINCS+ robust and Haraka variants

* Fix SHA2 block sizes in OpenSSL wrapper

* enable Keccak for Sphincs even if OpenSSL shall provide SHA3

* properly handle xkcp enablement if only specific algorithms are selected

* correct conditional setting

* re-enable XKCP for other platforms

* Windows support

* alternate pqcrystals-AES removal

---------

Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
2023-05-16 10:54:28 -04:00
Michael Baentsch
24c7f4f078
Fixing OpenSSL SHA2 incremental API integration (#1454)
* disable OpenSSL if neither AES, SHA2, or SHA3 are OSSL-provided

* Fixes faulty OpenSSL incremental SHA2 API integration

* guard OpenSSL3 initialization

* initialize all OSSL3 statics if OQS_USE_OPENSSL=ON
2023-05-15 17:17:37 +02:00
Michael Baentsch
9f912c957b
disable OpenSSL if neither AES,SHA2, or SHA3 are OSSL-provided (#1453) 2023-05-12 06:53:06 +02:00
Michael Baentsch
d704da0c5f
Limit gcc version supported (#1451)
* tie down minimal gcc version
2023-05-09 06:47:33 +02:00
Mark Wooding
179c95cf38
src/common/common.c (set_available_cpu_extensions): Cope without `HWCAP_SHA3' (#1447)
Introduced in Linux 4.15, which, I admit, was a while ago.

Signed-off-by: Mark Wooding <mark.wooding@trustonic.com>
2023-05-07 14:15:29 -04:00
Douglas Stebila
d5be452ec8
Add missing x86 check in CMakeLists (#1445) 2023-04-28 16:19:18 -04:00
Thom Wiggers
9cf9e10df1
Use CMake flag for -Werror (#1444)
This allows us to override it when used in tandem with
OQS_STRICT_WARNINGS.

Closes #1432
2023-04-26 10:29:39 -04:00
Dmitry Belyavskiy
871f9e26d1
Initial fetching of MD and Cipher objects from OpenSSL(3) (#1431)
* Strawman version of one-time fetching MD objects from OpenSSL

We need init them and free them in one place to avoid threading
issues.

* Moving initialization of OpenSSL objects to a separate file

* Call OQS_init to ensure OpenSSL methods are cached

* Fix typo

* Use prefetch OpenSSL cipher object in rand_nist

---------

Co-authored-by: Douglas Stebila <beldmit@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2023-04-25 12:19:42 -04:00
Marcin Puc
8f38bb44d2
Generate and install pkgconfig file (#1435) 2023-04-24 08:25:41 -04:00
Ricardo Fernández Serrata
d9f392a74b
fix "ths" typo (#1438) 2023-04-22 10:23:27 -04:00
Ricardo Fernández Serrata
5f181d96b3
rm duped "the" in pull_request_template.md (#1439) 2023-04-22 10:23:02 -04:00
dkostic
8b24019ba0
Make BIKE decode function void to avoid ct issues (#1400)
* Make decode function void to avoid ct issues

* Update test documentation

* add suppression files

* forgot to add the file

* typo fix

* Compute threshold without floating point operations

* Replace division by a constant with mul+shift

---------

Co-authored-by: dkostic <dkostic@amazon.com>
2023-04-14 14:46:14 -04:00
Michael Baentsch
b1d42d61f6
clarify OpenSSL config [skip ci] (#1429) 2023-04-06 07:14:33 +02:00
Douglas Stebila
d61d81c526
Add constant time suppression for Falcon AVX2 (#1415) 2023-03-09 10:43:07 -05:00
Michael Baentsch
50f7f1b14c
CI test copy_from_upstream (#1405)
* CI test copy_from_upstream

* improve pip install error test

* work around CBOM issue

* rebase and remove CBOM workaround
2023-03-07 05:51:37 +00:00
Basil Hess
4c7ced218a
Copy_from_upstream: no subprocess call & update_cbom fix for CI. (#1412)
* Refactor update_cbom and update_docs_from_yaml, allow copy_from_upstream to import them.
Workaround for issue in GitPython, caused update_cbom to fail in Github CI.

* updates after copy_from_upstream
2023-03-06 09:54:43 -05:00
Michael Baentsch
92b84c47c9
Add issue template [skip ci] (#1410) 2023-03-01 13:21:18 -05:00
Thom Wiggers
ec5c3be1ca
Update Falcon implementation (#1395)
* Update Falcon implementation

* Update license and upstream documentation

* Update Falcon constant-time suppressions

* Whitespace tweak from linter [skip ci]

* Update Falcon spec version [skip ci]

---------

Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2023-03-01 11:03:38 -05:00
Basil Hess
341cf22427
Copy from upstream (Kyber), add pqcrystals-* licenses to README (#1403)
* Copy from upstream (Kyber), add pqcrystals-* licenses to README

* update algorithm docs
2023-02-25 08:20:41 +01:00
Michael Baentsch
1f62f66a47
correct free in test_kem/sig (#1399)
* correct free in test_kem/sig

* code simplification
2023-02-23 17:24:40 +01:00
Michael Baentsch
49164467b6
update BIKE documentation (#1387) 2023-02-20 17:43:34 +01:00
Michael Baentsch
20fadb89ef
Add full-cycle speed test (#1391)
* adding true repetitive full-cycle testing

* fix mem leak in speed testing
2023-02-17 10:06:51 +01:00
Michael Baentsch
f96d9c2fff
Revert "Update Falcon to 20230207 (PQClean commit 96dfee95cc56207d1ec5e3a2df306d6614ad7c6c) (#1386)" (#1392)
This reverts commit 40b01fdbb270f8614fde30e65d30e9da18c02393.
2023-02-17 07:43:26 +01:00
Douglas Stebila
40b01fdbb2
Update Falcon to 20230207 (PQClean commit 96dfee95cc56207d1ec5e3a2df306d6614ad7c6c) (#1386)
Fixes #1315
2023-02-10 10:58:42 -05:00
Douglas Stebila
d9c39e2485
Fix rendering error in Markdown (#1384)
* Fix rendering error in Markdown

* Revert line ordering change in Markdown [skip ci]

* Apply line ordering change to Markdown [skip ci]
2023-02-09 09:38:47 -05:00
dkostic
a1bdce9894
BIKE Round-4 update (#1369)
* BIKE Round-4 update

* Export BIKE symbols

---------

Co-authored-by: dkostic <dkostic@amazon.com>
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2023-02-08 06:54:30 +01:00
Michael Baentsch
04ff6fd871
compiler future-proofing Release builds (#1378)
* compiler future-proofing Release builds
2023-02-07 07:24:40 +01:00
Douglas Stebila
423b720c38
Use OQS_STATUS types in FrodoKEM (#1377)
Fixes #1375
2023-02-03 07:32:11 -05:00
Michael Baentsch
206f8cd223
re-enabling msys2 testing after picnic is gone (#1373) 2023-02-02 08:11:43 +01:00
Michael Baentsch
cf6d8a059e
adding OpenSSL3 test; activating sanitizer test (#1363)
* adding OpenSSL3 test; activating sanitizer test
2023-01-19 19:31:11 +01:00
Goutam Tamvada
f214011218
Fixed mismatch between YAML and markdown docs for some algorithms. (#1365) 2023-01-17 16:22:07 -05:00
dependabot[bot]
a4b563d6f4
Bump gitpython from 3.0.7 to 3.1.30 in /scripts/copy_from_upstream (#1354)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.0.7 to 3.1.30.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.0.7...3.1.30)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-17 09:45:25 +01:00
Goutam Tamvada
924ea88cb0
Updated PQClean commit in copy_from_upstream.yml (#1359) 2023-01-16 11:06:08 -05:00
Michael Baentsch
1d76b2e6a1
add cpack (for .deb packages) (#1362) 2023-01-16 07:09:33 +01:00
Michael Baentsch
da0dd47c5d
Config update (#1361)
* update default configs docs and DIST_BUILD

* toggle OQS_DIST_BUILD CCI tests

* setting ARM64 default for CMAKE_ARGS
2023-01-16 07:08:56 +01:00
Michael Baentsch
fe3cb02cb1
NIST std algs list selection enablement (#1355)
* std/r4/all algs enablement

* Switch example to use Kyber-768.

* std algs as option only

Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2023-01-14 10:01:29 +01:00
Douglas Stebila
aed3b4965f
Build Doxygen docs in whatever the CMake build directory is (#1357)
* Build Doxygen docs in whatever the CMake build directory is

Fixes #1341.

* Missing Doxygen build directory in CI
2023-01-13 16:58:03 -05:00
Douglas Stebila
f272232c86
Build dump_alg_info in tests (#1353)
Fixes #1334
2023-01-12 13:03:08 -05:00
Douglas Stebila
f30cae996c
Fix Doxygen Markdown failures (#1349)
* Fix Doxygen Markdown failures

Fixes #1332

* Fix another Doxygen Markdown failure
2023-01-11 18:32:26 -05:00
Basil Hess
63d4a00d07
Adds CBOM for liboqs (#1337)
* Adds CBOM:
- CBOM generator: update_cbom.py
- CBOM: cbom.json
- CBOM schema validation: validate_cbom.sh
- CBOM schema validation added to github actions

Adds oqs_alg to docs yml.
Corrects common crypto sources in Kyber and Dilithium docs.

* - removes forward references to OpenSSL OIDs
- move cbom to docs dir
- move update and validate cbom files to scripts dir
- update copy_from_upstream: scripts runs update_cbom.py (after update_docs_from_yaml.py)
2023-01-11 18:32:08 -05:00
Michael Baentsch
238eef129c
llvm15 update (#1350)
Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2023-01-11 16:06:52 -05:00
Michael Baentsch
cdf709864f
Revert "Enable algorithm filtering (#1333)" (#1351)
This reverts commit 9ba752ea9b0b4db375e21d2b27a16ed1de30e2be.
2023-01-11 09:05:49 -05:00
Michael Baentsch
9ba752ea9b
Enable algorithm filtering (#1333)
* std/r4/all algs enablement

* add documentation

* make doxygen happy

* Revert "make doxygen happy"

This reverts commit 9aedf2a7e651e0a686b2c5cade38db9af1e4b988.

* fall back to doxygen 1.9.2

* update github workflow to new filter naming

* adding appveyor testing for new OQS_ALGS_ENABLED option

* don't enable disabled vars

* add empty input test

* documenting focus on standard algs

* correct alg name typo

* Update README.md

Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>

* Switch example to use Kyber-768.

Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca>
2023-01-10 20:29:24 -05:00
Basil Hess
12ad5be27f
fix: initialize context after reset in ossl_sha3x4 (#1339)
* fix: initialize context after reset in ossl_sha3x4

* add Github Actions config for openssl-all
2023-01-04 16:21:06 +01:00
Jeevesh Rishi Dindyal (Sarvesh)
2e42595804
Add ntruprime (#1328)
* Add back sntrup761
2022-12-22 07:37:44 +01:00
Goutam Tamvada
a7e1b8a32f
Removed NTRU. (#1335) 2022-12-15 12:19:29 -05:00
Mark Albert
d577d0b4e9
add valgrind option (#1327) 2022-12-07 07:26:46 +01:00
Goutam Tamvada
f5d96cab5c
Removed SABER. (#1326) 2022-12-01 14:04:08 -05:00
Goutam Tamvada
c50d38e5a8
Removed NTRU-Prime. (#1325) 2022-11-29 07:31:53 +01:00
Goutam Tamvada
fac5a818ed
Removed the Picnic signature scheme. (#1323) 2022-11-28 15:29:10 -05:00
Goutam Tamvada
203c9c269b
Removed the rainbow signature scheme (#1321). 2022-11-28 11:34:59 -05:00
Basil Hess
2e2ddb4e04
Update Kyber and Dilithium from upstream (#1316) 2022-11-23 15:15:27 -05:00
Michael Baentsch
e9cd9a5c55
automatically activate USE_RASPBERRY_PI define (#1313)
* automatically activate USE_RASPERRY_PI define

* prefix RASPBERRY_PI define with OQS_
2022-11-18 08:12:19 +01:00
Jason Goertzen
c520cdb871
Fixing OQS ARM inconsistencies (#1307)
* Renamed sha2 C_OR_NI to C_OR_ARM since we only select between C and ARM

* Updated AES C_OR_NI_OR_ARM's formatting and logic

* Renamed sha2_ni.c to sha2_armv8.c and updated CMakeLists.txt to fix build issues with arm optimized AES linking

* Fixed a feature detection logic issue

* Found an issue when compiling a distributed version

* Only apply -march=armv8-a+crypto to arm builds

* updated some naming
2022-11-15 16:47:36 -05:00
John Schanck
f88e6237c5
Integer overflow leading to incorrect computation of sha3 (#1312)
Suppose a user of the incremental SHA3 API absorbs 10 bytes, and then
absorbs 2^64 - 10 bytes. At the beginning of the second
`keccak_inc_absorb` call, the 25th element of the Keccak state is equal
to 10, and there is a uint64_t overflow in
```
if (s[25] && mlen + s[25] >= r)
```
which causes the branch to be skipped. Later code assumes that mlen >= r
implies that s[25] = 0, and calls
```
(*Keccak_AddBytes_ptr)(s, m, 0, r);
```
with third argument 0 instead of s[25]. This call modifies the wrong
elements of the Keccak state, which leads to an incorrect result.

I went looking for bugs of this form because of CVE-2022-37454, but this
one is not a security concern. It is also largely theoretical since it
involves processing close to 2^64 bytes.
2022-10-26 09:05:05 +02:00
Michael Baentsch
222374e067
addressing sig length questions (#1306)
* addressing sig length questions

Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com>
2022-09-15 06:49:03 +02:00
Michael Baentsch
46deaac9a9
update version string indicating dev status (#1305) 2022-09-14 17:17:09 +02:00
Sebastian Ramacher
8ac8b1c5ab
Fallback code for aligned_alloc and use of explicit_bzero (#1300)
* Check if aligned_alloc or memalign variants are available and use them

* Use explicit_bzero if available

* Check for memset_s
2022-09-08 07:10:28 +02:00
Michael Baentsch
489aa7eb59
ARM32 gcc12 build workaround (#1297)
* add ARM32 gcc compile option workaround

* add no-ipa-modref only in gcc11 and higher
2022-09-07 19:21:27 +02:00
Sebastian Ramacher
930f78d066
Fix typo in Picnic's NEON detection (#1298)
This change addresses the Picnic part of #1296.
2022-09-07 19:03:29 +02:00
Sebastian Ramacher
9ee96d803e
Ensure build without an executable stack (fixes #1285) (#1294)
* Ensure build without an executable stack (fixes #1285)

Until it is clear why the shared library on mips64el and hppa is built
with the executable bit set for the stack, build with both
`-Wa,--noexecstack` (for the assembler) and `-Wl,-z,--noexecstack` (for
the linker).

* Check if compiler/linker support flags for noexecstack before using them

* Add a warning if unable to check for support
2022-08-31 06:41:28 +02:00
thb@sb
c5b8cfe478
Solve '-Wstrict-prototypes' for clang >= 15.0 (#1293)
* Solve '-Wstrict-prototypes'

Manual changes are applied to the following algorithms only:

 * Bike
 * Frodo
 * Picnic

* Add prototype for implementation of `OQS_SIG_alg_count`

* Add prototype for implementation of `OQS_KEM_alg_count`

* Run `copy_from_upstream.py`

Now, the constructors have a full prototype. It compiles with clang 16.0
2022-08-30 11:20:05 +02:00
thb@sb
ff09345f5f
Add missing requirements to the requirements.txt (#1295)
The script `scripts/update_docs_from_yaml.py` is using the python package
`tabulate`. It is missing from the `requirements.txt` file.

This PR adds it the the `requirements.txt` file.
2022-08-26 07:07:28 +02:00
Douglas Stebila
ea44f391fd 0.7.2 2022-08-21 15:54:09 -04:00
10815 changed files with 1425444 additions and 1020715 deletions

File diff suppressed because it is too large Load Diff

1101
.CMake/apple.cmake Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,24 @@
# As per https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#can-i-do-make-uninstall-with-cmake
if(NOT EXISTS "@CMAKE_BINARY_DIR@/install_manifest.txt")
message(FATAL_ERROR "Cannot find install manifest: @CMAKE_BINARY_DIR@/install_manifest.txt")
endif()
file(READ "@CMAKE_BINARY_DIR@/install_manifest.txt" files)
string(REGEX REPLACE "\n" ";" files "${files}")
foreach(file ${files})
message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
exec_program(
"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
OUTPUT_VARIABLE rm_out
RETURN_VALUE rm_retval
)
if(NOT "${rm_retval}" STREQUAL 0)
message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
endif()
else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
endif()
endforeach()

View File

@ -11,6 +11,31 @@
# If OQS_OPT_TARGET=auto we target the current CPU.
# If OQS_OPT_TARGET=generic we target a generic CPU.
# Otherwise we target the specified CPU.
# Pedantic checks (-Wall, ...) are not enabled by default for Release
# builds such as to avoid future build errors introduced by currently
# unknown compiler warnings
include(CheckCCompilerFlag)
check_c_compiler_flag("-Wa,--noexecstack" CC_SUPPORTS_WA_NOEXECSTACK)
# This sets the equivalent of -Werror for supported compilers
# it can be overriden with --compile-no-warnings-as-errors
# https://cmake.org/cmake/help/latest/prop_tgt/COMPILE_WARNING_AS_ERROR.html
set(CMAKE_COMPILE_WARNING_AS_ERROR ${OQS_STRICT_WARNINGS})
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.18")
include(CheckLinkerFlag)
check_linker_flag(C "-Wl,-z,noexecstack" LD_SUPPORTS_WL_Z_NOEXECSTACK)
elseif(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14")
set(TMP_TESTDIR "${CMAKE_BINARY_DIR}/test_noexecstack")
file(WRITE "${TMP_TESTDIR}/test.c" "int main() { return 0; }\n")
try_compile(LD_SUPPORTS_WL_Z_NOEXECSTACK "${TMP_TESTDIR}" "${TMP_TESTDIR}/test.c" LINK_OPTIONS "-Wl,-z,noexecstack")
else()
message(WARNING "Unable to check if '-Wl,-z,noexecstack' is supported.")
set(LD_SUPPORTS_WL_Z_NOEXECSTACK FALSE)
endif()
set(OQS_OPT_FLAG "")
if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
if(${OQS_DIST_BUILD})
@ -29,7 +54,11 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
set(OQS_OPT_FLAG "-march=z10")
else()
# Assume sensible default like -march=x86-64, -march=armv8-a, etc.
set(OQS_OPT_FLAG "")
if(ARCH_ARM64v8)
set(OQS_OPT_FLAG "-march=armv8-a+crypto")
else()
set(OQS_OPT_FLAG "")
endif()
endif()
elseif(OQS_OPT_TARGET STREQUAL "auto")
if(ARCH_X86_64)
@ -56,35 +85,45 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
add_compile_options(${OQS_OPT_FLAG})
# If this is not a dist build we also need to set the OQS_USE_[EXTENSION] flags
if(NOT ${OQS_DIST_BUILD})
if(NOT ${OQS_DIST_BUILD} AND NOT CMAKE_CROSSCOMPILING)
include(${CMAKE_CURRENT_LIST_DIR}/gcc_clang_intrinsics.cmake)
endif()
endif()
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
add_compile_options(-Werror)
if(${OQS_STRICT_WARNINGS})
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
add_compile_options(-Wno-unused-command-line-argument)
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
endif()
if(CC_SUPPORTS_WA_NOEXECSTACK)
add_compile_options("-Wa,--noexecstack")
endif()
if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
add_link_options("-Wl,-z,noexecstack")
endif()
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads REQUIRED)
set(OQS_USE_PTHREADS_IN_TESTS 1)
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads)
if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
set(OQS_USE_PTHREADS ON)
endif()
if(${OQS_DEBUG_BUILD})
add_compile_options(-g3)
add_compile_options(-fno-omit-frame-pointer)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
if(USE_SANITIZER STREQUAL "Address")
add_compile_options(-fno-optimize-sibling-calls)
add_compile_options(-fsanitize-address-use-after-scope)
add_compile_options(-fsanitize=address)
set(SANITIZER_LD_FLAGS "-fsanitize=address")
elseif(USE_SANITIZER STREQUAL "Memory")
add_compile_options(-fsanitize=address)
add_compile_options(-fsanitize=memory)
set(SANITIZER_LD_FLAGS "-fsanitize=memory")
elseif(USE_SANITIZER STREQUAL "MemoryWithOrigins")
add_compile_options(-fsanitize=memory)
@ -109,7 +148,10 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
endif()
elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Werror)
if (NOT ${CMAKE_C_COMPILER_VERSION} VERSION_GREATER_EQUAL ${OQS_MINIMAL_GCC_VERSION})
message(FATAL_ERROR "GCC version ${CMAKE_C_COMPILER_VERSION} below minimally required version ${OQS_MINIMAL_GCC_VERSION}.")
endif()
if(${OQS_STRICT_WARNINGS})
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
@ -118,19 +160,29 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wformat=2)
add_compile_options(-Wfloat-equal)
add_compile_options(-Wwrite-strings)
endif()
if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
if(CC_SUPPORTS_WA_NOEXECSTACK)
add_compile_options("-Wa,--noexecstack")
endif()
if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
add_link_options("-Wl,-z,noexecstack")
endif()
endif()
if(NOT ${OQS_BUILD_ONLY_LIB})
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads REQUIRED)
set(OQS_USE_PTHREADS_IN_TESTS 1)
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads)
if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
set(OQS_USE_PTHREADS ON)
endif()
if(${OQS_DEBUG_BUILD})
add_compile_options (-Wstrict-overflow)
add_compile_options(-ggdb3)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
else()
add_compile_options(-O3)
add_compile_options(-fomit-frame-pointer)
@ -143,6 +195,12 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
endif ()
endif()
# workaround for gcc issues on ARM32 as per https://github.com/open-quantum-safe/liboqs/issues/1288
if(ARCH_ARM32v7 AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "11.0.0"))
add_compile_options(-fno-ipa-modref)
add_compile_options(-fno-ipa-pure-const)
endif()
elseif(CMAKE_C_COMPILER_ID STREQUAL "MSVC")
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as
@ -156,11 +214,15 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "MSVC")
endif()
if(MINGW OR MSYS OR CYGWIN)
add_compile_options(-Wno-maybe-uninitialized)
set(OQS_USE_PTHREADS OFF)
# Apply -Wno-maybe-uninitialized only for GCC
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wno-maybe-uninitialized)
endif()
if(CMAKE_VERSION VERSION_GREATER_EQUAL "3.13.0")
add_link_options(-Wl,--stack,16777216)
else()
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,1677216")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,16777216")
endif()
endif()

View File

@ -14,3 +14,7 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY)
# Unconditionally set for this platform
add_definitions( -DOQS_USE_RASPBERRY_PI )

View File

@ -0,0 +1,12 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR AMD64)
set(CMAKE_CROSSCOMPILING OFF)
set(CMAKE_GENERATOR_PLATFORM
x64
CACHE STRING "Platform" FORCE
)

View File

@ -0,0 +1,12 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR arm64)
set(CMAKE_CROSSCOMPILING ON)
set(CMAKE_GENERATOR_PLATFORM
ARM64
CACHE STRING "Platform" FORCE
)

View File

@ -0,0 +1,12 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR x86)
set(CMAKE_CROSSCOMPILING OFF)
set(CMAKE_GENERATOR_PLATFORM
Win32
CACHE STRING "Platform" FORCE
)

View File

@ -1,397 +0,0 @@
version: 2.1
require_stylecheck: &require_stylecheck
requires:
- stylecheck
require_buildcheck: &require_buildcheck
requires:
- stylecheck
- buildcheck
require_testapproval: &require_testapproval
requires:
- stylecheck
- buildcheck
- testapproval
# CircleCI doesn't handle large file sets properly for local builds
# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
localCheckout: &localCheckout
run: |-
PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
mkdir -p ${PROJECT_PATH}
git config --global --add safe.directory /tmp/_circleci_local_build_repo
cd /tmp/_circleci_local_build_repo
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
jobs:
stylecheck:
description: Validate formatting of code and documentation
docker:
- image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Ensure code conventions are upheld
command: python3 -m pytest --verbose tests/test_code_conventions.py
- run:
name: Check that doxygen can parse the documentation
command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile
buildcheck:
description: Test that we can build a single KEM/Signature pair as part of a minimal build.
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
KEM_NAME:
description: "The KEM to build."
type: string
SIG_NAME:
description: "The signature scheme to build."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: |2
mkdir build && cd build && source ~/.bashrc && \
cmake .. --warn-uninitialized \
-GNinja << parameters.CMAKE_ARGS >> \
-DOQS_MINIMAL_BUILD="OQS_ENABLE_KEM_<< parameters.KEM_NAME >>;OQS_ENABLE_SIG_<< parameters.SIG_NAME >>" \
> config.log 2>&1 && \
cat config.log && \
cmake -LA .. && ! (grep "uninitialized variable" config.log)
- run:
name: Build
command: ninja
working_directory: build
linux_oqs:
description: A template for running liboqs tests on Linux Docker VMs
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
SKIP_ALGS:
description: "Algorithms not to test in test_constant_time."
type: string
default: ''
docker:
- image: << parameters.CONTAINER >>
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
- run:
name: Build
command: ninja
working_directory: build
- run:
name: Run tests
no_output_timeout: 1h
command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
environment:
SKIP_ALGS: << parameters.SKIP_ALGS >>
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
scan_build:
description: Executing scan-build test
parameters:
CONTAINER:
description: "The docker container to use."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-14 cmake -GNinja ..
- run:
name: Build
command: scan-build-14 --status-bugs ninja
working_directory: build
arm_machine:
description: A template for running liboqs tests on ARM(presently only 64) machines
parameters:
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
machine:
image: ubuntu-2004:202101-01
resource_class: arm.medium
steps:
- checkout
# It seems the machine doesn't contain all preprequisites, and we don't have permission to add them explicitly,
# so we can only run in a prepared ARM64 CI image
- run:
name: Build and run tests in docker
no_output_timeout: 1h
command: |2
docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \
-e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \
-v `pwd`:/root/project \
openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
-c "cd /root/project && \
uname -a && \
mkdir build && cd build && source ~/.bashrc && \
cmake -GNinja $CMAKE_ARGS .. && cmake -LA .. && ninja && \
cd .. && mkdir -p tmp && \
python3 -m pytest --verbose \
--ignore=tests/test_code_conventions.py \
--junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS"
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
macOS:
description: A template for running liboqs tests on macOS
parameters:
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
default: ""
macos:
xcode: "13.2.1"
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Install dependencies
command: env HOMEBREW_NO_AUTO_UPDATE=1 brew install cmake ninja gcc@11 && pip3 install pytest pytest-xdist pyyaml
- run:
name: Get system information
command: sysctl -a | grep machdep.cpu
- run:
name: Configure
command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
- run:
name: Build
command: ninja
working_directory: build
- run:
name: Run tests
command: mkdir tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
trigger-downstream-ci:
docker:
- image: cimg/base:2020.01
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- run:
name: Trigger OQS-OpenSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-BoringSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-OpenSSH CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger oqs-provider CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-dotnet CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-java CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-python CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-python/pipeline | tee curl_out \
&& grep -q "201" curl_out
workflows:
version: 2.1
build:
when:
and:
- not:
equal: [ main, << pipeline.git.branch >> ]
- not:
matches: { pattern: "^ghactionsonly-.*", value: << pipeline.git.branch >> }
jobs:
- stylecheck
- buildcheck:
<<: *require_stylecheck
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
# Disabling testapproval as no jobs currently need it.
#- testapproval:
# <<: *require_buildcheck
# type: approval
# Disabling centos-8 and debian-buster.
# Re-enable if specific configurations (package versions etc) that need to be tested are identified.
#- linux_oqs:
# <<: *require_buildcheck
# name: centos-8
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-centos-8-amd64:latest
# CMAKE_ARGS: -DCMAKE_C_COMPILER=clang
#- linux_oqs:
# <<: *require_buildcheck
# name: debian-buster
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
- scan_build:
<<: *require_buildcheck
name: scan_build
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-shared-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=ON -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --numprocesses=auto
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-clang14
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-14 -DOQS_OPT_TARGET=skylake
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-bionic-i386
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake
PYTEST_ARGS: --ignore=tests/test_leaks.py
- arm_machine:
<<: *require_buildcheck
name: arm64
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
- macOS:
<<: *require_buildcheck
name: macOS-gcc11
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-11
- macOS:
<<: *require_buildcheck
name: macOS-noopenssl
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF
- macOS:
<<: *require_buildcheck
name: macOS-shared
CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=ON -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF
commit-to-main:
when:
equal: [ main, << pipeline.git.branch >> ]
jobs:
- trigger-downstream-ci:
context: openquantumsafe

View File

@ -1,10 +0,0 @@
jobs:
- name: Building and minimal testing on M1
env:
PYTEST_ARGS: tests/test_code_conventions.py tests/test_kat.py
cmds:
- uname -a && mkdir build && cd build && cmake -GNinja .. && ninja && cd .. && python3 -m pytest --numprocesses=auto --verbose $PYTEST_ARGS ; rm -rf build
- name: Building and testing using gcc-11 on M1
cmds:
- uname -a && mkdir build && cd build && cmake -DCMAKE_C_COMPILER=gcc-11 -GNinja .. && ninja && ninja run_tests ; cd .. && rm -rf build

35
.github/CODEOWNERS vendored
View File

@ -1,21 +1,24 @@
# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
* @dstebila @xvzcf
/.circleci @baentsch @xvzcf
/.CMake @xvzcf
/docs @dstebila
/scripts @xvzcf
/scripts/copy_from_upstream @baentsch @bhess @xvzcf
* @dstebila @baentsch
/.github/workflows @SWilson4
/docs/cbom.json @bhess
/scripts/copy_from_upstream @baentsch @bhess @alexrow @praveksharma
/src/common @dstebila
/src/kem/bike @crockeea
/src/common/*/*arm* @Martyrshot
/src/common/libjade_shims @praveksharma
/src/kem/bike @brian-jarvis-aws
/src/kem/frodokem @dstebila
/src/kem/kyber @jschanck @bhess
/src/kem/ntru @jschanck
/src/oqsconfig.h.cmake @xvzcf
/src/kem/kyber @bhess
/src/kem/kyber/libjade* @praveksharma
/src/kem/ml_kem @bhess
/src/sig/cross @alexrow
/src/sig/dilithium @bhess
/src/sig/picnic @christianpaquin
/CONTRIBUTORS @dstebila
/LICENSE.txt @dstebila
/README.md @dstebila
/RELEASE.md @dstebila
CMakeLists.txt @xvzcf
/src/sig/mayo @bhess
/src/sig/ml_dsa @bhess
/src/sig_stfl/lms @ashman-p
/src/sig_stfl/xmss @cothan
/tests/ACVP_Vectors @bhess
/tests/PQC_Intermediate_Values @bhess
/tests/test_acvp_vectors.py @bhess
/tests/test_sig_stfl.c @ashman-p @cothan

34
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,34 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Environment (please complete the following information):**
- OS: [e.g. Ubuntu 20]
- OpenSSL version [e.g., 3.0.2]
- Compiler version used [e.g., clang 9.0.0]
- Build variables used [e.g., "-DOQS_ALGS_ENABLED=STD"]
- liboqs version [e.g. 0.7.2 or main branch]
**Additional context**
Add any other context about the problem here.

7
.github/actionlint.yaml vendored Normal file
View File

@ -0,0 +1,7 @@
# Configuration variables in array of strings defined in your repository or organization
# From https://github.com/rhysd/actionlint/blob/v1.7.7/docs/config.md:
# "When an array is set, actionlint will check vars properties strictly. An empty array means no variable is allowed."
config-variables:
# - DEFAULT_RUNNER
# - JOB_NAME
# - ENVIRONMENT_STAGE

View File

@ -2,9 +2,12 @@
<!-- Does this PR resolve any issue? If so, please reference it using automatic-closing keywords like "Fixes #123." -->
<!-- Any PR adding a new feature is expected to contain a test; the test should be part of CI testing, preferably within the ".github/workflows" directory tree. Please add an explanation to the PR if/when (why) this cannot be done. -->
<!-- Please answer the following questions to help manage version and changes across projects. -->
* [ ] Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from *x.y.z* to *x.(y+1).0*.)
* [ ] Does this PR change the the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in [oqs-provider](https://github.com/open-quantum-safe/oqs-provider), [OQS-OpenSSL](https://github.com/open-quantum-safe/openssl), [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl), and [OQS-OpenSSH](https://github.com/open-quantum-safe/openssh) will also need to be ready for review and merge by the time this is merged.)
* [ ] Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) will also need to be ready for review and merge by the time this is merged.)
<!-- Once your pull request is ready for review and passing continuous integration tests, please convert from a draft PR to a normal PR, and request a review from one of the OQS core team members. -->

22
.github/workflows/android.yml vendored Normal file
View File

@ -0,0 +1,22 @@
name: android build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
android:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
abi: [armeabi-v7a, arm64-v8a, x86, x86_64]
stfl_opt: [ON, OFF]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Build project
run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }} -f "-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }}"

25
.github/workflows/apple.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: apple build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
apple-mobile:
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
platform: [OS64, TVOS]
stfl_opt: [OFF, ON]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate project
run: |
cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} \
-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build project
run: cmake --build build

173
.github/workflows/basic.yml vendored Normal file
View File

@ -0,0 +1,173 @@
name: Basic checks
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
workflowcheck:
name: Check validity of GitHub workflows
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure GitHub actions are valid
run: actionlint -shellcheck "" # run *without* shellcheck
stylecheck:
name: Check code formatting
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
- name: Validate CBOM
run: scripts/validate_cbom.sh
upstreamcheck:
name: Check upstream code is properly integrated
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
git config --global user.name "ciuser" && \
git config --global user.email "ci@openquantumsafe.org" && \
git config --global --add safe.directory "$PWD" && \
echo "LIBOQS_DIR=$PWD" >> "$GITHUB_ENV"
- name: Verify copy_from_upstream state after copy
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d copy && \
git status --porcelain && \
test -z "$(git status --porcelain)"
- name: Verify copy_from_upstream state after libjade
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d libjade && \
git status --porcelain && \
test -z "$(git status --porcelain)"
buildcheck:
name: Check that code passes a basic build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
KEM_NAME: ml_kem_768
SIG_NAME: ml_dsa_65
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Build documentation
run: ninja gen_docs
working-directory: ${{ env.RANDOM_BUILD_DIR }}
cppcheck:
name: Check C++ linking with example program
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build liboqs
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Link with C++ program
run: |
g++ "$GITHUB_WORKSPACE"/cpp/sig_linking_test.cpp -g \
-I./include -L./lib -loqs -lcrypto -std=c++11 -o example_sig && \
./example_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
fuzzbuildcheck:
name: Check that code passes a basic fuzzing build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
CC: clang
CXX: clang++
CFLAGS: -fsanitize=fuzzer-no-link,address
LDFLAGS: -fsanitize=address
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_BUILD_FUZZ_TESTS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja fuzz_test_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Short fuzz check (30s)
run: ./tests/fuzz_test_sig -max_total_time=30
working-directory: ${{ env.RANDOM_BUILD_DIR }}
nixflakecheck:
name: Check that Nix flake has correct syntax and can build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72
- name: Check devShell
run: nix develop --command echo
- name: Check flake syntax
run: nix flake check --no-build # check for accurate syntax
- name: Check that the flake builds
run: nix build # check that the build runs

60
.github/workflows/code-coverage.yml vendored Normal file
View File

@ -0,0 +1,60 @@
name: Code coverage tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
coverage:
name: Run code coverage testing
strategy:
matrix:
# The 'id' value for each job should be added to the 'carry-forward' string in the 'finish' job.
include:
- id: x64-generic
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
- id: x64-distbuild
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
- id: arm64-distbuild
runner: ubuntu-24.04-arm
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
runs-on: ${{ matrix.runner }}
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
mkdir build && cd build && \
cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_COVERAGE=ON ${{ matrix.CMAKE_ARGS }} .. && \
cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: |
python3 -m pytest --verbose --numprocesses=auto \
tests/test_acvp_vectors.py \
tests/test_cmdline.py \
tests/test_kat.py
- name: Run lcov
run: lcov -d . -c -o lcov.info --exclude /usr/lib,/usr/include --ignore-errors unused
- name: Upload to coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
flag-name: ${{ matrix.id }}
parallel: true
finish:
needs: coverage
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Finish coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
parallel-finished: true
carry-forward: "x64-generic,x64-distbuild,arm64-distbuild"

38
.github/workflows/commit-to-main.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Main branch tests
permissions:
contents: read
on:
push:
branches: ['main']
jobs:
platform-tests:
uses: ./.github/workflows/platforms.yml
code-coverage:
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write
basic-downstream:
uses: ./.github/workflows/downstream-basic.yml
secrets: inherit
call-kem-benchmarking:
uses: ./.github/workflows/kem-bench.yml
permissions:
contents: write
call-sig-benchmarking:
uses: ./.github/workflows/sig-bench.yml
permissions:
contents: write

107
.github/workflows/downstream-basic.yml vendored Normal file
View File

@ -0,0 +1,107 @@
name: Trigger basic downstream CI
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
trigger-downstream-ci:
runs-on: ubuntu-latest
steps:
- name: Trigger OQS-BoringSSL CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/boringssl/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger OQS-OpenSSH CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"ref":"OQS-v9"}' \
https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger oqs-provider CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- name: Trigger liboqs-cpp CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-cpp/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-go CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-go/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-python CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-java CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-java/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-rust CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-rust/dispatches | tee curl_out \
&& grep -q "204" curl_out

View File

@ -0,0 +1,30 @@
name: Downstream release tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
# Trigger oqs-provider release tests.
# When triggered by a release (see release.yml), the liboqs release tag and the provider "<release tag>-tracker" branch are used.
# When triggered by a commit message (see filter.yml), the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
# If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.
jobs:
oqs-provider-release-test:
runs-on: ubuntu-latest
steps:
- name: Checkout release tests script
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4
with:
sparse-checkout: |
scripts/provider-test-trigger.sh
sparse-checkout-cone-mode: false
- name: Trigger oqs-provider release tests
run: |
CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
LIBOQS_REF="${{ github.ref_name }}" \
PROVIDER_REF="${{ github.ref_name }}-tracker" \
./scripts/provider-test-trigger.sh | tee curl_out \
&& grep -q "204" curl_out

74
.github/workflows/extended.yml vendored Normal file
View File

@ -0,0 +1,74 @@
name: Extended tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
constant-time-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
nistkat-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: generic-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST}}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}

121
.github/workflows/kem-bench.yml vendored Normal file
View File

@ -0,0 +1,121 @@
name: kem benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_kem binary only
- name: Build speed_kem binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_kem
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available KEMs to perform the benchmarking on
"BIKE-L1",
"BIKE-L3",
"BIKE-L5",
"Classic-McEliece-348864",
"Classic-McEliece-348864f",
"Classic-McEliece-460896",
"Classic-McEliece-460896f",
"Classic-McEliece-6688128",
"Classic-McEliece-6688128f",
"Classic-McEliece-6960119",
"Classic-McEliece-6960119f",
"Classic-McEliece-8192128",
"Classic-McEliece-8192128f",
"Kyber512",
"Kyber768",
"Kyber1024",
"ML-KEM-512",
"ML-KEM-768",
"ML-KEM-1024",
"sntrup761",
"FrodoKEM-640-AES",
"FrodoKEM-640-SHAKE",
"FrodoKEM-976-AES",
"FrodoKEM-976-SHAKE",
"FrodoKEM-1344-AES",
"FrodoKEM-1344-SHAKE"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_kem
# Run speed_kem tests for each algorithm
- name: Run speed_kem tests
run: |
cd build/tests
./speed_kem "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

View File

@ -1,85 +1,158 @@
name: Linux tests
on: [push]
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
stylecheck:
name: Check code formatting
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir -p build/docs && doxygen docs/.Doxyfile
buildcheck:
name: Check that code passes a basic build before starting heavier tests
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
needs: stylecheck
runs-on: ubuntu-latest
env:
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Configure
run: |
mkdir build && \
cd build && \
cmake .. --warn-uninitialized \
-GNinja \
-DOQS_MINIMAL_BUILD="OQS_ENABLE_KEM_$KEM_NAME;OQS_ENABLE_SIG_$SIG_NAME" \
> config.log 2>&1 && \
cat config.log && \
cmake -LA .. && \
! (grep "uninitialized variable" config.log)
- name: Build
run: ninja
working-directory: build
linux_intel:
needs: [stylecheck, buildcheck]
runs-on: ubuntu-latest
linux:
strategy:
fail-fast: false
matrix:
include:
- name: arm64
runner: ubuntu-24.04-arm
container: openquantumsafe/ci-ubuntu-latest:latest
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
CMAKE_ARGS: -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON
- name: alpine
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-openssl-all
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: noble-nistr4-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-nistonramp-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_alg_info.py
# disabled until #1067 lands
# - name: address-sanitizer
# container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
# CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address
# PYTEST_ARGS: --ignore=tests/test_portability.py --numprocesses=auto --maxprocesses=10
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-shared-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py
- name: noble-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py -k 'not (leaks and (Dilithium or ML-DSA))'
- name: jammy-std-openssl3
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: address-sanitizer
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: noble-no-sha3-avx512vl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
runs-on: ${{ matrix.runner }}
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Check the library artifacts
if: matrix.name == 'jammy-std-openssl3-dlopen'
run: |
nm -gu lib/liboqs.so | sed -n 's/^[[:space:]]*[Uw] \([^_].*\)/\1/p' > undefined-syms.txt &&
! (grep '^\(CRYPTO\|ERR\|EVP\|OPENSSL\|RAND\)_' undefined-syms.txt)
working-directory: build
- name: Run tests
timeout-minutes: 60
env:
SKIP_ALGS: "SPHINCS\\+-Haraka-256s-*"
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }}
- name: Package .deb
if: matrix.name == 'jammy-std-openssl3'
run: cpack
working-directory: build
- name: Retain .deb file
if: matrix.name == 'jammy-std-openssl3'
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4
with:
name: liboqs-openssl3-shared-x64
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"'
working-directory: build
linux_arm_emulated:
needs: [stylecheck, buildcheck]
runs-on: ubuntu-latest
strategy:
fail-fast: false
@ -87,15 +160,19 @@ jobs:
include:
- name: armhf
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --ignore=tests/test_alg_info.py
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: armhf-no-stfl-key-sig-gen
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
# no longer supporting armel
# - name: armel
# ARCH: armel
# CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
# CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install the emulation handlers
run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build in an x86_64 container
@ -108,7 +185,7 @@ jobs:
(cd build && \
cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \
-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \
cmake -LA .. && \
cmake -LA -N .. && \
ninja)"
- name: Run the tests in an ${{ matrix.ARCH }} container
timeout-minutes: 60
@ -121,3 +198,114 @@ jobs:
python3 -m pytest --verbose \
--numprocesses=auto \
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"
linux_cross_compile:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: windows-binaries
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake
- name: windows-dll
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
linux_openssl330-dev:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Retrieve OpenSSL330 from cache
id: cache-openssl330
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: .localopenssl330
key: ${{ runner.os }}-openssl330
- name: Checkout the OpenSSL v3.3.0 commit
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
repository: 'openssl/openssl'
ref: 'openssl-3.3.0-beta1'
path: openssl
- name: Prepare the OpenSSL build directory
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: mkdir .localopenssl330
working-directory: openssl
- name: Build openssl3 if not cached
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: |
./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs
working-directory: openssl
- name: Save OpenSSL
id: cache-openssl-save
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: |
.localopenssl330
key: ${{ runner.os }}-openssl330
- name: Configure
run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
scan_build:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja ..
- name: Build
run: scan-build --status-bugs ninja
working-directory: build
linux_x86_emulated:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: avx512-ml-kem_ml-dsa
SDE_ARCH: -skx
CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87"
PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py
env:
SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Setup Intel SDE
run: |
wget -O sde.tar.xz "$SDE_URL" && \
mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \
echo "$(pwd)/sde" >> $GITHUB_PATH
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: |
mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \
python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}

63
.github/workflows/macos.yml vendored Normal file
View File

@ -0,0 +1,63 @@
name: MacOS tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
macos:
strategy:
fail-fast: false
matrix:
os:
# macos-13 runs on x64; the others run on aarch64
- macos-13
- macos-14
- macos-15
CMAKE_ARGS:
- -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
- -DCMAKE_C_COMPILER=gcc-14
- -DOQS_USE_OPENSSL=OFF
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
libjade-build:
- -DOQS_LIBJADE_BUILD=OFF
# Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by
# libjade to minimise repeated tests
- -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
exclude:
# macos-14 and macos-15 run on aarch64, libjade targets x86
# Skip testing libjade on macos-14
- os: macos-14
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
- os: macos-15
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
# No point in testing stateful sigs with minimal libjade build
- libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
CMAKE_ARGS: -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
# Failing configuration on Github actions; see https://github.com/open-quantum-safe/liboqs/pull/2148
- os: macos-15
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-14
libjade-build: -DOQS_LIBJADE_BUILD=OFF
runs-on: ${{ matrix.os }}
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install dependencies
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py
timeout-minutes: 60

26
.github/workflows/platforms.yml vendored Normal file
View File

@ -0,0 +1,26 @@
name: Tests for all supported platforms
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
android-tests:
uses: ./.github/workflows/android.yml
ios-tests:
uses: ./.github/workflows/apple.yml
linux-tests:
uses: ./.github/workflows/linux.yml
macos-tests:
uses: ./.github/workflows/macos.yml
windows-tests:
uses: ./.github/workflows/windows.yml
zephyr-tests:
uses: ./.github/workflows/zephyr.yml

32
.github/workflows/pr.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: Pull request tests
permissions:
contents: read
on: pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
platform-tests:
needs: basic-checks
uses: ./.github/workflows/platforms.yml
code-coverage:
needs: basic-checks
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
needs: basic-checks
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write

33
.github/workflows/push.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Push tests
permissions:
contents: read
on:
push:
branches-ignore: 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
full-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[full tests]' )
uses: ./.github/workflows/platforms.yml
extended-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[extended tests]' )
uses: ./.github/workflows/extended.yml
downstream-release-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[trigger downstream]' )
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

17
.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: Release tests
permissions:
contents: read
on:
release:
types: [ published ]
jobs:
extended-tests:
uses: ./.github/workflows/extended.yml
downstream-release-tests:
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

8
.github/workflows/requirements.in vendored Normal file
View File

@ -0,0 +1,8 @@
colorama==0.4.6
execnet==2.1.1
iniconfig==2.0.0
packaging==24.0
pluggy==1.4.0
pytest==8.1.1
pytest-xdist==3.5.0
pyyaml==6.0.1

97
.github/workflows/requirements.txt vendored Normal file
View File

@ -0,0 +1,97 @@
#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --generate-hashes --output-file=requirements_new.txt requirements.txt
#
colorama==0.4.6 \
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
--hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
# via -r requirements.txt
execnet==2.1.1 \
--hash=sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc \
--hash=sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3
# via
# -r requirements.txt
# pytest-xdist
iniconfig==2.0.0 \
--hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
--hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
# via
# -r requirements.txt
# pytest
packaging==24.0 \
--hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
--hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
# via
# -r requirements.txt
# pytest
pluggy==1.4.0 \
--hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \
--hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be
# via
# -r requirements.txt
# pytest
pytest==8.1.1 \
--hash=sha256:2a8386cfc11fa9d2c50ee7b2a57e7d898ef90470a7a34c4b949ff59662bb78b7 \
--hash=sha256:ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044
# via
# -r requirements.txt
# pytest-xdist
pytest-xdist==3.5.0 \
--hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \
--hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24
# via -r requirements.txt
pyyaml==6.0.1 \
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
--hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
--hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
--hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
--hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
--hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
--hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
--hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
--hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
--hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
--hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
--hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
--hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
--hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
--hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
--hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
--hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
--hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
--hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
--hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
--hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
--hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
--hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
--hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
--hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
--hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
--hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
--hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
--hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
--hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \
--hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
--hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
--hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
--hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
--hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
--hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
--hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
--hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
--hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
--hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
--hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
--hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
--hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
--hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
--hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
--hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
--hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
--hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
# via -r requirements.txt

64
.github/workflows/scorecard.yml vendored Normal file
View File

@ -0,0 +1,64 @@
name: Scorecard supply-chain security
permissions: {}
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
workflow_call:
workflow_dispatch:
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # pin@v2.4.0
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v4
with:
name: SARIF file
path: results.sarif
retention-days: 28
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # pin@v3
with:
sarif_file: results.sarif

151
.github/workflows/sig-bench.yml vendored Normal file
View File

@ -0,0 +1,151 @@
name: sig benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_sig binary only
- name: Build speed_sig binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_sig
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-sig-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available signatures to perform the benchmarking on
"Dilithium2",
"Dilithium3",
"Dilithium5",
"ML-DSA-44",
"ML-DSA-65",
"ML-DSA-87",
"Falcon-512",
"Falcon-1024",
"Falcon-padded-512",
"Falcon-padded-1024",
"SPHINCS+-SHA2-128f-simple",
"SPHINCS+-SHA2-128s-simple",
"SPHINCS+-SHA2-192f-simple",
"SPHINCS+-SHA2-192s-simple",
"SPHINCS+-SHA2-256f-simple",
"SPHINCS+-SHA2-256s-simple",
"SPHINCS+-SHAKE-128f-simple",
"SPHINCS+-SHAKE-128s-simple",
"SPHINCS+-SHAKE-192f-simple",
"SPHINCS+-SHAKE-192s-simple",
"SPHINCS+-SHAKE-256f-simple",
"SPHINCS+-SHAKE-256s-simple",
"MAYO-1",
"MAYO-2",
"MAYO-3",
"MAYO-5",
"cross-rsdp-128-balanced",
"cross-rsdp-128-fast",
"cross-rsdp-128-small",
"cross-rsdp-192-balanced",
"cross-rsdp-192-fast",
"cross-rsdp-192-small",
"cross-rsdp-256-balanced",
"cross-rsdp-256-fast",
"cross-rsdp-256-small",
"cross-rsdpg-128-balanced",
"cross-rsdpg-128-fast",
"cross-rsdpg-128-small",
"cross-rsdpg-192-balanced",
"cross-rsdpg-192-fast",
"cross-rsdpg-192-small",
"cross-rsdpg-256-balanced",
"cross-rsdpg-256-fast",
"cross-rsdpg-256-small",
"OV-Is",
"OV-Ip",
"OV-III",
"OV-V",
"OV-Is-pkc",
"OV-Ip-pkc",
"OV-III-pkc",
"OV-V-pkc",
"OV-Is-pkc-skc",
"OV-Ip-pkc-skc",
"OV-III-pkc-skc",
"OV-V-pkc-skc"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-sig-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_sig
# Run speed_sig tests for each algorithm
- name: Run speed_sig tests
run: |
cd build/tests
./speed_sig "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

View File

@ -1,38 +1,22 @@
name: Weekly constant time tests
name: Weekly tests
permissions:
contents: read
on:
schedule:
- cron: "5 0 * * 0"
- cron: "5 0 * * 0"
jobs:
constant-time-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA*,Rainbow-V-Compressed,Classic-McEliece-6(.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA*,Rainbow-V-Compressed,Classic-McEliece-6(.)*'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
scorecard:
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write
extended-tests:
uses: ./.github/workflows/extended.yml

45
.github/workflows/windows.yml vendored Normal file
View File

@ -0,0 +1,45 @@
name: Windows tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
windows-arm64:
strategy:
matrix:
runner: [windows-2022, windows-2025]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build Project
run: cmake --build build
windows-x86:
strategy:
fail-fast: false
matrix:
runner: [windows-2022, windows-2025]
toolchain: [.CMake/toolchain_windows_x86.cmake, .CMake/toolchain_windows_amd64.cmake]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain ${{ matrix.toolchain }} -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build Project
run: cmake --build build
- name: Test dependencies
run: pip.exe install --require-hashes -r .github\workflows\requirements.txt
- name: Run tests
run: |
python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py --junitxml=build\test-results\pytest\test-results.xml

61
.github/workflows/zephyr.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Zephyr tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
zephyr_test:
runs-on: ubuntu-22.04
container: ghcr.io/zephyrproject-rtos/ci:v0.27.4
env:
CMAKE_PREFIX_PATH: /opt/toolchains
strategy:
fail-fast: false
matrix:
config:
- zephyr-ref: v3.4.0
- zephyr-ref: v3.7.0
steps:
- name: Init Zephyr workspace
run: |
mkdir zephyr && cd zephyr
mkdir manifest && cd manifest
echo "manifest:" > west.yml
echo " remotes:" >> west.yml
echo " - name: zephyr" >> west.yml
echo " url-base: https://github.com/zephyrproject-rtos" >> west.yml
echo " - name: liboqs" >> west.yml
echo " url-base: https://github.com/${{ github.repository_owner }}" >> west.yml
echo " projects:" >> west.yml
echo " - name: zephyr" >> west.yml
echo " remote: zephyr" >> west.yml
echo " repo-path: zephyr" >> west.yml
echo " revision: ${{ matrix.config.zephyr-ref }}" >> west.yml
echo " import:" >> west.yml
echo " name-allowlist:" >> west.yml
echo " - picolibc" >> west.yml
echo " - name: liboqs" >> west.yml
echo " remote: liboqs" >> west.yml
echo " revision: $(echo '${{ github.ref }}' | sed -e 's/refs\/heads\///')" >> west.yml
echo " path: modules/crypto/liboqs" >> west.yml
west init -l --mf west.yml .
- name: Update west workspace
working-directory: zephyr
run: |
west update -n -o=--depth=1
west zephyr-export
- name: Run Signature test
working-directory: zephyr
run: |
west twister --integration -T modules/crypto/liboqs/zephyr -s samples/Signatures/sample.crypto.liboqs_signature_example -vvv
- name: Run KEM test
working-directory: zephyr
run: |
west twister --integration -T modules/crypto/liboqs/zephyr -s samples/KEMs/sample.crypto.liboqs_kem_example -vvv

14
.gitignore vendored
View File

@ -16,13 +16,27 @@ tags
# CLion
/cmake-build*
# Visual Studio Code
.vscode
# Jetbrains IDEs
.idea
# MacOS
.DS_Store
# Generated by copy_from_upstream.py
# and update_pqclean_alg_docs.py
scripts/copy_from_upstream/repos
scripts/copy_from_upstream/verify_from_upstream
# Misc
__pycache__
.pytest_cache
.cache
.CMake/a.out
compile_commands.json
# Generated by Nix flake
result/

View File

@ -1,6 +1,6 @@
language: c
before_script:
- sudo apt -y install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz valgrind
- sudo apt update && sudo apt -y install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz valgrind
jobs:
include:
- arch: ppc64le # The IBM Power LXD container based build for OSS only
@ -9,7 +9,7 @@ jobs:
compiler: gcc
if: NOT branch =~ /^ghactionsonly-/
script:
- mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
- mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
- cd build & ninja run_tests
- arch: s390x
os: linux
@ -17,5 +17,5 @@ jobs:
compiler: gcc
if: NOT branch =~ /^ghactionsonly-/
script:
- mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
- mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
- cd build & ninja run_tests

111
CI.md Normal file
View File

@ -0,0 +1,111 @@
# Continuous Integration (CI)
This document aims to provide a accessible yet comprehensive overview of the liboqs CI setup.
## GitHub Actions
liboqs relies on GitHub Actions for almost all of its CI and makes extensive use of [reusable workflows](https://docs.github.com/en/actions/sharing-automations/reusing-workflows).
All workflow files are located in the `.github/workflows` subdirectory.
### Caller workflows
These workflows are triggered by GitHub events (for example, a pull request or a release).
They implement the logic dictating which tests should run on which events.
#### <a name="push.yml"></a> Push workflow (`push.yml`)
This workflow is triggered by pushes to non-`main` branches.
It calls only [basic checks](#basic.yml) unless one of the following strings is included in the commit message:
- "[full tests]": calls [all platform tests](#platforms.yml).
- "[extended tests]": calls the [extended tests](#extended.yml).
- "[trigger downstream]": calls the [downstream release tests](#downstream-release.yml).
To trigger multiple test suites, include multiple trigger strings in the commit message.
For example, "[full tests] [trigger downstream]" will trigger both the platform tests and the downstream release tests.
#### <a name="pr.yml"></a> Pull request workflow (`pr.yml`)
This workflow runs on pull requests.
It calls [basic checks](#basic.yml), [code coverage tests](#code-coverage.yml), [platform tests](#platforms.yml) and [scorecard analysis](#scorecard.yml).
#### <a name="commit-to-main.yml"></a> Commit-to-main workflow (`commit-to-main.yml`)
This workflow runs on pushes to the `main` branch (typically done automatically when a pull request is merged).
It calls [platform tests](#platforms.yml), [code coverage tests](#code-coverage.yml), [scorecard analysis](#scorecard.yml), and [basic downstream tests](#downstream-basic.yml).
#### <a name="weekly.yml"></a> Weekly workflow (`weekly.yml`)
This workflow is triggered by a weekly schedule.
It calls [extended tests](#extended.yml) and [scorecard analysis](#scorecard.yml).
#### <a name="release.yml"></a> Release workflow (`release.yml`)
This workflow is triggered when a release (including a pre-release) is published on GitHub.
It calls [extended tests](#extended) and [downstream release tests](#downstream-release.yml).
### Callable workflows
These workflows are not triggered directly by any GitHub event.
They are instead called by one of the [caller workflows](#caller-workflows).
Users with "write" permissions can also trigger them manually via the GitHub web UI or REST API.
#### <a name="basic.yml"></a> Basic checks (`basic.yml`)
This workflow runs a minimal set of tests that should pass before heavier tests are triggered.
#### <a name="code-coverage.yml"></a> Code coverage tests (`code-coverage.yml`)
This workflow runs code coverage tests and uploads the results to [Coveralls.io](https://coveralls.io/github/open-quantum-safe/liboqs).
#### <a name="<platform>.yml"></a> Individual platform tests (`<platform>.yml`)
These workflows contain tests for the individual [platforms supported by liboqs](PLATFORMS.md).
Currently, these include
- `android.yml`,
- `apple.yml`,
- `macos.yml`,
- `linux.yml`,
- `windows.yml`, and
- `zephyr.yml`.
All of these these are wrapped by [`platforms.yml`](#platforms.yml).
#### <a name="platforms.yml"></a> All platform tests (`platforms.yml`)
This workflow calls all of the [platform-specific tests](#<platform>.yml).
#### <a name="extended.yml"></a> Extended tests (`extended.yml`)
This workflow calls tests which are either resource intensive or rarely need to be triggered.
Currently, this includes constant-time testing with valgrind and the full suite of NIST Known Answer Tests.
#### <a name="downstream-basic.yml"></a> Basic downstream trigger (`downstream-basic.yml`)
This workflow triggers basic CI for a selection of projects that depend on `liboqs`.
Currently, these include
- [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider)
- [`OQS-BoringSSL`](https://github.com/open-quantum-safe/boringssl)
- [`OQS-OpenSSH`](https://github.com/open-quantum-safe/openssh)
- [`OQS Demos`](https://github.com/open-quantum-safe/oqs-demos)
- [`liboqs-cpp`](https://github.com/open-quantum-safe/liboqs-cpp)
- [`liboqs-go`](https://github.com/open-quantum-safe/liboqs-go)
- [`liboqs-python`](https://github.com/open-quantum-safe/liboqs-python)
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="downstream-release.yml"></a> Downstream release trigger (`downstream-release.yml`)
This workflow triggers release tests for a selection of projects that depend on `liboqs`.
Currently, this is only the [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider).
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="scorecard.yml"></a> OpenSSF scorecard analysis (`scorecard.yml`)
This workflow runs the [OpenSSF scorecard](https://github.com/ossf/scorecard) tool.
It is additionally triggered automatically when branch protection rules are changed.
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
## Travis CI
In the past, we used Travis CI to test on [some IBM platforms](PLATFORMS.md#tier-3-1) that are not supported by GitHub Actions.
Our Travis builds are currently disabled pending resolution of [issue #1888](https://github.com/open-quantum-safe/liboqs/issues/1888).

View File

@ -1,6 +1,6 @@
# SPDX-License-Identifier: MIT
cmake_minimum_required (VERSION 3.5)
cmake_minimum_required (VERSION 3.15)
# option() honors normal variables.
# see: https://cmake.org/cmake/help/git-stage/policy/CMP0077.html
if(POLICY CMP0077)
@ -18,13 +18,22 @@ if(POLICY CMP0067)
cmake_policy(SET CMP0067 NEW)
endif()
project(liboqs C ASM)
option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." OFF)
option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." ON)
option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF)
set(OQS_MINIMAL_BUILD "" CACHE STRING "Only build specifically listed algorithms.")
option(OQS_LIBJADE_BUILD "Enable formally verified implementation of supported algorithms from libjade." OFF)
option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsupported architecture." OFF)
option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
option(OQS_EMBEDDED_BUILD "Compile liboqs for an Embedded environment without a full standard library." OFF)
option(OQS_USE_CUPQC "Utilize cuPQC as the backend for supported PQC algorithms." OFF)
# Libfuzzer isn't supported on gcc
if('${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
option(OQS_BUILD_FUZZ_TESTS "Build fuzz test suite" OFF)
endif()
set(OQS_OPT_TARGET auto CACHE STRING "The target microarchitecture for optimization.")
@ -32,17 +41,37 @@ set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_C_VISIBILITY_PRESET hidden)
set(OQS_VERSION_TEXT "0.7.2-rc2")
set(OQS_VERSION_MAJOR 0)
set(OQS_VERSION_MINOR 13)
set(OQS_VERSION_PATCH 1)
set(OQS_VERSION_PRE_RELEASE "-dev")
set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
set(OQS_MINIMAL_GCC_VERSION "7.1.0")
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
# Determine the flags for fuzzing. Use OSS-Fuzz's configuration if available, otherwise fall back to defaults.
if(DEFINED ENV{LIB_FUZZING_ENGINE})
set(FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE})
set(FUZZING_COMPILE_FLAGS "")
set(FUZZING_LINK_FLAGS "${FUZZING_ENGINE}")
else()
set(FUZZING_COMPILE_FLAGS "-fsanitize=fuzzer,address")
set(FUZZING_LINK_FLAGS "-fsanitize=fuzzer,address")
endif()
# heuristic check to see whether we're running on a RaspberryPi
if(EXISTS "/opt/vc/include/bcm_host.h")
add_definitions( -DOQS_USE_RASPBERRY_PI )
endif()
if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64")
set(ARCH "x86_64")
set(ARCH_X86_64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_X86_64_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "i586|i686")
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "x86|i586|i686")
set(ARCH "i586")
set(ARCH_X86 ON)
if(${OQS_DIST_BUILD})
@ -73,12 +102,38 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc|powerpc)")
message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
# CMake uses uname to derive CMAKE_SYSTEM_PROCESSOR value, so on Darwin
# the value is identical for ppc and ppc64. To have the right build arch
# in 64-bit case, we use CMAKE_OSX_ARCHITECTURES.
if(APPLE AND CMAKE_OSX_ARCHITECTURES STREQUAL "ppc64")
set(ARCH "ppc64")
set(ARCH_PPC64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
else()
set(ARCH "ppc")
set(ARCH_PPC ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC_BUILD ON)
endif()
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
set(ARCH "s390x")
set(ARCH_S390X ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_S390X_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "riscv")
set(ARCH "riscv")
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "loongarch64")
set(ARCH "loongarch64")
set(ARCH_LOONGARCH64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_LOONGARCH64_BUILD ON)
endif()
elseif(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE)
message(WARNING "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR})
message(WARNING "Compilation on an unsupported processor should only be used for testing, as it may result an insecure configuration, for example due to variable-time instructions leaking secret information.")
@ -86,6 +141,20 @@ else()
message(FATAL_ERROR "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR} ". Override by setting OQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON")
endif()
if(${OQS_USE_CUPQC})
# CMAKE's CUDA language requires CMAKE 3.18
cmake_minimum_required (VERSION 3.18)
enable_language(CUDA)
if(NOT DEFINED CMAKE_CUDA_ARCHITECTURES)
set(CMAKE_CUDA_ARCHITECTURES 80 90)
endif()
find_package(cuPQC 0.2.0 REQUIRED)
endif()
if (NOT ((CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") AND (ARCH_X86_64 STREQUAL "ON")) AND (OQS_LIBJADE_BUILD STREQUAL "ON"))
message(FATAL_ERROR "Building liboqs with libjade implementations from libjade is only supported on Linux and Darwin on x86_64.")
endif()
# intentionally don't switch to variables to avoid --warn-uninitialized report
if(OQS_USE_CPU_EXTENSIONS)
message(FATAL_ERROR "OQS_USE_CPU_EXTENSIONS is deprecated")
@ -104,7 +173,7 @@ endif()
option(OQS_SPEED_USE_ARM_PMU "Use ARM Performance Monitor Unit during benchmarking" OFF)
if(WIN32)
if(WIN32 AND NOT (MINGW OR MSYS OR CYGWIN))
set(CMAKE_GENERATOR_CC cl)
endif()
@ -119,22 +188,41 @@ if(${OQS_USE_OPENSSL})
elseif(EXISTS "/opt/homebrew/opt/openssl@1.1")
set(OPENSSL_ROOT_DIR "/opt/homebrew/opt/openssl@1.1")
endif()
elseif(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Linux")
set(OPENSSL_ROOT_DIR "/usr")
endif()
endif()
find_package(OpenSSL 1.1.1 REQUIRED)
if(OQS_DLOPEN_OPENSSL)
find_program(OBJDUMP objdump)
if(NOT OBJDUMP)
message(FATAL_ERROR "objdump not found. Please install it from binutils.")
endif()
execute_process(
COMMAND ${OBJDUMP} -p ${OPENSSL_CRYPTO_LIBRARY}
COMMAND sed -n "s/[ ]\\{1,\\}SONAME[ ]\\{1,\\}//p"
OUTPUT_VARIABLE OQS_OPENSSL_CRYPTO_SONAME
OUTPUT_STRIP_TRAILING_WHITESPACE
COMMAND_ERROR_IS_FATAL ANY)
message(STATUS "OpenSSL dlopen SONAME: " ${OQS_OPENSSL_CRYPTO_SONAME})
endif()
endif()
set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h
${PROJECT_SOURCE_DIR}/src/common/aes/aes_ops.h
${PROJECT_SOURCE_DIR}/src/common/common.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand.h
${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4_ops.h
${PROJECT_SOURCE_DIR}/src/kem/kem.h
${PROJECT_SOURCE_DIR}/src/sig/sig.h)
${PROJECT_SOURCE_DIR}/src/sig/sig.h
${PROJECT_SOURCE_DIR}/src/sig_stfl/sig_stfl.h)
set(INTERNAL_HEADERS ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand_nist.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h)
if(${OQS_ENABLE_KEM_BIKE})
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/bike/kem_bike.h)
@ -142,8 +230,8 @@ endif()
if(${OQS_ENABLE_KEM_FRODOKEM})
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/frodokem/kem_frodokem.h)
endif()
if(${OQS_ENABLE_SIG_PICNIC})
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/picnic/sig_picnic.h)
if(OQS_ENABLE_KEM_NTRUPRIME)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ntruprime/kem_ntruprime.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_START
if(OQS_ENABLE_KEM_CLASSIC_MCELIECE)
@ -155,30 +243,43 @@ endif()
if(OQS_ENABLE_KEM_KYBER)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/kyber/kem_kyber.h)
endif()
if(OQS_ENABLE_KEM_NTRU)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ntru/kem_ntru.h)
endif()
if(OQS_ENABLE_KEM_NTRUPRIME)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ntruprime/kem_ntruprime.h)
endif()
if(OQS_ENABLE_KEM_SABER)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/saber/kem_saber.h)
if(OQS_ENABLE_KEM_ML_KEM)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ml_kem/kem_ml_kem.h)
endif()
if(OQS_ENABLE_SIG_DILITHIUM)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/dilithium/sig_dilithium.h)
endif()
if(OQS_ENABLE_SIG_ML_DSA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/ml_dsa/sig_ml_dsa.h)
endif()
if(OQS_ENABLE_SIG_FALCON)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/falcon/sig_falcon.h)
endif()
if(OQS_ENABLE_SIG_RAINBOW)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/rainbow/sig_rainbow.h)
endif()
if(OQS_ENABLE_SIG_SPHINCS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
endif()
if(OQS_ENABLE_SIG_MAYO)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/mayo/sig_mayo.h)
endif()
if(OQS_ENABLE_SIG_CROSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/cross/sig_cross.h)
endif()
if(OQS_ENABLE_SIG_UOV)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/uov/sig_uov.h)
endif()
if(OQS_ENABLE_SIG_SNOVA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/snova/sig_snova.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
if(OQS_ENABLE_SIG_STFL_XMSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
endif()
if(OQS_ENABLE_SIG_STFL_LMS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/lms/sig_stfl_lms.h)
endif()
execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
configure_file(src/oqsconfig.h.cmake ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
@ -194,7 +295,7 @@ if(NOT ${OQS_BUILD_ONLY_LIB})
set(DOXYFILE ${PROJECT_SOURCE_DIR}/docs/.Doxyfile)
add_custom_target(
gen_docs
COMMAND ${PROJECT_SOURCE_DIR}/scripts/run_doxygen.sh ${DOXYGEN_EXECUTABLE} ${DOXYFILE}
COMMAND ${PROJECT_SOURCE_DIR}/scripts/run_doxygen.sh ${DOXYGEN_EXECUTABLE} ${DOXYFILE} ${PROJECT_BINARY_DIR}
WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
COMMENT "Generate API documentation with Doxygen."
USES_TERMINAL)
@ -209,3 +310,26 @@ if(NOT ${OQS_BUILD_ONLY_LIB})
USES_TERMINAL)
endif()
endif()
set(CPACK_GENERATOR "DEB")
set(CPACK_PACKAGE_VENDOR "www.openquantumsafe.org")
set(CPACK_PACKAGE_VERSION ${OQS_VERSION_TEXT})
if(${OQS_USE_OPENSSL})
set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl")
else()
set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6")
endif()
set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
include(CPack)
# uninstall target
if(NOT TARGET uninstall)
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/.CMake/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
endif()

128
CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
conduct@openquantumsafe.org.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.

View File

@ -1,52 +1,89 @@
Options for configuring liboqs builds
=====================================
The following options can be passed to CMake before the build file generation process to customize the way liboqs is built. The syntax for doing so is: `cmake .. [ARGS] [-D<OPTION_NAME>=<OPTION_VALUE>]...`, where `<OPTON_NAME>` is:
- [BUILD_SHARED_LIBS](#BUILD_SHARED_LIBS)
- [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE)
- [CMAKE_INSTALL_PREFIX](#CMAKE_INSTALL_PREFIX)
- [OQS_ALGS_ENABLED](#OQS_ALGS_ENABLED)
- [OQS_BUILD_ONLY_LIB](#OQS_BUILD_ONLY_LIB)
- [OQS_ENABLE_KEM_\<ALG\>/OQS_ENABLE_SIG_\<ALG\>](#OQS_ENABLE_KEM_\<ALG\>/OQS_ENABLE_SIG_\<ALG\>)
- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG)
- [OQS_MINIMAL_BUILD](#OQS_MINIMAL_BUILD)
- [OQS_DIST_BUILD](#OQS_DIST_BUILD)
- [OQS_USE_\<CPU_FEATURE\>_INSTRUCTIONS](OQS_USE_\<CPU_FEATURE\>_INSTRUCTIONS)
- [OQS_USE_CPUFEATURE_INSTRUCTIONS](#OQS_USE_CPUFEATURE_INSTRUCTIONS)
- [OQS_USE_OPENSSL](#OQS_USE_OPENSSL)
- [OQS_USE_CUPQC](#OQS_USE_CUPQC)
- [OQS_OPT_TARGET](#OQS_OPT_TARGET)
- [OQS_SPEED_USE_ARM_PMU](#OQS_SPEED_USE_ARM_PMU)
- [USE_COVERAGE](#USE_COVERAGE)
- [USE_SANITIZER](#USE_SANITIZER)
- [OQS_ENABLE_TEST_CONSTANT_TIME](#OQS_ENABLE_TEST_CONSTANT_TIME)
- [OQS_STRICT_WARNINGS](#OQS_STRICT_WARNINGS)
- [OQS_EMBEDDED_BUILD](#OQS_EMBEDDED_BUILD)
- [OQS_LIBJADE_BUILD](#OQS_LIBJADE_BUILD)
- [OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG](#OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG)
- [OQS_BUILD_FUZZ_TESTS](#OQS_BUILD_FUZZ_TESTS)
## BUILD_SHARED_LIBS
Can be set to `ON` or `OFF`. When `ON`, liboqs is built as a shared library. It is `OFF` by default, which means liboqs is built as a static library by default.
Can be set to `ON` or `OFF`. When `ON`, liboqs is built as a shared library.
**Default**: `OFF`.
This means liboqs is built as a static library by default.
## CMAKE_BUILD_TYPE
Can be set to the following values:
- `Debug`: This turns off all compiler optimizations and produces debugging information. When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer. **This value only has effect when the compiler is GCC or Clang**
- `Debug`: This turns off all compiler optimizations and produces debugging information. **This value only has effect when the compiler is GCC or Clang**
- The [USE_COVERAGE](#USE_COVERAGE) option can also be specified to enable code coverage testing.
- When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer.
- `Release`: This compiles code at the `O3` optimization level, and sets other compiler flags that reduce the size of the binary.
**Default**: `Release`.
## CMAKE_INSTALL_PREFIX
See the [CMake documentation](https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html).
## OQS_ENABLE_KEM_\<ALG\>/OQS_ENABLE_SIG_\<ALG\>
## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG
This can be set to `ON` or `OFF`, and is `ON` by default. When `OFF`, `<ALG>` and its code are excluded from the build process. When `ON`, made available are additional options whereby individual variants of `<ALG>` can be excluded from the build process.
Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG` should be replaced with the specific algorithm name as demonstrated below.
For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike1_l1_cpa`, `OQS_ENABLE_KEM_bike1_l1_fo`, `OQS_ENABLE_KEM_bike1_l3_cpa`, `OQS_ENABLE_KEM_bike1_l3_fo` are made available (and are set to be `ON` by default).
This can be set to `ON` or `OFF`, and is `ON` by default. When `OFF`, `ALG` and its code are excluded from the build process. When `ON`, made available are additional options whereby individual variants of `ALG` can be excluded from the build process.
For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike_l1`, `OQS_ENABLE_KEM_bike_l3`, and `OQS_ENABLE_KEM_bike_l5` are made available (and are set to be `ON` by default).
To enable `XMSS` stateful signature, set `OQS_ENABLE_SIG_STFL_XMSS` to `ON`, the options `OQS_ENABLE_SIG_STFL_xmss_sha256_h10` and its variants are also set to be `ON` by default. Similarly, `LMS` stateful signature family can also be enabled by setting `OQS_ENABLE_SIG_STFL_LMS` to `ON`.
For a full list of such options and their default values, consult [.CMake/alg_support.cmake](https://github.com/open-quantum-safe/liboqs/blob/master/.CMake/alg_support.cmake).
**Default**: Unset.
## OQS_ALGS_ENABLED
A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "NIST_SIG_ONRAMP" selecting algorithms evaluated in the NIST PQC "onramp" standardization for additional signature schemes; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).
**Attention**: If you use any predefined value (`STD` or `NIST_R4` or `NIST_SIG_ONRAMP` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.
**Default**: `All`.
## OQS_BUILD_ONLY_LIB
Can be `ON` or `OFF`. When `ON`, only liboqs is built, and all the targets: `run_tests`, `gen_docs`, and `prettyprint` are excluded from the build system.
**Default**: `OFF`.
## OQS_MINIMAL_BUILD
If set, this defines a semicolon deliminated list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="OQS_ENABLE_KEM_kyber_768;OQS_ENABLE_SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
If set, this defines a semicolon-delimited list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
The full list of identifiers that can set are listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). Default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
The full list of identifiers that can be set is listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). The default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
**Default**: Unset.
## OQS_DIST_BUILD
@ -58,15 +95,68 @@ When built for distribution, the library will run on any CPU of the target archi
When built for use on a single machine, the library will only include the best available code for the target micro-architecture (see [OQS_OPT_TARGET](#OQS_OPT_TARGET)).
## OQS_USE_\<CPU_FEATURE\>_INSTRUCTIONS
**Default**: `ON`.
These can be set to `ON` or `OFF` and take an effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
## OQS_USE_CPUFEATURE_INSTRUCTIONS
Note: `CPUFEATURE` in `OQS_USE_CPUFEATURE_INSTRUCTIONS` should be replaced with the specific CPU feature as noted below.
These can be set to `ON` or `OFF` and take effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
**Default**: Options valid on the build machine.
## OQS_USE_OPENSSL
This can be set to `ON` or `OFF`. When `ON`, the additional options `OQS_USE_AES_OPENSSL`, `OQS_USE_SHA2_OPENSSL`, and `OQS_USE_SHA3_OPENSSL` are made available to control whether liboqs uses OpenSSL's AES, SHA-2, and SHA-3 implementations. By default, `OQS_USE_AES_OPENSSL` is `ON` (on x86-64 only if `OQS_DIST_BUILD` and `OQS_USE_AES_INSTRUCTIONS` are not set), `OQS_USE_SHA2_OPENSSL` is `ON` while `OQS_USE_SHA3_OPENSSL` is `OFF`.
To save size and limit the amount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The `OPENSSL_ROOT_DIR` option can be set to aid CMake in its search.
This can be set to `ON` or `OFF`. When `ON`, the additional options `OQS_USE_AES_OPENSSL`, `OQS_USE_SHA2_OPENSSL`, and `OQS_USE_SHA3_OPENSSL` are made available to control whether liboqs uses OpenSSL's AES, SHA-2, and SHA-3 implementations.
By default,
- `OQS_USE_AES_OPENSSL` is `ON` (on x86-64 only if `OQS_DIST_BUILD` and `OQS_USE_AES_INSTRUCTIONS` are not set)
- `OQS_USE_SHA2_OPENSSL` is `ON`
- `OQS_USE_SHA3_OPENSSL` is `OFF`.
These default choices have been made to optimize the default performance of all algorithms. Changing them implies performance penalties.
When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The [OPENSSL_ROOT_DIR](https://cmake.org/cmake/help/latest/module/FindOpenSSL.html) option can be set to aid CMake in its search.
**Default**: `ON`.
### OQS_DLOPEN_OPENSSL
Dynamically load OpenSSL through `dlopen`. When using liboqs from other cryptographic libraries, hard dependency on OpenSSL is sometimes undesirable. If this option is `ON`, loading of OpenSSL will be deferred until any of the OpenSSL functions is used.
Only has an effect if the system supports `dlopen` and ELF binary format, such as Linux or BSD family.
### OQS_USE_CUPQC
Can be `ON` or `OFF`. When `ON`, use NVIDIA's cuPQC library where able (currently just ML-KEM). When this option is enabled, liboqs may not run correctly on machines that lack supported GPUs. To download cuPQC follow the instructions at (https://developer.nvidia.com/cupqc-download/). Detailed descriptions of the API, requirements, and installation guide are in the cuPQC documentation (https://docs.nvidia.com/cuda/cupqc/index.html). While the code shipped by liboqs required to use cuPQC is licensed under Apache 2.0 the cuPQC SDK comes with its own license agreement (https://docs.nvidia.com/cuda/cupqc/license.html).
**Default**: `OFF`
## Stateful Hash Based Signatures
XMSS and LMS are the two supported Hash-Based Signatures schemes.
`OQS_ENABLE_SIG_STFL_XMSS` and `OQS_ENABLE_SIG_STFL_LMS` control these algorithms, which are disabled by default.
A third variable, `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN`, also controls the ability to generate keys and signatures. This is also disabled by default.
Each of these variables can be set to `ON` or `OFF`.
When all three are `ON`, stateful signatures are fully functional and can generate key pairs, sign data, and verify signatures.
If `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF` signature verification is the only functional operation.
Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in order to best enforce the one-time use of secret keys.
Keys stored in a file system are extremely susceptible to simultaneous use.
When enabled in this library a warning message will be generated by the config process.
The name of the configuration variable has been chosen to make every user of this feature aware of its security risks.
The OQS team explicitly discourages enabling this variable and reserves the right to remove this feature in future releases if its use causes actual harm.
It remains present as long as it is responsibly used as per the stated warnings.
By default,
- `OQS_ENABLE_SIG_STFL_XMSS` is `OFF`
- `OQS_ENABLE_SIG_STFL_LMS` is `OFF`
- `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF`.
**Default**: `OFF`.
## OQS_OPT_TARGET
@ -74,19 +164,27 @@ An optimization target. Only has an effect if the compiler is GCC or Clang and `
- `auto`: Use `-march=native` or `-mcpu=native` (if the compiler supports it).
- `generic`: Use `-march=x86-64` on x86-64, or `-mcpu=cortex-a5` on ARM32v7, or `-mcpu=cortex-a53` on ARM64v8.
The default value is `auto`.
**Default**: `auto`.
## OQS_SPEED_USE_ARM_PMU
Can be `ON` or `OFF`. When `ON`, the benchmarking script will try to use the ARMv8 Performance Monitoring Unit (PMU). This will make cycle counts on ARMv8 platforms significantly more accurate.
In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via the kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for Linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
Note that this option is not known to work on Apple M1 chips.
**Default**: `OFF`.
## USE_COVERAGE
This has an effect when the compiler is GCC or Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Can be `ON` or `OFF`. When `ON`, code coverage testing will be enabled.
**Default**: Unset.
## USE_SANITIZER
This has effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
This has an effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
- `Address`: This enables Clang's `AddressSanitizer`
- `Memory`: This enables Clang's `MemorySanitizer`
@ -95,6 +193,50 @@ This has effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BU
- `Thread`: This enables Clang's `ThreadSanitizer`
- `Leak`: This enables Clang's `LeakSanitizer`
**Default**: Unset.
## OQS_ENABLE_TEST_CONSTANT_TIME
This is used in conjunction with `tests/test_constant_time.py` to use Valgrind to look for instances of secret-dependent control flow. liboqs must also be compiled with [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) set to `Debug`. See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more information on usage.
This is used in conjunction with `tests/test_constant_time.py` to use Valgrind to look for instances of secret-dependent control flow. liboqs must also be compiled with [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) set to `Debug`.
See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more usage information.
**Default**: `OFF`.
## OQS_STRICT_WARNINGS
Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at the development time of this library.
**Default**: `OFF`.
## OQS_EMBEDDED_BUILD
Can be `ON` or `OFF`. When `ON`, calls to standard library functions typically not present in a bare-metal embedded environment are excluded from compilation.
At the moment, this is **only** considered for random number generation, as both `getentropy()` and a file based `/dev/urandom` are not available on embedded targets (e.g. the Zephyr port).
**Attention**: When this option is enabled, you have to supply a custom callback for obtaining random numbers using the `OQS_randombytes_custom_algorithm()` API before accessing the cryptographic API. Otherwise, all key generation and signing operations will fail.
**Default**: `OFF`.
## OQS_LIBJADE_BUILD
Can be `ON` or `OFF`. When `ON` liboqs is built to use high assurance implementations of cryptographic algorithms from [Libjade](https://github.com/formosa-crypto/libjade). The cryptographic primitives in Libjade are written using [Jasmin](https://github.com/jasmin-lang/jasmin) and built using the Jasmin compiler. The Jasmin compiler is proven (in Coq) to preserve semantic correctness of a program, maintain secret-independence of control flow, and maintain secret independence of locations of memory access through compilation. Additionally, the Jasmin compiler guarantees thread safety because Jasmin doesn't support global variables.
At the moment, Libjade only provides Kyber512 and Kyber768 KEMs.
At the moment, libjade only supports Linux and Darwin based operating systems on x86_64 platforms.
**Default** `OFF`.
## OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG
Note: `ALG` in `OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated in OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG.
**Default**: `OFF` if OQS_LIBJADE_BUILD is `OFF` else unset.
## OQS_BUILD_FUZZ_TESTS
Can be `ON` or `OFF`. When `ON` liboqs the fuzz test-suite will be enabled. This option is only available if the c compiler is set to clang i.e. `-DCMAKE_C_COMPILER=clang`.
Note: It is strongly recommended that this configuration be enabled with `CFLAGS=-fsanitize=address,fuzzer-no-link LDFLAGS=-fsanitize=address`. While fuzzing will run without these flags, enabling this instrumentation will make fuzzing performance much faster and catch [potential memory related bugs](https://clang.llvm.org/docs/AddressSanitizer.html).
**Default** `OFF`.

94
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,94 @@
# Contributing
The OQS core team welcomes all proposals to improve this project. This may take
the form of [a discussion](https://github.com/open-quantum-safe/liboqs/discussions)
for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/liboqs/issues)
as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/liboqs/pulls).
## Baseline design goal
OQS is a collection of many different PQC algorithms, maintained by a small team of people who are not guaranteed to be versed in the intricate details of each algorithm.
Therefore, all contributions to the general logic of the project should be as independent of any single algorithm such as to ease long-term maintainability. If changes are contributed catering to the properties of a specific algorithm, it is expected that consideration is given at least how the other algorithms of the same type (KEM or SIG) should cater to the proposed changes, e.g., by way of a new, generally satisfiable API.
All contributions to a specific algorithm ideally come with the willingness to provide long-term support, or at least a contact person that can help the OQS team pinpoint potential problems with the algorithm.
## Review and Feedback
We aim to provide timely feedback to any input. If you are uncertain as to whether
a particular contribution is welcome, needed or timely, please first open an [issue](https://github.com/open-quantum-safe/liboqs/issues)
particularly in case of possible bugs or new feature requests or create a
[discussion](https://github.com/open-quantum-safe/liboqs/discussions).
## Pull requests
Pull requests should clearly state their purpose, possibly referencing an existing
[issue](https://github.com/open-quantum-safe/liboqs/issues) when resolving it.
All PRs should move to "Ready for Review" stage only if all CI tests pass (are green).
The OQS core team is happy to provide feedback also to Draft PRs in order to improve
them before the final "Review" stage.
### Coding style
This project has adopted a slightly modified [Google code formatting style](https://astyle.sourceforge.net/astyle.html#_style=google) for the core components
of the library as documented in the [style template](.astylerc).
The `astyle` tool is used to check formatting in CI.
Due to variations in behaviour across version and platforms, it is possible to encounter CI failures even if code has been locally formatted with `astyle`.
To assist with this inconvenience, we provide a convenience script which runs `astyle` in the same Docker image that we use for the CI checks:
```bash
LIBOQS_DIR=<liboqs directory> ./scripts/format_code.sh
```
This script has been tested on x86\_64 Ubuntu and arm64 macOS. Contributions for other platforms are welcome and appreciated!
### Continuous Integration (CI)
`liboqs` uses GitHub Actions for CI.
For a comprehensive overview of our CI setup, see [CI.md](CI.md).
#### Running CI on your branch
OQS attempts to be responsible with resource usage and only runs a minimal set of tests automatically on push.
A more thorough test suite runs automatically on pull requests.
To trigger these tests before creating a PR, include the string "[full tests]" in a commit message.
Other trigger strings are documented in [CI.md](CI.md#push.yml).
#### Running CI locally
[Act](https://github.com/nektos/act) is a tool facilitating local execution of
GitHub CI jobs. When executed in the main `liboqs` directory,
act -l Displays all GitHub CI jobs
act -j some-job Executes "some-job"
When installing `act` as a GitHub extension, prefix the commands with `gh `.
## Modifications to CI
Modifications to GitHub Actions workflows are checked with [actionlint](https://github.com/rhysd/actionlint) during the [basic.yml](.github/workflows/basic.yml) job, protecting the CI chain and against wrong approval decisions based on improper CI runs. Changes to these workflows can be validated locally with `actionlint`:
```bash
actionlint .github/workflows/*.yml
```
or running the CI locally (as above):
```bash
act workflow_call -W '.github/workflows/basic.yml'
```
### New features
Any PR introducing a new feature is expected to contain a test of this feature
and this test should be part of the CI pipeline.
## Failsafe
If you feel your contribution is not getting proper attention, please be sure to
add a tag to one or more of our [most active contributors](https://github.com/open-quantum-safe/liboqs/graphs/contributors).
## Issues to start working on
If you feel like contributing but don't know what specific topic to work on,
please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).

View File

@ -10,7 +10,7 @@ Ben Davies (University of Waterloo)
Javad Doliskani (University of Waterloo)
Ted Eaton (University of Waterloo)
Nicholas Fulton (Arizona State University)
Vlad Gheorghiu (evolutionQ, University of Waterloo)
Vlad Gheorghiu (softwareQ Inc., University of Waterloo)
Jason Goertzen (University of Waterloo)
Shay Gueron (Amazon Web Services)
Torben Hansen (Royal Holloway University of London)
@ -33,5 +33,10 @@ John Underhill
Karolin Varner
Sebastian Verschoor (University of Waterloo)
Thom Wiggers (Radboud University)
Dindyal Jeevesh Rishi (University of Mauritius / cyberstorm.mu)
Duc Tri Nguyen
Marco Gianvecchio (Politecnico di Milano)
Alessandro Barenghi (Politecnico di Milano)
Gerardo Pelosi (Politecnico di Milano)
See additional contributors at https://github.com/open-quantum-safe/liboqs/graphs/contributors

124
GOVERNANCE.md Normal file
View File

@ -0,0 +1,124 @@
# Governance
## Basic principles
The Open Quantum Safe project aims to operate by the following principles:
- **Openness**: The project will be open in its operation, open to contributions, and produce open source software.
- **Respect**: The project will foster respectful interactions with all participants.
- **Scientific integrity**: The project will follow advancements in cryptographic research and will be guided by standards and best practices.
Decision making in the project will follow the principles above, and be governed first and foremost by reason and mutually respectful interaction between all participants.
The project will aim to build consensus for decisions, and will where possible operate by the approach of [lazy consensus](https://community.apache.org/committers/decisionMaking.html).
If decisions cannot be reached using lazy consensus, voting will be used to come to a resolution.
## Community and Roles
The OQS community is open to all who would like to participate in the project following its principles, including academic, industry, public sector, and individual contributors.
The following roles exist in the project:
### Users
A **User** is a person or organization using software produced by the project.
Responsibilities:
- Abide by the [license](LICENSE.txt)
- Consider participating in the project!
### Community Members
A **Community Member** is a User who interacts with the project, for example by participating in discussions on Github or mailing lists, or in project meetings.
Responsibilities:
- Follow the [code of conduct](CODE_OF_CONDUCT.md)
### Contributors
A **Contributor** is a Community Member who contributes directly to the project by submitting code or documentation, or actively participating in issues or pull requests on Github.
### Committers
A **Committer** is a Contributor with increased experience in the project who helps review pull requests and actively participates in discussions about the project. Committers will be members of the open-quantum-safe GitHub organization and will have "write" permissions in GitHub.
Responsibilities:
- Further the goals of the project.
- Monitor and respond to GitHub issues.
- Review and merge pull requests.
- Assist with security releases when required.
- Participate in discussions and project meetings.
### Maintainers
A **Maintainer** is a Committer who makes significant and sustained contributions to the project, and is committed to guiding the direction of the project. Maintainers will have "administrative" permissions in GitHub.
Responsibilities:
- Oversee the overall project health and growth.
- Lead communication for the project.
- Define general and technical guidelines for the project.
- Identify priorities and manage the release cycle.
### Change of role
Any Community Member may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers.
Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers.
As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice from Committers/Maintainers as to what they can do to obtain this role. Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer.
Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers.
A Maintainer is not permitted to remove another Maintainer's GitHub privileges.
A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected.
Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetoes that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree.
Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees.
### Leave of absence
Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below. At the end of this time period, the Committer automatically regains their voting rights.
A leave of absence may not be longer than a year. If the Committer needs to be away for longer than that, they must step down from that role unconditionally, and regaining that role becomes subject of normal procedures to become Committer, as described in ["Change of role"](#change-of-role) above.
## Voting
Change of role or changes to this document is subject to voting.
Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period.
## Current Maintainers and Committers
### Maintainers
@baentsch (on leave of absence as of March 11, 2025)
@dstebila
@SWilson4
### Committers
@baentsch (on leave of absence as of March 11, 2025)
@bhess
@christianpaquin
@dstebila
@Martyrshot
@praveksharma
@SWilson4
@vsoftco
## Former Maintainers and Committers
OQS is grateful to the following individuals who have previously served as Maintainers or Committers for liboqs.
### Former Committers
@jschanck
## Afterword
*This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md).

View File

@ -4,7 +4,7 @@ differently; the corresponding subfolder contains the license that applies in
that case.
Copyright (c) 2016-2021 Open Quantum Safe project
Copyright (c) 2016-2024 The Open Quantum Safe project authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

68
PLATFORMS.md Normal file
View File

@ -0,0 +1,68 @@
# Supported platforms
This file documents the different platforms supported by `liboqs` and therefore defines three different support tiers:
## Support tiers
This classification is roughly based on the [rust platform support tier classification](https://doc.rust-lang.org/beta/rustc/platform-support.html):
### Tier 1
Tier 1 targets can be thought of as "guaranteed to work". The CI system builds and tests binary versions for each tier 1 target to make sure any change does not negatively affect those platforms. Platform-specific build documentation must exist. Tier 1 targets marked with a dagger (†) are additionally tested for constant-time behaviour. The CI system contains automated constant-time testing for each of these starred targets, and all failures are documented in the `tests/constant_time` directory. IMPORTANT: This does not mean that constant-time behaviour is guaranteed on these targets, or that non-constant-time behaviour is limited to documented exceptions. It does, however, mean that `liboqs` developers should track constant-time issues on these platforms.
Tier 1 platforms are also prioritized for security support, as per the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md).
### Tier 2
Tier 2 targets can be thought of as "guaranteed to build". The `liboqs` CI system contains builds for each tier 2 target; testing may or may not be available (typically depending on CI system platform availability). Therefore, tier 2 targets often work to quite a good degree and patches are always welcome! Tier 2 targets may also have known deficiencies caused by a lack of expertise to fix those on a given platform. Again, help and PRs to move platforms from tier 2 to tier 1 are always welcome.
### Tier 3
Tier 3 targets are those which the `liboqs` codebase has support for, but which the CI system does not build or test automatically, so they may or may not work. Platform-specific build documentation should exist.
## Platform tier policy
Tier 2 and tier 1 targets place work on `liboqs` core project developers as a whole, to avoid breaking the target. The broader `liboqs` community may also feel more inclined to support higher-tier targets in their work. Thus, these tiers require commensurate and ongoing efforts from the maintainers of the target, to demonstrate value and to minimize any disruptions to ongoing `liboqs` development.
This policy defines the requirements for accepting a proposed target at a given level of support.
Each tier builds on all the requirements from the previous tier, unless overridden by a stronger requirement.
Change of tier is subject to approval by the `liboqs` technical governance team. This team is responsible for reviewing and evaluating the target, based on these requirements and their own judgment. The tea may apply additional requirements, including subjective requirements, such as to deal with issues not foreseen by this policy. (Such requirements may subsequently motivate additions to this policy.)
While these criteria attempt to document the policy, that policy still involves human judgment. Targets must fulfill the spirit of the requirements as well, as determined by the judgment of the approving team. Reviewers and team members evaluating targets and target-specific patches should always use their own best judgment regarding the quality of work, and the suitability of a target for the `liboqs` project. Neither this policy nor any decisions made regarding targets shall create any binding agreement or estoppel by any party.
Before filing an issue or pull request (PR) to introduce or promote a target, the target should already meet the corresponding tier requirements. This does not preclude an existing target's maintainers using issues (on the `liboqs` repository or otherwise) to track requirements that have not yet been met, as appropriate; however, before officially proposing the introduction or promotion of a target, it should meet all of the necessary requirements. A target proposal must quote the corresponding requirements verbatim and respond to them as part of explaining how the target meets those requirements. (For the requirements that simply state that the target or the target developers must not do something, it suffices to acknowledge the requirement.)
Several parts of this policy require providing target-specific documentation. Such documentation should typically appear in a subdirectory of the platform-support section of the `liboqs` manual, with a link from the target's entry in platform support.
Note that a target must have already received approval for the next lower tier, and spent a reasonable amount of time at that tier, before making a proposal for promotion to the next higher tier; this is true even if a target meets the requirements for several tiers at once. This policy leaves the precise interpretation of "reasonable amount of time" up to the approving team; the team may scale the amount of time required based on their confidence in the target and its demonstrated track record at its current tier. At a minimum, multiple stable releases of `liboqs` should typically occur between promotions of a target.
The availability or tier of a target in stable `liboqs` is not a hard stability guarantee about the future availability or tier of that target. Higher-level target tiers are an increasing commitment to the support of a target, and we will take that commitment and potential disruptions into account when evaluating the potential demotion or removal of a target that has been part of a stable release. The promotion or demotion of a target will not generally affect existing stable releases, only current development and future releases.
In this policy, the words "must" and "must not" specify absolute requirements that a target must meet to qualify for a tier. The words "should" and "should not" specify requirements that apply in almost all cases, but for which the approving teams may grant an exception for good reason. The word "may" indicates something entirely optional, and does not indicate guidance or recommendations. This language is based on [IETF RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## Platforms supported
### Tier 1
- x86_64/amd64/x64 for Ubuntu Linux (Noble)†
- x86_64/amd64/x64 for MacOS (XCode 15)
- aarch64 for Ubuntu (Noble)
- aarch64 for MacOS (XCode 15 and 16)
- armhf/ARM7 and aarch64 emulation on Ubuntu
### Tier 2
- x86_64/amd64/x64 for Windows (Visual Studio Toolchain) 2022 and 2025
- armeabi-v7a, arm64-v8a, x86, x86_64 for Android
- aarch64 for Apple iOS and tvOS (CMake `-DPLATFORM=OS64` and `TVOS`)
- arm64, arm (32 bit), x86, x86_64, riscv32, riscv64 for Zephyr
### Tier 3
- x86 for Windows (Visual Studio Toolchain)
- ppc641e for Ubuntu (Focal)
- s390x for Ubuntu (Focal)
- loongarch64 for Debian Linux (trixie)
- NVIDIA GPU architectures 70, 75, 80, 86, 89, and 90 with a x86_64 CPU for Linux

144
README.md
View File

@ -1,22 +1,29 @@
[AppVeyor](https://ci.appveyor.com/project/dstebila/liboqs): ![Build status image](https://ci.appveyor.com/api/projects/status/9d2ts78x88r8wnii/branch/main?svg=true), [CircleCI](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main): ![Build status image](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main.svg?style=svg), [TravisCI](https://travis-ci.com/github/open-quantum-safe/liboqs): [![Build Status](https://travis-ci.com/open-quantum-safe/liboqs.svg?branch=main)](https://travis-ci.com/open-quantum-safe/liboqs)
liboqs
======================
[![Main Branch Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml)
[![Weekly Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml)
![Travis Build Status](https://img.shields.io/travis/com/open-quantum-safe/liboqs?logo=travis&label=Travis%20CI&labelColor=%23343B42&color=%232EBB4E)
[![Coverage Status](https://coveralls.io/repos/github/open-quantum-safe/liboqs/badge.svg?branch=main)](https://coveralls.io/github/open-quantum-safe/liboqs?branch=main)
liboqs is an open source C library for quantum-safe cryptographic algorithms.
- [Overview](#overview)
- [Status](#status)
* [Supported algorithms](#supported-algorithms)
* [Limitations and Security](#limitations-and-security)
- [Quickstart](#quickstart)
* [Linux / macOS](#linuxmacOS)
* [Windows](#windows)
* [Cross compilation](#cross-compilation)
- [Documentation](#documentation)
- [Contributing](#contributing)
- [License](#license)
- [Acknowledgements](#acknowledgements)
- [liboqs](#liboqs)
- [Overview](#overview)
- [Status](#status)
- [Supported Algorithms](#supported-algorithms)
- [Key encapsulation mechanisms](#key-encapsulation-mechanisms)
- [Signature schemes](#signature-schemes)
- [Limitations and Security](#limitations-and-security)
- [Platform limitations](#platform-limitations)
- [Quickstart](#quickstart)
- [Linux and Mac](#linux-and-mac)
- [Windows](#windows)
- [Cross compilation](#cross-compilation)
- [Documentation](#documentation)
- [Contributing](#contributing)
- [License](#license)
- [Acknowledgements](#acknowledgements)
## Overview
@ -26,9 +33,11 @@ liboqs provides:
- a common API for these algorithms
- a test harness and benchmarking routines
liboqs is part of the **Open Quantum Safe (OQS)** project led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/), which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into TLS and SSH, through [OpenSSL](https://github.com/open-quantum-safe/openssl) and [OpenSSH](https://github.com/open-quantum-safe/openssh-portable).
liboqs is part of the **Open Quantum Safe (OQS)** project, which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into protocols like TLS, X.509, and S/MIME, through our [OpenSSL 3 Provider](https://github.com/open-quantum-safe/oqs-provider) and we provide a variety of other [post-quantum-enabled demos](https://github.com/open-quantum-safe/oqs-demos).
More information on OQS can be found [here](https://openquantumsafe.org/) and in the [associated](https://openquantumsafe.org/papers/SAC-SteMos16.pdf) [whitepapers](https://openquantumsafe.org/papers/NISTPQC-CroPaqSte19.pdf).
The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/). More information about the Open Quantum Safe project can be found at [openquantumsafe.org](https://openquantumsafe.org/).
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
## Status
@ -36,46 +45,70 @@ More information on OQS can be found [here](https://openquantumsafe.org/) and in
Details on each supported algorithm can be found in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/final) (final standard) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes.
Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes available a [selection mechanism for algorithms on the NIST standards track, continued NIST competition, or purely experimental nature by way of the configuration variable OQS_ALGS_ENABLED](CONFIGURE.md#oQS_ALGS_ENABLED). By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
#### Key encapsulation mechanisms
<!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_START -->
- **BIKE**: BIKE-L1, BIKE-L3
- **BIKE**: BIKE-L1, BIKE-L3, BIKE-L5
- **Classic McEliece**: Classic-McEliece-348864†, Classic-McEliece-348864f†, Classic-McEliece-460896†, Classic-McEliece-460896f†, Classic-McEliece-6688128†, Classic-McEliece-6688128f†, Classic-McEliece-6960119†, Classic-McEliece-6960119f†, Classic-McEliece-8192128†, Classic-McEliece-8192128f†
- **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
- **HQC**: HQC-128, HQC-192, HQC-256†
- **Kyber**: Kyber512, Kyber512-90s, Kyber768, Kyber768-90s, Kyber1024, Kyber1024-90s
- **NTRU**: NTRU-HPS-2048-509, NTRU-HPS-2048-677, NTRU-HPS-4096-821, NTRU-HPS-4096-1229, NTRU-HRSS-701, NTRU-HRSS-1373
- **NTRU-Prime**: ntrulpr653, ntrulpr761, ntrulpr857, ntrulpr1277, sntrup653, sntrup761, sntrup857, sntrup1277
- **SABER**: LightSaber-KEM, Saber-KEM, FireSaber-KEM
- **HQC**: HQC-128, HQC-192, HQC-256
- **Kyber**: Kyber512, Kyber768, Kyber1024
- **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024
- **NTRU-Prime**: sntrup761
<!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->
#### Signature schemes
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
- **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5, Dilithium2-AES, Dilithium3-AES, Dilithium5-AES
- **Falcon**: Falcon-512, Falcon-1024
- **Picnic**: picnic\_L1\_FS, picnic\_L1\_UR, picnic\_L1\_full, picnic\_L3\_FS, picnic\_L3\_UR, picnic\_L3\_full, picnic\_L5\_FS, picnic\_L5\_UR, picnic\_L5\_full, picnic3\_L1, picnic3\_L3, picnic3\_L5
- **Rainbow**: Rainbow-III-Classic†, Rainbow-III-Circumzenithal†, Rainbow-III-Compressed†, Rainbow-V-Classic†, Rainbow-V-Circumzenithal†, Rainbow-V-Compressed†
- **SPHINCS+-Haraka**: SPHINCS+-Haraka-128f-robust, SPHINCS+-Haraka-128f-simple, SPHINCS+-Haraka-128s-robust, SPHINCS+-Haraka-128s-simple, SPHINCS+-Haraka-192f-robust, SPHINCS+-Haraka-192f-simple, SPHINCS+-Haraka-192s-robust, SPHINCS+-Haraka-192s-simple, SPHINCS+-Haraka-256f-robust, SPHINCS+-Haraka-256f-simple, SPHINCS+-Haraka-256s-robust, SPHINCS+-Haraka-256s-simple
- **SPHINCS+-SHA256**: SPHINCS+-SHA256-128f-robust, SPHINCS+-SHA256-128f-simple, SPHINCS+-SHA256-128s-robust, SPHINCS+-SHA256-128s-simple, SPHINCS+-SHA256-192f-robust, SPHINCS+-SHA256-192f-simple, SPHINCS+-SHA256-192s-robust, SPHINCS+-SHA256-192s-simple, SPHINCS+-SHA256-256f-robust, SPHINCS+-SHA256-256f-simple, SPHINCS+-SHA256-256s-robust, SPHINCS+-SHA256-256s-simple
- **SPHINCS+-SHAKE256**: SPHINCS+-SHAKE256-128f-robust, SPHINCS+-SHAKE256-128f-simple, SPHINCS+-SHAKE256-128s-robust, SPHINCS+-SHAKE256-128s-simple, SPHINCS+-SHAKE256-192f-robust, SPHINCS+-SHAKE256-192f-simple, SPHINCS+-SHAKE256-192s-robust, SPHINCS+-SHAKE256-192s-simple, SPHINCS+-SHAKE256-256f-robust, SPHINCS+-SHAKE256-256f-simple, SPHINCS+-SHAKE256-256s-robust, SPHINCS+-SHAKE256-256s-simple
- **CROSS**: cross-rsdp-128-balanced, cross-rsdp-128-fast, cross-rsdp-128-small†, cross-rsdp-192-balanced, cross-rsdp-192-fast, cross-rsdp-192-small†, cross-rsdp-256-balanced†, cross-rsdp-256-fast, cross-rsdp-256-small†, cross-rsdpg-128-balanced, cross-rsdpg-128-fast, cross-rsdpg-128-small, cross-rsdpg-192-balanced, cross-rsdpg-192-fast, cross-rsdpg-192-small†, cross-rsdpg-256-balanced, cross-rsdpg-256-fast, cross-rsdpg-256-small†
- **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5
- **Falcon**: Falcon-512, Falcon-1024, Falcon-padded-512, Falcon-padded-1024
- **MAYO**: MAYO-1, MAYO-2, MAYO-3, MAYO-5†
- **ML-DSA**: ML-DSA-44, ML-DSA-65, ML-DSA-87
- **SNOVA**: SNOVA\_24\_5\_4, SNOVA\_24\_5\_4\_SHAKE, SNOVA\_24\_5\_4\_esk, SNOVA\_24\_5\_4\_SHAKE\_esk, SNOVA\_37\_17\_2†, SNOVA\_25\_8\_3, SNOVA\_56\_25\_2†, SNOVA\_49\_11\_3†, SNOVA\_37\_8\_4†, SNOVA\_24\_5\_5†, SNOVA\_60\_10\_4†, SNOVA\_29\_6\_5†
- **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
- **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
- **UOV**: OV-Is, OV-Ip, OV-III, OV-V, OV-Is-pkc, OV-Ip-pkc, OV-III-pkc, OV-V-pkc, OV-Is-pkc-skc, OV-Ip-pkc-skc, OV-III-pkc-skc, OV-V-pkc-skc
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->
- **XMSS**: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256, XMSS-SHAKE_10_256, XMSS-SHAKE_16_256, XMSS-SHAKE_20_256, XMSS-SHA2_10_512, XMSS-SHA2_16_512, XMSS-SHA2_20_512, XMSS-SHAKE_10_512, XMSS-SHAKE_16_512, XMSS-SHAKE_20_512, XMSS-SHA2_10_192, XMSS-SHA2_16_192, XMSS-SHA2_20_192, XMSS-SHAKE256_10_192, XMSS-SHAKE256_16_192, XMSS-SHAKE256_20_192, SHAKE256_10_256, SHAKE256_16_256, SHAKE256_20_256, XMSSMT-SHA2_20/2_256, XMSSMT-SHA2_20/4_256, XMSSMT-SHA2_40/2_256, XMSSMT-SHA2_40/4_256, XMSSMT-SHA2_40/8_256, XMSSMT-SHA2_60/3_256, XMSSMT-SHA2_60/6_256, XMSSMT-SHA2_60/12_256, XMSSMT-SHAKE_20/2_256, XMSSMT-SHAKE_20/4_256, XMSSMT-SHAKE_40/2_256, XMSSMT-SHAKE_40/4_256, XMSSMT-SHAKE_40/8_256, XMSSMT-SHAKE_60/3_256, XMSSMT-SHAKE_60/6_256, XMSSMT-SHAKE_60/12_256
- **LMS**: LMS_SHA256_H5_W1, LMS_SHA256_H5_W2, LMS_SHA256_H5_W4, LMS_SHA256_H5_W8, LMS_SHA256_H10_W1, LMS_SHA256_H10_W2, LMS_SHA256_H10_W4, LMS_SHA256_H10_W8, LMS_SHA256_H15_W1, LMS_SHA256_H15_W2, LMS_SHA256_H15_W4, LMS_SHA256_H15_W8, LMS_SHA256_H20_W1, LMS_SHA256_H20_W2, LMS_SHA256_H20_W4, LMS_SHA256_H20_W8, LMS_SHA256_H25_W1, LMS_SHA256_H25_W2, LMS_SHA256_H25_W4, LMS_SHA256_H25_W8, LMS_SHA256_H5_W8_H5_W8, LMS_SHA256_H10_W4_H5_W8, LMS_SHA256_H10_W8_H5_W8, LMS_SHA256_H10_W2_H10_W2, LMS_SHA256_H10_W4_H10_W4, LMS_SHA256_H10_W8_H10_W8, LMS_SHA256_H15_W8_H5_W8, LMS_SHA256_H15_W8_H10_W8, LMS_SHA256_H15_W8_H15_W8, LMS_SHA256_H20_W8_H5_W8, LMS_SHA256_H20_W8_H10_W8, LMS_SHA256_H20_W8_H15_W8, LMS_SHA256_H20_W8_H20_W8
Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments. For more information, consult the algorithm information sheets in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
### Limitations and Security
While at the time of this writing there are no vulnerabilities known in any of the quantum-safe algorithms used in this library, caution is advised when deploying quantum-safe algorithms as most of the algorithms and software have not been subject to the same degree of scrutiny as for currently deployed algorithms. Particular attention should be paid to guidance provided by the standards community, especially from the NIST [Post-Quantum Cryptography Standardization](https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization) project. As research advances, the supported algorithms may see rapid changes in their security, and may even prove insecure against both classical and quantum computers.
While at the time of this writing there are no vulnerabilities known in any of the quantum-safe algorithms used in this library, caution is advised when deploying quantum-safe algorithms as most of the algorithms and software have not been subject to the same degree of scrutiny as for currently deployed algorithms. Particular attention should be paid to guidance provided by the standards community, especially from the NIST [Post-Quantum Cryptography Standardization](https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization) project. As research advances, the supported algorithms may see rapid changes in their security, and may even prove insecure against both classical and quantum computers. Moreover, note that the `sntrup761` is only included for interop testing.
liboqs does not intend to "pick winners": algorithm support is informed by the NIST PQC standardization project. We strongly recommend that applications and protocols rely on the outcomes of ths effort when deploying post-quantum cryptography.
liboqs does not intend to "pick winners": algorithm support is informed by the NIST PQC standardization project. We strongly recommend that applications and protocols rely on the outcomes of this effort when deploying post-quantum cryptography.
We realize some parties may want to deploy quantum-safe cryptography prior to the conclusion of the NIST PQC standardization project. We strongly recommend such attempts make use of so-called **hybrid cryptography**, in which quantum-safe public-key algorithms are used alongside traditional public key algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional cryptography.
**WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.** This library is meant to help with research and prototyping. While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use.
Please see [SECURITY.md](SECURITY.md#security-policy) for details on how to report a vulnerability and the OQS vulnerability response process.
#### Platform limitations
In order to optimize support effort,
- not all algorithms are equally well supported on all platforms. In case of questions, it is first advised to review the [documentation files for each algorithm](docs/algorithms).
- not all compilers are equally well supported. For example, at least v7.1.0 of the GNU compiler is required.
#### Support limitations
This project is not commercially supported. All guidelines and goals for liboqs are reflections of current practices, executed by a community of academic, part-time, and/or voluntary contributors on a best-effort basis and may change at any time. Any entity seeking more reliable commitments is strongly encouraged to join the OQS community and thus enhance the code and support that the community can provide.
## Quickstart
### Linux/macOS
### Linux and Mac
1. Install dependencies:
@ -85,10 +118,14 @@ We realize some parties may want to deploy quantum-safe cryptography prior to th
On macOS, using a package manager of your choice (we've picked Homebrew):
brew install cmake ninja openssl@1.1 wget doxygen graphviz astyle valgrind
brew install cmake ninja openssl@3 wget doxygen graphviz astyle valgrind
pip3 install pytest pytest-xdist pyyaml
Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL version 1.1.1 or higher.
Using Nix:
nix develop
Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL installed (version 3.x recommended; EOL version 1.1.1 also still possible).
2. Get the source:
@ -101,22 +138,26 @@ We realize some parties may want to deploy quantum-safe cryptography prior to th
cmake -GNinja ..
ninja
Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH ..` in the `build` directory.
Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md#options-for-configuring-liboqs-builds). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH -N ..` in the `build` directory.
The following instructions assume we are in `build`.
3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#build_shared_libs) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#bUILD_SHARED_LIBS) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
- `test_kem`: Simple test harness for key encapsulation mechanisms
- `test_sig`: Simple test harness for key signature schemes
- `test_sig`: Simple test harness for signature schemes
- `test_sig_stfl`: Simple test harness for stateful signature schemes
- `test_kem_mem`: Simple test harness for checking memory consumption of key encapsulation mechanisms
- `test_sig_mem`: Simple test harness for checking memory consumption of key signature schemes
- `test_sig_mem`: Simple test harness for checking memory consumption of signature schemes
- `kat_kem`: Program that generates known answer test (KAT) values for key encapsulation mechanisms using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig`: Program that generates known answer test (KAT) values for signature schemes using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig_stfl`: Program for checking results against submitted KAT values using `tests/test_kat.py`
- `speed_kem`: Benchmarking program for key encapsulation mechanisms; see `./speed_kem --help` for usage instructions
- `speed_sig`: Benchmarking program for signature mechanisms; see `./speed_sig --help` for usage instructions
- `speed_sig_stfl`: Benchmarking program for stateful signature mechanisms; see `./speed_sig_stfl --help` for usage instructions
- `example_kem`: Minimal runnable example showing the usage of the KEM API
- `example_sig`: Minimal runnable example showing the usage of the signature API
- `example_sig_stfl`: Minimal runnable example showing the usage of the stateful signature API
- `test_aes`, `test_sha3`: Simple test harnesses for crypto sub-components
- `test_portability`: Simple test harnesses for checking cross-CPU code portability; requires presence of `qemu`; proper operation validated only on Ubuntu
@ -128,9 +169,12 @@ The following instructions assume we are in `build`.
ninja gen_docs
Then open `docs/doxygen/html/index.html` in your web browser.
Then open `docs/html/index.html` in your web browser.
4. `ninja install` can be run to install the built library and `include` files to a location of choice, which can be specified by passing the `-DCMAKE_INSTALL_PREFIX=<dir>` option to `cmake` at configure time. Alternatively, `ninja package` can be run to create an install package.
5. `ninja uninstall` can be run to remove all installation files.
4. Finally, `ninja install` can be run to install the built library and `include` files to a location of choice, which can be specified by passing the `-DCMAKE_INSTALL_PREFIX=<dir>` option to `cmake` at configure time.
### Windows
@ -168,17 +212,23 @@ liboqs includes some third party libraries or modules that are licensed differen
- `src/common/rand/rand_nist.c`: See file
- `src/kem/bike/additional`: Apache License v2.0
- `src/kem/classic_mceliece/pqclean_*`: public domain
- `src/kem/kyber/pqclean_*`: public domain
- `src/kem/ntru/pqclean_*`: public domain
- `src/kem/saber/pqclean_*`: public domain
- `src/sig/dilithium/pqclean_*`: public domain
- `src/sig/rainbow/pqclean_*`: CC0 (public domain)
- `src/kem/kyber/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/kem/kyber/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- `src/kem/kyber/libjade_*` public domain (CC0) or Apache License v2.
- `src/kem/ml_kem/mlkem-native_*`: Apache License v2.0
- `src/sig/dilithium/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/dilithium/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
- `src/sig/mayo/*`: Apache License v2.0
- `src/sig/ml_dsa/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/sphincs/pqclean_*`: CC0 (public domain)
## Acknowledgements
Various companies, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, and Microsoft Research have dedicated programmer time to contribute source code to OQS. [Various people](https://github.com/open-quantum-safe/liboqs/blob/main/CONTRIBUTORS) have contributed source code to liboqs.
The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/).
Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services, the Canadian Centre for Cyber Security, the Unitary Fund, the NGI Assure Fund, and VeriSign Inc.
The OQS project was founded by Douglas Stebila and Michele Mosca at the University of Waterloo. [Contributors to liboqs](https://github.com/open-quantum-safe/liboqs/blob/main/CONTRIBUTORS) include individual contributors, academics and researchers, and various companies, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, SandboxAQ, and softwareQ.
Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services, the Canadian Centre for Cyber Security, Cisco, the Unitary Fund, the NGI Assure Fund, and VeriSign Inc.
Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.

View File

@ -1,5 +1,5 @@
liboqs version 0.7.2-rc2
========================
liboqs version 0.13.0
=====================
About
-----
@ -10,128 +10,108 @@ The **Open Quantum Safe (OQS) project** has the goal of developing and prototypi
liboqs can be used with the following Open Quantum Safe application integrations:
- **OQS-OpenSSL 1.1.1**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the [OQS-OpenSSL-1\_1\_1-stable](https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_1_1-stable) branch of our OpenSSL fork's repository.
- **oqs-provider**: A standalone prototype [OpenSSL 3 provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, and post-quantum and hybrid X.509 certificate generation and CMS operations.
- **oqs-provider**: A standalone prototype [OpenSSL 3 provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
=============
This is release candidate 2 for version 0.7.2 of liboqs.
This is version 0.13.0 of liboqs. It was released on April 16, 2025.
Security considerations
-----------------------
This release improves support for NIST Additional Signatures Round 2 candidates: CROSS and MAYO implementations are updated and support is added for UOV. This release also adds a new KEM API for deterministic key generation (only supported by ML-KEM at the moment). Finally, this release adds support for ML-KEM implementations from 2 new sources: formally verified portable C, AVX2, and AArch64 implementations from [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native) and a GPU accelerated CUDA implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc).
This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately.
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
What's New
----------
This release continues from the 0.7.1 release of liboqs.
The goal of this release is to provide a final release for algorithms that were included in Round 3 of the NIST Post-Quantum Standardization project. As the security status of some algorithms changed during Round 3, it drops algorithms known to be broken as of release (Rainbow level 1, SIKE). Some algorithms also updated their specification during Round 3; version 0.7.2 does not incorporate any algorithm changes that result in different input/output behaviour compared to version 0.7.1; such changes will included in version 0.8.0.
The next release of liboqs, version 0.8.0, will remove some algorithms that did not advance beyond NIST Round 3, update implementations based on algorithm/specification revisions that happened during Round 3, and begin to incorporate Round 4 changes. Discussion of algorithms to be removed in version 0.8.0 can be found in https://github.com/open-quantum-safe/liboqs/issues/1245.
This release continues from the 0.12.0 release of liboqs.
### Key encapsulation mechanisms
- Kyber: Update implementation and switch use of symmetric crypto to OQS common code
- HQC: Fix build on gcc-12
- SIKE: Remove SIKE due to break (https://eprint.iacr.org/2022/975)
- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light).
- ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
- ML-KEM: Improved testing of ML-KEM keys.
- HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
### Digital signature schemes
- Dilithium: Add ARMv8 optimized implementation and switch use of symmetric crypto to OQS common code
- Picnic: Update implementation
- Rainbow: Remove Rainbow level 1 due to break (https://eprint.iacr.org/2022/214)
- ML-DSA: Improved testing for ML-DSA.
- CROSS: Updated to NIST Additional Signatures Round 2 version.
- MAYO: Updated to NIST Additional Signatures Round 2 version.
- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
### Other changes
- Add support for building on powerpc64
- Update XKCP implementation
- Improve SHA2 implementation on ARMv8
- Improve AES implementation on ARMv8
- Add aarch64 CPU feature detection on FreeBSD
- Improve cross-compiling on Windows
- Enable integration of liboqs into other CMake-based projects
- Increment shared object library version
- Added support for loongarch64 architecture.
---
Detailed changelog
------------------
* Update Picnic to 3.0.8 by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1158
* XCode update by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1162
* Add support for powerpc64 by @pkubaj in https://github.com/open-quantum-safe/liboqs/pull/1160
* remove picnic from cygwin build by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1171
* adding constant time test as weekly github action by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1170
* extend weekly run timeout [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1172
* Update XKCP and avoid assembler .ifdef directives by @jschanck in https://github.com/open-quantum-safe/liboqs/pull/1173
* Updated constant_time suppression files after picnic update by @christianpaquin in https://github.com/open-quantum-safe/liboqs/pull/1174
* Update to Picnic 3.0.9 by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1167
* Mark stack non-executable when compiling with clang or gcc by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1161
* extend timeout to 10h by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1175
* skip sphincs,rainbow in shortened weekly testing by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1176
* Fixed build issue on arm based macs when using gcc11 by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1177
* disable BIKE on all 32bitters except x86 by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1180
* Update to picnic 3.0.11 (fixes #1178) by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1181
* Weekly run update by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1182
* weekly job moved to Sunday [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1183
* Resolves an issue when building sha2 using arm crypto extensions with gcc11 by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1184
* Suppress constant time check for public matrix generation on Kyber AVX2 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1189
* create and install cmake import files by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1191
* adding warning re Rainbow to documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1193
* ARMv8 optimized Dilithium by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1194
* skip yamllint test for good by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1196
* Edits to key scheduling for AES on ARM to be constant time by @tedeaton in https://github.com/open-quantum-safe/liboqs/pull/1200
* Correct OQS_DIST_BUILD for ARM by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1202
* Deal with some issues identified by clang scan-build by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1211
* Issues and passes for aarch64 const time checks by @tedeaton in https://github.com/open-quantum-safe/liboqs/pull/1214
* Use `SecRandomCopyBytes` for system randomness on iOS (to allow building on iOS) by @zanebeckwith in https://github.com/open-quantum-safe/liboqs/pull/1219
* workaround for picnic under msys2 by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1220
* Adding aarch64 CPU feature detection for FreeBSD by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1210
* Added typecasts to tests/ds_benchmark.h to silence clang warnings by @Martyrshot in https://github.com/open-quantum-safe/liboqs/pull/1225
* doxygen update by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1228
* Link documentation and code by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1229
* Integrates pqcrystals with common-aes / extends common code AES CTR-API by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1221
* Adds AES context release in Dilithium-AES / fix memory leak by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1238
* Update Picnic to 3.0.14 (fixes #1212) by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1237
* improve Windows crosscompile handling by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1236
* Bump Picnic to 3.0.15 by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1241
* Updated Dilithium sign.c patch with AES context release (2) by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1242
* adding scan-build test by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1240
* adding memory leak testing by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1234
* disable msys2 testing by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1243
* docs: Add valgrind as test dependencies in README.md by @yin19941005 in https://github.com/open-quantum-safe/liboqs/pull/1251
* Sync Kyber with upstream, enable Scan-Build with Kyber by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1252
* Deal with the issue identified by valgrind by @splasky in https://github.com/open-quantum-safe/liboqs/pull/1250
* pqclean_hqc: Fix build on GCC-12 by @vt-alt in https://github.com/open-quantum-safe/liboqs/pull/1254
* Remove Rainbow level 1 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1263
* Updated to SIKE v3.5.1 by @christianpaquin in https://github.com/open-quantum-safe/liboqs/pull/1231
* update PR template to include oqs-provider (OSSL dependency) [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1269
* Update to Picnic 3.0.16 (fixes #1253) by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1271
* Remove SIDH and SIKE by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1272
* fixing FreeBSD runtime ARM CPU feature detection by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1267
* Update CODEOWNERS by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1274
* adding library version retrieval function by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1273
* fixup dilithium-avx2 valgrind test file by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1283
* Add option to all pytests to skip particular algorithms by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1282
* Update to Picnic 3.0.17 by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1280
* Update release notes by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1281
* add warning about HQC [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1284
* Cover SHA3/SHAKE-implementation specific code paths in Picnic suppres… by @sebastinas in https://github.com/open-quantum-safe/liboqs/pull/1286
## What's Changed
* Bump version to 0.12.1-dev by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2015
* Add loongarch64 support by @zhaixiaojuan in https://github.com/open-quantum-safe/liboqs/pull/2010
* Minor changes to ML_DSA ACVP tests by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2007
* Update upload-artifact action to v4 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2017
* Remove hardcoded build paths & modify basic workflow to build in random path by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/2019
* Trigger liboqs-java and liboqs-rust downstream CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2021
* #1830 update scorecard to v5 (gh action 2.4.0) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1890
* Update PQClean commit and delete patch for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2026
* Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/2036
* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2043
* Update to public Ubuntu 24.04 ARM runner by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2050
* NVIDIA: Adding cuPQC as a backend for ML-KEM. by @stevenireeves in https://github.com/open-quantum-safe/liboqs/pull/2044
* Update ACVP vectors for KEM and DSA by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2051
* CI: Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2058
* Fix failing zephyr CI workflows, pinning v0.27.4 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2063
* Update sig_stfl Doxygen documentation by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2059
* Import ML-KEM from mlkem-native/PQ code package by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2041
* Update example files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2071
* GitHub runner updates by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2069
* Disable cupqc-buildcheck by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2075
* Add threat model by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2033
* Update CROSS to version 2.0 by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2078
* improving CONTRIBUTING.md for maintainability [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/2081
* Ensure that building against liboqs build directory works by @levitte in https://github.com/open-quantum-safe/liboqs/pull/2086
* Added alg_version details to test output by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2080
* Add checks for ML-KEM keys by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2009
* Update actions/cache to v4.2.2 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2093
* Add Nix flake by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1970
* Update MAYO to NIST round 2 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2095
* Update mlkem-native to v1.0.0-beta by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2092
* Add references to security response process by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2077
* Bump version to 0.13.0-dev [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2099
* Add UOV by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2094
* Add bitflip test for trivial SUF-CMA forgeries by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2090
* Update MAYO version in algorithm datasheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2103
* Add DeriveKeyPair API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2070
* Update nist-round in UOV and MAYO data sheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2105
* build: search unistd.h separately from sys/random.h for getentropy by @mkroening in https://github.com/open-quantum-safe/liboqs/pull/2104
* Add support caveat by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2114
* Temporarily disable HQC by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2122
* Fix PR workflow runs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2123
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.7.1...0.7.2-rc2
## New Contributors
* @zhaixiaojuan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2010
* @stevenireeves made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2044
* @pablo-gf made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2059
* @levitte made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2086
* @mkannwischer made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2093
* @mkroening made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2104
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.12.0...0.13.0

35
SECURITY.md Normal file
View File

@ -0,0 +1,35 @@
# Security Policy
## Supported Versions
We only support the most recent release.
Using any code prior to 0.12.0 is strongly discouraged due to a [known security vulnerability in HQC](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7).
| Version | Supported |
| ------- | ------------------ |
| 0.13.0 | :white_check_mark: |
| < 0.13 | :x: |
## Reporting a Vulnerability
Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).
## Threat Model
Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86\_64. All test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute nonconstant-time behaviour. The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass. Details about passes and issues are available in the [tests/constant_time directory](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). These tests do not encompass all classes of nonconstant-time behaviour; for example, they do not detect possible variable-time instructions, such as `DIV`. Reports of nonconstant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md#tier-1).
The following types of attacks are outside the scope of our threat model:
- same physical system side channel
- CPU / hardware flaws
- physical fault injection attacks (including Rowhammer-style attacks)
- physical observation side channels (such as power consumption, electromagnetic emissions)
Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation.
(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)
## Security Response Process
Security reports for liboqs will be handled in accordance with the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md). Please also see the general [support disclaimer](README.md#support-limitations) for liboqs.

View File

@ -1,62 +0,0 @@
version: 1.0.{build}
# TODO: Support Visual Studio 2017
image: Visual Studio 2019
platform: x64
branches:
except:
- /main-new-.*/
- /ghactionsonly-.*/
environment:
matrix:
- BUILD_SHARED: ON
COMPILER: cygwin
- BUILD_SHARED: OFF
COMPILER: cygwin
- BUILD_SHARED: ON
OQS_USE_OPENSSL: ON
COMPILER: cygwin
- BUILD_SHARED: OFF
COMPILER: msvc2019
- BUILD_SHARED: OFF
COMPILER: msvc2019
OQS_USE_OPENSSL: ON
- BUILD_SHARED: ON
COMPILER: msvc2019
# Disabled until https://github.com/open-quantum-safe/liboqs/issues/1218#issuecomment-1170067669 resolved
# - BUILD_SHARED: OFF
# COMPILER: msys2
# - BUILD_SHARED: ON
# COMPILER: msys2
for:
- matrix:
only:
- OQS_USE_OPENSSL: ON
before_build:
- cmd: |-
choco install openssl
SET "OPENSSL_ROOT_DIR=C:\OpenSSL-Win64"
build_script:
- cmd: '%APPVEYOR_BUILD_FOLDER%\appveyor_build.bat'
before_test:
- cmd: |-
SET "PATH=C:\Python37-x64;C:\Python37-x64\Scripts;%PATH%"
pip.exe install pytest pytest-xdist pyyaml
test_script:
- cmd: |-
cd %APPVEYOR_BUILD_FOLDER%
set PATH=%APPVEYOR_BUILD_FOLDER%\build\bin;c:\cygwin64\bin;%PATH%
if not exist tmp (mkdir tmp)
python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --junitxml=build\test-results\pytest\test-results.xml
after_test:
- ps: |-
$wc = New-Object 'System.Net.WebClient'
$wc.UploadFile("https://ci.appveyor.com/api/testresults/xunit/$($env:APPVEYOR_JOB_ID)", (Resolve-Path .\build\test-results\pytest\test-results.xml))

View File

@ -1,20 +0,0 @@
@echo off
IF %COMPILER%==cygwin (
@echo on
SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%"
c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P ninja -P cmake -P gcc && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && mkdir build && cd build && cmake .. -GNinja -DCMAKE_C_COMPILER=gcc -DOQS_DIST_BUILD=ON -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_ENABLE_SIG_RAINBOW=OFF -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% && ninja "
)
IF %COMPILER%==msys2 (
@echo on
SET "PATH=C:\msys64\mingw64\bin;%PATH%"
bash -lc "cd ${APPVEYOR_BUILD_FOLDER} && mkdir build && cd build && cmake .. -GNinja -DOQS_DIST_BUILD=ON -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_ENABLE_SIG_RAINBOW=OFF -DOQS_ENABLE_SIG_PICNIC=OFF -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% && ninja"
)
IF %COMPILER%==msvc2019 (
@echo on
CALL "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
mkdir build
cd build
REM SPHINCS and Rainbow cause a big slowdown in the tests
cmake .. -GNinja -DOQS_DIST_BUILD=ON -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_ENABLE_SIG_RAINBOW=OFF -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL%
ninja
)

182
cpp/sig_linking_test.cpp Normal file
View File

@ -0,0 +1,182 @@
/*
* example_sig.cpp
*
* Minimal C++ example of using a post-quantum signature implemented in liboqs.
*
* SPDX-License-Identifier: MIT
*/
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <iostream>
#include <memory>
#include <oqs/oqs.h>
constexpr size_t MESSAGE_LEN = 50;
/* Cleaning up memory etc */
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len);
struct OQSSecureDeleter {
size_t length;
explicit OQSSecureDeleter(size_t len) : length(len) {}
void operator()(uint8_t* ptr) const {
if (ptr) {
OQS_MEM_secure_free(ptr, length);
}
}
};
struct OQSInsecureDeleter {
void operator()(uint8_t* ptr) {
if (ptr) {
OQS_MEM_insecure_free(ptr);
}
}
};
struct OQSSigDeleter {
void operator()(OQS_SIG* sig) {
if (sig) {
OQS_SIG_free(sig);
}
}
};
/* This function gives an example of the signing operations
* using only compile-time macros and allocating variables
* statically on the stack, calling a specific algorithm's functions
* directly.
*
* The macros OQS_SIG_dilithium_2_length_* and the functions OQS_SIG_dilithium_2_*
* are only defined if the algorithm dilithium_2 was enabled at compile-time
* which must be checked using the OQS_ENABLE_SIG_dilithium_2 macro.
*
* <oqs/oqsconfig.h>, which is included in <oqs/oqs.h>, contains macros
* indicating which algorithms were enabled when this instance of liboqs
* was compiled.
*/
static OQS_STATUS example_stack(void) {
#ifdef OQS_ENABLE_SIG_dilithium_2
OQS_STATUS rc;
uint8_t public_key[OQS_SIG_dilithium_2_length_public_key];
uint8_t secret_key[OQS_SIG_dilithium_2_length_secret_key];
uint8_t message[MESSAGE_LEN];
uint8_t signature[OQS_SIG_dilithium_2_length_signature];
size_t message_len = MESSAGE_LEN;
size_t signature_len;
// let's create a random test message to sign
OQS_randombytes(message, message_len);
rc = OQS_SIG_dilithium_2_keypair(public_key, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_keypair failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_dilithium_2_sign(signature, &signature_len, message, message_len, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_sign failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_dilithium_2_verify(message, message_len, signature, signature_len, public_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_verify failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
std::cout << "[example_stack] OQS_SIG_dilithium_2 operations completed" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_SUCCESS; // success!
#else
std::cout << "[example_stack] OQS_SIG_dilithium_2 was not enabled at compile-time" << std::endl;
return OQS_SUCCESS;
#endif
}
/* This function gives an example of the signing operations,
* allocating variables dynamically on the heap and calling the generic
* OQS_SIG object.
*
* This does not require the use of compile-time macros to check if the
* algorithm in question was enabled at compile-time; instead, the caller
* must check that the OQS_SIG object returned is not nullptr.
*/
static OQS_STATUS example_heap(void) {
#ifdef OQS_ENABLE_SIG_dilithium_2
size_t message_len = MESSAGE_LEN;
size_t signature_len;
OQS_STATUS rc;
std::unique_ptr<OQS_SIG, OQSSigDeleter> sig(OQS_SIG_new((OQS_SIG_alg_dilithium_2)));
if (sig == nullptr) {
throw std::runtime_error("[example_heap] OQS_SIG_alg_dilithium_2 was not enabled at compile-time.");
}
std::unique_ptr<uint8_t[], OQSInsecureDeleter> public_key(static_cast<uint8_t*>(malloc(sig->length_public_key)));
std::unique_ptr<uint8_t[], OQSSecureDeleter> secret_key(static_cast<uint8_t*>(malloc(sig->length_secret_key)), OQSSecureDeleter(sig->length_secret_key));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> message(static_cast<uint8_t*>(malloc(message_len)));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> signature(static_cast<uint8_t*>(malloc(sig->length_signature)));
if ((public_key == nullptr) || (secret_key == nullptr) || (message == nullptr) || (signature == nullptr)) {
throw std::runtime_error("ERROR: malloc failed!");
}
// let's create a random test message to sign
OQS_randombytes(message.get(), message_len);
rc = OQS_SIG_keypair(sig.get(), public_key.get(), secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_keypair failed!");
}
rc = OQS_SIG_sign(sig.get(), signature.get(), &signature_len, message.get(), message_len, secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_sign failed!");
}
rc = OQS_SIG_verify(sig.get(), message.get(), message_len, signature.get(), signature_len, public_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_verify failed!");
}
std::cout << "[example_heap] OQS_SIG_dilithium_2 operations completed." << std::endl;
return OQS_SUCCESS; // success
#else
std::cout << "[example_heap] OQS_SIG_dilithium_2 was not enabled at compile-time." << std::endl;
return OQS_SUCCESS;
#endif
}
int main() {
OQS_init();
try {
example_stack();
example_heap();
}
catch (std::exception e) {
std::cerr << e.what() << std::endl;
OQS_destroy();
return EXIT_FAILURE;
}
OQS_destroy();
return EXIT_SUCCESS;
}
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len) {
OQS_MEM_cleanse(secret_key, secret_key_len);
}

View File

@ -1,4 +1,4 @@
# Doxyfile 1.9.3
# Doxyfile 1.10.0
# This file describes the settings to be used by the documentation system
# doxygen (www.doxygen.org) for a project.
@ -12,6 +12,16 @@
# For lists, items can also be appended using:
# TAG += value [value, ...]
# Values that contain spaces should be placed between quotes (\" \").
#
# Note:
#
# Use doxygen to compare the used configuration file with the template
# configuration file:
# doxygen -x [configFile]
# Use doxygen to compare the used configuration file with the template
# configuration file without replacing the environment variables or CMake type
# replacement variables:
# doxygen -x_noenv [configFile]
#---------------------------------------------------------------------------
# Project related configuration options
@ -53,23 +63,41 @@ PROJECT_BRIEF =
PROJECT_LOGO =
# With the PROJECT_ICON tag one can specify an icon that is included in the tabs
# when the HTML document is shown. Doxygen will copy the logo to the output
# directory.
PROJECT_ICON =
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
# into which the generated documentation will be written. If a relative path is
# entered, it will be relative to the location where doxygen was started. If
# left blank the current directory will be used.
OUTPUT_DIRECTORY = build/docs
OUTPUT_DIRECTORY = $(DOXYGEN_DESTIONATION_DIR)
# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
# directories (in 2 levels) under the output directory of each output format and
# will distribute the generated files over these directories. Enabling this
# If the CREATE_SUBDIRS tag is set to YES then doxygen will create up to 4096
# sub-directories (in 2 levels) under the output directory of each output format
# and will distribute the generated files over these directories. Enabling this
# option can be useful when feeding doxygen a huge amount of source files, where
# putting all generated files in the same directory would otherwise causes
# performance problems for the file system.
# performance problems for the file system. Adapt CREATE_SUBDIRS_LEVEL to
# control the number of sub-directories.
# The default value is: NO.
CREATE_SUBDIRS = NO
# Controls the number of sub-directories that will be created when
# CREATE_SUBDIRS tag is set to YES. Level 0 represents 16 directories, and every
# level increment doubles the number of directories, resulting in 4096
# directories at level 8 which is the default and also the maximum value. The
# sub-directories are organized in 2 levels, the first level always has a fixed
# number of 16 directories.
# Minimum value: 0, maximum value: 8, default value: 8.
# This tag requires that the tag CREATE_SUBDIRS is set to YES.
CREATE_SUBDIRS_LEVEL = 8
# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
# characters to appear in the names of generated files. If set to NO, non-ASCII
# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
@ -81,14 +109,14 @@ ALLOW_UNICODE_NAMES = NO
# The OUTPUT_LANGUAGE tag is used to specify the language in which all
# documentation generated by doxygen is written. Doxygen will use this
# information to generate all constant output in the proper language.
# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese,
# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States),
# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian,
# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages),
# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian,
# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian,
# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish,
# Ukrainian and Vietnamese.
# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Bulgarian,
# Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch, English
# (United States), Esperanto, Farsi (Persian), Finnish, French, German, Greek,
# Hindi, Hungarian, Indonesian, Italian, Japanese, Japanese-en (Japanese with
# English messages), Korean, Korean-en (Korean with English messages), Latvian,
# Lithuanian, Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese,
# Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish,
# Swedish, Turkish, Ukrainian and Vietnamese.
# The default value is: English.
OUTPUT_LANGUAGE = English
@ -341,6 +369,17 @@ MARKDOWN_SUPPORT = YES
TOC_INCLUDE_HEADINGS = 0
# The MARKDOWN_ID_STYLE tag can be used to specify the algorithm used to
# generate identifiers for the Markdown headings. Note: Every identifier is
# unique.
# Possible values are: DOXYGEN use a fixed 'autotoc_md' string followed by a
# sequence number starting at 0 and GITHUB use the lower case version of title
# with any whitespace replaced by '-' and punctuation characters removed.
# The default value is: DOXYGEN.
# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
MARKDOWN_ID_STYLE = GITHUB
# When enabled doxygen tries to link words that correspond to documented
# classes, or namespaces to their corresponding documentation. Such a link can
# be prevented in individual cases by putting a % sign in front of the word or
@ -452,7 +491,7 @@ TYPEDEF_HIDES_STRUCT = NO
LOOKUP_CACHE_SIZE = 0
# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use
# The NUM_PROC_THREADS specifies the number of threads doxygen is allowed to use
# during processing. When set to 0 doxygen will based this on the number of
# cores available in the system. You can set it explicitly to a value larger
# than 0 to get more control over the balance between CPU load and processing
@ -465,6 +504,14 @@ LOOKUP_CACHE_SIZE = 0
NUM_PROC_THREADS = 1
# If the TIMESTAMP tag is set different from NO then each generated page will
# contain the date or date and time when the page was generated. Setting this to
# NO can help when comparing the output of multiple runs.
# Possible values are: YES, NO, DATETIME and DATE.
# The default value is: NO.
TIMESTAMP = NO
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
@ -546,7 +593,8 @@ HIDE_UNDOC_MEMBERS = NO
# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
# undocumented classes that are normally visible in the class hierarchy. If set
# to NO, these classes will be included in the various overviews. This option
# has no effect if EXTRACT_ALL is enabled.
# will also hide undocumented C++ concepts if enabled. This option has no effect
# if EXTRACT_ALL is enabled.
# The default value is: NO.
HIDE_UNDOC_CLASSES = NO
@ -577,14 +625,15 @@ INTERNAL_DOCS = NO
# filesystem is case sensitive (i.e. it supports files in the same directory
# whose names only differ in casing), the option must be set to YES to properly
# deal with such files in case they appear in the input. For filesystems that
# are not case sensitive the option should be be set to NO to properly deal with
# are not case sensitive the option should be set to NO to properly deal with
# output files written for symbols that only differ in casing, such as for two
# classes, one named CLASS and the other named Class, and to also support
# references to files without having to specify the exact matching casing. On
# Windows (including Cygwin) and MacOS, users should typically set this option
# to NO, whereas on Linux or other Unix flavors it should typically be set to
# YES.
# The default value is: system dependent.
# Possible values are: SYSTEM, NO and YES.
# The default value is: SYSTEM.
CASE_SENSE_NAMES = NO
@ -836,11 +885,26 @@ WARN_IF_INCOMPLETE_DOC = YES
WARN_NO_PARAMDOC = NO
# If WARN_IF_UNDOC_ENUM_VAL option is set to YES, doxygen will warn about
# undocumented enumeration values. If set to NO, doxygen will accept
# undocumented enumeration values. If EXTRACT_ALL is set to YES then this flag
# will automatically be disabled.
# The default value is: NO.
WARN_IF_UNDOC_ENUM_VAL = NO
# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
# a warning is encountered. If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS
# then doxygen will continue running as if WARN_AS_ERROR tag is set to NO, but
# at the end of the doxygen process doxygen will return with a non-zero status.
# Possible values are: NO, YES and FAIL_ON_WARNINGS.
# If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS_PRINT then doxygen behaves
# like FAIL_ON_WARNINGS but in case no WARN_LOGFILE is defined doxygen will not
# write the warning messages in between other messages but write them at the end
# of a run, in case a WARN_LOGFILE is defined the warning messages will be
# besides being in the defined file also be shown at the end of a run, unless
# the WARN_LOGFILE is defined as - i.e. standard output (stdout) in that case
# the behavior will remain as with the setting FAIL_ON_WARNINGS.
# Possible values are: NO, YES, FAIL_ON_WARNINGS and FAIL_ON_WARNINGS_PRINT.
# The default value is: NO.
WARN_AS_ERROR = FAIL_ON_WARNINGS
@ -851,10 +915,21 @@ WARN_AS_ERROR = FAIL_ON_WARNINGS
# and the warning text. Optionally the format may contain $version, which will
# be replaced by the version of the file (if it could be obtained via
# FILE_VERSION_FILTER)
# See also: WARN_LINE_FORMAT
# The default value is: $file:$line: $text.
WARN_FORMAT = "$file:$line: $text"
# In the $text part of the WARN_FORMAT command it is possible that a reference
# to a more specific place is given. To make it easier to jump to this place
# (outside of doxygen) the user can define a custom "cut" / "paste" string.
# Example:
# WARN_LINE_FORMAT = "'vi $file +$line'"
# See also: WARN_FORMAT
# The default value is: at line $line of file $file.
WARN_LINE_FORMAT = "at line $line of file $file"
# The WARN_LOGFILE tag can be used to specify a file to which warning and error
# messages should be written. If left blank the output is written to standard
# error (stderr). In case the file specified cannot be opened for writing the
@ -874,26 +949,40 @@ WARN_LOGFILE =
# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
# Note: If this tag is empty the current directory is searched.
INPUT = src/common/common.h \
INPUT = src/common/aes/aes_ops.h \
src/common/common.h \
src/common/rand/rand.h \
src/common/aes/aes.h \
src/common/sha2/sha2.h \
src/common/sha3/sha3.h \
src/common/sha2/sha2_ops.h \
src/common/sha3/sha3_ops.h \
src/common/sha3/sha3x4_ops.h \
src/kem/kem.h \
src/sig/sig.h \
src/sig_stfl/sig_stfl.h \
README.md \
CONFIGURE.md \
CONTRIBUTORS
SECURITY.md \
CONTRIBUTORS
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
# documentation (see:
# https://www.gnu.org/software/libiconv/) for the list of possible encodings.
# See also: INPUT_FILE_ENCODING
# The default value is: UTF-8.
INPUT_ENCODING = UTF-8
# This tag can be used to specify the character encoding of the source files
# that doxygen parses The INPUT_FILE_ENCODING tag can be used to specify
# character encoding on a per file pattern basis. Doxygen will compare the file
# name with each pattern and apply the encoding instead of the default
# INPUT_ENCODING) if there is a match. The character encodings are a list of the
# form: pattern=encoding (like *.php=ISO-8859-1). See cfg_input_encoding
# "INPUT_ENCODING" for further information on supported encodings.
INPUT_FILE_ENCODING =
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
# *.h) to filter out the source-files in the directories.
@ -905,12 +994,12 @@ INPUT_ENCODING = UTF-8
# Note the list of default checked file patterns might differ from the list of
# default file extension mappings.
#
# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
# *.hh, *.hxx, *.hpp, *.h++, *.l, *.cs, *.d, *.php, *.php4, *.php5, *.phtml,
# *.inc, *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C
# comment), *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd,
# *.vhdl, *.ucf, *.qsf and *.ice.
# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cxxm,
# *.cpp, *.cppm, *.ccm, *.c++, *.c++m, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl,
# *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, *.h++, *.ixx, *.l, *.cs, *.d,
# *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, *.md, *.mm, *.dox (to
# be provided as doxygen C comment), *.py, *.pyw, *.f90, *.f95, *.f03, *.f08,
# *.f18, *.f, *.for, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice.
FILE_PATTERNS = *.c \
*.cc \
@ -993,9 +1082,6 @@ EXCLUDE_PATTERNS =
# output. The symbol name can be a fully qualified name, a word, or if the
# wildcard * is used, a substring. Examples: ANamespace, AClass,
# ANamespace::AClass, ANamespace::*Test
#
# Note that the wildcards are matched against the file with absolute path, so to
# exclude all test directories use the pattern */test/*
EXCLUDE_SYMBOLS =
@ -1040,6 +1126,11 @@ IMAGE_PATH =
# code is scanned, but not when the output code is generated. If lines are added
# or removed, the anchors will not be placed correctly.
#
# Note that doxygen will use the data processed and written to standard output
# for further processing, therefore nothing else, like debug statements or used
# commands (so in case of a Windows batch file always use @echo OFF), should be
# written to standard output.
#
# Note that for custom extensions or not directly supported extensions you also
# need to set EXTENSION_MAPPING for the extension otherwise the files are not
# properly processed by doxygen.
@ -1081,6 +1172,15 @@ FILTER_SOURCE_PATTERNS =
USE_MDFILE_AS_MAINPAGE = README.md
# The Fortran standard specifies that for fixed formatted Fortran code all
# characters from position 72 are to be considered as comment. A common
# extension is to allow longer lines before the automatic comment starts. The
# setting FORTRAN_COMMENT_AFTER will also make it possible that longer lines can
# be processed before the automatic comment starts.
# Minimum value: 7, maximum value: 10000, default value: 72.
FORTRAN_COMMENT_AFTER = 72
#---------------------------------------------------------------------------
# Configuration options related to source browsing
#---------------------------------------------------------------------------
@ -1095,7 +1195,8 @@ USE_MDFILE_AS_MAINPAGE = README.md
SOURCE_BROWSER = NO
# Setting the INLINE_SOURCES tag to YES will include the body of functions,
# classes and enums directly into the documentation.
# multi-line macros, enums or list initialized variables directly into the
# documentation.
# The default value is: NO.
INLINE_SOURCES = NO
@ -1178,10 +1279,11 @@ VERBATIM_HEADERS = YES
ALPHABETICAL_INDEX = YES
# In case all classes in a project start with a common prefix, all classes will
# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
# can be used to specify a prefix (or a list of prefixes) that should be ignored
# while generating the index headers.
# The IGNORE_PREFIX tag can be used to specify a prefix (or a list of prefixes)
# that should be ignored while generating the index headers. The IGNORE_PREFIX
# tag works for classes, function and member names. The entity will be placed in
# the alphabetical list under the first letter of the entity name that remains
# after removing the prefix.
# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
IGNORE_PREFIX =
@ -1260,7 +1362,12 @@ HTML_STYLESHEET =
# Doxygen will copy the style sheet files to the output directory.
# Note: The order of the extra style sheet files is of importance (e.g. the last
# style sheet in the list overrules the setting of the previous ones in the
# list). For an example see the documentation.
# list).
# Note: Since the styling of scrollbars can currently not be overruled in
# Webkit/Chromium, the styling will be left out of the default doxygen.css if
# one or more extra stylesheets have been specified. So if scrollbar
# customization is desired it has to be added explicitly. For an example see the
# documentation.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_EXTRA_STYLESHEET =
@ -1275,6 +1382,19 @@ HTML_EXTRA_STYLESHEET =
HTML_EXTRA_FILES =
# The HTML_COLORSTYLE tag can be used to specify if the generated HTML output
# should be rendered with a dark or light theme.
# Possible values are: LIGHT always generate light mode output, DARK always
# generate dark mode output, AUTO_LIGHT automatically set the mode according to
# the user preference, use light mode if no preference is set (the default),
# AUTO_DARK automatically set the mode according to the user preference, use
# dark mode if no preference is set and TOGGLE allow to user to switch between
# light and dark mode via a button.
# The default value is: AUTO_LIGHT.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_COLORSTYLE = AUTO_LIGHT
# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
# will adjust the colors in the style sheet and background images according to
# this color. Hue is specified as an angle on a color-wheel, see
@ -1305,15 +1425,6 @@ HTML_COLORSTYLE_SAT = 100
HTML_COLORSTYLE_GAMMA = 80
# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
# page will contain the date and time when the page was generated. Setting this
# to YES can help to show when doxygen was last run and thus if the
# documentation is up to date.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_TIMESTAMP = NO
# If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML
# documentation will contain a main index with vertical navigation menus that
# are dynamically created via JavaScript. If disabled, the navigation index will
@ -1333,6 +1444,33 @@ HTML_DYNAMIC_MENUS = YES
HTML_DYNAMIC_SECTIONS = NO
# If the HTML_CODE_FOLDING tag is set to YES then classes and functions can be
# dynamically folded and expanded in the generated HTML source code.
# The default value is: YES.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_CODE_FOLDING = YES
# If the HTML_COPY_CLIPBOARD tag is set to YES then doxygen will show an icon in
# the top right corner of code and text fragments that allows the user to copy
# its content to the clipboard. Note this only works if supported by the browser
# and the web page is served via a secure context (see:
# https://www.w3.org/TR/secure-contexts/), i.e. using the https: or file:
# protocol.
# The default value is: YES.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_COPY_CLIPBOARD = YES
# Doxygen stores a couple of settings persistently in the browser (via e.g.
# cookies). By default these settings apply to all HTML pages generated by
# doxygen across all projects. The HTML_PROJECT_COOKIE tag can be used to store
# the settings under a project specific key, such that the user preferences will
# be stored separately.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_PROJECT_COOKIE =
# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
# shown in the various tree structured indices initially; the user can expand
# and collapse entries dynamically later on. Doxygen will expand the tree to
@ -1463,6 +1601,16 @@ BINARY_TOC = NO
TOC_EXPAND = NO
# The SITEMAP_URL tag is used to specify the full URL of the place where the
# generated documentation will be placed on the server by the user during the
# deployment of the documentation. The generated sitemap is called sitemap.xml
# and placed on the directory specified by HTML_OUTPUT. In case no SITEMAP_URL
# is specified no sitemap is generated. For information about the sitemap
# protocol see https://www.sitemaps.org
# This tag requires that the tag GENERATE_HTML is set to YES.
SITEMAP_URL =
# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that
# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help
@ -1638,17 +1786,6 @@ HTML_FORMULA_FORMAT = png
FORMULA_FONTSIZE = 10
# Use the FORMULA_TRANSPARENT tag to determine whether or not the images
# generated for formulas are transparent PNGs. Transparent PNGs are not
# supported properly for IE 6.0, but are supported on all modern browsers.
#
# Note that when changing this option you need to delete any form_*.png files in
# the HTML output directory before the changes have effect.
# The default value is: YES.
# This tag requires that the tag GENERATE_HTML is set to YES.
FORMULA_TRANSPARENT = YES
# The FORMULA_MACROFILE can contain LaTeX \newcommand and \renewcommand commands
# to create new LaTeX commands to be used in formulas as building blocks. See
# the section "Including formulas" for details.
@ -1710,8 +1847,8 @@ MATHJAX_RELPATH = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/
# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax
# extension names that should be enabled during MathJax rendering. For example
# for MathJax version 2 (see https://docs.mathjax.org/en/v2.7-latest/tex.html
# #tex-and-latex-extensions):
# for MathJax version 2 (see
# https://docs.mathjax.org/en/v2.7-latest/tex.html#tex-and-latex-extensions):
# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols
# For example for MathJax version 3 (see
# http://docs.mathjax.org/en/latest/input/tex/extensions/index.html):
@ -1962,9 +2099,16 @@ PDF_HYPERLINKS = YES
USE_PDFLATEX = YES
# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \batchmode
# command to the generated LaTeX files. This will instruct LaTeX to keep running
# if errors occur, instead of asking the user for help.
# The LATEX_BATCHMODE tag signals the behavior of LaTeX in case of an error.
# Possible values are: NO same as ERROR_STOP, YES same as BATCH, BATCH In batch
# mode nothing is printed on the terminal, errors are scrolled as if <return> is
# hit at every error; missing files that TeX tries to input or request from
# keyboard input (\read on a not open input stream) cause the job to abort,
# NON_STOP In nonstop mode the diagnostic message will appear on the terminal,
# but there is no possibility of user interaction just like in batch mode,
# SCROLL In scroll mode, TeX will stop only for missing files to input or if
# keyboard input is necessary and ERROR_STOP In errorstop mode, TeX will stop at
# each error, asking for user intervention.
# The default value is: NO.
# This tag requires that the tag GENERATE_LATEX is set to YES.
@ -1985,14 +2129,6 @@ LATEX_HIDE_INDICES = NO
LATEX_BIB_STYLE = plain
# If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated
# page will contain the date and time when the page was generated. Setting this
# to NO can help when comparing the output of multiple runs.
# The default value is: NO.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_TIMESTAMP = NO
# The LATEX_EMOJI_DIRECTORY tag is used to specify the (relative or absolute)
# path from which the emoji images will be read. If a relative path is entered,
# it will be relative to the LATEX_OUTPUT directory. If left blank the
@ -2158,13 +2294,39 @@ DOCBOOK_OUTPUT = docbook
#---------------------------------------------------------------------------
# If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an
# AutoGen Definitions (see http://autogen.sourceforge.net/) file that captures
# AutoGen Definitions (see https://autogen.sourceforge.net/) file that captures
# the structure of the code including all documentation. Note that this feature
# is still experimental and incomplete at the moment.
# The default value is: NO.
GENERATE_AUTOGEN_DEF = NO
#---------------------------------------------------------------------------
# Configuration options related to Sqlite3 output
#---------------------------------------------------------------------------
# If the GENERATE_SQLITE3 tag is set to YES doxygen will generate a Sqlite3
# database with symbols found by doxygen stored in tables.
# The default value is: NO.
GENERATE_SQLITE3 = NO
# The SQLITE3_OUTPUT tag is used to specify where the Sqlite3 database will be
# put. If a relative path is entered the value of OUTPUT_DIRECTORY will be put
# in front of it.
# The default directory is: sqlite3.
# This tag requires that the tag GENERATE_SQLITE3 is set to YES.
SQLITE3_OUTPUT = sqlite3
# The SQLITE3_RECREATE_DB tag is set to YES, the existing doxygen_sqlite3.db
# database file will be recreated with each doxygen run. If set to NO, doxygen
# will warn if a database file is already found and not modify it.
# The default value is: YES.
# This tag requires that the tag GENERATE_SQLITE3 is set to YES.
SQLITE3_RECREATE_DB = YES
#---------------------------------------------------------------------------
# Configuration options related to the Perl module output
#---------------------------------------------------------------------------
@ -2239,7 +2401,8 @@ SEARCH_INCLUDES = YES
# The INCLUDE_PATH tag can be used to specify one or more directories that
# contain include files that are not input files but should be processed by the
# preprocessor.
# preprocessor. Note that the INCLUDE_PATH is not recursive, so the setting of
# RECURSIVE has no effect here.
# This tag requires that the tag SEARCH_INCLUDES is set to YES.
INCLUDE_PATH =
@ -2306,15 +2469,15 @@ TAGFILES =
GENERATE_TAGFILE =
# If the ALLEXTERNALS tag is set to YES, all external class will be listed in
# the class index. If set to NO, only the inherited external classes will be
# listed.
# If the ALLEXTERNALS tag is set to YES, all external classes and namespaces
# will be listed in the class and namespace index. If set to NO, only the
# inherited external classes will be listed.
# The default value is: NO.
ALLEXTERNALS = NO
# If the EXTERNAL_GROUPS tag is set to YES, all external groups will be listed
# in the modules index. If set to NO, only the current project's groups will be
# in the topic index. If set to NO, only the current project's groups will be
# listed.
# The default value is: YES.
@ -2328,16 +2491,9 @@ EXTERNAL_GROUPS = YES
EXTERNAL_PAGES = YES
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
# Configuration options related to diagram generator tools
#---------------------------------------------------------------------------
# You can include diagrams made with dia in doxygen documentation. Doxygen will
# then run dia to produce the diagram and insert it in the documentation. The
# DIA_PATH tag allows you to specify the directory where the dia binary resides.
# If left empty dia is assumed to be found in the default search path.
DIA_PATH =
# If set to YES the inheritance and collaboration graphs will hide inheritance
# and usage relations if the target is undocumented or is not a class.
# The default value is: YES.
@ -2346,7 +2502,7 @@ HIDE_UNDOC_RELATIONS = YES
# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
# available from the path. This tool is part of Graphviz (see:
# http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
# https://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
# Bell Labs. The other options in this section have no effect if this option is
# set to NO
# The default value is: NO.
@ -2363,37 +2519,55 @@ HAVE_DOT = NO
DOT_NUM_THREADS = 0
# When you want a differently looking font in the dot files that doxygen
# generates you can specify the font name using DOT_FONTNAME. You need to make
# sure dot is able to find the font, which can be done by putting it in a
# standard location or by setting the DOTFONTPATH environment variable or by
# setting DOT_FONTPATH to the directory containing the font.
# The default value is: Helvetica.
# DOT_COMMON_ATTR is common attributes for nodes, edges and labels of
# subgraphs. When you want a differently looking font in the dot files that
# doxygen generates you can specify fontname, fontcolor and fontsize attributes.
# For details please see <a href=https://graphviz.org/doc/info/attrs.html>Node,
# Edge and Graph Attributes specification</a> You need to make sure dot is able
# to find the font, which can be done by putting it in a standard location or by
# setting the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
# directory containing the font. Default graphviz fontsize is 14.
# The default value is: fontname=Helvetica,fontsize=10.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_FONTNAME = Helvetica
DOT_COMMON_ATTR = "fontname=Helvetica,fontsize=10"
# The DOT_FONTSIZE tag can be used to set the size (in points) of the font of
# dot graphs.
# Minimum value: 4, maximum value: 24, default value: 10.
# DOT_EDGE_ATTR is concatenated with DOT_COMMON_ATTR. For elegant style you can
# add 'arrowhead=open, arrowtail=open, arrowsize=0.5'. <a
# href=https://graphviz.org/doc/info/arrows.html>Complete documentation about
# arrows shapes.</a>
# The default value is: labelfontname=Helvetica,labelfontsize=10.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_FONTSIZE = 10
DOT_EDGE_ATTR = "labelfontname=Helvetica,labelfontsize=10"
# By default doxygen will tell dot to use the default font as specified with
# DOT_FONTNAME. If you specify a different font using DOT_FONTNAME you can set
# the path where dot can find it using this tag.
# DOT_NODE_ATTR is concatenated with DOT_COMMON_ATTR. For view without boxes
# around nodes set 'shape=plain' or 'shape=plaintext' <a
# href=https://www.graphviz.org/doc/info/shapes.html>Shapes specification</a>
# The default value is: shape=box,height=0.2,width=0.4.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_NODE_ATTR = "shape=box,height=0.2,width=0.4"
# You can set the path where dot can find font specified with fontname in
# DOT_COMMON_ATTR and others dot attributes.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_FONTPATH =
# If the CLASS_GRAPH tag is set to YES (or GRAPH) then doxygen will generate a
# graph for each documented class showing the direct and indirect inheritance
# relations. In case HAVE_DOT is set as well dot will be used to draw the graph,
# otherwise the built-in generator will be used. If the CLASS_GRAPH tag is set
# to TEXT the direct and indirect inheritance relations will be shown as texts /
# links.
# Possible values are: NO, YES, TEXT and GRAPH.
# If the CLASS_GRAPH tag is set to YES or GRAPH or BUILTIN then doxygen will
# generate a graph for each documented class showing the direct and indirect
# inheritance relations. In case the CLASS_GRAPH tag is set to YES or GRAPH and
# HAVE_DOT is enabled as well, then dot will be used to draw the graph. In case
# the CLASS_GRAPH tag is set to YES and HAVE_DOT is disabled or if the
# CLASS_GRAPH tag is set to BUILTIN, then the built-in generator will be used.
# If the CLASS_GRAPH tag is set to TEXT the direct and indirect inheritance
# relations will be shown as texts / links. Explicit enabling an inheritance
# graph or choosing a different representation for an inheritance graph of a
# specific class, can be accomplished by means of the command \inheritancegraph.
# Disabling an inheritance graph can be accomplished by means of the command
# \hideinheritancegraph.
# Possible values are: NO, YES, TEXT, GRAPH and BUILTIN.
# The default value is: YES.
CLASS_GRAPH = YES
@ -2401,14 +2575,21 @@ CLASS_GRAPH = YES
# If the COLLABORATION_GRAPH tag is set to YES then doxygen will generate a
# graph for each documented class showing the direct and indirect implementation
# dependencies (inheritance, containment, and class references variables) of the
# class with other documented classes.
# class with other documented classes. Explicit enabling a collaboration graph,
# when COLLABORATION_GRAPH is set to NO, can be accomplished by means of the
# command \collaborationgraph. Disabling a collaboration graph can be
# accomplished by means of the command \hidecollaborationgraph.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
COLLABORATION_GRAPH = YES
# If the GROUP_GRAPHS tag is set to YES then doxygen will generate a graph for
# groups, showing the direct groups dependencies.
# groups, showing the direct groups dependencies. Explicit enabling a group
# dependency graph, when GROUP_GRAPHS is set to NO, can be accomplished by means
# of the command \groupgraph. Disabling a directory graph can be accomplished by
# means of the command \hidegroupgraph. See also the chapter Grouping in the
# manual.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
@ -2450,8 +2631,8 @@ DOT_UML_DETAILS = NO
# The DOT_WRAP_THRESHOLD tag can be used to set the maximum number of characters
# to display on a single line. If the actual line length exceeds this threshold
# significantly it will wrapped across multiple lines. Some heuristics are apply
# to avoid ugly line breaks.
# significantly it will be wrapped across multiple lines. Some heuristics are
# applied to avoid ugly line breaks.
# Minimum value: 0, maximum value: 1000, default value: 17.
# This tag requires that the tag HAVE_DOT is set to YES.
@ -2468,7 +2649,9 @@ TEMPLATE_RELATIONS = NO
# If the INCLUDE_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are set to
# YES then doxygen will generate a graph for each documented file showing the
# direct and indirect include dependencies of the file with other documented
# files.
# files. Explicit enabling an include graph, when INCLUDE_GRAPH is is set to NO,
# can be accomplished by means of the command \includegraph. Disabling an
# include graph can be accomplished by means of the command \hideincludegraph.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
@ -2477,7 +2660,10 @@ INCLUDE_GRAPH = NO
# If the INCLUDED_BY_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are
# set to YES then doxygen will generate a graph for each documented file showing
# the direct and indirect include dependencies of the file with other documented
# files.
# files. Explicit enabling an included by graph, when INCLUDED_BY_GRAPH is set
# to NO, can be accomplished by means of the command \includedbygraph. Disabling
# an included by graph can be accomplished by means of the command
# \hideincludedbygraph.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
@ -2517,7 +2703,10 @@ GRAPHICAL_HIERARCHY = YES
# If the DIRECTORY_GRAPH tag is set to YES then doxygen will show the
# dependencies a directory has on other directories in a graphical way. The
# dependency relations are determined by the #include relations between the
# files in the directories.
# files in the directories. Explicit enabling a directory graph, when
# DIRECTORY_GRAPH is set to NO, can be accomplished by means of the command
# \directorygraph. Disabling a directory graph can be accomplished by means of
# the command \hidedirectorygraph.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
@ -2533,7 +2722,7 @@ DIR_GRAPH_MAX_DEPTH = 1
# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
# generated by dot. For an explanation of the image formats see the section
# output formats in the documentation of the dot tool (Graphviz (see:
# http://www.graphviz.org/)).
# https://www.graphviz.org/)).
# Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
# to make the SVG files visible in IE 9+ (other browsers do not have this
# requirement).
@ -2570,11 +2759,12 @@ DOT_PATH =
DOTFILE_DIRS =
# The MSCFILE_DIRS tag can be used to specify one or more directories that
# contain msc files that are included in the documentation (see the \mscfile
# command).
# You can include diagrams made with dia in doxygen documentation. Doxygen will
# then run dia to produce the diagram and insert it in the documentation. The
# DIA_PATH tag allows you to specify the directory where the dia binary resides.
# If left empty dia is assumed to be found in the default search path.
MSCFILE_DIRS =
DIA_PATH =
# The DIAFILE_DIRS tag can be used to specify one or more directories that
# contain dia files that are included in the documentation (see the \diafile
@ -2624,18 +2814,6 @@ DOT_GRAPH_MAX_NODES = 50
MAX_DOT_GRAPH_DEPTH = 0
# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
# background. This is disabled by default, because dot on Windows does not seem
# to support this out of the box.
#
# Warning: Depending on the platform used, enabling this option may lead to
# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
# read).
# The default value is: NO.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_TRANSPARENT = NO
# Set the DOT_MULTI_TARGETS tag to YES to allow dot to generate multiple output
# files in one run (i.e. multiple -o and -T options on the command line). This
# makes dot run faster, but since only newer versions of dot (>1.8.10) support
@ -2663,3 +2841,19 @@ GENERATE_LEGEND = YES
# The default value is: YES.
DOT_CLEANUP = YES
# You can define message sequence charts within doxygen comments using the \msc
# command. If the MSCGEN_TOOL tag is left empty (the default), then doxygen will
# use a built-in version of mscgen tool to produce the charts. Alternatively,
# the MSCGEN_TOOL tag can also specify the name an external tool. For instance,
# specifying prog as the value, doxygen will call the tool as prog -T
# <outfile_format> -o <outputfile> <inputfile>. The external tool should support
# output file formats "png", "eps", "svg", and "ismap".
MSCGEN_TOOL =
# The MSCFILE_DIRS tag can be used to specify one or more directories that
# contain msc files that are included in the documentation (see the \mscfile
# command).
MSCFILE_DIRS =

77
docs/FUZZING.md Normal file
View File

@ -0,0 +1,77 @@
# Fuzzing
Fuzz testing is an automated software testing method that injects invalid,
malformed, or unexpected inputs to reveal defects and vulnerabilities. A fuzzing
tool monitors the system for exceptions like crashes, information leakage, or
errors, helping developers identify and fix bugs and security loopholes.
## Current state of fuzzing in liboqs
- [ ] kem
- [ ] bike
- [ ] classic_mceliece
- [ ] frodokem
- [ ] hqc
- [ ] kyber
- [ ] ml_kem
- [ ] ntruprime
- [ ] sig
- [x] dilithium
- [x] falcon
- [x] mayo
- [x] ml_dsa
- [x] sphincs
- [ ] sig_stfl
- [ ] lms
- [ ] sig_stfl
- [ ] xmss
## Building and running fuzz tests
Building fuzz tests is very similar to building normally with some optional
steps to target different types of bugs. The most basic ways to build the
fuzz tests is as follows;
```bash
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)
```
You'll now be able to run a fuzz test e.g.
```bash
./tests/fuzz_test_dilithium2
#9764 NEW cov: 4 ft: 708 corp: 100/318b lim: 43 exec/s: 9764 rss: 362Mb L: 41/41 MS: 4 EraseBytes-InsertRepeatedBytes-CMP-ChangeBit- DE: "\0004m\372"-
...
```
The fuzzer will run indefinetely or;
- until it finds a bug and crashes,
- you manually stop the fuzzer i.e. CTRL-C
- you set a timeout using the command line.
For more details on the available command line args please consult the [libfuzzer docs](https://llvm.org/docs/LibFuzzer.html).
## Sanitizers
It is a common pattern to combine fuzzing with various sanitizers to catch different bugs.
One of the simpler sanitizers is the fuzzing sanitizer, which will instrument the code
for coverage driven fuzzing. To enable this simply add this to your environment variables
before configuring cmake;
```
export CFLAGS=-fsanitize=fuzzer-no-link
```
It is common to combine the fuzzer sanitizer with either the [address](https://clang.llvm.org/docs/AddressSanitizer.html)
or the [undefined behaviour sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). To
add these simply add the relevant flags to BOTH the CFLAGS and LDFLAGS e.g.
```
export CFLAGS=-fsanitize=fuzzer-no-link,address
export LDFLAGS=-fsanitize=address
```
Then rerun cmake as normal i.e.
```bash
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)
```

69
docs/PROCEDURES.md Normal file
View File

@ -0,0 +1,69 @@
# Additional procedures for code maintenance
## Managing pinned dependencies
The OpenSSF, via the [scorecard](https://securityscorecards.dev/) project recommends that projects pin any
dependencies they use:
* to ensure reproducibility
* to reduce the risk for rogue dependency updates to compromise software
It's important to note that this requires any changes to dependencies are properly reviewed, and
these changes, by design, should not be automatic in themselves, though automated tools may provide recommendations.
### Python dependencies
Python dependencies used in the build process such as within `.github/workflows` should be pinned to a specific version to ensure reproducibility.
This is achieved by:
* Ensuring the required hash is in the `requirements.txt`.
* Using the `--require-hashes` option on any `pip install` command line which causes pip to require hashes for all dependencies.
To add a new, or changed dependency:
* Ensure the `pip-compile` tool is installed via the [pip-tools](https://pypi.org/project/pip-tools/) package.
* Update `requirements.in` with added, modified, or deleted dependencies.
* Update requirements.txt using `pip-compile --generate-hashes --output-file=requirements.txt requirements.in`.
* Verify correct functionality.
* Check in both `requirements.txt` and `requirements.in`.
Note: `requirements.in` acts purely as a template in this process. It is not used during the installation of a dependency.
### Github Actions
All actions used in `.github/worfklows` should pin the exact version of the action they are using, for
example a step such as:
```yaml
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
```
The exact hash specified after `@` is the git commit hash within the repo where the action is found.
The [pin github action](https://github.com/mheap/pin-github-action) tool can be used to maintain these
by, for example, running:
```shell
pin-github-action unix.yml
```
This will add the appropriate hash if not present, along with a comment, and also update each hash in accordance with any existing comment.
For major updates, update the comment ie `pin@v4` to `pin@v5` and the tool will attempt to find the new hash.
The comment should not be removed, and should exclusively be used for updating the version.
A full explanation of how the tool operates can be found in the [documentation](https://github.com/mheap/pin-github-action).
To help in explanation here's an example of a similar code fragment between tool executions:
* Original entry is `uses: actions/checkout@v3`
* run `pin-github-action unix.yml`
* We now see `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3`
* later we want to go to v4, so update the text to `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v4`
* Now run `pin-github-action unix.yml` to correct the sha
* File now shows `uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4`
When changes have been made, correct functionality of the Github actions should be verified by reviewing the Github action logs and outputs. The SHA inserted by the tool can be searched for in Github to check it is associated with the expected version.

View File

@ -4,25 +4,26 @@
- **Main cryptographic assumption**: QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check).
- **Principal submitters**: Nicolas Aragon, Paulo Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Phillipe Gaborit, Santosh Gosh, Shay Gueron, Tim Güneysu, Carlos Aguilar Melchor, Rafael Misoczki, Edoardo Persichetti, Nicolas Sendrier, Jean-Pierre Tillich, Valentin Vasseur, Gilles Zémor.
- **Authors' website**: http://bikesuite.org/
- **Specification version**: 4.1.
- **Specification version**: 5.1.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/awslabs/bike-kem
- **Implementation license (SPDX-Identifier)**: Apache-2.0
, which takes it from:
- https://bikesuite.org/files/v4.1/Reference_Implementation.2020.10.20.2.zip
- **Ancestors of primary source**:
- https://bikesuite.org/files/v5.0/Reference_Implementation.2022.10.04.1.zip
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| BIKE-L1 | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 |
| BIKE-L3 | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 | NA |
| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 | NA |
| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 | NA |
## BIKE-L1 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | master | little endian | All | None | True | True | False |
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -33,7 +34,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | little endian | All | None | True | True | False |
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## BIKE-L5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.

View File

@ -20,13 +20,13 @@ principal-submitters:
- Gilles Zémor
crypto-assumption: QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
website: http://bikesuite.org/
nist-round: 3
spec-version: 4.1
primary-upstream:
nist-round: 4
spec-version: 5.1
primary-upstream:
source: https://github.com/awslabs/bike-kem
spdx-license-identifier: Apache-2.0
upstream-ancestors:
- https://bikesuite.org/files/v4.1/Reference_Implementation.2020.10.20.2.zip
- https://bikesuite.org/files/v5.0/Reference_Implementation.2022.10.04.1.zip
parameter-sets:
- name: BIKE-L1
claimed-nist-level: 1
@ -40,9 +40,10 @@ parameter-sets:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: little endian
- architecture: 64-bit little-endian
operating_systems:
- All
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
@ -75,9 +76,46 @@ parameter-sets:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: little endian
- architecture: 64-bit little-endian
operating_systems:
- All
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- avx512
- pclmul
- sse2
common-crypto:
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: BIKE-L5
claimed-nist-level: 5
claimed-security: IND-CPA
length-ciphertext: 5154
length-public-key: 5122
length-secret-key: 16494
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: 64-bit little-endian
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -4,34 +4,39 @@
- **Main cryptographic assumption**: Niederreiter's dual version of McEliece's public key encryption using binary Goppa codes.
- **Principal submitters**: Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Wen Wang.
- **Authors' website**: https://classic.mceliece.org
- **Specification version**: SUPERCOP-20191221.
- **Specification version**: SUPERCOP-20221025.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Implementation license (SPDX-Identifier)**: Public domain
, which takes it from:
- SUPERCOP-20191221 "vec" and "avx" implementations
- **Ancestors of primary source**:
- SUPERCOP-20221025 "clean" and "avx2" implementations
## Advisories
- Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture.
- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found.
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:-------------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| Classic-McEliece-348864 | IND-CCA2 | 1 | 261120 | 6452 | 128 | 32 |
| Classic-McEliece-348864f | IND-CCA2 | 1 | 261120 | 6452 | 128 | 32 |
| Classic-McEliece-460896 | IND-CCA2 | 3 | 524160 | 13568 | 188 | 32 |
| Classic-McEliece-460896f | IND-CCA2 | 3 | 524160 | 13568 | 188 | 32 |
| Classic-McEliece-6688128 | IND-CCA2 | 5 | 1044992 | 13892 | 240 | 32 |
| Classic-McEliece-6688128f | IND-CCA2 | 5 | 1044992 | 13892 | 240 | 32 |
| Classic-McEliece-6960119 | IND-CCA2 | 5 | 1047319 | 13908 | 226 | 32 |
| Classic-McEliece-6960119f | IND-CCA2 | 5 | 1047319 | 13908 | 226 | 32 |
| Classic-McEliece-8192128 | IND-CCA2 | 5 | 1357824 | 14080 | 240 | 32 |
| Classic-McEliece-8192128f | IND-CCA2 | 5 | 1357824 | 14080 | 240 | 32 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA |
| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA |
| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA |
| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA |
| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA |
| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA |
| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA |
| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA |
| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA |
| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA |
## Classic-McEliece-348864 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -41,8 +46,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -50,8 +55,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -59,8 +64,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,BMI1,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -68,8 +73,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -77,8 +82,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,BMI1,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -86,8 +91,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -95,8 +100,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,BMI1,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -104,22 +109,20 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
*Note: This algorithm is known to fail memory leak testing on x86_64.*
## Classic-McEliece-8192128f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | vec | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | True | True |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -17,29 +17,38 @@ crypto-assumption: Niederreiter's dual version of McEliece's public key encrypti
using binary Goppa codes
website: https://classic.mceliece.org
nist-round: 3
spec-version: SUPERCOP-20191221
spec-version: SUPERCOP-20221025
upstream-ancestors:
- SUPERCOP-20191221 "vec" and "avx" implementations
- SUPERCOP-20221025 "clean" and "avx2" implementations
advisories:
- Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and
Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when
building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised
when using the algorithm at higher optimization levels, and any other compiler and
architecture.
- Current implementation of the algorithm may not be constant-time. Additionally,
environment specific constant-time leaks may not be documented; please report potential
constant-time leaks when found.
parameter-sets:
- name: Classic-McEliece-348864
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 261120
length-ciphertext: 128
length-secret-key: 6452
length-ciphertext: 96
length-secret-key: 6492
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -52,28 +61,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-348864f
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 261120
length-ciphertext: 128
length-secret-key: 6452
length-ciphertext: 96
length-secret-key: 6492
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -87,28 +96,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-460896
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 524160
length-ciphertext: 188
length-secret-key: 13568
length-ciphertext: 156
length-secret-key: 13608
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -121,28 +130,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-460896f
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 524160
length-ciphertext: 188
length-secret-key: 13568
length-ciphertext: 156
length-secret-key: 13608
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -150,34 +159,34 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi1
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6688128
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1044992
length-ciphertext: 240
length-secret-key: 13892
length-ciphertext: 208
length-secret-key: 13932
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -190,28 +199,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6688128f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1044992
length-ciphertext: 240
length-secret-key: 13892
length-ciphertext: 208
length-secret-key: 13932
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -219,34 +228,34 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi1
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6960119
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1047319
length-ciphertext: 226
length-secret-key: 13908
length-ciphertext: 194
length-secret-key: 13948
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -259,28 +268,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6960119f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1047319
length-ciphertext: 226
length-secret-key: 13908
length-ciphertext: 194
length-secret-key: 13948
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -288,34 +297,34 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi1
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-8192128
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1357824
length-ciphertext: 240
length-secret-key: 14080
length-ciphertext: 208
length-secret-key: 14120
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -328,28 +337,28 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-8192128f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1357824
length-ciphertext: 240
length-secret-key: 14080
length-ciphertext: 208
length-secret-key: 14120
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: vec
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -363,10 +372,10 @@ parameter-sets:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
auxiliary-submitters: []
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181

View File

@ -12,14 +12,14 @@
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:-------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| FrodoKEM-640-AES | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 |
| FrodoKEM-640-SHAKE | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 |
| FrodoKEM-976-AES | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 |
| FrodoKEM-976-SHAKE | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 |
| FrodoKEM-1344-AES | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 |
| FrodoKEM-1344-SHAKE | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
## FrodoKEM-640-AES implementation characteristics

View File

@ -2,34 +2,29 @@
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Syndrome decoding of structure codes (Hamming Quasi-Cyclic).
- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor, Loïc Bidoux.
- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Arnaud Dion, Philippe Gaborit, Jérôme Lacan, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor.
- **Authors' website**: https://pqc-hqc.org/
- **Specification version**: NIST Round 3 submission.
- **Specification version**: 2023-04-30.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Implementation license (SPDX-Identifier)**: Public domain
, which takes it from:
- https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc, which takes it from:
- submission 2020-10-01 at https://pqc-hqc.org/implementation.html
## Security advisory
The implementation is [known to *not* provide constant time execution properties](https://github.com/open-quantum-safe/liboqs/issues/995).
- **Ancestors of primary source**:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| HQC-128 | IND-CCA2 | 1 | 2249 | 2289 | 4481 | 64 |
| HQC-192 | IND-CCA2 | 3 | 4522 | 4562 | 9026 | 64 |
| HQC-256 | IND-CCA2 | 5 | 7245 | 7285 | 14469 | 64 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | NA |
| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | NA |
| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | NA |
## HQC-128 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI1,PCLMULQDQ | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -40,7 +35,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI1,PCLMULQDQ | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -49,10 +43,9 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI1,PCLMULQDQ | False | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -4,29 +4,31 @@ principal-submitters:
- Carlos Aguilar Melchor
- Nicolas Aragon
- Slim Bettaieb
- Loïc Bidoux
- Olivier Blazy
- Jurjen Bos
- Jean-Christophe Deneuville
- Arnaud Dion
- Philippe Gaborit
- Jérôme Lacan
- Edoardo Persichetti
- Jean-Marc Robert
- Pascal Véron
- Gilles Zémor
- Loïc Bidoux
crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
website: https://pqc-hqc.org/
nist-round: 3
spec-version: NIST Round 3 submission
nist-round: 4
spec-version: 2023-04-30
upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc
- submission 2020-10-01 at https://pqc-hqc.org/implementation.html
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
parameter-sets:
- name: HQC-128
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 2249
length-ciphertext: 4481
length-secret-key: 2289
length-ciphertext: 4433
length-secret-key: 2305
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
@ -38,28 +40,12 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi1
- pclmulqdq
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: HQC-192
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 9026
length-ciphertext: 8978
length-public-key: 4522
length-secret-key: 4562
length-secret-key: 4586
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
@ -71,28 +57,12 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi1
- pclmulqdq
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: HQC-256
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 14469
length-ciphertext: 14421
length-public-key: 7245
length-secret-key: 7285
length-secret-key: 7317
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
@ -104,22 +74,6 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi1
- pclmulqdq
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181

View File

@ -7,84 +7,62 @@
- **Authors' website**: https://pq-crystals.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/kyber/commit/8e00ec73035147d18b27d06048dff322f8de1f29 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/8e00ec73035147d18b27d06048dff322f8de1f29 with copy_from_upstream patches
- **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Source**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
- **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
- **Formally-verified Implementation sources**:
- **libjade**:<a name="libjade"></a>
- **Source**: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 OR Apache-2.0
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| Kyber512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber512-90s | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber768-90s | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
| Kyber1024-90s | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | NA |
| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | NA |
| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | NA |
## Kyber512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Kyber512-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Kyber768-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Kyber1024-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -17,14 +17,20 @@ website: https://pq-crystals.org/
nist-round: 3
spec-version: NIST Round 3 submission
primary-upstream:
source: https://github.com/pq-crystals/kyber/commit/8e00ec73035147d18b27d06048dff322f8de1f29
source: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
pqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
oldpqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
and MIT
formally-verified-upstreams:
libjade:
source: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with
copy_from_upstream patches
spdx-license-identifier: CC0-1.0 OR Apache-2.0
parameter-sets:
- name: Kyber512
claimed-nist-level: 1
@ -59,7 +65,7 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -71,25 +77,17 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber512-90s
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
- upstream: libjade
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals-kyber_common_ref
- SHA3: liboqs
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
@ -97,17 +95,11 @@ parameter-sets:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber768
claimed-nist-level: 3
@ -142,7 +134,7 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -154,25 +146,17 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber768-90s
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
- upstream: libjade
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals-kyber_common_ref
- SHA3: liboqs
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
@ -180,17 +164,11 @@ parameter-sets:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber1024
claimed-nist-level: 5
@ -225,7 +203,7 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -237,41 +215,3 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber1024-90s
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals-kyber_common_ref
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -0,0 +1,63 @@
# ML-KEM
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- **Principal submitters**: Peter Schwabe.
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
- **Specification version**: ML-KEM.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **cupqc-cuda**:<a name="cupqc-cuda"></a>
- **Source**: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
- **Implementation license (SPDX-Identifier)**: Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|----------------------------:|
| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | 64 |
| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | 64 |
| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | 64 |
## ML-KEM-512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ML-KEM-768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ML-KEM-1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -0,0 +1,194 @@
name: ML-KEM
type: kem
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
- Roberto Avanzi
- Joppe Bos
- Léo Ducas
- Eike Kiltz
- Tancrède Lepoint
- Vadim Lyubashevsky
- John M. Schanck
- Gregor Seiler
- Damien Stehlé
crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
nist-round: FIPS203
spec-version: ML-KEM
primary-upstream:
source: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
cupqc-cuda:
source: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: ML-KEM-512
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-768
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-1024
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false

View File

@ -1,82 +0,0 @@
# NTRU
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: NTRU in Z[x]/(q, x^n-1) with prime n and power-of-two q.
- **Principal submitters**: John M. Schanck.
- **Auxiliary submitters**: Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hülsing, Joost Rijneveld, Tsunekazu Saito, Peter Schwabe, William Whyte, Keita Xagawa, Takashi Yamakawa, Zhenfei Zhang.
- **Authors' website**: https://ntru.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: CC0-1.0
, which takes it from:
- https://github.com/jschanck/ntru/tree/a43a4457
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| NTRU-HPS-2048-509 | IND-CCA2 | 1 | 699 | 935 | 699 | 32 |
| NTRU-HPS-2048-677 | IND-CCA2 | 3 | 930 | 1234 | 930 | 32 |
| NTRU-HPS-4096-821 | IND-CCA2 | 5 | 1230 | 1590 | 1230 | 32 |
| NTRU-HPS-4096-1229 | IND-CCA2 | 5 | 1842 | 2366 | 1842 | 32 |
| NTRU-HRSS-701 | IND-CCA2 | 3 | 1138 | 1450 | 1138 | 32 |
| NTRU-HRSS-1373 | IND-CCA2 | 5 | 2401 | 2983 | 2401 | 32 |
## NTRU-HPS-2048-509 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## NTRU-HPS-2048-677 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HPS-4096-821 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HPS-4096-1229 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HRSS-701 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HRSS-1373 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -1,188 +0,0 @@
name: NTRU
type: kem
principal-submitters:
- John M. Schanck
auxiliary-submitters:
- Cong Chen
- Oussama Danba
- Jeffrey Hoffstein
- Andreas Hülsing
- Joost Rijneveld
- Tsunekazu Saito
- Peter Schwabe
- William Whyte
- Keita Xagawa
- Takashi Yamakawa
- Zhenfei Zhang
crypto-assumption: NTRU in Z[x]/(q, x^n-1) with prime n and power-of-two q
website: https://ntru.org/
nist-round: 3
spec-version: NIST Round 3 submission
upstream-ancestors:
- https://github.com/jschanck/ntru/tree/a43a4457
parameter-sets:
- name: NTRU-HPS-2048-509
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 699
length-ciphertext: 699
length-secret-key: 935
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-2048-677
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 930
length-ciphertext: 930
length-secret-key: 1234
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-4096-821
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1230
length-ciphertext: 1230
length-secret-key: 1590
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-4096-1229
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1842
length-ciphertext: 1842
length-secret-key: 2366
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HRSS-701
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1138
length-ciphertext: 1138
length-secret-key: 1450
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HRSS-1373
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 2401
length-ciphertext: 2401
length-secret-key: 2983
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: CC0-1.0
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6

View File

@ -8,24 +8,17 @@
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: Public domain
, which takes it from:
- **Ancestors of primary source**:
- https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime, which takes it from:
- supercop-20210604
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| ntrulpr653 | IND-CCA2 | 1 | 897 | 1125 | 1025 | 32 |
| ntrulpr761 | IND-CCA2 | 2 | 1039 | 1294 | 1167 | 32 |
| ntrulpr857 | IND-CCA2 | 3 | 1184 | 1463 | 1312 | 32 |
| ntrulpr1277 | IND-CCA2 | 5 | 1847 | 2231 | 1975 | 32 |
| sntrup653 | IND-CCA2 | 1 | 994 | 1518 | 897 | 32 |
| sntrup761 | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 |
| sntrup857 | IND-CCA2 | 3 | 1322 | 1999 | 1184 | 32 |
| sntrup1277 | IND-CCA2 | 5 | 2067 | 3059 | 1847 | 32 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 | NA |
## ntrulpr653 implementation characteristics
## sntrup761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
@ -36,69 +29,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ntrulpr761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ntrulpr857 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ntrulpr1277 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## sntrup653 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## sntrup761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## sntrup857 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## sntrup1277 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -19,171 +19,6 @@ upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime
- supercop-20210604
parameter-sets:
- name: ntrulpr653
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 897
length-ciphertext: 1025
length-secret-key: 1125
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: ntrulpr761
claimed-nist-level: 2
claimed-security: IND-CCA2
length-ciphertext: 1167
length-public-key: 1039
length-secret-key: 1294
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: ntrulpr857
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 1312
length-public-key: 1184
length-secret-key: 1463
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: ntrulpr1277
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 1975
length-public-key: 1847
length-secret-key: 2231
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: sntrup653
claimed-nist-level: 1
claimed-security: IND-CCA2
length-ciphertext: 897
length-public-key: 994
length-secret-key: 1518
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: sntrup761
claimed-nist-level: 2
claimed-security: IND-CCA2
@ -217,72 +52,6 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: sntrup857
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 1184
length-public-key: 1322
length-secret-key: 1999
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: sntrup1277
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 1847
length-public-key: 2067
length-secret-key: 3059
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6

View File

@ -1,57 +0,0 @@
# SABER
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Module learning with rounding.
- **Principal submitters**: Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren.
- **Authors' website**: https://www.esat.kuleuven.be/cosic/pqcrypto/saber/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Public domain
, which takes it from:
- https://github.com/jschanck/package-pqclean/tree/1ae84c3c/saber, which takes it from:
- https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| LightSaber-KEM | IND-CCA2 | 1 | 672 | 1568 | 736 | 32 |
| Saber-KEM | IND-CCA2 | 3 | 992 | 2304 | 1088 | 32 |
| FireSaber-KEM | IND-CCA2 | 5 | 1312 | 3040 | 1472 | 32 |
## LightSaber-KEM implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Saber-KEM implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## FireSaber-KEM implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -1,148 +0,0 @@
name: SABER
type: kem
principal-submitters:
- Jan-Pieter D'Anvers
- Angshuman Karmakar
- Sujoy Sinha Roy
- Frederik Vercauteren
crypto-assumption: Module learning with rounding
website: https://www.esat.kuleuven.be/cosic/pqcrypto/saber/
nist-round: 3
spec-version: NIST Round 3 submission
upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/1ae84c3c/saber
- https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350
parameter-sets:
- name: LightSaber-KEM
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 672
length-ciphertext: 736
length-secret-key: 1568
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
- name: Saber-KEM
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 1088
length-public-key: 992
length-secret-key: 2304
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
- name: FireSaber-KEM
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 1472
length-public-key: 1312
length-secret-key: 3040
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
with copy_from_upstream patches

View File

@ -0,0 +1,203 @@
# CROSS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hardness of the restricted syndrome decoding problem for random linear codes on a finite field.
- **Principal submitters**: Marco Baldi, Alessandro Barenghi, Michele Battagliola, Sebastian Bitzer, Patrick Karl, Felice Manganiello, Alessio Pavoni, Gerardo Pelosi, Paolo Santini, Jonas Schupp, Edoardo Signorini, Freeman Slaughter, Antonia Wachter-Zeh, Violetta Weger.
- **Auxiliary submitters**: Marco Gianvecchio.
- **Authors' website**: https://www.cross-crypto.com/
- **Specification version**: 2.0 + PQClean and OQS patches.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
- **Implementation license (SPDX-Identifier)**: CC0-1.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| cross-rsdp-128-balanced | NA | EUF-CMA | 1 | 77 | 32 | 13152 |
| cross-rsdp-128-fast | NA | EUF-CMA | 1 | 77 | 32 | 18432 |
| cross-rsdp-128-small | NA | EUF-CMA | 1 | 77 | 32 | 12432 |
| cross-rsdp-192-balanced | NA | EUF-CMA | 3 | 115 | 48 | 29853 |
| cross-rsdp-192-fast | NA | EUF-CMA | 3 | 115 | 48 | 41406 |
| cross-rsdp-192-small | NA | EUF-CMA | 3 | 115 | 48 | 28391 |
| cross-rsdp-256-balanced | NA | EUF-CMA | 5 | 153 | 64 | 53527 |
| cross-rsdp-256-fast | NA | EUF-CMA | 5 | 153 | 64 | 74590 |
| cross-rsdp-256-small | NA | EUF-CMA | 5 | 153 | 64 | 50818 |
| cross-rsdpg-128-balanced | NA | EUF-CMA | 1 | 54 | 32 | 9120 |
| cross-rsdpg-128-fast | NA | EUF-CMA | 1 | 54 | 32 | 11980 |
| cross-rsdpg-128-small | NA | EUF-CMA | 1 | 54 | 32 | 8960 |
| cross-rsdpg-192-balanced | NA | EUF-CMA | 3 | 83 | 48 | 22464 |
| cross-rsdpg-192-fast | NA | EUF-CMA | 3 | 83 | 48 | 26772 |
| cross-rsdpg-192-small | NA | EUF-CMA | 3 | 83 | 48 | 20452 |
| cross-rsdpg-256-balanced | NA | EUF-CMA | 5 | 106 | 64 | 40100 |
| cross-rsdpg-256-fast | NA | EUF-CMA | 5 | 106 | 64 | 48102 |
| cross-rsdpg-256-small | NA | EUF-CMA | 5 | 106 | 64 | 36454 |
## cross-rsdp-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## cross-rsdp-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -0,0 +1,532 @@
name: CROSS
type: signature
principal-submitters:
- Marco Baldi
- Alessandro Barenghi
- Michele Battagliola
- Sebastian Bitzer
- Patrick Karl
- Felice Manganiello
- Alessio Pavoni
- Gerardo Pelosi
- Paolo Santini
- Jonas Schupp
- Edoardo Signorini
- Freeman Slaughter
- Antonia Wachter-Zeh
- Violetta Weger
auxiliary-submitters:
- Marco Gianvecchio
crypto-assumption: hardness of the restricted syndrome decoding problem for random
linear codes on a finite field
website: https://www.cross-crypto.com/
nist-round: 2
spec-version: 2.0 + PQClean and OQS patches
primary-upstream:
source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
spdx-license-identifier: CC0-1.0
parameter-sets:
- name: cross-rsdp-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 13152
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 18432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-small
oqs_alg: OQS_SIG_alg_cross_rsdp_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 12432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 29853
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 41406
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-small
oqs_alg: OQS_SIG_alg_cross_rsdp_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 28391
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 53527
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 74590
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-256-small
oqs_alg: OQS_SIG_alg_cross_rsdp_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 50818
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 9120
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 11980
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 8960
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 22464
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 26772
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 20452
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 40100
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 48102
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 36454
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

View File

@ -7,32 +7,29 @@
- **Authors' website**: https://pq-crystals.org/dilithium/
- **Specification version**: 3.1.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06 with copy_from_upstream patches
- **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Source**: https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 with copy_from_upstream patches
- **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Dilithium2 | EUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3 | EUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5 | EUF-CMA | 5 | 2592 | 4864 | 4595 |
| Dilithium2-AES | EUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3-AES | EUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5-AES | EUF-CMA | 5 | 2592 | 4864 | 4595 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Dilithium2 | NA | SUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3 | NA | SUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5 | NA | SUF-CMA | 5 | 2592 | 4864 | 4595 |
## Dilithium2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -40,48 +37,21 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Dilithium3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Dilithium5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Dilithium2-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Dilithium3-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Dilithium5-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.

View File

@ -15,18 +15,20 @@ website: https://pq-crystals.org/dilithium/
nist-round: 3
spec-version: 3.1
primary-upstream:
source: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06
source: https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
pqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
oldpqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
and MIT
parameter-sets:
- name: Dilithium2
oqs_alg: OQS_SIG_alg_dilithium_2
claimed-nist-level: 2
claimed-security: EUF-CMA
claimed-security: SUF-CMA
length-public-key: 1312
length-secret-key: 2528
length-signature: 2420
@ -36,7 +38,6 @@ parameter-sets:
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
@ -52,12 +53,11 @@ parameter-sets:
- avx2
- popcnt
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -70,8 +70,9 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Dilithium3
oqs_alg: OQS_SIG_alg_dilithium_3
claimed-nist-level: 3
claimed-security: EUF-CMA
claimed-security: SUF-CMA
length-public-key: 1952
length-secret-key: 4000
length-signature: 3293
@ -81,7 +82,6 @@ parameter-sets:
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
@ -97,12 +97,11 @@ parameter-sets:
- avx2
- popcnt
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -115,8 +114,9 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Dilithium5
oqs_alg: OQS_SIG_alg_dilithium_5
claimed-nist-level: 5
claimed-security: EUF-CMA
claimed-security: SUF-CMA
length-public-key: 2592
length-secret-key: 4864
length-signature: 4595
@ -126,7 +126,6 @@ parameter-sets:
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
@ -142,12 +141,11 @@ parameter-sets:
- avx2
- popcnt
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: pqclean-aarch64
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
@ -159,111 +157,3 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Dilithium2-AES
claimed-security: EUF-CMA
claimed-nist-level: 2
length-public-key: 1312
length-secret-key: 2528
length-signature: 2420
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- aes
- avx2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: Dilithium3-AES
claimed-security: EUF-CMA
claimed-nist-level: 3
length-public-key: 1952
length-secret-key: 4000
length-signature: 3293
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- aes
- avx2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: Dilithium5-AES
claimed-security: EUF-CMA
claimed-nist-level: 5
length-public-key: 2592
length-secret-key: 4864
length-signature: 4595
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- aes
- avx2
- popcnt
- sse2
- ssse3
common-crypto:
- AES: pqcrystals
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -3,27 +3,34 @@
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hardness of NTRU lattice problems.
- **Principal submitters**: Thomas Prest.
- **Auxiliary submitters**: Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Ricosset, Gregor Seiler, William Whyte, Zhenfei Zhang.
- **Auxiliary submitters**: Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Prest, Thomas Ricosset, Gregor Seiler, William Whyte, Zhenfei Zhang.
- **Authors' website**: https://falcon-sign.info
- **Specification version**: v1.2.
- **Specification version**: 20211101.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Implementation license (SPDX-Identifier)**: MIT
- **Optimized Implementation sources**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
- **Implementation license (SPDX-Identifier)**: Apache-2.0
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Falcon-512 | EUF-CMA | 1 | 897 | 1281 | 690 |
| Falcon-1024 | EUF-CMA | 5 | 1793 | 2305 | 1330 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Falcon-512 | NA | EUF-CMA | 1 | 897 | 1281 | 752 |
| Falcon-1024 | NA | EUF-CMA | 5 | 1793 | 2305 | 1462 |
| Falcon-padded-512 | NA | EUF-CMA | 1 | 897 | 1281 | 666 |
| Falcon-padded-1024 | NA | EUF-CMA | 5 | 1793 | 2305 | 1280 |
## Falcon-512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -31,10 +38,31 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Falcon-1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Falcon-padded-512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Falcon-padded-1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | False | False | False |
| [pqclean-aarch64](#pqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.

View File

@ -8,6 +8,7 @@ auxiliary-submitters:
- Paul Kirchner
- Vadim Lyubashevsky
- Thomas Pornin
- Thomas Prest
- Thomas Ricosset
- Gregor Seiler
- William Whyte
@ -15,20 +16,23 @@ auxiliary-submitters:
crypto-assumption: hardness of NTRU lattice problems
website: https://falcon-sign.info
nist-round: 3
spec-version: v1.2
spec-version: 20211101
primary-upstream:
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
spdx-license-identifier: CC0-1.0
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
spdx-license-identifier: MIT
upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/cea1fa5a/falcon
- supercop-20201018
- https://www.falcon-sign.info
optimized-upstreams:
pqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: Falcon-512
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 897
length-secret-key: 1281
length-signature: 690
length-signature: 752
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
@ -43,22 +47,31 @@ parameter-sets:
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: pqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Falcon-1024
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 1793
length-secret-key: 2305
length-signature: 1330
length-signature: 1462
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
@ -73,13 +86,100 @@ parameter-sets:
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: pqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Falcon-padded-512
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 897
length-secret-key: 1281
length-signature: 666
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: pqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Falcon-padded-1024
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 1793
length-secret-key: 2305
length-signature: 1280
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: pqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false

View File

@ -0,0 +1,66 @@
# MAYO
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Ward Beullens, Fabio Campos, Sofía Celi, Basil Hess, Matthias J. Kannwischer.
- **Authors' website**: https://pqmayo.org
- **Specification version**: NIST Round 2 (February 2025).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| MAYO-1 | NA | EUF-CMA | 1 | 1420 | 24 | 454 |
| MAYO-2 | NA | EUF-CMA | 1 | 4912 | 24 | 186 |
| MAYO-3 | NA | EUF-CMA | 3 | 2986 | 32 | 681 |
| MAYO-5 | NA | EUF-CMA | 5 | 5554 | 40 | 964 |
## MAYO-1 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## MAYO-2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## MAYO-3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## MAYO-5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -0,0 +1,195 @@
name: MAYO
type: signature
principal-submitters:
- Ward Beullens
- Fabio Campos
- Sofía Celi
- Basil Hess
- Matthias J. Kannwischer
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://pqmayo.org
nist-round: 2
spec-version: NIST Round 2 (February 2025)
primary-upstream:
source: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807
with copy_from_upstream patches
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: MAYO-1
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1420
length-secret-key: 24
length-signature: 454
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-2
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 4912
length-secret-key: 24
length-signature: 186
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 2986
length-secret-key: 32
length-signature: 681
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 5554
length-secret-key: 40
length-signature: 964
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true

View File

@ -0,0 +1,53 @@
# ML-DSA
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hardness of lattice problems over module lattices.
- **Principal submitters**: Vadim Lyubashevsky.
- **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
- **Specification version**: ML-DSA.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| ML-DSA-44 | NA | SUF-CMA | 2 | 1312 | 2560 | 2420 |
| ML-DSA-65 | NA | SUF-CMA | 3 | 1952 | 4032 | 3309 |
| ML-DSA-87 | NA | SUF-CMA | 5 | 2592 | 4896 | 4627 |
## ML-DSA-44 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ML-DSA-65 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ML-DSA-87 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -0,0 +1,114 @@
name: ML-DSA
type: signature
principal-submitters:
- Vadim Lyubashevsky
auxiliary-submitters:
- Shi Bai
- Léo Ducas
- Eike Kiltz
- Tancrède Lepoint
- Peter Schwabe
- Gregor Seiler
- Damien Stehlé
crypto-assumption: hardness of lattice problems over module lattices
website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
nist-round: FIPS204
spec-version: ML-DSA
primary-upstream:
source: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
parameter-sets:
- name: ML-DSA-44
claimed-nist-level: 2
claimed-security: SUF-CMA
length-public-key: 1312
length-secret-key: 2560
length-signature: 2420
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: ML-DSA-65
claimed-nist-level: 3
claimed-security: SUF-CMA
length-public-key: 1952
length-secret-key: 4032
length-signature: 3309
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: ML-DSA-87
claimed-nist-level: 5
claimed-security: SUF-CMA
length-public-key: 2592
length-secret-key: 4896
length-signature: 4627
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -1,157 +0,0 @@
# Picnic
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash function security (ROM/QROM), key recovery attacks on the lowMC block cipher.
- **Principal submitters**: Greg Zaverucha, Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Jonathan Katz, Xiao Wang, Vladmir Kolesnikov.
- **Authors' website**: https://microsoft.github.io/Picnic/
- **Specification version**: 3.0.17.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/IAIK/Picnic
- **Implementation license (SPDX-Identifier)**: MIT
## Test limitation
This algorithm is not tested under Windows using the "msys2" tool chain (due to https://github.com/open-quantum-safe/liboqs/issues/1218).
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:----------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| picnic\_L1\_FS | EUF-CMA | 1 | 33 | 49 | 34036 |
| picnic\_L1\_UR | EUF-CMA | 1 | 33 | 49 | 53965 |
| picnic\_L1\_full | EUF-CMA | 1 | 35 | 52 | 32065 |
| picnic\_L3\_FS | EUF-CMA | 3 | 49 | 73 | 76776 |
| picnic\_L3\_UR | EUF-CMA | 3 | 49 | 73 | 121849 |
| picnic\_L3\_full | EUF-CMA | 3 | 49 | 73 | 71183 |
| picnic\_L5\_FS | EUF-CMA | 5 | 65 | 97 | 132860 |
| picnic\_L5\_UR | EUF-CMA | 5 | 65 | 97 | 209510 |
| picnic\_L5\_full | EUF-CMA | 5 | 65 | 97 | 126290 |
| picnic3\_L1 | EUF-CMA | 1 | 35 | 52 | 14612 |
| picnic3\_L3 | EUF-CMA | 3 | 49 | 73 | 35028 |
| picnic3\_L5 | EUF-CMA | 5 | 65 | 97 | 61028 |
## picnic\_L1\_FS implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## picnic\_L1\_UR implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L1\_full implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_FS implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_UR implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_full implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_FS implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_UR implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_full implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L1 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -1,455 +0,0 @@
name: Picnic
type: signature
principal-submitters:
- Greg Zaverucha
- Melissa Chase
- David Derler
- Steven Goldfeder
- Claudio Orlandi
- Sebastian Ramacher
- Christian Rechberger
- Daniel Slamanig
- Jonathan Katz
- Xiao Wang
- Vladmir Kolesnikov
crypto-assumption: hash function security (ROM/QROM), key recovery attacks on the
lowMC block cipher
website: https://microsoft.github.io/Picnic/
nist-round: 3
spec-version: 3.0.17
primary-upstream:
source: https://github.com/IAIK/Picnic
spdx-license-identifier: MIT
parameter-sets:
- name: picnic_L1_FS
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 33
length-secret-key: 49
length-signature: 34036
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L1_UR
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 33
length-secret-key: 49
length-signature: 53965
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L1_full
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 35
length-secret-key: 52
length-signature: 32065
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L3_FS
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 49
length-secret-key: 73
length-signature: 76776
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L3_UR
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 49
length-secret-key: 73
length-signature: 121849
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L3_full
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 49
length-secret-key: 73
length-signature: 71183
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L5_FS
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 65
length-secret-key: 97
length-signature: 132860
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L5_UR
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 65
length-secret-key: 97
length-signature: 209510
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic_L5_full
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 65
length-secret-key: 97
length-signature: 126290
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic3_L1
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 35
length-secret-key: 52
length-signature: 14612
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic3_L3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 49
length-secret-key: 73
length-signature: 35028
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: picnic3_L5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 65
length-secret-key: 97
length-signature: 61028
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
- sse2
- architecture: x86_64
operating_systems:
- Darwin
- Windows
required_flags:
- sse2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -1,73 +0,0 @@
# Rainbow
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable polynomials, unbalanced oil and vinegar.
- **Principal submitters**: Jintai Ding.
- **Auxiliary submitters**: Ming-Shing Chen, Matthias Kannwischer, Jacques Patarin, Albrecht Petzoldt, Dieter Schmidt, Bo-Yin Yang.
- **Authors' website**: https://www.pqcrainbow.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: CC0-1.0
## Usage advice/warning
[A practical attack against this algorithm has been published and confirmed](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KFgw5_qCXiI?pli=1). Thus, caution is advised regarding the use of it. Next steps are tracked under [liboqs issue #1192](https://github.com/open-quantum-safe/liboqs/issues/1192).
## Test limitation
This algorithm is not tested under Windows.
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:--------------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Rainbow-III-Classic | EUF-CMA | 3 | 882080 | 626048 | 164 |
| Rainbow-III-Circumzenithal | EUF-CMA | 3 | 264608 | 626048 | 164 |
| Rainbow-III-Compressed | EUF-CMA | 3 | 264608 | 64 | 164 |
| Rainbow-V-Classic | EUF-CMA | 5 | 1930600 | 1408736 | 212 |
| Rainbow-V-Circumzenithal | EUF-CMA | 5 | 536136 | 1408736 | 212 |
| Rainbow-V-Compressed | EUF-CMA | 5 | 536136 | 64 | 212 |
## Rainbow-III-Classic implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Rainbow-III-Circumzenithal implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
## Rainbow-III-Compressed implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
## Rainbow-V-Classic implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
## Rainbow-V-Circumzenithal implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
## Rainbow-V-Compressed implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -1,118 +0,0 @@
name: Rainbow
type: signature
principal-submitters:
- Jintai Ding
auxiliary-submitters:
- Ming-Shing Chen
- Matthias Kannwischer
- Jacques Patarin
- Albrecht Petzoldt
- Dieter Schmidt
- Bo-Yin Yang
crypto-assumption: multivariable polynomials, unbalanced oil and vinegar
website: https://www.pqcrainbow.org/
nist-round: 3
spec-version: NIST Round 3 submission
spdx-license-identifier: CC0-1.0
primary-upstream:
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
spdx-license-identifier: CC0-1.0
upstream-ancestors:
- https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/173ada0e077e1b9dbd8e4a78994f87acc0c92263
parameter-sets:
- name: Rainbow-III-Classic
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 882080
length-secret-key: 626048
length-signature: 164
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: Rainbow-III-Circumzenithal
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 264608
length-secret-key: 626048
length-signature: 164
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: Rainbow-III-Compressed
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 264608
length-secret-key: 64
length-signature: 164
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: Rainbow-V-Classic
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 1930600
length-secret-key: 1408736
length-signature: 212
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: Rainbow-V-Circumzenithal
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 536136
length-secret-key: 1408736
length-signature: 212
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: Rainbow-V-Compressed
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 536136
length-secret-key: 64
length-signature: 212
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

View File

@ -0,0 +1,154 @@
# SNOVA
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Lih-Chung Wang, Chun-Yen Chou, Jintai Ding, Yen-Liang Kuan, Jan Adriaan Leegwater, Ming-Siou Li, Bo-Shu Tseng, Po-En Tseng, Chia-Chun Wang.
- **Authors' website**: https://snova.pqclab.org/
- **Specification version**: Round 2.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| SNOVA\_24\_5\_4 | NA | EUF-CMA | 1 | 1016 | 48 | 248 |
| SNOVA\_24\_5\_4\_SHAKE | NA | EUF-CMA | 1 | 1016 | 48 | 248 |
| SNOVA\_24\_5\_4\_esk | NA | EUF-CMA | 1 | 1016 | 36848 | 248 |
| SNOVA\_24\_5\_4\_SHAKE\_esk | NA | EUF-CMA | 1 | 1016 | 36848 | 248 |
| SNOVA\_37\_17\_2 | NA | EUF-CMA | 1 | 9842 | 48 | 124 |
| SNOVA\_25\_8\_3 | NA | EUF-CMA | 1 | 2320 | 48 | 165 |
| SNOVA\_56\_25\_2 | NA | EUF-CMA | 3 | 31266 | 48 | 178 |
| SNOVA\_49\_11\_3 | NA | EUF-CMA | 3 | 6006 | 48 | 286 |
| SNOVA\_37\_8\_4 | NA | EUF-CMA | 3 | 4112 | 48 | 376 |
| SNOVA\_24\_5\_5 | NA | EUF-CMA | 3 | 1579 | 48 | 379 |
| SNOVA\_60\_10\_4 | NA | EUF-CMA | 5 | 8016 | 48 | 576 |
| SNOVA\_29\_6\_5 | NA | EUF-CMA | 5 | 2716 | 48 | 454 |
## SNOVA\_24\_5\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## SNOVA\_24\_5\_4\_SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_4\_esk implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_4\_SHAKE\_esk implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_37\_17\_2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_25\_8\_3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_56\_25\_2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_49\_11\_3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_37\_8\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_60\_10\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_29\_6\_5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -0,0 +1,560 @@
name: SNOVA
type: signature
principal-submitters:
- Lih-Chung Wang
- Chun-Yen Chou
- Jintai Ding
- Yen-Liang Kuan
- Jan Adriaan Leegwater
- Ming-Siou Li
- Bo-Shu Tseng
- Po-En Tseng
- Chia-Chun Wang
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://snova.pqclab.org/
nist-round: 2
spec-version: Round 2
primary-upstream:
source: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
spdx-license-identifier: MIT
parameter-sets:
- name: SNOVA_24_5_4
oqs_alg: OQS_SIG_alg_snova_24_5_4
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 48
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_SHAKE
oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 48
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_esk
oqs_alg: OQS_SIG_alg_snova_24_5_4_esk
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 36848
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_SHAKE_esk
oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE_esk
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 36848
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_37_17_2
oqs_alg: OQS_SIG_alg_SNOVA_37_17_2
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 9842
length-secret-key: 48
length-signature: 124
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_25_8_3
oqs_alg: OQS_SIG_alg_SNOVA_25_8_3
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 2320
length-secret-key: 48
length-signature: 165
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_56_25_2
oqs_alg: OQS_SIG_alg_snova_56_25_2
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 31266
length-secret-key: 48
length-signature: 178
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_49_11_3
oqs_alg: OQS_SIG_alg_snova_49_11_3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 6006
length-secret-key: 48
length-signature: 286
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_37_8_4
oqs_alg: OQS_SIG_alg_snova_37_8_4
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 4112
length-secret-key: 48
length-signature: 376
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_24_5_5
oqs_alg: OQS_SIG_alg_SNOVA_24_5_5
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 1579
length-secret-key: 48
length-signature: 379
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_60_10_4
oqs_alg: OQS_SIG_alg_snova_60_10_4
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 8016
length-secret-key: 48
length-signature: 576
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_29_6_5
oqs_alg: OQS_SIG_alg_SNOVA_29_6_5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 2716
length-secret-key: 48
length-signature: 454
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

View File

@ -3,384 +3,145 @@
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash-based signatures.
- **Principal submitters**: Andreas Hülsing.
- **Auxiliary submitters**: Jean-Philippe Aumasson, Daniel J. Bernstein,, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe.
- **Auxiliary submitters**: Jean-Philippe Aumasson, Daniel J. Bernstein,, Ward Beullens, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, Bas Westerbaan.
- **Authors' website**: https://sphincs.org/
- **Specification version**: NIST Round 3 submission.
- **Specification version**: NIST Round 3 submission, v3.1 (June 10, 2022).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6 with copy_from_upstream patches
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0
## Test limitation
This algorithm is not tested under Windows.
## Advisories
- This algorithm is not tested under Windows.
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:-----------------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| SPHINCS+-Haraka-128f-robust | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-Haraka-128f-simple | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-Haraka-128s-robust | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-Haraka-128s-simple | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-Haraka-192f-robust | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-Haraka-192f-simple | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-Haraka-192s-robust | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-Haraka-192s-simple | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-Haraka-256f-robust | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-Haraka-256f-simple | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-Haraka-256s-robust | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-Haraka-256s-simple | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-SHA256-128f-robust | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHA256-128f-simple | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHA256-128s-robust | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHA256-128s-simple | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHA256-192f-robust | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHA256-192f-simple | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHA256-192s-robust | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHA256-192s-simple | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHA256-256f-robust | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHA256-256f-simple | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHA256-256s-robust | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-SHA256-256s-simple | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-SHAKE256-128f-robust | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHAKE256-128f-simple | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHAKE256-128s-robust | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHAKE256-128s-simple | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHAKE256-192f-robust | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHAKE256-192f-simple | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHAKE256-192s-robust | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHAKE256-192s-simple | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHAKE256-256f-robust | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHAKE256-256f-simple | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHAKE256-256s-robust | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-SHAKE256-256s-simple | EUF-CMA | 5 | 64 | 128 | 29792 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:--------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| SPHINCS+-SHA2-128f-simple | NA | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHA2-128s-simple | NA | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHA2-192f-simple | NA | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHA2-192s-simple | NA | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHA2-256f-simple | NA | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHA2-256s-simple | NA | EUF-CMA | 5 | 64 | 128 | 29792 |
| SPHINCS+-SHAKE-128f-simple | NA | EUF-CMA | 1 | 32 | 64 | 17088 |
| SPHINCS+-SHAKE-128s-simple | NA | EUF-CMA | 1 | 32 | 64 | 7856 |
| SPHINCS+-SHAKE-192f-simple | NA | EUF-CMA | 3 | 48 | 96 | 35664 |
| SPHINCS+-SHAKE-192s-simple | NA | EUF-CMA | 3 | 48 | 96 | 16224 |
| SPHINCS+-SHAKE-256f-simple | NA | EUF-CMA | 5 | 64 | 128 | 49856 |
| SPHINCS+-SHAKE-256s-simple | NA | EUF-CMA | 5 | 64 | 128 | 29792 |
## SPHINCS+-Haraka-128f-robust implementation characteristics
## SPHINCS+-SHA2-128f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## SPHINCS+-Haraka-128f-simple implementation characteristics
## SPHINCS+-SHA2-128s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-128s-robust implementation characteristics
## SPHINCS+-SHA2-192f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-128s-simple implementation characteristics
## SPHINCS+-SHA2-192s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-192f-robust implementation characteristics
## SPHINCS+-SHA2-256f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-192f-simple implementation characteristics
## SPHINCS+-SHA2-256s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-192s-robust implementation characteristics
## SPHINCS+-SHAKE-128f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-192s-simple implementation characteristics
## SPHINCS+-SHAKE-128s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-256f-robust implementation characteristics
## SPHINCS+-SHAKE-192f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-256f-simple implementation characteristics
## SPHINCS+-SHAKE-192s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-256s-robust implementation characteristics
## SPHINCS+-SHAKE-256f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-Haraka-256s-simple implementation characteristics
## SPHINCS+-SHAKE-256s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | aesni | x86\_64 | All | AES | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-128f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-128f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-128s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-128s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-192f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-192f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-192s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-192s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-256f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-256f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-256s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHA256-256s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-128f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-128f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-128s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-128s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-192f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-192f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-192s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-192s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-256f-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-256f-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-256s-robust implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SPHINCS+-SHAKE256-256s-simple implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
| [Primary Source](#primary-source) | clean | All | All | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

View File

@ -5,6 +5,7 @@ principal-submitters:
auxiliary-submitters:
- Jean-Philippe Aumasson
- Daniel J. Bernstein,
- Ward Beullens
- Christoph Dobraunig
- Maria Eichlseder
- Scott Fluhrer
@ -18,343 +19,22 @@ auxiliary-submitters:
- Christian Rechberger
- Joost Rijneveld
- Peter Schwabe
- Bas Westerbaan
crypto-assumption: hash-based signatures
website: https://sphincs.org/
nist-round: 3
spec-version: NIST Round 3 submission
spec-version: NIST Round 3 submission, v3.1 (June 10, 2022)
spdx-license-identifier: CC0-1.0
primary-upstream:
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
upstream-ancestors:
- https://github.com/sphincs/sphincsplus
advisories:
- This algorithm is not tested under Windows.
parameter-sets:
- name: SPHINCS+-Haraka-128f-robust
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 17088
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-128f-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 17088
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-128s-robust
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 7856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-128s-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 7856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-192f-robust
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 35664
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-192f-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 35664
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-192s-robust
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 16224
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-192s-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 16224
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-256f-robust
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 49856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-256f-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 49856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-256s-robust
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 29792
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-Haraka-256s-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 29792
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- AES: BearSSL (packaged)
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aesni
supported-platforms:
- architecture: x86_64
required_flags:
- aes
common-crypto:
- AES: packaged
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-128f-robust
- name: SPHINCS+-SHA2-128f-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
@ -367,8 +47,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -376,39 +56,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-128f-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 17088
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-128s-robust
- name: SPHINCS+-SHA2-128s-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
@ -421,8 +77,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -430,39 +86,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-128s-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 7856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-192f-robust
- name: SPHINCS+-SHA2-192f-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
@ -475,8 +107,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -484,39 +116,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-192f-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 35664
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-192s-robust
- name: SPHINCS+-SHA2-192s-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
@ -529,8 +137,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -538,39 +146,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-192s-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 16224
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-256f-robust
- name: SPHINCS+-SHA2-256f-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
@ -583,8 +167,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -592,39 +176,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-256f-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 49856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-256s-robust
- name: SPHINCS+-SHA2-256s-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
@ -637,8 +197,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -646,39 +206,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHA256-256s-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 29792
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-128f-robust
- name: SPHINCS+-SHAKE-128f-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
@ -691,8 +227,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -700,39 +236,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-128f-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 17088
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-128s-robust
- name: SPHINCS+-SHAKE-128s-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
@ -745,8 +257,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -754,39 +266,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-128s-simple
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 32
length-secret-key: 64
length-signature: 7856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-192f-robust
- name: SPHINCS+-SHAKE-192f-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
@ -799,8 +287,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -808,39 +296,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-192f-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 35664
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-192s-robust
- name: SPHINCS+-SHAKE-192s-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
@ -853,8 +317,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -862,39 +326,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-192s-simple
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 48
length-secret-key: 96
length-signature: 16224
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-256f-robust
- name: SPHINCS+-SHAKE-256f-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
@ -907,8 +347,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -916,39 +356,15 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-256f-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 49856
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-256s-robust
- name: SPHINCS+-SHAKE-256s-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
@ -961,35 +377,8 @@ parameter-sets:
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SPHINCS+-SHAKE256-256s-simple
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 64
length-secret-key: 128
length-signature: 29792
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
@ -997,6 +386,9 @@ parameter-sets:
- architecture: x86_64
required_flags:
- avx2
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true

154
docs/algorithms/sig/uov.md Normal file
View File

@ -0,0 +1,154 @@
# UOV
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Ward Beullens, Ming-Shing Chen, Jintai Ding, Boru Gong, Matthias J. Kannwischer, Jacques Patarin, Bo-Yuan Peng, Dieter Schmidt, Cheng-Jhih Shih, Chengdong Tao, Bo-Yin Yang.
- **Authors' website**: https://www.uovsig.org/
- **Specification version**: NIST Round 2 (February 2025).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
- **Implementation license (SPDX-Identifier)**: CC0 OR Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| OV-Is | NA | EUF-CMA | 1 | 412160 | 348704 | 96 |
| OV-Ip | NA | EUF-CMA | 1 | 278432 | 237896 | 128 |
| OV-III | NA | EUF-CMA | 3 | 1225440 | 1044320 | 200 |
| OV-V | NA | EUF-CMA | 5 | 2869440 | 2436704 | 260 |
| OV-Is-pkc | NA | EUF-CMA | 1 | 66576 | 348704 | 96 |
| OV-Ip-pkc | NA | EUF-CMA | 1 | 43576 | 237896 | 128 |
| OV-III-pkc | NA | EUF-CMA | 3 | 189232 | 1044320 | 200 |
| OV-V-pkc | NA | EUF-CMA | 5 | 446992 | 2436704 | 260 |
| OV-Is-pkc-skc | NA | EUF-CMA | 1 | 66576 | 32 | 96 |
| OV-Ip-pkc-skc | NA | EUF-CMA | 1 | 43576 | 32 | 128 |
| OV-III-pkc-skc | NA | EUF-CMA | 3 | 189232 | 32 | 200 |
| OV-V-pkc-skc | NA | EUF-CMA | 5 | 446992 | 32 | 260 |
## OV-Is implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## OV-Ip implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Is-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Ip-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Is-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Ip-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

562
docs/algorithms/sig/uov.yml Normal file
View File

@ -0,0 +1,562 @@
name: UOV
type: signature
principal-submitters:
- Ward Beullens
- Ming-Shing Chen
- Jintai Ding
- Boru Gong
- Matthias J. Kannwischer
- Jacques Patarin
- Bo-Yuan Peng
- Dieter Schmidt
- Cheng-Jhih Shih
- Chengdong Tao
- Bo-Yin Yang
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://www.uovsig.org/
nist-round: 2
spec-version: NIST Round 2 (February 2025)
primary-upstream:
source: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
spdx-license-identifier: CC0 OR Apache-2.0
parameter-sets:
- name: OV-Is
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 412160
length-secret-key: 348704
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 278432
length-secret-key: 237896
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 1225440
length-secret-key: 1044320
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 2869440
length-secret-key: 2436704
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Is-pkc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 66576
length-secret-key: 348704
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip-pkc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 43576
length-secret-key: 237896
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III-pkc
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 189232
length-secret-key: 1044320
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V-pkc
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 446992
length-secret-key: 2436704
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Is-pkc-skc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 66576
length-secret-key: 32
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip-pkc-skc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 43576
length-secret-key: 32
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III-pkc-skc
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 189232
length-secret-key: 32
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V-pkc-skc
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 446992
length-secret-key: 32
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

View File

@ -0,0 +1,50 @@
# LMS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash-based signatures.
- **Principal submitters**: Scott Fluhrer.
- **Auxiliary submitters**: C Martin, Maurice Hieronymus.
- **Authors' website**: https://www.rfc-editor.org/info/rfc8554
- **Specification version**: None.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/cisco/hash-sigs
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
| LMS_SHA256_H5_W1 | | | 60 | 64 | 8688 |
| LMS_SHA256_H5_W2 | | | 60 | 64 | 4464 |
| LMS_SHA256_H5_W4 | | | 60 | 64 | 2352 |
| LMS_SHA256_H5_W8 | | | 60 | 64 | 1296 |
| LMS_SHA256_H10_W1 | | | 60 | 64 | 8848 |
| LMS_SHA256_H10_W2 | | | 60 | 64 | 4624 |
| LMS_SHA256_H10_W4 | | | 60 | 64 | 2512 |
| LMS_SHA256_H10_W8 | | | 60 | 64 | 1456 |
| LMS_SHA256_H15_W1 | | | 60 | 64 | 9008 |
| LMS_SHA256_H15_W2 | | | 60 | 64 | 4784 |
| LMS_SHA256_H15_W4 | | | 60 | 64 | 2672 |
| LMS_SHA256_H15_W8 | | | 60 | 64 | 1616 |
| LMS_SHA256_H20_W1 | | | 60 | 64 | 9168 |
| LMS_SHA256_H20_W2 | | | 60 | 64 | 4944 |
| LMS_SHA256_H20_W4 | | | 60 | 64 | 2832 |
| LMS_SHA256_H20_W8 | | | 60 | 64 | 1776 |
| LMS_SHA256_H25_W1 | | | 60 | 64 | 9328 |
| LMS_SHA256_H25_W2 | | | 60 | 64 | 5104 |
| LMS_SHA256_H25_W4 | | | 60 | 64 | 2992 |
| LMS_SHA256_H25_W8 | | | 60 | 64 | 1936 |
| LMS_SHA256_H5_W8_H5_W8 | | | 60 | 64 | 2644 |
| LMS_SHA256_H10_W4_H5_W8 | | | 60 | 64 | 2804 |
| LMS_SHA256_H10_W8_H5_W8 | | | 60 | 64 | 3860 |
| LMS_SHA256_H10_W2_H10_W2 | | | 60 | 64 | 9300 |
| LMS_SHA256_H10_W4_H10_W4 | | | 60 | 64 | 5076 |
| LMS_SHA256_H10_W8_H10_W8 | | | 60 | 64 | 2964 |
| LMS_SHA256_H15_W8_H5_W8 | | | 60 | 64 | 2964 |
| LMS_SHA256_H15_W8_H10_W8 | | | 60 | 64 | 3124 |
| LMS_SHA256_H15_W8_H15_W8 | | | 60 | 64 | 3284 |
| LMS_SHA256_H20_W8_H5_W8 | | | 60 | 64 | 3124 |
| LMS_SHA256_H20_W8_H10_W8 | | | 60 | 64 | 3284 |
| LMS_SHA256_H20_W8_H15_W8 | | | 60 | 64 | 3444 |
| LMS_SHA256_H20_W8_H20_W8 | | | 60 | 64 | 3604 |

View File

@ -0,0 +1,216 @@
name: LMS
type: stateful signature
principal-submitters:
- Scott Fluhrer
auxiliary-submitters:
- C Martin
- Maurice Hieronymus
crypto-assumption: hash-based signatures
website: https://www.rfc-editor.org/info/rfc8554
nist-round:
spec-version:
spdx-license-identifier:
primary-upstream:
source: https://github.com/cisco/hash-sigs
spdx-license-identifier: MIT
upstream-ancestors:
parameter-sets:
- name: LMS_SHA256_H5_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 8688
- name: LMS_SHA256_H5_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4464
- name: LMS_SHA256_H5_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2352
- name: LMS_SHA256_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1296
- name: LMS_SHA256_H10_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 8848
- name: LMS_SHA256_H10_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4624
- name: LMS_SHA256_H10_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2512
- name: LMS_SHA256_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1456
- name: LMS_SHA256_H15_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9008
- name: LMS_SHA256_H15_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4784
- name: LMS_SHA256_H15_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2672
- name: LMS_SHA256_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1616
- name: LMS_SHA256_H20_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9168
- name: LMS_SHA256_H20_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4944
- name: LMS_SHA256_H20_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2832
- name: LMS_SHA256_H20_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1776
- name: LMS_SHA256_H25_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9328
- name: LMS_SHA256_H25_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 5104
- name: LMS_SHA256_H25_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2992
- name: LMS_SHA256_H25_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1936
- name: LMS_SHA256_H5_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2644
- name: LMS_SHA256_H10_W4_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2804
- name: LMS_SHA256_H10_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3860
- name: LMS_SHA256_H10_W2_H10_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9300
- name: LMS_SHA256_H10_W4_H10_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 5076
- name: LMS_SHA256_H10_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2964
- name: LMS_SHA256_H15_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2964
- name: LMS_SHA256_H15_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3124
- name: LMS_SHA256_H15_W8_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3284
- name: LMS_SHA256_H20_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3124
- name: LMS_SHA256_H20_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3284
- name: LMS_SHA256_H20_W8_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3444
- name: LMS_SHA256_H20_W8_H20_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3604

View File

@ -0,0 +1,29 @@
# **Stateful Hash Based Signatures**
The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built.
NIST recommendation is that they are suitable for near term use to mitigate against attacks mounted by quantum computers.
While not a general purpose solution, they are useful means to authenticate boot or firmware images.
<ins>**General**</ins>
This package provides full support for a variety of variants for XMSS and LMS.
Key generation, signature generation, and signature verification.
Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
Multiple signing with same key can reveal that key to an attacker.
Because of this, NIST recommends that key and signature generation be done in hardware security modules.
Having said that, this library is fully functional for research purposes. Secret keys are incremented after each sign operation.
However, secure storage and lifecycle management of the secret keys are left to applications using this feature.
Secret key storage is easily done by supplying a callback function to the library. This callback is invoked to store the secret key.
<ins>**Key State Management**</ins>
Application writers have to supply callback functions to store and update secret keys.
After a sign operation the secret key index is advanced and stored. This ensures one-time use of the key.
Signing operations will fail without this callback set because the private key cannot be advanced (to prevent reuse).
Stateful keys can generate a finite number of signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated.
When the counter is down to 0, signature generation fails. Applications can query the remaining count via an API.

View File

@ -0,0 +1,53 @@
# XMSS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash-based signatures.
- **Principal submitters**: Joost Rijneveld, A. Huelsing, David Cooper, Bas Westerbaan.
- **Authors' website**: https://www.rfc-editor.org/info/rfc8391
- **Specification version**: None.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/XMSS/xmss-reference
- **Implementation license (SPDX-Identifier)**: (Apache-2.0 OR MIT) AND CC0-1.0
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:----------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
| XMSS-SHA2_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHA2_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHA2_20_256 | | | 64 | 2573 | 2820 |
| XMSS-SHAKE_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHAKE_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHAKE_20_256 | | | 64 | 2573 | 2820 |
| XMSS-SHA2_10_512 | | | 128 | 2653 | 9092 |
| XMSS-SHA2_16_512 | | | 128 | 4045 | 9476 |
| XMSS-SHA2_20_512 | | | 128 | 2653 | 9732 |
| XMSS-SHAKE_10_512 | | | 128 | 2653 | 9092 |
| XMSS-SHAKE_16_512 | | | 128 | 4045 | 9476 |
| XMSS-SHAKE_20_512 | | | 128 | 4973 | 9732 |
| XMSS-SHA2_10_192 | | | 48 | 1053 | 1492 |
| XMSS-SHA2_16_192 | | | 48 | 1605 | 1636 |
| XMSS-SHA2_20_192 | | | 48 | 1973 | 1732 |
| XMSS-SHAKE256_10_192 | | | 48 | 1053 | 1492 |
| XMSS-SHAKE256_16_192 | | | 48 | 1605 | 1636 |
| XMSS-SHAKE256_20_192 | | | 48 | 1973 | 1732 |
| XMSS-SHAKE256_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHAKE256_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHAKE256_20_256 | | | 64 | 2573 | 2820 |
| XMSSMT-SHA2_20/2_256 | | | 64 | 5998 | 4963 |
| XMSSMT-SHA2_20/4_256 | | | 64 | 10938 | 9251 |
| XMSSMT-SHA2_40/2_256 | | | 64 | 9600 | 5605 |
| XMSSMT-SHA2_40/4_256 | | | 64 | 15252 | 9893 |
| XMSSMT-SHA2_40/8_256 | | | 64 | 24516 | 18469 |
| XMSSMT-SHA2_60/3_256 | | | 64 | 16629 | 8392 |
| XMSSMT-SHA2_60/6_256 | | | 64 | 24507 | 14824 |
| XMSSMT-SHA2_60/12_256 | | | 64 | 38095 | 27688 |
| XMSSMT-SHAKE_20/2_256 | | | 64 | 5998 | 4963 |
| XMSSMT-SHAKE_20/4_256 | | | 64 | 10938 | 9251 |
| XMSSMT-SHAKE_40/2_256 | | | 64 | 9600 | 5605 |
| XMSSMT-SHAKE_40/4_256 | | | 64 | 15252 | 9893 |
| XMSSMT-SHAKE_40/8_256 | | | 64 | 24516 | 18469 |
| XMSSMT-SHAKE_60/3_256 | | | 64 | 24516 | 8392 |
| XMSSMT-SHAKE_60/6_256 | | | 64 | 24507 | 14824 |
| XMSSMT-SHAKE_60/12_256 | | | 64 | 38095 | 27688 |

View File

@ -0,0 +1,241 @@
name: XMSS
type: stateful signature
principal-submitters:
- Joost Rijneveld
- A. Huelsing
- David Cooper
- Bas Westerbaan
auxiliary-submitters:
crypto-assumption: hash-based signatures
website: https://www.rfc-editor.org/info/rfc8391
nist-round:
spec-version:
spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
primary-upstream:
source: https://github.com/XMSS/xmss-reference
spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
upstream-ancestors:
parameter-sets:
- name: XMSS-SHA2_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHA2_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHA2_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSS-SHAKE_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHAKE_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHAKE_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSS-SHA2_10_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9092
- name: XMSS-SHA2_16_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4045
length-signature: 9476
- name: XMSS-SHA2_20_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9732
- name: XMSS-SHAKE_10_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9092
- name: XMSS-SHAKE_16_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4045
length-signature: 9476
- name: XMSS-SHAKE_20_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4973
length-signature: 9732
- name: XMSS-SHA2_10_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1053
length-signature: 1492
- name: XMSS-SHA2_16_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1605
length-signature: 1636
- name: XMSS-SHA2_20_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1973
length-signature: 1732
- name: XMSS-SHAKE256_10_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1053
length-signature: 1492
- name: XMSS-SHAKE256_16_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1605
length-signature: 1636
- name: XMSS-SHAKE256_20_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1973
length-signature: 1732
- name: XMSS-SHAKE256_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHAKE256_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHAKE256_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSSMT-SHA2_20/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 5998
length-signature: 4963
- name: XMSSMT-SHA2_20/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 10938
length-signature: 9251
- name: XMSSMT-SHA2_40/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 9600
length-signature: 5605
- name: XMSSMT-SHA2_40/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 15252
length-signature: 9893
- name: XMSSMT-SHA2_40/8_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 18469
- name: XMSSMT-SHA2_60/3_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 16629
length-signature: 8392
- name: XMSSMT-SHA2_60/6_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24507
length-signature: 14824
- name: XMSSMT-SHA2_60/12_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 38095
length-signature: 27688
- name: XMSSMT-SHAKE_20/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 5998
length-signature: 4963
- name: XMSSMT-SHAKE_20/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 10938
length-signature: 9251
- name: XMSSMT-SHAKE_40/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 9600
length-signature: 5605
- name: XMSSMT-SHAKE_40/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 15252
length-signature: 9893
- name: XMSSMT-SHAKE_40/8_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 18469
- name: XMSSMT-SHAKE_60/3_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 8392
- name: XMSSMT-SHAKE_60/6_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24507
length-signature: 14824
- name: XMSSMT-SHAKE_60/12_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 38095
length-signature: 27688

6364
docs/cbom.json Normal file

File diff suppressed because it is too large Load Diff

61
flake.lock generated Normal file
View File

@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

Some files were not shown because too many files have changed in this diff Show More