sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-06-23 00:01:22 -04:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: sharpetronics:main
Branches Tags
sharpetronics:main
sharpetronics:gh-pages
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:ds-benchmark-comments
sharpetronics:sw-ct-optimized
sharpetronics:ds-skip-failing-ci
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04
..
compare: sharpetronics:0.10.1-rc1
Branches Tags
sharpetronics:gh-pages
sharpetronics:main
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:ds-benchmark-comments
sharpetronics:sw-ct-optimized
sharpetronics:ds-skip-failing-ci
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04

8 Commits
main ... 0.10.1-rc1

Author SHA1 Message Date
Spencer Wilson
2939d32779 Update version numbers and release docs 
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
 2024-06-05 11:58:42 -04:00
Nigel Jones
1c452ac62d ensure no autoupdate 
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
 2024-06-05 10:54:22 -04:00
Nigel Jones
a6aa84a70f Force gcc 13.2.0 over 13.3.0 
Signed-off-by: Nigel Jones <jonesn@uk.ibm.com>
 2024-06-05 10:52:34 -04:00
Basil Hess
fbfac75458 Pull Kyber/ML-KEM CT-Fix from upstream 
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
 2024-06-05 10:51:19 -04:00
Basil Hess
332c7b87ff Fix for incorrect macros in signatures. (#1799) 
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
 2024-06-05 10:51:09 -04:00
Pravek Sharma
233c205795 Fix README.md to work with Doxygen release 1.10.0 (#1775) 
* fix link in README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* simplify linux and mac link in README.md

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update Doxyfile

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

* update CI to use /scripts/run_doxygen.sh

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>

---------

Signed-off-by: Pravek Sharma <sharmapravek@gmail.com>
 2024-06-05 10:50:56 -04:00
Vlad Gheorghiu
962fd40c30 Update README.md (#1769) 
fixed typo in link

Signed-off-by: Vlad Gheorghiu <vsoftco@gmail.com>
 2024-06-05 10:50:47 -04:00
Michael Baentsch
dba0f8e506 switching to dev mode again (#1743) 
* switching to dev mode again

* activating backwards compatible pip3 mode

Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
 2024-06-05 10:50:23 -04:00
4439 changed files with 51790 additions and 789734 deletions
Show Stats Expand all files Collapse all files

668
.CMake/alg_support.cmake
View File

@ -31,7 +31,6 @@ function(filter_algs alglist)
string(REPLACE "_aesni" "" _var_base ${_var})
string(REPLACE "_avx2" "" _var_base ${_var_base})
string(REPLACE "_avx" "" _var_base ${_var_base})
string(REPLACE "_x86_64" "" _var_base ${_var_base})
string(REPLACE "_aarch64" "" _var_base ${_var_base})
foreach (_alg ${ARGV0})
if(${_var}_AVAILABLE)
@ -70,21 +69,12 @@ cmake_dependent_option(OQS_USE_SHA3_OPENSSL "" OFF "OQS_USE_OPENSSL" OFF)
# sanity check: Disable OpenSSL if not a single OpenSSL component define is on
cmake_dependent_option(OQS_USE_OPENSSL "" ON "OQS_USE_AES_OPENSSL OR OQS_USE_SHA2_OPENSSL OR OQS_USE_SHA3_OPENSSL" OFF)
option(OQS_DLOPEN_OPENSSL "Enable OpenSSL through dlopen" OFF)
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
cmake_dependent_option(OQS_ENABLE_SHA3_xkcp_low_avx2 "" ON "NOT OQS_USE_SHA3_OPENSSL" OFF)
endif()
endif()
# SHA3 AVX512VL only supported on Linux x86_64
if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND (OQS_DIST_X86_64_BUILD OR OQS_USE_AVX512_INSTRUCTIONS))
cmake_dependent_option(OQS_USE_SHA3_AVX512VL "Enable SHA3 AVX512VL usage" ON "NOT OQS_USE_SHA3_OPENSSL" OFF)
else()
option(OQS_USE_SHA3_AVX512VL "Enable SHA3 AVX512VL usage" OFF)
endif()
# BIKE is not supported on Windows, 32-bit ARM, X86, S390X (big endian) and PPC64 (big endian)
cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
# BIKE doesn't work on any 32-bit platform
@ -124,7 +114,7 @@ cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_6960119f "" ON "OQS_ENABL
cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_8192128 "" ON "OQS_ENABLE_KEM_CLASSIC_MCELIECE" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_8192128f "" ON "OQS_ENABLE_KEM_CLASSIC_MCELIECE" OFF)
option(OQS_ENABLE_KEM_HQC "Enable hqc algorithm family" OFF)
option(OQS_ENABLE_KEM_HQC "Enable hqc algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_128 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_192 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_256 "" ON "OQS_ENABLE_KEM_HQC" OFF)
@ -135,8 +125,11 @@ cmake_dependent_option(OQS_ENABLE_KEM_kyber_768 "" ON "OQS_ENABLE_KEM_KYBER" OFF
cmake_dependent_option(OQS_ENABLE_KEM_kyber_1024 "" ON "OQS_ENABLE_KEM_KYBER" OFF)
option(OQS_ENABLE_KEM_ML_KEM "Enable ml_kem algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
option(OQS_ENABLE_SIG_DILITHIUM "Enable dilithium algorithm family" ON)
@ -145,8 +138,11 @@ cmake_dependent_option(OQS_ENABLE_SIG_dilithium_3 "" ON "OQS_ENABLE_SIG_DILITHIU
cmake_dependent_option(OQS_ENABLE_SIG_dilithium_5 "" ON "OQS_ENABLE_SIG_DILITHIUM" OFF)
option(OQS_ENABLE_SIG_ML_DSA "Enable ml_dsa algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF)
option(OQS_ENABLE_SIG_FALCON "Enable falcon algorithm family" ON)
@ -168,71 +164,8 @@ cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_192f_simple "" ON "OQS_ENABL
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_192s_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_256f_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_256s_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)
option(OQS_ENABLE_SIG_MAYO "Enable mayo algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_1 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_2 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_3 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
option(OQS_ENABLE_SIG_CROSS "Enable cross algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_balanced "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_fast "" ON "OQS_ENABLE_SIG_CROSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_small "" ON "OQS_ENABLE_SIG_CROSS" OFF)
option(OQS_ENABLE_SIG_UOV "Enable uov algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc_skc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc_skc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc_skc "" ON "OQS_ENABLE_SIG_UOV" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc_skc "" ON "OQS_ENABLE_SIG_UOV" OFF)
option(OQS_ENABLE_SIG_SNOVA "Enable snova algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_esk "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_esk "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_17_2 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_25_8_3 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_56_25_2 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_49_11_3 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_8_4 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_5 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_60_10_4 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_29_6_5 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_START
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
option(OQS_ENABLE_LIBJADE_KEM_KYBER "Enable libjade implementation of kyber algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_512 "" ON "OQS_ENABLE_LIBJADE_KEM_KYBER" OFF)
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_768 "" ON "OQS_ENABLE_LIBJADE_KEM_KYBER" OFF)
endif()
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_END
if((OQS_MINIMAL_BUILD STREQUAL "ON"))
message(FATAL_ERROR "OQS_MINIMAL_BUILD option ${OQS_MINIMAL_BUILD} no longer supported")
endif()
@ -249,8 +182,6 @@ elseif (${OQS_ALGS_ENABLED} STREQUAL "STD")
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END
elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_R4")
filter_algs("KEM_classic_mceliece_348864;KEM_classic_mceliece_348864f;KEM_classic_mceliece_460896;KEM_classic_mceliece_460896f;KEM_classic_mceliece_6688128;KEM_classic_mceliece_6688128f;KEM_classic_mceliece_6960119;KEM_classic_mceliece_6960119f;KEM_classic_mceliece_8192128;KEM_classic_mceliece_8192128f;KEM_hqc_128;KEM_hqc_192;KEM_hqc_256;KEM_bike_l1;KEM_bike_l3;KEM_bike_l5")
elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_SIG_ONRAMP")
filter_algs("SIG_mayo_1;SIG_mayo_2;SIG_mayo_3;SIG_mayo_5;SIG_cross_rsdp_128_balanced;SIG_cross_rsdp_128_fast;SIG_cross_rsdp_128_small;SIG_cross_rsdp_192_balanced;SIG_cross_rsdp_192_fast;SIG_cross_rsdp_192_small;SIG_cross_rsdp_256_balanced;SIG_cross_rsdp_256_fast;SIG_cross_rsdp_256_small;SIG_cross_rsdpg_128_balanced;SIG_cross_rsdpg_128_fast;SIG_cross_rsdpg_128_small;SIG_cross_rsdpg_192_balanced;SIG_cross_rsdpg_192_fast;SIG_cross_rsdpg_192_small;SIG_cross_rsdpg_256_balanced;SIG_cross_rsdpg_256_fast;SIG_cross_rsdpg_256_small;SIG_uov_ov_Ip;SIG_uov_ov_Is;SIG_uov_ov_III;SIG_uov_ov_V;SIG_uov_ov_Ip_pkc;SIG_uov_ov_Is_pkc;SIG_uov_ov_III_pkc;SIG_uov_ov_V_pkc;SIG_uov_ov_Ip_pkc_skc;SIG_uov_ov_Is_pkc_skc;SIG_uov_ov_III_pkc_skc;SIG_uov_ov_V_pkc_skc;SNOVA_24_5_4;SNOVA_24_5_4_SHAKE;SNOVA_24_5_4_esk;SNOVA_24_5_4_SHAKE_esk;SNOVA_37_17_2;SNOVA_25_8_3;SNOVA_56_25_2;SNOVA_49_11_3;SNOVA_37_8_4;SNOVA_24_5_5;SNOVA_60_10_4;SNOVA_29_6_5")
else()
message(STATUS "Alg enablement unchanged")
endif()
@ -370,61 +301,22 @@ endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_USE_CUPQC)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_cuda "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_USE_CUPQC)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_cuda "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_USE_CUPQC)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_cuda "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()
@ -468,18 +360,21 @@ endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_44_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_44" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_65_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_65" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_87_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_87" OFF)
endif()
endif()
@ -598,535 +493,10 @@ if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_1_avx2 "" ON "OQS_ENABLE_SIG_mayo_1" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_1_neon "" ON "OQS_ENABLE_SIG_mayo_1" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_2_avx2 "" ON "OQS_ENABLE_SIG_mayo_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_2_neon "" ON "OQS_ENABLE_SIG_mayo_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_3_avx2 "" ON "OQS_ENABLE_SIG_mayo_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_3_neon "" ON "OQS_ENABLE_SIG_mayo_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5_avx2 "" ON "OQS_ENABLE_SIG_mayo_5" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5_neon "" ON "OQS_ENABLE_SIG_mayo_5" OFF)
endif()
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_128_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_128_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_128_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_128_small" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_192_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_192_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_192_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_192_small" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_256_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_256_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdp_256_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdp_256_small" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_128_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_128_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_128_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_128_small" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_192_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_192_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_192_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_192_small" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_balanced_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_256_balanced" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_fast_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_256_fast" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_cross_rsdpg_256_small_avx2 "" ON "OQS_ENABLE_SIG_cross_rsdpg_256_small" OFF)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_neon "" ON "OQS_ENABLE_SIG_uov_ov_Is" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Is" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_neon "" ON "OQS_ENABLE_SIG_uov_ov_Ip" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Ip" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_neon "" ON "OQS_ENABLE_SIG_uov_ov_III" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_III" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_neon "" ON "OQS_ENABLE_SIG_uov_ov_V" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_V" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc_neon "" ON "OQS_ENABLE_SIG_uov_ov_Is_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Is_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc_neon "" ON "OQS_ENABLE_SIG_uov_ov_Ip_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Ip_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc_neon "" ON "OQS_ENABLE_SIG_uov_ov_III_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_III_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc_neon "" ON "OQS_ENABLE_SIG_uov_ov_V_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_V_pkc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc_skc_neon "" ON "OQS_ENABLE_SIG_uov_ov_Is_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Is_pkc_skc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Is_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc_skc_neon "" ON "OQS_ENABLE_SIG_uov_ov_Ip_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_Ip_pkc_skc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_Ip_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc_skc_neon "" ON "OQS_ENABLE_SIG_uov_ov_III_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_III_pkc_skc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_III_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc_skc_neon "" ON "OQS_ENABLE_SIG_uov_ov_V_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_uov_ov_V_pkc_skc_avx2 "" ON "OQS_ENABLE_SIG_uov_ov_V_pkc_skc" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_esk_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_esk" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_esk_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_esk" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_esk_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_esk" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_esk_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_4_SHAKE_esk" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_17_2_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_37_17_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_17_2_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_37_17_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_25_8_3_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_25_8_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_25_8_3_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_25_8_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_56_25_2_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_56_25_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_56_25_2_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_56_25_2" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_49_11_3_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_49_11_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_49_11_3_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_49_11_3" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_8_4_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_37_8_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_8_4_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_37_8_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_5_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_5" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_5_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_24_5_5" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_60_10_4_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_60_10_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_60_10_4_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_60_10_4" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_29_6_5_avx2 "" ON "OQS_ENABLE_SIG_snova_SNOVA_29_6_5" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_29_6_5_neon "" ON "OQS_ENABLE_SIG_snova_SNOVA_29_6_5" OFF)
endif()
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_START
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_512_avx2 "" ON "OQS_ENABLE_LIBJADE_KEM_kyber_512" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_768_avx2 "" ON "OQS_ENABLE_LIBJADE_KEM_kyber_768" OFF)
endif()
endif()
endif()
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END
option(OQS_ENABLE_SIG_STFL_XMSS "Enable XMSS algorithm family" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h10 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h16 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h20 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake128_h10 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake128_h16 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake128_h20 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha512_h10 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha512_h16 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha512_h20 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h10 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h16 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h20 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h10_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h16_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h20_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h10_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h16_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h20_192 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h10_256 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h16_256 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_shake256_h20_256 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_2 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_4 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_4 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_8 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_6 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_12 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_2 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_4 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_4 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_8 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_6 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_12 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
option(OQS_ENABLE_SIG_STFL_LMS "Enable LMS algorithm family" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h5_w1 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h5_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h5_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w1 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w1 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w1 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h25_w1 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h25_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h25_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h25_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h5_w8_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w4_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w8_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w2_h10_w2 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w4_h10_w4 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h10_w8_h10_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w8_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w8_h10_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h15_w8_h15_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h5_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h10_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h15_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h20_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF)
option(OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN "Enable stateful key and signature generation for research and experimentation" OFF)
cmake_dependent_option(OQS_ALLOW_STFL_KEY_AND_SIG_GEN "" ON "OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN" OFF)
if (${OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN} AND ${OQS_ENABLE_SIG_STFL_XMSS})
set(OQS_ALLOW_XMSS_KEY_AND_SIG_GEN ON)
else()
set(OQS_ALLOW_XMSS_KEY_AND_SIG_GEN OFF)
endif()
if (${OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN} AND ${OQS_ENABLE_SIG_STFL_LMS})
set(OQS_ALLOW_LMS_KEY_AND_SIG_GEN ON)
else()
set(OQS_ALLOW_LMS_KEY_AND_SIG_GEN OFF)
endif()
if(OQS_ALLOW_STFL_KEY_AND_SIG_GEN STREQUAL "ON")
message(STATUS "Experimental stateful key and signature generation is enabled. Ensure secret keys are securely stored to prevent multiple simultaneous sign operations.")
endif()
# Set XKCP (Keccak) required for Sphincs and SNOVA AVX2 code even if OpenSSL3 SHA3 is used:
if (${OQS_ENABLE_SIG_SPHINCS} OR ${OQS_ENABLE_SIG_SNOVA} OR NOT ${OQS_USE_SHA3_OPENSSL})
# Set XKCP (Keccak) required for Sphincs AVX2 code even if OpenSSL3 SHA3 is used:
if (${OQS_ENABLE_SIG_SPHINCS} OR NOT ${OQS_USE_SHA3_OPENSSL})
set(OQS_ENABLE_SHA3_xkcp_low ON)
else()
set(OQS_ENABLE_SHA3_xkcp_low OFF)
@ -1137,4 +507,4 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
else()
set(OQS_ENABLE_SHA3_xkcp_low_avx2 OFF)
endif()
endif()
endif()

15
.CMake/compiler_opts.cmake
View File

@ -113,10 +113,6 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
if(${OQS_DEBUG_BUILD})
add_compile_options(-g3)
add_compile_options(-fno-omit-frame-pointer)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
if(USE_SANITIZER STREQUAL "Address")
add_compile_options(-fno-optimize-sibling-calls)
add_compile_options(-fsanitize-address-use-after-scope)
@ -179,10 +175,6 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
if(${OQS_DEBUG_BUILD})
add_compile_options (-Wstrict-overflow)
add_compile_options(-ggdb3)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
else()
add_compile_options(-O3)
add_compile_options(-fomit-frame-pointer)
@ -215,14 +207,11 @@ endif()
if(MINGW OR MSYS OR CYGWIN)
set(OQS_USE_PTHREADS OFF)
# Apply -Wno-maybe-uninitialized only for GCC
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wno-maybe-uninitialized)
endif()
add_compile_options(-Wno-maybe-uninitialized)
if(CMAKE_VERSION VERSION_GREATER_EQUAL "3.13.0")
add_link_options(-Wl,--stack,16777216)
else()
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,16777216")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,1677216")
endif()
endif()

353
.circleci/config.yml Normal file
View File

@ -0,0 +1,353 @@
version: 2.1
require_stylecheck: &require_stylecheck
requires:
- stylecheck
require_buildcheck: &require_buildcheck
requires:
- stylecheck
- buildcheck
require_testapproval: &require_testapproval
requires:
- stylecheck
- buildcheck
- testapproval
# CircleCI doesn't handle large file sets properly for local builds
# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
localCheckout: &localCheckout
run: |-
PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
mkdir -p ${PROJECT_PATH}
git config --global --add safe.directory /tmp/_circleci_local_build_repo
cd /tmp/_circleci_local_build_repo
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
jobs:
stylecheck:
description: Validate formatting of code and documentation
docker:
- image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Ensure code conventions are upheld
command: python3 -m pytest --verbose tests/test_code_conventions.py
- run:
name: Check that doxygen can parse the documentation
command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile build/docs
buildcheck:
description: Test that we can build a single KEM/Signature pair as part of a minimal build.
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
KEM_NAME:
description: "The KEM to build."
type: string
SIG_NAME:
description: "The signature scheme to build."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: |2
mkdir build && cd build && source ~/.bashrc && \
cmake .. --warn-uninitialized \
-GNinja << parameters.CMAKE_ARGS >> \
-DOQS_MINIMAL_BUILD="KEM_<< parameters.KEM_NAME >>;SIG_<< parameters.SIG_NAME >>" \
> config.log 2>&1 && \
cat config.log && \
cmake -LA .. && ! (grep "uninitialized variable" config.log)
- run:
name: Build
command: ninja
working_directory: build
linux_oqs:
description: A template for running liboqs tests on Linux Docker VMs
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
SKIP_ALGS:
description: "Algorithms not to test in test_constant_time."
type: string
default: ''
docker:
- image: << parameters.CONTAINER >>
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
- run:
name: Build
command: ninja
working_directory: build
- run:
name: Run tests
no_output_timeout: 1h
command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_speed.py --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
environment:
SKIP_ALGS: << parameters.SKIP_ALGS >>
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
scan_build:
description: Executing scan-build test
parameters:
CONTAINER:
description: "The docker container to use."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-15 cmake -GNinja ..
- run:
name: Build
command: scan-build-15 --status-bugs ninja
working_directory: build
arm_machine:
description: A template for running liboqs tests on ARM(presently only 64) machines
parameters:
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
machine:
image: default # analogous to ubuntu-latest on GH Actions
resource_class: arm.medium
steps:
- checkout
# It seems the machine doesn't contain all preprequisites, and we don't have permission to add them explicitly,
# so we can only run in a prepared ARM64 CI image
- run:
name: Build and run tests in docker
no_output_timeout: 1h
command: |2
docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \
-e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \
-v `pwd`:/root/project \
openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
-c 'cd /root/project && \
uname -a && \
mkdir build && cd build && source ~/.bashrc && \
cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \
cd .. && mkdir -p tmp && \
python3 -m pytest --verbose \
--ignore=tests/test_code_conventions.py \
--junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS'
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
trigger-downstream-ci:
docker:
- image: cimg/base:2020.01
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- run:
name: Trigger OQS-OpenSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-BoringSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-OpenSSH CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger oqs-provider CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-dotnet CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-java CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-python CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer $OQSBOT_GITHUB_ACTIONS" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
&& grep -q "204" curl_out
workflows:
version: 2.1
build:
when:
and:
- not:
equal: [ main, << pipeline.git.branch >> ]
- not:
matches: { pattern: "^ghactionsonly-.*", value: << pipeline.git.branch >> }
jobs:
- stylecheck
- buildcheck:
<<: *require_stylecheck
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
# Disabling testapproval as no jobs currently need it.
#- testapproval:
# <<: *require_buildcheck
# type: approval
# Disabling centos-8 and debian-buster.
# Re-enable if specific configurations (package versions etc) that need to be tested are identified.
#- linux_oqs:
# <<: *require_buildcheck
# name: centos-8
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-centos-8-amd64:latest
# CMAKE_ARGS: -DCMAKE_C_COMPILER=clang
#- linux_oqs:
# <<: *require_buildcheck
# name: debian-buster
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
- scan_build:
<<: *require_buildcheck
name: scan_build
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-shared-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --numprocesses=auto
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-clang15
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 -DOQS_OPT_TARGET=skylake
PYTEST_ARGS: --ignore=tests/test_kat_all.py
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-bionic-i386
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- arm_machine:
<<: *require_buildcheck
name: arm64
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_kat_all.py
commit-to-main:
when:
equal: [ main, << pipeline.git.branch >> ]
jobs:
- trigger-downstream-ci:
context: openquantumsafe

10
.dsci.yml Normal file
View File

@ -0,0 +1,10 @@
jobs:
- name: Building and minimal testing on M1
env:
PYTEST_ARGS: tests/test_code_conventions.py tests/test_kat.py
cmds:
- uname -a && mkdir build && cd build && cmake -GNinja .. && ninja && cd .. && python3 -m pytest --numprocesses=auto --verbose $PYTEST_ARGS ; rm -rf build
- name: Building and testing using gcc-11 on M1
cmds:
- uname -a && mkdir build && cd build && cmake -DCMAKE_C_COMPILER=gcc-11 -GNinja .. && ninja && ninja run_tests ; cd .. && rm -rf build

24
.github/CODEOWNERS vendored
View File

@ -1,24 +1,10 @@
# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
* @dstebila @baentsch
/.github/workflows @SWilson4
/docs/cbom.json @bhess
/scripts/copy_from_upstream @baentsch @bhess @alexrow @praveksharma
* @dstebila
/.circleci @baentsch
/scripts/copy_from_upstream @baentsch @bhess
/src/common @dstebila
/src/common/*/*arm* @Martyrshot
/src/common/libjade_shims @praveksharma
/src/kem/bike @brian-jarvis-aws
/src/kem/bike @crockeea
/src/kem/frodokem @dstebila
/src/kem/kyber @bhess
/src/kem/kyber/libjade* @praveksharma
/src/kem/ml_kem @bhess
/src/sig/cross @alexrow
/src/kem/kyber @jschanck @bhess
/src/sig/dilithium @bhess
/src/sig/mayo @bhess
/src/sig/ml_dsa @bhess
/src/sig_stfl/lms @ashman-p
/src/sig_stfl/xmss @cothan
/tests/ACVP_Vectors @bhess
/tests/PQC_Intermediate_Values @bhess
/tests/test_acvp_vectors.py @bhess
/tests/test_sig_stfl.c @ashman-p @cothan

7
.github/actionlint.yaml vendored
View File

@ -1,7 +0,0 @@
# Configuration variables in array of strings defined in your repository or organization
# From https://github.com/rhysd/actionlint/blob/v1.7.7/docs/config.md:
# "When an array is set, actionlint will check vars properties strictly. An empty array means no variable is allowed."
config-variables:
# - DEFAULT_RUNNER
# - JOB_NAME
# - ENVIRONMENT_STAGE

11
.github/workflows/android.yml vendored
View File

@ -1,9 +1,6 @@
name: android build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
on: [push, pull_request]
jobs:
@ -13,10 +10,8 @@ jobs:
fail-fast: false
matrix:
abi: [armeabi-v7a, arm64-v8a, x86, x86_64]
stfl_opt: [ON, OFF]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
uses: actions/checkout@v3
- name: Build project
run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }} -f "-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }}"
run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }}

12
.github/workflows/apple.yml vendored
View File

@ -1,9 +1,6 @@
name: apple build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
on: [push, pull_request]
jobs:
@ -13,13 +10,10 @@ jobs:
fail-fast: false
matrix:
platform: [OS64, TVOS]
stfl_opt: [OFF, ON]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
uses: actions/checkout@v3
- name: Generate project
run: |
cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} \
-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
run: cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} .
- name: Build project
run: cmake --build build

173
.github/workflows/basic.yml vendored
View File

@ -1,173 +0,0 @@
name: Basic checks
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
workflowcheck:
name: Check validity of GitHub workflows
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure GitHub actions are valid
run: actionlint -shellcheck "" # run *without* shellcheck
stylecheck:
name: Check code formatting
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
- name: Validate CBOM
run: scripts/validate_cbom.sh
upstreamcheck:
name: Check upstream code is properly integrated
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
git config --global user.name "ciuser" && \
git config --global user.email "ci@openquantumsafe.org" && \
git config --global --add safe.directory "$PWD" && \
echo "LIBOQS_DIR=$PWD" >> "$GITHUB_ENV"
- name: Verify copy_from_upstream state after copy
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d copy && \
git status --porcelain && \
test -z "$(git status --porcelain)"
- name: Verify copy_from_upstream state after libjade
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d libjade && \
git status --porcelain && \
test -z "$(git status --porcelain)"
buildcheck:
name: Check that code passes a basic build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
KEM_NAME: ml_kem_768
SIG_NAME: ml_dsa_65
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Build documentation
run: ninja gen_docs
working-directory: ${{ env.RANDOM_BUILD_DIR }}
cppcheck:
name: Check C++ linking with example program
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build liboqs
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Link with C++ program
run: |
g++ "$GITHUB_WORKSPACE"/cpp/sig_linking_test.cpp -g \
-I./include -L./lib -loqs -lcrypto -std=c++11 -o example_sig && \
./example_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
fuzzbuildcheck:
name: Check that code passes a basic fuzzing build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
CC: clang
CXX: clang++
CFLAGS: -fsanitize=fuzzer-no-link,address
LDFLAGS: -fsanitize=address
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_BUILD_FUZZ_TESTS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja fuzz_test_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Short fuzz check (30s)
run: ./tests/fuzz_test_sig -max_total_time=30
working-directory: ${{ env.RANDOM_BUILD_DIR }}
nixflakecheck:
name: Check that Nix flake has correct syntax and can build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72
- name: Check devShell
run: nix develop --command echo
- name: Check flake syntax
run: nix flake check --no-build # check for accurate syntax
- name: Check that the flake builds
run: nix build # check that the build runs

60
.github/workflows/code-coverage.yml vendored
View File

@ -1,60 +0,0 @@
name: Code coverage tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
coverage:
name: Run code coverage testing
strategy:
matrix:
# The 'id' value for each job should be added to the 'carry-forward' string in the 'finish' job.
include:
- id: x64-generic
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
- id: x64-distbuild
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
- id: arm64-distbuild
runner: ubuntu-24.04-arm
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
runs-on: ${{ matrix.runner }}
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
mkdir build && cd build && \
cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_COVERAGE=ON ${{ matrix.CMAKE_ARGS }} .. && \
cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: |
python3 -m pytest --verbose --numprocesses=auto \
tests/test_acvp_vectors.py \
tests/test_cmdline.py \
tests/test_kat.py
- name: Run lcov
run: lcov -d . -c -o lcov.info --exclude /usr/lib,/usr/include --ignore-errors unused
- name: Upload to coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
flag-name: ${{ matrix.id }}
parallel: true
finish:
needs: coverage
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Finish coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
parallel-finished: true
carry-forward: "x64-generic,x64-distbuild,arm64-distbuild"

38
.github/workflows/commit-to-main.yml vendored
View File

@ -1,38 +0,0 @@
name: Main branch tests
permissions:
contents: read
on:
push:
branches: ['main']
jobs:
platform-tests:
uses: ./.github/workflows/platforms.yml
code-coverage:
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write
basic-downstream:
uses: ./.github/workflows/downstream-basic.yml
secrets: inherit
call-kem-benchmarking:
uses: ./.github/workflows/kem-bench.yml
permissions:
contents: write
call-sig-benchmarking:
uses: ./.github/workflows/sig-bench.yml
permissions:
contents: write

107
.github/workflows/downstream-basic.yml vendored
View File

@ -1,107 +0,0 @@
name: Trigger basic downstream CI
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
trigger-downstream-ci:
runs-on: ubuntu-latest
steps:
- name: Trigger OQS-BoringSSL CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/boringssl/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger OQS-OpenSSH CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"ref":"OQS-v9"}' \
https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger oqs-provider CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- name: Trigger liboqs-cpp CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-cpp/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-go CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-go/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-python CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-java CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-java/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-rust CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-rust/dispatches | tee curl_out \
&& grep -q "204" curl_out

30
.github/workflows/downstream-release.yml vendored
View File

@ -1,30 +0,0 @@
name: Downstream release tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
# Trigger oqs-provider release tests.
# When triggered by a release (see release.yml), the liboqs release tag and the provider "<release tag>-tracker" branch are used.
# When triggered by a commit message (see filter.yml), the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
# If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.
jobs:
oqs-provider-release-test:
runs-on: ubuntu-latest
steps:
- name: Checkout release tests script
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4
with:
sparse-checkout: |
scripts/provider-test-trigger.sh
sparse-checkout-cone-mode: false
- name: Trigger oqs-provider release tests
run: |
CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
LIBOQS_REF="${{ github.ref_name }}" \
PROVIDER_REF="${{ github.ref_name }}-tracker" \
./scripts/provider-test-trigger.sh | tee curl_out \
&& grep -q "204" curl_out

74
.github/workflows/extended.yml vendored
View File

@ -1,74 +0,0 @@
name: Extended tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
constant-time-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
nistkat-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: generic-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST}}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}

121
.github/workflows/kem-bench.yml vendored
View File

@ -1,121 +0,0 @@
name: kem benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_kem binary only
- name: Build speed_kem binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_kem
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available KEMs to perform the benchmarking on
"BIKE-L1",
"BIKE-L3",
"BIKE-L5",
"Classic-McEliece-348864",
"Classic-McEliece-348864f",
"Classic-McEliece-460896",
"Classic-McEliece-460896f",
"Classic-McEliece-6688128",
"Classic-McEliece-6688128f",
"Classic-McEliece-6960119",
"Classic-McEliece-6960119f",
"Classic-McEliece-8192128",
"Classic-McEliece-8192128f",
"Kyber512",
"Kyber768",
"Kyber1024",
"ML-KEM-512",
"ML-KEM-768",
"ML-KEM-1024",
"sntrup761",
"FrodoKEM-640-AES",
"FrodoKEM-640-SHAKE",
"FrodoKEM-976-AES",
"FrodoKEM-976-SHAKE",
"FrodoKEM-1344-AES",
"FrodoKEM-1344-SHAKE"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_kem
# Run speed_kem tests for each algorithm
- name: Run speed_kem tests
run: |
cd build/tests
./speed_kem "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

311
.github/workflows/linux.yml vendored
View File

@ -1,311 +0,0 @@
name: Linux tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
linux:
strategy:
fail-fast: false
matrix:
include:
- name: arm64
runner: ubuntu-24.04-arm
container: openquantumsafe/ci-ubuntu-latest:latest
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
CMAKE_ARGS: -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON
- name: alpine
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-openssl-all
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: noble-nistr4-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-nistonramp-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-shared-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py
- name: noble-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py -k 'not (leaks and (Dilithium or ML-DSA))'
- name: jammy-std-openssl3
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: address-sanitizer
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: noble-no-sha3-avx512vl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
runs-on: ${{ matrix.runner }}
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Check the library artifacts
if: matrix.name == 'jammy-std-openssl3-dlopen'
run: |
nm -gu lib/liboqs.so | sed -n 's/^[[:space:]]*[Uw] \([^_].*\)/\1/p' > undefined-syms.txt &&
! (grep '^\(CRYPTO\|ERR\|EVP\|OPENSSL\|RAND\)_' undefined-syms.txt)
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }}
- name: Package .deb
if: matrix.name == 'jammy-std-openssl3'
run: cpack
working-directory: build
- name: Retain .deb file
if: matrix.name == 'jammy-std-openssl3'
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4
with:
name: liboqs-openssl3-shared-x64
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"'
working-directory: build
linux_arm_emulated:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: armhf
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: armhf-no-stfl-key-sig-gen
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
# no longer supporting armel
# - name: armel
# ARCH: armel
# CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install the emulation handlers
run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build in an x86_64 container
run: |
docker run --rm \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-amd64:latest /bin/bash \
-c "mkdir build && \
(cd build && \
cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \
-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \
cmake -LA -N .. && \
ninja)"
- name: Run the tests in an ${{ matrix.ARCH }} container
timeout-minutes: 60
run: |
docker run --rm -e SKIP_TESTS=style,mem_kem,mem_sig \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-${{ matrix.ARCH }}:latest /bin/bash \
-c "mkdir -p tmp && \
python3 -m pytest --verbose \
--numprocesses=auto \
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"
linux_cross_compile:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: windows-binaries
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake
- name: windows-dll
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
linux_openssl330-dev:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Retrieve OpenSSL330 from cache
id: cache-openssl330
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: .localopenssl330
key: ${{ runner.os }}-openssl330
- name: Checkout the OpenSSL v3.3.0 commit
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
repository: 'openssl/openssl'
ref: 'openssl-3.3.0-beta1'
path: openssl
- name: Prepare the OpenSSL build directory
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: mkdir .localopenssl330
working-directory: openssl
- name: Build openssl3 if not cached
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: |
./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs
working-directory: openssl
- name: Save OpenSSL
id: cache-openssl-save
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: |
.localopenssl330
key: ${{ runner.os }}-openssl330
- name: Configure
run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
scan_build:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja ..
- name: Build
run: scan-build --status-bugs ninja
working-directory: build
linux_x86_emulated:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: avx512-ml-kem_ml-dsa
SDE_ARCH: -skx
CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87"
PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py
env:
SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Setup Intel SDE
run: |
wget -O sde.tar.xz "$SDE_URL" && \
mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \
echo "$(pwd)/sde" >> $GITHUB_PATH
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: |
mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \
python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}

63
.github/workflows/macos.yml vendored
View File

@ -1,63 +0,0 @@
name: MacOS tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
macos:
strategy:
fail-fast: false
matrix:
os:
# macos-13 runs on x64; the others run on aarch64
- macos-13
- macos-14
- macos-15
CMAKE_ARGS:
- -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
- -DCMAKE_C_COMPILER=gcc-14
- -DOQS_USE_OPENSSL=OFF
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
libjade-build:
- -DOQS_LIBJADE_BUILD=OFF
# Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by
# libjade to minimise repeated tests
- -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
exclude:
# macos-14 and macos-15 run on aarch64, libjade targets x86
# Skip testing libjade on macos-14
- os: macos-14
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
- os: macos-15
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
# No point in testing stateful sigs with minimal libjade build
- libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
CMAKE_ARGS: -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
# Failing configuration on Github actions; see https://github.com/open-quantum-safe/liboqs/pull/2148
- os: macos-15
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-14
libjade-build: -DOQS_LIBJADE_BUILD=OFF
runs-on: ${{ matrix.os }}
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install dependencies
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py
timeout-minutes: 60

26
.github/workflows/platforms.yml vendored
View File

@ -1,26 +0,0 @@
name: Tests for all supported platforms
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
android-tests:
uses: ./.github/workflows/android.yml
ios-tests:
uses: ./.github/workflows/apple.yml
linux-tests:
uses: ./.github/workflows/linux.yml
macos-tests:
uses: ./.github/workflows/macos.yml
windows-tests:
uses: ./.github/workflows/windows.yml
zephyr-tests:
uses: ./.github/workflows/zephyr.yml

32
.github/workflows/pr.yml vendored
View File

@ -1,32 +0,0 @@
name: Pull request tests
permissions:
contents: read
on: pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
platform-tests:
needs: basic-checks
uses: ./.github/workflows/platforms.yml
code-coverage:
needs: basic-checks
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
needs: basic-checks
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write

33
.github/workflows/push.yml vendored
View File

@ -1,33 +0,0 @@
name: Push tests
permissions:
contents: read
on:
push:
branches-ignore: 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
full-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[full tests]' )
uses: ./.github/workflows/platforms.yml
extended-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[extended tests]' )
uses: ./.github/workflows/extended.yml
downstream-release-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[trigger downstream]' )
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

31
.github/workflows/release-test.yml vendored Normal file
View File

@ -0,0 +1,31 @@
name: Release tests
# Trigger oqs-provider release tests.
# Runs whenever a release is published, or when a commit message ends with "[trigger downstream]"
# When triggered by a release, the liboqs release tag and the provider "<release tag>-tracker" branch are used.
# When triggered by a commit message, the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
# If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.
on:
push:
release:
types: [published]
jobs:
oqs-provider-release-test:
if: github.event_name == 'release' || endsWith( github.event.head_commit.message, '[trigger downstream]' )
runs-on: ubuntu-latest
steps:
- name: Checkout release tests script
uses: actions/checkout@v4
with:
sparse-checkout: |
scripts/provider-test-trigger.sh
sparse-checkout-cone-mode: false
- name: Trigger oqs-provider release tests
run: |
CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
LIBOQS_REF="${{ github.ref_name }}" \
PROVIDER_REF="${{ github.ref_name }}-tracker" \
./scripts/provider-test-trigger.sh | tee curl_out \
&& grep -q "204" curl_out

17
.github/workflows/release.yml vendored
View File

@ -1,17 +0,0 @@
name: Release tests
permissions:
contents: read
on:
release:
types: [ published ]
jobs:
extended-tests:
uses: ./.github/workflows/extended.yml
downstream-release-tests:
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

8
.github/workflows/requirements.in vendored
View File

@ -1,8 +0,0 @@
colorama==0.4.6
execnet==2.1.1
iniconfig==2.0.0
packaging==24.0
pluggy==1.4.0
pytest==8.1.1
pytest-xdist==3.5.0
pyyaml==6.0.1

97
.github/workflows/requirements.txt vendored
View File

@ -1,97 +0,0 @@
#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --generate-hashes --output-file=requirements_new.txt requirements.txt
#
colorama==0.4.6 \
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
--hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
# via -r requirements.txt
execnet==2.1.1 \
--hash=sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc \
--hash=sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3
# via
# -r requirements.txt
# pytest-xdist
iniconfig==2.0.0 \
--hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
--hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
# via
# -r requirements.txt
# pytest
packaging==24.0 \
--hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
--hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
# via
# -r requirements.txt
# pytest
pluggy==1.4.0 \
--hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \
--hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be
# via
# -r requirements.txt
# pytest
pytest==8.1.1 \
--hash=sha256:2a8386cfc11fa9d2c50ee7b2a57e7d898ef90470a7a34c4b949ff59662bb78b7 \
--hash=sha256:ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044
# via
# -r requirements.txt
# pytest-xdist
pytest-xdist==3.5.0 \
--hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \
--hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24
# via -r requirements.txt
pyyaml==6.0.1 \
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
--hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
--hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
--hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
--hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
--hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
--hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
--hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
--hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
--hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
--hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
--hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
--hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
--hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
--hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
--hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
--hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
--hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
--hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
--hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
--hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
--hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
--hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
--hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
--hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
--hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
--hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
--hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
--hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
--hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \
--hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
--hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
--hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
--hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
--hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
--hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
--hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
--hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
--hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
--hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
--hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
--hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
--hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
--hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
--hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
--hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
--hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
--hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
# via -r requirements.txt

64
.github/workflows/scorecard.yml vendored
View File

@ -1,64 +0,0 @@
name: Scorecard supply-chain security
permissions: {}
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
workflow_call:
workflow_dispatch:
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # pin@v2.4.0
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v4
with:
name: SARIF file
path: results.sarif
retention-days: 28
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # pin@v3
with:
sarif_file: results.sarif

151
.github/workflows/sig-bench.yml vendored
View File

@ -1,151 +0,0 @@
name: sig benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_sig binary only
- name: Build speed_sig binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_sig
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-sig-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available signatures to perform the benchmarking on
"Dilithium2",
"Dilithium3",
"Dilithium5",
"ML-DSA-44",
"ML-DSA-65",
"ML-DSA-87",
"Falcon-512",
"Falcon-1024",
"Falcon-padded-512",
"Falcon-padded-1024",
"SPHINCS+-SHA2-128f-simple",
"SPHINCS+-SHA2-128s-simple",
"SPHINCS+-SHA2-192f-simple",
"SPHINCS+-SHA2-192s-simple",
"SPHINCS+-SHA2-256f-simple",
"SPHINCS+-SHA2-256s-simple",
"SPHINCS+-SHAKE-128f-simple",
"SPHINCS+-SHAKE-128s-simple",
"SPHINCS+-SHAKE-192f-simple",
"SPHINCS+-SHAKE-192s-simple",
"SPHINCS+-SHAKE-256f-simple",
"SPHINCS+-SHAKE-256s-simple",
"MAYO-1",
"MAYO-2",
"MAYO-3",
"MAYO-5",
"cross-rsdp-128-balanced",
"cross-rsdp-128-fast",
"cross-rsdp-128-small",
"cross-rsdp-192-balanced",
"cross-rsdp-192-fast",
"cross-rsdp-192-small",
"cross-rsdp-256-balanced",
"cross-rsdp-256-fast",
"cross-rsdp-256-small",
"cross-rsdpg-128-balanced",
"cross-rsdpg-128-fast",
"cross-rsdpg-128-small",
"cross-rsdpg-192-balanced",
"cross-rsdpg-192-fast",
"cross-rsdpg-192-small",
"cross-rsdpg-256-balanced",
"cross-rsdpg-256-fast",
"cross-rsdpg-256-small",
"OV-Is",
"OV-Ip",
"OV-III",
"OV-V",
"OV-Is-pkc",
"OV-Ip-pkc",
"OV-III-pkc",
"OV-V-pkc",
"OV-Is-pkc-skc",
"OV-Ip-pkc-skc",
"OV-III-pkc-skc",
"OV-V-pkc-skc"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-sig-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_sig
# Run speed_sig tests for each algorithm
- name: Run speed_sig tests
run: |
cd build/tests
./speed_sig "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

222
.github/workflows/unix.yml vendored Normal file
View File

@ -0,0 +1,222 @@
name: Linux and MacOS tests
on: [push, pull_request]
jobs:
stylecheck:
name: Check code formatting
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
- name: Validate CBOM
run: scripts/validate_cbom.sh
upstreamcheck:
name: Check upstream code is properly integrated
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Verify copy_from_upstream state
run: |
git config --global user.name "ciuser" && \
git config --global user.email "ci@openquantumsafe.org" && \
export LIBOQS_DIR=`pwd` && \
git config --global --add safe.directory $LIBOQS_DIR && \
cd scripts/copy_from_upstream && \
! pip3 install -r requirements.txt 2>&1 | grep ERROR && \
python3 copy_from_upstream.py copy && \
! git status | grep modified
buildcheck:
name: Check that code passes a basic build before starting heavier tests
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
needs: [stylecheck, upstreamcheck]
runs-on: ubuntu-latest
env:
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure
run: |
mkdir build && \
cd build && \
cmake .. --warn-uninitialized \
-GNinja \
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
> config.log 2>&1 && \
cat config.log && \
cmake -LA .. && \
! (grep "uninitialized variable" config.log)
- name: Build code
run: ninja
working-directory: build
- name: Build documentation
run: ninja gen_docs
working-directory: build
linux_intel:
needs: buildcheck
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: alpine
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-openssl-all
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-noopenssl
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: focal-nistr4-openssl
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: address-sanitizer
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --numprocesses=auto --maxprocesses=10
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}
- name: Package .deb
if: ${{ matrix.name }} == 'jammy-std-openssl3'
run: cpack
working-directory: build
- name: Retain .deb file
if: ${{ matrix.name }} == 'jammy-std-openssl3'
uses: actions/upload-artifact@v3
with:
name: liboqs-openssl3-shared-x64
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512-ipd:\n isnull: true"'
working-directory: build
linux_arm_emulated:
needs: buildcheck
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: armhf
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
# no longer supporting armel
# - name: armel
# ARCH: armel
# CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install the emulation handlers
run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build in an x86_64 container
run: |
docker run --rm \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-amd64:latest /bin/bash \
-c "mkdir build && \
(cd build && \
cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \
-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \
cmake -LA .. && \
ninja)"
- name: Run the tests in an ${{ matrix.ARCH }} container
timeout-minutes: 60
run: |
docker run --rm -e SKIP_TESTS=style,mem_kem,mem_sig \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-${{ matrix.ARCH }}:latest /bin/bash \
-c "mkdir -p tmp && \
python3 -m pytest --verbose \
--numprocesses=auto \
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"
linux_cross_compile:
needs: buildcheck
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
strategy:
fail-fast: false
matrix:
include:
- name: windows-binaries
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake
- name: windows-dll
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
macos:
needs: buildcheck
strategy:
fail-fast: false
matrix:
os: # macos-14 runs on aarch64; the others run on x64
- macos-12
- macos-13
- macos-14
CMAKE_ARGS:
- -DCMAKE_C_COMPILER=gcc-13
- -DOQS_USE_OPENSSL=OFF
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --break-system-packages pytest pytest-xdist pyyaml
- name: Patch GCC
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew uninstall --ignore-dependencies gcc@13 && wget https://raw.githubusercontent.com/Homebrew/homebrew-core/eb6dd225d093b66054e18e07d56509cf670793b1/Formula/g/gcc%4013.rb && env HOMEBREW_NO_AUTO_UPDATE=1 brew install --ignore-dependencies gcc@13.rb
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py ${{ matrix.PYTEST_ARGS }}
timeout-minutes: 60

73
.github/workflows/weekly.yml vendored
View File

@ -1,22 +1,65 @@
name: Weekly tests
permissions:
contents: read
name: Weekly extended tests
on:
schedule:
- cron: "5 0 * * 0"
- cron: "5 0 * * 0"
jobs:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
scorecard:
uses: ./.github/workflows/scorecard.yml
secrets: inherit
permissions:
id-token: write
security-events: write
constant-time-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,Classic-McEliece-[^3](.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,Classic-McEliece-[^3](.)*'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
extended-tests:
uses: ./.github/workflows/extended.yml
nistkat-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}

29
.github/workflows/windows.yml vendored
View File

@ -1,45 +1,32 @@
name: Windows tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
on: [push, pull_request]
jobs:
windows-arm64:
strategy:
matrix:
runner: [windows-2022, windows-2025]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
runs-on: windows-2022
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- uses: actions/checkout@v3
- name: Generate Project
run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake .
- name: Build Project
run: cmake --build build
windows-x86:
runs-on: windows-2022
strategy:
fail-fast: false
matrix:
runner: [windows-2022, windows-2025]
toolchain: [.CMake/toolchain_windows_x86.cmake, .CMake/toolchain_windows_amd64.cmake]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- uses: actions/checkout@v3
- name: Generate Project
run: cmake -B build --toolchain ${{ matrix.toolchain }} -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
run: cmake -B build --toolchain ${{ matrix.toolchain }} .
- name: Build Project
run: cmake --build build
- name: Test dependencies
run: pip.exe install --require-hashes -r .github\workflows\requirements.txt
run: pip.exe install pytest pytest-xdist pyyaml
- name: Run tests
run: |
python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py --junitxml=build\test-results\pytest\test-results.xml

9
.github/workflows/zephyr.yml vendored
View File

@ -1,15 +1,12 @@
name: Zephyr tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
on: [push, pull_request]
jobs:
zephyr_test:
runs-on: ubuntu-22.04
container: ghcr.io/zephyrproject-rtos/ci:v0.27.4
container: ghcr.io/zephyrproject-rtos/ci:latest
env:
CMAKE_PREFIX_PATH: /opt/toolchains
strategy:
@ -17,7 +14,7 @@ jobs:
matrix:
config:
- zephyr-ref: v3.4.0
- zephyr-ref: v3.7.0
- zephyr-ref: v3.5.0
steps:
- name: Init Zephyr workspace

4
.gitignore vendored
View File

@ -35,8 +35,4 @@ __pycache__
.pytest_cache
.cache
.CMake/a.out
compile_commands.json
# Generated by Nix flake
result/

4
.travis.yml
View File

@ -9,7 +9,7 @@ jobs:
compiler: gcc
if: NOT branch =~ /^ghactionsonly-/
script:
- mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
- mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
- cd build & ninja run_tests
- arch: s390x
os: linux
@ -17,5 +17,5 @@ jobs:
compiler: gcc
if: NOT branch =~ /^ghactionsonly-/
script:
- mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
- mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
- cd build & ninja run_tests

111
CI.md
View File

@ -1,111 +0,0 @@
# Continuous Integration (CI)
This document aims to provide a accessible yet comprehensive overview of the liboqs CI setup.
## GitHub Actions
liboqs relies on GitHub Actions for almost all of its CI and makes extensive use of [reusable workflows](https://docs.github.com/en/actions/sharing-automations/reusing-workflows).
All workflow files are located in the `.github/workflows` subdirectory.
### Caller workflows
These workflows are triggered by GitHub events (for example, a pull request or a release).
They implement the logic dictating which tests should run on which events.
#### <a name="push.yml"></a> Push workflow (`push.yml`)
This workflow is triggered by pushes to non-`main` branches.
It calls only [basic checks](#basic.yml) unless one of the following strings is included in the commit message:
- "[full tests]": calls [all platform tests](#platforms.yml).
- "[extended tests]": calls the [extended tests](#extended.yml).
- "[trigger downstream]": calls the [downstream release tests](#downstream-release.yml).
To trigger multiple test suites, include multiple trigger strings in the commit message.
For example, "[full tests] [trigger downstream]" will trigger both the platform tests and the downstream release tests.
#### <a name="pr.yml"></a> Pull request workflow (`pr.yml`)
This workflow runs on pull requests.
It calls [basic checks](#basic.yml), [code coverage tests](#code-coverage.yml), [platform tests](#platforms.yml) and [scorecard analysis](#scorecard.yml).
#### <a name="commit-to-main.yml"></a> Commit-to-main workflow (`commit-to-main.yml`)
This workflow runs on pushes to the `main` branch (typically done automatically when a pull request is merged).
It calls [platform tests](#platforms.yml), [code coverage tests](#code-coverage.yml), [scorecard analysis](#scorecard.yml), and [basic downstream tests](#downstream-basic.yml).
#### <a name="weekly.yml"></a> Weekly workflow (`weekly.yml`)
This workflow is triggered by a weekly schedule.
It calls [extended tests](#extended.yml) and [scorecard analysis](#scorecard.yml).
#### <a name="release.yml"></a> Release workflow (`release.yml`)
This workflow is triggered when a release (including a pre-release) is published on GitHub.
It calls [extended tests](#extended) and [downstream release tests](#downstream-release.yml).
### Callable workflows
These workflows are not triggered directly by any GitHub event.
They are instead called by one of the [caller workflows](#caller-workflows).
Users with "write" permissions can also trigger them manually via the GitHub web UI or REST API.
#### <a name="basic.yml"></a> Basic checks (`basic.yml`)
This workflow runs a minimal set of tests that should pass before heavier tests are triggered.
#### <a name="code-coverage.yml"></a> Code coverage tests (`code-coverage.yml`)
This workflow runs code coverage tests and uploads the results to [Coveralls.io](https://coveralls.io/github/open-quantum-safe/liboqs).
#### <a name="<platform>.yml"></a> Individual platform tests (`<platform>.yml`)
These workflows contain tests for the individual [platforms supported by liboqs](PLATFORMS.md).
Currently, these include
- `android.yml`,
- `apple.yml`,
- `macos.yml`,
- `linux.yml`,
- `windows.yml`, and
- `zephyr.yml`.
All of these these are wrapped by [`platforms.yml`](#platforms.yml).
#### <a name="platforms.yml"></a> All platform tests (`platforms.yml`)
This workflow calls all of the [platform-specific tests](#<platform>.yml).
#### <a name="extended.yml"></a> Extended tests (`extended.yml`)
This workflow calls tests which are either resource intensive or rarely need to be triggered.
Currently, this includes constant-time testing with valgrind and the full suite of NIST Known Answer Tests.
#### <a name="downstream-basic.yml"></a> Basic downstream trigger (`downstream-basic.yml`)
This workflow triggers basic CI for a selection of projects that depend on `liboqs`.
Currently, these include
- [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider)
- [`OQS-BoringSSL`](https://github.com/open-quantum-safe/boringssl)
- [`OQS-OpenSSH`](https://github.com/open-quantum-safe/openssh)
- [`OQS Demos`](https://github.com/open-quantum-safe/oqs-demos)
- [`liboqs-cpp`](https://github.com/open-quantum-safe/liboqs-cpp)
- [`liboqs-go`](https://github.com/open-quantum-safe/liboqs-go)
- [`liboqs-python`](https://github.com/open-quantum-safe/liboqs-python)
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="downstream-release.yml"></a> Downstream release trigger (`downstream-release.yml`)
This workflow triggers release tests for a selection of projects that depend on `liboqs`.
Currently, this is only the [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider).
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="scorecard.yml"></a> OpenSSF scorecard analysis (`scorecard.yml`)
This workflow runs the [OpenSSF scorecard](https://github.com/ossf/scorecard) tool.
It is additionally triggered automatically when branch protection rules are changed.
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
## Travis CI
In the past, we used Travis CI to test on [some IBM platforms](PLATFORMS.md#tier-3-1) that are not supported by GitHub Actions.
Our Travis builds are currently disabled pending resolution of [issue #1888](https://github.com/open-quantum-safe/liboqs/issues/1888).

105
CMakeLists.txt
View File

@ -23,17 +23,9 @@ project(liboqs C ASM)
option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." ON)
option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF)
set(OQS_MINIMAL_BUILD "" CACHE STRING "Only build specifically listed algorithms.")
option(OQS_LIBJADE_BUILD "Enable formally verified implementation of supported algorithms from libjade." OFF)
option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsupported architecture." OFF)
option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
option(OQS_EMBEDDED_BUILD "Compile liboqs for an Embedded environment without a full standard library." OFF)
option(OQS_USE_CUPQC "Utilize cuPQC as the backend for supported PQC algorithms." OFF)
# Libfuzzer isn't supported on gcc
if('${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
option(OQS_BUILD_FUZZ_TESTS "Build fuzz test suite" OFF)
endif()
set(OQS_OPT_TARGET auto CACHE STRING "The target microarchitecture for optimization.")
@ -41,25 +33,11 @@ set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_C_VISIBILITY_PRESET hidden)
set(OQS_VERSION_MAJOR 0)
set(OQS_VERSION_MINOR 13)
set(OQS_VERSION_PATCH 1)
set(OQS_VERSION_PRE_RELEASE "-dev")
set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
set(OQS_VERSION_TEXT "0.10.1-rc1")
set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
set(OQS_MINIMAL_GCC_VERSION "7.1.0")
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
# Determine the flags for fuzzing. Use OSS-Fuzz's configuration if available, otherwise fall back to defaults.
if(DEFINED ENV{LIB_FUZZING_ENGINE})
set(FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE})
set(FUZZING_COMPILE_FLAGS "")
set(FUZZING_LINK_FLAGS "${FUZZING_ENGINE}")
else()
set(FUZZING_COMPILE_FLAGS "-fsanitize=fuzzer,address")
set(FUZZING_LINK_FLAGS "-fsanitize=fuzzer,address")
endif()
# heuristic check to see whether we're running on a RaspberryPi
if(EXISTS "/opt/vc/include/bcm_host.h")
add_definitions( -DOQS_USE_RASPBERRY_PI )
@ -102,24 +80,6 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc|powerpc)")
message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
# CMake uses uname to derive CMAKE_SYSTEM_PROCESSOR value, so on Darwin
# the value is identical for ppc and ppc64. To have the right build arch
# in 64-bit case, we use CMAKE_OSX_ARCHITECTURES.
if(APPLE AND CMAKE_OSX_ARCHITECTURES STREQUAL "ppc64")
set(ARCH "ppc64")
set(ARCH_PPC64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
else()
set(ARCH "ppc")
set(ARCH_PPC ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC_BUILD ON)
endif()
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
set(ARCH "s390x")
set(ARCH_S390X ON)
@ -128,12 +88,6 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "riscv")
set(ARCH "riscv")
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "loongarch64")
set(ARCH "loongarch64")
set(ARCH_LOONGARCH64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_LOONGARCH64_BUILD ON)
endif()
elseif(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE)
message(WARNING "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR})
message(WARNING "Compilation on an unsupported processor should only be used for testing, as it may result an insecure configuration, for example due to variable-time instructions leaking secret information.")
@ -141,20 +95,6 @@ else()
message(FATAL_ERROR "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR} ". Override by setting OQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON")
endif()
if(${OQS_USE_CUPQC})
# CMAKE's CUDA language requires CMAKE 3.18
cmake_minimum_required (VERSION 3.18)
enable_language(CUDA)
if(NOT DEFINED CMAKE_CUDA_ARCHITECTURES)
set(CMAKE_CUDA_ARCHITECTURES 80 90)
endif()
find_package(cuPQC 0.2.0 REQUIRED)
endif()
if (NOT ((CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") AND (ARCH_X86_64 STREQUAL "ON")) AND (OQS_LIBJADE_BUILD STREQUAL "ON"))
message(FATAL_ERROR "Building liboqs with libjade implementations from libjade is only supported on Linux and Darwin on x86_64.")
endif()
# intentionally don't switch to variables to avoid --warn-uninitialized report
if(OQS_USE_CPU_EXTENSIONS)
message(FATAL_ERROR "OQS_USE_CPU_EXTENSIONS is deprecated")
@ -173,7 +113,7 @@ endif()
option(OQS_SPEED_USE_ARM_PMU "Use ARM Performance Monitor Unit during benchmarking" OFF)
if(WIN32 AND NOT (MINGW OR MSYS OR CYGWIN))
if(WIN32)
set(CMAKE_GENERATOR_CC cl)
endif()
@ -188,35 +128,18 @@ if(${OQS_USE_OPENSSL})
elseif(EXISTS "/opt/homebrew/opt/openssl@1.1")
set(OPENSSL_ROOT_DIR "/opt/homebrew/opt/openssl@1.1")
endif()
elseif(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Linux")
set(OPENSSL_ROOT_DIR "/usr")
endif()
endif()
find_package(OpenSSL 1.1.1 REQUIRED)
if(OQS_DLOPEN_OPENSSL)
find_program(OBJDUMP objdump)
if(NOT OBJDUMP)
message(FATAL_ERROR "objdump not found. Please install it from binutils.")
endif()
execute_process(
COMMAND ${OBJDUMP} -p ${OPENSSL_CRYPTO_LIBRARY}
COMMAND sed -n "s/[ ]\\{1,\\}SONAME[ ]\\{1,\\}//p"
OUTPUT_VARIABLE OQS_OPENSSL_CRYPTO_SONAME
OUTPUT_STRIP_TRAILING_WHITESPACE
COMMAND_ERROR_IS_FATAL ANY)
message(STATUS "OpenSSL dlopen SONAME: " ${OQS_OPENSSL_CRYPTO_SONAME})
endif()
endif()
set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h
${PROJECT_SOURCE_DIR}/src/common/aes/aes_ops.h
${PROJECT_SOURCE_DIR}/src/common/common.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4_ops.h
${PROJECT_SOURCE_DIR}/src/kem/kem.h
${PROJECT_SOURCE_DIR}/src/sig/sig.h
${PROJECT_SOURCE_DIR}/src/sig_stfl/sig_stfl.h)
${PROJECT_SOURCE_DIR}/src/sig/sig.h)
set(INTERNAL_HEADERS ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand_nist.h
@ -258,25 +181,7 @@ endif()
if(OQS_ENABLE_SIG_SPHINCS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
endif()
if(OQS_ENABLE_SIG_MAYO)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/mayo/sig_mayo.h)
endif()
if(OQS_ENABLE_SIG_CROSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/cross/sig_cross.h)
endif()
if(OQS_ENABLE_SIG_UOV)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/uov/sig_uov.h)
endif()
if(OQS_ENABLE_SIG_SNOVA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/snova/sig_snova.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
if(OQS_ENABLE_SIG_STFL_XMSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
endif()
if(OQS_ENABLE_SIG_STFL_LMS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/lms/sig_stfl_lms.h)
endif()
execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)

105
CONFIGURE.md
View File

@ -8,22 +8,17 @@ The following options can be passed to CMake before the build file generation pr
- [CMAKE_INSTALL_PREFIX](#CMAKE_INSTALL_PREFIX)
- [OQS_ALGS_ENABLED](#OQS_ALGS_ENABLED)
- [OQS_BUILD_ONLY_LIB](#OQS_BUILD_ONLY_LIB)
- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG)
- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG)
- [OQS_MINIMAL_BUILD](#OQS_MINIMAL_BUILD)
- [OQS_DIST_BUILD](#OQS_DIST_BUILD)
- [OQS_USE_CPUFEATURE_INSTRUCTIONS](#OQS_USE_CPUFEATURE_INSTRUCTIONS)
- [OQS_USE_CPUFEATURE_INSTRUCTIONS](OQS_USE_CPUFEATURE_INSTRUCTIONS)
- [OQS_USE_OPENSSL](#OQS_USE_OPENSSL)
- [OQS_USE_CUPQC](#OQS_USE_CUPQC)
- [OQS_OPT_TARGET](#OQS_OPT_TARGET)
- [OQS_SPEED_USE_ARM_PMU](#OQS_SPEED_USE_ARM_PMU)
- [USE_COVERAGE](#USE_COVERAGE)
- [USE_SANITIZER](#USE_SANITIZER)
- [OQS_ENABLE_TEST_CONSTANT_TIME](#OQS_ENABLE_TEST_CONSTANT_TIME)
- [OQS_STRICT_WARNINGS](#OQS_STRICT_WARNINGS)
- [OQS_EMBEDDED_BUILD](#OQS_EMBEDDED_BUILD)
- [OQS_LIBJADE_BUILD](#OQS_LIBJADE_BUILD)
- [OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG](#OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG)
- [OQS_BUILD_FUZZ_TESTS](#OQS_BUILD_FUZZ_TESTS)
## BUILD_SHARED_LIBS
@ -37,9 +32,7 @@ This means liboqs is built as a static library by default.
Can be set to the following values:
- `Debug`: This turns off all compiler optimizations and produces debugging information. **This value only has effect when the compiler is GCC or Clang**
- The [USE_COVERAGE](#USE_COVERAGE) option can also be specified to enable code coverage testing.
- When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer.
- `Debug`: This turns off all compiler optimizations and produces debugging information. When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer. **This value only has effect when the compiler is GCC or Clang**
- `Release`: This compiles code at the `O3` optimization level, and sets other compiler flags that reduce the size of the binary.
@ -49,25 +42,21 @@ Can be set to the following values:
See the [CMake documentation](https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html).
## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG
## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG
Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG` should be replaced with the specific algorithm name as demonstrated below.
Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated below.
This can be set to `ON` or `OFF`, and is `ON` by default. When `OFF`, `ALG` and its code are excluded from the build process. When `ON`, made available are additional options whereby individual variants of `ALG` can be excluded from the build process.
For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike_l1`, `OQS_ENABLE_KEM_bike_l3`, and `OQS_ENABLE_KEM_bike_l5` are made available (and are set to be `ON` by default).
To enable `XMSS` stateful signature, set `OQS_ENABLE_SIG_STFL_XMSS` to `ON`, the options `OQS_ENABLE_SIG_STFL_xmss_sha256_h10` and its variants are also set to be `ON` by default. Similarly, `LMS` stateful signature family can also be enabled by setting `OQS_ENABLE_SIG_STFL_LMS` to `ON`.
For a full list of such options and their default values, consult [.CMake/alg_support.cmake](https://github.com/open-quantum-safe/liboqs/blob/master/.CMake/alg_support.cmake).
**Default**: Unset.
## OQS_ALGS_ENABLED
A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "NIST_SIG_ONRAMP" selecting algorithms evaluated in the NIST PQC "onramp" standardization for additional signature schemes; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).
**Attention**: If you use any predefined value (`STD` or `NIST_R4` or `NIST_SIG_ONRAMP` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.
Selects algorithm set enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`, e.g., [oqs-openssl111](https://github.com/open-quantum-safe/openssl).
**Default**: `All`.
@ -79,9 +68,9 @@ Can be `ON` or `OFF`. When `ON`, only liboqs is built, and all the targets: `run
## OQS_MINIMAL_BUILD
If set, this defines a semicolon-delimited list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
If set, this defines a semicolon deliminated list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
The full list of identifiers that can be set is listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). The default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
The full list of identifiers that can set are listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). Default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
**Default**: Unset.
@ -101,13 +90,13 @@ When built for use on a single machine, the library will only include the best a
Note: `CPUFEATURE` in `OQS_USE_CPUFEATURE_INSTRUCTIONS` should be replaced with the specific CPU feature as noted below.
These can be set to `ON` or `OFF` and take effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
These can be set to `ON` or `OFF` and take an effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
**Default**: Options valid on the build machine.
## OQS_USE_OPENSSL
To save size and limit the amount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
In order to save size and limit the mount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
This can be set to `ON` or `OFF`. When `ON`, the additional options `OQS_USE_AES_OPENSSL`, `OQS_USE_SHA2_OPENSSL`, and `OQS_USE_SHA3_OPENSSL` are made available to control whether liboqs uses OpenSSL's AES, SHA-2, and SHA-3 implementations.
@ -116,48 +105,12 @@ By default,
- `OQS_USE_SHA2_OPENSSL` is `ON`
- `OQS_USE_SHA3_OPENSSL` is `OFF`.
These default choices have been made to optimize the default performance of all algorithms. Changing them implies performance penalties.
These default choices have been made in order to optimize the default performance of all algorithms. Changing them implies performance penalties.
When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The [OPENSSL_ROOT_DIR](https://cmake.org/cmake/help/latest/module/FindOpenSSL.html) option can be set to aid CMake in its search.
**Default**: `ON`.
### OQS_DLOPEN_OPENSSL
Dynamically load OpenSSL through `dlopen`. When using liboqs from other cryptographic libraries, hard dependency on OpenSSL is sometimes undesirable. If this option is `ON`, loading of OpenSSL will be deferred until any of the OpenSSL functions is used.
Only has an effect if the system supports `dlopen` and ELF binary format, such as Linux or BSD family.
### OQS_USE_CUPQC
Can be `ON` or `OFF`. When `ON`, use NVIDIA's cuPQC library where able (currently just ML-KEM). When this option is enabled, liboqs may not run correctly on machines that lack supported GPUs. To download cuPQC follow the instructions at (https://developer.nvidia.com/cupqc-download/). Detailed descriptions of the API, requirements, and installation guide are in the cuPQC documentation (https://docs.nvidia.com/cuda/cupqc/index.html). While the code shipped by liboqs required to use cuPQC is licensed under Apache 2.0 the cuPQC SDK comes with its own license agreement (https://docs.nvidia.com/cuda/cupqc/license.html).
**Default**: `OFF`
## Stateful Hash Based Signatures
XMSS and LMS are the two supported Hash-Based Signatures schemes.
`OQS_ENABLE_SIG_STFL_XMSS` and `OQS_ENABLE_SIG_STFL_LMS` control these algorithms, which are disabled by default.
A third variable, `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN`, also controls the ability to generate keys and signatures. This is also disabled by default.
Each of these variables can be set to `ON` or `OFF`.
When all three are `ON`, stateful signatures are fully functional and can generate key pairs, sign data, and verify signatures.
If `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF` signature verification is the only functional operation.
Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in order to best enforce the one-time use of secret keys.
Keys stored in a file system are extremely susceptible to simultaneous use.
When enabled in this library a warning message will be generated by the config process.
The name of the configuration variable has been chosen to make every user of this feature aware of its security risks.
The OQS team explicitly discourages enabling this variable and reserves the right to remove this feature in future releases if its use causes actual harm.
It remains present as long as it is responsibly used as per the stated warnings.
By default,
- `OQS_ENABLE_SIG_STFL_XMSS` is `OFF`
- `OQS_ENABLE_SIG_STFL_LMS` is `OFF`
- `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF`.
**Default**: `OFF`.
## OQS_OPT_TARGET
An optimization target. Only has an effect if the compiler is GCC or Clang and `OQS_DIST_BUILD=OFF`. Can take any valid input to the `-march` (on x86-64) or `-mcpu` (on ARM32v7 or ARM64v8) option for `CMAKE_C_COMPILER`. Can also be set to one of the following special values.
@ -170,21 +123,15 @@ An optimization target. Only has an effect if the compiler is GCC or Clang and `
Can be `ON` or `OFF`. When `ON`, the benchmarking script will try to use the ARMv8 Performance Monitoring Unit (PMU). This will make cycle counts on ARMv8 platforms significantly more accurate.
In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via the kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for Linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
Note that this option is not known to work on Apple M1 chips.
**Default**: `OFF`.
## USE_COVERAGE
This has an effect when the compiler is GCC or Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Can be `ON` or `OFF`. When `ON`, code coverage testing will be enabled.
**Default**: Unset.
## USE_SANITIZER
This has an effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
This has effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
- `Address`: This enables Clang's `AddressSanitizer`
- `Memory`: This enables Clang's `MemorySanitizer`
@ -199,13 +146,13 @@ This has an effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE
This is used in conjunction with `tests/test_constant_time.py` to use Valgrind to look for instances of secret-dependent control flow. liboqs must also be compiled with [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) set to `Debug`.
See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more usage information.
See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more information on usage.
**Default**: `OFF`.
## OQS_STRICT_WARNINGS
Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at the development time of this library.
Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at development time of this library.
**Default**: `OFF`.
@ -218,25 +165,3 @@ At the moment, this is **only** considered for random number generation, as both
**Attention**: When this option is enabled, you have to supply a custom callback for obtaining random numbers using the `OQS_randombytes_custom_algorithm()` API before accessing the cryptographic API. Otherwise, all key generation and signing operations will fail.
**Default**: `OFF`.
## OQS_LIBJADE_BUILD
Can be `ON` or `OFF`. When `ON` liboqs is built to use high assurance implementations of cryptographic algorithms from [Libjade](https://github.com/formosa-crypto/libjade). The cryptographic primitives in Libjade are written using [Jasmin](https://github.com/jasmin-lang/jasmin) and built using the Jasmin compiler. The Jasmin compiler is proven (in Coq) to preserve semantic correctness of a program, maintain secret-independence of control flow, and maintain secret independence of locations of memory access through compilation. Additionally, the Jasmin compiler guarantees thread safety because Jasmin doesn't support global variables.
At the moment, Libjade only provides Kyber512 and Kyber768 KEMs.
At the moment, libjade only supports Linux and Darwin based operating systems on x86_64 platforms.
**Default** `OFF`.
## OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG
Note: `ALG` in `OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated in OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG.
**Default**: `OFF` if OQS_LIBJADE_BUILD is `OFF` else unset.
## OQS_BUILD_FUZZ_TESTS
Can be `ON` or `OFF`. When `ON` liboqs the fuzz test-suite will be enabled. This option is only available if the c compiler is set to clang i.e. `-DCMAKE_C_COMPILER=clang`.
Note: It is strongly recommended that this configuration be enabled with `CFLAGS=-fsanitize=address,fuzzer-no-link LDFLAGS=-fsanitize=address`. While fuzzing will run without these flags, enabling this instrumentation will make fuzzing performance much faster and catch [potential memory related bugs](https://clang.llvm.org/docs/AddressSanitizer.html).
**Default** `OFF`.

63
CONTRIBUTING.md
View File

@ -5,14 +5,6 @@ the form of [a discussion](https://github.com/open-quantum-safe/liboqs/discussio
for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/liboqs/issues)
as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/liboqs/pulls).
## Baseline design goal
OQS is a collection of many different PQC algorithms, maintained by a small team of people who are not guaranteed to be versed in the intricate details of each algorithm.
Therefore, all contributions to the general logic of the project should be as independent of any single algorithm such as to ease long-term maintainability. If changes are contributed catering to the properties of a specific algorithm, it is expected that consideration is given at least how the other algorithms of the same type (KEM or SIG) should cater to the proposed changes, e.g., by way of a new, generally satisfiable API.
All contributions to a specific algorithm ideally come with the willingness to provide long-term support, or at least a contact person that can help the OQS team pinpoint potential problems with the algorithm.
## Review and Feedback
We aim to provide timely feedback to any input. If you are uncertain as to whether
@ -34,54 +26,38 @@ them before the final "Review" stage.
This project has adopted a slightly modified [Google code formatting style](https://astyle.sourceforge.net/astyle.html#_style=google) for the core components
of the library as documented in the [style template](.astylerc).
The `astyle` tool is used to check formatting in CI.
Due to variations in behaviour across version and platforms, it is possible to encounter CI failures even if code has been locally formatted with `astyle`.
To assist with this inconvenience, we provide a convenience script which runs `astyle` in the same Docker image that we use for the CI checks:
```bash
LIBOQS_DIR=<liboqs directory> ./scripts/format_code.sh
```
This script has been tested on x86\_64 Ubuntu and arm64 macOS. Contributions for other platforms are welcome and appreciated!
### Continuous Integration (CI)
To check adherence of any new code to this, it therefore is highly recommended to
run the following command in the project main directory prior to finishing a PR:
`liboqs` uses GitHub Actions for CI.
For a comprehensive overview of our CI setup, see [CI.md](CI.md).
find src tests -name '*.[ch]' | grep -v '/external/' | grep -v 'kem/.*/.*/.*' | grep -v 'sig/.*/.*/.*' | xargs astyle --dry-run --options=.astylerc | grep Format
#### Running CI on your branch
### Running CI locally
OQS attempts to be responsible with resource usage and only runs a minimal set of tests automatically on push.
A more thorough test suite runs automatically on pull requests.
To trigger these tests before creating a PR, include the string "[full tests]" in a commit message.
Other trigger strings are documented in [CI.md](CI.md#push.yml).
#### CircleCI
#### Running CI locally
If encountering CI errors in CircleCI, it may be helpful to execute the test jobs
locally to debug. This can be facilitated by executing the command
circleci local execute --job some-test-job
assuming "some-test-job" is the name of the test to be executed and the CircleCI
[command line tools have been installed](https://circleci.com/docs/local-cli).
#### Github CI
[Act](https://github.com/nektos/act) is a tool facilitating local execution of
GitHub CI jobs. When executed in the main `liboqs` directory,
github CI jobs. When executed in the main `oqsprovider` directory,
act -l Displays all GitHub CI jobs
act -l Displays all github CI jobs
act -j some-job Executes "some-job"
When installing `act` as a GitHub extension, prefix the commands with `gh `.
## Modifications to CI
Modifications to GitHub Actions workflows are checked with [actionlint](https://github.com/rhysd/actionlint) during the [basic.yml](.github/workflows/basic.yml) job, protecting the CI chain and against wrong approval decisions based on improper CI runs. Changes to these workflows can be validated locally with `actionlint`:
```bash
actionlint .github/workflows/*.yml
```
or running the CI locally (as above):
```bash
act workflow_call -W '.github/workflows/basic.yml'
```
When installing `act` as a github extension, prefix the commands with `gh `.
### New features
Any PR introducing a new feature is expected to contain a test of this feature
and this test should be part of the CI pipeline.
and this test should be part of the CI pipeline, preferably using Github CI.
## Failsafe
@ -92,3 +68,6 @@ add a tag to one or more of our [most active contributors](https://github.com/op
If you feel like contributing but don't know what specific topic to work on,
please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).

4
CONTRIBUTORS
View File

@ -34,9 +34,5 @@ Karolin Varner
Sebastian Verschoor (University of Waterloo)
Thom Wiggers (Radboud University)
Dindyal Jeevesh Rishi (University of Mauritius / cyberstorm.mu)
Duc Tri Nguyen
Marco Gianvecchio (Politecnico di Milano)
Alessandro Barenghi (Politecnico di Milano)
Gerardo Pelosi (Politecnico di Milano)
See additional contributors at https://github.com/open-quantum-safe/liboqs/graphs/contributors

18
GOVERNANCE.md
View File

@ -76,7 +76,7 @@ A Maintainer is not permitted to remove another Maintainer's GitHub privileges.
A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected.
Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetoes that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree.
Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree.
Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees.
@ -96,29 +96,21 @@ Votes are to be executed by way of open GitHub discussions. No quorum is needed
### Maintainers
@baentsch (on leave of absence as of March 11, 2025)
@baentsch
@dstebila
@SWilson4
### Committers
@baentsch (on leave of absence as of March 11, 2025)
@baentsch
@bhess
@christianpaquin
@dstebila
@jschanck
@Martyrshot
@praveksharma
@SWilson4
@swilson4
@vsoftco
## Former Maintainers and Committers
OQS is grateful to the following individuals who have previously served as Maintainers or Committers for liboqs.
### Former Committers
@jschanck
## Afterword
*This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md).

19
PLATFORMS.md
View File

@ -10,8 +10,6 @@ This classification is roughly based on the [rust platform support tier classifi
Tier 1 targets can be thought of as "guaranteed to work". The CI system builds and tests binary versions for each tier 1 target to make sure any change does not negatively affect those platforms. Platform-specific build documentation must exist. Tier 1 targets marked with a dagger (†) are additionally tested for constant-time behaviour. The CI system contains automated constant-time testing for each of these starred targets, and all failures are documented in the `tests/constant_time` directory. IMPORTANT: This does not mean that constant-time behaviour is guaranteed on these targets, or that non-constant-time behaviour is limited to documented exceptions. It does, however, mean that `liboqs` developers should track constant-time issues on these platforms.
Tier 1 platforms are also prioritized for security support, as per the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md).
### Tier 2
Tier 2 targets can be thought of as "guaranteed to build". The `liboqs` CI system contains builds for each tier 2 target; testing may or may not be available (typically depending on CI system platform availability). Therefore, tier 2 targets often work to quite a good degree and patches are always welcome! Tier 2 targets may also have known deficiencies caused by a lack of expertise to fix those on a given platform. Again, help and PRs to move platforms from tier 2 to tier 1 are always welcome.
@ -46,23 +44,22 @@ In this policy, the words "must" and "must not" specify absolute requirements th
### Tier 1
- x86_64/amd64/x64 for Ubuntu Linux (Noble)†
- x86_64/amd64/x64 for MacOS (XCode 15)
- aarch64 for Ubuntu (Noble)
- aarch64 for MacOS (XCode 15 and 16)
- x86_64/amd64/x64 for Ubuntu Linux (Focal)†
- x86_64/amd64/x64 for MacOS (XCode 14 and 15)
- aarch64 for Ubuntu (Focal)
- aarch64 for MacOS (XCode 15)
- armhf/ARM7 and aarch64 emulation on Ubuntu
### Tier 2
- x86_64/amd64/x64 for Windows (Visual Studio Toolchain) 2022 and 2025
- x86_64/amd64/x64 for Windows 2022
- armeabi-v7a, arm64-v8a, x86, x86_64 for Android
- aarch64 for Apple iOS and tvOS (CMake `-DPLATFORM=OS64` and `TVOS`)
- arm64, arm (32 bit), x86, x86_64, riscv32, riscv64 for Zephyr
### Tier 3
- x86 for Windows (Visual Studio Toolchain)
- ppc641e for Ubuntu (Focal)
- x86 for Windows
- ppc64le for Ubuntu (Focal)
- s390x for Ubuntu (Focal)
- loongarch64 for Debian Linux (trixie)
- NVIDIA GPU architectures 70, 75, 80, 86, 89, and 90 with a x86_64 CPU for Linux

50
README.md
View File

@ -1,11 +1,8 @@
[CircleCI](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main): ![Build status image](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main.svg?style=svg), [TravisCI](https://travis-ci.com/github/open-quantum-safe/liboqs): [![Build Status](https://travis-ci.com/open-quantum-safe/liboqs.svg?branch=main)](https://travis-ci.com/open-quantum-safe/liboqs)
liboqs
======================
[![Main Branch Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml)
[![Weekly Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml)
![Travis Build Status](https://img.shields.io/travis/com/open-quantum-safe/liboqs?logo=travis&label=Travis%20CI&labelColor=%23343B42&color=%232EBB4E)
[![Coverage Status](https://coveralls.io/repos/github/open-quantum-safe/liboqs/badge.svg?branch=main)](https://coveralls.io/github/open-quantum-safe/liboqs?branch=main)
liboqs is an open source C library for quantum-safe cryptographic algorithms.
- [liboqs](#liboqs)
@ -37,8 +34,6 @@ liboqs is part of the **Open Quantum Safe (OQS)** project, which aims to develop
The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/). More information about the Open Quantum Safe project can be found at [openquantumsafe.org](https://openquantumsafe.org/).
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
## Status
### Supported Algorithms
@ -47,11 +42,11 @@ Details on each supported algorithm can be found in the [docs/algorithms](https:
The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/final) (final standard) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes.
The only algorithms in `liboqs` that implement NIST standards drafts are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/ipd) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adapt the implementation such as for users to not be impacted by such potential change. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-kem-ipd" and "ml-kem" as well as "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below.
Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes available a [selection mechanism for algorithms on the NIST standards track, continued NIST competition, or purely experimental nature by way of the configuration variable OQS_ALGS_ENABLED](CONFIGURE.md#oQS_ALGS_ENABLED). By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes available a [selection mechanism for algorithms on the NIST standards track, continued NIST competition, or purely experimental nature by way of the configuration variable OQS_ALGS_ENABLED](CONFIGURE.md#oqs_algs_enabled). By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
#### Key encapsulation mechanisms
@ -61,25 +56,19 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
- **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
- **HQC**: HQC-128, HQC-192, HQC-256
- **Kyber**: Kyber512, Kyber768, Kyber1024
- **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024
- **ML-KEM**: ML-KEM-512-ipd (alias: ML-KEM-512), ML-KEM-768-ipd (alias: ML-KEM-768), ML-KEM-1024-ipd (alias: ML-KEM-1024)
- **NTRU-Prime**: sntrup761
<!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->
#### Signature schemes
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
- **CROSS**: cross-rsdp-128-balanced, cross-rsdp-128-fast, cross-rsdp-128-small†, cross-rsdp-192-balanced, cross-rsdp-192-fast, cross-rsdp-192-small†, cross-rsdp-256-balanced†, cross-rsdp-256-fast, cross-rsdp-256-small†, cross-rsdpg-128-balanced, cross-rsdpg-128-fast, cross-rsdpg-128-small, cross-rsdpg-192-balanced, cross-rsdpg-192-fast, cross-rsdpg-192-small†, cross-rsdpg-256-balanced, cross-rsdpg-256-fast, cross-rsdpg-256-small†
- **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5
- **Falcon**: Falcon-512, Falcon-1024, Falcon-padded-512, Falcon-padded-1024
- **MAYO**: MAYO-1, MAYO-2, MAYO-3, MAYO-5†
- **ML-DSA**: ML-DSA-44, ML-DSA-65, ML-DSA-87
- **SNOVA**: SNOVA\_24\_5\_4, SNOVA\_24\_5\_4\_SHAKE, SNOVA\_24\_5\_4\_esk, SNOVA\_24\_5\_4\_SHAKE\_esk, SNOVA\_37\_17\_2†, SNOVA\_25\_8\_3, SNOVA\_56\_25\_2†, SNOVA\_49\_11\_3†, SNOVA\_37\_8\_4†, SNOVA\_24\_5\_5†, SNOVA\_60\_10\_4†, SNOVA\_29\_6\_5†
- **ML-DSA**: ML-DSA-44-ipd (alias: ML-DSA-44), ML-DSA-65-ipd (alias: ML-DSA-65), ML-DSA-87-ipd (alias: ML-DSA-87)
- **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
- **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
- **UOV**: OV-Is, OV-Ip, OV-III, OV-V, OV-Is-pkc, OV-Ip-pkc, OV-III-pkc, OV-V-pkc, OV-Is-pkc-skc, OV-Ip-pkc-skc, OV-III-pkc-skc, OV-V-pkc-skc
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->
- **XMSS**: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256, XMSS-SHAKE_10_256, XMSS-SHAKE_16_256, XMSS-SHAKE_20_256, XMSS-SHA2_10_512, XMSS-SHA2_16_512, XMSS-SHA2_20_512, XMSS-SHAKE_10_512, XMSS-SHAKE_16_512, XMSS-SHAKE_20_512, XMSS-SHA2_10_192, XMSS-SHA2_16_192, XMSS-SHA2_20_192, XMSS-SHAKE256_10_192, XMSS-SHAKE256_16_192, XMSS-SHAKE256_20_192, SHAKE256_10_256, SHAKE256_16_256, SHAKE256_20_256, XMSSMT-SHA2_20/2_256, XMSSMT-SHA2_20/4_256, XMSSMT-SHA2_40/2_256, XMSSMT-SHA2_40/4_256, XMSSMT-SHA2_40/8_256, XMSSMT-SHA2_60/3_256, XMSSMT-SHA2_60/6_256, XMSSMT-SHA2_60/12_256, XMSSMT-SHAKE_20/2_256, XMSSMT-SHAKE_20/4_256, XMSSMT-SHAKE_40/2_256, XMSSMT-SHAKE_40/4_256, XMSSMT-SHAKE_40/8_256, XMSSMT-SHAKE_60/3_256, XMSSMT-SHAKE_60/6_256, XMSSMT-SHAKE_60/12_256
- **LMS**: LMS_SHA256_H5_W1, LMS_SHA256_H5_W2, LMS_SHA256_H5_W4, LMS_SHA256_H5_W8, LMS_SHA256_H10_W1, LMS_SHA256_H10_W2, LMS_SHA256_H10_W4, LMS_SHA256_H10_W8, LMS_SHA256_H15_W1, LMS_SHA256_H15_W2, LMS_SHA256_H15_W4, LMS_SHA256_H15_W8, LMS_SHA256_H20_W1, LMS_SHA256_H20_W2, LMS_SHA256_H20_W4, LMS_SHA256_H20_W8, LMS_SHA256_H25_W1, LMS_SHA256_H25_W2, LMS_SHA256_H25_W4, LMS_SHA256_H25_W8, LMS_SHA256_H5_W8_H5_W8, LMS_SHA256_H10_W4_H5_W8, LMS_SHA256_H10_W8_H5_W8, LMS_SHA256_H10_W2_H10_W2, LMS_SHA256_H10_W4_H10_W4, LMS_SHA256_H10_W8_H10_W8, LMS_SHA256_H15_W8_H5_W8, LMS_SHA256_H15_W8_H10_W8, LMS_SHA256_H15_W8_H15_W8, LMS_SHA256_H20_W8_H5_W8, LMS_SHA256_H20_W8_H10_W8, LMS_SHA256_H20_W8_H15_W8, LMS_SHA256_H20_W8_H20_W8
Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments. For more information, consult the algorithm information sheets in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
@ -93,19 +82,12 @@ We realize some parties may want to deploy quantum-safe cryptography prior to th
**WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.** This library is meant to help with research and prototyping. While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use.
Please see [SECURITY.md](SECURITY.md#security-policy) for details on how to report a vulnerability and the OQS vulnerability response process.
#### Platform limitations
In order to optimize support effort,
- not all algorithms are equally well supported on all platforms. In case of questions, it is first advised to review the [documentation files for each algorithm](docs/algorithms).
- not all compilers are equally well supported. For example, at least v7.1.0 of the GNU compiler is required.
#### Support limitations
This project is not commercially supported. All guidelines and goals for liboqs are reflections of current practices, executed by a community of academic, part-time, and/or voluntary contributors on a best-effort basis and may change at any time. Any entity seeking more reliable commitments is strongly encouraged to join the OQS community and thus enhance the code and support that the community can provide.
## Quickstart
### Linux and Mac
@ -121,10 +103,6 @@ This project is not commercially supported. All guidelines and goals for liboqs
brew install cmake ninja openssl@3 wget doxygen graphviz astyle valgrind
pip3 install pytest pytest-xdist pyyaml
Using Nix:
nix develop
Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL installed (version 3.x recommended; EOL version 1.1.1 also still possible).
2. Get the source:
@ -138,26 +116,22 @@ This project is not commercially supported. All guidelines and goals for liboqs
cmake -GNinja ..
ninja
Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md#options-for-configuring-liboqs-builds). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH -N ..` in the `build` directory.
Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md#options-for-configuring-liboqs-builds). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH ..` in the `build` directory.
The following instructions assume we are in `build`.
3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#bUILD_SHARED_LIBS) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#build_shared_libs) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
- `test_kem`: Simple test harness for key encapsulation mechanisms
- `test_sig`: Simple test harness for signature schemes
- `test_sig_stfl`: Simple test harness for stateful signature schemes
- `test_sig`: Simple test harness for key signature schemes
- `test_kem_mem`: Simple test harness for checking memory consumption of key encapsulation mechanisms
- `test_sig_mem`: Simple test harness for checking memory consumption of signature schemes
- `test_sig_mem`: Simple test harness for checking memory consumption of key signature schemes
- `kat_kem`: Program that generates known answer test (KAT) values for key encapsulation mechanisms using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig`: Program that generates known answer test (KAT) values for signature schemes using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig_stfl`: Program for checking results against submitted KAT values using `tests/test_kat.py`
- `speed_kem`: Benchmarking program for key encapsulation mechanisms; see `./speed_kem --help` for usage instructions
- `speed_sig`: Benchmarking program for signature mechanisms; see `./speed_sig --help` for usage instructions
- `speed_sig_stfl`: Benchmarking program for stateful signature mechanisms; see `./speed_sig_stfl --help` for usage instructions
- `example_kem`: Minimal runnable example showing the usage of the KEM API
- `example_sig`: Minimal runnable example showing the usage of the signature API
- `example_sig_stfl`: Minimal runnable example showing the usage of the stateful signature API
- `test_aes`, `test_sha3`: Simple test harnesses for crypto sub-components
- `test_portability`: Simple test harnesses for checking cross-CPU code portability; requires presence of `qemu`; proper operation validated only on Ubuntu
@ -214,12 +188,10 @@ liboqs includes some third party libraries or modules that are licensed differen
- `src/kem/classic_mceliece/pqclean_*`: public domain
- `src/kem/kyber/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/kem/kyber/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- `src/kem/kyber/libjade_*` public domain (CC0) or Apache License v2.
- `src/kem/ml_kem/mlkem-native_*`: Apache License v2.0
- `src/kem/ml_kem/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/dilithium/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/dilithium/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
- `src/sig/mayo/*`: Apache License v2.0
- `src/sig/ml_dsa/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/sphincs/pqclean_*`: CC0 (public domain)

90
RELEASE.md
View File

@ -1,5 +1,5 @@
liboqs version 0.13.0
=====================
liboqs version 0.10.1-rc1
=========================
About
-----
@ -14,104 +14,48 @@ liboqs can be used with the following Open Quantum Safe application integrations
- **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
=============
This is version 0.13.0 of liboqs. It was released on April 16, 2025.
This is release candidate 1 of version 0.10.1 of liboqs. It was released on June 5, 2024.
This release improves support for NIST Additional Signatures Round 2 candidates: CROSS and MAYO implementations are updated and support is added for UOV. This release also adds a new KEM API for deterministic key generation (only supported by ML-KEM at the moment). Finally, this release adds support for ML-KEM implementations from 2 new sources: formally verified portable C, AVX2, and AArch64 implementations from [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native) and a GPU accelerated CUDA implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc).
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber based on https://github.com/pq-crystals/kyber/commit/0264efacf18dd665d2066f21df3a3290b52ba240 and https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c. It also includes a fix for incorrectly named macros in the ML-DSA implementation.
What's New
----------
This release continues from the 0.12.0 release of liboqs.
This release continues from the 0.10.0 release of liboqs.
### Key encapsulation mechanisms
- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light).
- ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
- ML-KEM: Improved testing of ML-KEM keys.
- HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
- Kyber: portable C and AVX2 implementations updated
- ML-KEM: portable C and AVX2 implementations updated
### Digital signature schemes
- ML-DSA: Improved testing for ML-DSA.
- CROSS: Updated to NIST Additional Signatures Round 2 version.
- MAYO: Updated to NIST Additional Signatures Round 2 version.
- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
### Other changes
- Added support for loongarch64 architecture.
- ML-DSA: incorrectly named macros renamed
---
Detailed changelog
------------------
## What's Changed
* Bump version to 0.12.1-dev by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2015
* Add loongarch64 support by @zhaixiaojuan in https://github.com/open-quantum-safe/liboqs/pull/2010
* Minor changes to ML_DSA ACVP tests by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2007
* Update upload-artifact action to v4 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2017
* Remove hardcoded build paths & modify basic workflow to build in random path by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/2019
* Trigger liboqs-java and liboqs-rust downstream CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2021
* #1830 update scorecard to v5 (gh action 2.4.0) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1890
* Update PQClean commit and delete patch for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2026
* Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/2036
* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2043
* Update to public Ubuntu 24.04 ARM runner by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2050
* NVIDIA: Adding cuPQC as a backend for ML-KEM. by @stevenireeves in https://github.com/open-quantum-safe/liboqs/pull/2044
* Update ACVP vectors for KEM and DSA by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2051
* CI: Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2058
* Fix failing zephyr CI workflows, pinning v0.27.4 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2063
* Update sig_stfl Doxygen documentation by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2059
* Import ML-KEM from mlkem-native/PQ code package by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2041
* Update example files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2071
* GitHub runner updates by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2069
* Disable cupqc-buildcheck by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2075
* Add threat model by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2033
* Update CROSS to version 2.0 by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2078
* improving CONTRIBUTING.md for maintainability [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/2081
* Ensure that building against liboqs build directory works by @levitte in https://github.com/open-quantum-safe/liboqs/pull/2086
* Added alg_version details to test output by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2080
* Add checks for ML-KEM keys by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2009
* Update actions/cache to v4.2.2 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2093
* Add Nix flake by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1970
* Update MAYO to NIST round 2 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2095
* Update mlkem-native to v1.0.0-beta by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2092
* Add references to security response process by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2077
* Bump version to 0.13.0-dev [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2099
* Add UOV by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2094
* Add bitflip test for trivial SUF-CMA forgeries by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2090
* Update MAYO version in algorithm datasheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2103
* Add DeriveKeyPair API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2070
* Update nist-round in UOV and MAYO data sheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2105
* build: search unistd.h separately from sys/random.h for getentropy by @mkroening in https://github.com/open-quantum-safe/liboqs/pull/2104
* Add support caveat by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2114
* Temporarily disable HQC by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2122
* Fix PR workflow runs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2123
* switching to dev mode again by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1743
* Update README.md by @vsoftco in https://github.com/open-quantum-safe/liboqs/pull/1769
* Fix README.md to work with Doxygen release 1.10.0 by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1775
* Fix for incorrect macros in signatures. by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1799
* Pull Kyber/ML-KEM CT-Fix from upstream by @bhess
* Force gcc 13.2.0 over 13.3.0 by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1805
## New Contributors
* @zhaixiaojuan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2010
* @stevenireeves made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2044
* @pablo-gf made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2059
* @levitte made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2086
* @mkannwischer made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2093
* @mkroening made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2104
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.12.0...0.13.0
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.10.0...0.10.1-rc1

25
SECURITY.md
View File

@ -4,32 +4,15 @@
We only support the most recent release.
Using any code prior to 0.12.0 is strongly discouraged due to a [known security vulnerability in HQC](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7).
Using any prior code is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.10.1).
| Version | Supported |
| ------- | ------------------ |
| 0.13.0 | :white_check_mark: |
| < 0.13 | :x: |
| 0.10.1 | :white_check_mark: |
| 0.10.0 | :x: |
| < 0.10 | :x: |
## Reporting a Vulnerability
Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).
## Threat Model
Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86\_64. All test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute nonconstant-time behaviour. The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass. Details about passes and issues are available in the [tests/constant_time directory](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). These tests do not encompass all classes of nonconstant-time behaviour; for example, they do not detect possible variable-time instructions, such as `DIV`. Reports of nonconstant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md#tier-1).
The following types of attacks are outside the scope of our threat model:
- same physical system side channel
- CPU / hardware flaws
- physical fault injection attacks (including Rowhammer-style attacks)
- physical observation side channels (such as power consumption, electromagnetic emissions)
Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation.
(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)
## Security Response Process
Security reports for liboqs will be handled in accordance with the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md). Please also see the general [support disclaimer](README.md#support-limitations) for liboqs.

182
cpp/sig_linking_test.cpp
View File

@ -1,182 +0,0 @@
/*
* example_sig.cpp
*
* Minimal C++ example of using a post-quantum signature implemented in liboqs.
*
* SPDX-License-Identifier: MIT
*/
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <iostream>
#include <memory>
#include <oqs/oqs.h>
constexpr size_t MESSAGE_LEN = 50;
/* Cleaning up memory etc */
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len);
struct OQSSecureDeleter {
size_t length;
explicit OQSSecureDeleter(size_t len) : length(len) {}
void operator()(uint8_t* ptr) const {
if (ptr) {
OQS_MEM_secure_free(ptr, length);
}
}
};
struct OQSInsecureDeleter {
void operator()(uint8_t* ptr) {
if (ptr) {
OQS_MEM_insecure_free(ptr);
}
}
};
struct OQSSigDeleter {
void operator()(OQS_SIG* sig) {
if (sig) {
OQS_SIG_free(sig);
}
}
};
/* This function gives an example of the signing operations
* using only compile-time macros and allocating variables
* statically on the stack, calling a specific algorithm's functions
* directly.
*
* The macros OQS_SIG_dilithium_2_length_* and the functions OQS_SIG_dilithium_2_*
* are only defined if the algorithm dilithium_2 was enabled at compile-time
* which must be checked using the OQS_ENABLE_SIG_dilithium_2 macro.
*
* <oqs/oqsconfig.h>, which is included in <oqs/oqs.h>, contains macros
* indicating which algorithms were enabled when this instance of liboqs
* was compiled.
*/
static OQS_STATUS example_stack(void) {
#ifdef OQS_ENABLE_SIG_dilithium_2
OQS_STATUS rc;
uint8_t public_key[OQS_SIG_dilithium_2_length_public_key];
uint8_t secret_key[OQS_SIG_dilithium_2_length_secret_key];
uint8_t message[MESSAGE_LEN];
uint8_t signature[OQS_SIG_dilithium_2_length_signature];
size_t message_len = MESSAGE_LEN;
size_t signature_len;
// let's create a random test message to sign
OQS_randombytes(message, message_len);
rc = OQS_SIG_dilithium_2_keypair(public_key, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_keypair failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_dilithium_2_sign(signature, &signature_len, message, message_len, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_sign failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_dilithium_2_verify(message, message_len, signature, signature_len, public_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_dilithium_2_verify failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_ERROR;
}
std::cout << "[example_stack] OQS_SIG_dilithium_2 operations completed" << std::endl;
cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
return OQS_SUCCESS; // success!
#else
std::cout << "[example_stack] OQS_SIG_dilithium_2 was not enabled at compile-time" << std::endl;
return OQS_SUCCESS;
#endif
}
/* This function gives an example of the signing operations,
* allocating variables dynamically on the heap and calling the generic
* OQS_SIG object.
*
* This does not require the use of compile-time macros to check if the
* algorithm in question was enabled at compile-time; instead, the caller
* must check that the OQS_SIG object returned is not nullptr.
*/
static OQS_STATUS example_heap(void) {
#ifdef OQS_ENABLE_SIG_dilithium_2
size_t message_len = MESSAGE_LEN;
size_t signature_len;
OQS_STATUS rc;
std::unique_ptr<OQS_SIG, OQSSigDeleter> sig(OQS_SIG_new((OQS_SIG_alg_dilithium_2)));
if (sig == nullptr) {
throw std::runtime_error("[example_heap] OQS_SIG_alg_dilithium_2 was not enabled at compile-time.");
}
std::unique_ptr<uint8_t[], OQSInsecureDeleter> public_key(static_cast<uint8_t*>(malloc(sig->length_public_key)));
std::unique_ptr<uint8_t[], OQSSecureDeleter> secret_key(static_cast<uint8_t*>(malloc(sig->length_secret_key)), OQSSecureDeleter(sig->length_secret_key));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> message(static_cast<uint8_t*>(malloc(message_len)));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> signature(static_cast<uint8_t*>(malloc(sig->length_signature)));
if ((public_key == nullptr) || (secret_key == nullptr) || (message == nullptr) || (signature == nullptr)) {
throw std::runtime_error("ERROR: malloc failed!");
}
// let's create a random test message to sign
OQS_randombytes(message.get(), message_len);
rc = OQS_SIG_keypair(sig.get(), public_key.get(), secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_keypair failed!");
}
rc = OQS_SIG_sign(sig.get(), signature.get(), &signature_len, message.get(), message_len, secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_sign failed!");
}
rc = OQS_SIG_verify(sig.get(), message.get(), message_len, signature.get(), signature_len, public_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_verify failed!");
}
std::cout << "[example_heap] OQS_SIG_dilithium_2 operations completed." << std::endl;
return OQS_SUCCESS; // success
#else
std::cout << "[example_heap] OQS_SIG_dilithium_2 was not enabled at compile-time." << std::endl;
return OQS_SUCCESS;
#endif
}
int main() {
OQS_init();
try {
example_stack();
example_heap();
}
catch (std::exception e) {
std::cerr << e.what() << std::endl;
OQS_destroy();
return EXIT_FAILURE;
}
OQS_destroy();
return EXIT_SUCCESS;
}
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len) {
OQS_MEM_cleanse(secret_key, secret_key_len);
}

10
docs/.Doxyfile
View File

@ -378,7 +378,7 @@ TOC_INCLUDE_HEADINGS = 0
# The default value is: DOXYGEN.
# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
MARKDOWN_ID_STYLE = GITHUB
MARKDOWN_ID_STYLE = DOXYGEN
# When enabled doxygen tries to link words that correspond to documented
# classes, or namespaces to their corresponding documentation. Such a link can
@ -949,18 +949,12 @@ WARN_LOGFILE =
# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
# Note: If this tag is empty the current directory is searched.
INPUT = src/common/aes/aes_ops.h \
src/common/common.h \
INPUT = src/common/common.h \
src/common/rand/rand.h \
src/common/sha2/sha2_ops.h \
src/common/sha3/sha3_ops.h \
src/common/sha3/sha3x4_ops.h \
src/kem/kem.h \
src/sig/sig.h \
src/sig_stfl/sig_stfl.h \
README.md \
CONFIGURE.md \
SECURITY.md \
CONTRIBUTORS
# This tag can be used to specify the character encoding of the source files

77
docs/FUZZING.md
View File

@ -1,77 +0,0 @@
# Fuzzing
Fuzz testing is an automated software testing method that injects invalid,
malformed, or unexpected inputs to reveal defects and vulnerabilities. A fuzzing
tool monitors the system for exceptions like crashes, information leakage, or
errors, helping developers identify and fix bugs and security loopholes.
## Current state of fuzzing in liboqs
- [ ] kem
- [ ] bike
- [ ] classic_mceliece
- [ ] frodokem
- [ ] hqc
- [ ] kyber
- [ ] ml_kem
- [ ] ntruprime
- [ ] sig
- [x] dilithium
- [x] falcon
- [x] mayo
- [x] ml_dsa
- [x] sphincs
- [ ] sig_stfl
- [ ] lms
- [ ] sig_stfl
- [ ] xmss
## Building and running fuzz tests
Building fuzz tests is very similar to building normally with some optional
steps to target different types of bugs. The most basic ways to build the
fuzz tests is as follows;
```bash
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)
```
You'll now be able to run a fuzz test e.g.
```bash
./tests/fuzz_test_dilithium2
#9764 NEW cov: 4 ft: 708 corp: 100/318b lim: 43 exec/s: 9764 rss: 362Mb L: 41/41 MS: 4 EraseBytes-InsertRepeatedBytes-CMP-ChangeBit- DE: "\0004m\372"-
...
```
The fuzzer will run indefinetely or;
- until it finds a bug and crashes,
- you manually stop the fuzzer i.e. CTRL-C
- you set a timeout using the command line.
For more details on the available command line args please consult the [libfuzzer docs](https://llvm.org/docs/LibFuzzer.html).
## Sanitizers
It is a common pattern to combine fuzzing with various sanitizers to catch different bugs.
One of the simpler sanitizers is the fuzzing sanitizer, which will instrument the code
for coverage driven fuzzing. To enable this simply add this to your environment variables
before configuring cmake;
```
export CFLAGS=-fsanitize=fuzzer-no-link
```
It is common to combine the fuzzer sanitizer with either the [address](https://clang.llvm.org/docs/AddressSanitizer.html)
or the [undefined behaviour sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). To
add these simply add the relevant flags to BOTH the CFLAGS and LDFLAGS e.g.
```
export CFLAGS=-fsanitize=fuzzer-no-link,address
export LDFLAGS=-fsanitize=address
```
Then rerun cmake as normal i.e.
```bash
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)
```

69
docs/PROCEDURES.md
View File

@ -1,69 +0,0 @@
# Additional procedures for code maintenance
## Managing pinned dependencies
The OpenSSF, via the [scorecard](https://securityscorecards.dev/) project recommends that projects pin any
dependencies they use:
* to ensure reproducibility
* to reduce the risk for rogue dependency updates to compromise software
It's important to note that this requires any changes to dependencies are properly reviewed, and
these changes, by design, should not be automatic in themselves, though automated tools may provide recommendations.
### Python dependencies
Python dependencies used in the build process such as within `.github/workflows` should be pinned to a specific version to ensure reproducibility.
This is achieved by:
* Ensuring the required hash is in the `requirements.txt`.
* Using the `--require-hashes` option on any `pip install` command line which causes pip to require hashes for all dependencies.
To add a new, or changed dependency:
* Ensure the `pip-compile` tool is installed via the [pip-tools](https://pypi.org/project/pip-tools/) package.
* Update `requirements.in` with added, modified, or deleted dependencies.
* Update requirements.txt using `pip-compile --generate-hashes --output-file=requirements.txt requirements.in`.
* Verify correct functionality.
* Check in both `requirements.txt` and `requirements.in`.
Note: `requirements.in` acts purely as a template in this process. It is not used during the installation of a dependency.
### Github Actions
All actions used in `.github/worfklows` should pin the exact version of the action they are using, for
example a step such as:
```yaml
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
```
The exact hash specified after `@` is the git commit hash within the repo where the action is found.
The [pin github action](https://github.com/mheap/pin-github-action) tool can be used to maintain these
by, for example, running:
```shell
pin-github-action unix.yml
```
This will add the appropriate hash if not present, along with a comment, and also update each hash in accordance with any existing comment.
For major updates, update the comment ie `pin@v4` to `pin@v5` and the tool will attempt to find the new hash.
The comment should not be removed, and should exclusively be used for updating the version.
A full explanation of how the tool operates can be found in the [documentation](https://github.com/mheap/pin-github-action).
To help in explanation here's an example of a similar code fragment between tool executions:
* Original entry is `uses: actions/checkout@v3`
* run `pin-github-action unix.yml`
* We now see `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3`
* later we want to go to v4, so update the text to `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v4`
* Now run `pin-github-action unix.yml` to correct the sha
* File now shows `uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4`
When changes have been made, correct functionality of the Github actions should be verified by reviewing the Github action logs and outputs. The SHA inserted by the tool can be searched for in Github to check it is associated with the expected version.

10
docs/algorithms/kem/bike.md
View File

@ -13,11 +13,11 @@
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 | NA |
| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 | NA |
| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 |
| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 |
| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 |
## BIKE-L1 implementation characteristics

26
docs/algorithms/kem/classic_mceliece.md
View File

@ -6,7 +6,7 @@
- **Authors' website**: https://classic.mceliece.org
- **Specification version**: SUPERCOP-20221025.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Source**: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- SUPERCOP-20221025 "clean" and "avx2" implementations
@ -18,18 +18,18 @@
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA |
| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA |
| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA |
| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA |
| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA |
| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA |
| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA |
| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA |
| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA |
| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 |
| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 |
| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 |
| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 |
| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 |
| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 |
| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 |
| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 |
| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 |
| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 |
## Classic-McEliece-348864 implementation characteristics

2
docs/algorithms/kem/classic_mceliece.yml
View File

@ -378,4 +378,4 @@ parameter-sets:
auxiliary-submitters: []
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
source: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789

16
docs/algorithms/kem/frodokem.md
View File

@ -12,14 +12,14 @@
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 |
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 |
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 |
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 |
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 |
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 |
## FrodoKEM-640-AES implementation characteristics

12
docs/algorithms/kem/hqc.md
View File

@ -6,7 +6,7 @@
- **Authors' website**: https://pqc-hqc.org/
- **Specification version**: 2023-04-30.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Source**: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
@ -14,11 +14,11 @@
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | NA |
| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | NA |
| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 |
| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 |
| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 |
## HQC-128 implementation characteristics

2
docs/algorithms/kem/hqc.yml
View File

@ -76,4 +76,4 @@ parameter-sets:
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
source: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789

18
docs/algorithms/kem/kyber.md
View File

@ -13,19 +13,15 @@
- **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
- **Formally-verified Implementation sources**:
- **libjade**:<a name="libjade"></a>
- **Source**: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 OR Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | NA |
| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | NA |
| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
## Kyber512 implementation characteristics
@ -34,8 +30,6 @@
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -48,8 +42,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.

53
docs/algorithms/kem/kyber.yml
View File

@ -26,11 +26,6 @@ optimized-upstreams:
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
and MIT
formally-verified-upstreams:
libjade:
source: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with
copy_from_upstream patches
spdx-license-identifier: CC0-1.0 OR Apache-2.0
parameter-sets:
- name: Kyber512
claimed-nist-level: 1
@ -77,30 +72,6 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: ref
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber768
claimed-nist-level: 3
claimed-security: IND-CCA2
@ -146,30 +117,6 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: ref
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber1024
claimed-nist-level: 5
claimed-security: IND-CCA2

38
docs/algorithms/kem/ml_kem.md
View File

@ -4,57 +4,47 @@
- **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- **Principal submitters**: Peter Schwabe.
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
- **Specification version**: ML-KEM.
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
- **Specification version**: ML-KEM-ipd.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **Source**: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **cupqc-cuda**:<a name="cupqc-cuda"></a>
- **Source**: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
- **Implementation license (SPDX-Identifier)**: Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|----------------------------:|
| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | 64 |
| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | 64 |
| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | 64 |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| ML-KEM-512-ipd | ML-KEM-512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| ML-KEM-768-ipd | ML-KEM-768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| ML-KEM-1024-ipd | ML-KEM-1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
## ML-KEM-512 implementation characteristics
## ML-KEM-512-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ML-KEM-768 implementation characteristics
## ML-KEM-768-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ML-KEM-1024 implementation characteristics
## ML-KEM-1024-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.

97
docs/algorithms/kem/ml_kem.yml
View File

@ -13,25 +13,22 @@ auxiliary-submitters:
- Gregor Seiler
- Damien Stehlé
crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
nist-round: FIPS203
spec-version: ML-KEM
website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
nist-round: ipd
spec-version: ML-KEM-ipd
primary-upstream:
source: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
source: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
cupqc-cuda:
source: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: ML-KEM-512
- name: ML-KEM-512-ipd
alias: ML-KEM-512
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
@ -43,7 +40,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -58,36 +55,14 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-768
- name: ML-KEM-768-ipd
alias: ML-KEM-768
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
@ -99,7 +74,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -114,36 +89,14 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-1024
- name: ML-KEM-1024-ipd
alias: ML-KEM-1024
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
length-keypair-seed: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
@ -155,7 +108,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
@ -170,25 +123,3 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false

6
docs/algorithms/kem/ntruprime.md
View File

@ -14,9 +14,9 @@
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 | NA |
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 |
## sntrup761 implementation characteristics

203
docs/algorithms/sig/cross.md
View File

@ -1,203 +0,0 @@
# CROSS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hardness of the restricted syndrome decoding problem for random linear codes on a finite field.
- **Principal submitters**: Marco Baldi, Alessandro Barenghi, Michele Battagliola, Sebastian Bitzer, Patrick Karl, Felice Manganiello, Alessio Pavoni, Gerardo Pelosi, Paolo Santini, Jonas Schupp, Edoardo Signorini, Freeman Slaughter, Antonia Wachter-Zeh, Violetta Weger.
- **Auxiliary submitters**: Marco Gianvecchio.
- **Authors' website**: https://www.cross-crypto.com/
- **Specification version**: 2.0 + PQClean and OQS patches.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
- **Implementation license (SPDX-Identifier)**: CC0-1.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| cross-rsdp-128-balanced | NA | EUF-CMA | 1 | 77 | 32 | 13152 |
| cross-rsdp-128-fast | NA | EUF-CMA | 1 | 77 | 32 | 18432 |
| cross-rsdp-128-small | NA | EUF-CMA | 1 | 77 | 32 | 12432 |
| cross-rsdp-192-balanced | NA | EUF-CMA | 3 | 115 | 48 | 29853 |
| cross-rsdp-192-fast | NA | EUF-CMA | 3 | 115 | 48 | 41406 |
| cross-rsdp-192-small | NA | EUF-CMA | 3 | 115 | 48 | 28391 |
| cross-rsdp-256-balanced | NA | EUF-CMA | 5 | 153 | 64 | 53527 |
| cross-rsdp-256-fast | NA | EUF-CMA | 5 | 153 | 64 | 74590 |
| cross-rsdp-256-small | NA | EUF-CMA | 5 | 153 | 64 | 50818 |
| cross-rsdpg-128-balanced | NA | EUF-CMA | 1 | 54 | 32 | 9120 |
| cross-rsdpg-128-fast | NA | EUF-CMA | 1 | 54 | 32 | 11980 |
| cross-rsdpg-128-small | NA | EUF-CMA | 1 | 54 | 32 | 8960 |
| cross-rsdpg-192-balanced | NA | EUF-CMA | 3 | 83 | 48 | 22464 |
| cross-rsdpg-192-fast | NA | EUF-CMA | 3 | 83 | 48 | 26772 |
| cross-rsdpg-192-small | NA | EUF-CMA | 3 | 83 | 48 | 20452 |
| cross-rsdpg-256-balanced | NA | EUF-CMA | 5 | 106 | 64 | 40100 |
| cross-rsdpg-256-fast | NA | EUF-CMA | 5 | 106 | 64 | 48102 |
| cross-rsdpg-256-small | NA | EUF-CMA | 5 | 106 | 64 | 36454 |
## cross-rsdp-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## cross-rsdp-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

532
docs/algorithms/sig/cross.yml
View File

@ -1,532 +0,0 @@
name: CROSS
type: signature
principal-submitters:
- Marco Baldi
- Alessandro Barenghi
- Michele Battagliola
- Sebastian Bitzer
- Patrick Karl
- Felice Manganiello
- Alessio Pavoni
- Gerardo Pelosi
- Paolo Santini
- Jonas Schupp
- Edoardo Signorini
- Freeman Slaughter
- Antonia Wachter-Zeh
- Violetta Weger
auxiliary-submitters:
- Marco Gianvecchio
crypto-assumption: hardness of the restricted syndrome decoding problem for random
linear codes on a finite field
website: https://www.cross-crypto.com/
nist-round: 2
spec-version: 2.0 + PQClean and OQS patches
primary-upstream:
source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
spdx-license-identifier: CC0-1.0
parameter-sets:
- name: cross-rsdp-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 13152
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 18432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-small
oqs_alg: OQS_SIG_alg_cross_rsdp_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 12432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 29853
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 41406
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-small
oqs_alg: OQS_SIG_alg_cross_rsdp_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 28391
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 53527
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 74590
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-256-small
oqs_alg: OQS_SIG_alg_cross_rsdp_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 50818
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 9120
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 11980
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 8960
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 22464
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 26772
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 20452
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 40100
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 48102
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 36454
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

6
docs/algorithms/sig/dilithium.md
View File

@ -19,9 +19,9 @@
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| Dilithium2 | NA | SUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3 | NA | SUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5 | NA | SUF-CMA | 5 | 2592 | 4864 | 4595 |
| Dilithium2 | NA | EUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3 | NA | EUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5 | NA | EUF-CMA | 5 | 2592 | 4864 | 4595 |
## Dilithium2 implementation characteristics

6
docs/algorithms/sig/dilithium.yml
View File

@ -28,7 +28,7 @@ parameter-sets:
- name: Dilithium2
oqs_alg: OQS_SIG_alg_dilithium_2
claimed-nist-level: 2
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 1312
length-secret-key: 2528
length-signature: 2420
@ -72,7 +72,7 @@ parameter-sets:
- name: Dilithium3
oqs_alg: OQS_SIG_alg_dilithium_3
claimed-nist-level: 3
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 1952
length-secret-key: 4000
length-signature: 3293
@ -116,7 +116,7 @@ parameter-sets:
- name: Dilithium5
oqs_alg: OQS_SIG_alg_dilithium_5
claimed-nist-level: 5
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 2592
length-secret-key: 4864
length-signature: 4595

4
docs/algorithms/sig/falcon.md
View File

@ -7,9 +7,9 @@
- **Authors' website**: https://falcon-sign.info
- **Specification version**: 20211101.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Source**: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
- **Implementation license (SPDX-Identifier)**: MIT
- **Optimized Implementation sources**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Optimized Implementation sources**: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
- **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
- **Implementation license (SPDX-Identifier)**: Apache-2.0

2
docs/algorithms/sig/falcon.yml
View File

@ -18,7 +18,7 @@ website: https://falcon-sign.info
nist-round: 3
spec-version: 20211101
primary-upstream:
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
source: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
spdx-license-identifier: MIT
upstream-ancestors:
- https://www.falcon-sign.info

66
docs/algorithms/sig/mayo.md
View File

@ -1,66 +0,0 @@
# MAYO
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Ward Beullens, Fabio Campos, Sofía Celi, Basil Hess, Matthias J. Kannwischer.
- **Authors' website**: https://pqmayo.org
- **Specification version**: NIST Round 2 (February 2025).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| MAYO-1 | NA | EUF-CMA | 1 | 1420 | 24 | 454 |
| MAYO-2 | NA | EUF-CMA | 1 | 4912 | 24 | 186 |
| MAYO-3 | NA | EUF-CMA | 3 | 2986 | 32 | 681 |
| MAYO-5 | NA | EUF-CMA | 5 | 5554 | 40 | 964 |
## MAYO-1 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## MAYO-2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## MAYO-3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## MAYO-5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

195
docs/algorithms/sig/mayo.yml
View File

@ -1,195 +0,0 @@
name: MAYO
type: signature
principal-submitters:
- Ward Beullens
- Fabio Campos
- Sofía Celi
- Basil Hess
- Matthias J. Kannwischer
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://pqmayo.org
nist-round: 2
spec-version: NIST Round 2 (February 2025)
primary-upstream:
source: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807
with copy_from_upstream patches
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: MAYO-1
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1420
length-secret-key: 24
length-signature: 454
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-2
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 4912
length-secret-key: 24
length-signature: 186
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 2986
length-secret-key: 32
length-signature: 681
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: MAYO-5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 5554
length-secret-key: 40
length-signature: 964
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true

18
docs/algorithms/sig/ml_dsa.md
View File

@ -4,10 +4,10 @@
- **Main cryptographic assumption**: hardness of lattice problems over module lattices.
- **Principal submitters**: Vadim Lyubashevsky.
- **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
- **Specification version**: ML-DSA.
- **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/ipd
- **Specification version**: ML-DSA-ipd.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 with copy_from_upstream patches
- **Source**: https://github.com/pq-crystals/dilithium/commit/e7bed6258b9a3703ce78d4ec38021c86382ce31c with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
@ -15,11 +15,11 @@
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| ML-DSA-44 | NA | SUF-CMA | 2 | 1312 | 2560 | 2420 |
| ML-DSA-65 | NA | SUF-CMA | 3 | 1952 | 4032 | 3309 |
| ML-DSA-87 | NA | SUF-CMA | 5 | 2592 | 4896 | 4627 |
| ML-DSA-44-ipd | ML-DSA-44 | EUF-CMA | 2 | 1312 | 2560 | 2420 |
| ML-DSA-65-ipd | ML-DSA-65 | EUF-CMA | 3 | 1952 | 4032 | 3309 |
| ML-DSA-87-ipd | ML-DSA-87 | EUF-CMA | 5 | 2592 | 4896 | 4627 |
## ML-DSA-44 implementation characteristics
## ML-DSA-44-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
@ -30,7 +30,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ML-DSA-65 implementation characteristics
## ML-DSA-65-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
@ -39,7 +39,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ML-DSA-87 implementation characteristics
## ML-DSA-87-ipd implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|

23
docs/algorithms/sig/ml_dsa.yml
View File

@ -11,17 +11,18 @@ auxiliary-submitters:
- Gregor Seiler
- Damien Stehlé
crypto-assumption: hardness of lattice problems over module lattices
website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
nist-round: FIPS204
spec-version: ML-DSA
website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/ipd
nist-round: ipd
spec-version: ML-DSA-ipd
primary-upstream:
source: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
source: https://github.com/pq-crystals/dilithium/commit/e7bed6258b9a3703ce78d4ec38021c86382ce31c
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
parameter-sets:
- name: ML-DSA-44
- name: ML-DSA-44-ipd
alias: ML-DSA-44
claimed-nist-level: 2
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 1312
length-secret-key: 2560
length-signature: 2420
@ -50,9 +51,10 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: ML-DSA-65
- name: ML-DSA-65-ipd
alias: ML-DSA-65
claimed-nist-level: 3
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 1952
length-secret-key: 4032
length-signature: 3309
@ -81,9 +83,10 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: ML-DSA-87
- name: ML-DSA-87-ipd
alias: ML-DSA-87
claimed-nist-level: 5
claimed-security: SUF-CMA
claimed-security: EUF-CMA
length-public-key: 2592
length-secret-key: 4896
length-signature: 4627

154
docs/algorithms/sig/snova.md
View File

@ -1,154 +0,0 @@
# SNOVA
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Lih-Chung Wang, Chun-Yen Chou, Jintai Ding, Yen-Liang Kuan, Jan Adriaan Leegwater, Ming-Siou Li, Bo-Shu Tseng, Po-En Tseng, Chia-Chun Wang.
- **Authors' website**: https://snova.pqclab.org/
- **Specification version**: Round 2.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| SNOVA\_24\_5\_4 | NA | EUF-CMA | 1 | 1016 | 48 | 248 |
| SNOVA\_24\_5\_4\_SHAKE | NA | EUF-CMA | 1 | 1016 | 48 | 248 |
| SNOVA\_24\_5\_4\_esk | NA | EUF-CMA | 1 | 1016 | 36848 | 248 |
| SNOVA\_24\_5\_4\_SHAKE\_esk | NA | EUF-CMA | 1 | 1016 | 36848 | 248 |
| SNOVA\_37\_17\_2 | NA | EUF-CMA | 1 | 9842 | 48 | 124 |
| SNOVA\_25\_8\_3 | NA | EUF-CMA | 1 | 2320 | 48 | 165 |
| SNOVA\_56\_25\_2 | NA | EUF-CMA | 3 | 31266 | 48 | 178 |
| SNOVA\_49\_11\_3 | NA | EUF-CMA | 3 | 6006 | 48 | 286 |
| SNOVA\_37\_8\_4 | NA | EUF-CMA | 3 | 4112 | 48 | 376 |
| SNOVA\_24\_5\_5 | NA | EUF-CMA | 3 | 1579 | 48 | 379 |
| SNOVA\_60\_10\_4 | NA | EUF-CMA | 5 | 8016 | 48 | 576 |
| SNOVA\_29\_6\_5 | NA | EUF-CMA | 5 | 2716 | 48 | 454 |
## SNOVA\_24\_5\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## SNOVA\_24\_5\_4\_SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_4\_esk implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_4\_SHAKE\_esk implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_37\_17\_2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_25\_8\_3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_56\_25\_2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_49\_11\_3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_37\_8\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_24\_5\_5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_60\_10\_4 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## SNOVA\_29\_6\_5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux | AVX2 | True | True | True |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Darwin,Linux | None | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

560
docs/algorithms/sig/snova.yml
View File

@ -1,560 +0,0 @@
name: SNOVA
type: signature
principal-submitters:
- Lih-Chung Wang
- Chun-Yen Chou
- Jintai Ding
- Yen-Liang Kuan
- Jan Adriaan Leegwater
- Ming-Siou Li
- Bo-Shu Tseng
- Po-En Tseng
- Chia-Chun Wang
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://snova.pqclab.org/
nist-round: 2
spec-version: Round 2
primary-upstream:
source: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
spdx-license-identifier: MIT
parameter-sets:
- name: SNOVA_24_5_4
oqs_alg: OQS_SIG_alg_snova_24_5_4
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 48
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_SHAKE
oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 48
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_esk
oqs_alg: OQS_SIG_alg_snova_24_5_4_esk
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 36848
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_24_5_4_SHAKE_esk
oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE_esk
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1016
length-secret-key: 36848
length-signature: 248
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_37_17_2
oqs_alg: OQS_SIG_alg_SNOVA_37_17_2
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 9842
length-secret-key: 48
length-signature: 124
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_25_8_3
oqs_alg: OQS_SIG_alg_SNOVA_25_8_3
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 2320
length-secret-key: 48
length-signature: 165
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: SNOVA_56_25_2
oqs_alg: OQS_SIG_alg_snova_56_25_2
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 31266
length-secret-key: 48
length-signature: 178
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_49_11_3
oqs_alg: OQS_SIG_alg_snova_49_11_3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 6006
length-secret-key: 48
length-signature: 286
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_37_8_4
oqs_alg: OQS_SIG_alg_snova_37_8_4
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 4112
length-secret-key: 48
length-signature: 376
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_24_5_5
oqs_alg: OQS_SIG_alg_SNOVA_24_5_5
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 1579
length-secret-key: 48
length-signature: 379
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_60_10_4
oqs_alg: OQS_SIG_alg_snova_60_10_4
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 8016
length-secret-key: 48
length-signature: 576
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: SNOVA_29_6_5
oqs_alg: OQS_SIG_alg_SNOVA_29_6_5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 2716
length-secret-key: 48
length-signature: 454
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Darwin
- Linux
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

2
docs/algorithms/sig/sphincs.md
View File

@ -7,7 +7,7 @@
- **Authors' website**: https://sphincs.org/
- **Specification version**: NIST Round 3 submission, v3.1 (June 10, 2022).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181 with copy_from_upstream patches
- **Source**: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0

2
docs/algorithms/sig/sphincs.yml
View File

@ -26,7 +26,7 @@ nist-round: 3
spec-version: NIST Round 3 submission, v3.1 (June 10, 2022)
spdx-license-identifier: CC0-1.0
primary-upstream:
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
source: https://github.com/PQClean/PQClean/commit/8e221ae797b229858a0b0d784577a8cb149d5789
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0
upstream-ancestors:

154
docs/algorithms/sig/uov.md
View File

@ -1,154 +0,0 @@
# UOV
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Ward Beullens, Ming-Shing Chen, Jintai Ding, Boru Gong, Matthias J. Kannwischer, Jacques Patarin, Bo-Yuan Peng, Dieter Schmidt, Cheng-Jhih Shih, Chengdong Tao, Bo-Yin Yang.
- **Authors' website**: https://www.uovsig.org/
- **Specification version**: NIST Round 2 (February 2025).
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
- **Implementation license (SPDX-Identifier)**: CC0 OR Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| OV-Is | NA | EUF-CMA | 1 | 412160 | 348704 | 96 |
| OV-Ip | NA | EUF-CMA | 1 | 278432 | 237896 | 128 |
| OV-III | NA | EUF-CMA | 3 | 1225440 | 1044320 | 200 |
| OV-V | NA | EUF-CMA | 5 | 2869440 | 2436704 | 260 |
| OV-Is-pkc | NA | EUF-CMA | 1 | 66576 | 348704 | 96 |
| OV-Ip-pkc | NA | EUF-CMA | 1 | 43576 | 237896 | 128 |
| OV-III-pkc | NA | EUF-CMA | 3 | 189232 | 1044320 | 200 |
| OV-V-pkc | NA | EUF-CMA | 5 | 446992 | 2436704 | 260 |
| OV-Is-pkc-skc | NA | EUF-CMA | 1 | 66576 | 32 | 96 |
| OV-Ip-pkc-skc | NA | EUF-CMA | 1 | 43576 | 32 | 128 |
| OV-III-pkc-skc | NA | EUF-CMA | 3 | 189232 | 32 | 200 |
| OV-V-pkc-skc | NA | EUF-CMA | 5 | 446992 | 32 | 260 |
## OV-Is implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## OV-Ip implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Is-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Ip-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V-pkc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Is-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-Ip-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-III-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## OV-V-pkc-skc implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | neon | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

562
docs/algorithms/sig/uov.yml
View File

@ -1,562 +0,0 @@
name: UOV
type: signature
principal-submitters:
- Ward Beullens
- Ming-Shing Chen
- Jintai Ding
- Boru Gong
- Matthias J. Kannwischer
- Jacques Patarin
- Bo-Yuan Peng
- Dieter Schmidt
- Cheng-Jhih Shih
- Chengdong Tao
- Bo-Yin Yang
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://www.uovsig.org/
nist-round: 2
spec-version: NIST Round 2 (February 2025)
primary-upstream:
source: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
spdx-license-identifier: CC0 OR Apache-2.0
parameter-sets:
- name: OV-Is
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 412160
length-secret-key: 348704
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 278432
length-secret-key: 237896
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 1225440
length-secret-key: 1044320
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 2869440
length-secret-key: 2436704
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Is-pkc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 66576
length-secret-key: 348704
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip-pkc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 43576
length-secret-key: 237896
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III-pkc
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 189232
length-secret-key: 1044320
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V-pkc
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 446992
length-secret-key: 2436704
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Is-pkc-skc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 66576
length-secret-key: 32
length-signature: 96
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-Ip-pkc-skc
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 43576
length-secret-key: 32
length-signature: 128
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-III-pkc-skc
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 189232
length-secret-key: 32
length-signature: 200
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: OV-V-pkc-skc
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 446992
length-secret-key: 32
length-signature: 260
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: neon
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

50
docs/algorithms/sig_stfl/lms.md
View File

@ -1,50 +0,0 @@
# LMS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash-based signatures.
- **Principal submitters**: Scott Fluhrer.
- **Auxiliary submitters**: C Martin, Maurice Hieronymus.
- **Authors' website**: https://www.rfc-editor.org/info/rfc8554
- **Specification version**: None.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/cisco/hash-sigs
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
| LMS_SHA256_H5_W1 | | | 60 | 64 | 8688 |
| LMS_SHA256_H5_W2 | | | 60 | 64 | 4464 |
| LMS_SHA256_H5_W4 | | | 60 | 64 | 2352 |
| LMS_SHA256_H5_W8 | | | 60 | 64 | 1296 |
| LMS_SHA256_H10_W1 | | | 60 | 64 | 8848 |
| LMS_SHA256_H10_W2 | | | 60 | 64 | 4624 |
| LMS_SHA256_H10_W4 | | | 60 | 64 | 2512 |
| LMS_SHA256_H10_W8 | | | 60 | 64 | 1456 |
| LMS_SHA256_H15_W1 | | | 60 | 64 | 9008 |
| LMS_SHA256_H15_W2 | | | 60 | 64 | 4784 |
| LMS_SHA256_H15_W4 | | | 60 | 64 | 2672 |
| LMS_SHA256_H15_W8 | | | 60 | 64 | 1616 |
| LMS_SHA256_H20_W1 | | | 60 | 64 | 9168 |
| LMS_SHA256_H20_W2 | | | 60 | 64 | 4944 |
| LMS_SHA256_H20_W4 | | | 60 | 64 | 2832 |
| LMS_SHA256_H20_W8 | | | 60 | 64 | 1776 |
| LMS_SHA256_H25_W1 | | | 60 | 64 | 9328 |
| LMS_SHA256_H25_W2 | | | 60 | 64 | 5104 |
| LMS_SHA256_H25_W4 | | | 60 | 64 | 2992 |
| LMS_SHA256_H25_W8 | | | 60 | 64 | 1936 |
| LMS_SHA256_H5_W8_H5_W8 | | | 60 | 64 | 2644 |
| LMS_SHA256_H10_W4_H5_W8 | | | 60 | 64 | 2804 |
| LMS_SHA256_H10_W8_H5_W8 | | | 60 | 64 | 3860 |
| LMS_SHA256_H10_W2_H10_W2 | | | 60 | 64 | 9300 |
| LMS_SHA256_H10_W4_H10_W4 | | | 60 | 64 | 5076 |
| LMS_SHA256_H10_W8_H10_W8 | | | 60 | 64 | 2964 |
| LMS_SHA256_H15_W8_H5_W8 | | | 60 | 64 | 2964 |
| LMS_SHA256_H15_W8_H10_W8 | | | 60 | 64 | 3124 |
| LMS_SHA256_H15_W8_H15_W8 | | | 60 | 64 | 3284 |
| LMS_SHA256_H20_W8_H5_W8 | | | 60 | 64 | 3124 |
| LMS_SHA256_H20_W8_H10_W8 | | | 60 | 64 | 3284 |
| LMS_SHA256_H20_W8_H15_W8 | | | 60 | 64 | 3444 |
| LMS_SHA256_H20_W8_H20_W8 | | | 60 | 64 | 3604 |

216
docs/algorithms/sig_stfl/lms.yml
View File

@ -1,216 +0,0 @@
name: LMS
type: stateful signature
principal-submitters:
- Scott Fluhrer
auxiliary-submitters:
- C Martin
- Maurice Hieronymus
crypto-assumption: hash-based signatures
website: https://www.rfc-editor.org/info/rfc8554
nist-round:
spec-version:
spdx-license-identifier:
primary-upstream:
source: https://github.com/cisco/hash-sigs
spdx-license-identifier: MIT
upstream-ancestors:
parameter-sets:
- name: LMS_SHA256_H5_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 8688
- name: LMS_SHA256_H5_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4464
- name: LMS_SHA256_H5_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2352
- name: LMS_SHA256_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1296
- name: LMS_SHA256_H10_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 8848
- name: LMS_SHA256_H10_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4624
- name: LMS_SHA256_H10_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2512
- name: LMS_SHA256_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1456
- name: LMS_SHA256_H15_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9008
- name: LMS_SHA256_H15_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4784
- name: LMS_SHA256_H15_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2672
- name: LMS_SHA256_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1616
- name: LMS_SHA256_H20_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9168
- name: LMS_SHA256_H20_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 4944
- name: LMS_SHA256_H20_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2832
- name: LMS_SHA256_H20_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1776
- name: LMS_SHA256_H25_W1
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9328
- name: LMS_SHA256_H25_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 5104
- name: LMS_SHA256_H25_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2992
- name: LMS_SHA256_H25_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 1936
- name: LMS_SHA256_H5_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2644
- name: LMS_SHA256_H10_W4_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2804
- name: LMS_SHA256_H10_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3860
- name: LMS_SHA256_H10_W2_H10_W2
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 9300
- name: LMS_SHA256_H10_W4_H10_W4
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 5076
- name: LMS_SHA256_H10_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2964
- name: LMS_SHA256_H15_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 2964
- name: LMS_SHA256_H15_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3124
- name: LMS_SHA256_H15_W8_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3284
- name: LMS_SHA256_H20_W8_H5_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3124
- name: LMS_SHA256_H20_W8_H10_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3284
- name: LMS_SHA256_H20_W8_H15_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3444
- name: LMS_SHA256_H20_W8_H20_W8
claimed-nist-level:
claimed-security:
length-public-key: 60
length-secret-key: 64
length-signature: 3604

29
docs/algorithms/sig_stfl/sig_stfl.md
View File

@ -1,29 +0,0 @@
# **Stateful Hash Based Signatures**
The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built.
NIST recommendation is that they are suitable for near term use to mitigate against attacks mounted by quantum computers.
While not a general purpose solution, they are useful means to authenticate boot or firmware images.
<ins>**General**</ins>
This package provides full support for a variety of variants for XMSS and LMS.
Key generation, signature generation, and signature verification.
Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
Multiple signing with same key can reveal that key to an attacker.
Because of this, NIST recommends that key and signature generation be done in hardware security modules.
Having said that, this library is fully functional for research purposes. Secret keys are incremented after each sign operation.
However, secure storage and lifecycle management of the secret keys are left to applications using this feature.
Secret key storage is easily done by supplying a callback function to the library. This callback is invoked to store the secret key.
<ins>**Key State Management**</ins>
Application writers have to supply callback functions to store and update secret keys.
After a sign operation the secret key index is advanced and stored. This ensures one-time use of the key.
Signing operations will fail without this callback set because the private key cannot be advanced (to prevent reuse).
Stateful keys can generate a finite number of signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated.
When the counter is down to 0, signature generation fails. Applications can query the remaining count via an API.

53
docs/algorithms/sig_stfl/xmss.md
View File

@ -1,53 +0,0 @@
# XMSS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hash-based signatures.
- **Principal submitters**: Joost Rijneveld, A. Huelsing, David Cooper, Bas Westerbaan.
- **Authors' website**: https://www.rfc-editor.org/info/rfc8391
- **Specification version**: None.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/XMSS/xmss-reference
- **Implementation license (SPDX-Identifier)**: (Apache-2.0 OR MIT) AND CC0-1.0
## Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:----------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
| XMSS-SHA2_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHA2_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHA2_20_256 | | | 64 | 2573 | 2820 |
| XMSS-SHAKE_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHAKE_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHAKE_20_256 | | | 64 | 2573 | 2820 |
| XMSS-SHA2_10_512 | | | 128 | 2653 | 9092 |
| XMSS-SHA2_16_512 | | | 128 | 4045 | 9476 |
| XMSS-SHA2_20_512 | | | 128 | 2653 | 9732 |
| XMSS-SHAKE_10_512 | | | 128 | 2653 | 9092 |
| XMSS-SHAKE_16_512 | | | 128 | 4045 | 9476 |
| XMSS-SHAKE_20_512 | | | 128 | 4973 | 9732 |
| XMSS-SHA2_10_192 | | | 48 | 1053 | 1492 |
| XMSS-SHA2_16_192 | | | 48 | 1605 | 1636 |
| XMSS-SHA2_20_192 | | | 48 | 1973 | 1732 |
| XMSS-SHAKE256_10_192 | | | 48 | 1053 | 1492 |
| XMSS-SHAKE256_16_192 | | | 48 | 1605 | 1636 |
| XMSS-SHAKE256_20_192 | | | 48 | 1973 | 1732 |
| XMSS-SHAKE256_10_256 | | | 64 | 1373 | 2500 |
| XMSS-SHAKE256_16_256 | | | 64 | 2093 | 2692 |
| XMSS-SHAKE256_20_256 | | | 64 | 2573 | 2820 |
| XMSSMT-SHA2_20/2_256 | | | 64 | 5998 | 4963 |
| XMSSMT-SHA2_20/4_256 | | | 64 | 10938 | 9251 |
| XMSSMT-SHA2_40/2_256 | | | 64 | 9600 | 5605 |
| XMSSMT-SHA2_40/4_256 | | | 64 | 15252 | 9893 |
| XMSSMT-SHA2_40/8_256 | | | 64 | 24516 | 18469 |
| XMSSMT-SHA2_60/3_256 | | | 64 | 16629 | 8392 |
| XMSSMT-SHA2_60/6_256 | | | 64 | 24507 | 14824 |
| XMSSMT-SHA2_60/12_256 | | | 64 | 38095 | 27688 |
| XMSSMT-SHAKE_20/2_256 | | | 64 | 5998 | 4963 |
| XMSSMT-SHAKE_20/4_256 | | | 64 | 10938 | 9251 |
| XMSSMT-SHAKE_40/2_256 | | | 64 | 9600 | 5605 |
| XMSSMT-SHAKE_40/4_256 | | | 64 | 15252 | 9893 |
| XMSSMT-SHAKE_40/8_256 | | | 64 | 24516 | 18469 |
| XMSSMT-SHAKE_60/3_256 | | | 64 | 24516 | 8392 |
| XMSSMT-SHAKE_60/6_256 | | | 64 | 24507 | 14824 |
| XMSSMT-SHAKE_60/12_256 | | | 64 | 38095 | 27688 |

241
docs/algorithms/sig_stfl/xmss.yml
View File

@ -1,241 +0,0 @@
name: XMSS
type: stateful signature
principal-submitters:
- Joost Rijneveld
- A. Huelsing
- David Cooper
- Bas Westerbaan
auxiliary-submitters:
crypto-assumption: hash-based signatures
website: https://www.rfc-editor.org/info/rfc8391
nist-round:
spec-version:
spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
primary-upstream:
source: https://github.com/XMSS/xmss-reference
spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
upstream-ancestors:
parameter-sets:
- name: XMSS-SHA2_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHA2_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHA2_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSS-SHAKE_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHAKE_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHAKE_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSS-SHA2_10_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9092
- name: XMSS-SHA2_16_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4045
length-signature: 9476
- name: XMSS-SHA2_20_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9732
- name: XMSS-SHAKE_10_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 2653
length-signature: 9092
- name: XMSS-SHAKE_16_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4045
length-signature: 9476
- name: XMSS-SHAKE_20_512
claimed-nist-level:
claimed-security:
length-public-key: 128
length-secret-key: 4973
length-signature: 9732
- name: XMSS-SHA2_10_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1053
length-signature: 1492
- name: XMSS-SHA2_16_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1605
length-signature: 1636
- name: XMSS-SHA2_20_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1973
length-signature: 1732
- name: XMSS-SHAKE256_10_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1053
length-signature: 1492
- name: XMSS-SHAKE256_16_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1605
length-signature: 1636
- name: XMSS-SHAKE256_20_192
claimed-nist-level:
claimed-security:
length-public-key: 48
length-secret-key: 1973
length-signature: 1732
- name: XMSS-SHAKE256_10_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 1373
length-signature: 2500
- name: XMSS-SHAKE256_16_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2093
length-signature: 2692
- name: XMSS-SHAKE256_20_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 2573
length-signature: 2820
- name: XMSSMT-SHA2_20/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 5998
length-signature: 4963
- name: XMSSMT-SHA2_20/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 10938
length-signature: 9251
- name: XMSSMT-SHA2_40/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 9600
length-signature: 5605
- name: XMSSMT-SHA2_40/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 15252
length-signature: 9893
- name: XMSSMT-SHA2_40/8_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 18469
- name: XMSSMT-SHA2_60/3_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 16629
length-signature: 8392
- name: XMSSMT-SHA2_60/6_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24507
length-signature: 14824
- name: XMSSMT-SHA2_60/12_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 38095
length-signature: 27688
- name: XMSSMT-SHAKE_20/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 5998
length-signature: 4963
- name: XMSSMT-SHAKE_20/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 10938
length-signature: 9251
- name: XMSSMT-SHAKE_40/2_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 9600
length-signature: 5605
- name: XMSSMT-SHAKE_40/4_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 15252
length-signature: 9893
- name: XMSSMT-SHAKE_40/8_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 18469
- name: XMSSMT-SHAKE_60/3_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24516
length-signature: 8392
- name: XMSSMT-SHAKE_60/6_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 24507
length-signature: 14824
- name: XMSSMT-SHAKE_60/12_256
claimed-nist-level:
claimed-security:
length-public-key: 64
length-secret-key: 38095
length-signature: 27688

4939
docs/cbom.json
View File

File diff suppressed because it is too large Load Diff

61
flake.lock generated
View File

@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

94
flake.nix
View File

@ -1,94 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = {
self,
nixpkgs,
flake-utils,
}:
flake-utils.lib.eachDefaultSystem (system: let
name = "liboqs";
src = ./.;
pkgs = nixpkgs.legacyPackages.${system};
# Function to create compiler-specific package sets
mkPackageSet = compiler: let
# Override the stdenv to use the specified compiler
stdenv =
if compiler == "clang"
then pkgs.clangStdenv
else pkgs.stdenv;
mkLib = shared:
stdenv.mkDerivation {
inherit name src;
# for whatever reason, trying to 'fix' the CMake file causes a failure
dontFixCmake = true;
nativeBuildInputs = with pkgs;
[cmake ninja doxygen pkg-config graphviz]
++ (
if compiler == "clang"
then [pkgs.clang]
else [pkgs.gcc]
);
buildInputs = with pkgs; [openssl];
cmakeFlags = [
"-GNinja"
"-DOQS_DIST_BUILD=ON"
"-DOQS_BUILD_ONLY_LIB=ON"
"-DBUILD_SHARED_LIBS=${
if shared
then "ON"
else "OFF"
}"
"-DCMAKE_INSTALL_LIBDIR=lib"
"-DCMAKE_INSTALL_INCLUDEDIR=include"
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}"
"-DCMAKE_INSTALL_FULL_LIBDIR=${placeholder "out"}/lib"
"-DCMAKE_INSTALL_FULL_INCLUDEDIR=${placeholder "out"}/include"
];
};
in {
shared = mkLib true;
static = mkLib false;
};
# Create development shell for specified compiler
mkDevShell = compiler: let
packageSet = mkPackageSet compiler;
in
pkgs.mkShell {
inherit (packageSet.shared) nativeBuildInputs buildInputs;
# astyle formats C source code and alejandra formats nix source code
packages = with pkgs; [astyle alejandra];
shellHook = ''
export CMAKE_EXPORT_COMPILE_COMMANDS=1
echo "Using ${compiler} toolchain"
'';
};
in {
formatter = pkgs.alejandra;
packages = {
default = (mkPackageSet "gcc").shared; # default is gcc shared
gcc-shared = (mkPackageSet "gcc").shared;
clang-shared = (mkPackageSet "clang").shared;
gcc-static = (mkPackageSet "gcc").static;
clang-static = (mkPackageSet "clang").static;
};
# Development shells
devShells = {
default = mkDevShell "gcc";
gcc = mkDevShell "gcc";
clang = mkDevShell "clang";
};
});
}

9
scripts/build-android.sh
View File

@ -6,13 +6,12 @@ set -e
show_help() {
echo ""
echo " Usage: ./build-android <ndk-dir> -a [abi] -b [build-directory] -s [sdk-version] -f [extra-cmake-flags]"
echo " Usage: ./build-android <ndk-dir> -a [abi] -b [build-directory] -s [sdk-version]"
echo " ndk-dir: the directory of the Android NDK (required)"
echo " abi: the Android ABI to target for the build"
echo " build-directory: the directory in which to build the project"
echo " sdk-version: the minimum Android SDK version to target"
echo " extra-cmake-flags: extra flags to use for CMake configuration"
echo ""
exit 0
}
@ -53,13 +52,12 @@ MINSDKVERSION=21
BUILDDIR="build"
OPTIND=2
while getopts "a:s:b:f:" flag
while getopts "a:s:b:" flag
do
case $flag in
a) ABI=$OPTARG;;
s) MINSDKVERSION=$OPTARG;;
b) BUILDDIR=$OPTARG;;
f) EXTRAFLAGS="$OPTARG";;
*) exit 1
esac
done
@ -109,8 +107,7 @@ cmake .. -DOQS_USE_OPENSSL=OFF \
-DBUILD_SHARED_LIBS=ON \
-DCMAKE_TOOLCHAIN_FILE="$NDK"/build/cmake/android.toolchain.cmake \
-DANDROID_ABI="$ABI" \
-DANDROID_NATIVE_API_LEVEL="$MINSDKVERSION" \
$EXTRAFLAGS
-DANDROID_NATIVE_API_LEVEL="$MINSDKVERSION"
cmake --build ./
# Provide rudimentary information following build

8
scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.fragment
View File

@ -1,9 +1,5 @@
{% for family in instructions['kems'] %}
{%- if 'disable_by_default' in family and family['disable_by_default'] %}
option(OQS_ENABLE_KEM_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" OFF)
{%- else %}
option(OQS_ENABLE_KEM_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" ON)
{%- endif %}
{%- for scheme in family['schemes'] %}
cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_KEM_{{ family['name']|upper }}" OFF)
{%- if 'alias_scheme' in scheme %}
@ -13,11 +9,7 @@ cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_sche
{% endfor -%}
{% for family in instructions['sigs'] %}
{%- if 'disable_by_default' in family and family['disable_by_default'] %}
option(OQS_ENABLE_SIG_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" OFF)
{%- else %}
option(OQS_ENABLE_SIG_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" ON)
{%- endif %}
{%- for scheme in family['schemes'] %}
cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_SIG_{{ family['name']|upper }}" OFF)
{%- if 'alias_scheme' in scheme %}

23
scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.libjade
View File

@ -1,23 +0,0 @@
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
{% for family in instructions['kems'] %}
option(OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }} "Enable libjade implementation of {{ family['name'] }} algorithm family" ON)
{%- for scheme in family['schemes'] %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }}" OFF)
{%- endif -%}
{%- endfor %}
{% endfor -%}
{% for family in instructions['sigs'] %}
option(OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }} "Enable libjade implementation of {{ family['name'] }} algorithm family" ON)
{%- for scheme in family['schemes'] %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }}" OFF)
{%- endif -%}
{%- endfor %}
{% endfor -%}
endif()

12
scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.fragment
View File

@ -11,18 +11,6 @@ if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_U
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'CUDA' %}
{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
{% endif -%}
if(OQS_USE_CUPQC)
cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}

73
scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.libjade
View File

@ -1,73 +0,0 @@
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
{% for family in instructions['kems'] %}
{%- for scheme in family['schemes'] %}
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
{% endif -%}
if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
{% endif -%}
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%})))
{% if impl['upstream']['name'].endswith('pqclean') -%}
if(((CMAKE_C_COMPILER_ID STREQUAL "GNU") AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((CMAKE_CXX_COMPILER_ID STREQUAL "GNU") AND (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU")) AND (NOT (CMAKE_CXX_COMPILER_ID STREQUAL "GNU"))))
{%- endif %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
{%- endif %}
{% if impl['upstream']['name'].endswith('pqclean') -%}
else()
message(WARNING " ARM optimizations are not fully supported on this compiler version.")
endif()
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- endfor -%}
{%- endfor %}
{% endfor -%}
{% for family in instructions['sigs'] %}
{%- for scheme in family['schemes'] %}
{%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
{% endif -%}
if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
{% endif -%}
if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%}))
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
{%- if 'alias_scheme' in scheme %}
cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
{%- endif %}
endif()
{% if platform['operating_systems'] %}endif()
{% endif -%}
{%- endfor -%}
{%- endfor -%}
{%- endfor %}
{% endfor -%}
endif()

30
scripts/copy_from_upstream/copy_from_libjade.yml
View File

@ -1,30 +0,0 @@
# When adding an algorithm to copy_from_libjade.yml, the boolean
# 'libjade_implementation' and list of implementation 'libjade_implementations'
# must updated for the relevant algorithm in copy_from_upstream.yml
# Additionaly, the algorithm name must be appended to the GitHub repository
# environment variable LIBJADE_ALG_LIST.
jasmin_version: '2023.06.3'
upstreams:
-
name: libjade
git_url: https://github.com/formosa-crypto/libjade.git
git_branch: release/2023.05-2
git_commit: 4e15c1d221d025deca40edef2c762be9e3d346b7
kem_meta_path: 'src/crypto_kem/{family}/{pqclean_scheme}/META.yml'
kem_scheme_path: 'src/crypto_kem/{family}/{pqclean_scheme}'
patches: ['libjade-kyber-api.patch', 'libjade-kyber-meta.patch']
kems:
-
name: kyber
default_implementation: ref
upstream_location: libjade
schemes:
-
scheme: "512"
pqclean_scheme: kyber512
pretty_name_full: Kyber512
-
scheme: "768"
pqclean_scheme: kyber768
pretty_name_full: Kyber768
sigs: []

221
scripts/copy_from_upstream/copy_from_upstream.py
View File

@ -23,9 +23,8 @@ non_upstream_kems = 0
parser = argparse.ArgumentParser()
parser.add_argument("-v", "--verbosity", type=int)
parser.add_argument("-k", "--keep_data", action='store_true', help='Keep upstream code in the "repos" folder')
parser.add_argument("-d", "--delete", action='store_true', help='Delete untracked files from implementation directories')
parser.add_argument("operation", choices=["copy", "verify", "libjade"])
parser.add_argument("-k", "--keep_data", action='store_true')
parser.add_argument("operation", choices=["copy", "verify"])
args = parser.parse_args()
if args.verbosity:
@ -35,8 +34,6 @@ else:
keepdata = True if args.keep_data else False
delete = True if args.delete else False
if 'LIBOQS_DIR' not in os.environ:
print("Must set environment variable LIBOQS_DIR")
exit(1)
@ -68,27 +65,15 @@ def shell(command, expect=0):
if ret.returncode != expect:
raise Exception("'{}' failed with error {}. Expected {}.".format(" ".join(command), ret, expect))
# Generate template from specified scheme to replace old file in 'copy' mode
# but preserves additions made to file in prior runs of 'libjade' mode
def generator(destination_file_path, template_filename, delimiter, family, scheme_desired):
def generator(destination_file_path, template_filename, family, scheme_desired):
template = file_get_contents(
os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', template_filename))
f = copy.deepcopy(family)
contents = file_get_contents(os.path.join(os.environ['LIBOQS_DIR'], destination_file_path))
if scheme_desired != None:
f['schemes'] = [x for x in f['schemes'] if x == scheme_desired]
identifier = '{} OQS_COPY_FROM_{}_FRAGMENT_{}'.format(delimiter, 'LIBJADE', os.path.splitext(os.path.basename(template_filename))[0].upper())
if identifier in contents:
identifier_start, identifier_end = identifier + '_START', identifier + '_END'
contents = contents.split('\n')
libjade_contents = '\n'.join(contents[contents.index(identifier_start) + 1: contents.index(identifier_end)])
contents = jinja2.Template(template).render(f)
preamble = contents[:contents.find(identifier_start)]
postamble = contents[contents.find(identifier_end):]
contents = preamble + identifier_start + '\n' + libjade_contents + '\n' + postamble
else:
contents = jinja2.Template(template).render(f)
file_put_contents(destination_file_path, contents)
assert (len(f['schemes']) == 1)
# if scheme['implementation'] is not set, run over all implementations!
file_put_contents(destination_file_path, jinja2.Template(template).render(f))
def generator_all(filename, instructions):
@ -97,38 +82,24 @@ def generator_all(filename, instructions):
file_put_contents(filename, contents)
def replacer(filename, instructions, delimiter, libjade=False):
def replacer(filename, instructions, delimiter):
fragments = glob.glob(
os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', filename, '*.{}'.format('libjade' if libjade else 'fragment')))
os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', filename, '*.fragment'))
contents = file_get_contents(os.path.join(os.environ['LIBOQS_DIR'], filename))
for fragment in fragments:
template = file_get_contents(fragment)
identifier = os.path.splitext(os.path.basename(fragment))[0]
identifier_start = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_START'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
identifier_end = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_END'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
identifier_start = '{} OQS_COPY_FROM_UPSTREAM_FRAGMENT_{}_START'.format(delimiter, identifier.upper())
identifier_end = '{} OQS_COPY_FROM_UPSTREAM_FRAGMENT_{}_END'.format(delimiter, identifier.upper())
preamble = contents[:contents.find(identifier_start)]
postamble = contents[contents.find(identifier_end):]
contents = preamble + identifier_start + jinja2.Template(template).render(
{'instructions': instructions, 'non_upstream_kems': non_upstream_kems}) + postamble
file_put_contents(os.path.join(os.environ['LIBOQS_DIR'], filename), contents)
def replacer_contextual(destination_file_path, template_file_path, delimiter, family, scheme_desired, libjade=False):
contents = file_get_contents(destination_file_path)
template = file_get_contents(template_file_path)
identifier = os.path.basename(template_file_path).split(os.extsep)[0]
identifier_start = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_START'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
identifier_end = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_END'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
f = copy.deepcopy(family)
if scheme_desired != None:
f['schemes'] = [x for x in f['schemes'] if x == scheme_desired]
preamble = contents[:contents.find(identifier_start)]
postamble = contents[contents.find(identifier_end):]
contents = preamble + identifier_start + jinja2.Template(template).render(f) + postamble
file_put_contents(destination_file_path, contents)
def load_instructions(file='copy_from_upstream.yml'):
def load_instructions():
instructions = file_get_contents(
os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', file),
os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', 'copy_from_upstream.yml'),
encoding='utf-8')
instructions = yaml.safe_load(instructions)
upstreams = {}
@ -147,24 +118,10 @@ def load_instructions(file='copy_from_upstream.yml'):
if not os.path.exists(work_dotgit):
shell(['git', 'init', work_dir])
shell(['git', '--git-dir', work_dotgit, 'remote', 'add', 'origin', upstream_git_url])
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'remote', 'set-url', 'origin', upstream_git_url])
if file == 'copy_from_libjade.yml':
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'fetch', '--depth=1', 'origin', upstream_git_branch])
else:
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'fetch', '--depth=1', 'origin', upstream_git_commit])
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'reset', '--hard', upstream_git_commit])
if file == 'copy_from_libjade.yml':
try:
version = subprocess.run(['jasminc', '-version'], capture_output=True).stdout.decode('utf-8').strip().split(' ')[-1]
if version != instructions['jasmin_version']:
print('Expected Jasmin compiler version {}; got version {}.'.format(instructions['jasmin_version'], version))
print('Must use Jasmin complier version {} or update copy_from_libjade.yml.'.format(instructions['jasmin_version']))
exit(1)
except FileNotFoundError:
print('Jasmin compiler not found; must add `jasminc` to PATH.')
exit(1)
shell(['make', '-C', os.path.join(work_dir, 'src')])
if 'patches' in upstream:
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'remote', 'set-url', 'origin', upstream_git_url])
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'fetch', '--depth=1', 'origin', upstream_git_commit])
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'reset', '--hard', upstream_git_commit])
if 'patches' in upstream:
for patch in upstream['patches']:
patch_file = os.path.join('patches', patch)
shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'apply', '--whitespace=fix', '--directory', work_dir, patch_file])
@ -195,13 +152,10 @@ def load_instructions(file='copy_from_upstream.yml'):
family['common_deps_usedby'] = {}
family['all_required_flags'] = set()
for scheme in family['schemes']:
scheme['family'] = family['name']
if not 'upstream_location' in scheme:
scheme['upstream_location'] = family['upstream_location']
if (not 'arch_specific_upstream_locations' in scheme) and 'arch_specific_upstream_locations' in family:
scheme['arch_specific_upstream_locations'] = family['arch_specific_upstream_locations']
if (not 'derandomized_keypair' in scheme) and 'derandomized_keypair' in family:
scheme['derandomized_keypair'] = family['derandomized_keypair']
if not 'git_commit' in scheme:
scheme['git_commit'] = upstreams[scheme['upstream_location']]['git_commit']
if not 'git_branch' in scheme:
@ -370,12 +324,7 @@ def load_instructions(file='copy_from_upstream.yml'):
raise RuntimeError("Found duplicate arch {} in scheme {}".format(arch, scheme))
scheme['scheme_paths'][arch] = (os.path.join('repos', location,
upstreams[location]['sig_scheme_path'].format_map(scheme)))
# assume EUF-CMA for schemes that don't specify a security classification
scheme['metadata']['euf_cma'] = 'true'
scheme['metadata']['suf_cma'] = 'false'
if 'claimed-security' in metadata:
if metadata['claimed-security'] == "SUF-CMA":
scheme['metadata']['suf_cma'] = 'true'
scheme['pqclean_scheme_c'] = scheme['pqclean_scheme'].replace('-', '')
scheme['scheme_c'] = scheme['scheme'].replace('-', '')
scheme['default_implementation'] = family['default_implementation']
@ -398,7 +347,6 @@ def load_instructions(file='copy_from_upstream.yml'):
return instructions
# Copy over all files for a given impl in a family using scheme
# Returns list of all relative source files
def handle_common_deps(common_dep, family, dst_basedir):
@ -476,54 +424,30 @@ def handle_implementation(impl, family, scheme, dst_basedir):
of = impl
origfolder = os.path.join(scheme['scheme_paths'][impl], of)
upstream_location = i['upstream']['name']
shutil.rmtree(os.path.join(dst_basedir, 'src', family['type'], family['name'],
'{}_{}_{}'.format(upstream_location, scheme['pqclean_scheme'], impl)),
ignore_errors=True)
srcfolder = os.path.join(dst_basedir, 'src', family['type'], family['name'],
'{}_{}_{}'.format(upstream_location, scheme['pqclean_scheme'], impl))
shutil.rmtree(srcfolder, ignore_errors=True)
# Don't copy from PQClean straight but check for origfile list
try:
os.mkdir(srcfolder)
except FileExistsError as fee:
print(fee)
pass
if upstream_location == 'libjade':
# Flatten directory structure while copying relevant files from libjade repo
for root, _, files in os.walk(origfolder):
for file in files:
if os.path.splitext(file)[1] in ['.c', '.h']:
source_path = os.path.join(root, file)
dest_path = os.path.join(srcfolder, file)
subprocess.run(['cp', source_path, dest_path])
if os.path.splitext(file)[1] in ['.s']:
file_name, file_ext = os.path.splitext(file)
new_file = ''.join([file_name, file_ext.upper()])
source_path = os.path.join(root, file)
dest_path = os.path.join(srcfolder, new_file)
subprocess.run(['cp', source_path, dest_path])
# determine list of files to copy:
if 'sources' in i:
srcs = i['sources'].split(" ")
for s in srcs:
# Copy recursively only in case of directories not with plain files to avoid copying over symbolic links
if os.path.isfile(os.path.join(origfolder, s)):
subprocess.run(['cp', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
else:
subprocess.run(
['cp', '-r', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
else:
# determine list of files to copy:
if 'sources' in i:
if i['sources']:
preserve_folder_structure = ('preserve_folder_structure' in i['upstream']) and i['upstream']['preserve_folder_structure'] == True
srcs = i['sources'].split(" ")
for s in srcs:
# Copy recursively only in case of directories not with plain files to avoid copying over symbolic links
if os.path.isfile(os.path.join(origfolder, s)):
if preserve_folder_structure:
subprocess.run(['mkdir', '-p', os.path.join(srcfolder, os.path.dirname(s))])
subprocess.run(['cp', os.path.join(origfolder, s), os.path.join(srcfolder, s)])
else:
subprocess.run(['cp', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
else:
if preserve_folder_structure:
subprocess.run(
['cp', '-r', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.dirname(s))])
else:
subprocess.run(
['cp', '-r', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
else:
subprocess.run(['cp', '-pr', os.path.join(origfolder, '.'), srcfolder])
# raise Exception("Malformed YML file: No sources listed to copy. Check upstream YML file." )
subprocess.run(['cp', '-pr', os.path.join(origfolder, '.'), srcfolder])
# raise Exception("Malformed YML file: No sources listed to copy. Check upstream YML file." )
else:
raise Exception("Mandatory argument upstream_location is missing")
@ -559,25 +483,11 @@ def handle_implementation(impl, family, scheme, dst_basedir):
return [x[len(srcfolder) + 1:] for x in ffs]
def process_families(instructions, basedir, with_kat, with_generator, with_libjade=False):
def process_families(instructions, basedir, with_kat, with_generator):
for family in instructions['kems'] + instructions['sigs']:
try:
os.makedirs(os.path.join(basedir, 'src', family['type'], family['name']))
except:
if delete:
# clear out all subdirectories
with os.scandir(os.path.join(basedir, 'src', family['type'], family['name'])) as ls:
for entry in ls:
if entry.is_dir(follow_symlinks=False):
if with_libjade:
if not entry.name.startswith('libjade'):
continue
elif entry.name.startswith('libjade'):
continue
to_rm = os.path.join(basedir, 'src', family['type'], family['name'], entry.name)
if DEBUG > 3:
print("removing %s" % to_rm)
shutil.rmtree(to_rm)
pass
if 'common_deps' in family:
for common_dep in family['common_deps']:
@ -616,15 +526,14 @@ def process_families(instructions, basedir, with_kat, with_generator, with_libja
# when provided to the compiler; OQS uses the term ARM_NEON
if req['architecture'] == 'arm_8':
req['architecture'] = 'ARM64_V8'
if 'required_flags' in req:
if req['architecture'] == 'ARM64_V8' and 'asimd' in req['required_flags']:
req['required_flags'].remove('asimd')
req['required_flags'].append('arm_neon')
if req['architecture'] == 'ARM64_V8' and 'sha3' in req['required_flags']:
req['required_flags'].remove('sha3')
req['required_flags'].append('arm_sha3')
impl['required_flags'] = req['required_flags']
family['all_required_flags'].update(req['required_flags'])
if req['architecture'] == 'ARM64_V8' and 'asimd' in req['required_flags']:
req['required_flags'].remove('asimd')
req['required_flags'].append('arm_neon')
if req['architecture'] == 'ARM64_V8' and 'sha3' in req['required_flags']:
req['required_flags'].remove('sha3')
req['required_flags'].append('arm_sha3')
impl['required_flags'] = req['required_flags']
family['all_required_flags'].update(req['required_flags'])
except KeyError as ke:
if (impl['name'] != family['default_implementation']):
print("No required flags found for %s (KeyError %s on impl %s)" % (
@ -665,14 +574,12 @@ def process_families(instructions, basedir, with_kat, with_generator, with_libja
os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'],
family['type'] + '_{}.h'.format(family['name'])),
os.path.join('src', family['type'], 'family', family['type'] + '_family.h'),
'/////',
family,
None,
)
generator(
os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'], 'CMakeLists.txt'),
os.path.join('src', family['type'], 'family', 'CMakeLists.txt'),
'#####',
family,
None,
)
@ -682,28 +589,16 @@ def process_families(instructions, basedir, with_kat, with_generator, with_libja
os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'],
family['type'] + '_{}_{}.c'.format(family['name'], scheme['scheme_c'])),
os.path.join('src', family['type'], 'family', family['type'] + '_scheme.c'),
'/////',
family,
scheme,
)
if with_libjade:
replacer_contextual(
os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'], 'CMakeLists.txt'),
os.path.join('src', family['type'], 'family', 'CMakeLists.txt.libjade'),
'#####',
family,
None,
libjade=True
)
def copy_from_upstream():
for t in ["kem", "sig"]:
with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), 'r') as fp:
kats[t] = json.load(fp)
instructions = load_instructions('copy_from_upstream.yml')
instructions = load_instructions()
process_families(instructions, os.environ['LIBOQS_DIR'], True, True)
replacer('.CMake/alg_support.cmake', instructions, '#####')
replacer('CMakeLists.txt', instructions, '#####')
@ -729,36 +624,6 @@ def copy_from_upstream():
if not keepdata:
shutil.rmtree('repos')
# Copy algorithms from libjade specified in copy_from_libjade.yml, apply
# patches and generate select templates
# Can be run independant of 'copy' mode.
# When adding an algorithm to copy_from_libjade.yml, the boolean
# 'libjade_implementation' and list of implementation 'libjade_implementations'
# must updated for the relevant algorithm in copy_from_upstream.yml
def copy_from_libjade():
for t in ["kem", "sig"]:
with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), 'r') as fp:
kats[t] = json.load(fp)
instructions = load_instructions('copy_from_libjade.yml')
process_families(instructions, os.environ['LIBOQS_DIR'], True, False, True)
replacer('.CMake/alg_support.cmake', instructions, '#####', libjade=True)
replacer('src/oqsconfig.h.cmake', instructions, '/////', libjade=True)
for t in ["kem", "sig"]:
with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f:
json.dump(kats[t], f, indent=2, sort_keys=True)
update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR'], upstream_location='libjade')
sys.path.insert(1, os.path.join(os.environ['LIBOQS_DIR'], 'scripts'))
import update_docs_from_yaml
import update_cbom
update_docs_from_yaml.do_it(os.environ['LIBOQS_DIR'])
update_cbom.update_cbom_if_algs_not_changed(os.environ['LIBOQS_DIR'], "git")
if not keepdata:
shutil.rmtree('repos')
def verify_from_upstream():
instructions = load_instructions()
basedir = "verify_from_upstream"
@ -777,7 +642,7 @@ def verify_from_upstream():
'{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
verifydir = os.path.join(basedir, 'src', family['type'], family['name'],
'{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
if not os.path.isdir(oqsdir) and os.path.isdir(verifydir):
if not os.path.isdir(oqsdir) and os.path.isdir(erifydir):
print('Available implementation in upstream that isn\'t integrated into LIBOQS: {}_{}_{}'.format(impl['upstream']['name'],
scheme['pqclean_scheme'], impl))
else:
@ -836,7 +701,5 @@ non_upstream_kems = count_non_upstream_kems(['bike', 'frodokem', 'ntruprime'])
if args.operation == "copy":
copy_from_upstream()
elif args.operation == "libjade":
copy_from_libjade()
elif args.operation == "verify":
verify_from_upstream()

376
scripts/copy_from_upstream/copy_from_upstream.yml
View File

@ -8,14 +8,13 @@ upstreams:
sig_meta_path: 'crypto_sign/{pqclean_scheme}/META.yml'
kem_scheme_path: 'crypto_kem/{pqclean_scheme}'
sig_scheme_path: 'crypto_sign/{pqclean_scheme}'
patches: [pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch, pqclean-kyber-armneon-variable-timing-fix.patch,
pqclean-kyber-armneon-asan.patch]
patches: [pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch, pqclean-kyber-armneon-variable-timing-fix.patch]
ignore: pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256f-simple_aarch64, pqclean_sphincs-shake-192s-simple_aarch64, pqclean_sphincs-shake-192f-simple_aarch64, pqclean_sphincs-shake-128s-simple_aarch64, pqclean_sphincs-shake-128f-simple_aarch64
-
name: pqclean
git_url: https://github.com/PQClean/PQClean.git
git_branch: master
git_commit: 1eacfdafc15ddc5d5759d0b85b4cef26627df181
git_commit: 8e221ae797b229858a0b0d784577a8cb149d5789
kem_meta_path: 'crypto_kem/{pqclean_scheme}/META.yml'
sig_meta_path: 'crypto_sign/{pqclean_scheme}/META.yml'
kem_scheme_path: 'crypto_kem/{pqclean_scheme}'
@ -31,21 +30,13 @@ upstreams:
kem_scheme_path: '.'
patches: [pqcrystals-kyber-yml.patch, pqcrystals-kyber-ref-shake-aes.patch, pqcrystals-kyber-avx2-shake-aes.patch]
-
name: mlkem-native
git_url: https://github.com/pq-code-package/mlkem-native.git
git_branch: v1.0.0
git_commit: 048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
kem_meta_path: 'integration/liboqs/{pretty_name_full}_META.yml'
kem_scheme_path: '.'
preserve_folder_structure: True
-
name: cupqc
git_url: https://github.com/open-quantum-safe/liboqs-cupqc-meta.git
git_branch: main
git_commit: b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
name: pqcrystals-kyber-standard
git_url: https://github.com/pq-crystals/kyber.git
git_branch: standard
git_commit: d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
kem_meta_path: '{pretty_name_full}_META.yml'
kem_scheme_path: '.'
patches: []
patches: [pqcrystals-ml_kem_ipd.patch]
-
name: pqcrystals-dilithium
git_url: https://github.com/pq-crystals/dilithium.git
@ -53,44 +44,15 @@ upstreams:
git_commit: 3e9b9f1412f6c7435dbeb4e10692ea58f181ee51
sig_meta_path: '{pretty_name_full}_META.yml'
sig_scheme_path: '.'
patches: [pqcrystals-dilithium-yml.patch, pqcrystals-dilithium-ref-shake-aes.patch, pqcrystals-dilithium-avx2-shake-aes.patch, pqcrystals-dilithium-SUF-CMA.patch]
patches: [pqcrystals-dilithium-yml.patch, pqcrystals-dilithium-ref-shake-aes.patch, pqcrystals-dilithium-avx2-shake-aes.patch]
-
name: pqcrystals-dilithium-standard
git_url: https://github.com/pq-crystals/dilithium.git
git_branch: master
git_commit: 444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
git_branch: standard
git_commit: e7bed6258b9a3703ce78d4ec38021c86382ce31c
sig_meta_path: '{pretty_name_full}_META.yml'
sig_scheme_path: '.'
patches: [pqcrystals-ml_dsa.patch, pqcrystals-ml_dsa-SUF-CMA.patch]
-
name: pqmayo
git_url: https://github.com/PQCMayo/MAYO-C.git
git_branch: main
git_commit: 4b7cd94c96b9522864efe40c6ad1fa269584a807
sig_meta_path: 'META/{pretty_name_full}_META.yml'
sig_scheme_path: '.'
patches: [pqmayo-aes.patch, pqmayo-mem.patch]
-
name: upcross
git_url: https://github.com/CROSS-signature/CROSS-lib-oqs.git
git_branch: master
git_commit: efd17279e75308b000bda7c7f58866620d652bc1
sig_meta_path: 'generate/crypto_sign/{pqclean_scheme}/META.yml'
sig_scheme_path: 'generate/crypto_sign/{pqclean_scheme}'
-
name: pqov
git_url: https://github.com/pqov/pqov.git
git_branch: main
git_commit: 7e0832b6732a476119742c4acabd11b7c767aefb
sig_scheme_path: '.'
sig_meta_path: 'integration/liboqs/{pretty_name_full}_META.yml'
-
name: snova
git_url: https://github.com/vacuas/SNOVA-OQS
git_branch: main
git_commit: 1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
sig_scheme_path: '.'
sig_meta_path: 'liboqs/META/{pretty_name_full}_META.yml'
patches: [pqcrystals-ml_dsa_ipd.patch]
kems:
-
name: classic_mceliece
@ -141,7 +103,6 @@ kems:
name: hqc
default_implementation: clean
upstream_location: pqclean
disable_by_default: True
schemes:
-
scheme: "128"
@ -158,7 +119,6 @@ kems:
-
name: kyber
default_implementation: ref
libjade_implementation: True
arch_specific_implementations:
aarch64: aarch64
upstream_location: pqcrystals-kyber
@ -169,45 +129,37 @@ kems:
scheme: "512"
pqclean_scheme: kyber512
pretty_name_full: Kyber512
libjade_implementation: True
libjade_implementations:
- ref
- avx2
-
scheme: "768"
pqclean_scheme: kyber768
pretty_name_full: Kyber768
libjade_implementation: True
libjade_implementations:
- ref
- avx2
-
scheme: "1024"
pqclean_scheme: kyber1024
pretty_name_full: Kyber1024
libjade_implementation: False
-
name: ml_kem
default_implementation: ref
arch_specific_implementations:
cuda: cuda
arch_specific_upstream_locations:
cuda: cupqc
upstream_location: mlkem-native
derandomized_keypair: true
upstream_location: pqcrystals-kyber-standard
schemes:
-
scheme: "512"
pqclean_scheme: ml-kem-512
pretty_name_full: ML-KEM-512
scheme: "512_ipd"
pqclean_scheme: ml-kem-512-ipd
pretty_name_full: ML-KEM-512-ipd
alias_scheme: "512"
alias_pretty_name_full: ML-KEM-512
-
scheme: "768"
pqclean_scheme: ml-kem-768
pretty_name_full: ML-KEM-768
scheme: "768_ipd"
pqclean_scheme: ml-kem-768-ipd
pretty_name_full: ML-KEM-768-ipd
alias_scheme: "768"
alias_pretty_name_full: ML-KEM-768
-
scheme: "1024"
pqclean_scheme: ml-kem-1024
pretty_name_full: ML-KEM-1024
scheme: "1024_ipd"
pqclean_scheme: ml-kem-1024-ipd
pretty_name_full: ML-KEM-1024-ipd
alias_scheme: "1024"
alias_pretty_name_full: ML-KEM-1024
sigs:
-
name: dilithium
@ -239,20 +191,26 @@ sigs:
upstream_location: pqcrystals-dilithium-standard
schemes:
-
scheme: "44"
pqclean_scheme: ml-dsa-44
pretty_name_full: ML-DSA-44
scheme: "44_ipd"
pqclean_scheme: ml-dsa-44-ipd
pretty_name_full: ML-DSA-44-ipd
signed_msg_order: sig_then_msg
alias_scheme: "44"
alias_pretty_name_full: ML-DSA-44
-
scheme: "65"
pqclean_scheme: ml-dsa-65
pretty_name_full: ML-DSA-65
scheme: "65_ipd"
pqclean_scheme: ml-dsa-65-ipd
pretty_name_full: ML-DSA-65-ipd
signed_msg_order: sig_then_msg
alias_scheme: "65"
alias_pretty_name_full: ML-DSA-65
-
scheme: "87"
pqclean_scheme: ml-dsa-87
pretty_name_full: ML-DSA-87
scheme: "87_ipd"
pqclean_scheme: ml-dsa-87-ipd
pretty_name_full: ML-DSA-87-ipd
signed_msg_order: sig_then_msg
alias_scheme: "87"
alias_pretty_name_full: ML-DSA-87
-
name: falcon
default_implementation: clean
@ -343,253 +301,3 @@ sigs:
pqclean_scheme: sphincs-shake-256s-simple
pretty_name_full: SPHINCS+-SHAKE-256s-simple
signed_msg_order: sig_then_msg
-
name: mayo
default_implementation: opt
upstream_location: pqmayo
schemes:
-
scheme: "1"
pqclean_scheme: mayo-1
pretty_name_full: MAYO-1
signed_msg_order: sig_then_msg
-
scheme: "2"
pqclean_scheme: mayo-2
pretty_name_full: MAYO-2
signed_msg_order: sig_then_msg
-
scheme: "3"
pqclean_scheme: mayo-3
pretty_name_full: MAYO-3
signed_msg_order: sig_then_msg
-
scheme: "5"
pqclean_scheme: mayo-5
pretty_name_full: MAYO-5
signed_msg_order: sig_then_msg
-
name: cross
default_implementation: clean
upstream_location: upcross
schemes:
-
scheme: "rsdp_128_balanced"
pqclean_scheme: cross-rsdp-128-balanced
pretty_name_full: cross-rsdp-128-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdp_128_fast"
pqclean_scheme: cross-rsdp-128-fast
pretty_name_full: cross-rsdp-128-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdp_128_small"
pqclean_scheme: cross-rsdp-128-small
pretty_name_full: cross-rsdp-128-small
signed_msg_order: msg_then_sig
-
scheme: "rsdp_192_balanced"
pqclean_scheme: cross-rsdp-192-balanced
pretty_name_full: cross-rsdp-192-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdp_192_fast"
pqclean_scheme: cross-rsdp-192-fast
pretty_name_full: cross-rsdp-192-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdp_192_small"
pqclean_scheme: cross-rsdp-192-small
pretty_name_full: cross-rsdp-192-small
signed_msg_order: msg_then_sig
-
scheme: "rsdp_256_balanced"
pqclean_scheme: cross-rsdp-256-balanced
pretty_name_full: cross-rsdp-256-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdp_256_fast"
pqclean_scheme: cross-rsdp-256-fast
pretty_name_full: cross-rsdp-256-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdp_256_small"
pqclean_scheme: cross-rsdp-256-small
pretty_name_full: cross-rsdp-256-small
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_128_balanced"
pqclean_scheme: cross-rsdpg-128-balanced
pretty_name_full: cross-rsdpg-128-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_128_fast"
pqclean_scheme: cross-rsdpg-128-fast
pretty_name_full: cross-rsdpg-128-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_128_small"
pqclean_scheme: cross-rsdpg-128-small
pretty_name_full: cross-rsdpg-128-small
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_192_balanced"
pqclean_scheme: cross-rsdpg-192-balanced
pretty_name_full: cross-rsdpg-192-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_192_fast"
pqclean_scheme: cross-rsdpg-192-fast
pretty_name_full: cross-rsdpg-192-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_192_small"
pqclean_scheme: cross-rsdpg-192-small
pretty_name_full: cross-rsdpg-192-small
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_256_balanced"
pqclean_scheme: cross-rsdpg-256-balanced
pretty_name_full: cross-rsdpg-256-balanced
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_256_fast"
pqclean_scheme: cross-rsdpg-256-fast
pretty_name_full: cross-rsdpg-256-fast
signed_msg_order: msg_then_sig
-
scheme: "rsdpg_256_small"
pqclean_scheme: cross-rsdpg-256-small
pretty_name_full: cross-rsdpg-256-small
signed_msg_order: msg_then_sig
-
name: uov
default_implementation: ref
upstream_location: pqov
schemes:
-
scheme: "ov_Is"
pqclean_scheme: ov_Is
pretty_name_full: OV-Is
signed_msg_order: msg_then_sig
-
scheme: "ov_Ip"
pqclean_scheme: ov_Ip
pretty_name_full: OV-Ip
signed_msg_order: msg_then_sig
-
scheme: "ov_III"
pqclean_scheme: ov_III
pretty_name_full: OV-III
signed_msg_order: msg_then_sig
-
scheme: "ov_V"
pqclean_scheme: ov_V
pretty_name_full: OV-V
signed_msg_order: msg_then_sig
-
scheme: "ov_Is_pkc"
pqclean_scheme: ov_Is_pkc
pretty_name_full: OV-Is-pkc
signed_msg_order: msg_then_sig
-
scheme: "ov_Ip_pkc"
pqclean_scheme: ov_Ip_pkc
pretty_name_full: OV-Ip-pkc
signed_msg_order: msg_then_sig
-
scheme: "ov_III_pkc"
pqclean_scheme: ov_III_pkc
pretty_name_full: OV-III-pkc
signed_msg_order: msg_then_sig
-
scheme: "ov_V_pkc"
pqclean_scheme: ov_V_pkc
pretty_name_full: OV-V-pkc
signed_msg_order: msg_then_sig
-
scheme: "ov_Is_pkc_skc"
pqclean_scheme: ov_Is_pkc_skc
pretty_name_full: OV-Is-pkc-skc
signed_msg_order: msg_then_sig
-
scheme: "ov_Ip_pkc_skc"
pqclean_scheme: ov_Ip_pkc_skc
pretty_name_full: OV-Ip-pkc-skc
signed_msg_order: msg_then_sig
-
scheme: "ov_III_pkc_skc"
pqclean_scheme: ov_III_pkc_skc
pretty_name_full: OV-III-pkc-skc
signed_msg_order: msg_then_sig
-
scheme: "ov_V_pkc_skc"
pqclean_scheme: ov_V_pkc_skc
pretty_name_full: OV-V-pkc-skc
signed_msg_order: msg_then_sig
-
name: snova
default_implementation: opt
upstream_location: snova
schemes:
-
scheme: "SNOVA_24_5_4"
pqclean_scheme: SNOVA_24_5_4
pretty_name_full: SNOVA_24_5_4
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_24_5_4_SHAKE"
pqclean_scheme: SNOVA_24_5_4_SHAKE
pretty_name_full: SNOVA_24_5_4_SHAKE
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_24_5_4_esk"
pqclean_scheme: SNOVA_24_5_4_esk
pretty_name_full: SNOVA_24_5_4_esk
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_24_5_4_SHAKE_esk"
pqclean_scheme: SNOVA_24_5_4_SHAKE_esk
pretty_name_full: SNOVA_24_5_4_SHAKE_esk
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_37_17_2"
pqclean_scheme: SNOVA_37_17_2
pretty_name_full: SNOVA_37_17_2
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_25_8_3"
pqclean_scheme: SNOVA_25_8_3
pretty_name_full: SNOVA_25_8_3
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_56_25_2"
pqclean_scheme: SNOVA_56_25_2
pretty_name_full: SNOVA_56_25_2
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_49_11_3"
pqclean_scheme: SNOVA_49_11_3
pretty_name_full: SNOVA_49_11_3
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_37_8_4"
pqclean_scheme: SNOVA_37_8_4
pretty_name_full: SNOVA_37_8_4
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_24_5_5"
pqclean_scheme: SNOVA_24_5_5
pretty_name_full: SNOVA_24_5_5
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_60_10_4"
pqclean_scheme: SNOVA_60_10_4
pretty_name_full: SNOVA_60_10_4
signed_msg_order: sig_then_msg
-
scheme: "SNOVA_29_6_5"
pqclean_scheme: SNOVA_29_6_5
pretty_name_full: SNOVA_29_6_5
signed_msg_order: sig_then_msg

305
scripts/copy_from_upstream/patches/libjade-kyber-api.patch
View File

@ -1,305 +0,0 @@
diff --git a/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c b/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c
new file mode 100644
index 0000000..78436e7
--- /dev/null
+++ b/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c
@@ -0,0 +1,20 @@
+#include <oqs/rand.h>
+#include "api.h"
+
+int libjade_kyber512_avx2_keypair(uint8_t *public_key, uint8_t *secret_key) {
+ uint8_t keypair_coins[JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES];
+ OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2);
+ OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2);
+ return jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(public_key, secret_key, keypair_coins);
+}
+
+int libjade_kyber512_avx2_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+ uint8_t enc_coins[JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES];
+ OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES);
+ return jade_kem_kyber_kyber512_amd64_avx2_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
+}
+
+int libjade_kyber512_avx2_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+ return jade_kem_kyber_kyber512_amd64_avx2_dec( shared_secret, ciphertext, secret_key);
+}
+
diff --git a/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h b/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
index 5148fd5..419112e 100644
--- a/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
+++ b/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
@@ -3,16 +3,8 @@
#include <stdint.h>
-#define JADE_KEM_kyber_kyber512_amd64_avx2_SECRETKEYBYTES 1632
-#define JADE_KEM_kyber_kyber512_amd64_avx2_PUBLICKEYBYTES 800
-#define JADE_KEM_kyber_kyber512_amd64_avx2_CIPHERTEXTBYTES 768
#define JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES 64
#define JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES 32
-#define JADE_KEM_kyber_kyber512_amd64_avx2_BYTES 32
-
-#define JADE_KEM_kyber_kyber512_amd64_avx2_ALGNAME "Kyber512"
-#define JADE_KEM_kyber_kyber512_amd64_avx2_ARCH "amd64"
-#define JADE_KEM_kyber_kyber512_amd64_avx2_IMPL "avx2"
int jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(
uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber512_amd64_avx2_keypair(
+int libjade_kyber512_avx2_keypair(
uint8_t *public_key,
uint8_t *secret_key
);
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber512_amd64_avx2_enc_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber512_amd64_avx2_enc(
+int libjade_kyber512_avx2_enc(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber512_amd64_avx2_dec(
const uint8_t *secret_key
);
+int libjade_kyber512_avx2_dec(
+ uint8_t *shared_secret,
+ const uint8_t *ciphertext,
+ const uint8_t *secret_key
+);
+
#endif
diff --git a/src/crypto_kem/kyber/kyber512/amd64/ref/api.c b/src/crypto_kem/kyber/kyber512/amd64/ref/api.c
new file mode 100644
index 0000000..e06e406
--- /dev/null
+++ b/src/crypto_kem/kyber/kyber512/amd64/ref/api.c
@@ -0,0 +1,20 @@
+#include <oqs/rand.h>
+#include "api.h"
+
+int libjade_kyber512_ref_keypair(uint8_t *public_key, uint8_t *secret_key) {
+ uint8_t keypair_coins[JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES];
+ OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2);
+ OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2);
+ return jade_kem_kyber_kyber512_amd64_ref_keypair_derand(public_key, secret_key, keypair_coins);
+}
+
+int libjade_kyber512_ref_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+ uint8_t enc_coins[JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES];
+ OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES);
+ return jade_kem_kyber_kyber512_amd64_ref_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
+}
+
+int libjade_kyber512_ref_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+ return jade_kem_kyber_kyber512_amd64_ref_dec(shared_secret, ciphertext, secret_key);
+}
+
diff --git a/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h b/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
index 38127cf..fcce52b 100644
--- a/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
+++ b/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
@@ -3,17 +3,8 @@
#include <stdint.h>
-#define JADE_KEM_kyber_kyber512_amd64_ref_SECRETKEYBYTES 1632
-#define JADE_KEM_kyber_kyber512_amd64_ref_PUBLICKEYBYTES 800
-#define JADE_KEM_kyber_kyber512_amd64_ref_CIPHERTEXTBYTES 768
#define JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES 64
#define JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES 32
-#define JADE_KEM_kyber_kyber512_amd64_ref_BYTES 32
-
-#define JADE_KEM_kyber_kyber512_amd64_ref_ALGNAME "Kyber512"
-#define JADE_KEM_kyber_kyber512_amd64_ref_ARCH "amd64"
-#define JADE_KEM_kyber_kyber512_amd64_ref_IMPL "ref"
-
int jade_kem_kyber_kyber512_amd64_ref_keypair_derand(
uint8_t *public_key,
@@ -21,7 +12,7 @@ int jade_kem_kyber_kyber512_amd64_ref_keypair_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber512_amd64_ref_keypair(
+int libjade_kyber512_ref_keypair(
uint8_t *public_key,
uint8_t *secret_key
);
@@ -33,7 +24,7 @@ int jade_kem_kyber_kyber512_amd64_ref_enc_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber512_amd64_ref_enc(
+int libjade_kyber512_ref_enc(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key
@@ -45,4 +36,10 @@ int jade_kem_kyber_kyber512_amd64_ref_dec(
const uint8_t *secret_key
);
+int libjade_kyber512_ref_dec(
+ uint8_t *shared_secret,
+ const uint8_t *ciphertext,
+ const uint8_t *secret_key
+);
+
#endif
diff --git a/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c b/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c
new file mode 100644
index 0000000..9eeab1d
--- /dev/null
+++ b/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c
@@ -0,0 +1,20 @@
+#include <oqs/rand.h>
+#include "api.h"
+
+int libjade_kyber768_avx2_keypair(uint8_t *public_key, uint8_t *secret_key) {
+ uint8_t keypair_coins[JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES];
+ OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2);
+ OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2);
+ return jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(public_key, secret_key, keypair_coins);
+}
+
+int libjade_kyber768_avx2_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+ uint8_t enc_coins[JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES];
+ OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES);
+ return jade_kem_kyber_kyber768_amd64_avx2_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
+}
+
+int libjade_kyber768_avx2_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+ return jade_kem_kyber_kyber768_amd64_avx2_dec(shared_secret, ciphertext, secret_key);
+}
+
diff --git a/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h b/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
index d3b3500..ac36577 100644
--- a/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
+++ b/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
@@ -3,16 +3,8 @@
#include <stdint.h>
-#define JADE_KEM_kyber_kyber768_amd64_avx2_SECRETKEYBYTES 2400
-#define JADE_KEM_kyber_kyber768_amd64_avx2_PUBLICKEYBYTES 1184
-#define JADE_KEM_kyber_kyber768_amd64_avx2_CIPHERTEXTBYTES 1088
#define JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES 64
#define JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES 32
-#define JADE_KEM_kyber_kyber768_amd64_avx2_BYTES 32
-
-#define JADE_KEM_kyber_kyber768_amd64_avx2_ALGNAME "Kyber768"
-#define JADE_KEM_kyber_kyber768_amd64_avx2_ARCH "amd64"
-#define JADE_KEM_kyber_kyber768_amd64_avx2_IMPL "avx2"
int jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(
uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber768_amd64_avx2_keypair(
+int libjade_kyber768_avx2_keypair(
uint8_t *public_key,
uint8_t *secret_key
);
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber768_amd64_avx2_enc_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber768_amd64_avx2_enc(
+int libjade_kyber768_avx2_enc(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber768_amd64_avx2_dec(
const uint8_t *secret_key
);
+int libjade_kyber768_avx2_dec(
+ uint8_t *shared_secret,
+ const uint8_t *ciphertext,
+ const uint8_t *secret_key
+);
+
#endif
diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/api.c b/src/crypto_kem/kyber/kyber768/amd64/ref/api.c
new file mode 100644
index 0000000..b9a29b6
--- /dev/null
+++ b/src/crypto_kem/kyber/kyber768/amd64/ref/api.c
@@ -0,0 +1,20 @@
+#include <oqs/rand.h>
+#include "api.h"
+
+int libjade_kyber768_ref_keypair(uint8_t *public_key, uint8_t *secret_key) {
+ uint8_t keypair_coins[JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES];
+ OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2);
+ OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2);
+ return jade_kem_kyber_kyber768_amd64_ref_keypair_derand(public_key, secret_key, keypair_coins);
+}
+
+int libjade_kyber768_ref_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+ uint8_t enc_coins[JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES];
+ OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES);
+ return jade_kem_kyber_kyber768_amd64_ref_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
+}
+
+int libjade_kyber768_ref_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+ return jade_kem_kyber_kyber768_amd64_ref_dec(shared_secret, ciphertext, secret_key);
+}
+
diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h b/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
index e23e1bf..0c453e0 100644
--- a/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
+++ b/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
@@ -3,16 +3,8 @@
#include <stdint.h>
-#define JADE_KEM_kyber_kyber768_amd64_ref_SECRETKEYBYTES 2400
-#define JADE_KEM_kyber_kyber768_amd64_ref_PUBLICKEYBYTES 1184
-#define JADE_KEM_kyber_kyber768_amd64_ref_CIPHERTEXTBYTES 1088
#define JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES 64
#define JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES 32
-#define JADE_KEM_kyber_kyber768_amd64_ref_BYTES 32
-
-#define JADE_KEM_kyber_kyber768_amd64_ref_ALGNAME "Kyber768"
-#define JADE_KEM_kyber_kyber768_amd64_ref_ARCH "amd64"
-#define JADE_KEM_kyber_kyber768_amd64_ref_IMPL "ref"
int jade_kem_kyber_kyber768_amd64_ref_keypair_derand(
uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber768_amd64_ref_keypair_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber768_amd64_ref_keypair(
+int libjade_kyber768_ref_keypair(
uint8_t *public_key,
uint8_t *secret_key
);
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber768_amd64_ref_enc_derand(
const uint8_t *coins
);
-int jade_kem_kyber_kyber768_amd64_ref_enc(
+int libjade_kyber768_ref_enc(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber768_amd64_ref_dec(
const uint8_t *secret_key
);
+int libjade_kyber768_ref_dec(
+ uint8_t *shared_secret,
+ const uint8_t *ciphertext,
+ const uint8_t *secret_key
+);
+
#endif

120
scripts/copy_from_upstream/patches/libjade-kyber-meta.patch
View File

@ -1,120 +0,0 @@
diff --git a/src/crypto_kem/kyber/kyber512/META.yml b/src/crypto_kem/kyber/kyber512/META.yml
index 000ec75..8282075 100644
--- a/src/crypto_kem/kyber/kyber512/META.yml
+++ b/src/crypto_kem/kyber/kyber512/META.yml
@@ -1,7 +1,6 @@
name: Kyber512
type: kem
-checksumsmall: 9c1a84c0573d21b5fb50ff68f015c19206cebbda4aa3caa6f9ba4b167eea9514
-checksumbig: 4596232083e3da10d341576afbc59b24a520073e985a9b9df2d587e67e926a7b
+nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
@@ -9,23 +8,36 @@ length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
principal-submitters:
- - TODO
+ - Peter Schwabe
auxiliary-submitters:
- - TODO
+ - Roberto Avanzi
+ - Joppe Bos
+ - Léo Ducas
+ - Eike Kiltz
+ - Tancrède Lepoint
+ - Vadim Lyubashevsky
+ - John M. Schanck
+ - Gregor Seiler
+ - Damien Stehlé
implementations:
- - name: amd64/ref
- version: TODO
+ - name: ref
+ version: NIST Round 3 submission
+ folder_name: amd64/ref
+ signature_keypair: libjade_kyber512_ref_keypair
+ signature_enc: libjade_kyber512_ref_enc
+ signature_dec: libjade_kyber512_ref_dec
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- required_flags: # FIXME
- - avx2
- - bmi2
- - popcnt
- - name: amd64/avx2
- version: TODO
+ required_flags: []
+ - name: avx2
+ version: NIST Round 3 submission
+ folder_name: amd64/avx2
+ signature_keypair: libjade_kyber512_avx2_keypair
+ signature_enc: libjade_kyber512_avx2_enc
+ signature_dec: libjade_kyber512_avx2_dec
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/src/crypto_kem/kyber/kyber768/META.yml b/src/crypto_kem/kyber/kyber768/META.yml
index d744938..57cb0c7 100644
--- a/src/crypto_kem/kyber/kyber768/META.yml
+++ b/src/crypto_kem/kyber/kyber768/META.yml
@@ -1,7 +1,6 @@
name: Kyber768
type: kem
-checksumsmall: 456bb24a767160dcca466adde267b87f359de6e827d31b5b23512d227d8bbfaa
-checksumbig: 8004a42f34a4125acb4f88628139576882cdf9502a77937003e34f52d217a730
+nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
@@ -9,23 +8,36 @@ length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
principal-submitters:
- - TODO
+ - Peter Schwabe
auxiliary-submitters:
- - TODO
+ - Roberto Avanzi
+ - Joppe Bos
+ - Léo Ducas
+ - Eike Kiltz
+ - Tancrède Lepoint
+ - Vadim Lyubashevsky
+ - John M. Schanck
+ - Gregor Seiler
+ - Damien Stehlé
implementations:
- - name: amd64/ref
- version: TODO
+ - name: ref
+ version: NIST Round 3 submission
+ folder_name: amd64/ref
+ signature_keypair: libjade_kyber768_ref_keypair
+ signature_enc: libjade_kyber768_ref_enc
+ signature_dec: libjade_kyber768_ref_dec
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- required_flags: # FIXME
- - avx2
- - bmi2
- - popcnt
- - name: amd64/avx2
- version: TODO
+ required_flags: []
+ - name: avx2
+ version: NIST Round 3 submission
+ folder_name: amd64/avx2
+ signature_keypair: libjade_kyber768_avx2_keypair
+ signature_enc: libjade_kyber768_avx2_enc
+ signature_dec: libjade_kyber768_avx2_dec
supported_platforms:
- architecture: x86_64
operating_systems:

72
scripts/copy_from_upstream/patches/pqclean-kyber-armneon-asan.patch
View File

@ -1,72 +0,0 @@
diff --git a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
index 8aced5e4..364d9fdd 100644
--- a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
+++ b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
uint8_t y1, uint8_t y2)
{
unsigned int i;
- uint8_t extseed1[KYBER_SYMBYTES+2];
- uint8_t extseed2[KYBER_SYMBYTES+2];
+ uint8_t extseed1[KYBER_SYMBYTES+2+6];
+ uint8_t extseed2[KYBER_SYMBYTES+2+6];
for(i=0;i<KYBER_SYMBYTES;i++){
extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
extseed2[KYBER_SYMBYTES ] = x2;
extseed2[KYBER_SYMBYTES+1] = y2;
- shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+ shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
}
/*************************************************
diff --git a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
index 8aced5e4..364d9fdd 100644
--- a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
+++ b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
uint8_t y1, uint8_t y2)
{
unsigned int i;
- uint8_t extseed1[KYBER_SYMBYTES+2];
- uint8_t extseed2[KYBER_SYMBYTES+2];
+ uint8_t extseed1[KYBER_SYMBYTES+2+6];
+ uint8_t extseed2[KYBER_SYMBYTES+2+6];
for(i=0;i<KYBER_SYMBYTES;i++){
extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
extseed2[KYBER_SYMBYTES ] = x2;
extseed2[KYBER_SYMBYTES+1] = y2;
- shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+ shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
}
/*************************************************
diff --git a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
index 8aced5e4..364d9fdd 100644
--- a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
+++ b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
uint8_t y1, uint8_t y2)
{
unsigned int i;
- uint8_t extseed1[KYBER_SYMBYTES+2];
- uint8_t extseed2[KYBER_SYMBYTES+2];
+ uint8_t extseed1[KYBER_SYMBYTES+2+6];
+ uint8_t extseed2[KYBER_SYMBYTES+2+6];
for(i=0;i<KYBER_SYMBYTES;i++){
extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
extseed2[KYBER_SYMBYTES ] = x2;
extseed2[KYBER_SYMBYTES+1] = y2;
- shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+ shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
}
/*************************************************

73
scripts/copy_from_upstream/patches/pqcrystals-dilithium-SUF-CMA.patch
View File

@ -1,73 +0,0 @@
ef30acde710cc1fcb0ed9735af3631761ed0358a
diff --git a/Dilithium2-AES_META.yml b/Dilithium2-AES_META.yml
index bad46d3..ce6e854 100644
--- a/Dilithium2-AES_META.yml
+++ b/Dilithium2-AES_META.yml
@@ -1,6 +1,7 @@
name: Dilithium2-AES
type: signature
claimed-nist-level: 2
+claimed-security: SUF-CMA
length-public-key: 1312
length-secret-key: 2528
length-signature: 2420
diff --git a/Dilithium2_META.yml b/Dilithium2_META.yml
index f4b7e8f..1b23d3e 100644
--- a/Dilithium2_META.yml
+++ b/Dilithium2_META.yml
@@ -1,6 +1,7 @@
name: Dilithium2
type: signature
claimed-nist-level: 2
+claimed-security: SUF-CMA
length-public-key: 1312
length-secret-key: 2528
length-signature: 2420
diff --git a/Dilithium3-AES_META.yml b/Dilithium3-AES_META.yml
index 0269442..5153309 100644
--- a/Dilithium3-AES_META.yml
+++ b/Dilithium3-AES_META.yml
@@ -1,6 +1,7 @@
name: Dilithium3-AES
type: signature
claimed-nist-level: 3
+claimed-security: SUF-CMA
length-public-key: 1952
length-secret-key: 4000
length-signature: 3293
diff --git a/Dilithium3_META.yml b/Dilithium3_META.yml
index f45c859..e4fbed2 100644
--- a/Dilithium3_META.yml
+++ b/Dilithium3_META.yml
@@ -1,6 +1,7 @@
name: Dilithium3
type: signature
claimed-nist-level: 3
+claimed-security: SUF-CMA
length-public-key: 1952
length-secret-key: 4000
length-signature: 3293
diff --git a/Dilithium5-AES_META.yml b/Dilithium5-AES_META.yml
index 0128a32..e53bd7d 100644
--- a/Dilithium5-AES_META.yml
+++ b/Dilithium5-AES_META.yml
@@ -1,6 +1,7 @@
name: Dilithium5-AES
type: signature
claimed-nist-level: 5
+claimed-security: SUF-CMA
length-public-key: 2592
length-secret-key: 4864
length-signature: 4595
diff --git a/Dilithium5_META.yml b/Dilithium5_META.yml
index 618b617..8c1aa5f 100644
--- a/Dilithium5_META.yml
+++ b/Dilithium5_META.yml
@@ -1,6 +1,7 @@
name: Dilithium5
type: signature
claimed-nist-level: 5
+claimed-security: SUF-CMA
length-public-key: 2592
length-secret-key: 4864
length-signature: 4595

37
scripts/copy_from_upstream/patches/pqcrystals-ml_dsa-SUF-CMA.patch
View File

@ -1,37 +0,0 @@
7bea92142e58c38ec863069a3de2044de4022ac5
diff --git a/ML-DSA-44_META.yml b/ML-DSA-44_META.yml
index 2d5686a..98a8376 100644
--- a/ML-DSA-44_META.yml
+++ b/ML-DSA-44_META.yml
@@ -1,6 +1,7 @@
name: ML-DSA-44
type: signature
claimed-nist-level: 2
+claimed-security: SUF-CMA
length-public-key: 1312
length-secret-key: 2560
length-signature: 2420
diff --git a/ML-DSA-65_META.yml b/ML-DSA-65_META.yml
index 47a4ba0..747a4ff 100644
--- a/ML-DSA-65_META.yml
+++ b/ML-DSA-65_META.yml
@@ -1,6 +1,7 @@
name: ML-DSA-65
type: signature
claimed-nist-level: 3
+claimed-security: SUF-CMA
length-public-key: 1952
length-secret-key: 4032
length-signature: 3309
diff --git a/ML-DSA-87_META.yml b/ML-DSA-87_META.yml
index e9bff1e..632703a 100644
--- a/ML-DSA-87_META.yml
+++ b/ML-DSA-87_META.yml
@@ -1,6 +1,7 @@
name: ML-DSA-87
type: signature
claimed-nist-level: 5
+claimed-security: SUF-CMA
length-public-key: 2592
length-secret-key: 4896
length-signature: 4627

831
scripts/copy_from_upstream/patches/pqcrystals-ml_dsa.patch
View File

@ -1,831 +0,0 @@
diff --git a/Dilithium2_META.yml b/Dilithium2_META.yml
index 122b3ca..2d5686a 100644
--- a/Dilithium2_META.yml
+++ b/ML-DSA-44_META.yml
@@ -1,4 +1,4 @@
-name: Dilithium2
+name: ML-DSA-44
type: signature
claimed-nist-level: 2
length-public-key: 1312
@@ -18,22 +18,22 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/tree/master
+ version: FIPS204
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium2_ref_keypair
- signature_signature: pqcrystals_dilithium2_ref_signature
- signature_verify: pqcrystals_dilithium2_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=2
+ signature_keypair: pqcrystals_ml_dsa_44_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_44_ref_signature
+ signature_verify: pqcrystals_ml_dsa_44_ref_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/tree/master
- compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium2_avx2_keypair
- signature_signature: pqcrystals_dilithium2_avx2_signature
- signature_verify: pqcrystals_dilithium2_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: FIPS204
+ compile_opts: -DDILITHIUM_MODE=2
+ signature_keypair: pqcrystals_ml_dsa_44_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_44_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_44_avx2_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Dilithium3_META.yml b/Dilithium3_META.yml
index b108b4f..47a4ba0 100644
--- a/Dilithium3_META.yml
+++ b/ML-DSA-65_META.yml
@@ -1,4 +1,4 @@
-name: Dilithium3
+name: ML-DSA-65
type: signature
claimed-nist-level: 3
length-public-key: 1952
@@ -18,22 +18,22 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/tree/master
+ version: FIPS204
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium3_ref_keypair
- signature_signature: pqcrystals_dilithium3_ref_signature
- signature_verify: pqcrystals_dilithium3_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=3
+ signature_keypair: pqcrystals_ml_dsa_65_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_65_ref_signature
+ signature_verify: pqcrystals_ml_dsa_65_ref_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/tree/master
- compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium3_avx2_keypair
- signature_signature: pqcrystals_dilithium3_avx2_signature
- signature_verify: pqcrystals_dilithium3_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: FIPS204
+ compile_opts: -DDILITHIUM_MODE=3
+ signature_keypair: pqcrystals_ml_dsa_65_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_65_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_65_avx2_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Dilithium5_META.yml b/Dilithium5_META.yml
index 5163526..e9bff1e 100644
--- a/Dilithium5_META.yml
+++ b/ML-DSA-87_META.yml
@@ -1,4 +1,4 @@
-name: Dilithium5
+name: ML-DSA-87
type: signature
claimed-nist-level: 5
length-public-key: 2592
@@ -18,22 +18,22 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/tree/master
+ version: FIPS204
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium5_ref_keypair
- signature_signature: pqcrystals_dilithium5_ref_signature
- signature_verify: pqcrystals_dilithium5_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=5
+ signature_keypair: pqcrystals_ml_dsa_87_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_87_ref_signature
+ signature_verify: pqcrystals_ml_dsa_87_ref_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/tree/master
- compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium5_avx2_keypair
- signature_signature: pqcrystals_dilithium5_avx2_signature
- signature_verify: pqcrystals_dilithium5_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: FIPS204
+ compile_opts: -DDILITHIUM_MODE=5
+ signature_keypair: pqcrystals_ml_dsa_87_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_87_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_87_avx2_verify
+ api-with-context-string: true
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/avx2/config.h b/avx2/config.h
index a9facc0..3944cb4 100644
--- a/avx2/config.h
+++ b/avx2/config.h
@@ -11,17 +11,17 @@
#endif
#if DILITHIUM_MODE == 2
-#define CRYPTO_ALGNAME "Dilithium2"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-44"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_avx2_##s
#elif DILITHIUM_MODE == 3
-#define CRYPTO_ALGNAME "Dilithium3"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-65"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_avx2_##s
#elif DILITHIUM_MODE == 5
-#define CRYPTO_ALGNAME "Dilithium5"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-87"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_avx2_##s
#endif
#endif
diff --git a/avx2/f1600x4.S b/avx2/f1600x4.S
index 5455129..497b8ca 100644
--- a/avx2/f1600x4.S
+++ b/avx2/f1600x4.S
@@ -905,5 +905,3 @@ addq $32, %rsi
subq $1, %rax
jnz looptop
ret
-
-.section .note.GNU-stack,"",@progbits
diff --git a/avx2/invntt.S b/avx2/invntt.S
index d40ca13..3e9864c 100644
--- a/avx2/invntt.S
+++ b/avx2/invntt.S
@@ -236,5 +236,3 @@ levels6t7 2
levels6t7 3
ret
-
-.section .note.GNU-stack,"",@progbits
diff --git a/avx2/ntt.S b/avx2/ntt.S
index 026f057..ebe17d3 100644
--- a/avx2/ntt.S
+++ b/avx2/ntt.S
@@ -194,5 +194,3 @@ levels2t7 2
levels2t7 3
ret
-
-.section .note.GNU-stack,"",@progbits
diff --git a/avx2/pointwise.S b/avx2/pointwise.S
index 6b687c7..ae7ff79 100644
--- a/avx2/pointwise.S
+++ b/avx2/pointwise.S
@@ -209,5 +209,3 @@ cmp $16,%eax
jb _looptop2
ret
-
-.section .note.GNU-stack,"",@progbits
diff --git a/avx2/poly.c b/avx2/poly.c
index 340e91d..0a4ecb6 100644
--- a/avx2/poly.c
+++ b/avx2/poly.c
@@ -401,6 +401,7 @@ void poly_uniform(poly *a, const uint8_t seed[SEEDBYTES], uint16_t nonce)
stream128_state state;
stream128_init(&state, seed, nonce);
poly_uniform_preinit(a, &state);
+ stream128_release(&state);
}
void poly_uniform_4x(poly *a0,
@@ -415,7 +416,7 @@ void poly_uniform_4x(poly *a0,
{
unsigned int ctr0, ctr1, ctr2, ctr3;
ALIGNED_UINT8(REJ_UNIFORM_BUFLEN+8) buf[4];
- keccakx4_state state;
+ shake128x4incctx state;
__m256i f;
f = _mm256_loadu_si256((__m256i *)seed);
@@ -433,6 +434,7 @@ void poly_uniform_4x(poly *a0,
buf[3].coeffs[SEEDBYTES+0] = nonce3;
buf[3].coeffs[SEEDBYTES+1] = nonce3 >> 8;
+ shake128x4_inc_init(&state);
shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, SEEDBYTES + 2);
shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_NBLOCKS, &state);
@@ -449,6 +451,7 @@ void poly_uniform_4x(poly *a0,
ctr2 += rej_uniform(a2->coeffs + ctr2, N - ctr2, buf[2].coeffs, SHAKE128_RATE);
ctr3 += rej_uniform(a3->coeffs + ctr3, N - ctr3, buf[3].coeffs, SHAKE128_RATE);
}
+ shake128x4_inc_ctx_release(&state);
}
/*************************************************
@@ -530,6 +533,7 @@ void poly_uniform_eta(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce)
stream256_state state;
stream256_init(&state, seed, nonce);
poly_uniform_eta_preinit(a, &state);
+ stream256_release(&state);
}
void poly_uniform_eta_4x(poly *a0,
@@ -546,7 +550,7 @@ void poly_uniform_eta_4x(poly *a0,
ALIGNED_UINT8(REJ_UNIFORM_ETA_BUFLEN) buf[4];
__m256i f;
- keccakx4_state state;
+ shake256x4incctx state;
f = _mm256_loadu_si256((__m256i *)&seed[0]);
_mm256_store_si256(&buf[0].vec[0],f);
@@ -568,6 +572,7 @@ void poly_uniform_eta_4x(poly *a0,
buf[3].coeffs[64] = nonce3;
buf[3].coeffs[65] = nonce3 >> 8;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 66);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_ETA_NBLOCKS, &state);
@@ -584,6 +589,7 @@ void poly_uniform_eta_4x(poly *a0,
ctr2 += rej_eta(a2->coeffs + ctr2, N - ctr2, buf[2].coeffs, SHAKE256_RATE);
ctr3 += rej_eta(a3->coeffs + ctr3, N - ctr3, buf[3].coeffs, SHAKE256_RATE);
}
+ shake256x4_inc_ctx_release(&state);
}
/*************************************************
@@ -611,6 +617,7 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce)
stream256_state state;
stream256_init(&state, seed, nonce);
poly_uniform_gamma1_preinit(a, &state);
+ stream256_release(&state);
}
void poly_uniform_gamma1_4x(poly *a0,
@@ -624,7 +631,7 @@ void poly_uniform_gamma1_4x(poly *a0,
uint16_t nonce3)
{
ALIGNED_UINT8(POLY_UNIFORM_GAMMA1_NBLOCKS*STREAM256_BLOCKBYTES+14) buf[4];
- keccakx4_state state;
+ shake256x4incctx state;
__m256i f;
f = _mm256_loadu_si256((__m256i *)&seed[0]);
@@ -647,8 +654,10 @@ void poly_uniform_gamma1_4x(poly *a0,
buf[3].coeffs[64] = nonce3;
buf[3].coeffs[65] = nonce3 >> 8;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 66);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
+ shake256x4_inc_ctx_release(&state);
polyz_unpack(a0, buf[0].coeffs);
polyz_unpack(a1, buf[1].coeffs);
@@ -670,12 +679,12 @@ void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) {
unsigned int i, b, pos;
uint64_t signs;
ALIGNED_UINT8(SHAKE256_RATE) buf;
- keccak_state state;
+ shake256incctx state;
- shake256_init(&state);
- shake256_absorb(&state, seed, CTILDEBYTES);
- shake256_finalize(&state);
- shake256_squeezeblocks(buf.coeffs, 1, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, seed, CTILDEBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state);
memcpy(&signs, buf.coeffs, 8);
pos = 8;
@@ -695,6 +704,7 @@ void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) {
c->coeffs[b] = 1 - 2*(signs & 1);
signs >>= 1;
}
+ shake256_inc_ctx_release(&state);
}
/*************************************************
diff --git a/avx2/shuffle.S b/avx2/shuffle.S
index 08c757c..133e051 100644
--- a/avx2/shuffle.S
+++ b/avx2/shuffle.S
@@ -50,5 +50,3 @@ call nttunpack128_avx
add $256,%rdi
call nttunpack128_avx
ret
-
-.section .note.GNU-stack,"",@progbits
diff --git a/avx2/sign.c b/avx2/sign.c
index efb6ea3..532e37c 100644
--- a/avx2/sign.c
+++ b/avx2/sign.c
@@ -168,7 +168,7 @@ int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t *
polyvecl y;
polyveck w0;
} tmpv;
- keccak_state state;
+ shake256incctx state;
rho = seedbuf;
tr = rho + SEEDBYTES;
@@ -178,20 +178,20 @@ int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t *
unpack_sk(rho, tr, key, &t0, &s1, &s2, sk);
/* Compute mu = CRH(tr, pre, msg) */
- shake256_init(&state);
- shake256_absorb(&state, tr, TRBYTES);
- shake256_absorb(&state, pre, prelen);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, tr, TRBYTES);
+ shake256_inc_absorb(&state, pre, prelen);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
/* Compute rhoprime = CRH(key, rnd, mu) */
- shake256_init(&state);
- shake256_absorb(&state, key, SEEDBYTES);
- shake256_absorb(&state, rnd, RNDBYTES);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_finalize(&state);
- shake256_squeeze(rhoprime, CRHBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, key, SEEDBYTES);
+ shake256_inc_absorb(&state, rnd, RNDBYTES);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(rhoprime, CRHBYTES, &state);
/* Expand matrix and transform vectors */
polyvec_matrix_expand(mat, rho);
@@ -231,11 +231,11 @@ rej:
polyveck_decompose(&w1, &tmpv.w0, &w1);
polyveck_pack_w1(sig, &w1);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(sig, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(sig, CTILDEBYTES, &state);
poly_challenge(&c, sig);
poly_ntt(&c);
@@ -280,6 +280,7 @@ rej:
hint[OMEGA + i] = pos = pos + n;
}
+ shake256_inc_ctx_release(&state);
/* Pack z into signature */
for(i = 0; i < L; i++)
polyz_pack(sig + CTILDEBYTES + i*POLYZ_PACKEDBYTES, &z.vec[i]);
@@ -384,19 +385,19 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t
polyvecl *row = rowbuf;
polyvecl z;
poly c, w1, h;
- keccak_state state;
+ shake256incctx state;
if(siglen != CRYPTO_BYTES)
return -1;
/* Compute CRH(H(rho, t1), pre, msg) */
shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, pre, prelen);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, pre, prelen);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
/* Expand challenge */
poly_challenge(&c, sig);
@@ -426,12 +427,17 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t
/* Get hint polynomial and reconstruct w1 */
memset(h.vec, 0, sizeof(poly));
- if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA)
+ if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) {
+ shake256_inc_ctx_release(&state);
return -1;
+ }
for(j = pos; j < hint[OMEGA + i]; ++j) {
/* Coefficients are ordered for strong unforgeability */
- if(j > pos && hint[j] <= hint[j-1]) return -1;
+ if(j > pos && hint[j] <= hint[j-1]) {
+ shake256_inc_ctx_release(&state);
+ return -1;
+ }
h.coeffs[hint[j]] = 1;
}
pos = hint[OMEGA + i];
@@ -443,14 +449,18 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t
/* Extra indices are zero for strong unforgeability */
for(j = pos; j < OMEGA; ++j)
- if(hint[j]) return -1;
+ if(hint[j]) {
+ shake256_inc_ctx_release(&state);
+ return -1;
+ }
/* Call random oracle and verify challenge */
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(buf.coeffs, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(buf.coeffs, CTILDEBYTES, &state);
+ shake256_inc_ctx_release(&state);
for(i = 0; i < CTILDEBYTES; ++i)
if(buf.coeffs[i] != sig[i])
return -1;
diff --git a/avx2/symmetric.h b/avx2/symmetric.h
index 8f3c3c5..fa49963 100644
--- a/avx2/symmetric.h
+++ b/avx2/symmetric.h
@@ -6,21 +6,23 @@
#include "fips202.h"
-typedef keccak_state stream128_state;
-typedef keccak_state stream256_state;
+typedef shake128incctx stream128_state;
+typedef shake256incctx stream256_state;
#define dilithium_shake128_stream_init DILITHIUM_NAMESPACE(dilithium_shake128_stream_init)
-void dilithium_shake128_stream_init(keccak_state *state, const uint8_t seed[SEEDBYTES], uint16_t nonce);
+void dilithium_shake128_stream_init(shake128incctx *state, const uint8_t seed[SEEDBYTES], uint16_t nonce);
#define dilithium_shake256_stream_init DILITHIUM_NAMESPACE(dilithium_shake256_stream_init)
-void dilithium_shake256_stream_init(keccak_state *state, const uint8_t seed[CRHBYTES], uint16_t nonce);
+void dilithium_shake256_stream_init(shake256incctx *state, const uint8_t seed[CRHBYTES], uint16_t nonce);
#define STREAM128_BLOCKBYTES SHAKE128_RATE
#define STREAM256_BLOCKBYTES SHAKE256_RATE
#define stream128_init(STATE, SEED, NONCE) dilithium_shake128_stream_init(STATE, SEED, NONCE)
#define stream128_squeezeblocks(OUT, OUTBLOCKS, STATE) shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream128_release(STATE) shake128_inc_ctx_release(STATE)
#define stream256_init(STATE, SEED, NONCE) dilithium_shake256_stream_init(STATE, SEED, NONCE)
#define stream256_squeezeblocks(OUT, OUTBLOCKS, STATE) shake256_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream256_release(STATE) shake256_inc_ctx_release(STATE)
#endif
diff --git a/ref/config.h b/ref/config.h
index 98b8ccb..8008e11 100644
--- a/ref/config.h
+++ b/ref/config.h
@@ -11,17 +11,17 @@
#endif
#if DILITHIUM_MODE == 2
-#define CRYPTO_ALGNAME "Dilithium2"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-44"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ref_##s
#elif DILITHIUM_MODE == 3
-#define CRYPTO_ALGNAME "Dilithium3"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-65"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ref_##s
#elif DILITHIUM_MODE == 5
-#define CRYPTO_ALGNAME "Dilithium5"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-87"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ref_##s
#endif
#endif
diff --git a/ref/poly.c b/ref/poly.c
index 0db4f42..691b5e8 100644
--- a/ref/poly.c
+++ b/ref/poly.c
@@ -365,6 +365,7 @@ void poly_uniform(poly *a,
buflen = STREAM128_BLOCKBYTES + off;
ctr += rej_uniform(a->coeffs + ctr, N - ctr, buf, buflen);
}
+ stream128_release(&state);
}
/*************************************************
@@ -450,6 +451,7 @@ void poly_uniform_eta(poly *a,
stream256_squeezeblocks(buf, 1, &state);
ctr += rej_eta(a->coeffs + ctr, N - ctr, buf, STREAM256_BLOCKBYTES);
}
+ stream256_release(&state);
}
/*************************************************
@@ -473,6 +475,7 @@ void poly_uniform_gamma1(poly *a,
stream256_init(&state, seed, nonce);
stream256_squeezeblocks(buf, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
+ stream256_release(&state);
polyz_unpack(a, buf);
}
@@ -490,11 +493,11 @@ void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) {
unsigned int i, b, pos;
uint64_t signs;
uint8_t buf[SHAKE256_RATE];
- keccak_state state;
+ shake256incctx state;
- shake256_init(&state);
- shake256_absorb(&state, seed, CTILDEBYTES);
- shake256_finalize(&state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, seed, CTILDEBYTES);
+ shake256_inc_finalize(&state);
shake256_squeezeblocks(buf, 1, &state);
signs = 0;
@@ -518,6 +521,7 @@ void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) {
c->coeffs[b] = 1 - 2*(signs & 1);
signs >>= 1;
}
+ shake256_inc_ctx_release(&state);
}
/*************************************************
diff --git a/ref/sign.c b/ref/sign.c
index 7d3f882..abb033c 100644
--- a/ref/sign.c
+++ b/ref/sign.c
@@ -98,7 +98,7 @@ int crypto_sign_signature_internal(uint8_t *sig,
polyvecl mat[K], s1, y, z;
polyveck t0, s2, w1, w0, h;
poly cp;
- keccak_state state;
+ shake256incctx state;
rho = seedbuf;
tr = rho + SEEDBYTES;
@@ -108,20 +108,20 @@ int crypto_sign_signature_internal(uint8_t *sig,
unpack_sk(rho, tr, key, &t0, &s1, &s2, sk);
/* Compute mu = CRH(tr, pre, msg) */
- shake256_init(&state);
- shake256_absorb(&state, tr, TRBYTES);
- shake256_absorb(&state, pre, prelen);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, tr, TRBYTES);
+ shake256_inc_absorb(&state, pre, prelen);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
/* Compute rhoprime = CRH(key, rnd, mu) */
- shake256_init(&state);
- shake256_absorb(&state, key, SEEDBYTES);
- shake256_absorb(&state, rnd, RNDBYTES);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_finalize(&state);
- shake256_squeeze(rhoprime, CRHBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, key, SEEDBYTES);
+ shake256_inc_absorb(&state, rnd, RNDBYTES);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(rhoprime, CRHBYTES, &state);
/* Expand matrix and transform vectors */
polyvec_matrix_expand(mat, rho);
@@ -145,11 +145,11 @@ rej:
polyveck_decompose(&w1, &w0, &w1);
polyveck_pack_w1(sig, &w1);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(sig, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(sig, CTILDEBYTES, &state);
poly_challenge(&cp, sig);
poly_ntt(&cp);
@@ -182,6 +182,8 @@ rej:
if(n > OMEGA)
goto rej;
+ shake256_inc_ctx_release(&state);
+
/* Write signature */
pack_sig(sig, sig, &z, &h);
*siglen = CRYPTO_BYTES;
@@ -303,7 +305,7 @@ int crypto_sign_verify_internal(const uint8_t *sig,
poly cp;
polyvecl mat[K], z;
polyveck t1, w1, h;
- keccak_state state;
+ shake256incctx state;
if(siglen != CRYPTO_BYTES)
return -1;
@@ -316,12 +318,12 @@ int crypto_sign_verify_internal(const uint8_t *sig,
/* Compute CRH(H(rho, t1), pre, msg) */
shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES);
- shake256_init(&state);
- shake256_absorb(&state, mu, TRBYTES);
- shake256_absorb(&state, pre, prelen);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, mu, TRBYTES);
+ shake256_inc_absorb(&state, pre, prelen);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
/* Matrix-vector multiplication; compute Az - c2^dt1 */
poly_challenge(&cp, c);
@@ -345,11 +347,12 @@ int crypto_sign_verify_internal(const uint8_t *sig,
polyveck_pack_w1(buf, &w1);
/* Call random oracle and verify challenge */
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, buf, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(c2, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, buf, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(c2, CTILDEBYTES, &state);
+ shake256_inc_ctx_release(&state);
for(i = 0; i < CTILDEBYTES; ++i)
if(c[i] != c2[i])
return -1;
diff --git a/ref/sign.h b/ref/sign.h
index 2741e8f..0b5f74a 100644
--- a/ref/sign.h
+++ b/ref/sign.h
@@ -1,6 +1,8 @@
#ifndef SIGN_H
#define SIGN_H
+#include <oqs/oqs.h>
+
#include <stddef.h>
#include <stdint.h>
#include "params.h"
@@ -11,7 +13,7 @@
int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal)
-int crypto_sign_signature_internal(uint8_t *sig,
+OQS_API int crypto_sign_signature_internal(uint8_t *sig,
size_t *siglen,
const uint8_t *m,
size_t mlen,
@@ -33,7 +35,7 @@ int crypto_sign(uint8_t *sm, size_t *smlen,
const uint8_t *sk);
#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal)
-int crypto_sign_verify_internal(const uint8_t *sig,
+OQS_API int crypto_sign_verify_internal(const uint8_t *sig,
size_t siglen,
const uint8_t *m,
size_t mlen,
diff --git a/ref/symmetric-shake.c b/ref/symmetric-shake.c
index 11ec09c..963f649 100644
--- a/ref/symmetric-shake.c
+++ b/ref/symmetric-shake.c
@@ -3,26 +3,26 @@
#include "symmetric.h"
#include "fips202.h"
-void dilithium_shake128_stream_init(keccak_state *state, const uint8_t seed[SEEDBYTES], uint16_t nonce)
+void dilithium_shake128_stream_init(shake128incctx *state, const uint8_t seed[SEEDBYTES], uint16_t nonce)
{
uint8_t t[2];
t[0] = nonce;
t[1] = nonce >> 8;
- shake128_init(state);
- shake128_absorb(state, seed, SEEDBYTES);
- shake128_absorb(state, t, 2);
- shake128_finalize(state);
+ shake128_inc_init(state);
+ shake128_inc_absorb(state, seed, SEEDBYTES);
+ shake128_inc_absorb(state, t, 2);
+ shake128_inc_finalize(state);
}
-void dilithium_shake256_stream_init(keccak_state *state, const uint8_t seed[CRHBYTES], uint16_t nonce)
+void dilithium_shake256_stream_init(shake256incctx *state, const uint8_t seed[CRHBYTES], uint16_t nonce)
{
uint8_t t[2];
t[0] = nonce;
t[1] = nonce >> 8;
- shake256_init(state);
- shake256_absorb(state, seed, CRHBYTES);
- shake256_absorb(state, t, 2);
- shake256_finalize(state);
+ shake256_inc_init(state);
+ shake256_inc_absorb(state, seed, CRHBYTES);
+ shake256_inc_absorb(state, t, 2);
+ shake256_inc_finalize(state);
}
diff --git a/ref/symmetric.h b/ref/symmetric.h
index cba12d1..211de3b 100644
--- a/ref/symmetric.h
+++ b/ref/symmetric.h
@@ -6,16 +6,16 @@
#include "fips202.h"
-typedef keccak_state stream128_state;
-typedef keccak_state stream256_state;
+typedef shake128incctx stream128_state;
+typedef shake256incctx stream256_state;
#define dilithium_shake128_stream_init DILITHIUM_NAMESPACE(dilithium_shake128_stream_init)
-void dilithium_shake128_stream_init(keccak_state *state,
+void dilithium_shake128_stream_init(shake128incctx *state,
const uint8_t seed[SEEDBYTES],
uint16_t nonce);
#define dilithium_shake256_stream_init DILITHIUM_NAMESPACE(dilithium_shake256_stream_init)
-void dilithium_shake256_stream_init(keccak_state *state,
+void dilithium_shake256_stream_init(shake256incctx *state,
const uint8_t seed[CRHBYTES],
uint16_t nonce);
@@ -26,9 +26,11 @@ void dilithium_shake256_stream_init(keccak_state *state,
dilithium_shake128_stream_init(STATE, SEED, NONCE)
#define stream128_squeezeblocks(OUT, OUTBLOCKS, STATE) \
shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream128_release(STATE) shake128_inc_ctx_release(STATE)
#define stream256_init(STATE, SEED, NONCE) \
dilithium_shake256_stream_init(STATE, SEED, NONCE)
#define stream256_squeezeblocks(OUT, OUTBLOCKS, STATE) \
shake256_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream256_release(STATE) shake256_inc_ctx_release(STATE)
#endif

842
scripts/copy_from_upstream/patches/pqcrystals-ml_dsa_ipd.patch Normal file
View File

@ -0,0 +1,842 @@
diff --git a/Dilithium2_META.yml b/ML-DSA-44-ipd_META.yml
index 0e2e6fc..d99edb5 100644
--- a/Dilithium2_META.yml
+++ b/ML-DSA-44-ipd_META.yml
@@ -1,11 +1,11 @@
-name: Dilithium2
+name: ML-DSA-44-ipd
type: signature
claimed-nist-level: 2
length-public-key: 1312
-length-secret-key: 2528
+length-secret-key: 2560
length-signature: 2420
-nistkat-sha256: 26ae9c1224171e957dbe38672942d31edb7dffbe700825e0cb52128cdb45280a
-testvectors-sha256: b56155479f5643a3cb3d73260ba2b1fd7e772a49b6f4cebcf742cd860fbf6879
+nistkat-sha256: e6f3ec4dc0b02dd3bcbbc6b105190e1890ca0bb3f802e2b571f0d70f3993a2e1
+testvectors-sha256: aff4dbcb0c5ad52c840036907661efd2cafd6c1cba95ed052184f45adf30f365
principal-submitters:
- Vadim Lyubashevsky
auxiliary-submitters:
@@ -18,22 +18,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
+ version: https://github.com/pq-crystals/dilithium/tree/standard
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium2_ref_keypair
- signature_signature: pqcrystals_dilithium2_ref_signature
- signature_verify: pqcrystals_dilithium2_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=2
+ signature_keypair: pqcrystals_ml_dsa_44_ipd_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_44_ipd_ref_signature
+ signature_verify: pqcrystals_ml_dsa_44_ipd_ref_verify
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
- compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium2_avx2_keypair
- signature_signature: pqcrystals_dilithium2_avx2_signature
- signature_verify: pqcrystals_dilithium2_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: https://github.com/pq-crystals/dilithium/tree/standard
+ compile_opts: -DDILITHIUM_MODE=2
+ signature_keypair: pqcrystals_ml_dsa_44_ipd_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_44_ipd_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_44_ipd_avx2_verify
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Dilithium3_META.yml b/ML-DSA-65-ipd_META.yml
index d1bca64..72a43e7 100644
--- a/Dilithium3_META.yml
+++ b/ML-DSA-65-ipd_META.yml
@@ -1,11 +1,11 @@
-name: Dilithium3
+name: ML-DSA-65-ipd
type: signature
claimed-nist-level: 3
length-public-key: 1952
-length-secret-key: 4000
-length-signature: 3293
-nistkat-sha256: eea584803c3d6991a4acbf9f117147bbdd246faf822cfb1a17effe20b2052ba9
-testvectors-sha256: a237032c7840a0d2f922951f806c2199f8f86b8a8947f6f6f1b856c925222958
+length-secret-key: 4032
+length-signature: 3309
+nistkat-sha256: 7225c4531086d88c9b7fa18101b0f78dda2d38df88812c65ddc1ae94fe3c01a7
+testvectors-sha256: e0a98c0a29137dcbeb12104ccaa6a0555a9bdb4dcfbc2b0fc9a959dd8b6c8699
principal-submitters:
- Vadim Lyubashevsky
auxiliary-submitters:
@@ -18,22 +18,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
+ version: https://github.com/pq-crystals/dilithium/tree/standard
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium3_ref_keypair
- signature_signature: pqcrystals_dilithium3_ref_signature
- signature_verify: pqcrystals_dilithium3_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=3
+ signature_keypair: pqcrystals_ml_dsa_65_ipd_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_65_ipd_ref_signature
+ signature_verify: pqcrystals_ml_dsa_65_ipd_ref_verify
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
- compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium3_avx2_keypair
- signature_signature: pqcrystals_dilithium3_avx2_signature
- signature_verify: pqcrystals_dilithium3_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: https://github.com/pq-crystals/dilithium/tree/standard
+ compile_opts: -DDILITHIUM_MODE=3
+ signature_keypair: pqcrystals_ml_dsa_65_ipd_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_65_ipd_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_65_ipd_avx2_verify
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Dilithium5_META.yml b/ML-DSA-87-ipd_META.yml
index a4dbdbf..bf68590 100644
--- a/Dilithium5_META.yml
+++ b/ML-DSA-87-ipd_META.yml
@@ -1,11 +1,11 @@
-name: Dilithium5
+name: ML-DSA-87-ipd
type: signature
claimed-nist-level: 5
length-public-key: 2592
-length-secret-key: 4864
-length-signature: 4595
-nistkat-sha256: 3f6e58603a38be57cf08d79b01fcfd0ccc1129a09e14a6122c6fe22c906ddc3b
-testvectors-sha256: ddeb95f4a743562010bce527ea7c99fed4ce1234bafd5ed6f44eea0f065ba49c
+length-secret-key: 4896
+length-signature: 4627
+nistkat-sha256: f5cb5ed44a261a4118f9cfd5d55b4210939cb5b8531968a10c37060551a8927f
+testvectors-sha256: 9a1985c10b13efefee50067edf3432ed8ab48a62965743feb45a317485980883
principal-submitters:
- Vadim Lyubashevsky
auxiliary-submitters:
@@ -18,22 +18,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
+ version: https://github.com/pq-crystals/dilithium/tree/standard
folder_name: ref
- compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium5_ref_keypair
- signature_signature: pqcrystals_dilithium5_ref_signature
- signature_verify: pqcrystals_dilithium5_ref_verify
- sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ compile_opts: -DDILITHIUM_MODE=5
+ signature_keypair: pqcrystals_ml_dsa_87_ipd_ref_keypair
+ signature_signature: pqcrystals_ml_dsa_87_ipd_ref_signature
+ signature_verify: pqcrystals_ml_dsa_87_ipd_ref_verify
+ sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
- compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING
- signature_keypair: pqcrystals_dilithium5_avx2_keypair
- signature_signature: pqcrystals_dilithium5_avx2_signature
- signature_verify: pqcrystals_dilithium5_avx2_verify
- sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2
+ version: https://github.com/pq-crystals/dilithium/tree/standard
+ compile_opts: -DDILITHIUM_MODE=5
+ signature_keypair: pqcrystals_ml_dsa_87_ipd_avx2_keypair
+ signature_signature: pqcrystals_ml_dsa_87_ipd_avx2_signature
+ signature_verify: pqcrystals_ml_dsa_87_ipd_avx2_verify
+ sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/README.md b/README.md
index 5a5d48d..d6b337a 100644
--- a/README.md
+++ b/README.md
@@ -18,9 +18,9 @@ brew install openssl
```
Then, run
```sh
-export CFLAGS="-I/usr/local/opt/openssl@1.1/include"
-export NISTFLAGS="-I/usr/local/opt/openssl@1.1/include"
-export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib"
+export CFLAGS="-I/opt/homebrew/opt/openssl@1.1/include"
+export NISTFLAGS="-I/opt/homebrew/opt/openssl@1.1/include"
+export LDFLAGS="-L/opt/homebrew/opt/openssl@1.1/lib"
```
before compilation to add the OpenSSL header and library locations to the respective search paths.
@@ -60,11 +60,11 @@ Our Dilithium implementations are contained in the [SUPERCOP](https://bench.cr.y
## Randomized signing
-By default our code implements Dilithium's deterministic signing mode. To change this to the randomized signing mode, define the `DILITHIUM_RANDOMIZED_SIGNING` preprocessor macro at compilation by either uncommenting the line
+By default our code implements Dilithium's randomized signing mode. To change this to the deterministic signing mode, undefine the `DILITHIUM_RANDOMIZED_SIGNING` preprocessor macro at compilation by commenting the line
```sh
-//#define DILITHIUM_RANDOMIZED_SIGNING
+#define DILITHIUM_RANDOMIZED_SIGNING
```
-in config.h, or adding `-DDILITHIUM_RANDOMIZED_SIGNING` to the compiler flags in the environment variable `CFLAGS`.
+in config.h.
## Shared libraries
diff --git a/avx2/api.h b/avx2/api.h
index 1948a96..55b6376 100644
--- a/avx2/api.h
+++ b/avx2/api.h
@@ -5,7 +5,7 @@
#include <stdint.h>
#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312
-#define pqcrystals_dilithium2_SECRETKEYBYTES 2528
+#define pqcrystals_dilithium2_SECRETKEYBYTES 2560
#define pqcrystals_dilithium2_BYTES 2420
#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES
@@ -32,8 +32,8 @@ int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen,
#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952
-#define pqcrystals_dilithium3_SECRETKEYBYTES 4000
-#define pqcrystals_dilithium3_BYTES 3293
+#define pqcrystals_dilithium3_SECRETKEYBYTES 4032
+#define pqcrystals_dilithium3_BYTES 3309
#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES
#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES
@@ -59,8 +59,8 @@ int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen,
#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592
-#define pqcrystals_dilithium5_SECRETKEYBYTES 4864
-#define pqcrystals_dilithium5_BYTES 4595
+#define pqcrystals_dilithium5_SECRETKEYBYTES 4896
+#define pqcrystals_dilithium5_BYTES 4627
#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES
#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES
diff --git a/avx2/config.h b/avx2/config.h
index ba5caa8..e59f81a 100644
--- a/avx2/config.h
+++ b/avx2/config.h
@@ -2,7 +2,7 @@
#define CONFIG_H
//#define DILITHIUM_MODE 2
-//#define DILITHIUM_RANDOMIZED_SIGNING
+#define DILITHIUM_RANDOMIZED_SIGNING
//#define USE_RDPMC
//#define DBENCH
@@ -11,17 +11,17 @@
#endif
#if DILITHIUM_MODE == 2
-#define CRYPTO_ALGNAME "Dilithium2"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-44-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_avx2_##s
#elif DILITHIUM_MODE == 3
-#define CRYPTO_ALGNAME "Dilithium3"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-65-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_avx2_##s
#elif DILITHIUM_MODE == 5
-#define CRYPTO_ALGNAME "Dilithium5"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_avx2
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_avx2_##s
+#define CRYPTO_ALGNAME "ML-DSA-87-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_avx2
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_avx2_##s
#endif
#endif
diff --git a/avx2/poly.c b/avx2/poly.c
index c1b21c1..25d3682 100644
--- a/avx2/poly.c
+++ b/avx2/poly.c
@@ -401,6 +401,7 @@ void poly_uniform(poly *a, const uint8_t seed[SEEDBYTES], uint16_t nonce)
stream128_state state;
stream128_init(&state, seed, nonce);
poly_uniform_preinit(a, &state);
+ stream128_release(&state);
}
void poly_uniform_4x(poly *a0,
@@ -415,7 +416,7 @@ void poly_uniform_4x(poly *a0,
{
unsigned int ctr0, ctr1, ctr2, ctr3;
ALIGNED_UINT8(REJ_UNIFORM_BUFLEN+8) buf[4];
- keccakx4_state state;
+ shake128x4incctx state;
__m256i f;
f = _mm256_loadu_si256((__m256i *)seed);
@@ -433,6 +434,7 @@ void poly_uniform_4x(poly *a0,
buf[3].coeffs[SEEDBYTES+0] = nonce3;
buf[3].coeffs[SEEDBYTES+1] = nonce3 >> 8;
+ shake128x4_inc_init(&state);
shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, SEEDBYTES + 2);
shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_NBLOCKS, &state);
@@ -449,6 +451,7 @@ void poly_uniform_4x(poly *a0,
ctr2 += rej_uniform(a2->coeffs + ctr2, N - ctr2, buf[2].coeffs, SHAKE128_RATE);
ctr3 += rej_uniform(a3->coeffs + ctr3, N - ctr3, buf[3].coeffs, SHAKE128_RATE);
}
+ shake128x4_inc_ctx_release(&state);
}
/*************************************************
@@ -530,6 +533,7 @@ void poly_uniform_eta(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce)
stream256_state state;
stream256_init(&state, seed, nonce);
poly_uniform_eta_preinit(a, &state);
+ stream256_release(&state);
}
void poly_uniform_eta_4x(poly *a0,
@@ -546,7 +550,7 @@ void poly_uniform_eta_4x(poly *a0,
ALIGNED_UINT8(REJ_UNIFORM_ETA_BUFLEN) buf[4];
__m256i f;
- keccakx4_state state;
+ shake256x4incctx state;
f = _mm256_loadu_si256((__m256i *)&seed[0]);
_mm256_store_si256(&buf[0].vec[0],f);
@@ -568,6 +572,7 @@ void poly_uniform_eta_4x(poly *a0,
buf[3].coeffs[64] = nonce3;
buf[3].coeffs[65] = nonce3 >> 8;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 66);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_ETA_NBLOCKS, &state);
@@ -584,6 +589,7 @@ void poly_uniform_eta_4x(poly *a0,
ctr2 += rej_eta(a2->coeffs + ctr2, N - ctr2, buf[2].coeffs, SHAKE256_RATE);
ctr3 += rej_eta(a3->coeffs + ctr3, N - ctr3, buf[3].coeffs, SHAKE256_RATE);
}
+ shake256x4_inc_ctx_release(&state);
}
/*************************************************
@@ -611,6 +617,7 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce)
stream256_state state;
stream256_init(&state, seed, nonce);
poly_uniform_gamma1_preinit(a, &state);
+ stream256_release(&state);
}
void poly_uniform_gamma1_4x(poly *a0,
@@ -624,7 +631,7 @@ void poly_uniform_gamma1_4x(poly *a0,
uint16_t nonce3)
{
ALIGNED_UINT8(POLY_UNIFORM_GAMMA1_NBLOCKS*STREAM256_BLOCKBYTES+14) buf[4];
- keccakx4_state state;
+ shake256x4incctx state;
__m256i f;
f = _mm256_loadu_si256((__m256i *)&seed[0]);
@@ -647,8 +654,10 @@ void poly_uniform_gamma1_4x(poly *a0,
buf[3].coeffs[64] = nonce3;
buf[3].coeffs[65] = nonce3 >> 8;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 66);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
+ shake256x4_inc_ctx_release(&state);
polyz_unpack(a0, buf[0].coeffs);
polyz_unpack(a1, buf[1].coeffs);
@@ -670,12 +679,12 @@ void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) {
unsigned int i, b, pos;
uint64_t signs;
ALIGNED_UINT8(SHAKE256_RATE) buf;
- keccak_state state;
+ shake256incctx state;
- shake256_init(&state);
- shake256_absorb(&state, seed, SEEDBYTES);
- shake256_finalize(&state);
- shake256_squeezeblocks(buf.coeffs, 1, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, seed, SEEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state);
memcpy(&signs, buf.coeffs, 8);
pos = 8;
@@ -695,6 +704,7 @@ void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) {
c->coeffs[b] = 1 - 2*(signs & 1);
signs >>= 1;
}
+ shake256_inc_ctx_release(&state);
}
/*************************************************
diff --git a/avx2/sign.c b/avx2/sign.c
index c8f2398..a39f851 100644
--- a/avx2/sign.c
+++ b/avx2/sign.c
@@ -161,7 +161,7 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t
polyvecl y;
polyveck w0;
} tmpv;
- keccak_state state;
+ shake256incctx state;
rho = seedbuf;
tr = rho + SEEDBYTES;
@@ -172,11 +172,11 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t
unpack_sk(rho, tr, key, &t0, &s1, &s2, sk);
/* Compute CRH(tr, msg) */
- shake256_init(&state);
- shake256_absorb(&state, tr, TRBYTES);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, tr, TRBYTES);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
#ifdef DILITHIUM_RANDOMIZED_SIGNING
randombytes(rnd, RNDBYTES);
@@ -223,11 +223,11 @@ rej:
polyveck_decompose(&w1, &tmpv.w0, &w1);
polyveck_pack_w1(sig, &w1);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(sig, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(sig, CTILDEBYTES, &state);
poly_challenge(&c, sig);
poly_ntt(&c);
@@ -272,6 +272,7 @@ rej:
hint[OMEGA + i] = pos = pos + n;
}
+ shake256_inc_ctx_release(&state);
/* Pack z into signature */
for(i = 0; i < L; i++)
polyz_pack(sig + CTILDEBYTES + i*POLYZ_PACKEDBYTES, &z.vec[i]);
@@ -329,18 +330,19 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size
polyvecl *row = rowbuf;
polyvecl z;
poly c, w1, h;
- keccak_state state;
+ shake256incctx state;
if(siglen != CRYPTO_BYTES)
return -1;
/* Compute CRH(H(rho, t1), msg) */
shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_ctx_release(&state);
/* Expand challenge */
poly_challenge(&c, sig);
@@ -390,11 +392,12 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size
if(hint[j]) return -1;
/* Call random oracle and verify challenge */
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(buf.coeffs, CTILDEBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(buf.coeffs, CTILDEBYTES, &state);
+ shake256_inc_ctx_release(&state);
for(i = 0; i < CTILDEBYTES; ++i)
if(buf.coeffs[i] != sig[i])
return -1;
diff --git a/avx2/symmetric.h b/avx2/symmetric.h
index 8f3c3c5..fa49963 100644
--- a/avx2/symmetric.h
+++ b/avx2/symmetric.h
@@ -6,21 +6,23 @@
#include "fips202.h"
-typedef keccak_state stream128_state;
-typedef keccak_state stream256_state;
+typedef shake128incctx stream128_state;
+typedef shake256incctx stream256_state;
#define dilithium_shake128_stream_init DILITHIUM_NAMESPACE(dilithium_shake128_stream_init)
-void dilithium_shake128_stream_init(keccak_state *state, const uint8_t seed[SEEDBYTES], uint16_t nonce);
+void dilithium_shake128_stream_init(shake128incctx *state, const uint8_t seed[SEEDBYTES], uint16_t nonce);
#define dilithium_shake256_stream_init DILITHIUM_NAMESPACE(dilithium_shake256_stream_init)
-void dilithium_shake256_stream_init(keccak_state *state, const uint8_t seed[CRHBYTES], uint16_t nonce);
+void dilithium_shake256_stream_init(shake256incctx *state, const uint8_t seed[CRHBYTES], uint16_t nonce);
#define STREAM128_BLOCKBYTES SHAKE128_RATE
#define STREAM256_BLOCKBYTES SHAKE256_RATE
#define stream128_init(STATE, SEED, NONCE) dilithium_shake128_stream_init(STATE, SEED, NONCE)
#define stream128_squeezeblocks(OUT, OUTBLOCKS, STATE) shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream128_release(STATE) shake128_inc_ctx_release(STATE)
#define stream256_init(STATE, SEED, NONCE) dilithium_shake256_stream_init(STATE, SEED, NONCE)
#define stream256_squeezeblocks(OUT, OUTBLOCKS, STATE) shake256_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream256_release(STATE) shake256_inc_ctx_release(STATE)
#endif
diff --git a/ref/api.h b/ref/api.h
index cc5c6fe..78caa5c 100644
--- a/ref/api.h
+++ b/ref/api.h
@@ -33,7 +33,7 @@ int pqcrystals_dilithium2_ref_open(uint8_t *m, size_t *mlen,
#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952
#define pqcrystals_dilithium3_SECRETKEYBYTES 4032
-#define pqcrystals_dilithium3_BYTES 3293
+#define pqcrystals_dilithium3_BYTES 3309
#define pqcrystals_dilithium3_ref_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES
#define pqcrystals_dilithium3_ref_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES
@@ -60,7 +60,7 @@ int pqcrystals_dilithium3_ref_open(uint8_t *m, size_t *mlen,
#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592
#define pqcrystals_dilithium5_SECRETKEYBYTES 4896
-#define pqcrystals_dilithium5_BYTES 4595
+#define pqcrystals_dilithium5_BYTES 4627
#define pqcrystals_dilithium5_ref_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES
#define pqcrystals_dilithium5_ref_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES
diff --git a/ref/config.h b/ref/config.h
index 5ddcd8c..eddf13f 100644
--- a/ref/config.h
+++ b/ref/config.h
@@ -2,7 +2,7 @@
#define CONFIG_H
//#define DILITHIUM_MODE 2
-//#define DILITHIUM_RANDOMIZED_SIGNING
+#define DILITHIUM_RANDOMIZED_SIGNING
//#define USE_RDPMC
//#define DBENCH
@@ -11,17 +11,17 @@
#endif
#if DILITHIUM_MODE == 2
-#define CRYPTO_ALGNAME "Dilithium2"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-44-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_ref_##s
#elif DILITHIUM_MODE == 3
-#define CRYPTO_ALGNAME "Dilithium3"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-65-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_ref_##s
#elif DILITHIUM_MODE == 5
-#define CRYPTO_ALGNAME "Dilithium5"
-#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_ref
-#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_ref_##s
+#define CRYPTO_ALGNAME "ML-DSA-87-ipd"
+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_ref
+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_ref_##s
#endif
#endif
diff --git a/ref/packing.h b/ref/packing.h
index 1e8e9e7..8e47728 100644
--- a/ref/packing.h
+++ b/ref/packing.h
@@ -18,7 +18,7 @@ void pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES],
const polyveck *s2);
#define pack_sig DILITHIUM_NAMESPACE(pack_sig)
-void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[SEEDBYTES], const polyvecl *z, const polyveck *h);
+void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[CTILDEBYTES], const polyvecl *z, const polyveck *h);
#define unpack_pk DILITHIUM_NAMESPACE(unpack_pk)
void unpack_pk(uint8_t rho[SEEDBYTES], polyveck *t1, const uint8_t pk[CRYPTO_PUBLICKEYBYTES]);
@@ -33,6 +33,6 @@ void unpack_sk(uint8_t rho[SEEDBYTES],
const uint8_t sk[CRYPTO_SECRETKEYBYTES]);
#define unpack_sig DILITHIUM_NAMESPACE(unpack_sig)
-int unpack_sig(uint8_t c[SEEDBYTES], polyvecl *z, polyveck *h, const uint8_t sig[CRYPTO_BYTES]);
+int unpack_sig(uint8_t c[CTILDEBYTES], polyvecl *z, polyveck *h, const uint8_t sig[CRYPTO_BYTES]);
#endif
diff --git a/ref/poly.c b/ref/poly.c
index fe3b787..7983aac 100644
--- a/ref/poly.c
+++ b/ref/poly.c
@@ -365,6 +365,7 @@ void poly_uniform(poly *a,
buflen = STREAM128_BLOCKBYTES + off;
ctr += rej_uniform(a->coeffs + ctr, N - ctr, buf, buflen);
}
+ stream128_release(&state);
}
/*************************************************
@@ -450,6 +451,7 @@ void poly_uniform_eta(poly *a,
stream256_squeezeblocks(buf, 1, &state);
ctr += rej_eta(a->coeffs + ctr, N - ctr, buf, STREAM256_BLOCKBYTES);
}
+ stream256_release(&state);
}
/*************************************************
@@ -473,6 +475,7 @@ void poly_uniform_gamma1(poly *a,
stream256_init(&state, seed, nonce);
stream256_squeezeblocks(buf, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
+ stream256_release(&state);
polyz_unpack(a, buf);
}
@@ -490,11 +493,11 @@ void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) {
unsigned int i, b, pos;
uint64_t signs;
uint8_t buf[SHAKE256_RATE];
- keccak_state state;
+ shake256incctx state;
- shake256_init(&state);
- shake256_absorb(&state, seed, SEEDBYTES);
- shake256_finalize(&state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, seed, SEEDBYTES);
+ shake256_inc_finalize(&state);
shake256_squeezeblocks(buf, 1, &state);
signs = 0;
@@ -518,6 +521,7 @@ void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) {
c->coeffs[b] = 1 - 2*(signs & 1);
signs >>= 1;
}
+ shake256_inc_ctx_release(&state);
}
/*************************************************
diff --git a/ref/sign.c b/ref/sign.c
index d25a399..9298ad2 100644
--- a/ref/sign.c
+++ b/ref/sign.c
@@ -90,7 +90,7 @@ int crypto_sign_signature(uint8_t *sig,
polyvecl mat[K], s1, y, z;
polyveck t0, s2, w1, w0, h;
poly cp;
- keccak_state state;
+ shake256incctx state;
rho = seedbuf;
tr = rho + SEEDBYTES;
@@ -102,11 +102,11 @@ int crypto_sign_signature(uint8_t *sig,
/* Compute mu = CRH(tr, msg) */
- shake256_init(&state);
- shake256_absorb(&state, tr, TRBYTES);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, tr, TRBYTES);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
#ifdef DILITHIUM_RANDOMIZED_SIGNING
randombytes(rnd, RNDBYTES);
@@ -138,11 +138,11 @@ rej:
polyveck_decompose(&w1, &w0, &w1);
polyveck_pack_w1(sig, &w1);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(sig, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(sig, CTILDEBYTES, &state);
poly_challenge(&cp, sig); /* uses only the first SEEDBYTES bytes of sig */
poly_ntt(&cp);
@@ -175,6 +175,8 @@ rej:
if(n > OMEGA)
goto rej;
+ shake256_inc_ctx_release(&state);
+
/* Write signature */
pack_sig(sig, sig, &z, &h);
*siglen = CRYPTO_BYTES;
@@ -240,7 +242,7 @@ int crypto_sign_verify(const uint8_t *sig,
poly cp;
polyvecl mat[K], z;
polyveck t1, w1, h;
- keccak_state state;
+ shake256incctx state;
if(siglen != CRYPTO_BYTES)
return -1;
@@ -253,11 +255,11 @@ int crypto_sign_verify(const uint8_t *sig,
/* Compute CRH(H(rho, t1), msg) */
shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES);
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, m, mlen);
- shake256_finalize(&state);
- shake256_squeeze(mu, CRHBYTES, &state);
+ shake256_inc_init(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, m, mlen);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(mu, CRHBYTES, &state);
/* Matrix-vector multiplication; compute Az - c2^dt1 */
poly_challenge(&cp, c); /* uses only the first SEEDBYTES bytes of c */
@@ -281,11 +283,12 @@ int crypto_sign_verify(const uint8_t *sig,
polyveck_pack_w1(buf, &w1);
/* Call random oracle and verify challenge */
- shake256_init(&state);
- shake256_absorb(&state, mu, CRHBYTES);
- shake256_absorb(&state, buf, K*POLYW1_PACKEDBYTES);
- shake256_finalize(&state);
- shake256_squeeze(c2, CTILDEBYTES, &state);
+ shake256_inc_ctx_reset(&state);
+ shake256_inc_absorb(&state, mu, CRHBYTES);
+ shake256_inc_absorb(&state, buf, K*POLYW1_PACKEDBYTES);
+ shake256_inc_finalize(&state);
+ shake256_inc_squeeze(c2, CTILDEBYTES, &state);
+ shake256_inc_ctx_release(&state);
for(i = 0; i < CTILDEBYTES; ++i)
if(c[i] != c2[i])
return -1;
diff --git a/ref/symmetric-shake.c b/ref/symmetric-shake.c
index 11ec09c..963f649 100644
--- a/ref/symmetric-shake.c
+++ b/ref/symmetric-shake.c
@@ -3,26 +3,26 @@
#include "symmetric.h"
#include "fips202.h"
-void dilithium_shake128_stream_init(keccak_state *state, const uint8_t seed[SEEDBYTES], uint16_t nonce)
+void dilithium_shake128_stream_init(shake128incctx *state, const uint8_t seed[SEEDBYTES], uint16_t nonce)
{
uint8_t t[2];
t[0] = nonce;
t[1] = nonce >> 8;
- shake128_init(state);
- shake128_absorb(state, seed, SEEDBYTES);
- shake128_absorb(state, t, 2);
- shake128_finalize(state);
+ shake128_inc_init(state);
+ shake128_inc_absorb(state, seed, SEEDBYTES);
+ shake128_inc_absorb(state, t, 2);
+ shake128_inc_finalize(state);
}
-void dilithium_shake256_stream_init(keccak_state *state, const uint8_t seed[CRHBYTES], uint16_t nonce)
+void dilithium_shake256_stream_init(shake256incctx *state, const uint8_t seed[CRHBYTES], uint16_t nonce)
{
uint8_t t[2];
t[0] = nonce;
t[1] = nonce >> 8;
- shake256_init(state);
- shake256_absorb(state, seed, CRHBYTES);
- shake256_absorb(state, t, 2);
- shake256_finalize(state);
+ shake256_inc_init(state);
+ shake256_inc_absorb(state, seed, CRHBYTES);
+ shake256_inc_absorb(state, t, 2);
+ shake256_inc_finalize(state);
}
diff --git a/ref/symmetric.h b/ref/symmetric.h
index cba12d1..211de3b 100644
--- a/ref/symmetric.h
+++ b/ref/symmetric.h
@@ -6,16 +6,16 @@
#include "fips202.h"
-typedef keccak_state stream128_state;
-typedef keccak_state stream256_state;
+typedef shake128incctx stream128_state;
+typedef shake256incctx stream256_state;
#define dilithium_shake128_stream_init DILITHIUM_NAMESPACE(dilithium_shake128_stream_init)
-void dilithium_shake128_stream_init(keccak_state *state,
+void dilithium_shake128_stream_init(shake128incctx *state,
const uint8_t seed[SEEDBYTES],
uint16_t nonce);
#define dilithium_shake256_stream_init DILITHIUM_NAMESPACE(dilithium_shake256_stream_init)
-void dilithium_shake256_stream_init(keccak_state *state,
+void dilithium_shake256_stream_init(shake256incctx *state,
const uint8_t seed[CRHBYTES],
uint16_t nonce);
@@ -26,9 +26,11 @@ void dilithium_shake256_stream_init(keccak_state *state,
dilithium_shake128_stream_init(STATE, SEED, NONCE)
#define stream128_squeezeblocks(OUT, OUTBLOCKS, STATE) \
shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream128_release(STATE) shake128_inc_ctx_release(STATE)
#define stream256_init(STATE, SEED, NONCE) \
dilithium_shake256_stream_init(STATE, SEED, NONCE)
#define stream256_squeezeblocks(OUT, OUTBLOCKS, STATE) \
shake256_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define stream256_release(STATE) shake256_inc_ctx_release(STATE)
#endif

448
scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch Normal file
View File

@ -0,0 +1,448 @@
diff --git a/Kyber1024_META.yml b/ML-KEM-1024-ipd_META.yml
index baa5ca3..ffafcf0 100644
--- a/Kyber1024_META.yml
+++ b/ML-KEM-1024-ipd_META.yml
@@ -1,4 +1,4 @@
-name: Kyber1024
+name: ML-KEM-1024-ipd
type: kem
claimed-nist-level: 5
claimed-security: IND-CCA2
@@ -6,8 +6,8 @@ length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
-nistkat-sha256: 5afcf2a568ad32d49b55105b032af1850f03f3888ff9e2a72f4059c58e968f60
-testvectors-sha256: ff1a854b9b6761a70c65ccae85246fe0596a949e72eae0866a8a2a2d4ea54b10
+nistkat-sha256: 03d6494b74c45d010e61b0328c1ab318c4df3b7f9dbd04d0e35b3468848584b7
+testvectors-sha256: 85ab251d6e749e6b27507a8a6ec473ba2e8419c1aef87d0cd5ec9903c1bb92df
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
@@ -22,22 +22,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+ version: https://github.com/pq-crystals/kyber/tree/standard
folder_name: ref
compile_opts: -DKYBER_K=4
- signature_keypair: pqcrystals_kyber1024_ref_keypair
- signature_enc: pqcrystals_kyber1024_ref_enc
- signature_dec: pqcrystals_kyber1024_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ signature_keypair: pqcrystals_ml_kem_1024_ipd_ref_keypair
+ signature_enc: pqcrystals_ml_kem_1024_ipd_ref_enc
+ signature_dec: pqcrystals_ml_kem_1024_ipd_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+ version: https://github.com/pq-crystals/kyber/tree/standard
compile_opts: -DKYBER_K=4
- signature_keypair: pqcrystals_kyber1024_avx2_keypair
- signature_enc: pqcrystals_kyber1024_avx2_enc
- signature_dec: pqcrystals_kyber1024_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
+ signature_keypair: pqcrystals_ml_kem_1024_ipd_avx2_keypair
+ signature_enc: pqcrystals_ml_kem_1024_ipd_avx2_enc
+ signature_dec: pqcrystals_ml_kem_1024_ipd_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Kyber512_META.yml b/ML-KEM-512-ipd_META.yml
index b251701..d20f0b1 100644
--- a/Kyber512_META.yml
+++ b/ML-KEM-512-ipd_META.yml
@@ -1,4 +1,4 @@
-name: Kyber512
+name: ML-KEM-512-ipd
type: kem
claimed-nist-level: 1
claimed-security: IND-CCA2
@@ -6,8 +6,8 @@ length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
-nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
-testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85
+nistkat-sha256: 76aae1fa3f8367522700b22da635a5bc4ced4298edb0eb9947aa3ba60d62676f
+testvectors-sha256: e1ac6fb45e2511f4170a3527c0c50dcd61336f47113df7a299a61ef8394bd669
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
@@ -22,22 +22,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/kyber/commit/74cad307858b61e434490c75f812cb9b9ef7279b
+ version: https://github.com/pq-crystals/kyber/tree/standard
folder_name: ref
compile_opts: -DKYBER_K=2
- signature_keypair: pqcrystals_kyber512_ref_keypair
- signature_enc: pqcrystals_kyber512_ref_enc
- signature_dec: pqcrystals_kyber512_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ signature_keypair: pqcrystals_ml_kem_512_ipd_ref_keypair
+ signature_enc: pqcrystals_ml_kem_512_ipd_ref_enc
+ signature_dec: pqcrystals_ml_kem_512_ipd_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/36414d64fc1890ed58d1ca8b1e0cab23635d1ac2
+ version: https://github.com/pq-crystals/kyber/tree/standard
compile_opts: -DKYBER_K=2
- signature_keypair: pqcrystals_kyber512_avx2_keypair
- signature_enc: pqcrystals_kyber512_avx2_enc
- signature_dec: pqcrystals_kyber512_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
+ signature_keypair: pqcrystals_ml_kem_512_ipd_avx2_keypair
+ signature_enc: pqcrystals_ml_kem_512_ipd_avx2_enc
+ signature_dec: pqcrystals_ml_kem_512_ipd_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/Kyber768_META.yml b/ML-KEM-768-ipd_META.yml
index 7a0cc3d..e768cd5 100644
--- a/Kyber768_META.yml
+++ b/ML-KEM-768-ipd_META.yml
@@ -1,4 +1,4 @@
-name: Kyber768
+name: ML-KEM-768-ipd
type: kem
claimed-nist-level: 3
claimed-security: IND-CCA2
@@ -6,8 +6,8 @@ length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
-nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172
-testvectors-sha256: 667c8ca2ca93729c0df6ff24588460bad1bbdbfb64ece0fe8563852a7ff348c6
+nistkat-sha256: c7e76b4b30c786b5b70c152a446e7832c1cb42b3816ec048dbeaf7041211b310
+testvectors-sha256: 2586721a714c439f6fef26e29ee1c4c67c6207186f810617f278e6ce3e67ea0d
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
@@ -22,22 +22,20 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: ref
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+ version: https://github.com/pq-crystals/kyber/tree/standard
folder_name: ref
compile_opts: -DKYBER_K=3
- signature_keypair: pqcrystals_kyber768_ref_keypair
- signature_enc: pqcrystals_kyber768_ref_enc
- signature_dec: pqcrystals_kyber768_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
+ signature_keypair: pqcrystals_ml_kem_768_ipd_ref_keypair
+ signature_enc: pqcrystals_ml_kem_768_ipd_ref_enc
+ signature_dec: pqcrystals_ml_kem_768_ipd_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
+ version: https://github.com/pq-crystals/kyber/tree/standard
compile_opts: -DKYBER_K=3
- signature_keypair: pqcrystals_kyber768_avx2_keypair
- signature_enc: pqcrystals_kyber768_avx2_enc
- signature_dec: pqcrystals_kyber768_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
+ signature_keypair: pqcrystals_ml_kem_768_ipd_avx2_keypair
+ signature_enc: pqcrystals_ml_kem_768_ipd_avx2_enc
+ signature_dec: pqcrystals_ml_kem_768_ipd_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/avx2/indcpa.c b/avx2/indcpa.c
index 4f3b782..572ce49 100644
--- a/avx2/indcpa.c
+++ b/avx2/indcpa.c
@@ -175,7 +175,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
unsigned int ctr0, ctr1, ctr2, ctr3;
ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
__m256i f;
- keccakx4_state state;
+ shake128x4incctx state;
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
@@ -204,6 +204,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
buf[3].coeffs[33] = 1;
}
+ shake128x4_inc_init(&state);
shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 34);
shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state);
@@ -225,6 +226,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
poly_nttunpack(&a[0].vec[1]);
poly_nttunpack(&a[1].vec[0]);
poly_nttunpack(&a[1].vec[1]);
+ shake128x4_inc_ctx_release(&state);
}
#elif KYBER_K == 3
void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
@@ -232,8 +234,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
unsigned int ctr0, ctr1, ctr2, ctr3;
ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
__m256i f;
- keccakx4_state state;
- keccak_state state1x;
+ shake128x4incctx state;
+ shake128incctx state1x;
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
@@ -262,6 +264,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
buf[3].coeffs[33] = 1;
}
+ shake128x4_inc_init(&state);
shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 34);
shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state);
@@ -327,6 +330,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
ctr2 += rej_uniform(a[2].vec[0].coeffs + ctr2, KYBER_N - ctr2, buf[2].coeffs, SHAKE128_RATE);
ctr3 += rej_uniform(a[2].vec[1].coeffs + ctr3, KYBER_N - ctr3, buf[3].coeffs, SHAKE128_RATE);
}
+ shake128x4_inc_ctx_release(&state);
poly_nttunpack(&a[1].vec[1]);
poly_nttunpack(&a[1].vec[2]);
@@ -337,6 +341,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
_mm256_store_si256(buf[0].vec, f);
buf[0].coeffs[32] = 2;
buf[0].coeffs[33] = 2;
+
+ shake128_inc_init(&state1x);
shake128_absorb_once(&state1x, buf[0].coeffs, 34);
shake128_squeezeblocks(buf[0].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state1x);
ctr0 = rej_uniform_avx(a[2].vec[2].coeffs, buf[0].coeffs);
@@ -344,6 +350,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
shake128_squeezeblocks(buf[0].coeffs, 1, &state1x);
ctr0 += rej_uniform(a[2].vec[2].coeffs + ctr0, KYBER_N - ctr0, buf[0].coeffs, SHAKE128_RATE);
}
+ shake128_inc_ctx_release(&state1x);
poly_nttunpack(&a[2].vec[2]);
}
@@ -353,7 +360,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
unsigned int i, ctr0, ctr1, ctr2, ctr3;
ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
__m256i f;
- keccakx4_state state;
+ shake128x4incctx state;
+ shake128x4_inc_init(&state);
for(i=0;i<4;i++) {
f = _mm256_loadu_si256((__m256i *)seed);
@@ -405,6 +413,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
poly_nttunpack(&a[i].vec[2]);
poly_nttunpack(&a[i].vec[3]);
}
+ shake128x4_inc_ctx_release(&state);
}
#endif
diff --git a/avx2/params.h b/avx2/params.h
index bc70ebf..fdc688e 100644
--- a/avx2/params.h
+++ b/avx2/params.h
@@ -12,19 +12,19 @@
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber512_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s
#endif
#elif (KYBER_K == 3)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber768_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s
#endif
#elif (KYBER_K == 4)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s
#endif
#else
#error "KYBER_K must be in {2,3,4}"
diff --git a/avx2/poly.c b/avx2/poly.c
index ab148a2..96bad86 100644
--- a/avx2/poly.c
+++ b/avx2/poly.c
@@ -2,6 +2,7 @@
#include <immintrin.h>
#include <string.h>
#include "align.h"
+#include "fips202x4.h"
#include "params.h"
#include "poly.h"
#include "ntt.h"
@@ -412,7 +413,7 @@ void poly_getnoise_eta1_4x(poly *r0,
{
ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
__m256i f;
- keccakx4_state state;
+ shake256x4incctx state;
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
@@ -425,8 +426,10 @@ void poly_getnoise_eta1_4x(poly *r0,
buf[2].coeffs[32] = nonce2;
buf[3].coeffs[32] = nonce3;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 33);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, NOISE_NBLOCKS, &state);
+ shake256x4_inc_ctx_release(&state);
poly_cbd_eta1(r0, buf[0].vec);
poly_cbd_eta1(r1, buf[1].vec);
@@ -447,7 +450,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
{
ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
__m256i f;
- keccakx4_state state;
+ shake256x4incctx state;
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
@@ -460,8 +463,10 @@ void poly_getnoise_eta1122_4x(poly *r0,
buf[2].coeffs[32] = nonce2;
buf[3].coeffs[32] = nonce3;
+ shake256x4_inc_init(&state);
shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 33);
shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, NOISE_NBLOCKS, &state);
+ shake256x4_inc_ctx_release(&state);
poly_cbd_eta1(r0, buf[0].vec);
poly_cbd_eta1(r1, buf[1].vec);
diff --git a/avx2/symmetric.h b/avx2/symmetric.h
index 627b891..e4941f7 100644
--- a/avx2/symmetric.h
+++ b/avx2/symmetric.h
@@ -8,10 +8,10 @@
#include "fips202.h"
#include "fips202x4.h"
-typedef keccak_state xof_state;
+typedef shake128incctx xof_state;
#define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb)
-void kyber_shake128_absorb(keccak_state *s,
+void kyber_shake128_absorb(shake128incctx *s,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y);
diff --git a/ref/indcpa.c b/ref/indcpa.c
index 5d74518..4a8b4c8 100644
--- a/ref/indcpa.c
+++ b/ref/indcpa.c
@@ -164,6 +164,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
unsigned int buflen, off;
uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES+2];
xof_state state;
+ xof_init(&state, seed);
for(i=0;i<KYBER_K;i++) {
for(j=0;j<KYBER_K;j++) {
@@ -186,6 +187,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
}
}
}
+ xof_release(&state);
}
/*************************************************
diff --git a/ref/params.h b/ref/params.h
index 0802c74..36b2b98 100644
--- a/ref/params.h
+++ b/ref/params.h
@@ -8,11 +8,11 @@
/* Don't change parameters below this line */
#if (KYBER_K == 2)
-#define KYBER_NAMESPACE(s) pqcrystals_kyber512_ref_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_ref_##s
#elif (KYBER_K == 3)
-#define KYBER_NAMESPACE(s) pqcrystals_kyber768_ref_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_ref_##s
#elif (KYBER_K == 4)
-#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_ref_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_ref_##s
#else
#error "KYBER_K must be in {2,3,4}"
#endif
diff --git a/ref/symmetric-shake.c b/ref/symmetric-shake.c
index 6a99071..20f4518 100644
--- a/ref/symmetric-shake.c
+++ b/ref/symmetric-shake.c
@@ -15,7 +15,7 @@
* - uint8_t i: additional byte of input
* - uint8_t j: additional byte of input
**************************************************/
-void kyber_shake128_absorb(keccak_state *state,
+void kyber_shake128_absorb(shake128incctx *state,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y)
@@ -63,11 +63,12 @@ void kyber_shake256_prf(uint8_t *out, size_t outlen, const uint8_t key[KYBER_SYM
**************************************************/
void kyber_shake256_rkprf(uint8_t out[KYBER_SSBYTES], const uint8_t key[KYBER_SYMBYTES], const uint8_t input[KYBER_CIPHERTEXTBYTES])
{
- keccak_state s;
+ shake256incctx s;
- shake256_init(&s);
- shake256_absorb(&s, key, KYBER_SYMBYTES);
- shake256_absorb(&s, input, KYBER_CIPHERTEXTBYTES);
- shake256_finalize(&s);
- shake256_squeeze(out, KYBER_SSBYTES, &s);
+ shake256_inc_init(&s);
+ shake256_inc_absorb(&s, key, KYBER_SYMBYTES);
+ shake256_inc_absorb(&s, input, KYBER_CIPHERTEXTBYTES);
+ shake256_inc_finalize(&s);
+ shake256_inc_squeeze(out, KYBER_SSBYTES, &s);
+ shake256_inc_ctx_release(&s);
}
diff --git a/ref/symmetric.h b/ref/symmetric.h
index 58e6ece..2acc66f 100644
--- a/ref/symmetric.h
+++ b/ref/symmetric.h
@@ -7,10 +7,10 @@
#include "fips202.h"
-typedef keccak_state xof_state;
+typedef shake128incctx xof_state;
#define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb)
-void kyber_shake128_absorb(keccak_state *s,
+void kyber_shake128_absorb(shake128incctx *s,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y);
@@ -25,8 +25,10 @@ void kyber_shake256_rkprf(uint8_t out[KYBER_SSBYTES], const uint8_t key[KYBER_SY
#define hash_h(OUT, IN, INBYTES) sha3_256(OUT, IN, INBYTES)
#define hash_g(OUT, IN, INBYTES) sha3_512(OUT, IN, INBYTES)
+#define xof_init(STATE, SEED) shake128_inc_init(STATE)
#define xof_absorb(STATE, SEED, X, Y) kyber_shake128_absorb(STATE, SEED, X, Y)
#define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
+#define xof_release(STATE) shake128_inc_ctx_release(STATE)
#define prf(OUT, OUTBYTES, KEY, NONCE) kyber_shake256_prf(OUT, OUTBYTES, KEY, NONCE)
#define rkprf(OUT, KEY, INPUT) kyber_shake256_rkprf(OUT, KEY, INPUT)

21
scripts/copy_from_upstream/patches/pqmayo-aes.patch
View File

@ -1,21 +0,0 @@
diff --git a/src/common/aes_ctr.h b/src/common/aes_ctr.h
index fdec519..8d2f429 100644
--- a/src/common/aes_ctr.h
+++ b/src/common/aes_ctr.h
@@ -23,8 +23,14 @@ int AES_128_CTR_4R_NI(unsigned char *output, size_t outputByteLen,
const unsigned char *input, size_t inputByteLen);
#define AES_128_CTR AES_128_CTR_NEON
#else
-int AES_128_CTR(unsigned char *output, size_t outputByteLen,
- const unsigned char *input, size_t inputByteLen);
+#include <aes.h>
+static inline int AES_128_CTR(unsigned char *output, size_t outputByteLen,
+ const unsigned char *input, size_t inputByteLen) {
+ (void) inputByteLen;
+ uint8_t iv[12] = { 0 };
+ aes128ctr_prf(output, outputByteLen, input, iv);
+ return (int) outputByteLen;
+}
#endif
#endif

33
scripts/copy_from_upstream/patches/pqmayo-mem.patch
View File

@ -1,33 +0,0 @@
diff --git a/include/mem.h b/include/mem.h
index 87324b8..b84405c 100644
--- a/include/mem.h
+++ b/include/mem.h
@@ -5,21 +5,24 @@
#include <stddef.h>
#include <stdint.h>
+#include <oqs/common.h>
/**
* Clears and frees allocated memory.
*
* @param[out] mem Memory to be cleared and freed.
* @param size Size of memory to be cleared and freed.
*/
-void mayo_secure_free(void *mem, size_t size);
-
+static inline void mayo_secure_free(void *mem, size_t size) {
+ OQS_MEM_secure_free(mem, size);
+}
/**
* Clears memory.
*
* @param[out] mem Memory to be cleared.
* @param size Size of memory to be cleared.
*/
-void mayo_secure_clear(void *mem, size_t size);
-
+static inline void mayo_secure_clear(void *mem, size_t size) {
+ OQS_MEM_cleanse(mem, size);
+}
#endif

12
scripts/copy_from_upstream/requirements.in
View File

@ -1,12 +0,0 @@
attrs==20.3.0
GitPython==3.1.41
importlib-metadata==3.7.0
Jinja2==3.1.5
markdown-it-py==2.2.0
MarkupSafe==2.1.3
mdit-py-plugins==0.3.4
PyYAML==6.0.1
tabulate==0.8.10
typing-extensions==3.7.4.3
wget==3.2
zipp==3.19.1

Some files were not shown because too many files have changed in this diff Show More