sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-03 00:02:36 -04:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: sharpetronics:nist-branch-snapshot-2018-07
Branches Tags
sharpetronics:main
sharpetronics:gyx-0.15.0-release-notes
sharpetronics:bhe-weekly-tests
sharpetronics:gyx-2203-swap-slhdsa-with-sphincs-in-std-algs
sharpetronics:large-runner
sharpetronics:gyx-hotfix-zephyr-ci-image-out-of-disk-space
sharpetronics:gh-pages
sharpetronics:bhe-sig-ct
sharpetronics:sqisign
sharpetronics:gyx-ci-tests-2258-2266
sharpetronics:ps-mldsa
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:sw-ct-optimized
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-alg-datasheet
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.14.0
sharpetronics:0.14.0-rc1
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04
...
compare: sharpetronics:main
Branches Tags
sharpetronics:main
sharpetronics:gyx-0.15.0-release-notes
sharpetronics:bhe-weekly-tests
sharpetronics:gyx-2203-swap-slhdsa-with-sphincs-in-std-algs
sharpetronics:large-runner
sharpetronics:gyx-hotfix-zephyr-ci-image-out-of-disk-space
sharpetronics:gh-pages
sharpetronics:bhe-sig-ct
sharpetronics:sqisign
sharpetronics:gyx-ci-tests-2258-2266
sharpetronics:ps-mldsa
sharpetronics:sw-test-cpu-exts
sharpetronics:sw-macos15-gcc14
sharpetronics:sw-benchmarks
sharpetronics:sw-ct-optimized
sharpetronics:ps-poutine
sharpetronics:vacuas-main
sharpetronics:sw-alg-datasheet
sharpetronics:sw-disable-by-default
sharpetronics:ash_support_missing_ossl_api
sharpetronics:0.14.0
sharpetronics:0.14.0-rc1
sharpetronics:0.13.0
sharpetronics:0.13.0-rc1
sharpetronics:0.12.0
sharpetronics:0.12.0-rc1
sharpetronics:0.11.0
sharpetronics:0.11.0-rc1
sharpetronics:0.10.1
sharpetronics:0.10.1-rc1
sharpetronics:0.10.0
sharpetronics:0.10.0-rc2
sharpetronics:0.10.0-rc1
sharpetronics:0.9.2
sharpetronics:0.9.2-rc1
sharpetronics:0.9.1
sharpetronics:0.9.1-rc1
sharpetronics:0.9.0
sharpetronics:0.9.0-rc1
sharpetronics:0.8.0
sharpetronics:0.8.0-rc1
sharpetronics:ietf116
sharpetronics:0.7.2
sharpetronics:0.7.2-rc2
sharpetronics:0.7.2-rc1
sharpetronics:0.7.1
sharpetronics:0.7.1-rc1
sharpetronics:0.7.0
sharpetronics:0.7.0-rc4
sharpetronics:0.7.0-rc3
sharpetronics:0.6.0
sharpetronics:0.6.0-rc3
sharpetronics:0.6.0-rc2
sharpetronics:0.6.0-rc1
sharpetronics:0.5.0
sharpetronics:0.4.0
sharpetronics:0.3.0
sharpetronics:0.2.0
sharpetronics:nist-branch-snapshot-2018-11
sharpetronics:master-0.1.0
sharpetronics:nist-branch-snapshot-2018-07
sharpetronics:nist-branch-snapshot-2018-05
sharpetronics:nist-branch-snapshot-2018-04

No commits in common. "nist-branch-snapshot-2018-07" and "main" have entirely different histories.
nist-branc ... main

8797 changed files with 1821972 additions and 332356 deletions
Show Stats Expand all files Collapse all files

52
.CMake/CMakeDependentOption.cmake Normal file
View File

@ -0,0 +1,52 @@
# Distributed under the OSI-approved BSD 3-Clause License. See accompanying
# file Copyright.txt or https://cmake.org/licensing for details.
# SPDX-License-Identifier: BSD-3-Clause
#[=======================================================================[.rst:
CMakeDependentOption
--------------------
Macro to provide an option dependent on other options.
This macro presents an option to the user only if a set of other
conditions are true. When the option is not presented a default value
is used, but any value set by the user is preserved for when the
option is presented again. Example invocation:
.. code-block:: cmake
CMAKE_DEPENDENT_OPTION(USE_FOO "Use Foo" ON
"USE_BAR;NOT USE_ZOT" OFF)
If USE_BAR is true and USE_ZOT is false, this provides an option
called USE_FOO that defaults to ON. Otherwise, it sets USE_FOO to
OFF. If the status of USE_BAR or USE_ZOT ever changes, any value for
the USE_FOO option is saved so that when the option is re-enabled it
retains its old value. Each element in the fourth parameter is
evaluated as an if-condition, so :ref:`Condition Syntax` can be used.
#]=======================================================================]
macro(CMAKE_DEPENDENT_OPTION option doc default depends force)
if(${option}_ISSET MATCHES "^${option}_ISSET$")
set(${option}_AVAILABLE 1)
foreach(d ${depends})
string(REGEX REPLACE " +" ";" CMAKE_DEPENDENT_OPTION_DEP "${d}")
if(${CMAKE_DEPENDENT_OPTION_DEP})
else()
set(${option}_AVAILABLE 0)
endif()
endforeach()
if(${option}_AVAILABLE)
option(${option} "${doc}" "${default}")
set(${option} "${${option}}" CACHE BOOL "${doc}" FORCE)
else()
if(${option} MATCHES "^${option}$")
else()
set(${option} "${${option}}" CACHE INTERNAL "${doc}")
endif()
set(${option} ${force})
endif()
else()
set(${option} "${${option}_ISSET}")
endif()
endmacro()

1309
.CMake/alg_support.cmake Normal file
View File

File diff suppressed because it is too large Load Diff

1101
.CMake/apple.cmake Normal file
View File

File diff suppressed because it is too large Load Diff

24
.CMake/cmake_uninstall.cmake.in Normal file
View File

@ -0,0 +1,24 @@
# As per https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#can-i-do-make-uninstall-with-cmake
if(NOT EXISTS "@CMAKE_BINARY_DIR@/install_manifest.txt")
message(FATAL_ERROR "Cannot find install manifest: @CMAKE_BINARY_DIR@/install_manifest.txt")
endif()
file(READ "@CMAKE_BINARY_DIR@/install_manifest.txt" files)
string(REGEX REPLACE "\n" ";" files "${files}")
foreach(file ${files})
message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
exec_program(
"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
OUTPUT_VARIABLE rm_out
RETURN_VALUE rm_retval
)
if(NOT "${rm_retval}" STREQUAL 0)
message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
endif()
else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
endif()
endforeach()

234
.CMake/compiler_opts.cmake Normal file
View File

@ -0,0 +1,234 @@
# SPDX-License-Identifier: MIT
# First we will determine the optimization target.
#
# If OQS_DIST_BUILD=ON we need to target a generic CPU for any code
# that is not protected by runtime CPU feature detection.
#
# If OQS_DIST_BUILD=OFF then we will optimize all code for the CPU
# specified by OQS_OPT_TARGET.
#
# If OQS_OPT_TARGET=auto we target the current CPU.
# If OQS_OPT_TARGET=generic we target a generic CPU.
# Otherwise we target the specified CPU.
# Pedantic checks (-Wall, ...) are not enabled by default for Release
# builds such as to avoid future build errors introduced by currently
# unknown compiler warnings
include(CheckCCompilerFlag)
check_c_compiler_flag("-Wa,--noexecstack" CC_SUPPORTS_WA_NOEXECSTACK)
# This sets the equivalent of -Werror for supported compilers
# it can be overriden with --compile-no-warnings-as-errors
# https://cmake.org/cmake/help/latest/prop_tgt/COMPILE_WARNING_AS_ERROR.html
set(CMAKE_COMPILE_WARNING_AS_ERROR ${OQS_STRICT_WARNINGS})
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.18")
include(CheckLinkerFlag)
check_linker_flag(C "-Wl,-z,noexecstack" LD_SUPPORTS_WL_Z_NOEXECSTACK)
elseif(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14")
set(TMP_TESTDIR "${CMAKE_BINARY_DIR}/test_noexecstack")
file(WRITE "${TMP_TESTDIR}/test.c" "int main() { return 0; }\n")
try_compile(LD_SUPPORTS_WL_Z_NOEXECSTACK "${TMP_TESTDIR}" "${TMP_TESTDIR}/test.c" LINK_OPTIONS "-Wl,-z,noexecstack")
else()
message(WARNING "Unable to check if '-Wl,-z,noexecstack' is supported.")
set(LD_SUPPORTS_WL_Z_NOEXECSTACK FALSE)
endif()
set(OQS_OPT_FLAG "")
if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
if(${OQS_DIST_BUILD})
set(OQS_OPT_TARGET "generic")
endif()
if(CMAKE_CROSSCOMPILING AND OQS_OPT_TARGET STREQUAL "auto")
set(OQS_OPT_TARGET "generic")
endif()
if(OQS_OPT_TARGET STREQUAL "generic")
if(ARCH_S390X)
# At least z9-109 is needed for 'stckf' in benchmarking code.
# gcc's default is z900 (older than z9-109), clang's default and minimum is z10.
# setting to z10 as sensible default.
set(OQS_OPT_FLAG "-march=z10")
else()
# Assume sensible default like -march=x86-64, -march=armv8-a, etc.
if(ARCH_ARM64v8)
set(OQS_OPT_FLAG "-march=armv8-a+crypto")
else()
set(OQS_OPT_FLAG "")
endif()
endif()
elseif(OQS_OPT_TARGET STREQUAL "auto")
if(ARCH_X86_64)
set(OQS_OPT_FLAG "-march=native")
elseif(ARCH_ARM64v8 AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
set(OQS_OPT_FLAG "-mcpu=native")
elseif(ARCH_ARM64v8 AND CMAKE_SYSTEM_NAME STREQUAL "Darwin")
set(OQS_OPT_FLAG "-mcpu=native")
elseif(ARCH_S390X)
set(OQS_OPT_FLAG "-march=native")
else()
message(WARNING "Setting OQS_OPT_TARGET=AUTO may not produce optimized code on this system.")
endif()
else()
if(ARCH_X86_64)
set(OQS_OPT_FLAG "-march=${OQS_OPT_TARGET}")
elseif(ARCH_ARM64v8 OR ARCH_ARM32v7)
set(OQS_OPT_FLAG "-mcpu=${OQS_OPT_TARGET}")
elseif(ARCH_S390X)
set(OQS_OPT_FLAG "-march=${OQS_OPT_TARGET}")
endif()
endif()
add_compile_options(${OQS_OPT_FLAG})
# If this is not a dist build we also need to set the OQS_USE_[EXTENSION] flags
if(NOT ${OQS_DIST_BUILD} AND NOT CMAKE_CROSSCOMPILING)
include(${CMAKE_CURRENT_LIST_DIR}/gcc_clang_intrinsics.cmake)
endif()
endif()
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
if(${OQS_STRICT_WARNINGS})
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
add_compile_options(-Wno-unused-command-line-argument)
endif()
if(CC_SUPPORTS_WA_NOEXECSTACK)
add_compile_options("-Wa,--noexecstack")
endif()
if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
add_link_options("-Wl,-z,noexecstack")
endif()
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads)
if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
set(OQS_USE_PTHREADS ON)
endif()
if(${OQS_DEBUG_BUILD})
if(OQS_ENABLE_TEST_CONSTANT_TIME_OPTIMIZED)
add_compile_options(-O3) # run constant-time tests on release code
endif()
add_compile_options(-g3)
add_compile_options(-fno-omit-frame-pointer)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
if(USE_SANITIZER STREQUAL "Address")
add_compile_options(-fno-optimize-sibling-calls)
add_compile_options(-fsanitize-address-use-after-scope)
add_compile_options(-fsanitize=address)
set(SANITIZER_LD_FLAGS "-fsanitize=address")
elseif(USE_SANITIZER STREQUAL "Memory")
add_compile_options(-fsanitize=memory)
set(SANITIZER_LD_FLAGS "-fsanitize=memory")
elseif(USE_SANITIZER STREQUAL "MemoryWithOrigins")
add_compile_options(-fsanitize=memory)
add_compile_options(-fsanitize-memory-track-origins)
set(SANITIZER_LD_FLAGS "-fsanitize=memory")
elseif(USE_SANITIZER STREQUAL "Undefined")
add_compile_options(-fsanitize=undefined)
if(EXISTS "${BLACKLIST_FILE}")
add_compile_options(-fsanitize-blacklist=${BLACKLIST_FILE})
endif()
set(SANITIZER_LD_FLAGS "-fsanitize=undefined")
elseif(USE_SANITIZER STREQUAL "Thread")
add_compile_options(-fsanitize=thread)
set(SANITIZER_LD_FLAGS "-fsanitize=thread")
elseif(USE_SANITIZER STREQUAL "Leak")
add_compile_options(-fsanitize=leak)
set(SANITIZER_LD_FLAGS "-fsanitize=leak")
endif()
else()
add_compile_options(-O3)
add_compile_options(-fomit-frame-pointer)
endif()
elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
if (NOT ${CMAKE_C_COMPILER_VERSION} VERSION_GREATER_EQUAL ${OQS_MINIMAL_GCC_VERSION})
message(FATAL_ERROR "GCC version ${CMAKE_C_COMPILER_VERSION} below minimally required version ${OQS_MINIMAL_GCC_VERSION}.")
endif()
if(${OQS_STRICT_WARNINGS})
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Wpedantic)
add_compile_options(-Wstrict-prototypes)
add_compile_options(-Wshadow)
add_compile_options(-Wformat=2)
add_compile_options(-Wfloat-equal)
add_compile_options(-Wwrite-strings)
endif()
if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
if(CC_SUPPORTS_WA_NOEXECSTACK)
add_compile_options("-Wa,--noexecstack")
endif()
if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
add_link_options("-Wl,-z,noexecstack")
endif()
endif()
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads)
if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
set(OQS_USE_PTHREADS ON)
endif()
if(${OQS_DEBUG_BUILD})
add_compile_options (-Wstrict-overflow)
add_compile_options(-ggdb3)
if(${USE_COVERAGE})
add_compile_options(-coverage)
add_link_options(-coverage)
endif()
else()
add_compile_options(-O3)
add_compile_options(-fomit-frame-pointer)
add_compile_options(-fdata-sections)
add_compile_options(-ffunction-sections)
if (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
add_compile_options(-Wl,-dead_strip)
else ()
add_compile_options(-Wl,--gc-sections)
endif ()
endif()
# workaround for gcc issues on ARM32 as per https://github.com/open-quantum-safe/liboqs/issues/1288
if(ARCH_ARM32v7 AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "11.0.0"))
add_compile_options(-fno-ipa-modref)
add_compile_options(-fno-ipa-pure-const)
endif()
elseif(CMAKE_C_COMPILER_ID STREQUAL "MSVC")
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as
# long as there has been a C standard, and we need it for constant-time
# computations. Thus, we disable that spurious warning.
add_compile_options(/wd4146)
# Need a larger stack for Classic McEliece
add_link_options(/STACK:8192000)
# bring compile options in line with openssl options; link otherwise fails
add_compile_options(/MT)
endif()
if(MINGW OR MSYS OR CYGWIN)
set(OQS_USE_PTHREADS OFF)
# Apply -Wno-maybe-uninitialized only for GCC
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
add_compile_options(-Wno-maybe-uninitialized)
endif()
if(CMAKE_VERSION VERSION_GREATER_EQUAL "3.13.0")
add_link_options(-Wl,--stack,16777216)
else()
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,16777216")
endif()
endif()
if(CMAKE_C_IMPLICIT_LINK_DIRECTORIES MATCHES "alpine-linux-musl")
add_link_options(-Wl,-z,stack-size=16777216)
endif()

67
.CMake/detect_gcc_clang_intrinsics.c Normal file
View File

@ -0,0 +1,67 @@
// SPDX-License-Identifier: MIT
#include <stdio.h>
int main(void) {
#if defined(__ADX__)
printf("ADX;");
#endif
#if defined(__AES__)
printf("AES;");
#endif
#if defined(__AVX__)
printf("AVX;");
#endif
#if defined(__AVX2__)
printf("AVX2;");
#endif
#if defined(__AVX512BW__)
printf("AVX512BW;");
#endif
#if defined(__AVX512DQ__)
printf("AVX512DQ;");
#endif
#if defined(__AVX512F__)
printf("AVX512F;");
#endif
#if defined(__VPCLMULQDQ__)
printf("VPCLMULQDQ;");
#endif
#if defined(__BMI__)
printf("BMI1;");
#endif
#if defined(__BMI2__)
printf("BMI2;");
#endif
#if defined(__FMA__)
printf("FMA;");
#endif
#if defined(__PCLMUL__)
printf("PCLMULQDQ;");
#endif
#if defined(__POPCNT__)
printf("POPCNT;");
#endif
#if defined(__SSE__)
printf("SSE;");
#endif
#if defined(__SSE2__)
printf("SSE2;");
#endif
#if defined(__SSE3__)
printf("SSE3;");
#endif
#if defined(__ARM_FEATURE_AES)
printf("ARM_AES;");
#endif
#if (defined(__APPLE__) && defined(__aarch64__)) || defined(__ARM_FEATURE_SHA2)
printf("ARM_SHA2;");
#endif
#if defined(__ARM_FEATURE_SHA3)
printf("ARM_SHA3;");
#endif
#if defined(__ARM_NEON)
printf("ARM_NEON;");
#endif
return 0;
}

27
.CMake/gcc_clang_intrinsics.cmake Normal file
View File

@ -0,0 +1,27 @@
# SPDX-License-Identifier: MIT
try_run(RUN_RESULT COMPILE_RESULT
"${CMAKE_BINARY_DIR}" "${PROJECT_SOURCE_DIR}/.CMake/detect_gcc_clang_intrinsics.c"
COMPILE_DEFINITIONS ${OQS_OPT_FLAG}
COMPILE_OUTPUT_VARIABLE COMPILE_OUTPUT
RUN_OUTPUT_VARIABLE RUN_OUTPUT)
if(NOT COMPILE_RESULT)
message(FATAL_ERROR "Could not compile .CMake/detect_gcc_clang_intrinsics.c" ${COMPILE_OUTPUT})
endif()
if(NOT RUN_RESULT EQUAL 0)
if(CMAKE_CROSSCOMPILING)
message(STATUS "Detecting language features in cross-compiling mode impossible. Setting all CPU features OFF.")
else()
message(FATAL_ERROR ".CMake/detect_gcc_clang_intrinsics.c returned exit code: " ${RUN_RESULT})
endif()
endif()
foreach(CPU_EXTENSION ${RUN_OUTPUT})
if (NOT DEFINED OQS_USE_${CPU_EXTENSION}_INSTRUCTIONS)
set(OQS_USE_${CPU_EXTENSION}_INSTRUCTIONS ON)
endif()
endforeach()
if(OQS_USE_AVX512BW_INSTRUCTIONS AND
OQS_USE_AVX512DQ_INSTRUCTIONS AND
OQS_USE_AVX512F_INSTRUCTIONS)
set(OQS_USE_AVX512_INSTRUCTIONS ON)
endif()

8
.CMake/toolchain_arm64.cmake Normal file
View File

@ -0,0 +1,8 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR arm64v8)
set(CMAKE_CROSSCOMPILING ON)
set(CMAKE_C_COMPILER aarch64-linux-gnu-gcc)
set(CMAKE_CROSSCOMPILING_EMULATOR "qemu-aarch64-static;-L;/usr/aarch64-linux-gnu/")

8
.CMake/toolchain_armhf.cmake Normal file
View File

@ -0,0 +1,8 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR arm32v7)
set(CMAKE_CROSSCOMPILING ON)
set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc)
set(CMAKE_CROSSCOMPILING_EMULATOR "qemu-arm-static;-L;/usr/arm-linux-gnueabihf/")

20
.CMake/toolchain_rasppi.cmake Normal file
View File

@ -0,0 +1,20 @@
# SPDX-License-Identifier: MIT
# How to use:
# apt install gcc-8-arm-linux-gnueabihf
# cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_rasppi.cmake -DOQS_USE_OPENSSL=OFF ..
set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR armhf)
set(CMAKE_CROSSCOMPILING ON)
set(CMAKE_C_COMPILER arm-linux-gnueabihf-gcc-8)
set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY)
# Unconditionally set for this platform
add_definitions( -DOQS_USE_RASPBERRY_PI )

18
.CMake/toolchain_windows-amd64.cmake Normal file
View File

@ -0,0 +1,18 @@
# SPDX-License-Identifier: MIT
# How to use:
# apt install gcc-mingw-w64
# cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake ..
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR AMD64)
set(CMAKE_CROSSCOMPILING ON)
set(PREFIX x86_64-w64-mingw32)
set(CMAKE_C_COMPILER ${PREFIX}-gcc)
set(CMAKE_CROSSCOMPILING_EMULATOR "wine")
set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY)

15
.CMake/toolchain_windows_amd64.cmake Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR AMD64)
set(CMAKE_CROSSCOMPILING OFF)
set(CMAKE_GENERATOR_PLATFORM
x64
CACHE STRING "Platform" FORCE
)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__ORDER_LITTLE_ENDIAN__=1234 -D__ORDER_BIG_ENDIAN__=4321 -D__BYTE_ORDER__=1234")
message(STATUS "Setting little endianness explicity for windows amd 64")

12
.CMake/toolchain_windows_arm64.cmake Normal file
View File

@ -0,0 +1,12 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR arm64)
set(CMAKE_CROSSCOMPILING ON)
set(CMAKE_GENERATOR_PLATFORM
ARM64
CACHE STRING "Platform" FORCE
)

15
.CMake/toolchain_windows_x86.cmake Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR x86)
set(CMAKE_CROSSCOMPILING OFF)
set(CMAKE_GENERATOR_PLATFORM
Win32
CACHE STRING "Platform" FORCE
)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__ORDER_LITTLE_ENDIAN__=1234 -D__ORDER_BIG_ENDIAN__=4321 -D__BYTE_ORDER__=1234")
message(STATUS "Setting little endianness explicity for windows x86")

5
.CMake/toolchain_x86.cmake Normal file
View File

@ -0,0 +1,5 @@
# SPDX-License-Identifier: MIT
set(CMAKE_SYSTEM_NAME Linux)
set(CMAKE_SYSTEM_PROCESSOR i586)
set(CMAKE_CROSSCOMPILING OFF)

16
.astylerc Normal file
View File

@ -0,0 +1,16 @@
# find src tests .CMake -name '*.[ch]' | grep -v '/external/' | grep -v 'kem.*/pqclean_' | grep -v 'sig.*/pqclean_' | xargs astyle --options=.astylerc
--style=google
--indent=tab
#--indent-preproc-define
#--indent-preproc-cond
--pad-oper
--pad-comma
--pad-header
#--unpad-paren
--align-pointer=name
--add-braces
--convert-tabs
--mode=c
# disable backup files
--suffix=none
--lineend=linux

69
.clang-format
View File

@ -1,69 +0,0 @@
---
Language: Cpp
# BasedOnStyle: LLVM
AccessModifierOffset: -2
AlignAfterOpenBracket: true
AlignConsecutiveAssignments: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlinesLeft: false
AlignOperands: true
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: true
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AllowShortFunctionsOnASingleLine: All
AlwaysBreakAfterDefinitionReturnType: None
AlwaysBreakAfterReturnType: None
AlwaysBreakBeforeMultilineStrings: false
AlwaysBreakTemplateDeclarations: false
BreakBeforeBinaryOperators: false
BreakBeforeBraces: Attach
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
BinPackParameters: true
BinPackArguments: true
ColumnLimit: 0
ConstructorInitializerAllOnOneLineOrOnePerLine: false
ConstructorInitializerIndentWidth: 4
DerivePointerAlignment: false
ExperimentalAutoDetectBinPacking: false
IndentCaseLabels: false
IndentWrappedFunctionNames: false
IndentFunctionDeclarationAfterType: false
MaxEmptyLinesToKeep: 1
KeepEmptyLinesAtTheStartOfBlocks: true
NamespaceIndentation: None
ObjCBlockIndentWidth: 2
ObjCSpaceAfterProperty: false
ObjCSpaceBeforeProtocolList: true
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakString: 1000
PenaltyBreakFirstLessLess: 120
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 60
PointerAlignment: Right
SpacesBeforeTrailingComments: 1
Standard: Cpp11
IndentWidth: 4
TabWidth: 4
UseTab: ForIndentation
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpacesInAngles: false
SpaceInEmptyParentheses: false
SpacesInCStyleCastParentheses: false
SpaceAfterCStyleCast: true
SpacesInContainerLiterals: true
SpaceBeforeAssignmentOperators: true
ContinuationIndentWidth: 4
CommentPragmas: '^ IWYU pragma:'
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
SpaceBeforeParens: ControlStatements
DisableFormat: false
SortIncludes: false
...

6
.gitattributes vendored Normal file
View File

@ -0,0 +1,6 @@
# see https://mirrors.edge.kernel.org/pub/software/scm/git/docs/gitattributes.html
* text=auto whitespace=trailing-space
*.png binary
*.jpe?g binary

24
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1,24 @@
# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
* @dstebila @baentsch
/.github/workflows @SWilson4
/docs/cbom.json @bhess
/scripts/copy_from_upstream @baentsch @bhess @alexrow @praveksharma
/src/common @dstebila
/src/common/*/*arm* @Martyrshot
/src/common/libjade_shims @praveksharma
/src/kem/bike @brian-jarvis-aws
/src/kem/frodokem @dstebila
/src/kem/kyber @bhess
/src/kem/kyber/libjade* @praveksharma
/src/kem/ml_kem @bhess
/src/kem/ntru @saitomst
/src/sig/cross @alexrow
/src/sig/mayo @bhess
/src/sig/ml_dsa @bhess
/src/sig_stfl/lms @ashman-p
/src/sig_stfl/xmss @cothan
/tests/ACVP_Vectors @bhess
/tests/PQC_Intermediate_Values @bhess
/tests/test_acvp_vectors.py @bhess
/tests/test_sig_stfl.c @ashman-p @cothan

56
.github/ISSUE_TEMPLATE/bug_report.yml vendored Normal file
View File

@ -0,0 +1,56 @@
# This template was generated with [Issue Forms Creator](https://issue-forms-creator.netlify.app)
name: Bug report
description: Template for bug reports
body:
- type: markdown
attributes:
value: >-
Thank you for submitting a bug report to liboqs. Before submitting, we
encourage you to search through the following resources:
- [issues](https://github.com/open-quantum-safe/liboqs/issues)
- [pull requests](https://github.com/open-quantum-safe/liboqs/pulls)
If this is a question regarding usage rather than a bug in the software,
the best place for that is our Github [discussion
forum](https://github.com/orgs/open-quantum-safe/discussions).
- type: textarea
attributes:
label: Description
description: A clear and concise description of what the bug is.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour
description: What did you expect to happen?
- type: input
attributes:
label: liboqs version
description: Which version of liboqs are you using?
validations:
required: true
- type: textarea
attributes:
label: Environment
description: Please describe the environment in which you are running liboqs
value: |-
- Architecture: [e.g., x86_64]
- OS: [e.g. Ubuntu 24.04 LTS]
- OpenSSL version [e.g., 3.0.2]
- Compiler version used [e.g., clang 9.0.0]
- Build variables used [e.g., "-DOQS_ALGS_ENABLED=STD"]
- type: textarea
attributes:
label: Use of generative AI
description: >-
If this contribution (code, documentation, descriptive text) was
produced with the help of generative AI, please describe the nature of
the use. Contributors are expected to have verified and affirm such contributions
themselves before submission.
- type: textarea
attributes:
label: Additional information
description: Add any other context about the problem here.

29
.github/ISSUE_TEMPLATE/feature_request.yml vendored Normal file
View File

@ -0,0 +1,29 @@
# This template was generated with [Issue Forms Creator](https://issue-forms-creator.netlify.app)
name: Feature request
description: 'Suggest a new feature '
body:
- type: textarea
attributes:
label: Description
description: A clear and concise description of the problem or missing capability
validations:
required: true
- type: textarea
attributes:
label: Describe the solution you'd like
description: If you have a solution in mind, please describe it.
- type: textarea
attributes:
label: Describe alternatives you've considered
description: Have you considered any alternative solutions or workarounds?
- type: textarea
attributes:
label: Are you willing to help develop the solution?
- type: textarea
attributes:
label: Use of generative AI
description: >-
If this contribution (code, documentation, descriptive text) was
produced with the help of generative AI, please describe the nature of
the use. Contributors are expected to have verified and affirm such contributions
themselves before submission.

10
.github/actionlint.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
# Configuration variables in array of strings defined in your repository or organization
# From https://github.com/rhysd/actionlint/blob/v1.7.7/docs/config.md:
# "When an array is set, actionlint will check vars properties strictly. An empty array means no variable is allowed."
config-variables:
# - DEFAULT_RUNNER
# - JOB_NAME
# - ENVIRONMENT_STAGE
self-hosted-runner:
labels:
- oqs-x64

15
.github/pull_request_template.md vendored Normal file
View File

@ -0,0 +1,15 @@
<!-- Please give a brief explanation of the purpose of this pull request. -->
<!-- Does this PR resolve any issue? If so, please reference it using automatic-closing keywords like "Fixes #123." -->
<!-- Any PR adding a new feature is expected to contain a test; the test should be part of CI testing, preferably within the ".github/workflows" directory tree. Please add an explanation to the PR if/when (why) this cannot be done. -->
<!-- Please answer the following questions to help manage version and changes across projects. -->
* [ ] Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from *x.y.z* to *x.(y+1).0*.)
* [ ] Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) will also need to be ready for review and merge by the time this is merged. Also, make sure to update the list of algorithms in the continuous benchmarking files: .github/workflows/kem-bench.yml and sig-bench.yml)
<!-- If this contribution (code, documentation, descriptive text) was produced with the help of generative AI, please describe the nature of the use. Contributors are expected to have verified and affirm such contributions themselves before submission. -->
<!-- Once your pull request is ready for review and passing continuous integration tests, please convert from a draft PR to a normal PR, and request a review from one of the OQS core team members. -->

22
.github/workflows/android.yml vendored Normal file
View File

@ -0,0 +1,22 @@
name: android build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
android:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
abi: [armeabi-v7a, arm64-v8a, x86, x86_64]
stfl_opt: [ON, OFF]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Build project
run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }} -f "-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }}"

25
.github/workflows/apple.yml vendored Normal file
View File

@ -0,0 +1,25 @@
name: apple build
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
apple-mobile:
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
platform: [OS64, TVOS]
stfl_opt: [OFF, ON]
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate project
run: |
cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} \
-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build project
run: cmake --build build

177
.github/workflows/basic.yml vendored Normal file
View File

@ -0,0 +1,177 @@
name: Basic checks
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
workflowcheck:
name: Check validity of GitHub workflows
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install actionlint
run: |
bash <(curl -sSL https://raw.githubusercontent.com/rhysd/actionlint/2ab3a12c7848f6c15faca9a92612ef4261d0e370/scripts/download-actionlint.bash)
sudo mv ./actionlint /usr/local/bin/
- name: Ensure GitHub actions are valid
run: actionlint -shellcheck "" # run *without* shellcheck
stylecheck:
name: Check code formatting
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
- name: Validate CBOM
run: scripts/validate_cbom.sh
upstreamcheck:
name: Check upstream code is properly integrated
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
git config --global user.name "ciuser" && \
git config --global user.email "ci@openquantumsafe.org" && \
git config --global --add safe.directory "$PWD" && \
echo "LIBOQS_DIR=$PWD" >> "$GITHUB_ENV"
- name: Verify copy_from_upstream state after copy
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d copy && \
git status --porcelain && \
test -z "$(git status --porcelain)"
- name: Verify copy_from_upstream state after libjade
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d libjade && \
git status --porcelain && \
test -z "$(git status --porcelain)"
buildcheck:
name: Check that code passes a basic build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
KEM_NAME: ml_kem_768
SIG_NAME: ml_dsa_65
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Build documentation
run: ninja gen_docs
working-directory: ${{ env.RANDOM_BUILD_DIR }}
cppcheck:
name: Check C++ linking with example program
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: ml_dsa_44
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build liboqs
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Link with C++ program
run: |
g++ "$GITHUB_WORKSPACE"/cpp/sig_linking_test.cpp -g \
-I./include -L./lib -loqs -lcrypto -std=c++11 -o example_sig && \
./example_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
fuzzbuildcheck:
name: Check that code passes a basic fuzzing build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: ml_dsa_44
CC: clang
CXX: clang++
CFLAGS: -fsanitize=fuzzer-no-link,address
LDFLAGS: -fsanitize=address
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_BUILD_FUZZ_TESTS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja fuzz_test_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Short fuzz check (30s)
run: ./tests/fuzz_test_sig -max_total_time=30
working-directory: ${{ env.RANDOM_BUILD_DIR }}
nixflakecheck:
name: Check that Nix flake has correct syntax and can build
needs: [workflowcheck]
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@90bb610b90bf290cad97484ba341453bd1cbefea # v19
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Check devShell
run: nix develop --command echo
- name: Check flake syntax
run: nix flake check --no-build # check for accurate syntax
- name: Check that the flake builds
run: nix build # check that the build runs

60
.github/workflows/code-coverage.yml vendored Normal file
View File

@ -0,0 +1,60 @@
name: Code coverage tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
coverage:
name: Run code coverage testing
strategy:
matrix:
# The 'id' value for each job should be added to the 'carry-forward' string in the 'finish' job.
include:
- id: x64-generic
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
- id: x64-distbuild
runner: ubuntu-latest
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
- id: arm64-distbuild
runner: ubuntu-24.04-arm
CMAKE_ARGS: -DOQS_DIST_BUILD=ON
runs-on: ${{ matrix.runner }}
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
mkdir build && cd build && \
cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_COVERAGE=ON ${{ matrix.CMAKE_ARGS }} .. && \
cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: |
python3 -m pytest --verbose --numprocesses=auto \
tests/test_acvp_vectors.py \
tests/test_cmdline.py \
tests/test_kat.py
- name: Run lcov
run: lcov -d . -c -o lcov.info --exclude /usr/lib,/usr/include --ignore-errors unused
- name: Upload to coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
flag-name: ${{ matrix.id }}
parallel: true
finish:
needs: coverage
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Finish coveralls.io
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
with:
parallel-finished: true
carry-forward: "x64-generic,x64-distbuild,arm64-distbuild"

29
.github/workflows/commit-to-main.yml vendored Normal file
View File

@ -0,0 +1,29 @@
name: Main branch tests
permissions:
contents: read
on:
push:
branches: ['main']
jobs:
platform-tests:
uses: ./.github/workflows/platforms.yml
code-coverage:
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
uses: ./.github/workflows/supplychain.yml
secrets: inherit
permissions:
id-token: write
security-events: write
contents: read
basic-downstream:
uses: ./.github/workflows/downstream-basic.yml
secrets: inherit

107
.github/workflows/downstream-basic.yml vendored Normal file
View File

@ -0,0 +1,107 @@
name: Trigger basic downstream CI
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
trigger-downstream-ci:
runs-on: ubuntu-latest
steps:
- name: Trigger OQS-BoringSSL CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/boringssl/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger OQS-OpenSSH CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"ref":"OQS-v9"}' \
https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger oqs-provider CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- name: Trigger liboqs-cpp CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-cpp/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-go CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-go/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-python CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-java CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-java/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger liboqs-rust CI
if: ${{ !cancelled() }} # run all steps independent of failures
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-rust/dispatches | tee curl_out \
&& grep -q "204" curl_out

30
.github/workflows/downstream-release.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: Downstream release tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
# Trigger oqs-provider release tests.
# When triggered by a release (see release.yml), the liboqs release tag and the provider "<release tag>-tracker" branch are used.
# When triggered by a commit message (see filter.yml), the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
# If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.
jobs:
oqs-provider-release-test:
runs-on: ubuntu-latest
steps:
- name: Checkout release tests script
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4
with:
sparse-checkout: |
scripts/provider-test-trigger.sh
sparse-checkout-cone-mode: false
- name: Trigger oqs-provider release tests
run: |
CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
LIBOQS_REF="${{ github.ref_name }}" \
PROVIDER_REF="${{ github.ref_name }}-tracker" \
./scripts/provider-test-trigger.sh | tee curl_out \
&& grep -q "204" curl_out

192
.github/workflows/extended.yml vendored Normal file
View File

@ -0,0 +1,192 @@
name: Extended tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
constant-time-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,SLH_DSA_(SHA2|SHA3|SHAKE_128)(.)*'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*,SLH_DSA_(SHA2|SHA3|SHAKE_128)(.)*'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
nistkat-x64:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: generic
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: generic-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions-libjade
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST}}"
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
regression:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: GHSA-qq3m-rq9v-jfgm
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON -DOQS_ENABLE_TEST_CONSTANT_TIME_OPTIMIZED=ON -DOQS_ENABLE_KEM_HQC=ON -DCMAKE_C_COMPILER=clang-18
PYTEST_ARGS: --numprocesses=auto -k 'hqc and constant_time'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 360
run: mkdir -p tmp && python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
linux_arm_emulated:
runs-on: ubuntu-latest
timeout-minutes: 120 # max + 3*std over the last thousands of successful runs
strategy:
fail-fast: false
matrix:
include:
- name: armhf
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
SKIP_ALGS: 'SLH_DSA_(SHA2|SHA3|SHAKE)(.)*'
- name: armhf-no-stfl-key-sig-gen
ARCH: armhf
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
SKIP_ALGS: 'SLH_DSA_(SHA2|SHA3|SHAKE)(.)*'
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install the emulation handlers
run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build in an x86_64 container
run: |
docker run --rm \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-amd64:latest /bin/bash \
-c "mkdir build && \
(cd build && \
cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \
-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \
cmake -LA -N .. && \
ninja)"
- name: Run the tests in an ${{ matrix.ARCH }} container
run: |
docker run --rm -e SKIP_TESTS=style,mem_kem,mem_sig \
-v `pwd`:`pwd` \
-w `pwd` \
openquantumsafe/ci-debian-buster-${{ matrix.ARCH }}:latest /bin/bash \
-c "mkdir -p tmp && \
SKIP_ALGS='${{ matrix.SKIP_ALGS }}' \
python3 -m pytest --verbose \
--numprocesses=auto \
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"
slhdsa-leak-tests:
strategy:
fail-fast: false
matrix:
include:
- name: arm64-slhdsa
runner: ubuntu-24.04-arm
container: openquantumsafe/ci-ubuntu-latest:latest
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
CMAKE_ARGS: -DOQS_MINIMAL_BUILD=SIG_slh_dsa
- name: alpine-slhdsa
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_MINIMAL_BUILD=SIG_slh_dsa
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
runs-on: ${{ matrix.runner }}
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 90
run: mkdir -p tmp && SLH_DSA_LEAK_TEST=1 python3 -m pytest --verbose --numprocesses=auto tests/test_leaks.py::test_slhdsa_leak ${{ matrix.PYTEST_ARGS }}
address-sanitizer-slhdsa:
strategy:
fail-fast: false
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_MINIMAL_BUILD=SIG_slh_dsa .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 90
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10

121
.github/workflows/kem-bench.yml vendored Normal file
View File

@ -0,0 +1,121 @@
name: kem benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_kem binary only
- name: Build speed_kem binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_kem
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available KEMs to perform the benchmarking on
"BIKE-L1",
"BIKE-L3",
"BIKE-L5",
"Classic-McEliece-348864",
"Classic-McEliece-348864f",
"Classic-McEliece-460896",
"Classic-McEliece-460896f",
"Classic-McEliece-6688128",
"Classic-McEliece-6688128f",
"Classic-McEliece-6960119",
"Classic-McEliece-6960119f",
"Classic-McEliece-8192128",
"Classic-McEliece-8192128f",
"Kyber512",
"Kyber768",
"Kyber1024",
"ML-KEM-512",
"ML-KEM-768",
"ML-KEM-1024",
"sntrup761",
"FrodoKEM-640-AES",
"FrodoKEM-640-SHAKE",
"FrodoKEM-976-AES",
"FrodoKEM-976-SHAKE",
"FrodoKEM-1344-AES",
"FrodoKEM-1344-SHAKE"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_kem
# Run speed_kem tests for each algorithm
- name: Run speed_kem tests
run: |
cd build/tests
./speed_kem "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

286
.github/workflows/linux.yml vendored Normal file
View File

@ -0,0 +1,286 @@
name: Linux tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
linux:
strategy:
fail-fast: false
matrix:
include:
- name: arm64
runner: ubuntu-24.04-arm
container: openquantumsafe/ci-ubuntu-latest:latest
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
CMAKE_ARGS: -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON
- name: arm64-slhdsa
runner: ubuntu-24.04-arm
container: openquantumsafe/ci-ubuntu-latest:latest
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
CMAKE_ARGS: -DOQS_MINIMAL_BUILD=SIG_slh_dsa
- name: alpine
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-slhdsa
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_MINIMAL_BUILD=SIG_slh_dsa
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-openssl-all
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-openssl-all-slhdsa
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_MINIMAL_BUILD=SIG_slh_dsa
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-noopenssl-slhdsa
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD=SIG_slh_dsa
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: noble-nistr4-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-nistonramp-openssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-noopenssl-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: noble-shared-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py
- name: noble-clang
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
PYTEST_ARGS: --ignore=tests/test_kat_all.py -k 'not (leaks and ML-DSA)'
- name: jammy-std-openssl3
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: address-sanitizer
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" -DOQS_ENABLE_SIG_SLH_DSA=OFF
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: noble-no-sha3-avx512vl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
runs-on: ${{ matrix.runner }}
timeout-minutes: 85 # max + 3*std over the last thousands of successful runs
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Check the library artifacts
if: matrix.name == 'jammy-std-openssl3-dlopen'
run: |
nm -gu lib/liboqs.so | sed -n 's/^[[:space:]]*[Uw] \([^_].*\)/\1/p' > undefined-syms.txt &&
! (grep '^\(CRYPTO\|ERR\|EVP\|OPENSSL\|RAND\)_' undefined-syms.txt)
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }}
- name: Package .deb
if: matrix.name == 'jammy-std-openssl3'
run: cpack
working-directory: build
- name: Retain .deb file
if: matrix.name == 'jammy-std-openssl3'
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4
with:
name: liboqs-openssl3-shared-x64
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"'
working-directory: build
linux_cross_compile:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: windows-binaries
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake
- name: windows-dll
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
linux_openssl330-dev:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Retrieve OpenSSL330 from cache
id: cache-openssl330
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: .localopenssl330
key: ${{ runner.os }}-openssl330
- name: Checkout the OpenSSL v3.3.0 commit
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
repository: 'openssl/openssl'
ref: 'openssl-3.3.0-beta1'
path: openssl
- name: Prepare the OpenSSL build directory
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: mkdir .localopenssl330
working-directory: openssl
- name: Build openssl3 if not cached
if: steps.cache-openssl330.outputs.cache-hit != 'true'
run: |
./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs
working-directory: openssl
- name: Save OpenSSL
id: cache-openssl-save
if: steps.cache-openssl330.outputs.cache-hit != 'true'
uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
with:
path: |
.localopenssl330
key: ${{ runner.os }}-openssl330
- name: Configure
run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
scan_build:
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja ..
- name: Build
run: scan-build --status-bugs ninja
working-directory: build
linux_x86_emulated:
runs-on: ubuntu-latest
container:
image: openquantumsafe/ci-ubuntu-latest:latest
strategy:
fail-fast: false
matrix:
include:
- name: avx512-ml-kem_ml-dsa
SDE_ARCH: -skx
CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87"
PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py
env:
SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Setup Intel SDE
run: |
wget -O sde.tar.xz "$SDE_URL" && \
mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \
echo "$(pwd)/sde" >> $GITHUB_PATH
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
timeout-minutes: 60
run: |
mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \
python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}

62
.github/workflows/macos.yml vendored Normal file
View File

@ -0,0 +1,62 @@
name: MacOS tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
macos:
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
CMAKE_ARGS:
- -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
- -DCMAKE_C_COMPILER=gcc-14
- -DOQS_USE_OPENSSL=OFF
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
libjade-build:
- -DOQS_LIBJADE_BUILD=OFF
# Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by
# libjade to minimise repeated tests
- -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
exclude:
# macos-14 and macos-15 run on aarch64, libjade targets x86
# Skip testing libjade on macos-14
- os: macos-14
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
- os: macos-15
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
# No point in testing stateful sigs with minimal libjade build
- libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
CMAKE_ARGS: -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
# Failing configuration on Github actions; see https://github.com/open-quantum-safe/liboqs/pull/2148
- os: macos-15
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-14
libjade-build: -DOQS_LIBJADE_BUILD=OFF
runs-on: ${{ matrix.os }}
timeout-minutes: 85 # max + 3*std over the last thousands of successful runs
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Install dependencies
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
- name: Run tests
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py
timeout-minutes: 60

26
.github/workflows/platforms.yml vendored Normal file
View File

@ -0,0 +1,26 @@
name: Tests for all supported platforms
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
android-tests:
uses: ./.github/workflows/android.yml
ios-tests:
uses: ./.github/workflows/apple.yml
linux-tests:
uses: ./.github/workflows/linux.yml
macos-tests:
uses: ./.github/workflows/macos.yml
windows-tests:
uses: ./.github/workflows/windows.yml
zephyr-tests:
uses: ./.github/workflows/zephyr.yml

33
.github/workflows/pr.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Pull request tests
permissions:
contents: read
on: pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
platform-tests:
needs: basic-checks
uses: ./.github/workflows/platforms.yml
code-coverage:
needs: basic-checks
uses: ./.github/workflows/code-coverage.yml
secrets: inherit
scorecard:
needs: basic-checks
uses: ./.github/workflows/supplychain.yml
secrets: inherit
permissions:
contents: read
id-token: write
security-events: write

33
.github/workflows/push.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Push tests
permissions:
contents: read
on:
push:
branches-ignore: 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
basic-checks:
uses: ./.github/workflows/basic.yml
full-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[full tests]' )
uses: ./.github/workflows/platforms.yml
extended-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[extended tests]' )
uses: ./.github/workflows/extended.yml
downstream-release-tests:
needs: basic-checks
if: contains( github.event.head_commit.message, '[trigger downstream]' )
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

17
.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: Release tests
permissions:
contents: read
on:
release:
types: [ published ]
jobs:
extended-tests:
uses: ./.github/workflows/extended.yml
downstream-release-tests:
uses: ./.github/workflows/downstream-release.yml
secrets: inherit

9
.github/workflows/requirements.in vendored Normal file
View File

@ -0,0 +1,9 @@
colorama==0.4.6
execnet==2.1.1
iniconfig==2.0.0
packaging==24.0
pluggy==1.4.0
pytest==8.1.1
pytest-xdist==3.5.0
pyyaml==6.0.1
requests==2.32.4

207
.github/workflows/requirements.txt vendored Normal file
View File

@ -0,0 +1,207 @@
#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --generate-hashes --output-file=requirements.txt requirements.in
#
certifi==2025.6.15 \
--hash=sha256:2e0c7ce7cb5d8f8634ca55d2ba7e6ec2689a2fd6537d8dec1296a477a4910057 \
--hash=sha256:d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b
# via requests
charset-normalizer==3.4.2 \
--hash=sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4 \
--hash=sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45 \
--hash=sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7 \
--hash=sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0 \
--hash=sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7 \
--hash=sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d \
--hash=sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d \
--hash=sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0 \
--hash=sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184 \
--hash=sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db \
--hash=sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b \
--hash=sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64 \
--hash=sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b \
--hash=sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8 \
--hash=sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff \
--hash=sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344 \
--hash=sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58 \
--hash=sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e \
--hash=sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471 \
--hash=sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148 \
--hash=sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a \
--hash=sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836 \
--hash=sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e \
--hash=sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63 \
--hash=sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c \
--hash=sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1 \
--hash=sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01 \
--hash=sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366 \
--hash=sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58 \
--hash=sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5 \
--hash=sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c \
--hash=sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2 \
--hash=sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a \
--hash=sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597 \
--hash=sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b \
--hash=sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5 \
--hash=sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb \
--hash=sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f \
--hash=sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0 \
--hash=sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941 \
--hash=sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0 \
--hash=sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86 \
--hash=sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7 \
--hash=sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7 \
--hash=sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455 \
--hash=sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6 \
--hash=sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4 \
--hash=sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0 \
--hash=sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3 \
--hash=sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1 \
--hash=sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6 \
--hash=sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981 \
--hash=sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c \
--hash=sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980 \
--hash=sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645 \
--hash=sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7 \
--hash=sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12 \
--hash=sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa \
--hash=sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd \
--hash=sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef \
--hash=sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f \
--hash=sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2 \
--hash=sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d \
--hash=sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5 \
--hash=sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02 \
--hash=sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3 \
--hash=sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd \
--hash=sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e \
--hash=sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214 \
--hash=sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd \
--hash=sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a \
--hash=sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c \
--hash=sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681 \
--hash=sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba \
--hash=sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f \
--hash=sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a \
--hash=sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28 \
--hash=sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691 \
--hash=sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82 \
--hash=sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a \
--hash=sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027 \
--hash=sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7 \
--hash=sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518 \
--hash=sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf \
--hash=sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b \
--hash=sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9 \
--hash=sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544 \
--hash=sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da \
--hash=sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509 \
--hash=sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f \
--hash=sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a \
--hash=sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f
# via requests
colorama==0.4.6 \
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
--hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
# via -r requirements.in
execnet==2.1.1 \
--hash=sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc \
--hash=sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3
# via
# -r requirements.in
# pytest-xdist
idna==3.10 \
--hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \
--hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
# via requests
iniconfig==2.0.0 \
--hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
--hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
# via
# -r requirements.in
# pytest
packaging==24.0 \
--hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
--hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
# via
# -r requirements.in
# pytest
pluggy==1.4.0 \
--hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \
--hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be
# via
# -r requirements.in
# pytest
pytest==8.1.1 \
--hash=sha256:2a8386cfc11fa9d2c50ee7b2a57e7d898ef90470a7a34c4b949ff59662bb78b7 \
--hash=sha256:ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044
# via
# -r requirements.in
# pytest-xdist
pytest-xdist==3.5.0 \
--hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \
--hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24
# via -r requirements.in
pyyaml==6.0.1 \
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
--hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
--hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
--hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
--hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
--hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
--hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
--hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
--hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
--hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
--hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
--hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
--hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
--hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
--hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
--hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
--hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
--hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
--hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
--hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
--hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
--hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
--hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
--hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
--hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
--hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
--hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
--hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
--hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
--hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \
--hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
--hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
--hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
--hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
--hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
--hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
--hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
--hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
--hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
--hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
--hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
--hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
--hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
--hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
--hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
--hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
--hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
--hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
# via -r requirements.in
requests==2.32.4 \
--hash=sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c \
--hash=sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422
# via -r requirements.in
urllib3==2.5.0 \
--hash=sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 \
--hash=sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc
# via requests

148
.github/workflows/sig-bench.yml vendored Normal file
View File

@ -0,0 +1,148 @@
name: sig benchmark
on:
workflow_dispatch:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout repository
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Set up dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
sudo apt-get install -y python3-cpuinfo
# Build the speed_sig binary only
- name: Build speed_sig binary
run: |
mkdir -p build
cd build
cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
ninja speed_sig
# Copy the parse_liboqs_speed.py script
- name: Copy parse_liboqs_speed.py
run: |
cp scripts/parse_liboqs_speed.py build/tests/
# Upload the built binary and script as an artifact
- name: Upload artifacts
uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
with:
name: built-sig-binary
path: build/tests/
benchmark:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
matrix:
algorithm: [ # List of available signatures to perform the benchmarking on
"ML-DSA-44",
"ML-DSA-65",
"ML-DSA-87",
"Falcon-512",
"Falcon-1024",
"Falcon-padded-512",
"Falcon-padded-1024",
"SPHINCS+-SHA2-128f-simple",
"SPHINCS+-SHA2-128s-simple",
"SPHINCS+-SHA2-192f-simple",
"SPHINCS+-SHA2-192s-simple",
"SPHINCS+-SHA2-256f-simple",
"SPHINCS+-SHA2-256s-simple",
"SPHINCS+-SHAKE-128f-simple",
"SPHINCS+-SHAKE-128s-simple",
"SPHINCS+-SHAKE-192f-simple",
"SPHINCS+-SHAKE-192s-simple",
"SPHINCS+-SHAKE-256f-simple",
"SPHINCS+-SHAKE-256s-simple",
"MAYO-1",
"MAYO-2",
"MAYO-3",
"MAYO-5",
"cross-rsdp-128-balanced",
"cross-rsdp-128-fast",
"cross-rsdp-128-small",
"cross-rsdp-192-balanced",
"cross-rsdp-192-fast",
"cross-rsdp-192-small",
"cross-rsdp-256-balanced",
"cross-rsdp-256-fast",
"cross-rsdp-256-small",
"cross-rsdpg-128-balanced",
"cross-rsdpg-128-fast",
"cross-rsdpg-128-small",
"cross-rsdpg-192-balanced",
"cross-rsdpg-192-fast",
"cross-rsdpg-192-small",
"cross-rsdpg-256-balanced",
"cross-rsdpg-256-fast",
"cross-rsdpg-256-small",
"OV-Is",
"OV-Ip",
"OV-III",
"OV-V",
"OV-Is-pkc",
"OV-Ip-pkc",
"OV-III-pkc",
"OV-V-pkc",
"OV-Is-pkc-skc",
"OV-Ip-pkc-skc",
"OV-III-pkc-skc",
"OV-V-pkc-skc"
]
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
steps:
# Ensure the repository is checked out
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
fetch-depth: 0
# Download the built binary and script
- name: Download artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
with:
name: built-sig-binary
path: build/tests/
# Set execute permissions for the binary
- name: Set execute permissions
run: chmod +x build/tests/speed_sig
# Run speed_sig tests for each algorithm
- name: Run speed_sig tests
run: |
cd build/tests
./speed_sig "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
# Push to GitHub pages using continuous-benchmark
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
with:
name: ${{matrix.algorithm}}
tool: "customSmallerIsBetter"
output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: true
comment-on-alert: true
summary-always: true
alert-threshold: 105%
comment-always: false

101
.github/workflows/supplychain.yml vendored Normal file
View File

@ -0,0 +1,101 @@
name: Scorecard supply-chain security
permissions:
contents: read
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
workflow_call:
workflow_dispatch:
jobs:
poutine_analysis:
name: Poutine supply chain analysis
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: "Run poutine supply chain check"
uses: boostsecurityio/poutine-action@84c0a0d32e8d57ae12651222be1eb15351429228 # v0.15.2
with:
format: sarif
output: poutine_results.sarif
publish_results: true
- name: Configure as safe directory (Poutine)
run: git config --global --add safe.directory /__w/liboqs/liboqs
- name: "Upload poutine artifact"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: Poutine Results SARIF
path: poutine_results.sarif
retention-days: 28
- name: "Upload poutine to code-scanning"
uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3
with:
sarif_file: poutine_results.sarif
scorecard_analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: "Run ossf scorecard"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_format: sarif
results_file: ossf_results.sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload ossf artifact"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: OSSF Results SARIF
path: ossf_results.sarif
retention-days: 28
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to ossf to code-scanning"
uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3
with:
sarif_file: ossf_results.sarif

33
.github/workflows/weekly.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Weekly tests
permissions:
contents: read
on:
schedule:
- cron: "5 0 * * 0"
jobs:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
scorecard:
uses: ./.github/workflows/supplychain.yml
secrets: inherit
permissions:
id-token: write
security-events: write
contents: read
extended-tests:
uses: ./.github/workflows/extended.yml
kem-continuous-benchmarking:
uses: ./.github/workflows/kem-bench.yml
permissions:
contents: write
sig-continuous-benchmarking:
uses: ./.github/workflows/sig-bench.yml
permissions:
contents: write

83
.github/workflows/windows.yml vendored Normal file
View File

@ -0,0 +1,83 @@
name: Windows tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
windows-arm64:
strategy:
matrix:
runner: [windows-2022, windows-2025]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
timeout-minutes: 85 # max + 3*std over the last thousands of successful runs
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build Project
run: cmake --build build
windows-arm64-slhdsa:
strategy:
matrix:
runner: [windows-2022, windows-2025]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake -DOQS_MINIMAL_BUILD=SIG_slh_dsa .
- name: Build Project
run: cmake --build build
windows-x86:
strategy:
fail-fast: false
matrix:
runner: [windows-2022, windows-2025]
toolchain: [.CMake/toolchain_windows_x86.cmake, .CMake/toolchain_windows_amd64.cmake]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
timeout-minutes: 85 # max + 3*std over the last thousands of successful runs
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain ${{ matrix.toolchain }} -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
- name: Build Project
run: cmake --build build
- name: Test dependencies
run: pip.exe install --require-hashes -r .github\workflows\requirements.txt
- name: Run tests
run: |
python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py --junitxml=build\test-results\pytest\test-results.xml
windows-x86-slhdsa:
strategy:
fail-fast: false
matrix:
runner: [windows-2022, windows-2025]
toolchain: [.CMake/toolchain_windows_x86.cmake, .CMake/toolchain_windows_amd64.cmake]
stfl_opt: [ON, OFF]
runs-on: ${{ matrix.runner }}
steps:
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
with:
python-version: '3.12'
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
- name: Generate Project
run: cmake -B build --toolchain ${{ matrix.toolchain }} -DOQS_MINIMAL_BUILD=SIG_slh_dsa .
- name: Build Project
run: cmake --build build
- name: Test dependencies
run: pip.exe install --require-hashes -r .github\workflows\requirements.txt
- name: Run tests
run: |
python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py --junitxml=build\test-results\pytest\test-results.xml

61
.github/workflows/zephyr.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Zephyr tests
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
zephyr_test:
runs-on: oqs-x64
container: ghcr.io/zephyrproject-rtos/ci:v0.27.4
env:
CMAKE_PREFIX_PATH: /opt/toolchains
strategy:
fail-fast: false
matrix:
config:
- zephyr-ref: v3.4.0
- zephyr-ref: v3.7.0
steps:
- name: Init Zephyr workspace
run: |
mkdir zephyr && cd zephyr
mkdir manifest && cd manifest
echo "manifest:" > west.yml
echo " remotes:" >> west.yml
echo " - name: zephyr" >> west.yml
echo " url-base: https://github.com/zephyrproject-rtos" >> west.yml
echo " - name: liboqs" >> west.yml
echo " url-base: https://github.com/${{ github.repository_owner }}" >> west.yml
echo " projects:" >> west.yml
echo " - name: zephyr" >> west.yml
echo " remote: zephyr" >> west.yml
echo " repo-path: zephyr" >> west.yml
echo " revision: ${{ matrix.config.zephyr-ref }}" >> west.yml
echo " import:" >> west.yml
echo " name-allowlist:" >> west.yml
echo " - picolibc" >> west.yml
echo " - name: liboqs" >> west.yml
echo " remote: liboqs" >> west.yml
echo " revision: $(echo '${{ github.ref }}' | sed -e 's/refs\/heads\///')" >> west.yml
echo " path: modules/crypto/liboqs" >> west.yml
west init -l --mf west.yml .
- name: Update west workspace
working-directory: zephyr
run: |
west update -n -o=--depth=1
west zephyr-export
- name: Run Signature test
working-directory: zephyr
run: |
west twister --integration -T modules/crypto/liboqs/zephyr -s samples/Signatures/sample.crypto.liboqs_signature_example -vvv
- name: Run KEM test
working-directory: zephyr
run: |
west twister --integration -T modules/crypto/liboqs/zephyr -s samples/KEMs/sample.crypto.liboqs_kem_example -vvv

74
.gitignore vendored
View File

@ -1,35 +1,41 @@
.objs/
.objs_upstream/
include/
liboqs.a
liboqs.so
src/config.h
test_kem
test_kem_shared
test_sig
test_sig_shared
kat_kem
kat_sig
speed_kem
speed_sig
example_kem
example_sig
*dSYM
src/*.o
src/*/*.o
src/*/*/*.o
src/*/*/*/*.o
src/*/*/*/*/*.o
src/*/*/*/*/*/*.o
src/*/*/*/*/*/*/*.o
src/kem/frodokem/upstream/frodo640/
src/kem/frodokem/upstream/frodo976/
docs/doxygen
kat_kem_rsp/
kat_sig_rsp/
# Text editors and IDES
.idea
tags
*.swp
*~
usr_local
src/kem/sike/upstream/Optimized_Implementation/portable/SIKEp503/
src/kem/sike/upstream/Optimized_Implementation/portable/SIKEp751/
src/sig/picnic/upstream/Optimized_Implementation/**/libpicnic.a
vendor
.tags*
# CMake & testing
/build*
/tmp*
# MSVC
.vs
/out*
# CLion
/cmake-build*
# Visual Studio Code
.vscode
# Jetbrains IDEs
.idea
# MacOS
.DS_Store
# Generated by copy_from_upstream.py
# and update_pqclean_alg_docs.py
scripts/copy_from_upstream/repos
scripts/copy_from_upstream/verify_from_upstream
# Misc
__pycache__
.pytest_cache
.cache
.CMake/a.out
compile_commands.json
# Generated by Nix flake
result/

47
.travis.yml
View File

@ -1,47 +0,0 @@
language: c
dist: trusty
sudo: true
matrix:
include:
- os: linux
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- doxygen
- graphviz
- gcc-7
- libssl-dev
- xsltproc
before_install:
- bash .travis/install-clang-format-linux.sh
env:
- ARCH=x64
- CC_OVERRIDE=gcc-7
- CHECK_STYLE=true
- os: linux
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- doxygen
- graphviz
- gcc-7
- libssl-dev
- xsltproc
env:
- ARCH=x86
- CC_OVERRIDE=gcc-7
- os: osx
compiler: clang
before_install:
- brew install doxygen
env:
- ARCH=x64
- CC_OVERRIDE=clang
script:
- .travis/all-tests.sh

33
.travis/algorithm-datasheets-check.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
###
# Checks that all algorithms have an algorithm datasheet in doc/algorithms.
###
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
# get the list of KEMs and signatures from the list of algorithm identifiers src/kem/kem.h and src/sig/sig.h
ALGS=`grep -E 'define OQS_(KEM|SIG)_alg_' src/kem/kem.h src/sig/sig.h | grep -v 'default' | sed -e 's/^[^"]*"//' | sed -e 's/".*$//' | tr -d '[:blank:]'`
RET=0
for alg in ${ALGS}; do
FOUND=`grep ${alg} docs/algorithms/*.md`
if [[ -z "${FOUND}" ]];
then
${PRINT_RED}
echo "Could not find algorithm datasheet containing '${alg}'."
${PRINT_RESET}
RET=1
fi
done
if [[ "${RET}" == "0" ]];
then
${PRINT_GREEN}
echo "Algorithm datasheet present for all algs #defined in src/kem/kem.h and src/sig/sig.h.";
${PRINT_RESET}
fi
exit ${RET}

58
.travis/all-tests.sh
View File

@ -1,58 +0,0 @@
#!/bin/bash
###
# Run all tests for Travis
#
# Need to set the following environment variables:
# - ARCH: x64 OR x86
# - CC_OVERRIDE: whatever compiler you want to use
###
set -e
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
# see what has been modified (ignoring submodules because they are likely patched)
MODIFIED=$(git status -s)
if [[ ! -z "${MODIFIED}" ]];
then
${PRINT_RED}
echo "There are modified files present in the directory prior to .travis/all-tests.sh. This may indicate that some files should be added to .gitignore or need to be committed. Travis tests will not yield correct results if modified files are present. Please fix and try again.";
${PRINT_RESET}
git status -s
exit 1;
fi;
if [ -z ${ARCH+x} ]; then
echo "ARCH environment variable not set."
exit 1
fi
if [ -z ${CC_OVERRIDE+x} ]; then
echo "CC_OVERRIDE environment variable not set."
exit 1
fi
if [[ "${TRAVIS_OS_NAME}" == "linux" ]]; then
cat /proc/cpuinfo
dpkg -l | grep binutils
fi
make clean
make -j8 "ARCH=${ARCH}" "CC=${CC_OVERRIDE}"
make docs
./test_kem
./test_sig
LD_LIBRARY_PATH=.
export LD_LIBRARY_PATH
./test_kem_shared
./test_sig_shared
./example_kem
./example_sig
for f in $(ls .travis/*-check.sh); do
bash $f;
done

33
.travis/free-check.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
###
# Checks that "free" is not used unprotected in the main OQS code.
###
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
RET=0
FREE=`find src -name '*.c' | grep -v upstream | xargs grep '[^_]free' | grep -v 'IGNORE free-check'`
if [[ ! -z "${FREE}" ]];
then
${PRINT_RED}
echo "'free' is used in the following non-upstream files. These should be changed to 'OQS_MEM_secure_free' or 'OQS_MEM_insecure_free' as appropriate.";
${PRINT_RESET}
echo -n ${FREE} | tr ';' '\n' | sed -e 's/^ //'
${PRINT_RED}
echo "If you are sure you want to use 'free' in a particular spot, add the comment"
echo " // IGNORE free-check"
echo "on the line where 'free' occurs."
${PRINT_RESET}
RET=1
else
${PRINT_GREEN}
echo "No uses of 'free' detected in non-upstream files.";
${PRINT_RESET}
fi;
exit ${RET}

69
.travis/global-namespace-check.sh
View File

@ -1,69 +0,0 @@
#!/bin/bash
###
# Checks that all global symbols in liboqs.a are namespaced.
###
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
REGEX=' [_]?(OQS|randombytes|cSHAKE|LakeKeyak|KMAC|Kangaroo|Keccak|KetJr|KetMj|KetMn|KetSr|Ketje|Keyak|Kra|LunarKeyak|OceanKeyak|ParallelHash|RiverKeyak|SHA3|SHAKE|SeaKeyak|TupleHash|Vatte)'
LIBOQS=liboqs.a
# try to find liboqs.a
if [ ! -f ${LIBOQS} ]
then
LIBOQS=../liboqs.a
fi
if [ ! -f ${LIBOQS} ]
then
${PRINT_RED}
echo "Could not find liboqs.a"
${PRINT_RESET}
exit 1;
fi
# check for globally namespaced functions using ' T '
if [[ $(nm -g ${LIBOQS} | grep ' T ' | grep -E -v "${REGEX}") ]];
then
${PRINT_RED}
echo "Code contains the following non-namespaced global functions; see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for naming conventions.";
${PRINT_RESET}
nm -g ${LIBOQS} | grep ' T ' | grep -E -v "${REGEX}"
exit 1;
else
${PRINT_GREEN}
echo "Code contains no non-namespaced global functions.";
${PRINT_RESET}
fi;
# check for globally namespaced variables using ' D '
if [[ $(nm -g ${LIBOQS} | grep ' D ' | grep -E -v "${REGEX}") ]];
then
${PRINT_RED}
echo "Code contains the following non-namespaced global variables (type 'D'); see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for naming conventions.";
${PRINT_RESET}
nm -g ${LIBOQS} | grep ' D ' | grep -E -v "${REGEX}"
exit 1;
else
${PRINT_GREEN}
echo "Code contains no non-namespaced global variables (type 'D').";
${PRINT_RESET}
fi;
# check for globally namespaced variables using ' S '
if [[ $(nm -g ${LIBOQS} | grep ' S ' | grep -E -v "${REGEX}") ]];
then
${PRINT_RED}
echo "Code contains the following non-namespaced global variables (type 'S'); see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for naming conventions.";
${PRINT_RESET}
nm -g ${LIBOQS} | grep ' S ' | grep -E -v "${REGEX}"
exit 1;
else
${PRINT_GREEN}
echo "Code contains no non-namespaced global variables (type 'S').";
${PRINT_RESET}
fi;
exit 0

11
.travis/install-clang-format-linux.sh
View File

@ -1,11 +0,0 @@
#!/bin/bash
#
# Install clang-format on Linux
#
if [ ! -x "$(which clang-format-3.9)" ]; then
sudo add-apt-repository 'deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main'
wget -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo apt-key add -
sudo apt-get update -qq
sudo apt-get install -qq -y clang-format-3.9
fi;

29
.travis/kat-check.sh
View File

@ -1,29 +0,0 @@
#!/bin/bash
###
# Checks that all KATs pass.
###
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
RET=0
./kat_kem
./kat_sig
scripts/check_kats.sh
error=$?
if [ $error -eq 0 ];
then
${PRINT_GREEN}
echo "All known answer tests passed.";
${PRINT_RESET}
else
${PRINT_RED}
echo "Error in known answer tests.";
${PRINT_RESET}
RET=1
fi
exit ${RET}

30
.travis/license-check.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
###
# Checks that all upstream implementations include a LICENSE or LICENSE.txt file.
###
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
RET=0
for d in $(find src/kem -name upstream); do
if [[ ! -f ${d}/LICENSE ]]; then
if [[ ! -f ${d}/LICENSE.txt ]]; then
${PRINT_RED}
echo "No LICENSE or LICENSE.txt file in ${d}."
RET=1
${PRINT_RESET}
fi
fi
done
if [[ ${RET} == 0 ]]; then
${PRINT_GREEN}
echo "All LICENSE or LICENSE.txt files present.";
${PRINT_RESET}
fi
exit ${RET}

74
.travis/style-check.sh
View File

@ -1,74 +0,0 @@
#!/bin/bash
###
# Checks that all non-upstream files satisfy prettyprint requirements.
###
if [[ "x${TRAVIS}" == "xtrue" ]];
then
if [[ ! "x${CHECK_STYLE}" == "xtrue" ]];
then
echo "When running on Travis, style-check is only run on some builds."
exit 0
fi
fi
PRINT_GREEN="tput setaf 2"
PRINT_RED="tput setaf 1"
PRINT_RESET="tput sgr 0"
# see what has been modified (ignoring submodules because they are likely patched)
MODIFIED=$(git status -s)
if [[ ! -z "${MODIFIED}" ]];
then
${PRINT_RED}
echo "There are modified files present in the directory prior to prettyprint check. This may indicate that some files should be added to .gitignore or need to be committed.";
${PRINT_RESET}
git status -s
exit 1;
fi;
TRY_CLANGFORMAT="/usr/local/Cellar/clang-format/2016-06-27/bin/clang-format"
if [[ ! -x $(which ${TRY_CLANGFORMAT}) ]];
then
TRY_CLANGFORMAT="clang-format-3.9"
if [[ ! -x $(which ${TRY_CLANGFORMAT}) ]];
then
TRY_CLANGFORMAT="clang-format"
if [[ ! -x $(which ${TRY_CLANGFORMAT}) ]];
then
${PRINT_RED}
echo "Cannot find clang-format."
${PRINT_RESET}
exit 1
fi
fi
fi
CLANG_FORMAT_VERSION=`${TRY_CLANGFORMAT} -version | grep 3.9`
if [[ -z "${CLANG_FORMAT_VERSION}" ]];
then
${PRINT_RED}
echo "clang-format is not version 3.9."
${PRINT_RESET}
${TRY_CLANGFORMAT} -version
exit 1
fi;
make prettyprint CLANGFORMAT=${TRY_CLANGFORMAT}
MODIFIED=$(git status -s)
if [[ ! -z "${MODIFIED}" ]]; then
${PRINT_RED}
echo "Code does not adhere to the project standards. Run \"make prettyprint\".";
${PRINT_RESET}
git status -s
exit 1;
else
${PRINT_GREEN}
echo "Code adheres to the project standards (prettyprint).";
${PRINT_RESET}
exit 0;
fi;

116
CI.md Normal file
View File

@ -0,0 +1,116 @@
# Continuous Integration (CI)
This document aims to provide a accessible yet comprehensive overview of the liboqs CI setup.
## GitHub Actions
liboqs relies on GitHub Actions for almost all of its CI and makes extensive use of [reusable workflows](https://docs.github.com/en/actions/sharing-automations/reusing-workflows).
All workflow files are located in the `.github/workflows` subdirectory.
### Caller workflows
These workflows are triggered by GitHub events (for example, a pull request or a release).
They implement the logic dictating which tests should run on which events.
#### <a name="push.yml"></a> Push workflow (`push.yml`)
This workflow is triggered by pushes to non-`main` branches.
It calls only [basic checks](#basic.yml) unless one of the following strings is included in the commit message:
- "[full tests]": calls [all platform tests](#platforms.yml).
- "[extended tests]": calls the [extended tests](#extended.yml).
- "[trigger downstream]": calls the [downstream release tests](#downstream-release.yml).
To trigger multiple test suites, include multiple trigger strings in the commit message.
For example, "[full tests] [trigger downstream]" will trigger both the platform tests and the downstream release tests.
#### <a name="pr.yml"></a> Pull request workflow (`pr.yml`)
This workflow runs on pull requests.
It calls [basic checks](#basic.yml), [code coverage tests](#code-coverage.yml), [platform tests](#platforms.yml) and [scorecard analysis](#scorecard.yml).
#### <a name="commit-to-main.yml"></a> Commit-to-main workflow (`commit-to-main.yml`)
This workflow runs on pushes to the `main` branch (typically done automatically when a pull request is merged).
It calls [platform tests](#platforms.yml), [code coverage tests](#code-coverage.yml), [scorecard analysis](#scorecard.yml), and [basic downstream tests](#downstream-basic.yml).
#### <a name="weekly.yml"></a> Weekly workflow (`weekly.yml`)
This workflow is triggered by a weekly schedule.
It calls [extended tests](#extended.yml), [scorecard analysis](#scorecard.yml), and [continuous benchmarking](#kem-bench.yml-sig-bench.yml)
#### <a name="release.yml"></a> Release workflow (`release.yml`)
This workflow is triggered when a release (including a pre-release) is published on GitHub.
It calls [extended tests](#extended) and [downstream release tests](#downstream-release.yml).
### Callable workflows
These workflows are not triggered directly by any GitHub event.
They are instead called by one of the [caller workflows](#caller-workflows).
Users with "write" permissions can also trigger them manually via the GitHub web UI or REST API.
#### <a name="basic.yml"></a> Basic checks (`basic.yml`)
This workflow runs a minimal set of tests that should pass before heavier tests are triggered.
#### <a name="code-coverage.yml"></a> Code coverage tests (`code-coverage.yml`)
This workflow runs code coverage tests and uploads the results to [Coveralls.io](https://coveralls.io/github/open-quantum-safe/liboqs).
#### <a name="<platform>.yml"></a> Individual platform tests (`<platform>.yml`)
These workflows contain tests for the individual [platforms supported by liboqs](PLATFORMS.md).
Currently, these include
- `android.yml`,
- `apple.yml`,
- `macos.yml`,
- `linux.yml`,
- `windows.yml`, and
- `zephyr.yml`.
All of these these are wrapped by [`platforms.yml`](#platforms.yml).
#### <a name="platforms.yml"></a> All platform tests (`platforms.yml`)
This workflow calls all of the [platform-specific tests](#<platform>.yml).
#### <a name="extended.yml"></a> Extended tests (`extended.yml`)
This workflow calls tests which are either resource intensive or rarely need to be triggered.
Currently, this includes constant-time testing with valgrind and the full suite of NIST Known Answer Tests.
#### <a name="downstream-basic.yml"></a> Basic downstream trigger (`downstream-basic.yml`)
This workflow triggers basic CI for a selection of projects that depend on `liboqs`.
Currently, these include
- [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider)
- [`OQS-BoringSSL`](https://github.com/open-quantum-safe/boringssl)
- [`OQS-OpenSSH`](https://github.com/open-quantum-safe/openssh)
- [`OQS Demos`](https://github.com/open-quantum-safe/oqs-demos)
- [`liboqs-cpp`](https://github.com/open-quantum-safe/liboqs-cpp)
- [`liboqs-go`](https://github.com/open-quantum-safe/liboqs-go)
- [`liboqs-python`](https://github.com/open-quantum-safe/liboqs-python)
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="downstream-release.yml"></a> Downstream release trigger (`downstream-release.yml`)
This workflow triggers release tests for a selection of projects that depend on `liboqs`.
Currently, this is only the [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider).
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="scorecard.yml"></a> OpenSSF scorecard analysis (`scorecard.yml`)
This workflow runs the [OpenSSF scorecard](https://github.com/ossf/scorecard) tool.
It is additionally triggered automatically when branch protection rules are changed.
Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
#### <a name="kem-bench.yml-sig-bench.yml"></a> KEMs and signatures continuous benchmarking (`kem-bench.yml` and `sig-bench-yml`)
These workflows execute a benchmarkig framework to retrieve the performance of KEM and signature algorithms in CPU cycles.
When new algorithms are added to the codebase, they must be included inside the algorithms matrices found within these files.
## Travis CI
In the past, we used Travis CI to test on [some IBM platforms](PLATFORMS.md#tier-3-1) that are not supported by GitHub Actions.
Our Travis builds are currently disabled pending resolution of [issue #2068](https://github.com/open-quantum-safe/liboqs/issues/2068).

348
CMakeLists.txt Normal file
View File

@ -0,0 +1,348 @@
# SPDX-License-Identifier: MIT
cmake_minimum_required (VERSION 3.15)
# option() honors normal variables.
# see: https://cmake.org/cmake/help/git-stage/policy/CMP0077.html
if(POLICY CMP0077)
cmake_policy(SET CMP0077 NEW)
endif()
# Honor symbol visibility properties for all target types.
# see: https://cmake.org/cmake/help/git-stage/policy/CMP0063.html
if(POLICY CMP0063)
cmake_policy(SET CMP0063 NEW)
endif()
if(POLICY CMP0066)
cmake_policy(SET CMP0066 NEW)
endif()
if(POLICY CMP0067)
cmake_policy(SET CMP0067 NEW)
endif()
project(liboqs C ASM)
option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." ON)
option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF)
set(OQS_MINIMAL_BUILD "" CACHE STRING "Only build specifically listed algorithms.")
option(OQS_LIBJADE_BUILD "Enable formally verified implementation of supported algorithms from libjade." OFF)
option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsupported architecture." OFF)
option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
option(OQS_EMBEDDED_BUILD "Compile liboqs for an Embedded environment without a full standard library." OFF)
option(OQS_USE_CUPQC "Utilize cuPQC as the backend for supported PQC algorithms." OFF)
option(OQS_USE_ICICLE "Utilize ICICLE as the backend for supported PQC algorithms." OFF)
# Libfuzzer isn't supported on gcc
if('${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
option(OQS_BUILD_FUZZ_TESTS "Build fuzz test suite" OFF)
endif()
set(OQS_OPT_TARGET auto CACHE STRING "The target microarchitecture for optimization.")
set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_C_VISIBILITY_PRESET hidden)
set(OQS_VERSION_MAJOR 0)
set(OQS_VERSION_MINOR 14)
set(OQS_VERSION_PATCH 1)
set(OQS_VERSION_PRE_RELEASE "-dev")
set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
set(OQS_MINIMAL_GCC_VERSION "7.1.0")
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
# Determine the flags for fuzzing. Use OSS-Fuzz's configuration if available, otherwise fall back to defaults.
if(DEFINED ENV{LIB_FUZZING_ENGINE})
set(FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE})
set(FUZZING_COMPILE_FLAGS "")
set(FUZZING_LINK_FLAGS "${FUZZING_ENGINE}")
else()
set(FUZZING_COMPILE_FLAGS "-fsanitize=fuzzer,address")
set(FUZZING_LINK_FLAGS "-fsanitize=fuzzer,address")
endif()
# heuristic check to see whether we're running on a RaspberryPi
if(EXISTS "/opt/vc/include/bcm_host.h")
add_definitions( -DOQS_USE_RASPBERRY_PI )
endif()
if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64")
set(ARCH "x86_64")
set(ARCH_X86_64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_X86_64_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "x86|i586|i686")
set(ARCH "i586")
set(ARCH_X86 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_X86_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8")
set(ARCH "arm64v8")
set(ARCH_ARM64v8 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_ARM64_V8_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "armel|armhf|armv7|arm32v7")
set(ARCH "arm32v7")
set(ARCH_ARM32v7 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_ARM32_V7_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le")
set(ARCH "ppc64le")
set(ARCH_PPC64LE ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64LE_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
set(ARCH "ppc64")
set(ARCH_PPC64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc|powerpc)")
message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
# CMake uses uname to derive CMAKE_SYSTEM_PROCESSOR value, so on Darwin
# the value is identical for ppc and ppc64. To have the right build arch
# in 64-bit case, we use CMAKE_OSX_ARCHITECTURES.
if(APPLE AND CMAKE_OSX_ARCHITECTURES STREQUAL "ppc64")
set(ARCH "ppc64")
set(ARCH_PPC64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC64_BUILD ON)
endif()
else()
set(ARCH "ppc")
set(ARCH_PPC ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_PPC_BUILD ON)
endif()
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
set(ARCH "s390x")
set(ARCH_S390X ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_S390X_BUILD ON)
endif()
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "riscv")
set(ARCH "riscv")
elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "loongarch64")
set(ARCH "loongarch64")
set(ARCH_LOONGARCH64 ON)
if(${OQS_DIST_BUILD})
set(OQS_DIST_LOONGARCH64_BUILD ON)
endif()
elseif(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE)
message(WARNING "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR})
message(WARNING "Compilation on an unsupported processor should only be used for testing, as it may result an insecure configuration, for example due to variable-time instructions leaking secret information.")
else()
message(FATAL_ERROR "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR} ". Override by setting OQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON")
endif()
if(${OQS_USE_CUPQC})
# CMAKE's CUDA language requires CMAKE 3.18
cmake_minimum_required (VERSION 3.18)
enable_language(CUDA)
if(NOT DEFINED CMAKE_CUDA_ARCHITECTURES)
set(CMAKE_CUDA_ARCHITECTURES 80 90)
endif()
find_package(cuPQC 0.2.0 REQUIRED)
endif()
if(OQS_USE_ICICLE)
enable_language(CXX)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
find_package(icicle_pqc_package REQUIRED)
endif()
if (NOT ((CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") AND (ARCH_X86_64 STREQUAL "ON")) AND (OQS_LIBJADE_BUILD STREQUAL "ON"))
message(FATAL_ERROR "Building liboqs with libjade implementations from libjade is only supported on Linux and Darwin on x86_64.")
endif()
# intentionally don't switch to variables to avoid --warn-uninitialized report
if(OQS_USE_CPU_EXTENSIONS)
message(FATAL_ERROR "OQS_USE_CPU_EXTENSIONS is deprecated")
endif()
# intentionally don't switch to variables to avoid --warn-uninitialized report
if(OQS_PORTABLE_BUILD)
message(FATAL_ERROR "OQS_PORTABLE_BUILD is deprecated")
endif()
if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
set(OQS_DEBUG_BUILD ON)
else()
set(OQS_DEBUG_BUILD OFF)
endif()
option(OQS_SPEED_USE_ARM_PMU "Use ARM Performance Monitor Unit during benchmarking" OFF)
if(WIN32 AND NOT (MINGW OR MSYS OR CYGWIN))
set(CMAKE_GENERATOR_CC cl)
endif()
include(.CMake/compiler_opts.cmake)
include(.CMake/alg_support.cmake)
if(${OQS_USE_OPENSSL})
if(NOT DEFINED OPENSSL_ROOT_DIR)
if(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Darwin")
if(EXISTS "/usr/local/opt/openssl@1.1")
set(OPENSSL_ROOT_DIR "/usr/local/opt/openssl@1.1")
elseif(EXISTS "/opt/homebrew/opt/openssl@1.1")
set(OPENSSL_ROOT_DIR "/opt/homebrew/opt/openssl@1.1")
endif()
endif()
endif()
find_package(OpenSSL 1.1.1 REQUIRED)
if(OQS_DLOPEN_OPENSSL)
find_program(OBJDUMP objdump)
if(NOT OBJDUMP)
message(FATAL_ERROR "objdump not found. Please install it from binutils.")
endif()
execute_process(
COMMAND ${OBJDUMP} -p ${OPENSSL_CRYPTO_LIBRARY}
COMMAND sed -n "s/[ ]\\{1,\\}SONAME[ ]\\{1,\\}//p"
OUTPUT_VARIABLE OQS_OPENSSL_CRYPTO_SONAME
OUTPUT_STRIP_TRAILING_WHITESPACE
COMMAND_ERROR_IS_FATAL ANY)
message(STATUS "OpenSSL dlopen SONAME: " ${OQS_OPENSSL_CRYPTO_SONAME})
endif()
endif()
set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h
${PROJECT_SOURCE_DIR}/src/common/aes/aes_ops.h
${PROJECT_SOURCE_DIR}/src/common/common.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3_ops.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4_ops.h
${PROJECT_SOURCE_DIR}/src/kem/kem.h
${PROJECT_SOURCE_DIR}/src/sig/sig.h
${PROJECT_SOURCE_DIR}/src/sig_stfl/sig_stfl.h)
set(INTERNAL_HEADERS ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
${PROJECT_SOURCE_DIR}/src/common/rand/rand_nist.h
${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h)
if(${OQS_ENABLE_KEM_BIKE})
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/bike/kem_bike.h)
endif()
if(${OQS_ENABLE_KEM_FRODOKEM})
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/frodokem/kem_frodokem.h)
endif()
if(OQS_ENABLE_KEM_NTRUPRIME)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ntruprime/kem_ntruprime.h)
endif()
if(OQS_ENABLE_KEM_NTRU)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ntru/kem_ntru.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_START
if(OQS_ENABLE_KEM_CLASSIC_MCELIECE)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/classic_mceliece/kem_classic_mceliece.h)
endif()
if(OQS_ENABLE_KEM_HQC)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/hqc/kem_hqc.h)
endif()
if(OQS_ENABLE_KEM_KYBER)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/kyber/kem_kyber.h)
endif()
if(OQS_ENABLE_KEM_ML_KEM)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ml_kem/kem_ml_kem.h)
endif()
if(OQS_ENABLE_SIG_ML_DSA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/ml_dsa/sig_ml_dsa.h)
endif()
if(OQS_ENABLE_SIG_FALCON)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/falcon/sig_falcon.h)
endif()
if(OQS_ENABLE_SIG_SPHINCS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
endif()
if(OQS_ENABLE_SIG_MAYO)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/mayo/sig_mayo.h)
endif()
if(OQS_ENABLE_SIG_CROSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/cross/sig_cross.h)
endif()
if(OQS_ENABLE_SIG_UOV)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/uov/sig_uov.h)
endif()
if(OQS_ENABLE_SIG_SNOVA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/snova/sig_snova.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
if(OQS_ENABLE_SIG_SLH_DSA)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/slh_dsa/sig_slh_dsa.h)
endif()
if(OQS_ENABLE_SIG_STFL_XMSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
endif()
if(OQS_ENABLE_SIG_STFL_LMS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/lms/sig_stfl_lms.h)
endif()
execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
configure_file(src/oqsconfig.h.cmake ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
include_directories(${PROJECT_BINARY_DIR}/include)
add_subdirectory(src)
if(NOT ${OQS_BUILD_ONLY_LIB})
add_subdirectory(tests)
if (NOT CYGWIN)
find_package(Doxygen)
if(DOXYGEN_FOUND)
set(DOXYFILE ${PROJECT_SOURCE_DIR}/docs/.Doxyfile)
add_custom_target(
gen_docs
COMMAND ${PROJECT_SOURCE_DIR}/scripts/run_doxygen.sh ${DOXYGEN_EXECUTABLE} ${DOXYFILE} ${PROJECT_BINARY_DIR}
WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
COMMENT "Generate API documentation with Doxygen."
USES_TERMINAL)
endif()
endif()
if(NOT WIN32)
add_custom_target(
prettyprint
COMMAND find src tests -name '*.[ch]' | grep -v '/external/' | grep -v 'kem.*/pqclean_' | grep -v 'sig.*/pqclean_' | xargs astyle --options=.astylerc
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
USES_TERMINAL)
endif()
endif()
set(CPACK_GENERATOR "DEB")
set(CPACK_PACKAGE_VENDOR "www.openquantumsafe.org")
set(CPACK_PACKAGE_VERSION ${OQS_VERSION_TEXT})
if(${OQS_USE_OPENSSL})
set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6, openssl")
else()
set(CPACK_DEBIAN_PACKAGE_DEPENDS "libc6")
endif()
set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
include(CPack)
# uninstall target
if(NOT TARGET uninstall)
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/.CMake/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
endif()

128
CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
conduct@openquantumsafe.org.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.

271
CONFIGURE.md Normal file
View File

@ -0,0 +1,271 @@
Options for configuring liboqs builds
=====================================
The following options can be passed to CMake before the build file generation process to customize the way liboqs is built. The syntax for doing so is: `cmake .. [ARGS] [-D<OPTION_NAME>=<OPTION_VALUE>]...`, where `<OPTON_NAME>` is:
- [BUILD_SHARED_LIBS](#BUILD_SHARED_LIBS)
- [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE)
- [CMAKE_INSTALL_PREFIX](#CMAKE_INSTALL_PREFIX)
- [OQS_ALGS_ENABLED](#OQS_ALGS_ENABLED)
- [OQS_BUILD_ONLY_LIB](#OQS_BUILD_ONLY_LIB)
- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG)
- [OQS_MINIMAL_BUILD](#OQS_MINIMAL_BUILD)
- [OQS_DIST_BUILD](#OQS_DIST_BUILD)
- [OQS_USE_CPUFEATURE_INSTRUCTIONS](#OQS_USE_CPUFEATURE_INSTRUCTIONS)
- [OQS_USE_OPENSSL](#OQS_USE_OPENSSL)
- [OQS_USE_CUPQC](#OQS_USE_CUPQC)
- [OQS_USE_ICICLE](#OQS_USE_ICICLE)
- [OQS_OPT_TARGET](#OQS_OPT_TARGET)
- [OQS_SPEED_USE_ARM_PMU](#OQS_SPEED_USE_ARM_PMU)
- [USE_COVERAGE](#USE_COVERAGE)
- [USE_SANITIZER](#USE_SANITIZER)
- [OQS_ENABLE_TEST_CONSTANT_TIME](#OQS_ENABLE_TEST_CONSTANT_TIME)
- [OQS_STRICT_WARNINGS](#OQS_STRICT_WARNINGS)
- [OQS_EMBEDDED_BUILD](#OQS_EMBEDDED_BUILD)
- [OQS_LIBJADE_BUILD](#OQS_LIBJADE_BUILD)
- [OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG](#OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG)
- [OQS_BUILD_FUZZ_TESTS](#OQS_BUILD_FUZZ_TESTS)
## BUILD_SHARED_LIBS
Can be set to `ON` or `OFF`. When `ON`, liboqs is built as a shared library.
**Default**: `OFF`.
This means liboqs is built as a static library by default.
## CMAKE_BUILD_TYPE
Can be set to the following values:
- `Debug`: This turns off all compiler optimizations and produces debugging information. **This value only has effect when the compiler is GCC or Clang**
- The [USE_COVERAGE](#USE_COVERAGE) option can also be specified to enable code coverage testing.
- When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer.
- `Release`: This compiles code at the `O3` optimization level, and sets other compiler flags that reduce the size of the binary.
**Default**: `Release`.
## CMAKE_INSTALL_PREFIX
See the [CMake documentation](https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html).
## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG
Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG` should be replaced with the specific algorithm name as demonstrated below.
This can be set to `ON` or `OFF`, and is `ON` by default. When `OFF`, `ALG` and its code are excluded from the build process. When `ON`, made available are additional options whereby individual variants of `ALG` can be excluded from the build process.
For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike_l1`, `OQS_ENABLE_KEM_bike_l3`, and `OQS_ENABLE_KEM_bike_l5` are made available (and are set to be `ON` by default).
To enable `XMSS` stateful signature, set `OQS_ENABLE_SIG_STFL_XMSS` to `ON`, the options `OQS_ENABLE_SIG_STFL_xmss_sha256_h10` and its variants are also set to be `ON` by default. Similarly, `LMS` stateful signature family can also be enabled by setting `OQS_ENABLE_SIG_STFL_LMS` to `ON`.
For a full list of such options and their default values, consult [.CMake/alg_support.cmake](https://github.com/open-quantum-safe/liboqs/blob/master/.CMake/alg_support.cmake).
**Default**: Unset.
## OQS_ALGS_ENABLED
A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "NIST_SIG_ONRAMP" selecting algorithms evaluated in the NIST PQC "onramp" standardization for additional signature schemes; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).
**Attention**: If you use any predefined value (`STD` or `NIST_R4` or `NIST_SIG_ONRAMP` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.
**Default**: `All`.
## OQS_BUILD_ONLY_LIB
Can be `ON` or `OFF`. When `ON`, only liboqs is built, and all the targets: `run_tests`, `gen_docs`, and `prettyprint` are excluded from the build system.
**Default**: `OFF`.
## OQS_MINIMAL_BUILD
If set, this defines a semicolon-delimited list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_ml_kem_768;SIG_ml_dsa_44" ..` will build a minimum-size `liboqs` library only containing support for ML-KEM-768 and ML-DSA-44.
The full list of identifiers that can be set is listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). The default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
**Default**: Unset.
## OQS_DIST_BUILD
Can be `ON` or `OFF`. When `ON`, build liboqs for distribution. When `OFF`, build liboqs for use on a single machine.
The library is always built for a particular architecture, either x86-64, ARM32v7, or ARM64v8, depending on the setting of CMAKE_SYSTEM_PROCESSOR. But liboqs contains code that is optimized for micro-architectures as well, e.g. x86-64 with the AVX2 extension.
When built for distribution, the library will run on any CPU of the target architecture. Function calls will be dispatched to micro-architecture optimized routines at run-time using CPU feature detection.
When built for use on a single machine, the library will only include the best available code for the target micro-architecture (see [OQS_OPT_TARGET](#OQS_OPT_TARGET)).
**Default**: `ON`.
## OQS_USE_CPUFEATURE_INSTRUCTIONS
Note: `CPUFEATURE` in `OQS_USE_CPUFEATURE_INSTRUCTIONS` should be replaced with the specific CPU feature as noted below.
These can be set to `ON` or `OFF` and take effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
**Default**: Options valid on the build machine.
## OQS_USE_OPENSSL
To save size and limit the amount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
This can be set to `ON` or `OFF`. When `ON`, the additional options `OQS_USE_AES_OPENSSL`, `OQS_USE_SHA2_OPENSSL`, and `OQS_USE_SHA3_OPENSSL` are made available to control whether liboqs uses OpenSSL's AES, SHA-2, and SHA-3 implementations.
By default,
- `OQS_USE_AES_OPENSSL` is `ON` (on x86-64 only if `OQS_DIST_BUILD` and `OQS_USE_AES_INSTRUCTIONS` are not set)
- `OQS_USE_SHA2_OPENSSL` is `ON`
- `OQS_USE_SHA3_OPENSSL` is `OFF`.
These default choices have been made to optimize the default performance of all algorithms. Changing them implies performance penalties.
When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The [OPENSSL_ROOT_DIR](https://cmake.org/cmake/help/latest/module/FindOpenSSL.html) option can be set to aid CMake in its search.
**Default**: `ON`.
### OQS_DLOPEN_OPENSSL
Dynamically load OpenSSL through `dlopen`. When using liboqs from other cryptographic libraries, hard dependency on OpenSSL is sometimes undesirable. If this option is `ON`, loading of OpenSSL will be deferred until any of the OpenSSL functions is used.
Only has an effect if the system supports `dlopen` and ELF binary format, such as Linux or BSD family.
### OQS_USE_CUPQC
Can be `ON` or `OFF`. When `ON`, use NVIDIA's cuPQC library where able (currently just ML-KEM). When this option is enabled, liboqs may not run correctly on machines that lack supported GPUs. To download cuPQC follow the instructions at (https://developer.nvidia.com/cupqc-download/). Detailed descriptions of the API, requirements, and installation guide are in the cuPQC documentation (https://docs.nvidia.com/cuda/cupqc/index.html). While the code shipped by liboqs required to use cuPQC is licensed under Apache 2.0 the cuPQC SDK comes with its own license agreement (https://docs.nvidia.com/cuda/cupqc/license.html).
**Default**: `OFF`
### OQS_USE_ICICLE
This CMake option can be set to `ON` or `OFF`. When enabled (`ON`), it configures liboqs to use ICICLE as the backend for supported post-quantum cryptographic (PQC) algorithms — currently ML-KEM.
ICICLE is a GPU-accelerated cryptographic library developed by Ingonyama. It provides CUDA-based implementations of PQC algorithms to boost the performance on systems with compatible NVIDIA GPUs.
To use ICICLE, the user needs to build and install the `icicle_pqc_package`, which contains the necessary CUDA kernels and runtime support. This package must be compiled separately before configuring liboqs with `OQS_USE_ICICLE` enabled, and its installation path should be made available to CMake.
Enabling this option also automatically enables C++ support in CMake, as required by ICICLEs implementations.
To build ICICLE with the required PQC package:
```bash
cmake -S icicle -B "$BUILD_DIR" \
-DCMAKE_INSTALL_PREFIX="$INSTALL_DIR" \
-DCPU_BACKEND=OFF \
-DDISABLE_ALL_FEATURES=ON \
-DPQC=ON \
-DCUDA_PQC_BACKEND=ON \
-DICICLE_STATIC_LINK=ON \
-DPQC_PACKAGE=ON
cmake --build "$BUILD_DIR"
cmake --install "$BUILD_DIR"
```
For full documentation, setup instructions, and backend support details, see the [Ingonyama documentation](https://dev.ingonyama.com/)
**Default**: `OFF`.
## Stateful Hash Based Signatures
XMSS and LMS are the two supported Hash-Based Signatures schemes.
`OQS_ENABLE_SIG_STFL_XMSS` and `OQS_ENABLE_SIG_STFL_LMS` control these algorithms, which are disabled by default.
A third variable, `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN`, also controls the ability to generate keys and signatures. This is also disabled by default.
Each of these variables can be set to `ON` or `OFF`.
When all three are `ON`, stateful signatures are fully functional and can generate key pairs, sign data, and verify signatures.
If `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF` signature verification is the only functional operation.
Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in order to best enforce the one-time use of secret keys.
Keys stored in a file system are extremely susceptible to simultaneous use.
When enabled in this library a warning message will be generated by the config process.
The name of the configuration variable has been chosen to make every user of this feature aware of its security risks.
The OQS team explicitly discourages enabling this variable and reserves the right to remove this feature in future releases if its use causes actual harm.
It remains present as long as it is responsibly used as per the stated warnings.
By default,
- `OQS_ENABLE_SIG_STFL_XMSS` is `OFF`
- `OQS_ENABLE_SIG_STFL_LMS` is `OFF`
- `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF`.
**Default**: `OFF`.
## OQS_OPT_TARGET
An optimization target. Only has an effect if the compiler is GCC or Clang and `OQS_DIST_BUILD=OFF`. Can take any valid input to the `-march` (on x86-64) or `-mcpu` (on ARM32v7 or ARM64v8) option for `CMAKE_C_COMPILER`. Can also be set to one of the following special values.
- `auto`: Use `-march=native` or `-mcpu=native` (if the compiler supports it).
- `generic`: Use `-march=x86-64` on x86-64, or `-mcpu=cortex-a5` on ARM32v7, or `-mcpu=cortex-a53` on ARM64v8.
**Default**: `auto`.
## OQS_SPEED_USE_ARM_PMU
Can be `ON` or `OFF`. When `ON`, the benchmarking script will try to use the ARMv8 Performance Monitoring Unit (PMU). This will make cycle counts on ARMv8 platforms significantly more accurate.
In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via the kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for Linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
Note that this option is not known to work on Apple M1 chips.
**Default**: `OFF`.
## USE_COVERAGE
This has an effect when the compiler is GCC or Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Can be `ON` or `OFF`. When `ON`, code coverage testing will be enabled.
**Default**: Unset.
## USE_SANITIZER
This has an effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
- `Address`: This enables Clang's `AddressSanitizer`
- `Memory`: This enables Clang's `MemorySanitizer`
- `MemoryWithOrigins`: This enables Clang's `MemorySanitizer` with the added functionality of being able to track the origins of uninitialized values
- `Undefined`: This enables Clang's `UndefinedBehaviorSanitizer`. The `BLACKLIST_FILE` option can be additionally set to a path to a file listing the entities Clang should ignore.
- `Thread`: This enables Clang's `ThreadSanitizer`
- `Leak`: This enables Clang's `LeakSanitizer`
**Default**: Unset.
## OQS_ENABLE_TEST_CONSTANT_TIME
This is used in conjunction with `tests/test_constant_time.py` to use Valgrind to look for instances of secret-dependent control flow. liboqs must also be compiled with [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) set to `Debug`.
See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more usage information.
When this option is set to `ON`, the additional option `OQS_ENABLE_TEST_CONSTANT_TIME_OPTIMIZED` is made available to control whether liboqs is built using `-O3` optimization, as in a release build, or using the default "Debug" profile. By default, `OQS_ENABLE_TEST_CONSTANT_TIME_OPTIMIZED` is `OFF`.
**Default**: `OFF`.
## OQS_STRICT_WARNINGS
Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at the development time of this library.
**Default**: `OFF`.
## OQS_EMBEDDED_BUILD
Can be `ON` or `OFF`. When `ON`, calls to standard library functions typically not present in a bare-metal embedded environment are excluded from compilation.
At the moment, this is **only** considered for random number generation, as both `getentropy()` and a file based `/dev/urandom` are not available on embedded targets (e.g. the Zephyr port).
**Attention**: When this option is enabled, you have to supply a custom callback for obtaining random numbers using the `OQS_randombytes_custom_algorithm()` API before accessing the cryptographic API. Otherwise, all key generation and signing operations will fail.
**Default**: `OFF`.
## OQS_LIBJADE_BUILD
Can be `ON` or `OFF`. When `ON` liboqs is built to use high assurance implementations of cryptographic algorithms from [Libjade](https://github.com/formosa-crypto/libjade). The cryptographic primitives in Libjade are written using [Jasmin](https://github.com/jasmin-lang/jasmin) and built using the Jasmin compiler. The Jasmin compiler is proven (in Coq) to preserve semantic correctness of a program, maintain secret-independence of control flow, and maintain secret independence of locations of memory access through compilation. Additionally, the Jasmin compiler guarantees thread safety because Jasmin doesn't support global variables.
At the moment, Libjade only provides Kyber512 and Kyber768 KEMs.
At the moment, libjade only supports Linux and Darwin based operating systems on x86_64 platforms.
**Default** `OFF`.
## OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG
Note: `ALG` in `OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated in OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG.
**Default**: `OFF` if OQS_LIBJADE_BUILD is `OFF` else unset.
## OQS_BUILD_FUZZ_TESTS
Can be `ON` or `OFF`. When `ON` liboqs the fuzz test-suite will be enabled. This option is only available if the c compiler is set to clang i.e. `-DCMAKE_C_COMPILER=clang`.
Note: It is strongly recommended that this configuration be enabled with `CFLAGS=-fsanitize=address,fuzzer-no-link LDFLAGS=-fsanitize=address`. While fuzzing will run without these flags, enabling this instrumentation will make fuzzing performance much faster and catch [potential memory related bugs](https://clang.llvm.org/docs/AddressSanitizer.html).
**Default** `OFF`.

166
CONTRIBUTING.md
View File

@ -1,106 +1,108 @@
Contributing to liboqs nist-branch
==================================
# Contributing
This branch takes a "light touch" approach to incorporating new implementations:
The OQS core team welcomes all proposals to improve this project. This may take
the form of [a discussion](https://github.com/open-quantum-safe/liboqs/discussions)
for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/liboqs/issues)
as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/liboqs/pulls).
- Source code from a NIST submission will be included ideally with no changes, in an "upstream" subdirectory.
- A thin wrapper will be written to provide the implementation using the liboqs API.
- The implementation will be added to the build process.
- To avoid namespace collisions between different algorithms, symbol renaming will be used on the compiled files.
## Baseline design goal
This file describes the step-by-step procedure to add a new KEM or signature algorithm to liboqs nist-branch. Separate instructions apply for adding an algorithm to master branch.
OQS is a collection of many different PQC algorithms, maintained by a small team of people who are not guaranteed to be versed in the intricate details of each algorithm.
If you get stuck or are unsure of what to do, feel free to contact us via a Github issue/pull request/@mention, or email one of the team.
Therefore, all contributions to the general logic of the project should be as independent of any single algorithm such as to ease long-term maintainability. If changes are contributed catering to the properties of a specific algorithm, it is expected that consideration is given at least how the other algorithms of the same type (KEM or SIG) should cater to the proposed changes, e.g., by way of a new, generally satisfiable API.
Basic steps
-----------
All contributions to a specific algorithm ideally come with the willingness to provide long-term support, or at least a contact person that can help the OQS team pinpoint potential problems with the algorithm.
Suppose the module we want to add is a KEM or signature called `potato`. Some NIST submissions contain multiple algorithms at different security levels or with different parameters, for example `potato_512`, `potato_1024`, `potato_2048`. In liboqs, we create a single source code directory `src/{kem|sig}/potato`, and a single wrapper file `{kem|sig}_potato.c`, but that wrapper file contains wrappers for each of the different parameterizations, named for example `OQS_{KEM|SIG}_potato_512`, ...
## Review and Feedback
### Getting started
We aim to provide timely feedback to any input. If you are uncertain as to whether
a particular contribution is welcome, needed or timely, please first open an [issue](https://github.com/open-quantum-safe/liboqs/issues)
particularly in case of possible bugs or new feature requests or create a
[discussion](https://github.com/open-quantum-safe/liboqs/discussions).
1. Ensure that the implementation meets the acceptance criteria stated in [README.md](https://github.com/open-quantum-safe/liboqs/blob/nist-branch/README.md), including that:
- the implementation is licensed under an acceptable open source license; and
- that there are no known breaks of the algorithm (see the "View comments" link for the submission on the [NIST Round 1 submission page](https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions)).
2. Make a new working branch off of nist-branch, preferably with the word `nist` somewhere in the branch name.
3. Create new directories `src/{kem|sig}/potato` and `src/{kem|sig}/potato/upstream`
## Pull requests
### Adding the upstream implementation
Pull requests should clearly state their purpose, possibly referencing an existing
[issue](https://github.com/open-quantum-safe/liboqs/issues) when resolving it.
1. Download the ZIP file of the submission from the NIST website (or elsewhere).
2. Copy the contents of the ZIP file (except the known answer tests (KAT) and the supporting documentation folders) into `src/{kem|sig}/potato/upstream`.
3. If `src/{kem|sig}/potato/upstream` does not already contain a `LICENSE.txt` file, confirm the license of the implementation and add a corresponding LICENSE.txt file.
4. Do a `git add` and `git commit` on the newly added files (so that we get a fresh snapshot of the files before any objects are built).
Pull requests containing code, documentation, or text produced with the help of generative AI must declare that in the pull request description and describe the nature of the use. Contributors are expected to have verified and affirm such contributions themselves before submission.
Contributors using AI assistants are encouraged to read the OpenSSF's [Security-Focused Guide for AI Code Assistant Instructions](https://best.openssf.org/Security-Focused-Guide-for-AI-Code-Assistant-Instructions).
### Creating the OQS wrapper
All PRs should move to "Ready for Review" stage only if all CI tests pass (are green).
1. From another KEM or signature implementation's directory, copy (and rename appropriately) `src/{kem|sig}/whatever/{kem|sig}_whatever.c` and `src/{kem|sig}/whatever/{kem|sig}_whatever.h` to `src/{kem|sig}/potato`.
2. Edit `src/{kem|sig}/potato/{kem|sig}_potato.h` to create a copy of the macros and function prototypes for each algorithm to expose; copy the correct lengths into the length macros from the upstream algorithm's `api.h` file.
3. Edit `src/{kem|sig}/potato/{kem|sig}_potato.c` to create a copy of the constructor for each algorithm to expose; set the correct `method_name`, `claimed_nist_level` (1-5), and {`ind_cca`|`euf_cma`} values.
4. Edit `src/{kem|sig}/{kem|sig}.h` at the `EDIT-WHEN-ADDING-{KEM|SIG}` marker to add the analogous lines for potato.
5. Edit `src/{kem|sig}/{kem|sig}.c` at the two `EDIT-WHEN-ADDING-{KEM|SIG}` markers to add the analogous lines for potato.
The OQS core team is happy to provide feedback also to Draft PRs in order to improve
them before the final "Review" stage.
`.c` and `.h` files in liboqs (other than in `upstream` directories) must meet the OQS coding convention and style and are checked by the pretty-printer. See https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for details. You can use `make prettyprint` to run the pretty-printer; you will need to install `clang-format` version 3.9, as per the instructions at the link above.
### Coding style
### Adding to the build system
This project has adopted a slightly modified [Google code formatting style](https://astyle.sourceforge.net/astyle.html#_style=google) for the core components
of the library as documented in the [style template](.astylerc).
The `astyle` tool is used to check formatting in CI.
Due to variations in behaviour across version and platforms, it is possible to encounter CI failures even if code has been locally formatted with `astyle`.
To assist with this inconvenience, we provide a convenience script which runs `astyle` in the same Docker image that we use for the CI checks:
```bash
LIBOQS_DIR=<liboqs directory> ./scripts/format_code.sh
```
This script has been tested on x86\_64 Ubuntu and arm64 macOS. Contributions for other platforms are welcome and appreciated!
1. From another KEM or signature implementation's directory, copy `src/{kem|sig}/whatever/Makefile` to `src/{kem|sig}/potato`.
2. Edit `src/{kem|sig}/potato/Makefile`.
3. At the top of the Makefile, set up which algorithms are available in each architecture and whatever architecture-specific flags need to be passed down to the underlying Makefile.
4. Edit the lower part of the Makefile to create a compilation target for each algorithm/parameterization. You can do this either by calling the upstream implementations Makefile to get it to generate `.o` or `.a` files, or by directly specifying compilation commands. You should remove the upstream implementation algorithm's `randombytes` function from being built, as we will instead use the `randombytes` function in liboqs; in many NIST implementations with an `rng.c` file, you should just need to remove `rng.c` from being built.
5. In the compilation target for each algorithm/parameterization (`potato_512`, ...), you will need to call various scripts to collect together object files, rename global symbols, and hide local symbols. Below we suppose we are working with the `potato_512` parameterization.
1. If the upstream implementation has generated `.o` files, use `scripts/collect_objects.sh` to collect those into liboqs's `.objs` directory. (See `src/kem/newhopenist/Makefile` for an example.)
2. If the upstream implementation has generated a `.a` file, use `scripts/explode_and_collect.sh` to generate the `.o` files for liboqs's `.objs` directory. (See `src/kem/frodokem/Makefile` for an example.)
3. Create a file `symbols_global_rename_512.txt` indicating how to rename the existing function names for the globally exposed symbols (namely, the mapping to obtain `OQS_KEM_potato_512_keygen`, `OQS_KEM_potato_512_encaps`, and `OQS_KEM_potato_512_decaps` for KEMs, and `OQS_SIG_potato_512_keypair`, `OQS_SIG_potato_512_sign`, and `OQS_SIG_potato_512_sign_open` for signatures; you might need to add more symbols if different parametrizations share some code in different compilation units); the format of this file should be two symbols per line, the old name and the new name, separated by a space. Add a line in the compilation target to run `scripts/symbols_global_rename.sh` with `symbols_global_rename_512.txt`.
4. Create a file `symbols_local.txt` containing the names of all other publicly visible symbols from the upstream implementation that need to be removed from the global namespace; the format of the file is one symbol per line. You can find these by symbols by running `nm -g potato.a | grep ' T '` and `nm -g potato.a | grep ' D '`, or on the individual object files (`*.o`). The same file can be used for all parameterizations of this algorithm. On macOS, symbols will be prefixed with an underscore (`_`); you should omit the underscore. Add a line in the compilation target to run `scripts/symbols_local.sh` with `symbols_local.txt`.
6. Edit `src/{kem|sig}/Makefile` at the `EDIT-WHEN-ADDING-{KEM|SIG}` marker to include `src/{kem|sig}/potato/Makefile`.
7. Edit `Makefile` at the `EDIT-WHEN-ADDING-{KEM|SIG}` marker to add the various algorithms/parameterizations (`potato_512`, ...) to the list of KEMs/signatures enabled by default.
### Public and internal APIs
### Testing
Public API functions are marked with the `OQS_API` keyword. These functions are made available to users of the library.
OQS also has an internal API for common code such as hashing and memory management.
The OQS test programs use this internal API.
These programs link against the `oqs-internal` library, which is built alongside the main library.
The main library also contains the common code, but it does not expose it to external callers.
The internal library is not installed via `ninja install`, and source code should not link against it.
1. Try building use `make clean; make`.
2. Our build system is configured so that any warning when compiling a non-upstream file is treated as an error. Fix any such warnings/errors that arise.
3. Make sure the `./test_{kem|sig}` works and includes your algorithm.
4. Check that `./speed_{kem|sig}` works, includes your algorithm, and that the performance is inline with the expected performance documented in the submission.
5. For each algorithm (`potato_512`, ...), create a corresponding file `src/{kem|sig}/potato/potato_512.kat` containing the **first** known answer test response values from the NIST submission. Make sure that `./kat_{kem|sig}` generates the corresponding file under `kat_{kem|sig}_rsp`, and then run `scripts/check_kats.sh` to check that the KATs match.
6. Do a `git commit`.
7. Run `make prettyprint` to reformat non-upstream `.c` and `.h` files according to our coding conventions. We use clang-format version 3.9. (Unfortunately, different versions of clang-format may produce different results with the same configuration file, so you must use clang-format version 3.9).
- To install and use clang-format 3.9 on Ubuntu:
- Try `sudo apt install clang-format-3.9`
- If that doesn't work, try the following:
1. `sudo add-apt-repository 'deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main'`
2. `wget -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo apt-key add -`
3. `sudo apt-get update -qq `
4. `sudo apt-get install -qq -y clang-format-3.9`
- You may have to run with `make prettyprint CLANGFORMAT=clang-format-3.9`.
- To install and use clang-format 3.9 on macOS using brew:
1. `brew unlink clang-format`
2. `brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/0c4314c499576b28e4c082b591228a8f940954c0/Formula/clang-format.rb`
3. `brew switch clang-format 2016-06-27`
8. Check any changes made by the pretty-printer to ensure the meaning of the code did not change.
9. Do a `git commit`.
### Continuous Integration (CI)
### Documentation
`liboqs` uses GitHub Actions for CI.
For a comprehensive overview of our CI setup, see [CI.md](CI.md).
1. Add an algorithm datasheet in `docs/algorithms` for your module (`{kem|sig}_potato.md`) containing information about each algorithm (`{kem|sig}_potato_512`, ...) following the examples in the other files in this directory. You may find the online Markdown table generator at http://www.tablesgenerator.com/markdown_tables helpful -- you can paste Markdown in, graphically edit, and then copy Markdown out.
2. Do a `git commit`.
#### Running CI on your branch
### Submitting
OQS attempts to be responsible with resource usage and only runs a minimal set of tests automatically on push.
A more thorough test suite runs automatically on pull requests.
To trigger these tests before creating a PR, include the string "[full tests]" in a commit message.
Other trigger strings are documented in [CI.md](CI.md#push.yml).
1. Run `make pre-push` to run (almost) all of the the tests that our continuous integration system will run. Fix any warnings or errors before continuing.
2. Make a pull request against `nist-branch` on Github.
3. Add the `nist-branch` label and the `not ready for merge` label.
4. Submitting a pull request will activate the Travis continuous integration build system, which builds liboqs on a variety of platforms. Depending on the time of day and the load on Travis, the build may complete within a few minutes or be queued for sometimes up to an hour.
5. Once the Travis build is complete, check the status of the build. If it failed, click on the red X, see which build targets failed, and check the logs to try to identify the problem so you can fix it. Common reasons for Travis build failures include:
- prettyprint inconsistencies
- non-namespaced global symbols
- compiler warnings in the non-upstream files treated as errors
6. Once your pull request is passing Travis builds, remove the `not ready for merge` label, and request a review from one of the team (either `dstebila` or `smashra`).
7. We'll review the code, test out the build, and follow up with you via comments on the pull request page.
#### Running CI locally
Thanks for contributing to liboqs!
[Act](https://github.com/nektos/act) is a tool facilitating local execution of
GitHub CI jobs. When executed in the main `liboqs` directory,
Troubleshooting
---------------
act -l Displays all GitHub CI jobs
act -j some-job Executes "some-job"
- If you find that the KAT values generated by `kat_kem` don't match the original KAT values, it may be that the wrong RNG is being used. Each NIST submission usually includes its own rng.c file following the NIST API. You need to remove this file from the upstream code (or at least not build it). liboqs supplies an implementation of `randombytes` (see `src/common/rand.h`) that is a properly seeded cryptographic RNG when run in the context of programs like `test_kem`, but in programs like `kat_kem` is mapped to the deterministic RNG provided by NIST for generating the KAT files.
When installing `act` as a GitHub extension, prefix the commands with `gh `.
## Modifications to CI
Modifications to GitHub Actions workflows are checked with [actionlint](https://github.com/rhysd/actionlint) during the [basic.yml](.github/workflows/basic.yml) job, protecting the CI chain and against wrong approval decisions based on improper CI runs. Changes to these workflows can be validated locally with `actionlint`:
```bash
actionlint .github/workflows/*.yml
```
or running the CI locally (as above):
```bash
act workflow_call -W '.github/workflows/basic.yml'
```
### New features
Any PR introducing a new feature is expected to contain a test of this feature
and this test should be part of the CI pipeline.
## Failsafe
If you feel your contribution is not getting proper attention, please be sure to
add a tag to one or more of our [most active contributors](https://github.com/open-quantum-safe/liboqs/graphs/contributors).
## Issues to start working on
If you feel like contributing but don't know what specific topic to work on,
please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).
You can also take a look at the [contribution wishlist](https://github.com/open-quantum-safe/liboqs/wiki/Contribution-wishlist) for more substantial contributions we are interested in.

42
CONTRIBUTORS Normal file
View File

@ -0,0 +1,42 @@
Nicholas Allen (Amazon Web Services)
Maxime Anvari
Michael Baentsch
Zane Beckwith (SandboxAQ)
HY Chang
Vitaly Chikunov
Eric Crockett (Amazon Web Services)
Nir Drucker
Ben Davies (University of Waterloo)
Javad Doliskani (University of Waterloo)
Ted Eaton (University of Waterloo)
Nicholas Fulton (Arizona State University)
Vlad Gheorghiu (softwareQ Inc., University of Waterloo)
Jason Goertzen (University of Waterloo)
Shay Gueron (Amazon Web Services)
Torben Hansen (Royal Holloway University of London)
Basil Hess (IBM Research)
Kevin Kane (Microsoft Research)
Nikita Karpey (https://github.com/gadoofou87)
Dusan Kostic (Amazon Web Services)
Piotr Kubaj (Intel)
Tancrède Lepoint (SRI International)
Shravan Mishra (University of Waterloo)
Christian Paquin (Microsoft Research)
Alex Parent (University of Waterloo)
Sebastian Ramacher (Austrian Institute of Technology)
John Schanck (University of Waterloo)
Peter Schwabe (Radboud University Nijmegen)
Dimitris Sikeridis (University of New Mexico, Cisco Systems)
Douglas Stebila (University of Waterloo)
Goutam Tamvada (University of Waterloo)
John Underhill
Karolin Varner
Sebastian Verschoor (University of Waterloo)
Thom Wiggers (Radboud University)
Dindyal Jeevesh Rishi (University of Mauritius / cyberstorm.mu)
Duc Tri Nguyen
Marco Gianvecchio (Politecnico di Milano)
Alessandro Barenghi (Politecnico di Milano)
Gerardo Pelosi (Politecnico di Milano)
See additional contributors at https://github.com/open-quantum-safe/liboqs/graphs/contributors

124
GOVERNANCE.md Normal file
View File

@ -0,0 +1,124 @@
# Governance
## Basic principles
The Open Quantum Safe project aims to operate by the following principles:
- **Openness**: The project will be open in its operation, open to contributions, and produce open source software.
- **Respect**: The project will foster respectful interactions with all participants.
- **Scientific integrity**: The project will follow advancements in cryptographic research and will be guided by standards and best practices.
Decision making in the project will follow the principles above, and be governed first and foremost by reason and mutually respectful interaction between all participants.
The project will aim to build consensus for decisions, and will where possible operate by the approach of [lazy consensus](https://community.apache.org/committers/decisionMaking.html).
If decisions cannot be reached using lazy consensus, voting will be used to come to a resolution.
## Community and Roles
The OQS community is open to all who would like to participate in the project following its principles, including academic, industry, public sector, and individual contributors.
The following roles exist in the project:
### Users
A **User** is a person or organization using software produced by the project.
Responsibilities:
- Abide by the [license](LICENSE.txt)
- Consider participating in the project!
### Community Members
A **Community Member** is a User who interacts with the project, for example by participating in discussions on Github or mailing lists, or in project meetings.
Responsibilities:
- Follow the [code of conduct](CODE_OF_CONDUCT.md)
### Contributors
A **Contributor** is a Community Member who contributes directly to the project by submitting code or documentation, or actively participating in issues or pull requests on Github.
### Committers
A **Committer** is a Contributor with increased experience in the project who helps review pull requests and actively participates in discussions about the project. Committers will be members of the open-quantum-safe GitHub organization and will have "write" permissions in GitHub.
Responsibilities:
- Further the goals of the project.
- Monitor and respond to GitHub issues.
- Review and merge pull requests.
- Assist with security releases when required.
- Participate in discussions and project meetings.
### Maintainers
A **Maintainer** is a Committer who makes significant and sustained contributions to the project, and is committed to guiding the direction of the project. Maintainers will have "administrative" permissions in GitHub.
Responsibilities:
- Oversee the overall project health and growth.
- Lead communication for the project.
- Define general and technical guidelines for the project.
- Identify priorities and manage the release cycle.
### Change of role
Any Community Member may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers.
Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers.
As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice from Committers/Maintainers as to what they can do to obtain this role. Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer.
Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers.
A Maintainer is not permitted to remove another Maintainer's GitHub privileges.
A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected.
Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetoes that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree.
Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees.
### Leave of absence
Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below. At the end of this time period, the Committer automatically regains their voting rights.
A leave of absence may not be longer than a year. If the Committer needs to be away for longer than that, they must step down from that role unconditionally, and regaining that role becomes subject of normal procedures to become Committer, as described in ["Change of role"](#change-of-role) above.
## Voting
Change of role or changes to this document is subject to voting.
Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period.
## Current Maintainers and Committers
### Maintainers
@baentsch (on leave of absence as of March 11, 2025)
@dstebila
@SWilson4
### Committers
@baentsch (on leave of absence as of March 11, 2025)
@bhess
@christianpaquin
@dstebila
@Martyrshot
@praveksharma
@SWilson4
@vsoftco
## Former Maintainers and Committers
OQS is grateful to the following individuals who have previously served as Maintainers or Committers for liboqs.
### Former Committers
@jschanck
## Afterword
*This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md).

10
LICENSE.txt
View File

@ -1,12 +1,10 @@
The MIT license, the text of which is below, applies to liboqs in general.
liboqs includes some third party libraries or modules that may be licensed
differently. All third-party code is contained in directories labelled
`upstream`, and each such directory contains a license file indicating the
license that applies to code in that directory.
liboqs includes some third party libraries or modules that are licensed
differently; the corresponding subfolder contains the license that applies in
that case.
Copyright (c) 2016-2018 Open Quantum Safe project
Copyright (c) 2016-2024 The Open Quantum Safe project authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

222
Makefile
View File

@ -1,222 +0,0 @@
# THESE SHOULD BE THE ONLY OPTIONS TO BE CONFIGURED BY THE PERSON COMPILING
KEMS_TO_ENABLE?=frodokem_640_aes frodokem_640_cshake frodokem_976_aes frodokem_976_cshake \
newhope_512_cca_kem newhope_1024_cca_kem \
kyber512 kyber768 kyber1024 \
bike1_l1 bike1_l3 bike1_l5 \
bike2_l1 bike2_l3 bike2_l5 \
bike3_l1 bike3_l3 bike3_l5 \
sike_p503, sike_p751 \
BIG_QUAKE_1 BIG_QUAKE_3 BIG_QUAKE_5 \
ledakem_C1_N02 ledakem_C1_N03 ledakem_C1_N04 \
ledakem_C3_N02 ledakem_C3_N03 ledakem_C3_N04 \
ledakem_C5_N02 ledakem_C5_N03 ledakem_C5_N04 \
saber_light_saber_kem saber_saber_kem saber_fire_saber_kem \
lima_2p_1024_cca_kem lima_2p_2048_cca_kem lima_sp_1018_cca_kem lima_sp_1306_cca_kem lima_sp_1822_cca_kem lima_sp_2062_cca_kem # EDIT-WHEN-ADDING-KEM
KEM_DEFAULT?=newhope_1024_cca_kem
SIGS_TO_ENABLE?=qTESLA_I qTESLA_III_size qTESLA_III_speed qTESLA_p_I qTESLA_p_III \
picnic_L1_FS picnic_L1_UR picnic_L3_FS picnic_L3_UR picnic_L5_FS picnic_L5_UR # EDIT-WHEN-ADDING-SIG
SIG_DEFAULT?=qTESLA_I
ARCH?=x64
# x64 OR x86
#Currently checking CPUID only on Linux machines this
#Should be extended to other system in the future.
DETECTED_OS = $(shell uname -s)
ifeq ($(DETECTED_OS), Linux)
AVX_SUPPORT = $(shell grep avx /proc/cpuinfo)
AVX2_SUPPORT = $(shell grep avx2 /proc/cpuinfo)
AVX512_SUPPORT = $(shell grep avx512 /proc/cpuinfo)
export AVX_SUPPORT
export AVX2_SUPPORT
export AVX512_SUPPORT
endif
PREFIX?=usr_local
PREFIX_INCLUDE?=$(PREFIX)/include
PREFIX_LIB?=$(PREFIX)/lib
CC?=gcc
OPENSSL_INCLUDE_DIR?=/usr/local/opt/openssl/include
OPENSSL_LIB_DIR?=/usr/local/opt/openssl/lib
CFLAGS+= -fPIC
LDFLAGS?=
CLANGFORMAT?=clang-format
# NOTHING AFTER THIS SHOULD NEED TO BE CHANGED BY THE PERSON COMPILING
ENABLE_KEMS= # THIS WILL BE FILLED IN BY INDIVIDUAL KEMS' MAKEFILES IN COMBINATION WITH THE ARCHITECTURE
ENABLE_SIGS= # THIS WILL BE FILLED IN BY INDIVIDUAL SIGS' MAKEFILES IN COMBINATION WITH THE ARCHITECTURE
CFLAGS+=-O2 -std=c99 -Iinclude -I$(OPENSSL_INCLUDE_DIR) -Wno-unused-function -Werror -Wpedantic -Wall -Wextra
ifeq ($(arch), "x64")
CFLAGS+= -arch x86_64
endif
ifeq ($(DETECTED_OS), Linux)
BINUTILS_VER=$(shell ld -v | grep -o "[0-9][0-9]*.[0-9][0-9]*")
ifneq (,$(BINUTILS_VER))
ifeq ($(shell expr $(BINUTILS_VER) \>= 2.26), 1)
SUPPORTED_BINUTILS=1
export SUPPORTED_BINUTILS
CFLAGS+=-DSUPPORTED_BINUTILS=1
endif
#Allow AVX optimizations only if a relevant binutils is being in use.
ifneq (,$(AVX512_SUPPORT))
CFLAGS+=-DAVX512
else ifneq (,$(AVX2_SUPPORT))
CFLAGS+=-DAVX2
else ifneq (,$(AVX_SUPPORT))
CFLAGS+=-DAVX
endif
endif
endif
LDFLAGS+=-L$(OPENSSL_LIB_DIR) -lcrypto -lm
KECCAK_INCLUDE_DIR=vendor/KeccakCodePackage-master/bin/generic64
KECCAK_LIB_DIR=vendor/KeccakCodePackage-master/bin/generic64
all: liboqs tests speeds kats examples
OBJECT_DIRS=
TO_CLEAN=liboqs.a
include src/common/Makefile
include src/kem/Makefile
include src/sig/Makefile
HEADERS=src/oqs.h $(HEADERS_COMMON) $(HEADERS_KEM) $(HEADERS_SIG)
OBJECTS=$(OBJECTS_COMMON) $(OBJECTS_KEM) $(OBJECTS_SIG)
mkdirs:
mkdir -p $(OBJECT_DIRS)
mkdir -p .objs_upstream
DATE=`date`
UNAME=`uname -a`
CC_VERSION=`$(CC) --version | tr '\n' ' '`
config_h:
$(RM) -r src/config.h
touch src/config.h
echo "/**" >> src/config.h
echo " * @file config.h" >> src/config.h
echo " * @brief Pre-processor macros indicating compile-time options." >> src/config.h
echo " */" >> src/config.h
$(foreach ENABLE_KEM, $(ENABLE_KEMS), echo "/** Preprocessor macro indicating KEM $(ENABLE_KEM) is enabled. */" >> src/config.h; echo "#define OQS_ENABLE_KEM_$(ENABLE_KEM)" >> src/config.h;)
$(foreach ENABLE_SIG, $(ENABLE_SIGS), echo "/** Preprocessor macro indicating SIG $(ENABLE_SIG) is enabled. */" >> src/config.h; echo "#define OQS_ENABLE_SIG_$(ENABLE_SIG)" >> src/config.h;)
echo "/** Preprocessor macro setting the default KEM to $(KEM_DEFAULT). */" >> src/config.h
echo "#define OQS_KEM_DEFAULT OQS_KEM_alg_$(KEM_DEFAULT)" >> src/config.h
echo "/** Preprocessor macro setting the default SIG to $(SIG_DEFAULT). */" >> src/config.h
echo "#define OQS_SIG_DEFAULT OQS_SIG_alg_$(SIG_DEFAULT)" >> src/config.h
echo "/** Date on which liboqs was compiled. */" >> src/config.h
echo "#define OQS_COMPILE_DATE \"$(DATE)\"" >> src/config.h
echo "/** Compiler command used to compile liboqs. */" >> src/config.h
echo "#define OQS_COMPILE_CC \"$(CC)\"" >> src/config.h
echo "/** Compiler version used to compile liboqs. */" >> src/config.h
echo "#define OQS_COMPILE_CC_VERSION \"$(CC_VERSION)\"" >> src/config.h
echo "/** CFLAGS version used to compile liboqs. */" >> src/config.h
echo "#define OQS_COMPILE_CFLAGS \"$(CFLAGS)\"" >> src/config.h
echo "/** LDFLAGS version used to compile liboqs. */" >> src/config.h
echo "#define OQS_COMPILE_LDFLAGS \"$(LDFLAGS)\"" >> src/config.h
echo "/** List of KEMs enabled at compile time. */" >> src/config.h
echo "#define OQS_COMPILE_ENABLE_KEMS \"$(ENABLE_KEMS)\"" >> src/config.h
echo "/** List of SIGs enabled at compile time. */" >> src/config.h
echo "#define OQS_COMPILE_ENABLE_SIGS \"$(ENABLE_SIGS)\"" >> src/config.h
echo "/** Which KEM is mapped to the default (OQS_KEM_alg_default). */" >> src/config.h
echo "#define OQS_COMPILE_KEM_DEFAULT \"$(KEM_DEFAULT)\"" >> src/config.h
echo "/** Which SIG is mapped to the default (OQS_SIG_alg_default). */" >> src/config.h
echo "#define OQS_COMPILE_SIG_DEFAULT \"$(SIG_DEFAULT)\"" >> src/config.h
echo "/** Platform on which liboqs was compiled. */" >> src/config.h
echo "#define OQS_COMPILE_UNAME \"$(UNAME)\"" >> src/config.h
headers: config_h mkdirs
$(RM) -r include
mkdir -p include/oqs
cp $(HEADERS) src/config.h include/oqs
libkeccak:
bash scripts/build-keccak-code-package.sh
$(RM) -rf .objs/keccak
mkdir -p .objs/keccak
cd .objs/keccak && ar x ../../vendor/KeccakCodePackage-master/bin/generic64/libkeccak.a
liboqs: libkeccak headers $(OBJECTS) $(UPSTREAMS)
$(RM) -f liboqs.a
ar rcs liboqs.a `find .objs -name '*.a'` `find .objs -name '*.o'`
gcc -shared -o liboqs.so `find .objs -name '*.a'` `find .objs -name '*.o'` -lcrypto
TEST_PROGRAMS=test_kem test_kem_shared test_sig test_sig_shared
$(TEST_PROGRAMS): liboqs
tests: $(TEST_PROGRAMS)
KAT_PROGRAMS=kat_kem kat_sig
$(KAT_PROGRAMS): liboqs
kats: $(KAT_PROGRAMS)
test: tests
./test_kem
./test_sig
kat: kats
./kat_kem
./kat_sig
scripts/check_kats.sh
SPEED_PROGRAMS=speed_kem speed_sig
$(SPEED_PROGRAMS): liboqs
speeds: $(SPEED_PROGRAMS)
speed: speeds
./speed_kem --info
./speed_sig --info
EXAMPLE_PROGRAMS=example_kem example_sig
$(EXAMPLE_PROGRAMS): liboqs
examples: $(EXAMPLE_PROGRAMS)
docs: headers
mkdir -p docs/doxygen
doxygen docs/.Doxyfile
install:
@if [[ $(PREFIX) == "usr_local" ]] ; then echo "Installing to `pwd`/$(PREFIX). Override by running 'make install PREFIX=<destination>'."; fi
mkdir -p $(PREFIX_INCLUDE)
mkdir -p $(PREFIX_LIB)
$(RM) -r $(PREFIX_INCLUDE)/oqs
$(RM) $(PREFIX_LIB)/liboqs.a
$(RM) $(PREFIX_LIB)/liboqs.so
cp -r include/oqs $(PREFIX_INCLUDE)
cp liboqs.a $(PREFIX_LIB)
cp liboqs.so $(PREFIX_LIB)
clean:
$(RM) -r includes
$(RM) -r .objs
$(RM) -r *.dSYM
$(RM) -r kat_kem_rsp kat_sig_rsp
$(RM) -r .objs_upstream
$(RM) liboqs.a liboqs.so
$(RM) $(TO_CLEAN)
$(RM) $(TEST_PROGRAMS)
$(RM) $(KAT_PROGRAMS)
$(RM) $(SPEED_PROGRAMS)
$(RM) $(EXAMPLE_PROGRAMS)
$(RM) -r docs/doxygen
$(RM) -r vendor/KeccakCodePackage-master
check_namespacing: all
.travis/global-namespace-check.sh
prettyprint:
find src -name '*.c' -o -name '*.h' | grep -v upstream | xargs $(CLANGFORMAT) -style=file -i
pre-push:
ARCH=x64 CC_OVERRIDE=gcc .travis/all-tests.sh

68
PLATFORMS.md Normal file
View File

@ -0,0 +1,68 @@
# Supported platforms
This file documents the different platforms supported by `liboqs` and therefore defines three different support tiers:
## Support tiers
This classification is roughly based on the [rust platform support tier classification](https://doc.rust-lang.org/beta/rustc/platform-support.html):
### Tier 1
Tier 1 targets can be thought of as "guaranteed to work". The CI system builds and tests binary versions for each tier 1 target to make sure any change does not negatively affect those platforms. Platform-specific build documentation must exist. Tier 1 targets marked with a dagger (†) are additionally tested for constant-time behaviour. The CI system contains automated constant-time testing for each of these starred targets, and all failures are documented in the `tests/constant_time` directory. IMPORTANT: This does not mean that constant-time behaviour is guaranteed on these targets, or that non-constant-time behaviour is limited to documented exceptions. It does, however, mean that `liboqs` developers should track constant-time issues on these platforms.
Tier 1 platforms are also prioritized for security support, as per the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md).
### Tier 2
Tier 2 targets can be thought of as "guaranteed to build". The `liboqs` CI system contains builds for each tier 2 target; testing may or may not be available (typically depending on CI system platform availability). Therefore, tier 2 targets often work to quite a good degree and patches are always welcome! Tier 2 targets may also have known deficiencies caused by a lack of expertise to fix those on a given platform. Again, help and PRs to move platforms from tier 2 to tier 1 are always welcome.
### Tier 3
Tier 3 targets are those which the `liboqs` codebase has support for, but which the CI system does not build or test automatically, so they may or may not work. Platform-specific build documentation should exist.
## Platform tier policy
Tier 2 and tier 1 targets place work on `liboqs` core project developers as a whole, to avoid breaking the target. The broader `liboqs` community may also feel more inclined to support higher-tier targets in their work. Thus, these tiers require commensurate and ongoing efforts from the maintainers of the target, to demonstrate value and to minimize any disruptions to ongoing `liboqs` development.
This policy defines the requirements for accepting a proposed target at a given level of support.
Each tier builds on all the requirements from the previous tier, unless overridden by a stronger requirement.
Change of tier is subject to approval by the `liboqs` technical governance team. This team is responsible for reviewing and evaluating the target, based on these requirements and their own judgment. The tea may apply additional requirements, including subjective requirements, such as to deal with issues not foreseen by this policy. (Such requirements may subsequently motivate additions to this policy.)
While these criteria attempt to document the policy, that policy still involves human judgment. Targets must fulfill the spirit of the requirements as well, as determined by the judgment of the approving team. Reviewers and team members evaluating targets and target-specific patches should always use their own best judgment regarding the quality of work, and the suitability of a target for the `liboqs` project. Neither this policy nor any decisions made regarding targets shall create any binding agreement or estoppel by any party.
Before filing an issue or pull request (PR) to introduce or promote a target, the target should already meet the corresponding tier requirements. This does not preclude an existing target's maintainers using issues (on the `liboqs` repository or otherwise) to track requirements that have not yet been met, as appropriate; however, before officially proposing the introduction or promotion of a target, it should meet all of the necessary requirements. A target proposal must quote the corresponding requirements verbatim and respond to them as part of explaining how the target meets those requirements. (For the requirements that simply state that the target or the target developers must not do something, it suffices to acknowledge the requirement.)
Several parts of this policy require providing target-specific documentation. Such documentation should typically appear in a subdirectory of the platform-support section of the `liboqs` manual, with a link from the target's entry in platform support.
Note that a target must have already received approval for the next lower tier, and spent a reasonable amount of time at that tier, before making a proposal for promotion to the next higher tier; this is true even if a target meets the requirements for several tiers at once. This policy leaves the precise interpretation of "reasonable amount of time" up to the approving team; the team may scale the amount of time required based on their confidence in the target and its demonstrated track record at its current tier. At a minimum, multiple stable releases of `liboqs` should typically occur between promotions of a target.
The availability or tier of a target in stable `liboqs` is not a hard stability guarantee about the future availability or tier of that target. Higher-level target tiers are an increasing commitment to the support of a target, and we will take that commitment and potential disruptions into account when evaluating the potential demotion or removal of a target that has been part of a stable release. The promotion or demotion of a target will not generally affect existing stable releases, only current development and future releases.
In this policy, the words "must" and "must not" specify absolute requirements that a target must meet to qualify for a tier. The words "should" and "should not" specify requirements that apply in almost all cases, but for which the approving teams may grant an exception for good reason. The word "may" indicates something entirely optional, and does not indicate guidance or recommendations. This language is based on [IETF RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## Platforms supported
### Tier 1
- x86_64/amd64/x64 for Ubuntu Linux (Noble)†
- x86_64/amd64/x64 for MacOS (XCode 15)
- aarch64 for Ubuntu (Noble)
- aarch64 for MacOS (XCode 15 and 16)
### Tier 2
- x86_64/amd64/x64 for Windows (Visual Studio Toolchain) 2022 and 2025
- armeabi-v7a, arm64-v8a, x86, x86_64 for Android
- aarch64 for Apple iOS and tvOS (CMake `-DPLATFORM=OS64` and `TVOS`)
- arm64, arm (32 bit), x86, x86_64, riscv32, riscv64 for Zephyr
- armhf/ARM7 emulation on Ubuntu
### Tier 3
- x86 for Windows (Visual Studio Toolchain)
- ppc64le for Ubuntu (Focal)
- s390x for Ubuntu (Focal)
- loongarch64 for Debian Linux (trixie)
- NVIDIA GPU architectures 70, 75, 80, 86, 89, and 90 with a x86_64 CPU for Linux

286
README.md
View File

@ -1,180 +1,238 @@
liboqs - nist-branch
====================
liboqs
======================
liboqs is a C library for quantum-resistant cryptographic algorithms. This branch of liboqs focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project.
[![Main Branch Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml)
[![Weekly Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml)
[![Coverage Status](https://coveralls.io/repos/github/open-quantum-safe/liboqs/badge.svg?branch=main)](https://coveralls.io/github/open-quantum-safe/liboqs?branch=main)
Overview
--------
liboqs is an open source C library for quantum-safe cryptographic algorithms.
The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography.
- [liboqs](#liboqs)
- [Overview](#overview)
- [Status](#status)
- [Supported Algorithms](#supported-algorithms)
- [Key encapsulation mechanisms](#key-encapsulation-mechanisms)
- [Signature schemes](#signature-schemes)
- [Stateful signature schemes](#stateful-signature-schemes)
- [Limitations and Security](#limitations-and-security)
- [Platform limitations](#platform-limitations)
- [Support limitations](#support-limitations)
- [Quickstart](#quickstart)
- [Linux and Mac](#linux-and-mac)
- [Windows](#windows)
- [Cross compilation](#cross-compilation)
- [Documentation](#documentation)
- [Contributing](#contributing)
- [License](#license)
- [Acknowledgements](#acknowledgements)
**liboqs** is an open source C library for quantum-resistant cryptographic algorithms. liboqs provides:
## Overview
- a common API for post-quantum key encapsulation mechanisms and digital signature schemes
- a collection of open source implementations of post-quantum cryptography algorithms
liboqs provides:
- a collection of open source implementations of quantum-safe key encapsulation mechanisms (KEMs) and digital signature algorithms; the full list can be found [below](#supported-algorithms)
- a common API for these algorithms
- a test harness and benchmarking routines
The OQS project also provides prototype integrations into application-level protocols to enable testing of quantum-resistant cryptography.
liboqs is part of the **Open Quantum Safe (OQS)** project, which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into protocols like TLS, X.509, and S/MIME, through our [OpenSSL 3 Provider](https://github.com/open-quantum-safe/oqs-provider) and we provide a variety of other [post-quantum-enabled demos](https://github.com/open-quantum-safe/oqs-demos).
More information on OQS can be found on our website: [https://openquantumsafe.org/](https://openquantumsafe.org/).
The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/). More information about the Open Quantum Safe project can be found at [openquantumsafe.org](https://openquantumsafe.org/).
nist-branch
-----------
OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
This branch of liboqs aims to non-selectively incorporate submissions to the NIST Post-Quantum Cryptography project for the purposes of benchmarking and integration into a common API for liboqs-reliant applications.
## Status
This branch takes a "light touch" approach to incorporation:
### Supported Algorithms
- Source code from a NIST submission will be included ideally with no changes, in an "upstream" subdirectory.
- A thin wrapper will be written to provide the implementation using the liboqs API.
- The implementation will be added to the build process.
- To avoid namespace collisions between different algorithms, symbol renaming will be used on the compiled files.
Details on each supported algorithm can be found in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
For a list of algorithms included in nist-branch, see the datasheets in [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/nist-branch/docs/algorithms).
The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
Limitations and security
------------------------
The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/final) (final standard) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes.
liboqs is designed for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.
Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. liboqs does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.
All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes available a [selection mechanism for algorithms on the NIST standards track, continued NIST competition, or purely experimental nature by way of the configuration variable OQS_ALGS_ENABLED](CONFIGURE.md#oQS_ALGS_ENABLED). By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
We acknowledge that some parties may want to begin deploying post-quantum cryptography prior to the conclusion of the NIST standardization project. We strongly recommend that any attempts to do make use of so-called **hybrid cryptography**, in which post-quantum public-key algorithms are used alongside traditional public key algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional cryptography.
<!-- OQS_TEMPLATE_FRAGMENT_ALG_SUPPORT_START -->
#### Key encapsulation mechanisms
| Algorithm family | Standardization status | Primary implementation |
|:-------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------|
| BIKE | Not selected by [NIST](https://bikesuite.org/files/v5.1/BIKE_Spec.2022.10.10.1.pdf) | [`awslabs/bike-kem`](https://github.com/awslabs/bike-kem) |
| Classic McEliece | Under [ISO](https://classic.mceliece.org/iso.html) consideration | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| FrodoKEM | Under [ISO](https://frodokem.org/) consideration | [`microsoft/PQCrypto-LWEKE@b6609d3`](https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2) |
| HQC | Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf) for upcoming standardization | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| Kyber | Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Kyber-Round3.zip) as basis for ML-KEM (FIPS 203) | [`pq-crystals/kyber@441c051`](https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc) |
| ML-KEM | Standardized by [NIST](https://csrc.nist.gov/pubs/fips/203/final) | [`pq-code-package/mlkem-native@048fc2a`](https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa) |
| NTRU | Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Round3.zip), under standardization consideration by [NTT](https://info.isl.ntt.co.jp/crypt/ntru/index.html) | [`PQClean/PQClean@4c9e5a3`](https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6) |
| NTRU-Prime | Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Prime-Round3.zip) | [`PQClean/PQClean@4c9e5a3`](https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6) |
liboqs is provided "as is", without warranty of any kind. See [LICENSE.txt](https://github.com/open-quantum-safe/liboqs/blob/nist-branch/LICENSE.txt) for the full disclaimer.
#### Signature schemes
| Algorithm family | Standardization status | Primary implementation |
|:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------|
| CROSS | Under [NIST](https://www.cross-crypto.com/CROSS_Specification_v2.2.pdf) consideration | [`CROSS-signature/CROSS-lib-oqs@c8f7411`](https://github.com/CROSS-signature/CROSS-lib-oqs/commit/c8f7411fed136f0e37600973fa3dbed53465e54f) |
| Falcon | Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Falcon-Round3.zip) for upcoming standardization | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| MAYO | Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/mayo-spec-round2-web.pdf) consideration | [`PQCMayo/MAYO-C@4b7cd94`](https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807) |
| ML-DSA | Standardized by [NIST](https://csrc.nist.gov/pubs/fips/204/final) | [`pq-crystals/dilithium@444cdcc`](https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2) |
| SLH-DSA | [Standardized by NIST](https://csrc.nist.gov/pubs/fips/205/final) | [`pq-code-package/slhdsa-c@a0fc1ff`](https://github.com/pq-code-package/slhdsa-c/commit/a0fc1ff253930060d0246aebca06c2538eb92b88) |
| SNOVA | Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/snova-spec-round2-web.pdf) consideration | [`vacuas/SNOVA@1c3ca6f`](https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff) |
| SPHINCS+ | Selected by [NIST](https://sphincs.org/data/sphincs+-r3.1-specification.pdf) as basis for SLH-DSA (FIPS 205) | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| UOV | Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/uov-spec-round2-web.pdf) consideration | [`pqov/pqov@7e0832b`](https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb) |
In addition, implementations that we have included on this nist-branch of liboqs have received no quality control or vetting by OQS. **THE NIST-BRANCH OF LIBOQS SHOULD BE USED EXCLUSIVELY FOR EXPERIMENTATION AND PROTOTYPING, AND SHOULD NEVER BE USED IN ANY PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.**
#### Stateful signature schemes
| Algorithm family | Standardization status | Primary implementation |
|:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------|
| LMS | Standardized by [IRTF](https://www.rfc-editor.org/info/rfc8554), approved by [NIST](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf) | [`cisco/hash-sigs`](https://github.com/cisco/hash-sigs) |
| XMSS | Standardized by [IRTF](https://www.rfc-editor.org/info/rfc8391), approved by [NIST](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf) | [`XMSS/xmss-reference`](https://github.com/XMSS/xmss-reference) |
<!-- OQS_TEMPLATE_FRAGMENT_ALG_SUPPORT_END -->
Acceptance criteria for nist-branch
-----------------------------------
Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments. For more information, consult the algorithm information sheets in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
- **Algorithmic requirements:**
- Any algorithm accepted as a full and complete submission to round 1 of the NIST Post-Quantum Cryptography project is eligible for inclusion.
- Algorithms whose security is considered effectively broken are not eligible for addition; see the Lifecycle section below for conditions on their removal.
- KEMs can be IND-CPA or IND-CCA-secure, at any NIST security level.
- Signature schemes can be EUF-CMA-secure, at any NIST security level.
- **Targets**:
- **Operating systems:** The code must build on Linux and macOS.
- **Architecture:** The code must build at least on x64. Targets are currently provided for x86. We plan to add an AVX2 target, and possibly others.
- **Source code requirements:**
- The source code can be from the original submission, or can be an updated version.
- **License:** Source code licensed under the MIT License, the BSD license, or in the public domain can be directly incorporated into the repository. GPL code will not be included in the repository, but a wrapper to the OQS API may be included, as well as a script that downloads and compiles in GPL code if the algorithm is requested at compile-time.
- **Code quality:** Given the "light touch" philosophy of nist-branch, we have no requirements on source code quality, other than that it compile on the targets.
### Limitations and Security
Contributing
------------
While at the time of this writing there are no vulnerabilities known in any of the quantum-safe algorithms used in this library, caution is advised when deploying quantum-safe algorithms as most of the algorithms and software have not been subject to the same degree of scrutiny as for currently deployed algorithms. Particular attention should be paid to guidance provided by the standards community, especially from the NIST [Post-Quantum Cryptography Standardization](https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization) project. As research advances, the supported algorithms may see rapid changes in their security, and may even prove insecure against both classical and quantum computers. Moreover, note that the `sntrup761` is only included for interop testing.
Contributions that meet the acceptance criteria above are gratefully welcomed. See <a href="https://github.com/open-quantum-safe/liboqs/blob/nist-branch/CONTRIBUTING.md">CONTRIBUTING.md</a> for details on contributing an implementation.
liboqs does not intend to "pick winners": algorithm support is informed by the NIST PQC standardization project. We strongly recommend that applications and protocols rely on the outcomes of this effort when deploying post-quantum cryptography.
Lifecycle for nist-branch
-------------------------
We realize some parties may want to deploy quantum-safe cryptography prior to the conclusion of the NIST PQC standardization project. We strongly recommend such attempts make use of so-called **hybrid cryptography**, in which quantum-safe public-key algorithms are used alongside traditional public key algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional cryptography.
**Release cycle:** We aim to tag monthly snapshot of nist-branch, released around the end of each month. Plans for each individual snapshot release can be found on our [Github projects board](https://github.com/open-quantum-safe/liboqs/projects/).
**WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.** This library is meant to help with research and prototyping. While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use.
**Algorithm deprecation:** If an algorithm in nist-branch is found to be insecure in month $X$, a compile-time warning will be added in the tagged snapshot for month $X+1$, and it may be removed in month $X+2$.
Please see [SECURITY.md](SECURITY.md#security-policy) for details on how to report a vulnerability and the OQS vulnerability response process.
**Algorithm compatibility:** Algorithm implementations on nist-branch may be updated at any time. This may cause changes in runtime or even a change in the message generation and processing. Thus, no guarantees are made for compatibility of messages exchange between different snapshots of nist-branch.
#### Platform limitations
**API stability:** The public API of liboqs nist-branch is considered to be the functions in `oqs/common.h`, `oqs/config.h`, `oqs/kem.h`, `oqs/rand.h`, and `oqs/sig.h`. For the first few snapshot releases of nist-branch, this API should be considered in draft.
In order to optimize support effort,
- not all algorithms are equally well supported on all platforms. In case of questions, it is first advised to review the [documentation files for each algorithm](docs/algorithms).
- not all compilers are equally well supported. For example, at least v7.1.0 of the GNU compiler is required.
**Binary compatibility:** No guarantees are made for binary compatibility between different snapshots of nist-branch.
#### Support limitations
Building and running liboqs nist-branch
---------------------------------------
This project is not commercially supported. All guidelines and goals for liboqs are reflections of current practices, executed by a community of academic, part-time, and/or voluntary contributors on a best-effort basis and may change at any time. Any entity seeking more reliable commitments is strongly encouraged to join the OQS community and thus enhance the code and support that the community can provide.
[Build status using Travis continuous integration system:](https://travis-ci.org/open-quantum-safe/liboqs/branches) ![Build status image](https://travis-ci.org/open-quantum-safe/liboqs.svg?branch=nist-branch)
Builds have been tested on macOS 10.12.6 (clang), macOS 10.13.3 (clang), Ubuntu 14.04.5 (gcc-7).
## Quickstart
The dependencies for liboqs are OpenSSL and the Keccak Code Package (libkeccak). liboqs' build process will download and build libkeccak automatically. You must install OpenSSL following the instructions below.
### Linux and Mac
### Install dependencies for Linux (Ubuntu)
1. Install dependencies:
You need to install the following packages:
On Ubuntu:
sudo apt install gcc libssl-dev unzip xsltproc
sudo apt install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind
### Install dependencies for macOS
On macOS, using a package manager of your choice (we've picked Homebrew):
You need to install the following packages using brew (or a package manager of your choice):
brew install cmake ninja openssl@3 wget doxygen graphviz astyle valgrind
pip3 install pytest pytest-xdist pyyaml
brew install openssl wget
Using Nix:
### Building
nix develop
To build, first clone or download the source from GitHub, then run Make.
Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL installed (version 3.x recommended; EOL version 1.1.1 also still possible).
git clone https://github.com/open-quantum-safe/liboqs.git
cd liboqs
git checkout nist-branch
make
2. Get the source:
If you wish to change the target architecture or disable certain algorithms, edit the first few lines of `Makefile`, then run:
git clone -b main https://github.com/open-quantum-safe/liboqs.git
cd liboqs
make clean
make -j8
and build:
This will generate:
mkdir build && cd build
cmake -GNinja ..
ninja
- `liboqs.a`: Static library
- `liboqs.so`: Shared library
- `test_kem`: Simple test harness for all enabled key encapsulation mechanisms
- `test_sig`: Simple test harness for all enabled key signature schemes
- `kat_kem`: Program that generates known answer test (KAT) values for all enabled key encapsulation mechanisms using the same mechanism as the NIST submission requirements, for checking against submitted KAT values
- `kat_sig`: Program that generates known answer test (KAT) values for all enabled signature schemes using the same mechanism as the NIST submission requirements, for checking against submitted KAT values
- `speed_kem`: Benchmarking program for key encapsulation mechanisms; see `./speed_kem --help` for usage instructions
- `speed_sig`: Benchmarking program for signature schemes; see `./speed_sig --help` for usage instructions
- `example_kem`: Minimal runnable example showing the usage of the KEM API
- `example_sig`: Minimal runnable example showing the usage of the signature API
Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md#options-for-configuring-liboqs-builds). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH -N ..` in the `build` directory.
You can specify the path for installation by overriding the `PREFIX` environment variable before running `make install`, for example:
The following instructions assume we are in `build`.
PREFIX=/path/to/install make install
3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#bUILD_SHARED_LIBS) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
Documentation
-------------
- `test_kem`: Simple test harness for key encapsulation mechanisms
- `test_sig`: Simple test harness for signature schemes
- `test_sig_stfl`: Simple test harness for stateful signature schemes
- `test_kem_mem`: Simple test harness for checking memory consumption of key encapsulation mechanisms
- `test_sig_mem`: Simple test harness for checking memory consumption of signature schemes
- `kat_kem`: Program that generates known answer test (KAT) values for key encapsulation mechanisms using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig`: Program that generates known answer test (KAT) values for signature schemes using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
- `kat_sig_stfl`: Program for checking results against submitted KAT values using `tests/test_kat.py`
- `speed_kem`: Benchmarking program for key encapsulation mechanisms; see `./speed_kem --help` for usage instructions
- `speed_sig`: Benchmarking program for signature mechanisms; see `./speed_sig --help` for usage instructions
- `speed_sig_stfl`: Benchmarking program for stateful signature mechanisms; see `./speed_sig_stfl --help` for usage instructions
- `example_kem`: Minimal runnable example showing the usage of the KEM API
- `example_sig`: Minimal runnable example showing the usage of the signature API
- `example_sig_stfl`: Minimal runnable example showing the usage of the stateful signature API
- `test_aes`, `test_sha3`: Simple test harnesses for crypto sub-components
- `test_portability`: Simple test harnesses for checking cross-CPU code portability; requires presence of `qemu`; proper operation validated only on Ubuntu
The directory `docs/algorithms` contains information about each algorithm available in this branch of liboqs.
The complete test suite can be run using
If you have Doxygen installed (Linux: `sudo apt install doxygen graphviz`; macOS: `brew install doxygen graphviz`), you can build HTML documentation of the liboqs nist-branch API:
ninja run_tests
make docs
4. To generate HTML documentation of the API, run:
Then open `docs/doxygen/html/index.html` in your web browser.
ninja gen_docs
License
-------
Then open `docs/html/index.html` in your web browser.
liboqs is licensed under the MIT License; see [LICENSE.txt](https://github.com/open-quantum-safe/liboqs/blob/nist-branch/LICENSE.txt) for details.
4. `ninja install` can be run to install the built library and `include` files to a location of choice, which can be specified by passing the `-DCMAKE_INSTALL_PREFIX=<dir>` option to `cmake` at configure time. Alternatively, `ninja package` can be run to create an install package.
liboqs includes some third party libraries or modules that may be licensed differently. All third-party code is contained in directories labelled `upstream`, and each such upstream directory contains a license file indicating the license that applies to code in that directory.
5. `ninja uninstall` can be run to remove all installation files.
See https://github.com/gvanas/KeccakCodePackage#under-which-license-is-the-kcp-distributed for information on the licensing of the Keccak Code Package (libkecak).
Team
----
### Windows
The Open Quantum Safe project is lead by [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/) (University of Waterloo) and [Douglas Stebila](https://www.douglas.stebila.ca/research/) (McMaster University).
Binaries can be generated using Visual Studio 2019 with the [CMake Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.cmake-tools) extension installed. The same options as explained above for Linux/macOS can be used and build artifacts are generated in the specified `build` folders.
### Contributors
If you want to create Visual Studio build files, e.g., if not using `ninja`, be sure to _not_ pass the parameter `-GNinja` to the `cmake` command as exemplified above. You can then build all components using `msbuild`, e.g. as follows: `msbuild ALL_BUILD.vcxproj` and install all artifacts e.g. using this command `msbuild INSTALL.vcxproj`.
Contributors to this nist-branch of liboqs include:
- Nicholas Allen (Amazon Web Services)
- Maxime Anvari
- Eric Crockett (Amazon Web Services)
- Nir Drucker (Amazon Web Services)
- Vlad Gheorghiu (evolutionQ)
- Shay Gueron (Amazon Web Services)
- Christian Paquin (Microsoft Research)
- Tancrède Lepoint (SRI International)
- Shravan Mishra (University of Waterloo)
- Douglas Stebila (McMaster University)
### Cross compilation
nist-branch is based on the liboqs master branch, which includes additional contributors.
You can cross compile liboqs for various platforms. Detailed information is available [in the Wiki](https://github.com/open-quantum-safe/liboqs/wiki/Platform-specific-notes-for-building-liboqs#cross-compiling).
Upstream implementations are due to their original authors. See the algorithm datasheets in `docs/algorithms` for information about each upstream implementation.
## Documentation
### Support
More detailed information on building, optional build parameters, example applications, coding conventions and more can be found in the [wiki](https://github.com/open-quantum-safe/liboqs/wiki).
Development of Open Quantum Safe has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of Open Quantum Safe have been supported by various research grants; see the source papers for funding acknowledgments.
## Contributing
Contributions that meet the acceptance criteria are gratefully welcomed. See our [Contributing Guide](https://github.com/open-quantum-safe/liboqs/wiki/Contributing-Guide) for more details.
## License
liboqs is licensed under the MIT License; see [LICENSE.txt](https://github.com/open-quantum-safe/liboqs/blob/main/LICENSE.txt) for details.
liboqs includes some third party libraries or modules that are licensed differently; the corresponding subfolder contains the license that applies in that case. In particular:
- `.CMake/CMakeDependentOption.cmake`: BSD 3-Clause License
- `src/common/common.c`: includes portions which are Apache License v2.0
- `src/common/crypto/aes/aes_c.c`: public domain or any OSI-approved license
- `src/common/crypto/aes/aes*_ni.c`: public domain
- `src/common/crypto/sha2/sha2_c.c`: public domain
- `src/common/crypto/sha3/xkcp_low` : CC0 (public domain), except `brg_endian.h` and `KeccakP-1600-AVX2.s`
- `src/common/crypto/sha3/xkcp_low/.../brg_endian.h` : BSD 3-Clause License
- `src/common/crypto/sha3/xkcp_low/.../KeccakP-1600-AVX2.s` : BSD-like [CRYPTOGAMS license](http://www.openssl.org/~appro/cryptogams/)
- `src/common/rand/rand_nist.c`: See file
- `src/kem/bike/additional`: Apache License v2.0
- `src/kem/classic_mceliece/pqclean_*`: public domain
- `src/kem/kyber/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/kem/kyber/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- `src/kem/kyber/libjade_*` public domain (CC0) or Apache License v2.
- `src/kem/ml_kem/mlkem-native_*`: MIT or Apache License v2.0 or ISC License
- `src/kem/ntru/pqclean_*`: public domain (CC0)
- src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
- `src/sig/mayo/*`: Apache License v2.0
- `src/sig/ml_dsa/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/sphincs/pqclean_*`: CC0 (public domain)
## Acknowledgements
The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/).
The OQS project was founded by Douglas Stebila and Michele Mosca at the University of Waterloo. [Contributors to liboqs](https://github.com/open-quantum-safe/liboqs/blob/main/CONTRIBUTORS) include individual contributors, academics and researchers, and various companies, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, SandboxAQ, and softwareQ.
Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services, the Canadian Centre for Cyber Security, Cisco, the Unitary Fund, the NGI Assure Fund, and VeriSign Inc.
Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.

100
RELEASE.md
View File

@ -1,50 +1,108 @@
liboqs nist-branch snapshot 2018-07
===================================
liboqs version 0.14.0
=====================
About
-----
The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
**liboqs** is an open source C library for quantum-resistant cryptographic algorithms.
**liboqs** is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in [README.md](https://github.com/open-quantum-safe/liboqs/blob/main/README.md). See in particular limitations on intended use.
This branch of liboqs (**nist-branch**) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in [README.md](https://github.com/open-quantum-safe/liboqs/blob/nist-branch/README.md). See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
This branch of liboqs can be used with the following Open Quantum Safe application integrations:
- **oqs-provider**: A standalone prototype [OpenSSL 3 provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
- OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the [OQS-OpenSSL-1\_0\_2-stable](https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_0_2-stable) branch of our OpenSSL fork's repository.
Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
=============
This snapshot of nist-branch was released on July 27, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-07.
This is version 0.14.0 of liboqs. It was released on July 10, 2025.
This release contains a security fix for secret-dependent branching in HQC. It introduces support for SNOVA, a NIST Additional Signatures Round 2 candidate, and a new optimized implementation of SHA3 using AVX-512VL instructions. Additionally, this is the first liboqs release to include the [stable 1.0.0 version of PQ Code Package's mlkem-native](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
This release also introduces a number of improvements to testing and infrastructure. The OQS project is now publishing benchmarking data on https://openquantumsafe.org/benchmarking and code coverage data on https://coveralls.io/github/open-quantum-safe/liboqs.
Deprecation notice
==================
This will be the last release of liboqs to include Dilithium (that is, the NIST Round 3 version of Dilithium, prior to its standardization by NIST as ML-DSA in FIPS 204). Applications should switch to ML-DSA (FIPS 204). Please contact us if you have any concerns.
Security issues
===============
- CVE-2025-52473: Disabled compiler optimizations for HQC to avoid secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan Zhang from from the University of Melbourne and the Max Planck Institute for Security and Privacy for identifying the issue.
What's New
----------
This is the third snapshot release of liboqs nist-branch.
This release continues from the 0.13.0 release of liboqs.
### New key encapsulation mechanisms
### Key encapsulation mechanisms
The following KEMs have been added in the 2018-07 snapshot release:
- HQC: Disabled compiler optimizations to avoid secret-dependent branching in certain configurations. HQC remains disabled by default.
- ML-KEM: Updated the default ML-KEM implementation to [PQCP's mlkem-native v1.0.0](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
- **LEDAkem**: 9 parameterizations: `LEDAKEM_C1_N02`, `LEDAKEM_C1_N03`, `LEDAKEM_C1_N04`, `LEDAKEM_C3_N02`, `LEDAKEM_C3_N03`, `LEDAKEM_C3_N04`, `LEDAKEM_C5_N02`, `LEDAKEM_C5_N03`, `LEDAKEM_C5_N04` (contributed by Shravan Mashra (University of Waterloo))
### Digital signature schemes
### New signature API and schemes
- New API: added an API function to check if a signature scheme supports signing with a context string.
- SNOVA: added [SNOVA](https://snova.pqclab.org/) from NIST Additional Signature Schemes Round 2.
liboqs nist-branch now includes support for signature schemes via the API described in `src/sig/sig.h`; the API is based on the NIST and SUPERCOP APIs. Signature schemes can be tested using `./test_sig`, benchmarked using `./speed_sig`; `example_sig` contains a minimal example of using the signature API.
### Other changes
The following signature schemes have been added in the 2018-07 snapshot release:
- Added an AVX512VL-optimized backend for SHA3.
- Improved memory management throughout the codebase.
- **Picnic**: 6 parameterizations: `picnic_L1_FS`, `picnic_L1_UR`, `picnic_L3_FS`, `picnic_L3_UR`, `picnic_L5_FS`, `picnic_L5_UR` (contributed by Christian Paquin (Microsoft Research))
- **qTESLA**: 5 parameterizations: `qTESLA_I`, `qTESLA_III_size`, `qTESLA_III_speed`, `qTESLA_p_I`, `qTESLA_p_I` (contributed by Christian Paquin (Microsoft Research))
---
### Fixes
Detailed changelog
------------------
- Automatic detection of binutils version for BIKE build (contributed by Maxime Anvari)
## What's Changed
* Switch to dev mode after 0.13.0 release by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2125
* Restrict -Wno-maybe-uninitialized to GCC and fix stack size typo by @alraddady in https://github.com/open-quantum-safe/liboqs/pull/2111
* Promote @SWilson4 from Committer to Maintainer [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2120
* Update Nix flake inputs by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2126
* Change cuPQC upstream repo by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2115
* Integrate SNOVA into liboqs by @vacuas in https://github.com/open-quantum-safe/liboqs/pull/2109
* Update ACVP vectors to latest release by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2131
* Add a function to check if context string is supported by @M-AlNoaimi in https://github.com/open-quantum-safe/liboqs/pull/2142
* Skip failing CI test by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2157
* Use OQS_MEM_cleanse() instead of memset() by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2158
* Check for NULL dereference before using secure free by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2151
* Update mlkem-native to v1.0.0 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2146
* test: Use secure free for freeing secret key objects by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2149
* tests: Remove unused variables by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2152
* Wycheproof by @h2parson in https://github.com/open-quantum-safe/liboqs/pull/2145
* tests: Check OQS_STATUS of RNG and fstore functions by @Hussain1811 in https://github.com/open-quantum-safe/liboqs/pull/2153
* Adjust constant-time test exception for mlkem-native by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2162
* Continuous Benchmarking using Github Actions by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2134
* test: Add basic kem fuzz testing by @nathaniel-brough in https://github.com/open-quantum-safe/liboqs/pull/2133
* Increase alert threshold for continuous benchmarking by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2166
* Benchmarking comments only on alerts by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2168
* Adding code coverage by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2148
* Add AVX512VL-Optimized SHA3/SHAKE Implementations by @mdcornu in https://github.com/open-quantum-safe/liboqs/pull/2167
* Zeroize memory in SHA3 implementation by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/2171
* Disable compiler optimizations for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/commit/4215362acbf69b88fe1777c4c052f154e29f9897
* liboqs 0.14.0 release candidate 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2180
* Document public / internal API split [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2182
Future work
-----------
## New Contributors
* @alraddady made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2111
* @vacuas made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2109
* @M-AlNoaimi made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2142
* @Hussain1811 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2158
* @h2parson made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2145
* @mdcornu made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2167
Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/9.
**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.13.0...0.14.0

35
SECURITY.md Normal file
View File

@ -0,0 +1,35 @@
# Security Policy
## Supported Versions
We only support the most recent release.
Using any code prior to 0.12.0 is strongly discouraged due to a [known security vulnerability in HQC](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7).
| Version | Supported |
| ------- | ------------------ |
| 0.14.0 | :white_check_mark: |
| < 0.14 | :x: |
## Reporting a Vulnerability
Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).
## Threat Model
Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86\_64. All test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute nonconstant-time behaviour. The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass. Details about passes and issues are available in the [tests/constant_time directory](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). These tests do not encompass all classes of nonconstant-time behaviour; for example, they do not detect possible variable-time instructions, such as `DIV`. Reports of nonconstant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md#tier-1).
The following types of attacks are outside the scope of our threat model:
- same physical system side channel
- CPU / hardware flaws
- physical fault injection attacks (including Rowhammer-style attacks)
- physical observation side channels (such as power consumption, electromagnetic emissions)
Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation.
(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)
## Security Response Process
Security reports for liboqs will be handled in accordance with the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md). Please also see the general [support disclaimer](README.md#support-limitations) for liboqs.

3
appveyor.yml
View File

@ -1,3 +0,0 @@
branches:
except:
- /.*nist.*/

201
cpp/sig_linking_test.cpp Normal file
View File

@ -0,0 +1,201 @@
/*
* example_sig.cpp
*
* Minimal C++ example of using a post-quantum signature implemented in liboqs.
* To test linking, compile the program against libcrypto (from OpenSSL) and liboqs
*
* g++ -g -I${LIBOQS_DIR}/build/include \
* -L${LIBOQS_DIR}/build/lib -loqs \
* -lcrypto -std=c++11 \
* -o ${LIBOQS_DIR}/build/tests/example_sig \
* ${LIBOQS_DIR}/cpp/sig_linking_test.cpp \
* && ${LIBOQS_DIR}/build/tests/example_sig
*
* `-lcrypto` requires libcrypto to be in dynamic linker's path.
* If installed with Homebrew, it is likely located at:
* /opt/homebrew/Cellar/openssl@3/x.y.z/lib
*
* SPDX-License-Identifier: MIT
*/
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <iostream>
#include <memory>
#include <oqs/oqs.h>
/* TODO: I am not sure if "algo_xxx" not enabled should make the test succeed */
#define CPP_LINKING_TEST_FAIL_HARD 0
constexpr size_t MESSAGE_LEN = 50;
/* Cleaning up memory etc */
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len);
struct OQSSecureDeleter {
size_t length;
explicit OQSSecureDeleter(size_t len) : length(len) {}
void operator()(uint8_t* ptr) const {
if (ptr) {
OQS_MEM_secure_free(ptr, length);
}
}
};
struct OQSInsecureDeleter {
void operator()(uint8_t* ptr) {
if (ptr) {
OQS_MEM_insecure_free(ptr);
}
}
};
struct OQSSigDeleter {
void operator()(OQS_SIG* sig) {
if (sig) {
OQS_SIG_free(sig);
}
}
};
/* This function gives an example of the signing operations
* using only compile-time macros and allocating variables
* statically on the stack, calling a specific algorithm's functions
* directly.
*
* The macros OQS_SIG_ml_dsa_44_length_* and the functions OQS_SIG_ml_dsa_44_*
* are only defined if the algorithm ml_dsa_44 was enabled at compile-time
* which must be checked using the OQS_ENABLE_SIG_ml_dsa_44 macro.
*
* <oqs/oqsconfig.h>, which is included in <oqs/oqs.h>, contains macros
* indicating which algorithms were enabled when this instance of liboqs
* was compiled.
*/
static OQS_STATUS example_stack(void) {
#ifdef OQS_ENABLE_SIG_ml_dsa_44
OQS_STATUS rc;
uint8_t public_key[OQS_SIG_ml_dsa_44_length_public_key];
uint8_t secret_key[OQS_SIG_ml_dsa_44_length_secret_key];
uint8_t message[MESSAGE_LEN];
uint8_t signature[OQS_SIG_ml_dsa_44_length_signature];
size_t message_len = MESSAGE_LEN;
size_t signature_len;
// let's create a random test message to sign
OQS_randombytes(message, message_len);
rc = OQS_SIG_ml_dsa_44_keypair(public_key, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_ml_dsa_44_keypair failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_ml_dsa_44_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_ml_dsa_44_sign(signature, &signature_len, message, message_len, secret_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_ml_dsa_44_sign failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_ml_dsa_44_length_secret_key);
return OQS_ERROR;
}
rc = OQS_SIG_ml_dsa_44_verify(message, message_len, signature, signature_len, public_key);
if (rc != OQS_SUCCESS) {
std::cerr << "ERROR: OQS_SIG_ml_dsa_44_verify failed!" << std::endl;
cleanup_stack(secret_key, OQS_SIG_ml_dsa_44_length_secret_key);
return OQS_ERROR;
}
std::cout << "[example_stack] OQS_SIG_ml_dsa_44 operations completed" << std::endl;
cleanup_stack(secret_key, OQS_SIG_ml_dsa_44_length_secret_key);
return OQS_SUCCESS; // success!
#else
std::cout << "[example_stack] OQS_SIG_ml_dsa_44 was not enabled at compile-time" << std::endl;
#if CPP_LINKING_TEST_FAIL_HARD
return OQS_ERROR;
#else
return OQS_SUCCESS;
#endif /* CPP_LINKING_TEST_FAIL_HARD */
#endif /* OQS_ENABLE_SIG_ml_dsa_44 */
}
/* This function gives an example of the signing operations,
* allocating variables dynamically on the heap and calling the generic
* OQS_SIG object.
*
* This does not require the use of compile-time macros to check if the
* algorithm in question was enabled at compile-time; instead, the caller
* must check that the OQS_SIG object returned is not nullptr.
*/
static OQS_STATUS example_heap(void) {
#ifdef OQS_ENABLE_SIG_ml_dsa_44
size_t message_len = MESSAGE_LEN;
size_t signature_len;
OQS_STATUS rc;
std::unique_ptr<OQS_SIG, OQSSigDeleter> sig(OQS_SIG_new((OQS_SIG_alg_ml_dsa_44)));
if (sig == nullptr) {
throw std::runtime_error("[example_heap] OQS_SIG_alg_ml_dsa_44 was not enabled at compile-time.");
}
std::unique_ptr<uint8_t[], OQSInsecureDeleter> public_key(static_cast<uint8_t*>(malloc(sig->length_public_key)));
std::unique_ptr<uint8_t[], OQSSecureDeleter> secret_key(static_cast<uint8_t*>(malloc(sig->length_secret_key)), OQSSecureDeleter(sig->length_secret_key));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> message(static_cast<uint8_t*>(malloc(message_len)));
std::unique_ptr<uint8_t[], OQSInsecureDeleter> signature(static_cast<uint8_t*>(malloc(sig->length_signature)));
if ((public_key == nullptr) || (secret_key == nullptr) || (message == nullptr) || (signature == nullptr)) {
throw std::runtime_error("ERROR: malloc failed!");
}
// let's create a random test message to sign
OQS_randombytes(message.get(), message_len);
rc = OQS_SIG_keypair(sig.get(), public_key.get(), secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_keypair failed!");
}
rc = OQS_SIG_sign(sig.get(), signature.get(), &signature_len, message.get(), message_len, secret_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_sign failed!");
}
rc = OQS_SIG_verify(sig.get(), message.get(), message_len, signature.get(), signature_len, public_key.get());
if (rc != OQS_SUCCESS) {
throw std::runtime_error("ERROR: OQS_SIG_verify failed!");
}
std::cout << "[example_heap] OQS_SIG_ml_dsa_44 operations completed." << std::endl;
return OQS_SUCCESS; // success
#else
std::cout << "[example_stack] OQS_SIG_ml_dsa_44 was not enabled at compile-time" << std::endl;
#if CPP_LINKING_TEST_FAIL_HARD
return OQS_ERROR;
#else
return OQS_SUCCESS;
#endif /* CPP_LINKING_TEST_FAIL_HARD */
#endif /* OQS_ENABLE_SIG_ml_dsa_44 */
}
int main() {
OQS_init();
try {
example_stack();
example_heap();
}
catch (std::exception e) {
std::cerr << e.what() << std::endl;
OQS_destroy();
return EXIT_FAILURE;
}
OQS_destroy();
return EXIT_SUCCESS;
}
void cleanup_stack(uint8_t *secret_key, size_t secret_key_len) {
OQS_MEM_cleanse(secret_key, secret_key_len);
}

969
docs/.Doxyfile
View File

File diff suppressed because it is too large Load Diff

72
docs/FUZZING.md Normal file
View File

@ -0,0 +1,72 @@
# Fuzzing
Fuzz testing is an automated software testing method that injects invalid,
malformed, or unexpected inputs to reveal defects and vulnerabilities. A fuzzing
tool monitors the system for exceptions like crashes, information leakage, or
errors, helping developers identify and fix bugs and security loopholes.
## Current state of fuzzing in liboqs
- [ ] kem
- [ ] bike
- [ ] classic_mceliece
- [ ] frodokem
- [ ] hqc
- [ ] kyber
- [ ] ml_kem
- [ ] ntruprime
- [ ] sig
- [x] falcon
- [x] mayo
- [x] ml_dsa
- [x] sphincs
- [ ] sig_stfl
- [ ] lms
- [ ] sig_stfl
- [ ] xmss
## Building and running fuzz tests
Building fuzz tests is very similar to building normally with some optional
steps to target different types of bugs. The most basic ways to build the
fuzz tests is as follows;
```bash
mkdir build && cd build
cmake -GNinja -DOQS_BUILD_FUZZ_TESTS=ON ..
ninja
```
`OQS_BUILD_FUZZ_TESTS` will build two test binaries: `tests/fuzz_test_sig` and `tests/fuzz_test_kem`.
The fuzzer will run indefinitely or;
- until it finds a bug and crashes,
- you manually stop the fuzzer i.e. CTRL-C
- you set a timeout using the command line.
For more details on the available command line args please consult the [libfuzzer docs](https://llvm.org/docs/LibFuzzer.html).
## Sanitizers
It is a common pattern to combine fuzzing with various sanitizers to catch different bugs.
One of the simpler sanitizers is the fuzzing sanitizer, which will instrument the code
for coverage driven fuzzing. To enable this simply add this to your environment variables
before configuring cmake;
```
export CFLAGS=-fsanitize=fuzzer-no-link
```
It is common to combine the fuzzer sanitizer with either the [address](https://clang.llvm.org/docs/AddressSanitizer.html)
or the [undefined behaviour sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). To
add these simply add the relevant flags to BOTH the CFLAGS and LDFLAGS e.g.
```
export CFLAGS=-fsanitize=fuzzer-no-link,address
export LDFLAGS=-fsanitize=address
```
Then rerun cmake as normal i.e.
```bash
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)
```

69
docs/PROCEDURES.md Normal file
View File

@ -0,0 +1,69 @@
# Additional procedures for code maintenance
## Managing pinned dependencies
The OpenSSF, via the [scorecard](https://securityscorecards.dev/) project recommends that projects pin any
dependencies they use:
* to ensure reproducibility
* to reduce the risk for rogue dependency updates to compromise software
It's important to note that this requires any changes to dependencies are properly reviewed, and
these changes, by design, should not be automatic in themselves, though automated tools may provide recommendations.
### Python dependencies
Python dependencies used in the build process such as within `.github/workflows` should be pinned to a specific version to ensure reproducibility.
This is achieved by:
* Ensuring the required hash is in the `requirements.txt`.
* Using the `--require-hashes` option on any `pip install` command line which causes pip to require hashes for all dependencies.
To add a new, or changed dependency:
* Ensure the `pip-compile` tool is installed via the [pip-tools](https://pypi.org/project/pip-tools/) package.
* Update `requirements.in` with added, modified, or deleted dependencies.
* Update requirements.txt using `pip-compile --generate-hashes --output-file=requirements.txt requirements.in`.
* Verify correct functionality.
* Check in both `requirements.txt` and `requirements.in`.
Note: `requirements.in` acts purely as a template in this process. It is not used during the installation of a dependency.
### Github Actions
All actions used in `.github/workflows` should pin the exact version of the action they are using, for
example a step such as:
```yaml
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
```
The exact hash specified after `@` is the git commit hash within the repo where the action is found.
The [pin github action](https://github.com/mheap/pin-github-action) tool can be used to maintain these
by, for example, running:
```shell
pin-github-action unix.yml
```
This will add the appropriate hash if not present, along with a comment, and also update each hash in accordance with any existing comment.
For major updates, update the comment ie `pin@v4` to `pin@v5` and the tool will attempt to find the new hash.
The comment should not be removed, and should exclusively be used for updating the version.
A full explanation of how the tool operates can be found in the [documentation](https://github.com/mheap/pin-github-action).
To help in explanation here's an example of a similar code fragment between tool executions:
* Original entry is `uses: actions/checkout@v3`
* run `pin-github-action unix.yml`
* We now see `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3`
* later we want to go to v4, so update the text to `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v4`
* Now run `pin-github-action unix.yml` to correct the sha
* File now shows `uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4`
When changes have been made, correct functionality of the Github actions should be verified by reviewing the Github action logs and outputs. The SHA inserted by the tool can be searched for in Github to check it is associated with the expected version.

53
docs/algorithms/kem/bike.md Normal file
View File

@ -0,0 +1,53 @@
# BIKE
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check).
- **Principal submitters**: Nicolas Aragon, Paulo Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Phillipe Gaborit, Santosh Gosh, Shay Gueron, Tim Güneysu, Carlos Aguilar Melchor, Rafael Misoczki, Edoardo Persichetti, Nicolas Sendrier, Jean-Pierre Tillich, Valentin Vasseur, Gilles Zémor.
- **Authors' website**: http://bikesuite.org/
- **Specification version**: 5.1.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/awslabs/bike-kem
- **Implementation license (SPDX-Identifier)**: Apache-2.0
- **Ancestors of primary source**:
- https://bikesuite.org/files/v5.0/Reference_Implementation.2022.10.04.1.zip
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 | NA | NA |
| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 | NA | NA |
| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 | NA | NA |
## BIKE-L1 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## BIKE-L3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## BIKE-L5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | 64-bit little-endian | Linux,Darwin | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin | AVX2,AVX512,PCLMUL,SSE2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

139
docs/algorithms/kem/bike.yml Normal file
View File

@ -0,0 +1,139 @@
name: BIKE
type: kem
principal-submitters:
- Nicolas Aragon
- Paulo Barreto
- Slim Bettaieb
- Loic Bidoux
- Olivier Blazy
- Jean-Christophe Deneuville
- Phillipe Gaborit
- Santosh Gosh
- Shay Gueron
- Tim Güneysu
- Carlos Aguilar Melchor
- Rafael Misoczki
- Edoardo Persichetti
- Nicolas Sendrier
- Jean-Pierre Tillich
- Valentin Vasseur
- Gilles Zémor
crypto-assumption: QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
website: http://bikesuite.org/
nist-round: 4
standardization-status: Not selected by [NIST](https://bikesuite.org/files/v5.1/BIKE_Spec.2022.10.10.1.pdf)
spec-version: 5.1
primary-upstream:
source: https://github.com/awslabs/bike-kem
spdx-license-identifier: Apache-2.0
upstream-ancestors:
- https://bikesuite.org/files/v5.0/Reference_Implementation.2022.10.04.1.zip
parameter-sets:
- name: BIKE-L1
claimed-nist-level: 1
claimed-security: IND-CPA
length-public-key: 1541
length-ciphertext: 1573
length-secret-key: 5223
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: 64-bit little-endian
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- avx512
- pclmul
- sse2
common-crypto:
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: BIKE-L3
claimed-nist-level: 3
claimed-security: IND-CPA
length-ciphertext: 3115
length-public-key: 3083
length-secret-key: 10105
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: 64-bit little-endian
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- avx512
- pclmul
- sse2
common-crypto:
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: BIKE-L5
claimed-nist-level: 5
claimed-security: IND-CPA
length-ciphertext: 5154
length-public-key: 5122
length-secret-key: 16494
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: 64-bit little-endian
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- avx512
- pclmul
- sse2
common-crypto:
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

128
docs/algorithms/kem/classic_mceliece.md Normal file
View File

@ -0,0 +1,128 @@
# Classic McEliece
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Niederreiter's dual version of McEliece's public key encryption using binary Goppa codes.
- **Principal submitters**: Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Wen Wang.
- **Authors' website**: https://classic.mceliece.org
- **Specification version**: SUPERCOP-20221025.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- SUPERCOP-20221025 "clean" and "avx2" implementations
## Advisories
- Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture.
- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found.
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA | NA |
| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA | NA |
| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA | NA |
| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA | NA |
| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA | NA |
| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA | NA |
| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA | NA |
| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA | NA |
| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA | NA |
| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA | NA |
## Classic-McEliece-348864 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Classic-McEliece-348864f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-460896 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-460896f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-6688128 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-6688128f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-6960119 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-6960119f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-8192128 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Classic-McEliece-8192128f implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | False | False | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI1 | False | False | True |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

383
docs/algorithms/kem/classic_mceliece.yml Normal file
View File

@ -0,0 +1,383 @@
name: Classic McEliece
type: kem
principal-submitters:
- Daniel J. Bernstein
- Tung Chou
- Tanja Lange
- Ingo von Maurich
- Rafael Misoczki
- Ruben Niederhagen
- Edoardo Persichetti
- Christiane Peters
- Peter Schwabe
- Nicolas Sendrier
- Jakub Szefer
- Wen Wang
crypto-assumption: Niederreiter's dual version of McEliece's public key encryption
using binary Goppa codes
website: https://classic.mceliece.org
nist-round: 3
spec-version: SUPERCOP-20221025
standardization-status: Under [ISO](https://classic.mceliece.org/iso.html) consideration
upstream-ancestors:
- SUPERCOP-20221025 "clean" and "avx2" implementations
advisories:
- Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and
Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when
building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised
when using the algorithm at higher optimization levels, and any other compiler and
architecture.
- Current implementation of the algorithm may not be constant-time. Additionally,
environment specific constant-time leaks may not be documented; please report potential
constant-time leaks when found.
parameter-sets:
- name: Classic-McEliece-348864
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 261120
length-ciphertext: 96
length-secret-key: 6492
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-348864f
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 261120
length-ciphertext: 96
length-secret-key: 6492
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-460896
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 524160
length-ciphertext: 156
length-secret-key: 13608
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-460896f
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 524160
length-ciphertext: 156
length-secret-key: 13608
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6688128
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1044992
length-ciphertext: 208
length-secret-key: 13932
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6688128f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1044992
length-ciphertext: 208
length-secret-key: 13932
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6960119
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1047319
length-ciphertext: 194
length-secret-key: 13948
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-6960119f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1047319
length-ciphertext: 194
length-secret-key: 13948
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-8192128
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1357824
length-ciphertext: 208
length-secret-key: 14120
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- name: Classic-McEliece-8192128f
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1357824
length-ciphertext: 208
length-secret-key: 14120
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- popcnt
- bmi1
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: true
upstream: primary-upstream
auxiliary-submitters: []
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
with copy_from_upstream patches

82
docs/algorithms/kem/frodokem.md Normal file
View File

@ -0,0 +1,82 @@
# FrodoKEM
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: learning with errors (LWE).
- **Principal submitters**: Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, Douglas Stebila.
- **Authors' website**: https://frodokem.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
## FrodoKEM-640-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## FrodoKEM-640-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## FrodoKEM-976-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## FrodoKEM-976-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## FrodoKEM-1344-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## FrodoKEM-1344-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

228
docs/algorithms/kem/frodokem.yml Normal file
View File

@ -0,0 +1,228 @@
name: FrodoKEM
type: kem
principal-submitters:
- Michael Naehrig
- Erdem Alkim
- Joppe Bos
- Léo Ducas
- Karen Easterbrook
- Brian LaMacchia
- Patrick Longa
- Ilya Mironov
- Valeria Nikolaenko
- Christopher Peikert
- Ananth Raghunathan
- Douglas Stebila
crypto-assumption: learning with errors (LWE)
website: https://frodokem.org/
nist-round: 3
spec-version: NIST Round 3 submission
standardization-status: Under [ISO](https://frodokem.org/) consideration
primary-upstream:
source: https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2
spdx-license-identifier: MIT
parameter-sets:
- name: FrodoKEM-640-AES
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 9616
length-ciphertext: 9720
length-secret-key: 19888
length-shared-secret: 16
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: FrodoKEM-640-SHAKE
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 9616
length-ciphertext: 9720
length-secret-key: 19888
length-shared-secret: 16
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: FrodoKEM-976-AES
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 15632
length-ciphertext: 15744
length-secret-key: 31296
length-shared-secret: 24
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: FrodoKEM-976-SHAKE
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 15632
length-ciphertext: 15744
length-secret-key: 31296
length-shared-secret: 24
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: FrodoKEM-1344-AES
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 21520
length-ciphertext: 21632
length-secret-key: 43088
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: FrodoKEM-1344-SHAKE
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 21520
length-ciphertext: 21632
length-secret-key: 43088
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: master
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: master
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Windows
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false

51
docs/algorithms/kem/hqc.md Normal file
View File

@ -0,0 +1,51 @@
# HQC
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Syndrome decoding of structure codes (Hamming Quasi-Cyclic).
- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Arnaud Dion, Philippe Gaborit, Jérôme Lacan, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor.
- **Authors' website**: https://pqc-hqc.org/
- **Specification version**: 2023-04-30.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | NA | NA |
| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | NA | NA |
| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | NA | NA |
## HQC-128 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## HQC-192 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## HQC-256 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

81
docs/algorithms/kem/hqc.yml Normal file
View File

@ -0,0 +1,81 @@
name: HQC
type: kem
principal-submitters:
- Carlos Aguilar Melchor
- Nicolas Aragon
- Slim Bettaieb
- Loïc Bidoux
- Olivier Blazy
- Jurjen Bos
- Jean-Christophe Deneuville
- Arnaud Dion
- Philippe Gaborit
- Jérôme Lacan
- Edoardo Persichetti
- Jean-Marc Robert
- Pascal Véron
- Gilles Zémor
crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
website: https://pqc-hqc.org/
nist-round: 4
standardization-status: Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf)
for upcoming standardization
spec-version: 2023-04-30
upstream-ancestors:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
parameter-sets:
- name: HQC-128
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 2249
length-ciphertext: 4433
length-secret-key: 2305
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: HQC-192
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 8978
length-public-key: 4522
length-secret-key: 4586
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: HQC-256
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 14421
length-public-key: 7245
length-secret-key: 7317
length-shared-secret: 64
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181

68
docs/algorithms/kem/kyber.md Normal file
View File

@ -0,0 +1,68 @@
# Kyber
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- **Principal submitters**: Peter Schwabe.
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
- **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
- **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
- **Formally-verified Implementation sources**:
- **libjade**:<a name="libjade"></a>
- **Source**: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 OR Apache-2.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | NA | NA |
| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | NA | NA |
| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | NA | NA |
## Kyber512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | ref | x86\_64 | Linux,Darwin | None | True | False | False |
| [libjade](#libjade) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

219
docs/algorithms/kem/kyber.yml Normal file
View File

@ -0,0 +1,219 @@
name: Kyber
type: kem
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
- Roberto Avanzi
- Joppe Bos
- Léo Ducas
- Eike Kiltz
- Tancrède Lepoint
- Vadim Lyubashevsky
- John M. Schanck
- Gregor Seiler
- Damien Stehlé
crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
website: https://pq-crystals.org/
nist-round: 3
standardization-status: Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Kyber-Round3.zip)
as basis for ML-KEM (FIPS 203)
spec-version: NIST Round 3 submission
primary-upstream:
source: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
oldpqclean-aarch64:
source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
and MIT
formally-verified-upstreams:
libjade:
source: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with
copy_from_upstream patches
spdx-license-identifier: CC0-1.0 OR Apache-2.0
parameter-sets:
- name: Kyber512
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: ref
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber768
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: ref
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: libjade
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: Kyber1024
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: oldpqclean-aarch64
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false

66
docs/algorithms/kem/ml_kem.md Normal file
View File

@ -0,0 +1,66 @@
# ML-KEM
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- **Principal submitters**: Peter Schwabe.
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
- **Specification version**: ML-KEM.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **Implementation license (SPDX-Identifier)**: MIT or Apache-2.0 or ISC
- **Optimized Implementation sources**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
- **cupqc-cuda**:<a name="cupqc-cuda"></a>
- **Source**: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
- **Implementation license (SPDX-Identifier)**: Apache-2.0
- **icicle-icicle_cuda**:<a name="icicle-icicle_cuda"></a>
- **Source**: https://github.com/ingonyama-zk/icicle-liboqs/commit/4ea3e612ff26e3e72b5e5bcfff4cf3dda45dc0a8
- **Implementation license (SPDX-Identifier)**: MIT
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|----------------------------:|----------------------------------:|
| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | 64 | 32 |
| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | 64 | 32 |
| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | 64 | 32 |
## ML-KEM-512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## ML-KEM-768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## ML-KEM-1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

201
docs/algorithms/kem/ml_kem.yml Normal file
View File

@ -0,0 +1,201 @@
name: ML-KEM
type: kem
principal-submitters:
- Peter Schwabe
auxiliary-submitters:
- Roberto Avanzi
- Joppe Bos
- Léo Ducas
- Eike Kiltz
- Tancrède Lepoint
- Vadim Lyubashevsky
- John M. Schanck
- Gregor Seiler
- Damien Stehlé
crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
nist-round: FIPS203
standardization-status: Standardized by [NIST](https://csrc.nist.gov/pubs/fips/203/final)
spec-version: ML-KEM
primary-upstream:
source: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
spdx-license-identifier: MIT or Apache-2.0 or ISC
optimized-upstreams:
cupqc-cuda:
source: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
spdx-license-identifier: Apache-2.0
icicle-icicle_cuda:
source: https://github.com/ingonyama-zk/icicle-liboqs/commit/4ea3e612ff26e3e72b5e5bcfff4cf3dda45dc0a8
spdx-license-identifier: MIT
parameter-sets:
- name: ML-KEM-512
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
length-ciphertext: 768
length-secret-key: 1632
length-shared-secret: 32
length-keypair-seed: 64
length-encaps-seed: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-768
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
length-ciphertext: 1088
length-secret-key: 2400
length-shared-secret: 32
length-keypair-seed: 64
length-encaps-seed: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- name: ML-KEM-1024
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
length-ciphertext: 1568
length-secret-key: 3168
length-shared-secret: 32
length-keypair-seed: 64
length-encaps-seed: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
- architecture: CUDA
operating_systems:
- Linux
- Darwin
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false

82
docs/algorithms/kem/ntru.md Normal file
View File

@ -0,0 +1,82 @@
# NTRU
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: NTRU in Z[x]/(q, x^n-1) with prime n and power-of-two q.
- **Principal submitters**: John M. Schanck.
- **Auxiliary submitters**: Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hülsing, Joost Rijneveld, Tsunekazu Saito, Peter Schwabe, William Whyte, Keita Xagawa, Takashi Yamakawa, Zhenfei Zhang.
- **Authors' website**: https://ntru.org/
- **Specification version**: NIST Round 3 submission.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: CC0-1.0
- **Ancestors of primary source**:
- https://github.com/jschanck/ntru/tree/a43a4457
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| NTRU-HPS-2048-509 | NA | IND-CCA2 | 1 | 699 | 935 | 699 | 32 | NA | NA |
| NTRU-HPS-2048-677 | NA | IND-CCA2 | 3 | 930 | 1234 | 930 | 32 | NA | NA |
| NTRU-HPS-4096-821 | NA | IND-CCA2 | 5 | 1230 | 1590 | 1230 | 32 | NA | NA |
| NTRU-HPS-4096-1229 | NA | IND-CCA2 | 5 | 1842 | 2366 | 1842 | 32 | NA | NA |
| NTRU-HRSS-701 | NA | IND-CCA2 | 3 | 1138 | 1450 | 1138 | 32 | NA | NA |
| NTRU-HRSS-1373 | NA | IND-CCA2 | 5 | 2401 | 2983 | 2401 | 32 | NA | NA |
## NTRU-HPS-2048-509 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## NTRU-HPS-2048-677 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HPS-4096-821 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HPS-4096-1229 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HRSS-701 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## NTRU-HRSS-1373 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

189
docs/algorithms/kem/ntru.yml Normal file
View File

@ -0,0 +1,189 @@
name: NTRU
type: kem
principal-submitters:
- John M. Schanck
auxiliary-submitters:
- Cong Chen
- Oussama Danba
- Jeffrey Hoffstein
- Andreas Hülsing
- Joost Rijneveld
- Tsunekazu Saito
- Peter Schwabe
- William Whyte
- Keita Xagawa
- Takashi Yamakawa
- Zhenfei Zhang
crypto-assumption: NTRU in Z[x]/(q, x^n-1) with prime n and power-of-two q
website: https://ntru.org/
standardization-status: Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Round3.zip), under standardization consideration by [NTT](https://info.isl.ntt.co.jp/crypt/ntru/index.html)
nist-round: 3
spec-version: NIST Round 3 submission
upstream-ancestors:
- https://github.com/jschanck/ntru/tree/a43a4457
parameter-sets:
- name: NTRU-HPS-2048-509
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 699
length-ciphertext: 699
length-secret-key: 935
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-2048-677
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 930
length-ciphertext: 930
length-secret-key: 1234
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-4096-821
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1230
length-ciphertext: 1230
length-secret-key: 1590
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HPS-4096-1229
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1842
length-ciphertext: 1842
length-secret-key: 2366
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HRSS-701
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1138
length-ciphertext: 1138
length-secret-key: 1450
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- name: NTRU-HRSS-1373
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 2401
length-ciphertext: 2401
length-secret-key: 2983
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: CC0-1.0
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6

34
docs/algorithms/kem/ntruprime.md Normal file
View File

@ -0,0 +1,34 @@
# NTRU-Prime
- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: NTRU.
- **Principal submitters**: Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, Bo-Yin Yang.
- **Authors' website**: https://ntruprime.cr.yp.to
- **Specification version**: supercop-20200826.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime, which takes it from:
- supercop-20210604
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 | NA | NA |
## sntrup761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

58
docs/algorithms/kem/ntruprime.yml Normal file
View File

@ -0,0 +1,58 @@
name: NTRU-Prime
type: kem
principal-submitters:
- Daniel J. Bernstein
- Billy Bob Brumley
- Ming-Shing Chen
- Chitchanok Chuengsatiansup
- Tanja Lange
- Adrian Marotzke
- Bo-Yuan Peng
- Nicola Tuveri
- Christine van Vredendaal
- Bo-Yin Yang
crypto-assumption: NTRU
website: https://ntruprime.cr.yp.to
nist-round: 3
spec-version: supercop-20200826
standardization-status: Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Prime-Round3.zip)
upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime
- supercop-20210604
parameter-sets:
- name: sntrup761
claimed-nist-level: 2
claimed-security: IND-CCA2
length-ciphertext: 1039
length-public-key: 1158
length-secret-key: 1763
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
supported-platforms: all
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
- upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags:
- avx2
common-crypto:
- AES: liboqs
- SHA2: liboqs
no-secret-dependent-branching-claimed: false
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
upstream: primary-upstream
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6

32
docs/algorithms/kem_BIG_QUAKE.md
View File

@ -1,32 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_BIG_QUAKE`
======================================================
Summary
-------
- **Name**: BIG QUAKE
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: module learning with errors (MLWE)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/BIG_QUAKE.zip
- **Submitters (to NIST competition)**: Alain Couvreur Magali Bardet Elise Barelli Olivier Blazy Rodolfo Canto-Torres Philippe Gaborit Ayoub Otmani Nicolas Sendrier Jean-Pierre Tillich
- **Submitters' website**: https://bigquake.inria.fr/
- **Added to liboqs by**: Shravan Mishra
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| BIG_QUAKE_1 | IND-CPA | 1 | 25482 | 14772 | 201 | 32 |
| BIG_QUAKE_3 | IND-CPA | 3 | 84132 | 30860 | 406 | 32 |
| BIG_QUAKE_5 | IND-CPA | 5 | 149800 | 41804 | 492 | 32 |
Implementation
--------------
- **Source of implementation:** https://bigquake.inria.fr/
- **License:** Public domain
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64

46
docs/algorithms/kem_bike.md
View File

@ -1,46 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_bike`
======================================================
Summary
-------
- **Name**: BIKE
- **Algorithm type**: Key Encapsulation Mechanism
- **Main cryptographic assumption**: Quasi Cyclic Syndrom Decoding (QCSD)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/BIKE.zip
- **Submitters (to NIST competition)**: Nicolas Aragon, Paulo Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Phillipe Gaborit, Shay Gueron, Tim Guneysu, Carlos Aguilar Melchor, Rafael Misoczki, Edoardo Persichetti, Nicolas Sendrier, Jean-Pierre Tillich, Gilles Zemor
- **Submitters' website**: http://bikesuite.org/
- **Added to liboqs by**: Shay Gueron and Nir Drucker.
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---------------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| BIKE1-L1 | IND-CPA | 1 | 2542 | 2542 | 2542 | 32 |
| BIKE1-L3 | IND-CPA | 3 | 4964 | 4964 | 4964 | 32 |
| BIKE1-L5 | IND-CPA | 5 | 8188 | 8188 | 8188 | 32 |
| BIKE2-L1 | IND-CPA | 1 | 2542 | 2542 | 2542 | 32 |
| BIKE2-L3 | IND-CPA | 3 | 4964 | 4964 | 4964 | 32 |
| BIKE2-L5 | IND-CPA | 5 | 8188 | 8188 | 8188 | 32 |
| BIKE3-L1 | IND-CPA | 1 | 2758 | 2758 | 2758 | 32 |
| BIKE3-L3 | IND-CPA | 3 | 5422 | 5422 | 5422 | 32 |
| BIKE3-L5 | IND-CPA | 5 | 9034 | 9034 | 9034 | 32 |
Implementation
--------------
- **Source of implementation:** This is a reference code (for functionality testing) that is based on the reference code of the Nist submission. This code was modified to use OpenSSL instead of NTL.
- **License:** MIT License
- **Language:** C
**Constant-time:** No
**Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
- The original BIKE implementation includes additional optimizations that are not currently being built in liboqs:
- CLMUL
- AES-NI
- AVX2
- AVX512

40
docs/algorithms/kem_frodokem.md
View File

@ -1,40 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_frodokem`
======================================================
Summary
-------
- **Name**: FrodoKEM
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: learning with errors (LWE)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/Frodo.zip
- **Submitters (to NIST competition)**: Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, Douglas Stebila
- **Submitters' website**: https://frodokem.org/
- **Added to liboqs by**: Douglas Stebila
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---------------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| FrodoKEM-640-AES | IND-CCA | 1 | 9616 | 19872 | 9736 | 16 |
| FrodoKEM-640-cSHAKE | IND-CCA | 1 | 9616 | 19872 | 9736 | 16 |
| FrodoKEM-976-AES | IND-CCA | 3 | 15632 | 31272 | 15768 | 24 |
| FrodoKEM-976-cSHAKE | IND-CCA | 3 | 15632 | 31272 | 15768 | 24 |
Implementation
--------------
- **Source of implementation:** https://github.com/Microsoft/PQCrypto-LWEKE
- **License:** MIT License
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
The original FrodoKEM implementation includes optimizations that are not currently being built in liboqs:
- AES-NI
- AVX2

36
docs/algorithms/kem_kyber.md
View File

@ -1,36 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_kyber`
===================================================
Summary
-------
- **Name**: CRYSTALS-KYBER
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: module learning with errors (MLWE)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/CRYSTALS_Kyber.zip
- **Submitters (to NIST competition)**: Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehle
- **Submitters' website**: https://pq-crystals.org/
- **Added to liboqs by**: Tancrède Lepoint
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| Kyber512 | IND-CCA | 1 | 736 | 1632 | 800 | 32 |
| Kyber768 | IND-CCA | 3 | 1088 | 2400 | 1152 | 32 |
| Kyber1024 | IND-CCA | 5 | 1440 | 3168 | 1504 | 32 |
Implementation
--------------
- **Source of implementation:** https://github.com/pq-crystals/liboqs
- **License:** Public domain
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
https://github.com/pq-crystals/kyber includes an AVX2 optimized implementation.

37
docs/algorithms/kem_ledakem.md
View File

@ -1,37 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_ledakem`
======================================================
Summary
-------
- **Name**: LedaKEM
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: Niederreiter cryptosystem based on linear error-correcting codes
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/LEDAkem.zip
- **Submitters (to NIST competition)**: Marco Baldi Alessandro Barenghi Franco Chiaraluce Gerardo Pelosi Paolo Santini
- **Submitters' website**: https://www.ledacrypt.org/LEDAkem/
- **Added to liboqs by**: Shravan Mishra
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|----------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| LEDAKEM_C1_N02 | IND-CCA | 1 | 3480 | 24 | 3480 | 32 |
| LEDAKEM_C1_N03 | IND-CCA | 1 | 4688 | 24 | 2344 | 32 |
| LEDAKEM_C1_N04 | IND-CCA | 1 | 6408 | 24 | 2136 | 32 |
| LEDAKEM_C3_N02 | IND-CCA | 3 | 7200 | 32 | 7200 | 48 |
| LEDAKEM_C3_N03 | IND-CCA | 3 | 10384 | 32 | 5192 | 48 |
| LEDAKEM_C3_N04 | IND-CCA | 3 | 13152 | 32 | 4384 | 48 |
| LEDAKEM_C5_N02 | IND-CCA | 5 | 12384 | 40 | 12384 | 64 |
| LEDAKEM_C5_N03 | IND-CCA | 5 | 18016 | 40 | 9008 | 64 |
| LEDAKEM_C5_N04 | IND-CCA | 5 | 22704 | 40 | 7568 | 64 |
Implementation
--------------
- **Source of implementation:** https://github.com/LEDAcrypt/LEDAkem
- **License:** MIT License
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64

34
docs/algorithms/kem_lima.md
View File

@ -1,34 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_lima`
==================================================
Summary
-------
- **Name**: LIMA
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: ring learning with errors (RLWE)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/Lima.zip
- **Submitters (to NIST competition)**: Nigel P. Smart, Martin R. Albrecht, Yehuda Lindell, Emmanuela Orsini, Valery Osheter, Kenny Paterson, Guy Peer
- **Submitters' website**: https://lima-pq.github.io/
- **Added to liboqs by**: Douglas Stebila
Parameter sets
--------------
| | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|----------------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| Lima-2p-1024-CCA-KEM | IND-CCA | 3 | 6145 | 9217 | 4227 | 32 |
| Lima-2p-2048-CCA-KEM | IND-CCA | 4 | 12289 | 18433 | 7299 | 32 |
| Lima-sp-1018-CCA-KEM | IND-CCA | 1 | 6109 | 9163 | 4209 | 32 |
| Lima-sp-1306-CCA-KEM | IND-CCA | 2 | 10449 | 15673 | 6763 | 32 |
| Lima-sp-1822-CCA-KEM | IND-CCA | 3 | 14577 | 21865 | 8827 | 32 |
| Lima-sp-2062-CCA-KEM | IND-CCA | 4 | 16497 | 24745 | 9787 | 32 |
Implementation
--------------
- **Source of implementation:** https://lima-pq.github.io/ optimized implementation
- **License:** Public domain
- **Language:** C
- **Constant-time:** Unknown
- **Architectures supported in liboqs nist-branch**: x86, x64

35
docs/algorithms/kem_newhopenist.md
View File

@ -1,35 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_newhopenist`
=========================================================
Summary
-------
- **Name**: NewHopeNIST
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: ring learning with errors (RLWE)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/NewHope.zip
- **Submitters (to NIST competition)**: Thomas Poppelmann, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Peter Schwabe, Douglas Stebila
- **Submitters' website**: http://newhopecrypto.org/
- **Added to liboqs by**: Douglas Stebila
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---------------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| NewHope512-CCA-KEM | IND-CCA | 1 | 928 | 1888 | 1120 | 32 |
| NewHope1024-CCA-KEM | IND-CCA | 5 | 1824 | 3680 | 2208 | 32 |
Implementation
--------------
- **Source of implementation:** https://newhopecrypto.org/data/NewHope_2017_12_21.zip
- **License:** Public domain
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
None.

36
docs/algorithms/kem_saber.md
View File

@ -1,36 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_saber`
===================================================
Summary
-------
- **Name**: SABER
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: module learning with rounding (MLWR)
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/SABER.zip
- **Submitters (to NIST competition)**: Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren
- **Submitters' website**: https://github.com/Angshumank/SABER
- **Added to liboqs by**: Douglas Stebila
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|----------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| LightSaber-KEM | IND-CCA | 1 | 672 | 1568 | 736 | 32 |
| Saber-KEM | IND-CCA | 3 | 992 | 2304 | 1088 | 32 |
| FireSaber-KEM | IND-CCA | 5 | 1312 | 3040 | 1472 | 32 |
Implementation
--------------
- **Source of implementation:** https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/SABER.zip
- **License:** Public domain
- **Language:** C
- **Constant-time:** Unknown
- **Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
None.

35
docs/algorithms/kem_sike.md
View File

@ -1,35 +0,0 @@
liboqs nist-branch algorithm datasheet: `kem_sike`
==================================================
Summary
-------
- **Name**: Sike
- **Algorithm type**: key encapsulation mechanism
- **Main cryptographic assumption**: (supersingular) isogeny walk problem
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/SIKE.zip
- **Submitters (to NIST competition)**: David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik
- **Submitters' website**:
- **Added to liboqs by**: Christian Paquin
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|-----------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:-----------------------:|:--------------------------:|
| Sike-p503 | IND-CCA | 1 | 378 | 434 | 402 | 16 |
| Sike-p751 | IND-CCA | 3 | 564 | 644 | 596 | 24 |
Implementation
--------------
- **Source of implementation:** https://github.com/Microsoft/PQCrypto-SIDH
- **License:** MIT License
- **Language:** C
- **Constant-time:** Yes
- **Architectures supported in liboqs nist-branch**: x86, x64
Additional comments
-------------------
The original Sike implementation includes optimizations that are not currently being built in liboqs. See src/kem/sike/upstream/README for details.

203
docs/algorithms/sig/cross.md Normal file
View File

@ -0,0 +1,203 @@
# CROSS
- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: hardness of the restricted syndrome decoding problem for random linear codes on a finite field.
- **Principal submitters**: Marco Baldi, Alessandro Barenghi, Michele Battagliola, Sebastian Bitzer, Patrick Karl, Felice Manganiello, Alessio Pavoni, Gerardo Pelosi, Federico Pintore, Paolo Santini, Jonas Schupp, Edoardo Signorini, Freeman Slaughter, Antonia Wachter-Zeh, Violetta Weger.
- **Auxiliary submitters**: Marco Gianvecchio.
- **Authors' website**: https://www.cross-crypto.com/
- **Specification version**: 2.2 + PQClean and OQS patches.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/c8f7411fed136f0e37600973fa3dbed53465e54f
- **Implementation license (SPDX-Identifier)**: CC0-1.0
## Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| cross-rsdp-128-balanced | NA | EUF-CMA | 1 | 77 | 32 | 13152 |
| cross-rsdp-128-fast | NA | EUF-CMA | 1 | 77 | 32 | 18432 |
| cross-rsdp-128-small | NA | EUF-CMA | 1 | 77 | 32 | 12432 |
| cross-rsdp-192-balanced | NA | EUF-CMA | 3 | 115 | 48 | 29853 |
| cross-rsdp-192-fast | NA | EUF-CMA | 3 | 115 | 48 | 41406 |
| cross-rsdp-192-small | NA | EUF-CMA | 3 | 115 | 48 | 28391 |
| cross-rsdp-256-balanced | NA | EUF-CMA | 5 | 153 | 64 | 53527 |
| cross-rsdp-256-fast | NA | EUF-CMA | 5 | 153 | 64 | 74590 |
| cross-rsdp-256-small | NA | EUF-CMA | 5 | 153 | 64 | 50818 |
| cross-rsdpg-128-balanced | NA | EUF-CMA | 1 | 54 | 32 | 9120 |
| cross-rsdpg-128-fast | NA | EUF-CMA | 1 | 54 | 32 | 11980 |
| cross-rsdpg-128-small | NA | EUF-CMA | 1 | 54 | 32 | 8960 |
| cross-rsdpg-192-balanced | NA | EUF-CMA | 3 | 83 | 48 | 22464 |
| cross-rsdpg-192-fast | NA | EUF-CMA | 3 | 83 | 48 | 26772 |
| cross-rsdpg-192-small | NA | EUF-CMA | 3 | 83 | 48 | 20452 |
| cross-rsdpg-256-balanced | NA | EUF-CMA | 5 | 106 | 64 | 40100 |
| cross-rsdpg-256-fast | NA | EUF-CMA | 5 | 106 | 64 | 48102 |
| cross-rsdpg-256-small | NA | EUF-CMA | 5 | 106 | 64 | 36454 |
## cross-rsdp-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## cross-rsdp-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdp-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-128-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-192-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-balanced implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-fast implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
## cross-rsdpg-256-small implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | True |
| [Primary Source](#primary-source) | avx2 | x86\_64 | All | AVX2 | True | True | True |
Are implementations chosen based on runtime CPU feature detection? **No**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

535
docs/algorithms/sig/cross.yml Normal file
View File

@ -0,0 +1,535 @@
name: CROSS
type: signature
principal-submitters:
- Marco Baldi
- Alessandro Barenghi
- Michele Battagliola
- Sebastian Bitzer
- Patrick Karl
- Felice Manganiello
- Alessio Pavoni
- Gerardo Pelosi
- Federico Pintore
- Paolo Santini
- Jonas Schupp
- Edoardo Signorini
- Freeman Slaughter
- Antonia Wachter-Zeh
- Violetta Weger
auxiliary-submitters:
- Marco Gianvecchio
crypto-assumption: hardness of the restricted syndrome decoding problem for random
linear codes on a finite field
website: https://www.cross-crypto.com/
nist-round: 2
standardization-status: Under [NIST](https://www.cross-crypto.com/CROSS_Specification_v2.2.pdf)
consideration
spec-version: 2.2 + PQClean and OQS patches
primary-upstream:
source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/c8f7411fed136f0e37600973fa3dbed53465e54f
spdx-license-identifier: CC0-1.0
parameter-sets:
- name: cross-rsdp-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 13152
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 18432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-128-small
oqs_alg: OQS_SIG_alg_cross_rsdp_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 77
length-secret-key: 32
length-signature: 12432
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 29853
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 41406
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-192-small
oqs_alg: OQS_SIG_alg_cross_rsdp_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 115
length-secret-key: 48
length-signature: 28391
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 53527
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdp-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 74590
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdp-256-small
oqs_alg: OQS_SIG_alg_cross_rsdp_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 153
length-secret-key: 64
length-signature: 50818
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-128-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 9120
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 11980
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-128-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 54
length-secret-key: 32
length-signature: 8960
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 22464
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 26772
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-192-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 83
length-secret-key: 48
length-signature: 20452
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- name: cross-rsdpg-256-balanced
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 40100
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-fast
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 48102
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: cross-rsdpg-256-small
oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 106
length-secret-key: 64
length-signature: 36454
implementations-switch-on-runtime-cpu-features: false
implementations:
- upstream: primary-upstream
upstream-id: clean
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true

Some files were not shown because too many files have changed in this diff Show More