f629296e28
* Removed upstream `name: pqcrystals-dilithium` and signature `name: dilithium` from `copy_from_upstream.yml`. Removed everything under `src/sig/dilithium` Re-run `copy_from_upstream.py -d copy`, which produced downstream changes to various build files. Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium entries from kats.json Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium entries from constant_time tests Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed dilithium.yml and dilithium.md. Re-run copy_from_upstream.py, which also updated README.md and cbom.json Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed Dilithium from FUZZING.md Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * removed license information about pqclean Dilithium and pqcrystals-dilithium from README.md. README.md still mentions Dilithium but only to say that it has been excluded Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Upgraded CONFIGURE.md minimal build example to ML-KEM-768 and ML-DSA-44 Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Upgraded C++ sig linking test to ML-DSA-44; also added option to make the test fail hard if the algorithm is not enabled Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium from GitHub action workflows Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * removed Dilithium from zephyr configuration and examples Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed scripts/copy_from_upstream/patches/pqclean-dilithium-arm-randomized-signing.patch Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed dilithium from upstream.name==pqclean.ignore Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed orphaned patches Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> --------- Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
Zephyr Project Port
liboqs can be used as a module for the Zephyr RTOS.
Installation
You have to add liboqs to your West workspace using a West Manifest
In your manifest file (west.yml), add the following:
remotes:
# <other remotes>
- name: liboqs
url-base: https://github.com/open-quantum-safe
projects:
# <other projects>
- name: liboqs
path: modules/crypto/liboqs
revision: main
remote: liboqs
After adding the new information to your manifest file, run west update to download and install liboqs as a Zephyr module. After that, you can use it in your projects.
Currently, Zephyr versions 3.4 and 3.5 are supported. Please feel free to open an issue or a PR in case you need another version supported (without guarantee that older versions can be supported at all).
Usage
Disclaimer regarding random number generation
In order to properly use the Zephyr port of liboqs, you have to provide a custom callback function for random number generation using the OQS_randombytes_custom_algorithm() API. Otherwise, all key generation and signing operations will fail.
In the two provided sample applications (also see Samples), a callback is set using the default sys_rand_get() method from Zephyr. This method, however, does not provide random data suitable for cryptographic operations and is only good for testing purposes. Make sure to use a proper entroy source from your hardware to obtain actual random data.
Configuration
The port provides a variety of configurable options using Kconfig. Once you have the liboqs module enabled with CONFIG_LIBOQS=y, you can manually enable or disable specific KEM or Signature algorithms using the LIBOQS_ENABLE_KEM_xxx and LIBOQS_ENABLE_SIG_xxx options.
The algorithms to be standardized by NIST are enabled by default, all others are disabled by default.
Supported architectures
At the moment, the following architectures are supported with the Zephyr port:
- 32-bit ARM
- 64-bit ARM
- x86
- Native Posix
Other architectures supported by Zephyr are not supported with this port, as liboqs itself doesn't support these architectures (the modules can't be enabled in those cases). Please feel free to raise an issue or PR in case a new architecture is required.
Samples
Two sample applications are provided, demonstrating the usage of the library from within Zephyr. See samples/KEMs and samples/Signatures.