9e964cad5b
* copy from slhdsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * integrate with copy from upstream Signed-off-by: h2parson <h2parson@uwaterloo.ca> * explicitly list slhdsa files to include and push generated code Signed-off-by: h2parson <h2parson@uwaterloo.ca> * format code script Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add to requirements.in Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix code conventions Signed-off-by: h2parson <h2parson@uwaterloo.ca> * copy from upstream changes Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add chdir to copy from slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modify template Signed-off-by: h2parson <h2parson@uwaterloo.ca> * generate requirements.txt Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modify requirments in workflows Signed-off-by: h2parson <h2parson@uwaterloo.ca> * format Signed-off-by: h2parson <h2parson@uwaterloo.ca> * a Signed-off-by: h2parson <h2parson@uwaterloo.ca> * sort filenames in cmake file generation for slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add newline at end of header file Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add whitespace and fix alg info tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * update docs with copy from upstream Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add whitespace to src files Signed-off-by: h2parson <h2parson@uwaterloo.ca> * initialize ctx in slh Signed-off-by: h2parson <h2parson@uwaterloo.ca> * explicitly set little endian for windows x86 Signed-off-by: h2parson <h2parson@uwaterloo.ca> * temporarily disable ctx signing for slh tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * disable kats until hashes available for slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix issues in test sig mem Signed-off-by: h2parson <h2parson@uwaterloo.ca> * temporarily add namespaces so that slh dsa will not break test namespace Signed-off-by: h2parson <h2parson@uwaterloo.ca> * updates Signed-off-by: h2parson <h2parson@uwaterloo.ca> * formatted file Signed-off-by: h2parson <h2parson@uwaterloo.ca> * align jinja template to astyle Signed-off-by: h2parson <h2parson@uwaterloo.ca> * change addrnd size Signed-off-by: h2parson <h2parson@uwaterloo.ca> * copy from slhdsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * integrate with copy from upstream Signed-off-by: h2parson <h2parson@uwaterloo.ca> * explicitly list slhdsa files to include and push generated code Signed-off-by: h2parson <h2parson@uwaterloo.ca> * format code script Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add to requirements.in Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix code conventions Signed-off-by: h2parson <h2parson@uwaterloo.ca> * copy from upstream changes Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add chdir to copy from slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modify template Signed-off-by: h2parson <h2parson@uwaterloo.ca> * generate requirements.txt Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modify requirments in workflows Signed-off-by: h2parson <h2parson@uwaterloo.ca> * format Signed-off-by: h2parson <h2parson@uwaterloo.ca> * a Signed-off-by: h2parson <h2parson@uwaterloo.ca> * sort filenames in cmake file generation for slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add newline at end of header file Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add whitespace and fix alg info tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * update docs with copy from upstream Signed-off-by: h2parson <h2parson@uwaterloo.ca> * add whitespace to src files Signed-off-by: h2parson <h2parson@uwaterloo.ca> * initialize ctx in slh Signed-off-by: h2parson <h2parson@uwaterloo.ca> * explicitly set little endian for windows x86 Signed-off-by: h2parson <h2parson@uwaterloo.ca> * temporarily disable ctx signing for slh tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * disable kats until hashes available for slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix issues in test sig mem Signed-off-by: h2parson <h2parson@uwaterloo.ca> * temporarily add namespaces so that slh dsa will not break test namespace Signed-off-by: h2parson <h2parson@uwaterloo.ca> * updates Signed-off-by: h2parson <h2parson@uwaterloo.ca> * formatted file Signed-off-by: h2parson <h2parson@uwaterloo.ca> * align jinja template to astyle Signed-off-by: h2parson <h2parson@uwaterloo.ca> * change addrnd size Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix std algs filtering issue Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modifying windows amd toolchain file to fix endianness issue Signed-off-by: h2parson <h2parson@uwaterloo.ca> * disable leak testing on slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * disable slh dsa for arm emulated linux and zephyr tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix zephyr test skip logic Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix upstream issue with prehash naming and add variant specific nist levels Signed-off-by: h2parson <h2parson@uwaterloo.ca> * automatically update slh dsa yml file Signed-off-by: h2parson <h2parson@uwaterloo.ca> * get slh dsa md file generation working Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix naming in slh wrapper files Signed-off-by: h2parson <h2parson@uwaterloo.ca> * minor changes from review Signed-off-by: h2parson <h2parson@uwaterloo.ca> * separate slh dsa jobs from stfl sigs Signed-off-by: h2parson <h2parson@uwaterloo.ca> * separate slhdsa from sig stfl tests on mac and windows Signed-off-by: h2parson <h2parson@uwaterloo.ca> * fix macos yml format Signed-off-by: h2parson <h2parson@uwaterloo.ca> * modify zephyr timeout Signed-off-by: h2parson <h2parson@uwaterloo.ca> * re-enable some tests for slh dsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> * separate leak tests Signed-off-by: h2parson <h2parson@uwaterloo.ca> * allow algorithm family level enablement and reconfigure slhdsa CI jobs Signed-off-by: h2parson <h2parson@uwaterloo.ca> * move slh dsa address sanitizer to extended tests and extend time limit to 90 minutes Signed-off-by: h2parson <h2parson@uwaterloo.ca> * remove package deb from CI job, remove auto gen kat sig for slhdsa, add prime ctx step for sig testing slhdsa Signed-off-by: h2parson <h2parson@uwaterloo.ca> --------- Signed-off-by: h2parson <h2parson@uwaterloo.ca>
Zephyr Project Port
liboqs can be used as a module for the Zephyr RTOS.
Installation
You have to add liboqs to your West workspace using a West Manifest
In your manifest file (west.yml), add the following:
remotes:
# <other remotes>
- name: liboqs
url-base: https://github.com/open-quantum-safe
projects:
# <other projects>
- name: liboqs
path: modules/crypto/liboqs
revision: main
remote: liboqs
After adding the new information to your manifest file, run west update to download and install liboqs as a Zephyr module. After that, you can use it in your projects.
Currently, Zephyr versions 3.4 and 3.5 are supported. Please feel free to open an issue or a PR in case you need another version supported (without guarantee that older versions can be supported at all).
Usage
Disclaimer regarding random number generation
In order to properly use the Zephyr port of liboqs, you have to provide a custom callback function for random number generation using the OQS_randombytes_custom_algorithm() API. Otherwise, all key generation and signing operations will fail.
In the two provided sample applications (also see Samples), a callback is set using the default sys_rand_get() method from Zephyr. This method, however, does not provide random data suitable for cryptographic operations and is only good for testing purposes. Make sure to use a proper entroy source from your hardware to obtain actual random data.
Configuration
The port provides a variety of configurable options using Kconfig. Once you have the liboqs module enabled with CONFIG_LIBOQS=y, you can manually enable or disable specific KEM or Signature algorithms using the LIBOQS_ENABLE_KEM_xxx and LIBOQS_ENABLE_SIG_xxx options.
The algorithms to be standardized by NIST are enabled by default, all others are disabled by default.
Supported architectures
At the moment, the following architectures are supported with the Zephyr port:
- 32-bit ARM
- 64-bit ARM
- x86
- Native Posix
Other architectures supported by Zephyr are not supported with this port, as liboqs itself doesn't support these architectures (the modules can't be enabled in those cases). Please feel free to raise an issue or PR in case a new architecture is required.
Samples
Two sample applications are provided, demonstrating the usage of the library from within Zephyr. See samples/KEMs and samples/Signatures.