Skip to content

Commit

Permalink
Merge branch 'open-quantum-safe:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@jplomas
jplomas authored Aug 30, 2024
2 parents 267c95e + 6d92fc4 commit 06ba2e5
Show file tree
Hide file tree
Showing 232 changed files with 88,832 additions and 999 deletions.
33 changes: 27 additions & 6 deletions .CMake/alg_support.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,8 @@ cmake_dependent_option(OQS_ENABLE_KEM_kyber_768 "" ON "OQS_ENABLE_KEM_KYBER" OFF
cmake_dependent_option(OQS_ENABLE_KEM_kyber_1024 "" ON "OQS_ENABLE_KEM_KYBER" OFF)

option(OQS_ENABLE_KEM_ML_KEM "Enable ml_kem algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)

option(OQS_ENABLE_SIG_DILITHIUM "Enable dilithium algorithm family" ON)
Expand Down Expand Up @@ -174,6 +171,15 @@ cmake_dependent_option(OQS_ENABLE_SIG_mayo_3 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END

##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_START
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))

option(OQS_ENABLE_LIBJADE_KEM_KYBER "Enable libjade implementation of kyber algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_512 "" ON "OQS_ENABLE_LIBJADE_KEM_KYBER" OFF)
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_768 "" ON "OQS_ENABLE_LIBJADE_KEM_KYBER" OFF)
endif()
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_END

if((OQS_MINIMAL_BUILD STREQUAL "ON"))
message(FATAL_ERROR "OQS_MINIMAL_BUILD option ${OQS_MINIMAL_BUILD} no longer supported")
endif()
Expand Down Expand Up @@ -311,21 +317,18 @@ endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()
Expand Down Expand Up @@ -530,6 +533,24 @@ endif()

##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END

##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_START
if ((OQS_LIBJADE_BUILD STREQUAL "ON"))

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_512_avx2 "" ON "OQS_ENABLE_LIBJADE_KEM_kyber_512" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_kyber_768_avx2 "" ON "OQS_ENABLE_LIBJADE_KEM_kyber_768" OFF)
endif()
endif()

endif()
##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END

option(OQS_ENABLE_SIG_STFL_XMSS "Enable XMSS algorithm family" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h10 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_STFL_xmss_sha256_h16 "" ON "OQS_ENABLE_SIG_STFL_XMSS" OFF)
Expand Down
10 changes: 0 additions & 10 deletions .dsci.yml
View file

This file was deleted.

11 changes: 6 additions & 5 deletions .github/workflows/commit-to-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,13 @@ jobs:
run: |
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
&& grep -q "201" curl_out
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"ref":"OQS-v9"}' \
https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \
&& grep -q "204" curl_out
- name: Trigger oqs-provider CI
run: |
curl --silent \
Expand Down
77 changes: 66 additions & 11 deletions .github/workflows/unix.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,13 @@ name: Linux and MacOS tests
permissions:
contents: read

on: [ push, pull_request ]
on: [ push, pull_request , workflow_dispatch]

env:
# Semi-colon separated list of algorithims with libjade implementations to
# be passed as input to CMake option as: -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
# See CONFIGURE.md under ## OQS_MINIMAL_BUILD
LIBJADE_ALG_LIST: "KEM_kyber_512;KEM_kyber_768"

jobs:

Expand All @@ -23,20 +29,32 @@ jobs:

upstreamcheck:
name: Check upstream code is properly integrated
strategy:
fail-fast: false
matrix:
copy-mode:
- copy
- libjade
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
runs-on: ubuntu-latest
steps:
- name: Setup nix
uses: cachix/install-nix-action@v26
- name: Setup jasmin-compiler
run: |
nix-channel --add https://nixos.org/channels/nixos-23.11 nixpkgs && \
nix-channel --update && nix-env -iA nixpkgs.jasmin-compiler
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Verify copy_from_upstream state
- name: Verify copy_from_upstream state after "${{ matrix.copy-mode}}"
run: |
git config --global user.name "ciuser" && \
git config --global user.email "[email protected]" && \
export LIBOQS_DIR=`pwd` && \
git config --global --add safe.directory $LIBOQS_DIR && \
cd scripts/copy_from_upstream && \
! pip3 install --require-hashes -r requirements.txt 2>&1 | grep ERROR && \
python3 copy_from_upstream.py copy && \
python3 copy_from_upstream.py ${{ matrix.copy-mode }} && \
! git status | grep modified
buildcheck:
Expand All @@ -45,12 +63,14 @@ jobs:
strategy:
matrix:
include:
- arch: arm64
runner: oqs-arm64
- arch: x86_64
runner: ubuntu-latest
- runner: oqs-arm64
container: openquantumsafe/ci-ubuntu-focal-arm64:latest
- runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
runs-on: ${{ matrix.runner }}
container: openquantumsafe/ci-ubuntu-focal-${{ matrix.arch }}:latest
container: ${{ matrix.container }}
env:
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
Expand All @@ -74,7 +94,7 @@ jobs:
- name: Build documentation
run: ninja gen_docs
working-directory: build
if: matrix.arch == 'x86_64'
if: matrix.runner == 'ubuntu-latest'

linux:
needs: buildcheck
Expand All @@ -92,6 +112,11 @@ jobs:
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
- name: alpine-no-stfl-key-sig-gen
runner: ubuntu-latest
container: openquantumsafe/ci-alpine-amd64:latest
Expand Down Expand Up @@ -122,6 +147,11 @@ jobs:
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: focal-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: focal-shared-noopenssl
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
Expand All @@ -137,11 +167,21 @@ jobs:
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3-dlopen-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: address-sanitizer
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
Expand All @@ -152,6 +192,11 @@ jobs:
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
- name: address-sanitizer-libjade
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
runs-on: ${{ matrix.runner }}
container:
image: ${{ matrix.container }}
Expand All @@ -178,7 +223,7 @@ jobs:
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512-ipd:\n isnull: true"'
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"'
working-directory: build

linux_arm_emulated:
Expand Down Expand Up @@ -265,6 +310,16 @@ jobs:
- -DCMAKE_C_COMPILER=gcc-13
- -DOQS_USE_OPENSSL=OFF
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
libjade-build:
- -DOQS_LIBJADE_BUILD=OFF
# Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by
# libjade to minimise repeated tests
- -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
exclude:
# macos-14 runs on aarch64, libjade targets x86
# Skip testing libjade on macos-14
- os: macos-14
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
runs-on: ${{ matrix.os }}
steps:
- name: Install Python
Expand All @@ -280,7 +335,7 @@ jobs:
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N ..
- name: Build
run: ninja
working-directory: build
Expand Down
19 changes: 17 additions & 2 deletions .github/workflows/weekly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ permissions:
on:
schedule:
- cron: "5 0 * * 0"
workflow_dispatch:

env:
# Semi-colon separated list of algorithims with libjade implementations to
# be passed as input to CMake option as: -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
# See CONFIGURE.md under ## OQS_MINIMAL_BUILD
LIBJADE_ALG_LIST: "KEM_kyber_512;KEM_kyber_768"

jobs:
constant-time-x64:
Expand All @@ -28,7 +35,7 @@ jobs:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
Expand All @@ -48,15 +55,23 @@ jobs:
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: generic-libjade
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
- name: extensions-libjade
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST
PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
container:
image: ${{ matrix.container }}
steps:
- name: Checkout code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
- name: Build
Expand Down
21 changes: 0 additions & 21 deletions .travis.yml
View file

This file was deleted.

Loading

0 comments on commit 06ba2e5

Please sign in to comment.