Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/actions/config-variations/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ runs:
func: true
kat: true
acvp: true
sign_hook: false # SIGN_HOOK_RESUME is incompatible with KEYGEN_PCT
opt: ${{ inputs.opt }}
examples: true
extra_args: "--exclude-example basic_deterministic"
Expand Down Expand Up @@ -62,6 +63,7 @@ runs:
kat: true
acvp: true
alloc: true
sign_hook: false # SIGN_HOOK_RESUME is incompatible with KEYGEN_PCT
opt: ${{ inputs.opt }}
examples: true
extra_args: "--exclude-example basic_deterministic"
Expand Down Expand Up @@ -107,6 +109,7 @@ runs:
extra_env: 'ASAN_OPTIONS=detect_leaks=1'
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom zeroization (explicit_bzero)"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-zeroize') }}
Expand All @@ -122,6 +125,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom native capability functions (static ON)"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ON') }}
Expand All @@ -137,6 +141,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom native capability functions (static OFF)"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'native-cap-OFF') }}
Expand All @@ -152,6 +157,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom native capability functions (ID_AA64PFR1_EL1 detection)"
if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-ID_AA64PFR1_EL1')) && runner.os == 'Linux' && runner.arch == 'ARM64' }}
Expand All @@ -167,6 +173,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom native capability functions (CPUID AVX2 detection)"
if: ${{ (inputs.tests == 'all' || contains(inputs.tests, 'native-cap-CPUID_AVX2')) && runner.os == 'Linux' && runner.arch == 'X64' }}
Expand All @@ -182,6 +189,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "No ASM"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'no-asm') }}
Expand All @@ -197,6 +205,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Serial FIPS202 (no batched Keccak)"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'serial-fips202') }}
Expand All @@ -212,6 +221,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom randombytes"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-randombytes') }}
Expand All @@ -227,6 +237,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: false # Uses its own randombytes implementation
- name: "Custom memcpy"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memcpy') }}
Expand All @@ -242,6 +253,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom memset"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-memset') }}
Expand All @@ -257,6 +269,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Custom stdlib (memcpy + memset)"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'custom-stdlib') }}
Expand All @@ -272,6 +285,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "MLD_POLY_UNIFORM_NBLOCKS=1"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'nblocks-1') }}
Expand All @@ -287,6 +301,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "MLD_POLY_UNIFORM_NBLOCKS=4"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'nblocks-4') }}
Expand All @@ -302,6 +317,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "MLD_POLY_UNIFORM_NBLOCKS=6"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'nblocks-6') }}
Expand All @@ -317,6 +333,7 @@ runs:
opt: ${{ inputs.opt }}
examples: false # Some examples use a custom config themselves
alloc: false # Requires custom config
sign_hook: false # Requires custom config
rng_fail: true
- name: "Keygen-only API"
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'keygen-only') }}
Expand Down
8 changes: 6 additions & 2 deletions .github/actions/functest/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ inputs:
alloc:
description: Determine whether to run alloc tests or not
default: "true"
sign_hook:
description: Determine whether to run sign hook tests or not
default: "true"
rng_fail:
description: Determine whether to run rng fail tests or not
default: "true"
Expand All @@ -88,6 +91,7 @@ runs:
echo EXAMPLES="${{ inputs.examples == 'true' && 'examples' || 'no-examples' }}" >> $GITHUB_ENV
echo STACK="${{ inputs.stack == 'true' && 'stack' || 'no-stack' }}" >> $GITHUB_ENV
echo ALLOC="${{ inputs.alloc == 'true' && 'alloc' || 'no-alloc' }}" >> $GITHUB_ENV
echo SIGN_HOOK="${{ inputs.sign_hook == 'true' && 'sign-hook' || 'no-sign-hook' }}" >> $GITHUB_ENV
echo RNGFAIL="${{ inputs.rng_fail == 'true' && 'rng-fail' || 'no-rng-fail' }}" >> $GITHUB_ENV
- name: Setup nix
uses: ./.github/actions/setup-shell
Expand Down Expand Up @@ -119,11 +123,11 @@ runs:
- $(python3 --version)
- $(${{ inputs.cross_prefix }}${CC} --version | grep -m1 "")
EOF
- name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }}, ${{ env.ALLOC }}, ${{ env.RNGFAIL }})
- name: ${{ env.MODE }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.EXAMPLES }}, ${{ env.STACK }}, ${{ env.UNIT }}, ${{ env.ALLOC }}, ${{ env.SIGN_HOOK }}, ${{ env.RNGFAIL }})
shell: ${{ env.SHELL }}
run: |
make clean
${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.WYCHEPROOF }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} --${{ env.ALLOC }} --${{ env.RNGFAIL }} -v ${{ inputs.extra_args }}
${{ inputs.extra_env }} ./scripts/tests all ${{ inputs.check_namespace == 'true' && '--check-namespace' || ''}} --exec-wrapper="${{ inputs.exec_wrapper }}" --cross-prefix="${{ inputs.cross_prefix }}" --cflags="${{ inputs.cflags }}" --ldflags="${{ inputs.ldflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.ACVP }} --${{ env.WYCHEPROOF }} --${{ env.EXAMPLES }} --${{ env.STACK }} --${{ env.UNIT }} --${{ env.ALLOC }} --${{ env.SIGN_HOOK }} --${{ env.RNGFAIL }} -v ${{ inputs.extra_args }}
- name: Post ${{ env.MODE }} Tests
shell: ${{ env.SHELL }}
if: success() || failure()
Expand Down
10 changes: 10 additions & 0 deletions .github/actions/multi-functest/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ inputs:
alloc:
description: Determine whether to run alloc tests or not
default: "true"
sign_hook:
description: Determine whether to run sign hook tests or not
default: "true"
rng_fail:
description: Determine whether to run rng fail tests or not
default: "true"
Expand Down Expand Up @@ -96,6 +99,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -122,6 +126,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -148,6 +153,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -174,6 +180,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -200,6 +207,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -226,6 +234,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand All @@ -252,6 +261,7 @@ runs:
check_namespace: ${{ inputs.check_namespace }}
stack: ${{ inputs.stack }}
alloc: ${{ inputs.alloc }}
sign_hook: ${{ inputs.sign_hook }}
rng_fail: ${{ inputs.rng_fail }}
extra_args: ${{ inputs.extra_args }}
extra_env: ${{ inputs.extra_env }}
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -435,6 +435,7 @@ jobs:
stack: false
unit: true
alloc: false
sign_hook: false # Requires custom config
rng_fail: false
check_namespace: false
# Disable AArch64 SHA3 extension: valgrind cannot emulate it
Expand Down
2 changes: 2 additions & 0 deletions BIBLIOGRAPHY.md
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ source code and documentation.
- [test/configs/no_asm_config.h](test/configs/no_asm_config.h)
- [test/configs/serial_fips202_config.h](test/configs/serial_fips202_config.h)
- [test/configs/test_alloc_config.h](test/configs/test_alloc_config.h)
- [test/configs/test_sign_hook_config.h](test/configs/test_sign_hook_config.h)

### `FIPS202`

Expand Down Expand Up @@ -166,6 +167,7 @@ source code and documentation.
- [test/configs/no_asm_config.h](test/configs/no_asm_config.h)
- [test/configs/serial_fips202_config.h](test/configs/serial_fips202_config.h)
- [test/configs/test_alloc_config.h](test/configs/test_alloc_config.h)
- [test/configs/test_sign_hook_config.h](test/configs/test_sign_hook_config.h)

### `HYBRID`

Expand Down
34 changes: 25 additions & 9 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
# Copyright (c) The mldsa-native project authors
# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT

.PHONY: func kat acvp wycheproof stack unit alloc rng_fail \
func_44 kat_44 acvp_44 wycheproof_44 stack_44 unit_44 alloc_44 rng_fail_44 \
func_65 kat_65 acvp_65 wycheproof_65 stack_65 unit_65 alloc_65 rng_fail_65 \
func_87 kat_87 acvp_87 wycheproof_87 stack_87 unit_87 alloc_87 rng_fail_87 \
run_func run_kat run_acvp run_wycheproof run_stack run_unit run_alloc run_rng_fail \
run_func_44 run_kat_44 run_stack_44 run_unit_44 run_alloc_44 run_rng_fail_44 \
run_func_65 run_kat_65 run_stack_65 run_unit_65 run_alloc_65 run_rng_fail_65 \
run_func_87 run_kat_87 run_stack_87 run_unit_87 run_alloc_87 run_rng_fail_87 \
.PHONY: func kat acvp wycheproof stack unit alloc sign_hook rng_fail \
func_44 kat_44 acvp_44 wycheproof_44 stack_44 unit_44 alloc_44 sign_hook_44 rng_fail_44 \
func_65 kat_65 acvp_65 wycheproof_65 stack_65 unit_65 alloc_65 sign_hook_65 rng_fail_65 \
func_87 kat_87 acvp_87 wycheproof_87 stack_87 unit_87 alloc_87 sign_hook_87 rng_fail_87 \
run_func run_kat run_acvp run_wycheproof run_stack run_unit run_alloc run_sign_hook run_rng_fail \
run_func_44 run_kat_44 run_stack_44 run_unit_44 run_alloc_44 run_sign_hook_44 run_rng_fail_44 \
run_func_65 run_kat_65 run_stack_65 run_unit_65 run_alloc_65 run_sign_hook_65 run_rng_fail_65 \
run_func_87 run_kat_87 run_stack_87 run_unit_87 run_alloc_87 run_sign_hook_87 run_rng_fail_87 \
bench_44 bench_65 bench_87 bench \
run_bench_44 run_bench_65 run_bench_87 run_bench \
bench_components_44 bench_components_65 bench_components_87 bench_components \
Expand Down Expand Up @@ -47,7 +47,7 @@ quickcheck: test
build: func kat acvp wycheproof
$(Q)echo " Everything builds fine!"

test: run_kat run_func run_acvp run_wycheproof run_unit run_alloc run_rng_fail run_abicheck
test: run_kat run_func run_acvp run_wycheproof run_unit run_alloc run_sign_hook run_rng_fail run_abicheck
$(Q)echo " Everything checks fine!"

run_kat_44: kat_44
Expand Down Expand Up @@ -161,6 +161,22 @@ run_alloc_87: alloc_87
$(W) $(MLDSA87_DIR)/bin/test_alloc87
run_alloc: run_alloc_44 run_alloc_65 run_alloc_87

sign_hook_44: $(MLDSA44_DIR)/bin/test_sign_hook44
$(Q)echo " SIGN_HOOK ML-DSA-44: $^"
sign_hook_65: $(MLDSA65_DIR)/bin/test_sign_hook65
$(Q)echo " SIGN_HOOK ML-DSA-65: $^"
sign_hook_87: $(MLDSA87_DIR)/bin/test_sign_hook87
$(Q)echo " SIGN_HOOK ML-DSA-87: $^"
sign_hook: sign_hook_44 sign_hook_65 sign_hook_87

run_sign_hook_44: sign_hook_44
$(W) $(MLDSA44_DIR)/bin/test_sign_hook44
run_sign_hook_65: sign_hook_65
$(W) $(MLDSA65_DIR)/bin/test_sign_hook65
run_sign_hook_87: sign_hook_87
$(W) $(MLDSA87_DIR)/bin/test_sign_hook87
run_sign_hook: run_sign_hook_44 run_sign_hook_65 run_sign_hook_87

rng_fail_44: $(MLDSA44_DIR)/bin/test_rng_fail44
$(Q)echo " RNG_FAIL ML-DSA-44: $^"
rng_fail_65: $(MLDSA65_DIR)/bin/test_rng_fail65
Expand Down
Loading
Loading