Integrate Kyber from libjade

.CMake/alg_support.cmake

@@ -402,6 +402,27 @@ endif()
 
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END
 
+##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_START
+if(OQS_LIBJADE_BUILD)
+
+option(OQS_ENABLE_KEM_LIBJADE_KYBER "Enable kyber algorithm family" ON)
+cmake_dependent_option(OQS_ENABLE_KEM_LIBJADE_kyber_512 "" ON "OQS_ENABLE_KEM_LIBJADE_KYBER" OFF)
+if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
+if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
+    cmake_dependent_option(OQS_ENABLE_KEM_LIBJADE_kyber_512_amd64_avx2 "" ON "OQS_ENABLE_KEM_LIBJADE_kyber_512" OFF)
+endif()
+endif()
+
+cmake_dependent_option(OQS_ENABLE_KEM_LIBJADE_kyber_768 "" ON "OQS_ENABLE_KEM_LIBJADE_KYBER" OFF)
+if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
+if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
+    cmake_dependent_option(OQS_ENABLE_KEM_LIBJADE_kyber_768_amd64_avx2 "" ON "OQS_ENABLE_KEM_LIBJADE_kyber_768" OFF)
+endif()
+endif()
+
+endif()
+##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_END
+
 if((OQS_MINIMAL_BUILD STREQUAL "ON"))
    message(FATAL_ERROR "OQS_MINIMAL_BUILD option ${OQS_MINIMAL_BUILD} no longer supported")
 endif()

.github/workflows/weekly.yml

@@ -3,6 +3,7 @@ name: Weekly constant time tests
 on:
   schedule:
   - cron: "5 0 * * 0"
+  workflow_dispatch:
 
 jobs:
 
@@ -13,20 +14,27 @@ jobs:
       matrix:
         include:
           - name: generic
-            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
-            CMAKE_ARGS: -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
+            container: praveksharma/ci-ubuntu-focal-x86_64:latest
+            CMAKE_ARGS: -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON -DOQS_LIBJADE_BUILD=ON
             PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
             SKIP_ALGS: 'SPHINCS\+-SHA*, Classic-McEliece-(.)*'
           - name: extensions
-            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
-            CMAKE_ARGS: -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
+            container: praveksharma/ci-ubuntu-focal-x86_64:latest
+            CMAKE_ARGS: -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON -DOQS_LIBJADE_BUILD=ON
             PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
-            SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-6(.)*'
+            SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-(.)*'
     container:
       image: ${{ matrix.container }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+      # Use github actions to install nix
+      - name: Setup nix
+        uses: cachix/install-nix-action@v26
+      - run: nix-channel --add https://nixos.org/channels/nixos-23.11 nixpkgs
+      - run: nix-channel --update
+      - name: Setup jasmin-compiler
+        run: nix-env -iA nixpkgs.jasmin-compiler
       - name: Configure
         run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
       - name: Build

CMakeLists.txt

@@ -24,11 +24,18 @@ project(liboqs C ASM)
 option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." ON)
 option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF)
 set(OQS_MINIMAL_BUILD "" CACHE STRING "Only build specifically listed algorithms.")
+option(OQS_LIBJADE_BUILD "Enable formally verified implementation of supported algorithms from libjade." OFF)
 option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsupported architecture." OFF)
 option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
 
 set(OQS_OPT_TARGET auto CACHE STRING "The target microarchitecture for optimization.")
 
+if(OQS_LIBJADE_BUILD)
+    set(OQS_LIBJADE_BUILD_BIN 1)
+else()
+    set(OQS_LIBJADE_BUILD_BIN 0)
+endif()
+
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)

docs/algorithms/kem/classic_mceliece.yml

@@ -42,8 +42,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -59,7 +59,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-348864f
@@ -76,8 +76,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -94,7 +94,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-460896
@@ -111,8 +111,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -128,7 +128,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-460896f
@@ -145,8 +145,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -163,7 +163,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-6688128
@@ -180,8 +180,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -197,7 +197,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-6688128f
@@ -214,8 +214,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -232,7 +232,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-6960119
@@ -249,8 +249,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -266,7 +266,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-6960119f
@@ -283,8 +283,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -301,7 +301,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-8192128
@@ -318,8 +318,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -335,7 +335,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 - name: Classic-McEliece-8192128f
@@ -352,8 +352,8 @@ parameter-sets:
     common-crypto:
     - AES: liboqs
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
   - upstream-id: avx2
@@ -370,7 +370,7 @@ parameter-sets:
     - AES: liboqs
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: true
     upstream: primary-upstream
 auxiliary-submitters: []

docs/algorithms/sig/falcon.md

@@ -22,8 +22,9 @@
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                 |
+| [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                 |
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
@@ -33,8 +34,9 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                |
+| [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 

docs/algorithms/sig/falcon.yml

@@ -47,8 +47,20 @@ parameter-sets:
       - avx2
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
+    large-stack-usage: false
+  - upstream: primary-upstream
+    upstream-id: aarch64
+    supported-platforms:
+    - architecture: ARM64_V8
+      operating_systems:
+      - Linux
+      - Darwin
+    common-crypto:
+    - SHA3: liboqs
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
 - name: Falcon-1024
   claimed-nist-level: 5
@@ -74,6 +86,18 @@ parameter-sets:
       - avx2
     common-crypto:
     - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
+    large-stack-usage: false
+  - upstream: primary-upstream
+    upstream-id: aarch64
+    supported-platforms:
+    - architecture: ARM64_V8
+      operating_systems:
+      - Linux
+      - Darwin
+    common-crypto:
+    - SHA3: liboqs
+    no-secret-dependent-branching-claimed: false
+    no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false