Skip to content

Commit bb5eafc

Browse files
hanno-beckerhanno-becker
committed
[WIP] Adjust tests to reduced-API configurations
Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
1 parent 0167dc2 commit bb5eafc

81 files changed

Lines changed: 4591 additions & 10215 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/actions/config-variations/action.yml

Lines changed: 63 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ inputs:
88
description: 'GitHub token'
99
required: true
1010
tests:
11-
description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, reduce-ram, reduce-ram-pct, custom-alloc-heap, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib, nblocks-1, nblocks-4, nblocks-6'
11+
description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, reduce-ram, reduce-ram-pct, custom-alloc-heap, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib, nblocks-1, nblocks-4, nblocks-6, keygen-only, sign-only, verify-only, sign-verify'
1212
required: false
1313
default: 'all'
1414
opt:
@@ -31,7 +31,7 @@ runs:
3131
acvp: true
3232
opt: ${{ inputs.opt }}
3333
examples: true
34-
extra_args: "--exclude-example basic_deterministic --exclude-example disabled_apis --exclude-example disabled_apis_native"
34+
extra_args: "--exclude-example basic_deterministic"
3535
- name: "REDUCE_RAM"
3636
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'reduce-ram') }}
3737
uses: ./.github/actions/multi-functest
@@ -60,7 +60,7 @@ runs:
6060
alloc: true
6161
opt: ${{ inputs.opt }}
6262
examples: true
63-
extra_args: "--exclude-example basic_deterministic --exclude-example disabled_apis --exclude-example disabled_apis_native"
63+
extra_args: "--exclude-example basic_deterministic"
6464
- name: "PCT enabled + broken"
6565
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'pct-enabled-broken') }}
6666
shell: bash
@@ -302,3 +302,63 @@ runs:
302302
examples: false # Some examples use a custom config themselves
303303
alloc: false # Requires custom config
304304
rng_fail: true
305+
- name: "Keygen-only API"
306+
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'keygen-only') }}
307+
uses: ./.github/actions/multi-functest
308+
with:
309+
gh_token: ${{ inputs.gh_token }}
310+
compile_mode: native
311+
cflags: "-DMLD_CONFIG_NO_SIGN_API -DMLD_CONFIG_NO_VERIFY_API -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
312+
ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
313+
func: true
314+
kat: true
315+
acvp: true
316+
stack: true
317+
rng_fail: true
318+
opt: ${{ inputs.opt }}
319+
examples: true
320+
- name: "Sign-only API"
321+
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'sign-only') }}
322+
uses: ./.github/actions/multi-functest
323+
with:
324+
gh_token: ${{ inputs.gh_token }}
325+
compile_mode: native
326+
cflags: "-DMLD_CONFIG_NO_KEYPAIR_API -DMLD_CONFIG_NO_VERIFY_API -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
327+
ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
328+
func: true
329+
kat: true
330+
acvp: true
331+
stack: true
332+
rng_fail: true
333+
opt: ${{ inputs.opt }}
334+
examples: true
335+
- name: "Verify-only API"
336+
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'verify-only') }}
337+
uses: ./.github/actions/multi-functest
338+
with:
339+
gh_token: ${{ inputs.gh_token }}
340+
compile_mode: native
341+
cflags: "-DMLD_CONFIG_NO_KEYPAIR_API -DMLD_CONFIG_NO_SIGN_API -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
342+
ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
343+
func: true
344+
kat: true
345+
acvp: true
346+
stack: true
347+
rng_fail: true
348+
opt: ${{ inputs.opt }}
349+
examples: true
350+
- name: "Sign+Verify API (no keygen)"
351+
if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'sign-verify') }}
352+
uses: ./.github/actions/multi-functest
353+
with:
354+
gh_token: ${{ inputs.gh_token }}
355+
compile_mode: native
356+
cflags: "-DMLD_CONFIG_NO_KEYPAIR_API -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
357+
ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
358+
func: true
359+
kat: true
360+
acvp: true
361+
stack: true
362+
rng_fail: true
363+
opt: ${{ inputs.opt }}
364+
examples: true

BIBLIOGRAPHY.md

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -28,14 +28,6 @@ source code and documentation.
2828
- [examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h)
2929
- [examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h)
3030
- [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h)
31-
- [examples/disabled_apis/keygen_only_config.h](examples/disabled_apis/keygen_only_config.h)
32-
- [examples/disabled_apis/sign_only_config.h](examples/disabled_apis/sign_only_config.h)
33-
- [examples/disabled_apis/sign_verify_config.h](examples/disabled_apis/sign_verify_config.h)
34-
- [examples/disabled_apis/verify_only_config.h](examples/disabled_apis/verify_only_config.h)
35-
- [examples/disabled_apis_native/keygen_only_config.h](examples/disabled_apis_native/keygen_only_config.h)
36-
- [examples/disabled_apis_native/sign_only_config.h](examples/disabled_apis_native/sign_only_config.h)
37-
- [examples/disabled_apis_native/sign_verify_config.h](examples/disabled_apis_native/sign_verify_config.h)
38-
- [examples/disabled_apis_native/verify_only_config.h](examples/disabled_apis_native/verify_only_config.h)
3931
- [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h)
4032
- [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h)
4133
- [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h)
@@ -86,14 +78,6 @@ source code and documentation.
8678
- [examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h)
8779
- [examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h)
8880
- [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h)
89-
- [examples/disabled_apis/keygen_only_config.h](examples/disabled_apis/keygen_only_config.h)
90-
- [examples/disabled_apis/sign_only_config.h](examples/disabled_apis/sign_only_config.h)
91-
- [examples/disabled_apis/sign_verify_config.h](examples/disabled_apis/sign_verify_config.h)
92-
- [examples/disabled_apis/verify_only_config.h](examples/disabled_apis/verify_only_config.h)
93-
- [examples/disabled_apis_native/keygen_only_config.h](examples/disabled_apis_native/keygen_only_config.h)
94-
- [examples/disabled_apis_native/sign_only_config.h](examples/disabled_apis_native/sign_only_config.h)
95-
- [examples/disabled_apis_native/sign_verify_config.h](examples/disabled_apis_native/sign_verify_config.h)
96-
- [examples/disabled_apis_native/verify_only_config.h](examples/disabled_apis_native/verify_only_config.h)
9781
- [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h)
9882
- [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h)
9983
- [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h)

Makefile

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -57,11 +57,11 @@ $(error Neither 'shasum' nor 'sha256sum' found. Please install one of these tool
5757
endif
5858

5959
run_kat_44: kat_44
60-
set -o pipefail; $(W) $(MLDSA44_DIR)/bin/gen_KAT44 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-44 kat-sha256
60+
$(W) $(MLDSA44_DIR)/bin/gen_KAT44 > /dev/null 2>&1; rc=$$?; if [ $$rc -eq 77 ]; then echo "KAT ML-DSA-44: SKIPPED (reduced API)"; else set -o pipefail; $(W) $(MLDSA44_DIR)/bin/gen_KAT44 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-44 kat-sha256; fi
6161
run_kat_65: kat_65
62-
set -o pipefail; $(W) $(MLDSA65_DIR)/bin/gen_KAT65 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-65 kat-sha256
62+
$(W) $(MLDSA65_DIR)/bin/gen_KAT65 > /dev/null 2>&1; rc=$$?; if [ $$rc -eq 77 ]; then echo "KAT ML-DSA-65: SKIPPED (reduced API)"; else set -o pipefail; $(W) $(MLDSA65_DIR)/bin/gen_KAT65 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-65 kat-sha256; fi
6363
run_kat_87: kat_87
64-
set -o pipefail; $(W) $(MLDSA87_DIR)/bin/gen_KAT87 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-87 kat-sha256
64+
$(W) $(MLDSA87_DIR)/bin/gen_KAT87 > /dev/null 2>&1; rc=$$?; if [ $$rc -eq 77 ]; then echo "KAT ML-DSA-87: SKIPPED (reduced API)"; else set -o pipefail; $(W) $(MLDSA87_DIR)/bin/gen_KAT87 | $(SHA256SUM) | cut -d " " -f 1 | xargs ./META.sh ML-DSA-87 kat-sha256; fi
6565
run_kat: run_kat_44 run_kat_65 run_kat_87
6666

6767
run_func_44: func_44
@@ -278,9 +278,7 @@ EXAMPLE_DIRS := \
278278
examples/monolithic_build_multilevel \
279279
examples/monolithic_build_multilevel_native \
280280
examples/multilevel_build \
281-
examples/multilevel_build_native \
282-
examples/disabled_apis \
283-
examples/disabled_apis_native
281+
examples/multilevel_build_native
284282

285283
EXAMPLE_CLEAN_TARGETS := $(EXAMPLE_DIRS:%=clean-%)
286284

examples/README.md

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -62,14 +62,3 @@ mldsa-native (with C backend) inside a single compilation unit, sharing the leve
6262
See [monolithic_build_multilevel_native](monolithic_build_multilevel_native) for an example of how to build all security
6363
levels of mldsa-native inside a single compilation unit, sharing the level-independent code, while also linking in assembly
6464
from the native backends.
65-
66-
## Disabled APIs (C only)
67-
68-
See [disabled_apis](disabled_apis) for an example of building mldsa-native with individual APIs disabled
69-
(`MLD_CONFIG_NO_KEYPAIR_API`, `MLD_CONFIG_NO_SIGN_API`, `MLD_CONFIG_NO_VERIFY_API`).
70-
Tests all four disabled API combinations across all three parameter sets.
71-
72-
## Disabled APIs (with native code)
73-
74-
See [disabled_apis_native](disabled_apis_native) for the same as above, but with native arithmetic and
75-
FIPS-202 backends enabled.

0 commit comments

Comments
 (0)