Adds CBOM for liboqs (#1337)

* Adds CBOM: - CBOM generator: update_cbom.py - CBOM: cbom.json - CBOM schema validation: validate_cbom.sh - CBOM schema validation added to github actions Adds oqs_alg to docs yml. Corrects common crypto sources in Kyber and Dilithium docs. * - removes forward references to OpenSSL OIDs - move cbom to docs dir - move update and validate cbom files to scripts dir - update copy_from_upstream: scripts runs update_cbom.py (after update_docs_from_yaml.py)
open-quantum-safe · Jan 11, 2023 · 63d4a00 · 63d4a00
1 parent 238eef1
commit 63d4a00
Show file tree

Hide file tree

Showing 9 changed files with 4,294 additions and 31 deletions.
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -15,6 +15,8 @@ jobs:
         run: python3 -m pytest --verbose tests/test_code_conventions.py
       - name: Check that doxygen can parse the documentation
         run: mkdir -p build/docs && doxygen docs/.Doxyfile
+      - name: Validate CBOM
+        run: scripts/validate_cbom.sh
 
   buildcheck:
     name: Check that code passes a basic build before starting heavier tests

diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ Details on each supported algorithm can be found in the [docs/algorithms](https:
 - **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
 - **HQC**: HQC-128, HQC-192, HQC-256†
 - **Kyber**: Kyber512, Kyber512-90s, Kyber768, Kyber768-90s, Kyber1024, Kyber1024-90s
+- **NTRU-Prime**: sntrup761
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->
 
 #### Signature schemes

diff --git a/docs/algorithms/kem/kyber.yml b/docs/algorithms/kem/kyber.yml
@@ -84,8 +84,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals-kyber_common_ref
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -104,8 +103,7 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals-kyber_common_aes
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -167,8 +165,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals-kyber_common_ref
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -187,8 +184,7 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals-kyber_common_aes
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -250,8 +246,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals-kyber_common_ref
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -270,8 +265,7 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals-kyber_common_aes
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
diff --git a/docs/algorithms/sig/dilithium.yml b/docs/algorithms/sig/dilithium.yml
@@ -25,6 +25,7 @@ optimized-upstreams:
     spdx-license-identifier: CC0-1.0
 parameter-sets:
 - name: Dilithium2
+  oqs_alg: OQS_SIG_alg_dilithium_2
   claimed-nist-level: 2
   claimed-security: EUF-CMA
   length-public-key: 1312
@@ -36,7 +37,6 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -52,7 +52,6 @@ parameter-sets:
       - avx2
       - popcnt
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -70,6 +69,7 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
 - name: Dilithium3
+  oqs_alg: OQS_SIG_alg_dilithium_3
   claimed-nist-level: 3
   claimed-security: EUF-CMA
   length-public-key: 1952
@@ -81,7 +81,6 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -97,7 +96,6 @@ parameter-sets:
       - avx2
       - popcnt
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -115,6 +113,7 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
 - name: Dilithium5
+  oqs_alg: OQS_SIG_alg_dilithium_5
   claimed-nist-level: 5
   claimed-security: EUF-CMA
   length-public-key: 2592
@@ -126,7 +125,6 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -142,7 +140,6 @@ parameter-sets:
       - avx2
       - popcnt
     common-crypto:
-    - AES: pqcrystals
     - SHA3: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
@@ -160,6 +157,7 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: false
     large-stack-usage: false
 - name: Dilithium2-AES
+  oqs_alg: OQS_SIG_alg_dilithium_2_aes
   claimed-security: EUF-CMA
   claimed-nist-level: 2
   length-public-key: 1312
@@ -171,8 +169,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -190,12 +187,12 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
 - name: Dilithium3-AES
+  oqs_alg: OQS_SIG_alg_dilithium_3_aes
   claimed-security: EUF-CMA
   claimed-nist-level: 3
   length-public-key: 1952
@@ -207,8 +204,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -226,12 +222,12 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
 - name: Dilithium5-AES
+  oqs_alg: OQS_SIG_alg_dilithium_5_aes
   claimed-security: EUF-CMA
   claimed-nist-level: 5
   length-public-key: 2592
@@ -243,8 +239,7 @@ parameter-sets:
     upstream-id: ref
     supported-platforms: all
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
@@ -262,8 +257,7 @@ parameter-sets:
       - sse2
       - ssse3
     common-crypto:
-    - AES: pqcrystals
-    - SHA3: liboqs
+    - AES: liboqs
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false