-
Notifications
You must be signed in to change notification settings - Fork 478
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MAYO signature scheme from NIST onramp #1707
Conversation
3f239ff
to
d9793e5
Compare
bde1c5c
to
b27cffd
Compare
I'll also do a branch in oqs-provider to do the downstream test, other than this the PR is ready. |
That would be good. Please remember to use a "-tracker" branch name such as to trigger it from |
Added the -tracker branch in oqs-provider. Everything works when running locally. The [trigger downstream] test still fails, apparently because of access rights. |
Tagging @ryjones |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this work, @bhess! I haven't reviewed the upstream source, and I don't have the expertise to review the non-"pure" C AES code, but everything else looks OK to me, barring a couple of minor comments.
It would be good if PR could confirm this: OQS either uses and relies on CI (after getting it right) or it skips/does away with it and merges code based on local run results. The latter probably wouldn't be a step in a direction of a project aiming for "more productive use". |
Thank you @SWilson4 for the review! I'll update the PR per the discussion.
Agree with the former and ok to hold on for green CI. |
Hi, I come across this PR and I have a few questions:
|
Hi @cothan, the integration basically follows the "pqclean style" of having a single folder per variant/optimization. The import of the MAYO code from upstream is automated with copy_from_upstream that also follows this pattern. I agree having a single folder sharing the implementation would be nice to avoid code duplication, but I think it would need quite some refactoring of copy_from_upstream. Do you want to open this as a separate issue (and tackle this separately)? |
Thanks for the answer @bhess . Well, it's from the |
Well, the proposal by @bhess makes sense: |
CI is working again. |
The PR is updated and now includes MAYO_5, handling it the same way as the other schemes with large stack usage. |
Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this work, @bhess! All of my comments are resolved and the oqs-provider integration tests are passing.
Thanks for the review @SWilson4 ! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this integration, @bhess. Would it be conceivable to use an algorithm naming convention a bit more in line with what we've been using so far, i.e., either no or "-" (dash) name/strength separation? Reasons: 1) Easier to type; 2) easier to remember (for users accustomed to using other liboqs
algs); 3) underscores require more backquotes (even in this PR); 4) in oqsprovider
this breaks the convention that underscores separate classic from PQC algs... Or is the underscore an important feature for some reason?
I checked with the MAYO team and there was no objection changing the naming convention. The preference is to use "-" as a separator for consistency with the separators used in the FIPS drafts. I'll update this PR and open-quantum-safe/oqs-provider#413. |
Signed-off-by: Basil Hess <[email protected]>
oqs_aes128_ctr_enc_sch_armv8(iv, iv_len, schedule, out, out_len) | ||
); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't something to change in this PR, but something I noticed just from looking at this code during review. Now that we have the ability to set callbacks, could we get rid of the C_OR_NI_OR_ARM
macros and instead set the callbacks once (either during library init, or alternatively on first use if it's not set)? Again: not something to do in this PR, but if anyone else thinks it might be good, we could create a separate issue to track.
Done |
Signed-off-by: Basil Hess <[email protected]>
Thanks for that downstream addition. Checking it, two questions:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As promised, review done: LGTM with two (probably) nits (see separate comments). Thanks for the work here and in oqs-provider, @bhess!
Thanks for the review @baentsch !
Done - the downstream test passes: https://github.com/open-quantum-safe/oqs-provider/actions/runs/9912829274/job/27388523412
Correct, I'll try this tomorrow. |
Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
Added MAYO-5 to oqs-provider and downstream tests pass: https://github.com/open-quantum-safe/oqs-provider/actions/runs/9919738195 |
Adds MAYO signature scheme from the NIST onramp.
The upstream implementation contains a C and an AVX2 implementation.
NIST_SIG_ONRAMP