ChunkWorks · NikolaRHristov · Nov 24, 2021 · Nov 25, 2021 · Nov 25, 2021 · Dec 1, 2021
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,4 +1,6 @@
-on: push
+on:
+  push:
+  pull_request:
 
 name: Continuous integration
 
@@ -12,42 +14,196 @@ jobs:
           - beta
           - nightly
     env:
+      CARGO_TERM_COLOR: always
       # 20 MiB stack
       RUST_MIN_STACK: 20971520
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: ${{ matrix.rust }}
-          override: true
-          components: rustfmt, clippy
+      - name: Install Rust
+        run: |
+          rustup set auto-self-update disable
+          rustup toolchain install ${{ matrix.rust }} --profile minimal --component rustfmt,clippy
+          rustup default ${{ matrix.rust }}
+          echo CARGO_TERM_COLOR=always >> $GITHUB_ENV
+          echo CARGO_INCREMENTAL=0 >> $GITHUB_ENV
+          echo RUST_BACKTRACE=1 >> $GITHUB_ENV
+
+      - name: build with cryptographically-insecure turned on (if available)
+        run: cargo build --features cryptographically-insecure
+
+      - name: Run tests with cryptographically-insecure turned on
+        run: cargo test --features cryptographically-insecure
+
+      - name: Run cargo check with all features
+        run: cargo check --all-features
+
+      - name: Run cargo fmt
+        run: cargo fmt --all -- --check
+
+      - name: run Cargo clippy
+        run: cargo clippy -- -D warnings -A deprecated
+
+  android:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - stable
+          - beta
+          - nightly
+    env:
+      CARGO_TERM_COLOR: always
+      # 20 MiB stack
+      RUST_MIN_STACK: 20971520
 
-      - uses: actions-rs/cargo@v1
+    steps:
+      - uses: actions/checkout@v4
         with:
-          command: build
+          submodules: true
+
+      - name: Install Rust
+        run: |
+          rustup set auto-self-update disable
+          rustup toolchain install ${{ matrix.rust }} --profile minimal --component rustfmt,clippy
+          rustup target add aarch64-linux-android
+          echo CARGO_TERM_COLOR=always >> $GITHUB_ENV
+          echo CARGO_INCREMENTAL=0 >> $GITHUB_ENV
+          echo RUST_BACKTRACE=1 >> $GITHUB_ENV
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@07976c6290703d34c16d382cb36445f98bb43b1f #3.2.0
+
+      - name: Setup Android NDK
+        run: sdkmanager "ndk;26.1.10909125"
 
-      - uses: actions-rs/cargo@v1
+      - name: Compile for Android
+        run: |
+          cargo install cargo-ndk
+          cargo ndk -t aarch64-linux-android build
+
+  wasm32-unknown-unknown:
+    name: wasm32-unknown-unknown
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust: [ stable, beta, nightly ]
+    steps:
+      - uses: actions/checkout@v4
         with:
-          command: test
+          submodules: true
+
+      - name: Install Rust
+        run: |
+          rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy
+          rustup default ${{ matrix.rust }}
+          rustup target add wasm32-unknown-unknown
+
+      - name: Check workspace (all crates except classicmceliece & umbrella)
+        run: |
+          cargo check --workspace --target wasm32-unknown-unknown --features getrandom_wasm_js \
+            --exclude pqcrypto-classicmceliece \
+            --exclude pqcrypto
+
+      - name: Check umbrella crate (explicitly enable only supported wasm crates)
+        run: |
+          cargo check --target wasm32-unknown-unknown \
+            -p pqcrypto --no-default-features -F pqcrypto-mlkem,pqcrypto-hqc,pqcrypto-mldsa,pqcrypto-falcon,pqcrypto-sphincsplus,serialization,getrandom_wasm_js
+  # wasi:
+  #   name: wasi
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       rust:
+  #         - stable
+  #         - beta
+  #         - nightly
+  #   env:
+  #     # 20 MiB stack
+  #     RUST_MIN_STACK: 20971520
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #       with:
+  #         submodules: true
+
+  #     - name: Install Rust
+  #       run: |
+  #         rustup set auto-self-update disable
+  #         rustup toolchain install ${{ matrix.rust }} --profile minimal --component rustfmt clippy
+  #         rustup default ${{ matrix.rust }}
+  #         echo CARGO_TERM_COLOR=always >> $GITHUB_ENV
+  #         echo CARGO_INCREMENTAL=0 >> $GITHUB_ENV
+  #         echo RUST_BACKTRACE=1 >> $GITHUB_ENV
+
+  #     - name: Install WASI
+  #       run: cargo install cargo-wasi
+  #     - name: Install wasmtime
+  #       run: curl https://wasmtime.dev/install.sh -sSf | bash
+  #     - name: Install WASI SDK
+  #       run: |
+  #         wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sysroot-12.0.tar.gz
+  #         tar -xvzf wasi-sysroot-12.0.tar.gz
+  #         rm wasi-sysroot-12.0.tar.gz
+  #     - name: Run tests
+  #       run: |
+  #         export WASI_SDK_DIR="$(pwd)/wasi-sysroot"
+  #         export WASMTIME_HOME="$(pwd)/.wasmtime"
+  #         export PATH="$WASMTIME_HOME/bin:$PATH"
+  #         cargo wasi build --features cryptographically-insecure
+  #         #cargo wasi test -- --nocapture
 
-      - uses: actions-rs/cargo@v1
+  generated-code-is-up-to-date:
+    runs-on: ubuntu-latest
+
+    env:
+      PIPENV_VENV_IN_PROJECT: 1
+
+    steps:
+      - uses: actions/checkout@v4
         with:
-          command: check
-          args: --features serialization
+          submodules: true
 
-      - uses: actions-rs/cargo@v1
+      - name: Install Python
+        uses: actions/setup-python@v5
         with:
-          command: fmt
-          args: --all -- --check
+          python-version: '3.13'
+          cache: 'pip'
 
-      - uses: actions-rs/cargo@v1
+      - name: Restore Pipenv virtualenv cache
+        uses: actions/cache@v4
         with:
-          command: clippy
-          args: -- -D warnings
+          path: .venv
+          key: pipenv-venv-${{ runner.os }}-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            pipenv-venv-${{ runner.os }}-
+
+      - name: Install Pipenv
+        run: pip install --upgrade pipenv
+
+      - name: Install dependencies (Pipfile.lock)
+        run: pipenv sync --dev
+
+      - name: Regenerate all crates
+        run: pipenv run python generate-implementations.py
+
+      - name: Check for uncommitted changes
+        run: |
+          if ! git diff --exit-code --quiet; then
+            echo "❌ ERROR: Generated files are out of date!"
+            git diff --name-only
+            git diff --color
+            exit 1
+          fi
+
+          if ! git diff --cached --exit-code --quiet; then
+            echo "❌ ERROR: Staged changes detected!"
+            git diff --cached --name-only
+            git diff --cached --color
+            exit 1
+          fi
 
+          echo "✅ All generated files are up-to-date!"
 #  vim: set ft=yaml ts=2 sw=2 tw=0 et :
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,96 @@
 # Changelog
 
+## 2025-03-17
+
+* Bump dependencies for testing
+
+## 2025-02-27
+* Update PQClean to today's version
+    * Update SPHINCS+ for some minor improvements. This is not yet SLH-DSA.
+    * Update ML-DSA for some minor improvements.
+
+## 2024-12-11
+* `pqcrypto-hqc` was updated to addresss a security flaw in decapsulation.
+
+## 2024-10-24
+* `pqcrypto-kyber` and `pqcrypto-dilithium` are retired and replaced by `pqcrypto-mlkem` and `pqcrypto-mldsa`, respectively.
+* `pqcrypto-falcon` now separates Falcon into the "compressed" mode and the "padded" variants. The "compressed" variant likely produces shorter signatures than the max size.
+
+## 2024-01-25
+
+* Update Kyber `clean` implementation to avoid potential Kyber side-channel vulnerabilities.
+  Note that the `aarch64` implementation is still vulnerable, but it is waiting for other updates.
+  This library is for experimental purposes, so security vulnerabilties are addressed on a best-effort basis.
+
+## 2023-10-16
+
+* Update Kyber to draft FIPS standard
+    * Remove 90s variants
+* Update Dilithium to draft FIPS standard
+    * Remove 90s variants
+* Update McEliece implementation
+    * Remove Vec variants
+* Bring SPHINCS+ to closer to FIPS variants by removing -robust and Haraka variants
+* Small fix in Falcon
+* Add Falcon NEON implementation
+* Update Rust edition to 2021
+
+## 2023-04-26
+
+* Update Rust dependencies
+* Update SPHINCS+ implementation
+* Update Falcon implementation
+
+## 2022-11-16
+
+* Add support for Dilithium*AES instances
+
+## 2022-10-21
+
+* Remove schemes eliminated from the NIST competition as they are no longer
+  tracked by PQClean
+  * Frodo
+  * NTRU
+  * NTRU Prime
+  * Rainbow
+  * SABER
+* Update HQC implementation from PQClean
+  * Fixes aliasing violation
+
+## 2022-04-13
+
+* Update schemes
+  * NTRU small fixes
+  * Dilithium fixes
+  * McEliece small fix
+  * SPHINCS+ small fixes
+  * SABER NEON implementation
+  * Kyber neon
+* Many build system fixes
+
+## 2021-12-07
+
+* Add AArch64 compilation option for supported schemes
+  * NTT operations can now compute with NEON support
+
+## 2021-12-01
+
+* Add WebAssembly (WASM) support
+
+## 2021-11-24
+
+* Add a general implementation list for each scheme in implementations.yaml which is used by build.rs.j2
+* Each scheme now has a list of supported implementation variants
+* Refactor build.rs.js2 to use macro calls
+* Update the other template files to adapt to this change
+* Slight modifications to README.md
+* Update PQClean
+  * Larger-size NTRU parametersets
+
+## 2021-10-26
+
+* Make `pqcrypto-internals` cross-compilable
+
 ## 2021-10-18
 
 * Fix small issue in randombytes implementation: should return 0
@@ -9,9 +100,9 @@
 * `no_std` support thanks to @rozbb (PR#25)
 * Extract randombytes from PQClean-provided APIs (avoids symbol conflict) (PR #24)
 * Update PQClean:
-    * NTRUPrime new parametersets
-    * Small Falcon fixes
-    * Small NTRU fix
+  * NTRUPrime new parametersets
+  * Small Falcon fixes
+  * Small NTRU fix
 
 ## 2021-07-28
 
@@ -20,6 +111,10 @@
 * NTRU Prime updates
 * Move common files into `pqcrypto-internals` and out of individual libs
 
+## 2021-06-28
+
+* Refactor the wrapper methods in scheme.rs.js2 file to macro calls
+
 ## 2021-06-10
 
 * Add optional `serde` support
@@ -120,10 +215,10 @@
 * Update FALCON from PQClean
 * Update SPHINCS+ from PQClean
 * Package LEDAcryptKEM
-    * **Warning:** The LEDAcryptKEM implementations currently packaged are known to have timing side-channel vulnerabilities.
+  * **Warning:** The LEDAcryptKEM implementations currently packaged are known to have timing side-channel vulnerabilities.
 * Package Rainbow
-    * The ``clean`` implementations are currently known to have undefined behaviour.
-      See https://github.com/PQClean/PQClean/issues/220
+  * The ``clean`` implementations are currently known to have undefined behaviour.
+      See [pqclean/issues/220](https://github.com/PQClean/PQClean/issues/220)
 * Hide a internal enum variable from ``pqcrypto_traits::sign::VerificationError``
 
 ## 2019-07-24
@@ -138,23 +233,28 @@
 * Update `rand` crate to `0.7.0`
 
 ## 2019-07-18
+
 * Update PQClean implementations
   * SPHINCS+ is now thread-safe.
   * Frodo now uses ``opt`` implementation by default.
 * Allow for multiple implementations in the ``ffi`` interface.
 
 ## 2019-07-09
+
 * Make ``encapsulate`` and ``decapsulate`` take references.
 * Add Dilithium
 * Add SABER
 
 ## 2019-07-08
+
 * Remove ``pqcrypto-internals``
 
 ## 2019-05-22
+
 * Added ``pqcrypto_traits::{Error,Result}`` to ``from_bytes`` signature.
 * Added ``pqcrypto::prelude`` to allow importing all traits in one easy go.
 * Removed all uses of ``mem::uninitialized()``
 
 ## 2019-05-21
+
 * Added MQDSS