diff --git a/.github/actions/config-variations/action.yml b/.github/actions/config-variations/action.yml index 0f94f6e83..10f12e6c3 100644 --- a/.github/actions/config-variations/action.yml +++ b/.github/actions/config-variations/action.yml @@ -8,7 +8,7 @@ inputs: description: 'GitHub token' required: true tests: - description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, custom-alloc-heap, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib' + description: 'List of tests to run (space-separated IDs) or "all" for all tests. Available IDs: pct-enabled, pct-enabled-broken, reduce-ram, reduce-ram-pct, custom-alloc-heap, custom-zeroize, native-cap-ON, native-cap-OFF, native-cap-ID_AA64PFR1_EL1, native-cap-CPUID_AVX2, no-asm, serial-fips202, custom-randombytes, custom-memcpy, custom-memset, custom-stdlib' required: false default: 'all' opt: @@ -32,6 +32,35 @@ runs: opt: ${{ inputs.opt }} examples: true extra_args: "--exclude-example basic_deterministic" + - name: "REDUCE_RAM" + if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'reduce-ram') }} + uses: ./.github/actions/multi-functest + with: + gh_token: ${{ inputs.gh_token }} + compile_mode: native + cflags: "-DMLD_CONFIG_REDUCE_RAM -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + func: true + kat: true + acvp: true + alloc: true + opt: ${{ inputs.opt }} + examples: true + - name: "REDUCE_RAM + PCT" + if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'reduce-ram-pct') }} + uses: ./.github/actions/multi-functest + with: + gh_token: ${{ inputs.gh_token }} + compile_mode: native + cflags: "-DMLD_CONFIG_REDUCE_RAM -DMLD_CONFIG_KEYGEN_PCT -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + func: true + kat: true + acvp: true + alloc: true + opt: ${{ inputs.opt }} + examples: true + extra_args: "--exclude-example basic_deterministic" - name: "PCT enabled + broken" if: ${{ inputs.tests == 'all' || contains(inputs.tests, 'pct-enabled-broken') }} shell: bash diff --git a/examples/basic_lowram/mldsa_native/mldsa_native_config.h b/examples/basic_lowram/mldsa_native/mldsa_native_config.h index 01e8e1700..8fe88cd6d 100644 --- a/examples/basic_lowram/mldsa_native/mldsa_native_config.h +++ b/examples/basic_lowram/mldsa_native/mldsa_native_config.h @@ -686,7 +686,10 @@ * Its scope and configuration may change at any time. * *****************************************************************************/ +#if !defined(MLD_CONFIG_REDUCE_RAM) #define MLD_CONFIG_REDUCE_RAM +#endif + /************************* Config internals ********************************/ diff --git a/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h index 8f95b78f1..9b05230b1 100644 --- a/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h +++ b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h @@ -29,6 +29,7 @@ * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: + * - MLD_CONFIG_NO_SUPERCOP * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER @@ -157,7 +158,7 @@ * naming does not disambiguate between the parameter sets. * *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ +#define MLD_CONFIG_NO_SUPERCOP /****************************************************************************** * Name: MLD_CONFIG_CONSTANTS_ONLY diff --git a/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h index 76ce86eb2..7c81b4704 100644 --- a/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h +++ b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h @@ -29,6 +29,7 @@ * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: + * - MLD_CONFIG_NO_SUPERCOP * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH @@ -161,7 +162,7 @@ * naming does not disambiguate between the parameter sets. * *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ +#define MLD_CONFIG_NO_SUPERCOP /****************************************************************************** * Name: MLD_CONFIG_CONSTANTS_ONLY diff --git a/examples/multilevel_build/mldsa_native/mldsa_native_config.h b/examples/multilevel_build/mldsa_native/mldsa_native_config.h index 16f44077b..04cedb5cc 100644 --- a/examples/multilevel_build/mldsa_native/mldsa_native_config.h +++ b/examples/multilevel_build/mldsa_native/mldsa_native_config.h @@ -29,6 +29,7 @@ * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: + * - MLD_CONFIG_NO_SUPERCOP * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX */ @@ -156,7 +157,7 @@ * naming does not disambiguate between the parameter sets. * *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ +#define MLD_CONFIG_NO_SUPERCOP /****************************************************************************** * Name: MLD_CONFIG_CONSTANTS_ONLY diff --git a/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h b/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h index bc4d2076d..dd80b5c7d 100644 --- a/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h +++ b/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h @@ -29,6 +29,7 @@ * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: + * - MLD_CONFIG_NO_SUPERCOP * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH @@ -158,7 +159,7 @@ * naming does not disambiguate between the parameter sets. * *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ +#define MLD_CONFIG_NO_SUPERCOP /****************************************************************************** * Name: MLD_CONFIG_CONSTANTS_ONLY diff --git a/mldsa/mldsa_native.S b/mldsa/mldsa_native.S index 3124d0ed4..c2bb5df55 100644 --- a/mldsa/mldsa_native.S +++ b/mldsa/mldsa_native.S @@ -196,14 +196,20 @@ #undef MLD_PREHASH_SHAKE_256 #undef MLD_TOTAL_ALLOC_44 #undef MLD_TOTAL_ALLOC_44_KEYPAIR +#undef MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_44_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_44_SIGN #undef MLD_TOTAL_ALLOC_44_VERIFY #undef MLD_TOTAL_ALLOC_65 #undef MLD_TOTAL_ALLOC_65_KEYPAIR +#undef MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_65_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_65_SIGN #undef MLD_TOTAL_ALLOC_65_VERIFY #undef MLD_TOTAL_ALLOC_87 #undef MLD_TOTAL_ALLOC_87_KEYPAIR +#undef MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_87_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_87_SIGN #undef MLD_TOTAL_ALLOC_87_VERIFY #undef crypto_sign diff --git a/mldsa/mldsa_native.c b/mldsa/mldsa_native.c index 701743aae..70d2f3431 100644 --- a/mldsa/mldsa_native.c +++ b/mldsa/mldsa_native.c @@ -192,14 +192,20 @@ #undef MLD_PREHASH_SHAKE_256 #undef MLD_TOTAL_ALLOC_44 #undef MLD_TOTAL_ALLOC_44_KEYPAIR +#undef MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_44_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_44_SIGN #undef MLD_TOTAL_ALLOC_44_VERIFY #undef MLD_TOTAL_ALLOC_65 #undef MLD_TOTAL_ALLOC_65_KEYPAIR +#undef MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_65_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_65_SIGN #undef MLD_TOTAL_ALLOC_65_VERIFY #undef MLD_TOTAL_ALLOC_87 #undef MLD_TOTAL_ALLOC_87_KEYPAIR +#undef MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT +#undef MLD_TOTAL_ALLOC_87_KEYPAIR_PCT #undef MLD_TOTAL_ALLOC_87_SIGN #undef MLD_TOTAL_ALLOC_87_VERIFY #undef crypto_sign diff --git a/mldsa/mldsa_native.h b/mldsa/mldsa_native.h index 0cc16a188..200beac12 100644 --- a/mldsa/mldsa_native.h +++ b/mldsa/mldsa_native.h @@ -827,33 +827,52 @@ int MLD_API_NAMESPACE(pk_from_sk)( */ /* check-magic: off */ #if defined(MLD_API_LEGACY_CONFIG) || !defined(MLD_CONFIG_REDUCE_RAM) -#define MLD_TOTAL_ALLOC_44_KEYPAIR 56640 +#define MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT 45248 +#define MLD_TOTAL_ALLOC_44_KEYPAIR_PCT 56640 #define MLD_TOTAL_ALLOC_44_SIGN 52896 #define MLD_TOTAL_ALLOC_44_VERIFY 38816 -#define MLD_TOTAL_ALLOC_65_KEYPAIR 85856 +#define MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT 71872 +#define MLD_TOTAL_ALLOC_65_KEYPAIR_PCT 85856 #define MLD_TOTAL_ALLOC_65_SIGN 80576 #define MLD_TOTAL_ALLOC_65_VERIFY 62432 -#define MLD_TOTAL_ALLOC_87_KEYPAIR 130816 +#define MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT 112832 +#define MLD_TOTAL_ALLOC_87_KEYPAIR_PCT 130816 #define MLD_TOTAL_ALLOC_87_SIGN 123584 #define MLD_TOTAL_ALLOC_87_VERIFY 99552 #else /* MLD_API_LEGACY_CONFIG || !MLD_CONFIG_REDUCE_RAM */ -#define MLD_TOTAL_ALLOC_44_KEYPAIR 36192 +#define MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT 32992 +#define MLD_TOTAL_ALLOC_44_KEYPAIR_PCT 36192 #define MLD_TOTAL_ALLOC_44_SIGN 32448 #define MLD_TOTAL_ALLOC_44_VERIFY 26560 -#define MLD_TOTAL_ALLOC_65_KEYPAIR 50048 +#define MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT 46304 +#define MLD_TOTAL_ALLOC_65_KEYPAIR_PCT 50048 #define MLD_TOTAL_ALLOC_65_SIGN 44768 #define MLD_TOTAL_ALLOC_65_VERIFY 36864 -#define MLD_TOTAL_ALLOC_87_KEYPAIR 66336 +#define MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT 62688 +#define MLD_TOTAL_ALLOC_87_KEYPAIR_PCT 66336 #define MLD_TOTAL_ALLOC_87_SIGN 59104 #define MLD_TOTAL_ALLOC_87_VERIFY 49408 #endif /* !(MLD_API_LEGACY_CONFIG || !MLD_CONFIG_REDUCE_RAM) */ /* check-magic: on */ +/* + * MLD_TOTAL_ALLOC_*_KEYPAIR adapts based on MLD_CONFIG_KEYGEN_PCT. + * For legacy config, we don't know which options are used, so assume + * the worst case (PCT enabled). + */ +#if defined(MLD_API_LEGACY_CONFIG) || defined(MLD_CONFIG_KEYGEN_PCT) +#define MLD_TOTAL_ALLOC_44_KEYPAIR MLD_TOTAL_ALLOC_44_KEYPAIR_PCT +#define MLD_TOTAL_ALLOC_65_KEYPAIR MLD_TOTAL_ALLOC_65_KEYPAIR_PCT +#define MLD_TOTAL_ALLOC_87_KEYPAIR MLD_TOTAL_ALLOC_87_KEYPAIR_PCT +#else +#define MLD_TOTAL_ALLOC_44_KEYPAIR MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT +#define MLD_TOTAL_ALLOC_65_KEYPAIR MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT +#define MLD_TOTAL_ALLOC_87_KEYPAIR MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT +#endif + /* * `MLD_MAX_TOTAL_ALLOC_{KEYPAIR,SIGN,VERIFY}` is the maximum across all * parameter sets for each operation. - * `MLD_MAX_TOTAL_ALLOC` is the maximum across all parameter sets and - * operations. */ #define MLD_MAX_TOTAL_ALLOC_KEYPAIR MLD_TOTAL_ALLOC_87_KEYPAIR #define MLD_MAX_TOTAL_ALLOC_SIGN MLD_TOTAL_ALLOC_87_SIGN diff --git a/test/configs/configs.yml b/test/configs/configs.yml index ce4931f49..1565ddb5a 100644 --- a/test/configs/configs.yml +++ b/test/configs/configs.yml @@ -302,6 +302,7 @@ configs: - path: examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h description: "Multilevel monolithic build config" defines: + MLD_CONFIG_NO_SUPERCOP: true MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_INTERNAL_API_QUALIFIER: static @@ -311,6 +312,7 @@ configs: - path: examples/multilevel_build/mldsa_native/mldsa_native_config.h description: "Multilevel build config" defines: + MLD_CONFIG_NO_SUPERCOP: true MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_FILE: @@ -319,6 +321,7 @@ configs: - path: examples/multilevel_build_native/mldsa_native/mldsa_native_config.h description: "Multilevel build config" defines: + MLD_CONFIG_NO_SUPERCOP: true MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true @@ -329,6 +332,7 @@ configs: - path: examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h description: "Multilevel monolithic build config with native backends" defines: + MLD_CONFIG_NO_SUPERCOP: true MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true @@ -401,7 +405,11 @@ configs: description: "Configuration for low RAM build of mldsa-native" defines: MLD_CONFIG_NAMESPACE_PREFIX: mldsa - MLD_CONFIG_REDUCE_RAM: true + MLD_CONFIG_REDUCE_RAM: + content: | + #if !defined(MLD_CONFIG_REDUCE_RAM) + #define MLD_CONFIG_REDUCE_RAM + #endif MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" @@ -409,11 +417,6 @@ configs: description: "Using custom allocation that can be made fail at specific invocation" defines: MLD_CONFIG_NAMESPACE_PREFIX: mld - MLD_CONFIG_KEYGEN_PCT: - content: | - #if !defined(MLD_CONFIG_KEYGEN_PCT) - #define MLD_CONFIG_KEYGEN_PCT - #endif MLD_CONFIG_CUSTOM_ALLOC_FREE: content: | #define MLD_CONFIG_CUSTOM_ALLOC_FREE diff --git a/test/configs/test_alloc_config.h b/test/configs/test_alloc_config.h index 5bfa9c123..c817b31e5 100644 --- a/test/configs/test_alloc_config.h +++ b/test/configs/test_alloc_config.h @@ -31,7 +31,6 @@ * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: * - MLD_CONFIG_NAMESPACE_PREFIX - * - MLD_CONFIG_KEYGEN_PCT * - MLD_CONFIG_CUSTOM_ALLOC_FREE */ @@ -630,10 +629,7 @@ void custom_free(void *p, size_t sz, const char *file, int line, * key generation. * *****************************************************************************/ -#if !defined(MLD_CONFIG_KEYGEN_PCT) -#define MLD_CONFIG_KEYGEN_PCT -#endif - +/* #define MLD_CONFIG_KEYGEN_PCT */ /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST diff --git a/test/src/test_alloc.c b/test/src/test_alloc.c index b4e1cc5cd..fc4a67bf8 100644 --- a/test/src/test_alloc.c +++ b/test/src/test_alloc.c @@ -17,6 +17,9 @@ * Level-dependent allocation limit macros. * These expand to the right MLD_TOTAL_ALLOC_{44,65,87}_* constant * based on MLD_CONFIG_API_PARAMETER_SET. + * + * Note: MLD_TOTAL_ALLOC_*_KEYPAIR in the header automatically adapts + * based on MLD_CONFIG_KEYGEN_PCT. */ #define MLD_TOTAL_ALLOC_KEYPAIR__(LVL) MLD_TOTAL_ALLOC_##LVL##_KEYPAIR #define MLD_TOTAL_ALLOC_KEYPAIR_(LVL) MLD_TOTAL_ALLOC_KEYPAIR__(LVL) @@ -644,6 +647,7 @@ int main(void) /* * For parameter set 87, also check that the high watermarks match * the MLD_MAX_TOTAL_ALLOC_* constants (which are defined as the 87 values). + * MLD_MAX_TOTAL_ALLOC_KEYPAIR adapts based on MLD_CONFIG_KEYGEN_PCT. */ #if MLD_CONFIG_API_PARAMETER_SET == 87 CHECK_ALLOC_MATCH(global_bump_high_mark_keypair, MLD_MAX_TOTAL_ALLOC_KEYPAIR);