example: add the multilevel_build_no_stdlib example

- This commit add an example demonstrating how to build mlkem-native without the standard library (-nostdlib)
- Create an example folder named `multilevel_build_no_stdlib`
- Add the `example_no_stdlib_config.h` reference from `test/custom_stdlib_config.h`,
  this config provide custom implementations for mlk_memcpy and mlk_memset
- Add the `-nostdlib` cflag during generating objects file.
- Integrate this example to the `tests` script and ./Makefile
- Add this example to the `base.yml` for CI testing
Signed-off-by: willieyz <[email protected]>

Author: willieyz

.github/workflows/base.yml

@@ -251,6 +251,9 @@ jobs:
       - name: multilevel_build_native
         run: |
           CFLAGS="-O0" make run -C examples/multilevel_build_native
+      - name: multilevel_build_no_stdlib
+        run: |
+          CFLAGS="-O0" make run -C examples/multilevel_build_no_stdlib
   simpasm:
     strategy:
       fail-fast: false

Makefile

@@ -224,3 +224,4 @@ clean:
 	-make clean -C examples/monolithic_build_multilevel_native >/dev/null
 	-make clean -C examples/multilevel_build >/dev/null
 	-make clean -C examples/multilevel_build_native >/dev/null
+	-make clean -C examples/multilevel_build_no_stdlib > /dev/null

examples/README.md

@@ -13,6 +13,12 @@ See [basic](basic) for a basic example of how to build a single instance of mlke
 See [multilevel_build](multilevel_build) for an example of how to build one instance of mlkem-native per security level,
 in such a way that level-independent code is shared.
 
+## Multi-level build with no stdlib (C only)
+
+See [multilevel_build_no_stdlib](multilevel_build_no_stdlib) for an example of how to build one instance of mlkem-native per security level,
+with `-nostdlib` flag, the `mlk_memcpy` and `mlk_memset` are replaced by custom implementation.
+in such a way that level-independent code with no stadard libary is shared.
+
 ## Multi-level build (with native code)
 
 See [multilevel_build_native](multilevel_build_native) for an example of how to build one instance of mlkem-native per

examples/multilevel_build_no_stdlib/.gitignore

@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+build

examples/multilevel_build_no_stdlib/Makefile

@@ -0,0 +1,128 @@
+# (SPDX-License-Identifier: CC-BY-4.0)
+
+.PHONY: build run clean mlkem512_objs mlkem768_objs mlkem1024_objs mlkem_objs size size_objs
+.DEFAULT_GOAL := all
+
+Q ?= @
+# Append cross-prefix for cross compilation
+# Remove or ignore for native builds
+CC  ?= gcc
+SIZE ?= size
+# When called from the root Makefile, CROSS_PREFIX has already been added here
+ifeq (,$(findstring $(CROSS_PREFIX),$(CC)))
+CC  := $(CROSS_PREFIX)$(CC)
+endif
+
+ifeq (,$(findstring $(CROSS_PREFIX),$(SIZE)))
+SIZE  := $(CROSS_PREFIX)$(SIZE)
+endif
+
+# Part A:
+#
+# mlkem-native source and header files
+#
+# If you are not concerned about minimizing for a specific backend,
+# you can just include _all_ source files into your build.
+MLK_SOURCE_ALL := $(wildcard             \
+	mlkem_native/mlkem/src/*.c           \
+	mlkem_native/mlkem/src/**/*.c        \
+	mlkem_native/mlkem/src/**/**/*.c     \
+	mlkem_native/mlkem/src/**/**/**/*.c)
+MLK_SOURCE:=$(foreach S,$(MLK_SOURCE_ALL),\
+  $(if $(findstring /native/,$S),,$S))
+
+INC=-Imlkem_native -Imlkem_native/mlkem -Imlkem_native/mlkem/src
+
+BUILD_DIR=build
+MLKEM512_DIR = $(BUILD_DIR)/mlkem512
+MLKEM768_DIR = $(BUILD_DIR)/mlkem768
+MLKEM1024_DIR = $(BUILD_DIR)/mlkem1024
+
+MLKEM512_OBJS=$(patsubst %,$(MLKEM512_DIR)/%.o,$(MLK_SOURCE))
+MLKEM768_OBJS=$(patsubst %,$(MLKEM768_DIR)/%.o,$(MLK_SOURCE))
+MLKEM1024_OBJS=$(patsubst %,$(MLKEM1024_DIR)/%.o,$(MLK_SOURCE))
+
+$(MLKEM512_OBJS): $(MLKEM512_DIR)/%.c.o: %.c
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC)  -nostdlib -DMLK_CONFIG_MULTILEVEL_WITH_SHARED -DMLK_CONFIG_PARAMETER_SET=512 $(INC) $(CFLAGS) -c $^ -o $@
+
+$(MLKEM768_OBJS): $(MLKEM768_DIR)/%.c.o: %.c
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -nostdlib -DMLK_CONFIG_MULTILEVEL_NO_SHARED -DMLK_CONFIG_PARAMETER_SET=768 $(INC) $(CFLAGS) -c $^ -o $@
+
+$(MLKEM1024_OBJS): $(MLKEM1024_DIR)/%.c.o: %.c
+	$(Q)[ -d $(@D) ] || mkdir -p $(@D)
+	$(Q)$(CC) -nostdlib -DMLK_CONFIG_MULTILEVEL_NO_SHARED -DMLK_CONFIG_PARAMETER_SET=1024 $(INC) $(CFLAGS) -c $^ -o $@
+
+mlkem512_objs: $(MLKEM512_OBJS)
+mlkem768_objs: $(MLKEM768_OBJS)
+mlkem1024_objs: $(MLKEM1024_OBJS)
+mlkem_objs: mlkem512_objs mlkem768_objs mlkem1024_objs
+
+# Part B:
+#
+# Random number generator
+#
+# !!! WARNING !!!
+#
+# The randombytes() implementation used here is for TESTING ONLY.
+# You MUST NOT use this implementation outside of testing.
+#
+# !!! WARNING !!!
+RNG_SOURCE=$(wildcard test_only_rng/*.c)
+
+# Part C:
+#
+# Your application source code
+APP_SOURCE=$(wildcard *.c)
+
+BIN=test_binary
+
+CFLAGS := \
+	-Wall \
+	-Wextra \
+	-Werror \
+	-Wmissing-prototypes \
+	-Wshadow \
+	-Werror \
+	-Wpointer-arith \
+	-Wredundant-decls \
+	-Wno-long-long \
+	-Wno-unknown-pragmas \
+	-Wno-unused-command-line-argument \
+	-fomit-frame-pointer \
+        -DMLK_CONFIG_NAMESPACE_PREFIX=mlkem \
+	-std=c99 \
+	-pedantic \
+	-MMD \
+	-O3 \
+	$(CFLAGS)
+
+BINARY_NAME_FULL=$(BUILD_DIR)/$(BIN)
+
+CFLAGS += -DMLK_CONFIG_FILE="\"example_no_stdlib_config.h\""
+
+$(BINARY_NAME_FULL): $(APP_SOURCE) $(RNG_SOURCE) $(MLKEM512_OBJS) $(MLKEM768_OBJS) $(MLKEM1024_OBJS)
+	echo "$@"
+	mkdir -p $(BUILD_DIR)
+	$(CC) $(CFLAGS) $(INC) $^ -o $@
+
+all: build size_objs
+
+build: $(BINARY_NAME_FULL)
+
+run: $(BINARY_NAME_FULL)
+	$(EXEC_WRAPPER) ./$(BINARY_NAME_FULL)
+
+size: build
+	@echo "=== Size info for $(BINARY_NAME_FULL) ==="
+	$(Q)$(SIZE) $(BINARY_NAME_FULL)
+
+size_objs: size
+	$(Q)echo "=== Object size summary ==="
+	$(Q)$(SIZE) $(shell find $(BUILD_DIR)/mlkem512 -name '*.o') | (read header; echo "$$header"; awk '$$5 != 0' | sort -k5 -n -r)
+	$(Q)$(SIZE) $(shell find $(BUILD_DIR)/mlkem768 -name '*.o') | (read header; echo "$$header"; awk '$$5 != 0' | sort -k5 -n -r)
+	$(Q)$(SIZE) $(shell find $(BUILD_DIR)/mlkem1024 -name '*.o') | (read header; echo "$$header"; awk '$$5 != 0' | sort -k5 -n -r)
+
+clean:
+	rm -rf $(BUILD_DIR)

examples/multilevel_build_no_stdlib/README.md

@@ -0,0 +1,18 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# Multi-level build with no standard library
+
+This directory contains a minimal example for how to build mlkem-native with support for all 3 security levels
+MLKEM-512, MLKEM-768, and MLKEM-1024, and so that level-independent code is shared. In this example, only the C-backend
+of mlkem-native is used.
+
+The library is built 3 times in different build directories `build/mlkem{512,768,1024}`. For the MLKEM-512 build, we set
+`MLK_CONFIG_MULTILEVEL_WITH_SHARED` to force the inclusion of all level-independent code in the
+MLKEM512-build. For MLKEM-768 and MLKEM-1024, we set `MLK_CONFIG_MULTILEVEL_NO_SHARED` to not include any
+level-independent code, beside this, this example replace the `mlk_memcpy`, `mlk_memset` with the custom implementation memcpy and memset instead of using the stdlib by adding `example_no_stdlib_config.h`, and add the `-nostdlib` during objects file building,
+Finally, we use the common namespace prefix `mlkem` as `MLK_CONFIG_NAMESPACE_PREFIX` for all three builds; 
+the suffix 512/768/1024 will be added to level-dependent functions automatically.
+
+## Usage
+
+Build this example with `make build`, run with `make run`.

examples/multilevel_build_no_stdlib/main.c

@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mlkem_native_all.h"
+#include "test_only_rng/notrandombytes.h"
+
+#define CHECK(x)                                              \
+  do                                                          \
+  {                                                           \
+    int rc;                                                   \
+    rc = (x);                                                 \
+    if (!rc)                                                  \
+    {                                                         \
+      fprintf(stderr, "ERROR (%s,%d)\n", __FILE__, __LINE__); \
+      return 1;                                               \
+    }                                                         \
+  } while (0)
+
+static int test_keys_mlkem512(void)
+{
+  /* The PCT modifies the PRNG state, so the KAT tests don't work.
+   * We run KAT tests only for disabled PCT. */
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  const uint8_t expected_key[] = {
+      0x77, 0x6c, 0x74, 0xdf, 0x30, 0x1f, 0x8d, 0x82, 0x52, 0x5e, 0x8e,
+      0xbb, 0xb4, 0x00, 0x95, 0xcd, 0x2e, 0x92, 0xdf, 0x6d, 0xc9, 0x33,
+      0xe7, 0x86, 0x62, 0x59, 0xf5, 0x31, 0xc7, 0x35, 0x0a, 0xd5};
+#endif /* !MLK_CONFIG_KEYGEN_PCT */
+
+  uint8_t pk[MLKEM512_PUBLICKEYBYTES];
+  uint8_t sk[MLKEM512_SECRETKEYBYTES];
+  uint8_t ct[MLKEM512_CIPHERTEXTBYTES];
+  uint8_t key_a[MLKEM512_BYTES];
+  uint8_t key_b[MLKEM512_BYTES];
+
+  /* WARNING: Test-only
+   * Normally, you would want to seed a PRNG with trustworthy entropy here. */
+  randombytes_reset();
+
+  /* Alice generates a public key */
+  CHECK(mlkem512_keypair(pk, sk) == 0);
+
+  /* Bob derives a secret key and creates a response */
+  CHECK(mlkem512_enc(ct, key_b, pk) == 0);
+
+  /* Alice uses Bobs response to get her shared key */
+  CHECK(mlkem512_dec(key_a, ct, sk) == 0);
+
+  CHECK(memcmp(key_a, key_b, MLKEM512_BYTES) == 0);
+
+  printf("Shared secret: ");
+  {
+    size_t i;
+    for (i = 0; i < sizeof(key_a); i++)
+    {
+      printf("%02x", key_a[i]);
+    }
+  }
+  printf("\n");
+
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  /* Check against hardcoded result to make sure that
+   * we integrated custom FIPS202 correctly */
+  CHECK(memcmp(key_a, expected_key, sizeof(key_a)) == 0);
+#else
+  printf(
+      "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
+#endif
+
+  printf("[MLKEM-512] OK\n");
+  return 0;
+}
+
+static int test_keys_mlkem768(void)
+{
+  /* The PCT modifies the PRNG state, so the KAT tests don't work.
+   * We run KAT tests only for disabled PCT. */
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  const uint8_t expected_key[] = {
+      0xe9, 0x13, 0x77, 0x84, 0x0e, 0x6b, 0x66, 0x94, 0xea, 0xa9, 0xf0,
+      0x1c, 0x97, 0xff, 0x68, 0x87, 0x4e, 0x8b, 0x0c, 0x52, 0x0b, 0x00,
+      0xc2, 0xcd, 0xe3, 0x7c, 0x4f, 0xc2, 0x39, 0x62, 0x6e, 0x70};
+#endif /* !MLK_CONFIG_KEYGEN_PCT */
+
+  uint8_t pk[MLKEM768_PUBLICKEYBYTES];
+  uint8_t sk[MLKEM768_SECRETKEYBYTES];
+  uint8_t ct[MLKEM768_CIPHERTEXTBYTES];
+  uint8_t key_a[MLKEM768_BYTES];
+  uint8_t key_b[MLKEM768_BYTES];
+
+  /* WARNING: Test-only
+   * Normally, you would want to seed a PRNG with trustworthy entropy here. */
+  randombytes_reset();
+
+  /* Alice generates a public key */
+  CHECK(mlkem768_keypair(pk, sk) == 0);
+
+  /* Bob derives a secret key and creates a response */
+  CHECK(mlkem768_enc(ct, key_b, pk) == 0);
+
+  /* Alice uses Bobs response to get her shared key */
+  CHECK(mlkem768_dec(key_a, ct, sk) == 0);
+
+  CHECK(memcmp(key_a, key_b, MLKEM768_BYTES) == 0);
+
+  printf("Shared secret: ");
+  {
+    size_t i;
+    for (i = 0; i < sizeof(key_a); i++)
+    {
+      printf("%02x", key_a[i]);
+    }
+  }
+  printf("\n");
+
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  /* Check against hardcoded result to make sure that
+   * we integrated custom FIPS202 correctly */
+  CHECK(memcmp(key_a, expected_key, sizeof(key_a)) == 0);
+#else
+  printf(
+      "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
+#endif
+
+  printf("[MLKEM-768] OK\n");
+  return 0;
+}
+
+
+static int test_keys_mlkem1024(void)
+{
+  /* The PCT modifies the PRNG state, so the KAT tests don't work.
+   * We run KAT tests only for disabled PCT. */
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  const uint8_t expected_key[] = {
+      0x5d, 0x9e, 0x23, 0x5f, 0xcc, 0xb2, 0xb3, 0x49, 0x9a, 0x5f, 0x49,
+      0x0a, 0x56, 0xe3, 0xf0, 0xd3, 0xfd, 0x9b, 0x58, 0xbd, 0xa2, 0x8b,
+      0x69, 0x0f, 0x91, 0xb5, 0x7b, 0x88, 0xa5, 0xa8, 0x0b, 0x90};
+#endif /* !MLK_CONFIG_KEYGEN_PCT */
+  uint8_t pk[MLKEM1024_PUBLICKEYBYTES];
+  uint8_t sk[MLKEM1024_SECRETKEYBYTES];
+  uint8_t ct[MLKEM1024_CIPHERTEXTBYTES];
+  uint8_t key_a[MLKEM1024_BYTES];
+  uint8_t key_b[MLKEM1024_BYTES];
+
+  /* WARNING: Test-only
+   * Normally, you would want to seed a PRNG with trustworthy entropy here. */
+  randombytes_reset();
+
+  /* Alice generates a public key */
+  CHECK(mlkem1024_keypair(pk, sk) == 0);
+
+  /* Bob derives a secret key and creates a response */
+  CHECK(mlkem1024_enc(ct, key_b, pk) == 0);
+
+  /* Alice uses Bobs response to get her shared key */
+  CHECK(mlkem1024_dec(key_a, ct, sk) == 0);
+
+  CHECK(memcmp(key_a, key_b, MLKEM1024_BYTES) == 0);
+
+  printf("Shared secret: ");
+  {
+    size_t i;
+    for (i = 0; i < sizeof(key_a); i++)
+    {
+      printf("%02x", key_a[i]);
+    }
+  }
+  printf("\n");
+
+#if !defined(MLK_CONFIG_KEYGEN_PCT)
+  /* Check against hardcoded result to make sure that
+   * we integrated custom FIPS202 correctly */
+  CHECK(memcmp(key_a, expected_key, sizeof(key_a)) == 0);
+#else
+  printf(
+      "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
+#endif
+
+  printf("[MLKEM-1024] OK\n");
+  return 0;
+}
+
+int main(void)
+{
+  if (test_keys_mlkem512() != 0)
+  {
+    return 1;
+  }
+
+  if (test_keys_mlkem768() != 0)
+  {
+    return 1;
+  }
+
+  if (test_keys_mlkem1024() != 0)
+  {
+    return 1;
+  }
+
+  return 0;
+}