Add no-stdlib build for mlkem-native

.github/workflows/base.yml

@@ -254,6 +254,9 @@ jobs:
       - name: multilevel_build_native
         run: |
           CFLAGS="-O0" make run -C examples/multilevel_build_native
+      - name: multilevel_build_no_stdlib
+        run: |
+          CFLAGS="-O0" make run -C examples/multilevel_build_no_stdlib
   simpasm:
     strategy:
       fail-fast: false

.github/workflows/cbmc.yml

@@ -16,7 +16,7 @@ jobs:
       id-token: 'write'
     uses: ./.github/workflows/ci_ec2_reusable.yml
     with:
-      name: CBMC (MLKEM-512)
+      name: CBMC (ML-KEM-512)
       ec2_instance_type: c7g.4xlarge
       ec2_ami: ubuntu-latest (custom AMI)
       ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g
@@ -38,7 +38,7 @@ jobs:
       id-token: 'write'
     uses: ./.github/workflows/ci_ec2_reusable.yml
     with:
-      name: CBMC (MLKEM-768)
+      name: CBMC (ML-KEM-768)
       ec2_instance_type: c7g.4xlarge
       ec2_ami: ubuntu-latest (custom AMI)
       ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g
@@ -60,7 +60,7 @@ jobs:
       id-token: 'write'
     uses: ./.github/workflows/ci_ec2_reusable.yml
     with:
-      name: CBMC (MLKEM-1024)
+      name: CBMC (ML-KEM-1024)
       ec2_instance_type: c7g.4xlarge
       ec2_ami: ubuntu-latest (custom AMI)
       ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g

BIBLIOGRAPHY.md

@@ -27,6 +27,7 @@ source code and documentation.
 * URL: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements
 * Referenced from:
   - [examples/basic_deterministic/mlkem_native/custom_no_randomized_config.h](examples/basic_deterministic/mlkem_native/custom_no_randomized_config.h)
+  - [examples/multilevel_build_no_stdlib/mlkem_native/example_no_stdlib_config.h](examples/multilevel_build_no_stdlib/mlkem_native/example_no_stdlib_config.h)
   - [integration/liboqs/config_aarch64.h](integration/liboqs/config_aarch64.h)
   - [integration/liboqs/config_c.h](integration/liboqs/config_c.h)
   - [integration/liboqs/config_x86_64.h](integration/liboqs/config_x86_64.h)

Makefile

@@ -236,3 +236,4 @@ clean:
 	-make clean -C examples/monolithic_build_multilevel_native >/dev/null
 	-make clean -C examples/multilevel_build >/dev/null
 	-make clean -C examples/multilevel_build_native >/dev/null
+	-make clean -C examples/multilevel_build_no_stdlib > /dev/null

examples/README.md

@@ -16,6 +16,11 @@ See [basic_deterministic](basic_deterministic) for a basic example of how to bui
 See [multilevel_build](multilevel_build) for an example of how to build one instance of mlkem-native per security level,
 in such a way that level-independent code is shared.
 
+## Multi-level build without the standard library (C only)
+
+See multilevel_build_no_stdlib for an example of how to build one instance of mlkem-native per security level without the standard library.
+In this example, `mlk_memcpy` and `mlk_memset` are replaced with custom implementations through [custom_no_stdlib_config.h](../test/custom_stdlib_config.h).
+
 ## Multi-level build (with native code)
 
 See [multilevel_build_native](multilevel_build_native) for an example of how to build one instance of mlkem-native per

examples/monolithic_build_multilevel/README.md

@@ -41,7 +41,7 @@ by `MLK_CONFIG_PARAMETER_SET`) every time.
 ```
 
 Note the setting `MLK_CONFIG_MULTILEVEL_WITH_SHARED` which forces the inclusion of all level-independent
-code in the MLKEM-512 build, and the setting `MLK_CONFIG_MULTILEVEL_NO_SHARED`, which drops all
+code in the ML-KEM-512 build, and the setting `MLK_CONFIG_MULTILEVEL_NO_SHARED`, which drops all
 level-independent code in the subsequent builds. Finally, `MLK_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS` entails that
 `mlkem_native.c` does not `#undefine` the `#define` clauses from level-independent files.
 
@@ -54,23 +54,23 @@ would lead to name-clashes upon multiple use.
 ```C
 #define MLK_CONFIG_API_NO_SUPERCOP
 
-/* API for MLKEM-512 */
+/* API for ML-KEM-512 */
 #define MLK_CONFIG_API_PARAMETER_SET 512
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem512
 #include <mlkem_native.h>
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-768 */
+/* API for ML-KEM-768 */
 #define MLK_CONFIG_API_PARAMETER_SET 768
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem768
 #include <mlkem_native.h>
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-1024 */
+/* API for ML-KEM-1024 */
 #define MLK_CONFIG_API_PARAMETER_SET 1024
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem1024
 #include <mlkem_native.h>

examples/monolithic_build_multilevel/main.c

@@ -73,7 +73,7 @@ static int test_keys_mlkem512(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-512] OK\n");
+  printf("[ML-KEM-512] OK\n");
   return 0;
 }
 
@@ -128,7 +128,7 @@ static int test_keys_mlkem768(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-768] OK\n");
+  printf("[ML-KEM-768] OK\n");
   return 0;
 }
 
@@ -184,7 +184,7 @@ static int test_keys_mlkem1024(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-1024] OK\n");
+  printf("[ML-KEM-1024] OK\n");
   return 0;
 }
 

examples/monolithic_build_multilevel/mlkem_native_all.h

@@ -8,23 +8,23 @@
 
 #define MLK_CONFIG_API_NO_SUPERCOP
 
-/* API for MLKEM-512 */
+/* API for ML-KEM-512 */
 #define MLK_CONFIG_API_PARAMETER_SET 512
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem512
 #include <mlkem_native.h>
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-768 */
+/* API for ML-KEM-768 */
 #define MLK_CONFIG_API_PARAMETER_SET 768
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem768
 #include <mlkem_native.h>
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-1024 */
+/* API for ML-KEM-1024 */
 #define MLK_CONFIG_API_PARAMETER_SET 1024
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem1024
 #include <mlkem_native.h>

examples/monolithic_build_multilevel_native/README.md

@@ -42,7 +42,7 @@ appropriately first, and then includes the monobuild:
 ```
 
 Note the setting `MLK_CONFIG_MULTILEVEL_WITH_SHARED` which forces the inclusion of all level-independent
-code in the MLKEM-512 build, and the setting `MLK_CONFIG_MULTILEVEL_NO_SHARED`, which drops all
+code in the ML-KEM-512 build, and the setting `MLK_CONFIG_MULTILEVEL_NO_SHARED`, which drops all
 level-independent code in the subsequent builds. Finally, `MLK_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS` entails that
 [mlkem_native.c](mlkem/mlkem_native.c) does not `#undefine` the `#define` clauses from level-independent files.
 

examples/monolithic_build_multilevel_native/main.c

@@ -77,7 +77,7 @@ static int test_keys_mlkem512(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-512] OK\n");
+  printf("[ML-KEM-512] OK\n");
   return 0;
 }
 
@@ -132,7 +132,7 @@ static int test_keys_mlkem768(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-768] OK\n");
+  printf("[ML-KEM-768] OK\n");
   return 0;
 }
 
@@ -188,7 +188,7 @@ static int test_keys_mlkem1024(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-1024] OK\n");
+  printf("[ML-KEM-1024] OK\n");
   return 0;
 }
 

examples/multilevel_build/Makefile

@@ -89,7 +89,7 @@ CFLAGS := \
 	-Wno-unknown-pragmas \
 	-Wno-unused-command-line-argument \
 	-fomit-frame-pointer \
-        -DMLK_CONFIG_NAMESPACE_PREFIX=mlkem \
+    -DMLK_CONFIG_NAMESPACE_PREFIX=mlkem \
 	-std=c99 \
 	-pedantic \
 	-MMD \

examples/multilevel_build/README.md

@@ -3,12 +3,12 @@
 # Multi-level build
 
 This directory contains a minimal example for how to build mlkem-native with support for all 3 security levels
-MLKEM-512, MLKEM-768, and MLKEM-1024, and so that level-independent code is shared. In this example, only the C-backend
+ML-KEM-512, ML-KEM-768, and ML-KEM-1024, and so that level-independent code is shared. In this example, only the C-backend
 of mlkem-native is used.
 
-The library is built 3 times in different build directories `build/mlkem{512,768,1024}`. For the MLKEM-512 build, we set
+The library is built 3 times in different build directories `build/mlkem{512,768,1024}`. For the ML-KEM-512 build, we set
 `MLK_CONFIG_MULTILEVEL_WITH_SHARED` to force the inclusion of all level-independent code in the
-MLKEM512-build. For MLKEM-768 and MLKEM-1024, we set `MLK_CONFIG_MULTILEVEL_NO_SHARED` to not include any
+MLKEM512-build. For ML-KEM-768 and ML-KEM-1024, we set `MLK_CONFIG_MULTILEVEL_NO_SHARED` to not include any
 level-independent code. Finally, we use the common namespace prefix `mlkem` as `MLK_CONFIG_NAMESPACE_PREFIX` for all three
 builds; the suffix 512/768/1024 will be added to level-dependent functions automatically.
 

examples/multilevel_build/main.c

@@ -73,7 +73,7 @@ static int test_keys_mlkem512(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-512] OK\n");
+  printf("[ML-KEM-512] OK\n");
   return 0;
 }
 
@@ -128,7 +128,7 @@ static int test_keys_mlkem768(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-768] OK\n");
+  printf("[ML-KEM-768] OK\n");
   return 0;
 }
 
@@ -183,7 +183,7 @@ static int test_keys_mlkem1024(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-1024] OK\n");
+  printf("[ML-KEM-1024] OK\n");
   return 0;
 }
 

examples/multilevel_build/mlkem_native_all.h

@@ -6,23 +6,23 @@
 #if !defined(MLK_ALL_H)
 #define MLK_ALL_H
 
-/* API for MLKEM-512 */
+/* API for ML-KEM-512 */
 #define MLK_CONFIG_API_PARAMETER_SET 512
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem512
 #include "mlkem_native/mlkem/mlkem_native.h"
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-768 */
+/* API for ML-KEM-768 */
 #define MLK_CONFIG_API_PARAMETER_SET 768
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem768
 #include "mlkem_native/mlkem/mlkem_native.h"
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-1024 */
+/* API for ML-KEM-1024 */
 #define MLK_CONFIG_API_PARAMETER_SET 1024
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem1024
 #include "mlkem_native/mlkem/mlkem_native.h"

examples/multilevel_build_native/README.md

@@ -3,11 +3,11 @@
 # Multi-level build
 
 This directory contains a minimal example for how to build mlkem-native with support for all 3 security levels
-MLKEM-512, MLKEM-768, and MLKEM-1024. All level-independent code is shared, and native backends are in use.
+ML-KEM-512, ML-KEM-768, and ML-KEM-1024. All level-independent code is shared, and native backends are in use.
 
-The library is built 3 times in different build directories `build/mlkem{512,768,1024}`. For the MLKEM-512 build, we set
+The library is built 3 times in different build directories `build/mlkem{512,768,1024}`. For the ML-KEM-512 build, we set
 `MLK_CONFIG_MULTILEVEL_WITH_SHARED` to force the inclusion of all level-independent code in the
-MLKEM512-build. For MLKEM-768 and MLKEM-1024, we set `MLK_CONFIG_MULTILEVEL_NO_SHARED` to not include any
+MLKEM512-build. For ML-KEM-768 and ML-KEM-1024, we set `MLK_CONFIG_MULTILEVEL_NO_SHARED` to not include any
 level-independent code. Finally, we use the common namespace prefix `mlkem` as `MLK_CONFIG_NAMESPACE_PREFIX` for all three
 builds; the suffix 512/768/1024 will be added to level-dependent functions automatically.
 

examples/multilevel_build_native/main.c

@@ -73,7 +73,7 @@ static int test_keys_mlkem512(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-512] OK\n");
+  printf("[ML-KEM-512] OK\n");
   return 0;
 }
 
@@ -128,7 +128,7 @@ static int test_keys_mlkem768(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-768] OK\n");
+  printf("[ML-KEM-768] OK\n");
   return 0;
 }
 
@@ -184,7 +184,7 @@ static int test_keys_mlkem1024(void)
       "[WARNING] Skipping KAT test since PCT is enabled and modifies PRNG\n");
 #endif
 
-  printf("[MLKEM-1024] OK\n");
+  printf("[ML-KEM-1024] OK\n");
   return 0;
 }
 

examples/multilevel_build_native/mlkem_native_all.h

@@ -6,23 +6,23 @@
 #if !defined(MLK_ALL_H)
 #define MLK_ALL_H
 
-/* API for MLKEM-512 */
+/* API for ML-KEM-512 */
 #define MLK_CONFIG_API_PARAMETER_SET 512
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem512
 #include "mlkem_native/mlkem/mlkem_native.h"
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-768 */
+/* API for ML-KEM-768 */
 #define MLK_CONFIG_API_PARAMETER_SET 768
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem768
 #include "mlkem_native/mlkem/mlkem_native.h"
 #undef MLK_CONFIG_API_PARAMETER_SET
 #undef MLK_CONFIG_API_NAMESPACE_PREFIX
 #undef MLK_H
 
-/* API for MLKEM-1024 */
+/* API for ML-KEM-1024 */
 #define MLK_CONFIG_API_PARAMETER_SET 1024
 #define MLK_CONFIG_API_NAMESPACE_PREFIX mlkem1024
 #include "mlkem_native/mlkem/mlkem_native.h"

examples/multilevel_build_no_stdlib/.gitignore

@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+build