Merge pull request #12 from pq-code-package/ci-c90

Achieve C90 compliance and test in CI

Author: mjosaarinen

.github/workflows/base.yml

@@ -40,3 +40,30 @@ jobs:
         run: |
           make
           python3 test/acvp_client.py --version ${{ matrix.acvp-version }}
+  quickcheck-c90:
+    strategy:
+      fail-fast: false
+      matrix:
+        external:
+         - ${{ github.repository_owner != 'pq-code-package' }}
+        target:
+         - runner: pqcp-arm64
+           name: 'aarch64'
+         - runner: ubuntu-latest
+           name: 'x86_64'
+        exclude:
+          - {external: true,
+             target: {
+               runner: pqcp-arm64,
+               name: 'aarch64'
+             }}
+    name: Quickcheck C90 (${{ matrix.target.name }})
+    runs-on: ${{ matrix.target.runner }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: make quickcheck
+        run: |
+          CFLAGS=-std=c90 make test
+  

Makefile

@@ -9,8 +9,8 @@ OBJS	= 	$(CSRC:.c=.o)
 XTEST	?=	xfips205
 XTESTC	?=	test/xfips205.c
 
-CC 		=	gcc
-CFLAGS	:=	-Wall \
+CC      ?= gcc
+CFLAGS  :=	-Wall \
 		-Wextra \
 		-Werror=unused-result \
 		-Wpedantic \
@@ -24,7 +24,8 @@ CFLAGS	:=	-Wall \
 		-O3 \
 		-fomit-frame-pointer \
 		-std=c99 \
-		-pedantic
+		-pedantic \
+		$(CFLAGS)
 
 LDLIBS	+=
 

README.md

@@ -1,7 +1,10 @@
 [//]: # (SPDX-License-Identifier: CC-BY-4.0)
 #   slhdsa-c
+[![License: Apache](https://img.shields.io/badge/license-Apache--2.0-green.svg)](https://www.apache.org/licenses/LICENSE-2.0)
+[![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-A portable C implementation of SLH-DSA ("Stateless Hash-Based Digital Signature Standard") as described in [FIPS 205](https://doi.org/10.6028/NIST.FIPS.205).
+A portable C90 implementation of SLH-DSA ("Stateless Hash-Based Digital Signature Standard") as described in [FIPS 205](https://doi.org/10.6028/NIST.FIPS.205).
 
 * Supports all 12 parameter sets in FIPS 205, both "pure" and "internal" functions (without recompiling for various parameter sets), as well as prehash modes.
 * Self-contained implementation without external dependencies. Can be easily included into applications.
@@ -25,6 +28,13 @@ This code was derived from [SLotH](https://github.com/slh-dsa/sloth) driver code
 | SLH-DSA-SHA2-256f  |  5  | 64 | 128 | 49856 |
 | SLH-DSA-SHAKE-256f |  5  | 64 | 128 | 49856 |
 
+## Status
+
+slhdsa-c is work in progress. **WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A
+PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.** Once we have the first stable version,
+this notice will be removed.
+
+
 ##  Building and Running Known Answer Tests
 
 The implementation in this directory includes the necessary hash functions and, hence, has no external library dependencies. On a Linux system, you can typically use `make` to build the test wrapper executable `xfips205`.
@@ -38,23 +48,23 @@ gcc -Wall -Wextra -Werror=unused-result -Wpedantic -Werror -Wmissing-prototypes
 
 ###	Running the ACVP tests
 
-The static test cases need to be initially fetched from NIST's [ACVP-Server](https://github.com/usnistgov/ACVP-Server) repository, which is instantiated as submodule `test/ACVP-Server`. The Makefile should be able to do this automatically in case the submodule has not been initialized, but this may take some time.
-
-As a prerequisite you will require python3 and [gnu parallel](https://www.gnu.org/software/parallel) (a standard Linux package in most cases), which makes the full test run in less than 1 minute.
-
-During the process, the script [`test/test_slhdsa.py`](test/test_slhdsa.py) will translate the test cases into a shell file `test/acvp_cases.sh`, which then contains test case feed for `xfips205`.
+[`test/acvp_client.py`](test/acvp_client.py) implement ACVP tests and can also be executed through `make test`.
+The ACVP version can be specified by passing the `--version` argument to the [`test/acvp_client.py`](test/acvp_client.py). 
+The static test vectors are automatically fetched from NIST's [ACVP-Server](https://github.com/usnistgov/ACVP-Server) repository on first execution.s
 
 ```console
 $ make test
+python3 test/acvp_client.py
+Using ACVP test vectors version v1.1.0.40
+Running 1248 tests with 16 parallel jobs
+[PASS] keyGen SLH-DSA-SHA2-128s [1] slh_keygen_internal()
 ...
-cat test/acvp_cases.sh | parallel --pipe bash | tee test.log
-[PASS] sigGen SLH-DSA-SHA2-192f [22] slh_sign()
-...
-[PASS] sigGen SLH-DSA-SHAKE-192s [553] hash_slh_sign(SHAKE-128)
+[PASS] sigVer SLH-DSA-SHAKE-256s [497] slh_verify_internal()
+
 === test summary ===
 PASS: 1248
-SKIP: 0
 FAIL: 0
+ALL GOOD!
 ```
 
 ##  Structure of the implementation
@@ -83,10 +93,8 @@ slhdsa-c
 ├── slh_shake.c         # SLH-DSA instantiation for SHA3/SHAKE hash family
 ├── slh_var.h           # internal SLH-DSA context structure
 └── test                # testing stuff (not for application)
-    ├── acvp_cases.sh   # precompiled ACVP test cases
-    ├── ACVP-Server     # optional submodule (contains original test cases)
     ├── Makefile        # makefile for local test tasks
-    ├── test_slhdsa.py  # parses JSON files into acvp_cases.sh
+    ├── acvp_client.py  # ACVP client
     └── xfips205.c      # command-line test harness
 ```
 

plat_local.h

@@ -15,6 +15,7 @@ extern "C"
 
 #include <stddef.h>
 #include <stdint.h>
+#include "slh_sys.h"
 
 #ifndef PLAT_VERS_STR
 #define PLAT_VERS_STR "dev version"
@@ -112,7 +113,7 @@ extern "C"
 #else
 /* RISC-V: grev(x, 0x18) or rev8 */
 
-static inline uint32_t rev8_be32(uint32_t x)
+static SLH_INLINE uint32_t rev8_be32(uint32_t x)
 {
   return ((x & 0xFF000000) >> 24) | ((x & 0x00FF0000) >> 8) |
          ((x & 0x0000FF00) << 8) | ((x & 0x000000FF) << 24);
@@ -123,7 +124,7 @@ static inline uint32_t rev8_be32(uint32_t x)
 #define rev8_be64(x) (x)
 #else
 /* RISC-V: grev(x, 0x38) or rev8(x) */
-static inline uint64_t rev8_be64(uint64_t x)
+static SLH_INLINE uint64_t rev8_be64(uint64_t x)
 {
   return (x << 56) | ((x & 0x000000000000FF00LL) << 40) |
          ((x & 0x0000000000FF0000LL) << 24) |
@@ -135,70 +136,70 @@ static inline uint64_t rev8_be64(uint64_t x)
 
   /* rotate left */
 
-  static inline uint32_t rol32(uint32_t x, uint32_t n)
+  static SLH_INLINE uint32_t rol32(uint32_t x, uint32_t n)
   {
     return (x << n) | (x >> (32 - n));
   }
 
-  static inline uint64_t rol64(uint64_t x, uint64_t n)
+  static SLH_INLINE uint64_t rol64(uint64_t x, uint64_t n)
   {
     return (x << n) | (x >> (64 - n));
   }
 
   /* rotate right (RISC-V ROR or RORI) */
 
-  static inline uint32_t ror32(uint32_t x, uint32_t n)
+  static SLH_INLINE uint32_t ror32(uint32_t x, uint32_t n)
   {
     return (x >> n) | (x << (32 - n));
   }
 
-  static inline uint64_t ror64(uint64_t x, uint64_t n)
+  static SLH_INLINE uint64_t ror64(uint64_t x, uint64_t n)
   {
     return (x >> n) | (x << (64 - n));
   }
 
   /* and with negate (RISC-V ANDN) */
 
-  static inline uint32_t andn32(uint32_t x, uint32_t y) { return x & ~y; }
+  static SLH_INLINE uint32_t andn32(uint32_t x, uint32_t y) { return x & ~y; }
 
-  static inline uint64_t andn64(uint64_t x, uint64_t y) { return x & ~y; }
+  static SLH_INLINE uint64_t andn64(uint64_t x, uint64_t y) { return x & ~y; }
 
   /* little-endian loads and stores (unaligned) */
 
-  static inline uint16_t get16u_le(const uint8_t *v)
+  static SLH_INLINE uint16_t get16u_le(const uint8_t *v)
   {
     return (((uint16_t)v[1]) << 8) | ((uint16_t)v[0]);
   }
 
-  static inline void put16u_le(uint8_t *v, uint16_t x)
+  static SLH_INLINE void put16u_le(uint8_t *v, uint16_t x)
   {
     v[0] = x;
     v[1] = x >> 8;
   }
 
-  static inline uint32_t get32u_le(const uint8_t *v)
+  static SLH_INLINE uint32_t get32u_le(const uint8_t *v)
   {
     return ((uint32_t)v[0]) | (((uint32_t)v[1]) << 8) |
            (((uint32_t)v[2]) << 16) | (((uint32_t)v[3]) << 24);
   }
 
-  static inline void put32u_le(uint8_t *v, uint32_t x)
+  static SLH_INLINE void put32u_le(uint8_t *v, uint32_t x)
   {
     v[0] = x;
     v[1] = x >> 8;
     v[2] = x >> 16;
     v[3] = x >> 24;
   }
 
-  static inline uint64_t get64u_le(const uint8_t *v)
+  static SLH_INLINE uint64_t get64u_le(const uint8_t *v)
   {
     return ((uint64_t)v[0]) | (((uint64_t)v[1]) << 8) |
            (((uint64_t)v[2]) << 16) | (((uint64_t)v[3]) << 24) |
            (((uint64_t)v[4]) << 32) | (((uint64_t)v[5]) << 40) |
            (((uint64_t)v[6]) << 48) | (((uint64_t)v[7]) << 56);
   }
 
-  static inline void put64u_le(uint8_t *v, uint64_t x)
+  static SLH_INLINE void put64u_le(uint8_t *v, uint64_t x)
   {
     v[0] = x;
     v[1] = x >> 8;
@@ -212,40 +213,40 @@ static inline uint64_t rev8_be64(uint64_t x)
 
   /* big-endian loads and stores (unaligned) */
 
-  static inline uint16_t get16u_be(const uint8_t *v)
+  static SLH_INLINE uint16_t get16u_be(const uint8_t *v)
   {
     return (((uint16_t)v[0]) << 8) | ((uint16_t)v[1]);
   }
 
-  static inline void put16u_be(uint8_t *v, uint16_t x)
+  static SLH_INLINE void put16u_be(uint8_t *v, uint16_t x)
   {
     v[0] = x >> 8;
     v[1] = x;
   }
 
-  static inline uint32_t get32u_be(const uint8_t *v)
+  static SLH_INLINE uint32_t get32u_be(const uint8_t *v)
   {
     return (((uint32_t)v[0]) << 24) | (((uint32_t)v[1]) << 16) |
            (((uint32_t)v[2]) << 8) | ((uint32_t)v[3]);
   }
 
-  static inline void put32u_be(uint8_t *v, uint32_t x)
+  static SLH_INLINE void put32u_be(uint8_t *v, uint32_t x)
   {
     v[0] = x >> 24;
     v[1] = x >> 16;
     v[2] = x >> 8;
     v[3] = x;
   }
 
-  static inline uint64_t get64u_be(const uint8_t *v)
+  static SLH_INLINE uint64_t get64u_be(const uint8_t *v)
   {
     return (((uint64_t)v[0]) << 56) | (((uint64_t)v[1]) << 48) |
            (((uint64_t)v[2]) << 40) | (((uint64_t)v[3]) << 32) |
            (((uint64_t)v[4]) << 24) | (((uint64_t)v[5]) << 16) |
            (((uint64_t)v[6]) << 8) | ((uint64_t)v[7]);
   }
 
-  static inline void put64u_be(uint8_t *v, uint64_t x)
+  static SLH_INLINE void put64u_be(uint8_t *v, uint64_t x)
   {
     v[0] = x >> 56;
     v[1] = x >> 48;