Reference implementations of PQC
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 7.8 KiB

5 years ago
5 years ago
5 years ago
5 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. # PQClean
  2. [![Build Status on Travis CI](https://travis-ci.com/PQClean/PQClean.svg?branch=master)](https://travis-ci.com/PQClean/PQClean)
  3. [![Build Status on Appveyor](https://ci.appveyor.com/api/projects/status/186ky7yb9mlqj3io/branch/master?svg=true)](https://ci.appveyor.com/project/PQClean/pqclean/branch/master)
  4. [![Build Status on CircleCI](https://circleci.com/gh/PQClean/PQClean/tree/master.svg?style=svg)](https://circleci.com/gh/PQClean/PQClean/tree/master)
  5. **PQClean**, in short, is an effort to collect **clean** implementations of the post-quantum
  6. schemes that are in the
  7. [NIST post-quantum project](https://csrc.nist.gov/projects/post-quantum-cryptography).
  8. The goal of PQClean is to provide *standalone implementations* that
  9. * can easily be integrated into libraries such as [liboqs](https://openquantumsafe.org/#liboqs) or [libpqcrypto](https://libpqcrypto.org/);
  10. * can efficiently upstream into higher-level protocol integration efforts such as [Open Quantum Safe](https://openquantumsafe.org/#integrations);
  11. * can easily be integrated into benchmarking frameworks such as [SUPERCOP](https://bench.cr.yp.to/supercop.html);
  12. * can easily be integrated into frameworks targeting embedded platforms such as [pqm4](https://github.com/mupq/pqm4);
  13. * are suitable starting points for architecture-specific optimized implementations;
  14. * are suitable starting points for evaluation of implementation security; and
  15. * are suitable targets for formal verification.
  16. What PQClean is **not** aiming for is
  17. * a build system producing an integrated library of all schemes;
  18. * including benchmarking of implementations; and
  19. * including integration into higher-level applications or protocols.
  20. As a first main target, we are collecting C implementations that fulfill the requirements
  21. listed below.
  22. ## Requirements on C implementations that are automatically checked
  23. _The checking of items on this list is still being developed. Checked items should be working._
  24. * [x] Code is valid C99
  25. * [x] Passes functional tests
  26. * [x] API functions do not write outside provided buffers
  27. * [x] Compiles with `-Wall -Wextra -Wpedantic -Werror` with `gcc` and `clang`
  28. * [x] Consistent test vectors across runs
  29. * [x] Consistent test vectors on big-endian and little-endian machines
  30. * [x] Consistent test vectors on 32-bit and 64-bit machines
  31. * [x] No errors/warnings reported by valgrind
  32. * [x] No errors/warnings reported by address sanitizer
  33. * [ ] Only dependencies:
  34. * [x] `fips202.c`
  35. * [x] `sha2.c`
  36. * [ ] `aes.c`
  37. * [x] `randombytes.c`
  38. * [x] API functions return `0` on success
  39. * [x] No dynamic memory allocations
  40. * [ ] No branching on secret data (dynamically checked using valgrind)
  41. * [ ] No access to secret memory locations (dynamically checked using valgrind)
  42. * [x] Separate subdirectories (without symlinks) for each parameter set of each scheme
  43. * [x] Builds under Linux, MacOS, and Windows
  44. * [x] Linux
  45. * [x] MacOS
  46. * [x] Windows
  47. * [x] Makefile-based build for each separate scheme
  48. * [x] Makefile-based build for Windows (`nmake`)
  49. * [x] All exported symbols are namespaced with `PQCLEAN_SCHEMENAME_`
  50. * [x] Each implementation comes with a `LICENSE` file (see below)
  51. * [x] Each scheme comes with a `META.yml` file giving details about version of the algorithm, designers
  52. * [x] Each individual implementation is specified in `META.yml`.
  53. ## Requirements on C implementations that are manually checked
  54. * Makefiles without explicit rules (rely on implicit, built-in rules)
  55. * `#ifdef`s only for header encapsulation
  56. * No stringification macros
  57. * Output-parameter pointers in functions are on the left
  58. * `const` arguments are labeled as `const`
  59. * All exported symbols are namespaced in place
  60. * All integer types are of fixed size, using `stdint.h` types (including `uint8_t` instead of `unsigned char`)
  61. * Integers used for indexing are of size `size_t`
  62. * variable declarations at the beginning (except in `for (size_t i=...`)
  63. ## Clean C implementations currently in PQClean
  64. Currently, the continuous-integration and testing environment of PQClean is still work in progress
  65. and as a consequence PQClean does not yet have many implementations.
  66. <!--
  67. Currently, PQClean includes clean C implementations of the following KEMs:
  68. * [Kyber-512](https://pq-crystals.org/kyber/)
  69. * [Kyber-768](https://pq-crystals.org/kyber/)
  70. * [Kyber-1024](https://pq-crystals.org/kyber/)
  71. Currently, PQClean includes clean C implementations of the following signature schemes:
  72. * [Dilithium-III](https://pq-crystals.org/dilithium/)
  73. -->
  74. ## API used by PQClean
  75. PQClean is essentially using the same API as required for the NIST reference implementations,
  76. which is also used by SUPERCOP and by libpqcrypto. The only two differences to that API are
  77. the following:
  78. * All lengths are passed as type `size_t` instead of `unsigned long long`; and
  79. * Signatures offer two additional functions that follow the "traditional" approach used
  80. in most software stacks of computing and verifying signatures instead of producing and
  81. recovering signed messages. Specifically, those functions have the following name and signature:
  82. ```
  83. int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk);
  84. int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk);
  85. ```
  86. ## Building PQClean
  87. As noted above, PQClean is **not** meant to be built as a single library: it is a collection of source code that can be easily integrated into other libraries. The PQClean repository includes various test programs which do build various files, but you should not use the resulting binaries for any purpose.
  88. List of required dependencies: ``gcc or clang, make, python3, python-yaml library, valgrind, astyle (>= 3.0)``.
  89. ## Using source code from PQClean in your own project
  90. Each implementation directory in PQClean (e.g., crypto\_kem/kyber768\clean) can be extracted for use in your own project. You will need to:
  91. 1. Copy the source code from the implementation's directory into your project.
  92. 2. Add the files to your project's build system.
  93. 3. Provide instantiations of any of the common cryptographic algorithms used by the implementation. This likely includes `common/randombytes.h` (a cryptographic random number generator), and possibly `common/sha2.h` (the SHA-2 hash function family) and `common/fips202.h` (the SHA-3 hash function family).
  94. Regarding #2, adding the files to your project's build system, each implementation in PQClean is accompanied by example two makefiles that show how one could build the files for that implementation:
  95. - The file `Makefile` which can be used with GNU Make, BSD Make, and possibly others.
  96. - The file `Makefile.Microsoft_nmake` which can be used with Visual Studio's nmake.
  97. ## License
  98. Each subdirectory containing implementations contains a LICENSE file stating under what license
  99. that specific implementation is released. All other code for testing etc. in this repository
  100. is released under the conditions of [CC0](http://creativecommons.org/publicdomain/zero/1.0/).
  101. ## Running tests locally
  102. While we run extensive automatic testing on [Circle CI][circleci-pqc] (Linux builds), [Travis CI][travis-pqc] (OS X builds) and [Appveyor][appveyor-pqc] (Windows builds), most tests can also be run locally.
  103. To do this, make sure the following is installed:
  104. * Python 3.5+
  105. * `nosetests` or `nose2` (either for Python 3)
  106. Run the Python-based tests by going into the `test` directory and running `nosetests -v` or `nose2 -B -v`, depending on what you installed.
  107. If you have the `rednose` plugin for `nosetests` installed, run `nosetests --rednose` to get colored output.
  108. You may also run `python <testmodule>` where `<testmodule>` is any of the files starting with `test_` in the `test/` folder.
  109. [circleci-pqc]: https://circleci.com/gh/PQClean/PQClean/
  110. [travis-pqc]: https://travis-ci.com/PQClean/PQClean/
  111. [appveyor-pqc]: https://ci.appveyor.com/project/PQClean/pqclean