Merge pull request #361 from pq-code-package/integrate_acvp

Integrate ACVP python script
pq-code-package · Nov 12, 2024 · 5987d2c · 5987d2c
2 parents e55ab4d + b38de3b
commit 5987d2c
Show file tree

Hide file tree

Showing 11 changed files with 382 additions and 151 deletions.
diff --git a/.github/actions/functest/action.yml b/.github/actions/functest/action.yml
@@ -37,6 +37,9 @@ inputs:
   nistkat:
     description: Determine whether to run nistkat test or not
     default: "true"
+  acvp:
+    description: Determine whether to run acvp test or not
+    default: "true"
 runs:
   using: composite
   steps:
@@ -55,6 +58,7 @@ runs:
           echo FUNC="${{ inputs.func == 'true' && 'func' || 'no-func' }}" >> $GITHUB_ENV
           echo KAT="${{ inputs.kat == 'true' && 'kat' || 'no-kat' }}" >> $GITHUB_ENV
           echo NISTKAT="${{ inputs.nistkat == 'true' && 'nistkat' || 'no-nistkat' }}" >> $GITHUB_ENV
+          echo ACVP="${{ inputs.acvp == 'true' && 'acvp' || 'no-acvp' }}" >> $GITHUB_ENV
       - name: Setup nix
         uses: ./.github/actions/setup-shell
         with:
@@ -86,7 +90,7 @@ runs:
       - name: ${{ inputs.mode }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.NISTKAT }})
         shell: ${{ env.SHELL }}
         run: |
-          tests all  --cross-prefix="${{ env._CROSS_PREFIX }}" --cflags="${{ inputs.cflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.NISTKAT }} -v
+          tests all  --cross-prefix="${{ env._CROSS_PREFIX }}" --cflags="${{ inputs.cflags }}" --opt=${{ inputs.opt }} --${{ env.FUNC }} --${{ env.KAT }} --${{ env.NISTKAT }} --${{ env.ACVP }} -v
       - name: Check namespacing ${{ inputs.mode }} ${{ inputs.opt }} tests (${{ env.FUNC }}, ${{ env.KAT }}, ${{ env.NISTKAT }})
         shell: ${{ env.SHELL }}
         run: |

diff --git a/.github/actions/multi-functest/action.yml b/.github/actions/multi-functest/action.yml
@@ -37,6 +37,9 @@ inputs:
   nistkat:
     description: Determine whether to run nistkat test or not
     default: "true"
+  acvp:
+    description: Determine whether to run acvp test or not
+    default: "true"
 runs:
   using: composite
   steps:
@@ -55,6 +58,7 @@ runs:
           func: ${{ inputs.func }}
           kat: ${{ inputs.kat }}
           nistkat: ${{ inputs.nistkat }}
+          acvp: ${{ inputs.acvp }}
       - name: Cross Tests
         if: ${{ (inputs.compile_mode == 'all' || inputs.compile_mode == 'cross') && (success() || failure()) }}
         uses: ./.github/actions/functest
@@ -70,3 +74,4 @@ runs:
           func: ${{ inputs.func }}
           kat: ${{ inputs.kat }}
           nistkat: ${{ inputs.nistkat }}
+          acvp: ${{ inputs.acvp }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -83,9 +83,6 @@ jobs:
         with:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: native
-          func: true
-          nistkat: true
-          kat: true
       - name: native tests (+debug+memsan+ubsan)
         uses: ./.github/actions/multi-functest
         with:
@@ -101,9 +98,6 @@ jobs:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: cross
           opt: opt
-          func: true
-          nistkat: true
-          kat: true
   compiler_tests:
     name: Compiler tests (${{ matrix.target.name }})
     strategy:
@@ -133,6 +127,7 @@ jobs:
           func: true
           nistkat: false
           kat: false
+          acvp: false
           nix-shell: "ci_gcc48"
       - name: native build+functest (gcc-4.9)
         uses: ./.github/actions/multi-functest
@@ -142,6 +137,7 @@ jobs:
           func: true
           nistkat: false
           kat: false
+          acvp: false
           nix-shell: "ci_gcc49"
       - name: native build+functest (gcc-7)
         uses: ./.github/actions/multi-functest
@@ -151,6 +147,7 @@ jobs:
           func: true
           nistkat: false
           kat: false
+          acvp: false
           nix-shell: "ci_gcc7"
       - name: native build+functest (gcc-11)
         uses: ./.github/actions/multi-functest
@@ -160,6 +157,7 @@ jobs:
           func: true
           nistkat: false
           kat: false
+          acvp: false
           nix-shell: "ci_gcc11"
       - name: native build+functest (clang-18)
         uses: ./.github/actions/multi-functest
@@ -169,6 +167,7 @@ jobs:
           func: true
           nistkat: false
           kat: false
+          acvp: false
           nix-shell: "ci_clang18"
   lint:
     strategy:
@@ -230,6 +229,7 @@ jobs:
       functest: true
       kattest: true
       nistkattest: true
+      acvptest: true
       lint: false
       verbose: true
     secrets: inherit
@@ -252,6 +252,7 @@ jobs:
       functest: true
       kattest: false
       nistkattest: false
+      acvptest: false
       cbmc: true
       cbmc_mlkem_k: 2
     secrets: inherit
@@ -274,6 +275,7 @@ jobs:
       functest: true
       kattest: false
       nistkattest: false
+      acvptest: false
       cbmc: true
       cbmc_mlkem_k: 3
     secrets: inherit
@@ -296,6 +298,7 @@ jobs:
       functest: true
       kattest: false
       nistkattest: false
+      acvptest: false
       cbmc: true
       cbmc_mlkem_k: 4
     secrets: inherit
diff --git a/.github/workflows/ci_ec2_any.yml b/.github/workflows/ci_ec2_any.yml
@@ -66,6 +66,7 @@ jobs:
       functest: ${{ inputs.compile_mode != 'none' }}
       kattest: ${{ inputs.compile_mode != 'none' }}
       nistkattest: ${{ inputs.compile_mode != 'none' }}
+      acvptest: ${{ inputs.compile_mode != 'none' }}
       lint: true
       cbmc: ${{ inputs.cbmc }}
       verbose: ${{ inputs.verbose }}

diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml
@@ -47,6 +47,9 @@ on:
       nistkattest:
         type: boolean
         default: true
+      acvptest:
+        type: boolean
+        default: true
       lint:
         type: boolean
         default: true
@@ -136,6 +139,7 @@ jobs:
           func: ${{ inputs.functest }}
           kat: ${{ inputs.kattest }}
           nistkat: ${{ inputs.nistkattest }}
+          acvp: ${{ inputs.acvptest }}
       - name: CBMC
         if: ${{ inputs.cbmc && (success() || failure()) }}
         uses: ./.github/actions/cbmc

diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ quickcheck: buildall
 	$(MLKEM512_DIR)/bin/test_mlkem512
 	$(MLKEM768_DIR)/bin/test_mlkem768
 	$(MLKEM1024_DIR)/bin/test_mlkem1024
-	python3 ./test/acvp_client.py
+	./scripts/acvp
 	$(Q)echo "  Functionality and ACVP tests passed!"
 
 mlkem: \

diff --git a/scripts/acvp b/scripts/acvp
@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import sys
+import re
+
+sys.path.append(f"{os.path.join(os.path.dirname(__file__), 'lib')}")
+from mlkem_test import *
+from util import (
+    path,
+    config_logger,
+)
+
+opts = Options()
+opts.compile = False
+
+config_logger(opts.verbose)
+
+build_config = path("test/build/config.mk")
+acvp_test_data = path("test/acvp_data/")
+
+if not os.path.isfile(build_config):
+    logging.error(f"{build_config} not found")
+    exit(1)
+
+
+def get_opt() -> bool:
+    with open(build_config, "r") as file:
+        for line in file:
+            # Use regex to match lines in the format "OPT := value"
+            match = re.match(r"^OPT\s*:=\s*(.*)$", line)
+            if match:
+                value = match.group(1).strip()
+                return value == "1"
+        logging.error(f"OPT is not defined in {build_config}")
+        exit(1)
+
+
+opts.opt = "opt" if get_opt() else "no_opt"
+
+Tests(opts).acvp("test/acvp_data/")