Poly: Hardcode barrett multiplier #5160
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| types: [ "opened", "synchronize" ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: [ubuntu-latest, pqcp-arm64] | |
| name: Linting | |
| runs-on: ${{ matrix.system }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: ./.github/actions/lint | |
| with: | |
| nix-shell: ci-linter | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| cross-prefix: "aarch64-unknown-linux-gnu-" | |
| lint-markdown-link: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: gaurav-nelson/github-action-markdown-link-check@1b916f2cf6c36510a6059943104e3c42ce6c16bc # v1.0.16 | |
| quickcheck: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| external: | |
| - ${{ github.repository_owner != 'pq-code-package' }} | |
| target: | |
| - runner: pqcp-arm64 | |
| name: 'aarch64' | |
| - runner: ubuntu-latest | |
| name: 'x86_64' | |
| - runner: macos-latest | |
| name: 'macos (aarch64)' | |
| - runner: macos-13 | |
| name: 'macos (x86_64)' | |
| exclude: | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'aarch64' | |
| }} | |
| name: Quickcheck (${{ matrix.target.name }}) | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: make quickcheck | |
| run: | | |
| OPT=0 make quickcheck | |
| make clean >/dev/null | |
| OPT=1 make quickcheck | |
| - uses: ./.github/actions/setup-os | |
| - name: tests func | |
| run: | | |
| ./scripts/tests func | |
| - name: tests bench | |
| run: | | |
| ./scripts/tests bench -c NO | |
| - name: tests bench components | |
| run: | | |
| ./scripts/tests bench --components -c NO | |
| - name: check namespacing | |
| run: | | |
| ./scripts/check-namespace | |
| quickcheck-c90: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| external: | |
| - ${{ github.repository_owner != 'pq-code-package' }} | |
| target: | |
| - runner: pqcp-arm64 | |
| name: 'aarch64' | |
| - runner: ubuntu-latest | |
| name: 'x86_64' | |
| exclude: | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'aarch64' | |
| }} | |
| name: Quickcheck C90 (${{ matrix.target.name }}) | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: make quickcheck | |
| run: | | |
| OPT=0 CFLAGS=-std=c90 make quickcheck | |
| make clean >/dev/null | |
| OPT=1 CFLAGS=-std=c90 make quickcheck | |
| - uses: ./.github/actions/setup-apt | |
| - name: tests func | |
| run: | | |
| ./scripts/tests func --cflags="-std=c90" | |
| - name: tests bench | |
| run: | | |
| ./scripts/tests bench -c NO --cflags="-std=c90" | |
| - name: tests bench components | |
| run: | | |
| ./scripts/tests bench --components -c NO --cflags="-std=c90" | |
| - name: check namespacing | |
| run: | | |
| ./scripts/check-namespace | |
| quickcheck-windows: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: [windows-latest, windows-2022, windows-2019] | |
| name: Quickcheck ${{ matrix.system }} | |
| runs-on: ${{ matrix.system }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 | |
| - name: Build test | |
| shell: powershell | |
| run: | | |
| # print compiler version | |
| cl | |
| nmake /f ./Makefile.Microsoft_nmake quickcheck | |
| quickcheck-windows-mingw-w64: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mingw-version: [5.4.0, 11.2.0, 12.2.0, 13.2.0] | |
| name: Quickcheck (Mingw-w64 ${{ matrix.mingw-version }}) | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install MinGW-w64 | |
| run: choco install mingw --version=${{ matrix.mingw-version }} -y | |
| shell: cmd | |
| - name: make quickcheck | |
| shell: bash | |
| run: | | |
| CC=gcc OPT=0 make quickcheck | |
| CC=gcc make clean >/dev/null | |
| CC=gcc OPT=1 make quickcheck | |
| quickcheck-lib: | |
| name: Quickcheck lib | |
| strategy: | |
| matrix: | |
| system: [macos-latest, macos-13, ubuntu-latest, pqcp-arm64] | |
| runs-on: ${{ matrix.system }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: make lib | |
| run: | | |
| make lib | |
| examples: | |
| name: Examples | |
| strategy: | |
| matrix: | |
| system: [macos-latest, macos-13, ubuntu-latest, pqcp-arm64] | |
| runs-on: ${{ matrix.system }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: mlkem_native_as_code_package | |
| run: | | |
| CFLAGS="-O0" make run -C examples/mlkem_native_as_code_package | |
| - name: bring_your_own_fips202 | |
| run: | | |
| CFLAGS="-O0" make run -C examples/bring_your_own_fips202 | |
| - name: custom_backend | |
| run: | | |
| CFLAGS="-O0" make run -C examples/custom_backend | |
| - name: monolithic_build | |
| run: | | |
| CFLAGS="-O0" make run -C examples/monolithic_build | |
| - name: monolithic_build_multilevel | |
| run: | | |
| CFLAGS="-O0" make run -C examples/monolithic_build_multilevel | |
| - name: multilevel_build | |
| run: | | |
| CFLAGS="-O0" make run -C examples/multilevel_build | |
| - name: multilevel_build_native | |
| run: | | |
| CFLAGS="-O0" make run -C examples/multilevel_build_native | |
| check_autogenerated_files: | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: [ubuntu-latest, pqcp-arm64] | |
| runs-on: ${{ matrix.system }} | |
| name: Check autogenerated files | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: ./.github/actions/setup-shell | |
| with: | |
| nix-shell: 'ci-cross' # Need cross-compiler for ASM simplification | |
| nix-cache: 'true' | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| python3 ./scripts/autogen --dry-run --force-cross | |
| simpasm: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| backend: | |
| - arg: '--aarch64-clean' | |
| name: Clean | |
| - arg: '' | |
| name: Optimized | |
| simplify: | |
| - arg: '' | |
| name: Simplified | |
| - arg: '--no-simplify' | |
| name: Unmodified | |
| runs-on: pqcp-arm64 | |
| name: AArch64 dev backend (${{ matrix.backend.name }}, ${{ matrix.simplify.name }}) | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Reinstate and test backend | |
| uses: ./.github/actions/setup-shell | |
| with: | |
| nix-shell: 'ci' | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| ./scripts/autogen ${{ matrix.backend.arg }} ${{ matrix.simplify.arg }} | |
| make clean | |
| OPT=1 make quickcheck | |
| build_kat: | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| external: | |
| - ${{ github.repository_owner != 'pq-code-package' }} | |
| target: | |
| - runner: macos-latest | |
| name: 'MacOS (aarch64)' | |
| arch: mac | |
| mode: native | |
| - runner: macos-13 | |
| name: 'MacOS (x86_64)' | |
| arch: mac | |
| mode: native | |
| - runner: pqcp-arm64 | |
| name: 'ubuntu-latest (aarch64)' | |
| arch: aarch64 | |
| mode: native | |
| - runner: pqcp-arm64 | |
| name: 'ubuntu-latest (aarch64)' | |
| arch: x86_64 | |
| mode: cross-x86_64 | |
| - runner: pqcp-arm64 | |
| name: 'ubuntu-latest (aarch64)' | |
| arch: riscv64 | |
| mode: cross-riscv64 | |
| - runner: pqcp-x64 | |
| name: 'ubuntu-latest (x86_64)' | |
| arch: x86_64 | |
| mode: native | |
| - runner: pqcp-x64 | |
| name: 'ubuntu-latest (x86_64)' | |
| arch: aarch64 | |
| mode: cross-aarch64 | |
| - runner: pqcp-x64 | |
| name: 'ubuntu-latest (x86_64)' | |
| arch: aarch64_be | |
| mode: cross-aarch64_be | |
| exclude: | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'ubuntu-latest (aarch64)', | |
| arch: aarch64, | |
| mode: native | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'ubuntu-latest (aarch64)', | |
| arch: x86_64, | |
| mode: cross-x86_64 | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'ubuntu-latest (aarch64)', | |
| arch: riscv64, | |
| mode: cross-riscv64 | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-x64, | |
| name: 'ubuntu-latest (x86_64)', | |
| arch: x86_64, | |
| mode: native | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-x64, | |
| name: 'ubuntu-latest (x86_64)', | |
| arch: aarch64, | |
| mode: cross-aarch64 | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-x64, | |
| name: 'ubuntu-latest (x86_64)', | |
| arch: aarch64_be, | |
| mode: cross-aarch64_be | |
| }} | |
| name: Functional tests (${{ matrix.target.arch }}${{ matrix.target.mode != 'native' && ', cross' || ''}}) | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: build + test | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| nix-shell: ${{ matrix.target.mode == 'native' && 'ci' || 'ci-cross' }} | |
| nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }} | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: ${{ matrix.target.mode }} | |
| # There is no native code on R-V or AArch64_be yet, so no point running opt tests | |
| opt: ${{ (matrix.target.arch != 'riscv64' && matrix.target.arch != 'aarch64_be') && 'all' || 'no_opt' }} | |
| - name: build + test (+debug+memsan+ubsan) | |
| uses: ./.github/actions/multi-functest | |
| if: ${{ matrix.target.mode == 'native' }} | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" | |
| compiler_tests: | |
| name: Compiler tests (${{ matrix.compiler.name }}, ${{ matrix.target.name }}) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - runner: pqcp-arm64 | |
| name: 'aarch64' | |
| - runner: ubuntu-latest | |
| name: 'x86_64' | |
| - runner: macos-latest | |
| name: 'macos' | |
| compiler: | |
| - name: gcc-4.8 | |
| shell: ci_gcc48 | |
| darwin: False | |
| c17: False | |
| - name: gcc-4.9 | |
| shell: ci_gcc49 | |
| darwin: False | |
| c17: False | |
| - name: gcc-7 | |
| shell: ci_gcc7 | |
| darwin: False | |
| c17: False | |
| - name: gcc-11 | |
| shell: ci_gcc11 | |
| darwin: True | |
| - name: gcc-13 | |
| shell: ci_gcc13 | |
| darwin: True | |
| - name: gcc-14 | |
| shell: ci_gcc14 | |
| darwin: True | |
| - name: clang-18 | |
| shell: ci_clang18 | |
| darwin: True | |
| - name: clang-19 | |
| shell: ci_clang19 | |
| darwin: True | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: native build+functest (default) | |
| if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }} | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| func: true | |
| nistkat: false | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| - name: native build+functest (C90) | |
| if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }} | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| func: true | |
| nistkat: false | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| cflags: "-std=c90" | |
| - name: native build+functest (C99) | |
| if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }} | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| func: true | |
| nistkat: false | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| cflags: "-std=c99" | |
| - name: native build+functest (C11) | |
| if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }} | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| func: true | |
| nistkat: false | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| cflags: "-std=c11" | |
| - name: native build+functest (C17) | |
| if: ${{ (matrix.compiler.darwin || matrix.target.runner != 'macos-latest') && | |
| matrix.compiler.c17 }} | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| func: true | |
| nistkat: false | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| cflags: "-std=c17" | |
| config_variations: | |
| name: Non-standard configurations | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| external: | |
| - ${{ github.repository_owner != 'pq-code-package' }} | |
| target: | |
| - runner: pqcp-arm64 | |
| name: 'ubuntu-latest (aarch64)' | |
| - runner: pqcp-x64 | |
| name: 'ubuntu-latest (x86_64)' | |
| exclude: | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'ubuntu-latest (aarch64)', | |
| }} | |
| - {external: true, | |
| target: { | |
| runner: pqcp-x64, | |
| name: 'ubuntu-latest (x86_64)', | |
| }} | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: "PCT enabled" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-DMLK_KEYGEN_PCT -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" | |
| func: true | |
| nistkat: false | |
| kat: true | |
| acvp: true | |
| - name: "PCT enabled + broken" | |
| run: | | |
| make clean | |
| CFLAGS='-DMLK_CONFIG_FILE=\"../test/break_pct_config.h\"' make func -j4 | |
| # PCT breakage is done at runtime via MLK_BREAK_PCT | |
| make run_func # Should be OK | |
| MLK_BREAK_PCT=0 make run_func # Should be OK | |
| if (MLK_BREAK_PCT=1 make run_func 2>&1 >/dev/null); then | |
| echo "PCT failure expected" | |
| exit 1 | |
| else | |
| echo "PCT failed as expected" | |
| fi | |
| - name: "Custom zeroization (explicit_bzero)" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-std=c11 -D_GNU_SOURCE -DMLK_CONFIG_FILE=\\\\\\\"../test/custom_zeroize_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" | |
| func: true | |
| nistkat: true | |
| kat: true | |
| acvp: true | |
| examples: false # Some examples use a custom config themselves | |
| - name: "No ASM" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-std=c11 -D_GNU_SOURCE -DMLK_CONFIG_FILE=\\\\\\\"../test/no_asm_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" | |
| func: true | |
| nistkat: true | |
| kat: true | |
| acvp: true | |
| examples: false # Some examples use a custom config themselves | |
| - name: "MLKEM_GEN_MATRIX_NBLOCKS=1" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=1" | |
| func: true | |
| nistkat: true | |
| kat: false | |
| acvp: false | |
| - name: "MLKEM_GEN_MATRIX_NBLOCKS=2" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=2" | |
| func: true | |
| nistkat: true | |
| kat: false | |
| acvp: false | |
| - name: "MLKEM_GEN_MATRIX_NBLOCKS=4" | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=4" | |
| func: true | |
| nistkat: true | |
| kat: false | |
| acvp: false | |
| check-cf-protections: | |
| name: Test control-flow protections (${{ matrix.compiler.name }}, x86_64) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| compiler: | |
| - name: gcc-14 | |
| shell: ci_gcc14 | |
| - name: clang-19 | |
| shell: ci_clang19 | |
| # On AArch64 -fcf-protection is not supported anyway | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Test control-flow protections | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| gh_token: ${{ secrets.GITHUB_TOKEN }} | |
| compile_mode: native | |
| cflags: "-Wl,-z,cet-report=error -fcf-protection=full" | |
| func: true | |
| nistkat: true | |
| kat: false | |
| acvp: false | |
| nix-shell: ${{ matrix.compiler.shell }} | |
| # ensure that kem.h and mlkem_native.h; api.h and native backends are compatible | |
| check-apis: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| external: | |
| - ${{ github.repository_owner != 'pq-code-package' }} | |
| target: | |
| - runner: pqcp-arm64 | |
| name: 'aarch64' | |
| - runner: ubuntu-latest | |
| name: 'x86_64' | |
| exclude: | |
| - {external: true, | |
| target: { | |
| runner: pqcp-arm64, | |
| name: 'aarch64' | |
| }} | |
| name: Check API consistency | |
| runs-on: ${{ matrix.target.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: make quickcheck | |
| run: | | |
| OPT=0 CFLAGS="-DMLK_CHECK_APIS -Wno-redundant-decls" make quickcheck | |
| make clean >/dev/null | |
| OPT=1 CFLAGS="-DMLK_CHECK_APIS -Wno-redundant-decls" make quickcheck | |
| - uses: ./.github/actions/setup-apt | |
| - name: tests func | |
| run: | | |
| ./scripts/tests func --cflags="-DMLK_CHECK_APIS -Wno-redundant-decls" | |
| ec2_functests: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - name: AMD EPYC 4th gen (t3a) | |
| ec2_instance_type: t3a.small | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g | |
| compile_mode: native | |
| opt: all | |
| - name: Intel Xeon 4th gen (t3) | |
| ec2_instance_type: t3.small | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g | |
| compile_mode: native | |
| opt: all | |
| - name: Graviton2 (c6g.medium) | |
| ec2_instance_type: c6g.medium | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
| compile_mode: native | |
| opt: all | |
| - name: Graviton3 (c7g.medium) | |
| ec2_instance_type: c7g.medium | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
| compile_mode: native | |
| opt: all | |
| name: Platform tests (${{ matrix.target.name }}) | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
| uses: ./.github/workflows/ci_ec2_reusable.yml | |
| with: | |
| name: ${{ matrix.target.name }} | |
| ec2_instance_type: ${{ matrix.target.ec2_instance_type }} | |
| ec2_ami: ${{ matrix.target.ec2_ami }} | |
| ec2_ami_id: ${{ matrix.target.ec2_ami_id }} | |
| compile_mode: ${{ matrix.target.compile_mode }} | |
| opt: ${{ matrix.target.opt }} | |
| functest: true | |
| kattest: true | |
| nistkattest: true | |
| acvptest: true | |
| lint: false | |
| verbose: true | |
| secrets: inherit | |
| compatibility_tests: | |
| strategy: | |
| max-parallel: 4 | |
| fail-fast: false | |
| matrix: | |
| container: | |
| - id: debian:bullseye | |
| - id: debian:bookworm | |
| name: Compatibility tests (${{ matrix.container.id }}) | |
| runs-on: ubuntu-latest | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| container: | |
| ${{ matrix.container.id }} | |
| steps: | |
| # We're not using the checkout action here because on it's not supported | |
| # on all containers we want to test. Resort to a manual checkout. | |
| # We can't hoist this into an action since calling an action can only | |
| # be done after checkout. | |
| - name: Manual checkout | |
| shell: bash | |
| run: | | |
| if (which yum > /dev/null); then | |
| yum install git -y | |
| elif (which apt > /dev/null); then | |
| apt update | |
| apt install git -y | |
| fi | |
| git config --global --add safe.directory $GITHUB_WORKSPACE | |
| git init | |
| git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY | |
| git fetch origin --depth 1 $GITHUB_SHA | |
| git checkout FETCH_HEAD | |
| - uses: ./.github/actions/setup-os | |
| with: | |
| sudo: "" | |
| - name: make quickcheck | |
| run: | | |
| OPT=0 make quickcheck | |
| make clean >/dev/null | |
| OPT=1 make quickcheck | |
| - name: Functional Tests | |
| uses: ./.github/actions/multi-functest | |
| with: | |
| nix-shell: "" | |
| gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} | |
| ec2_compatibilitytests: | |
| strategy: | |
| max-parallel: 8 | |
| fail-fast: false | |
| matrix: | |
| container: | |
| - id: amazonlinux-2-aarch:base | |
| - id: amazonlinux-2-aarch:gcc-7x | |
| - id: amazonlinux-2-aarch:clang-7x | |
| - id: amazonlinux-2023-aarch:base | |
| - id: amazonlinux-2023-aarch:gcc-11x | |
| - id: amazonlinux-2023-aarch:clang-15x | |
| - id: amazonlinux-2023-aarch:clang-15x-sanitizer | |
| # - id: amazonlinux-2023-aarch:cryptofuzz Not yet supported | |
| - id: ubuntu-22.04-aarch:gcc-12x | |
| - id: ubuntu-22.04-aarch:gcc-11x | |
| - id: ubuntu-20.04-aarch:gcc-8x | |
| - id: ubuntu-20.04-aarch:gcc-7x | |
| - id: ubuntu-20.04-aarch:clang-9x | |
| - id: ubuntu-20.04-aarch:clang-8x | |
| - id: ubuntu-20.04-aarch:clang-7x-bm-framework | |
| - id: ubuntu-20.04-aarch:clang-7x | |
| - id: ubuntu-20.04-aarch:clang-10x | |
| - id: ubuntu-22.04-aarch:base | |
| - id: ubuntu-20.04-aarch:base | |
| name: Compatibility tests (${{ matrix.container.id }}) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| uses: ./.github/workflows/ci_ec2_container.yml | |
| if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
| with: | |
| container: ${{ matrix.container.id }} | |
| name: ${{ matrix.container.id }} | |
| ec2_instance_type: t4g.small | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-0c9bc1901ef0d1066 # Has docker images preinstalled | |
| compile_mode: native | |
| opt: all | |
| functest: true | |
| kattest: true | |
| nistkattest: true | |
| acvptest: true | |
| lint: false | |
| verbose: true | |
| cflags: "-O0" | |
| secrets: inherit | |
| cbmc_k2: | |
| name: CBMC (ML-KEM-512) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| uses: ./.github/workflows/ci_ec2_reusable.yml | |
| if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
| with: | |
| name: CBMC (MLKEM-512) | |
| ec2_instance_type: c7g.2xlarge | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
| compile_mode: native | |
| opt: no_opt | |
| lint: false | |
| verbose: true | |
| functest: true | |
| kattest: false | |
| nistkattest: false | |
| acvptest: false | |
| cbmc: true | |
| cbmc_mlkem_k: 2 | |
| secrets: inherit | |
| cbmc_k3: | |
| name: CBMC (ML-KEM-768) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| uses: ./.github/workflows/ci_ec2_reusable.yml | |
| if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
| with: | |
| name: CBMC (MLKEM-768) | |
| ec2_instance_type: c7g.2xlarge | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
| compile_mode: native | |
| opt: no_opt | |
| lint: false | |
| verbose: true | |
| functest: true | |
| kattest: false | |
| nistkattest: false | |
| acvptest: false | |
| cbmc: true | |
| cbmc_mlkem_k: 3 | |
| secrets: inherit | |
| cbmc_k4: | |
| name: CBMC (ML-KEM-1024) | |
| needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint] | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| uses: ./.github/workflows/ci_ec2_reusable.yml | |
| if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
| with: | |
| name: CBMC (MLKEM-1024) | |
| ec2_instance_type: c7g.2xlarge | |
| ec2_ami: ubuntu-latest (custom AMI) | |
| ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
| compile_mode: native | |
| opt: no_opt | |
| lint: false | |
| verbose: true | |
| functest: true | |
| kattest: false | |
| nistkattest: false | |
| acvptest: false | |
| cbmc: true | |
| cbmc_mlkem_k: 4 | |
| secrets: inherit |