Make custom FIPS-202 headers configurable

While consumers of mlkem-native can bring their own FIPS-202 implementation (as demonstrated by libOQS and the example/bring_your_own_fips202) it is slightly rigid in that the FIPS-202 headers have to be reachable through a path "fips202/fips202.h" and "fips202/fips202x4.h". In the case of libOQS, this is the reason why a patch is needed. This commit makes the installation of a custom FIPS-202 implementation more convenient, by adding the configuration options - MLK_FIPS202_CUSTOM_HEADER - MLK_FIPS202X4_CUSTOM_HEADER If set, those must be the names of files replacing fips202/fips202.h and fips202/fips202x4.h If they are not set (default), mlkem-native's own FIPS-202 implementation will be used. This is demonstrated in the case of example/bring_your_own_fips202, where we can now freely rename the directory holding the tiny_sha3 implementation. Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
pq-code-package · Feb 6, 2025 · d2a1f2b · d2a1f2b
1 parent 94c8b47
commit d2a1f2b
Show file tree

Hide file tree

Showing 14 changed files with 49 additions and 10 deletions.
diff --git a/examples/bring_your_own_fips202/Makefile b/examples/bring_your_own_fips202/Makefile
@@ -28,9 +28,7 @@ INC=-Imlkem_native/
 #
 # At present, this must be located in a directory named "fips202".
 # This limitation will be lifted in the future.
-FIPS202_SOURCE=fips202/tiny_sha3/sha3.c
-
-INC+=-I./
+FIPS202_SOURCE=custom_fips202/tiny_sha3/sha3.c
 
 # Part C:
 #
@@ -71,6 +69,8 @@ CFLAGS := \
 	-MMD \
 	-O3 \
 	$(CFLAGS)
+CFLAGS += -DMLK_FIPS202_CUSTOM_HEADER="\"../custom_fips202/fips202.h\""
+CFLAGS += -DMLK_FIPS202X4_CUSTOM_HEADER="\"../custom_fips202/fips202x4.h\""
 
 BINARY_NAME_FULL=$(BUILD_DIR)/$(BIN)
 

diff --git a/.../bring_your_own_fips202/fips202/README.md → ...your_own_fips202/custom_fips202/README.md b/.../bring_your_own_fips202/fips202/README.md → ...your_own_fips202/custom_fips202/README.md
diff --git a/.../bring_your_own_fips202/fips202/fips202.h → ...your_own_fips202/custom_fips202/fips202.h b/.../bring_your_own_fips202/fips202/fips202.h → ...your_own_fips202/custom_fips202/fips202.h
diff --git a/...ring_your_own_fips202/fips202/fips202x4.h → ...ur_own_fips202/custom_fips202/fips202x4.h b/...ring_your_own_fips202/fips202/fips202x4.h → ...ur_own_fips202/custom_fips202/fips202x4.h
diff --git a/...our_own_fips202/fips202/tiny_sha3/LICENSE → ..._fips202/custom_fips202/tiny_sha3/LICENSE b/...our_own_fips202/fips202/tiny_sha3/LICENSE → ..._fips202/custom_fips202/tiny_sha3/LICENSE
diff --git a/...r_own_fips202/fips202/tiny_sha3/README.md → ...ips202/custom_fips202/tiny_sha3/README.md b/...r_own_fips202/fips202/tiny_sha3/README.md → ...ips202/custom_fips202/tiny_sha3/README.md
diff --git a/...your_own_fips202/fips202/tiny_sha3/sha3.c → ...n_fips202/custom_fips202/tiny_sha3/sha3.c b/...your_own_fips202/fips202/tiny_sha3/sha3.c → ...n_fips202/custom_fips202/tiny_sha3/sha3.c
diff --git a/...your_own_fips202/fips202/tiny_sha3/sha3.h → ...n_fips202/custom_fips202/tiny_sha3/sha3.h b/...your_own_fips202/fips202/tiny_sha3/sha3.h → ...n_fips202/custom_fips202/tiny_sha3/sha3.h
diff --git a/mlkem/common.h b/mlkem/common.h
@@ -78,4 +78,16 @@
  * The following is to avoid compilers complaining about this. */
 #define MLK_EMPTY_CU(s) extern int MLK_NAMESPACE_K(empty_cu_##s);
 
+#if !defined(MLK_FIPS202_CUSTOM_HEADER)
+#define MLK_FIPS202_HEADER_FILE "fips202/fips202.h"
+#else
+#define MLK_FIPS202_HEADER_FILE MLK_FIPS202_CUSTOM_HEADER
+#endif
+
+#if !defined(MLK_FIPS202X4_CUSTOM_HEADER)
+#define MLK_FIPS202X4_HEADER_FILE "fips202/fips202x4.h"
+#else
+#define MLK_FIPS202X4_HEADER_FILE MLK_FIPS202X4_CUSTOM_HEADER
+#endif
+
 #endif /* MLK_COMMON_H */
diff --git a/mlkem/config.h b/mlkem/config.h
@@ -203,6 +203,38 @@
 #define MLK_FIPS202_BACKEND_FILE "fips202/native/meta.h"
 #endif
 
+/******************************************************************************
+ * Name:        MLK_FIPS202_CUSTOM_HEADER
+ *
+ * Description: Custom header to use for FIPS-202
+ *
+ *              This should only be set if you intend to use a custom
+ *              FIPS-202 implementation, different from the one shipped
+ *              with mlkem-native.
+ *
+ *              If set, it must be the name of a file serving as the
+ *              replacement for mlkem/fips202/fips202.h, and exposing
+ *              the same API (see FIPS202.md).
+ *
+ *****************************************************************************/
+/* #define MLK_FIPS202_CUSTOM_HEADER "SOME_FILE.h" */
+
+/******************************************************************************
+ * Name:        MLK_FIPS202X4_CUSTOM_HEADER
+ *
+ * Description: Custom header to use for FIPS-202-X4
+ *
+ *              This should only be set if you intend to use a custom
+ *              FIPS-202 implementation, different from the one shipped
+ *              with mlkem-native.
+ *
+ *              If set, it must be the name of a file serving as the
+ *              replacement for mlkem/fips202/fips202x4.h, and exposing
+ *              the same API (see FIPS202.md).
+ *
+ *****************************************************************************/
+/* #define MLK_FIPS202X4_CUSTOM_HEADER "SOME_FILE.h" */
+
 /*************************  Config internals  ********************************/
 
 /* Default namespace

diff --git a/mlkem/indcpa.c b/mlkem/indcpa.c
@@ -9,8 +9,6 @@
 #include "arith_backend.h"
 #include "cbmc.h"
 #include "debug.h"
-#include "fips202/fips202.h"
-#include "fips202/fips202x4.h"
 #include "indcpa.h"
 #include "poly.h"
 #include "poly_k.h"

diff --git a/mlkem/poly.c b/mlkem/poly.c
@@ -10,7 +10,6 @@
 #include "arith_backend.h"
 #include "cbmc.h"
 #include "debug.h"
-#include "fips202/fips202x4.h"
 #include "poly.h"
 #include "sampling.h"
 #include "symmetric.h"

diff --git a/mlkem/sampling.c b/mlkem/sampling.c
@@ -7,8 +7,6 @@
 
 #include "arith_backend.h"
 #include "debug.h"
-#include "fips202/fips202.h"
-#include "fips202/fips202x4.h"
 #include "sampling.h"
 #include "symmetric.h"
 

diff --git a/mlkem/symmetric.h b/mlkem/symmetric.h
@@ -9,8 +9,8 @@
 #include <stdint.h>
 #include "cbmc.h"
 #include "common.h"
-#include "fips202/fips202.h"
-#include "fips202/fips202x4.h"
+#include MLK_FIPS202_HEADER_FILE
+#include MLK_FIPS202X4_HEADER_FILE
 
 /* Macros denoting FIPS-203 specific Hash functions */