The Travis CI found two interesting problems that I have fixed by now:

1. Was a -Waggressive-loop-optimization warning with gcc 10 or older. gcc11 and later seems to work. I think it is a compiler bug. I refactored the affected code a bit to work around that and funnily that gave quite a speed-up for verification.

2. There was an endianness assumption in my OQS glue code that's calling AES-CTR. I have fixed that now.

Unless I broke something in the meantime, CI should be all green now.

None of the zephyr tests would work for me even for the parameter sets with the smallest memory footprint. I suspect that memory is rather limited in these tests?

None of the zephyr tests would work for me even for the parameter sets with the smallest memory footprint. I suspect that memory is rather limited in these tests?

Tagging @Frauschi about the Zephyr question.

Thank you @mkannwischer for contributing UOV!

One minor thing, we have a config option that builds only the onramp candidates. The UOV variants should be added to this list as well:

liboqs/.CMake/alg_support.cmake

Lines 217 to 219 in d4eb7a6

	elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_SIG_ONRAMP")
	filter_algs("SIG_mayo_1;SIG_mayo_2;SIG_mayo_3;SIG_mayo_5;SIG_cross_rsdp_128_balanced;SIG_cross_rsdp_128_fast;SIG_cross_rsdp_128_small;SIG_cross_rsdp_192_balanced;SIG_cross_rsdp_192_fast;SIG_cross_rsdp_192_small;SIG_cross_rsdp_256_balanced;SIG_cross_rsdp_256_fast;SIG_cross_rsdp_256_small;SIG_cross_rsdpg_128_balanced;SIG_cross_rsdpg_128_fast;SIG_cross_rsdpg_128_small;SIG_cross_rsdpg_192_balanced;SIG_cross_rsdpg_192_fast;SIG_cross_rsdpg_192_small;SIG_cross_rsdpg_256_balanced;SIG_cross_rsdpg_256_fast;SIG_cross_rsdpg_256_small")
	else()

I added UOV there.

The zephyr config is limited to 512K stack size

liboqs/zephyr/samples/Signatures/prj.conf

Line 14 in d4eb7a6

CONFIG_MAIN_STACK_SIZE=524288

and 256K malloc size

liboqs/zephyr/samples/Signatures/prj.conf

Line 18 in d4eb7a6

CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=262144

I am not certain if these values can be safely increased.

I think there is no hope that this is going to work with the current implementations.
The smallest parameter set has 278432-byte public keys and 237896-byte. That already 512 KB. You can compress both, but the current implementations still stores the full expanded keys in memory.
We are working on more stack friendly implementations - but those are not yet ready.

Regarding the Zephyr problems: The CI tests emulate different Zephyr boards via QEMU. Technically, we can increase the stack and heap sizes for these tests to make them run successfully (as in QEMU, available memory is much larger).

However, the current values are already quite large considering the actual hardware Zephyr is intended for (smaller microcontrollers). Hence, I am not sure if this would be a real benefit, as UOV (in its current implementation with the memory usage) would never run on a real microcontroller target anyway (as they typically have available RAM in the kilobyte or small megabyte region). So, maybe we disable UOV for Zephyr completely at the moment? This can be revisited once an implementation with less memory usage is available.

Regarding the Zephyr problems: The CI tests emulate different Zephyr boards via QEMU. Technically, we can increase the stack and heap sizes for these tests to make them run successfully (as in QEMU, available memory is much larger).

However, the current values are already quite large considering the actual hardware Zephyr is intended for (smaller microcontrollers). Hence, I am not sure if this would be a real benefit, as UOV (in its current implementation with the memory usage) would never run on a real microcontroller target anyway (as they typically have available RAM in the kilobyte or small megabyte region). So, maybe we disable UOV for Zephyr completely at the moment? This can be revisited once an implementation with less memory usage is available.

Thanks!
Makes sense to me. That is what is currently implemented, too.

We have two approving merges so I think we can go ahead and merge this. However there is a merge conflict in cbom.json; I don't know enough about the CBOM file to know how to resolve this. Can anyone help?

We have two approving merges so I think we can go ahead and merge this. However there is a merge conflict in cbom.json; I don't know enough about the CBOM file to know how to resolve this. Can anyone help?

I'll have a look at the CBOM merge conflict and try to resolve it.

We have two approving merges so I think we can go ahead and merge this. However there is a merge conflict in cbom.json; I don't know enough about the CBOM file to know how to resolve this. Can anyone help?

I'll have a look at the CBOM merge conflict and try to resolve it.

Resolved.