pkg/pqm4: add ML-DSA-44 (FIPS 204) post-quantum signature package

[cakirmert]

Contribution description

Adds pkg/pqm4 as a new RIOT external package, exposing the
ML-DSA-44 (FIPS 204) post-quantum signature scheme via the upstream
pqm4 library (Kannwischer, Rijneveld,
Schwabe, Stoffelen et al.).

The upstream pqm4 sources are unmodified. The package consists of:

• Makefile: fetches pqm4 at a pinned commit, hooks
  git submodule update --init mupq into PKG_PREPARED so the
  mupq/pqclean submodule is in place before consumers build
• Makefile.pqm4: explicit SRC list for the m4f (speed-optimised)
  variant; the m4fstack (memory-optimised, ~7 KiB signing stack)
  variant is a one-line edit away
• Makefile.include: exports header search paths and CFLAGS
• Makefile.dep: gates the package on the cortexm_fpu feature
  (provided by Cortex-M4F / Cortex-M7 / Cortex-M33 with FPU), so
  pre-Thumb-2 ARM (e.g. msba2 / LPC23xx) and Cortex-M0/M3/M23 are
  skipped at feature-resolution rather than failing in the assembler
• glue/riot-hal.c: implements pqm4's mupq/common/hal.h contract
  (six functions) over RIOT primitives, replacing upstream
  hal-opencm3 / hal-mps2
• glue/riot-randombytes.c: implements PQCLEAN_randombytes()
  over RIOT's random_bytes()

The Cortex-M4F assembly in pqm4 runs unmodified on Cortex-M33
(ARMv8-M Mainline + DSP is a strict superset of ARMv7E-M + DSP).

A previous attempt at integrating pqm4 was made in PR #9897 (closed
unmerged in 2019, on the policy concern that ML-DSA was experimental
at the time). ML-DSA was standardised by NIST as FIPS 204 in
August 2024; this PR is the post-standardisation revisit.

Testing procedure

tests/pkg/pqm4 performs a keygen / sign / verify round-trip on a
fixed message. Build and run on a Cortex-M4F-or-later board:

BOARD=rpi-pico-2-arm make -C tests/pkg/pqm4 flash term

Expected serial output:

pqm4 ML-DSA-44 self-test
========================
  pk size: 1312 B
  sk size: 2560 B
  sig size: 2420 B
[1/3] crypto_sign_keypair ...
  OK
[2/3] crypto_sign ...
  OK (sm = 2442 B)
[3/3] crypto_sign_open ...
  OK (message recovered and verified)

ALL TESTS PASSED

Before this PR is applied, tests/pkg/pqm4 does not exist in the
tree and no pqm4 integration is available at all. With the PR
applied:

• on Cortex-M4F / Cortex-M7 / Cortex-M33-with-FPU boards,
  tests/pkg/pqm4 builds, flashes, and prints the output above;
  the package becomes available to any RIOT application via
  USEPKG += pqm4 (then #include "api.h" to access
  crypto_sign_keypair(), crypto_sign(), crypto_sign_open(),
  and the matching ML-DSA-44 size constants);
• on boards without cortexm_fpu (msba2, Cortex-M0/M3/M23 etc.),
  the build skips at feature-resolution time, reporting
  There are unsatisfied feature requirements: cortexm_fpu.

Hardware-tested on Raspberry Pi Pico 2 H (RP2350, Cortex-M33 @ 125 MHz).

Issues/PRs references

Supersedes the long-stale PR #9897 (2019 pqm4 integration attempt,
closed because ML-DSA was experimental, but that policy concern is
now obsolete with FIPS 204).

Companion PRs from the same investigation, independent merge order:

• cpu/rp2350_common/periph/uart: fix PL011 FIFO handling #22269: cpu/rp2350_common/periph/uart: PL011 FIFO/ISR fixes
• cpu/rp2350_common: add periph_timer driver for TIMER0 #22270: cpu/rp2350_common: periph_timer driver

Declaration of AI-Tools / LLMs usage:

AI-Tools / LLMs that were used are:

• Claude Code (Anthropic, claude-opus-4-7): agent mode with user
  review for code drafting, package layout, PR description authoring,
  debugging assistance, and hardware test orchestration. All commits
  are authored by me; every code change was reviewed before commit;
  the cortexm_fpu gate, the hal.h glue layout, and the test
  Makefile path were iteratively adjusted in response to maintainer
  feedback and CI errors.

[riot-ci]

Murdock results

✔️ PASSED

39a7570 tests/pkg/pqm4: address 01-run.py review feedback

Success	Failures	Total	Runtime
11113	0	11113	09m:36s

Artifacts

• Documentation preview

[AnnsAnns]

Hello, thank you for your contribution to RIOT, we always appreciate that.

I want to be quite blunt because the PR description did not follow the standard template for RIOT which felt a bit weird and a small review of the code supported it, is this AI generated?

Please switch to the default PR template description and properly declare your AI usage.

[cakirmert]

@AnnsAnns You're right, sorry about that. I've rewritten the description to follow PULL_REQUEST_TEMPLATE.md (Contribution description / Testing procedure / Issues/PRs references / AI declaration sections), and added an explicit declaration: this work was done with Claude Code (Anthropic, claude-opus-4-7) in agent mode, with my review on every commit.

The pqm4 wrapper, the UART fixes (#22269) and the periph_timer driver (#22270) all came out of getting a post-quantum mutual-attestation firmware to run on real Pi Pico 2 H boards. I made the substantive decisions (which pqm4 variant, which features to gate on, what to fix in the PL011 driver); Claude helped me draft, debug, and write up. Every register-level claim was checked against the RP2350 datasheet and PL011 TRM, and the firmware was hardware-tested on Pico 2 H boards before each PR was opened.

I should have used the template and declared the tool from the start; sorry for the friction. Happy to take any further changes you'd like to see.

[crasbe]

I don't like reviewing AI code...

[cakirmert]

@crasbe thanks for the careful review. All 19 threads have been addressed

[AnnsAnns]

Please do not squash / force push unless asked to https://github.com/RIOT-OS/RIOT/blob/master/CONTRIBUTING.md#squash-commits-after-review

This makes it extremely hard for reviewers to understand changes and breaks any references to existing files on outstanding reviews!

[crasbe]

Did you actually run this test?

[AnnsAnns]

Hello, once again thank you for being wilful to contribute to RIOT, we do appreciate it.

Due to various reasons, such as the currently unresolved legal issues around AI code combined with the very high degree of AI assistance, among other things, we have decided that we can not accept this PR as of now.

This is not meant to stop you from contributing to RIOT. For example, if you want to PR code written by yourself, we are open to review and help you.