diff --git a/docs/algorithms/kem/sike.md b/docs/algorithms/kem/sike.md index a9edba8c6..89377ceb1 100644 --- a/docs/algorithms/kem/sike.md +++ b/docs/algorithms/kem/sike.md @@ -12,7 +12,7 @@ Implementation -------------- - **Source of implementation**: https://github.com/Microsoft/PQCrypto-SIDH -- **Implementation version**: v3.3 + fixes (https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242) +- **Implementation version**: v3.3 + fixes (https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6) - **License**: MIT License - **Constant-time**: Yes - **Optimizations**: Portable C, with assembly optimizations on AMD64 and selected parameter sets on ARM64 (selected at compile-time, enabled by default if available) diff --git a/src/kem/sike/external/P434/ARM64/fp_arm64_asm.S b/src/kem/sike/external/P434/ARM64/fp_arm64_asm.S index dbb239f94..04585301e 100644 --- a/src/kem/sike/external/P434/ARM64/fp_arm64_asm.S +++ b/src/kem/sike/external/P434/ARM64/fp_arm64_asm.S @@ -215,7 +215,7 @@ oqs_kem_sike_mp_sub434_p4_asm: SUB434_PX p434x4 ret - + //////////////////////////////////////////// MACRO .macro MUL192_COMBA_CUT A0, A1, A2, B0, B1, B2, C0, C1, C2, C3, C4, C5, T0, T1 mul \C4, \A1, \B0 @@ -259,65 +259,6 @@ oqs_kem_sike_mp_sub434_p4_asm: adds \C4, \C4, \T0 adc \C5, \C5, \T1 .endm - - -//////////////////////////////////////////// MACRO -.macro MUL192_COMBA_CUT_UNSAT A0, A1, A2, B0, B1, B2, C0, C1, C2, C3, C4, C5, T0, T1, T2 - mul \C4, \A1, \B0 - umulh \C5, \A1, \B0 - adds \C1, \C1, \C3 - adc \C2, \C2, xzr - - mul \T1, \A1, \B1 - umulh \C3, \A1, \B1 - adds \C1, \C1, \C4 - adcs \C2, \C2, \C5 - adc \C3, \C3, xzr - - mul \C4, \A0, \B2 - umulh \C5, \A0, \B2 - adds \C2, \C2, \T1 - adc \C3, \C3, xzr - - mul \T0, \A2, \B0 - umulh \T1, \A2, \B0 - adds \C4, \C4, \T0 - adc \C5, \C5, \T1 - - mul \T0, \A1, \B2 - umulh \T1, \A1, \B2 - adds \C5, \C5, \T0 - adc \T1, \T1, xzr - - mul \T0, \A2, \B1 - umulh \T2, \A2, \B1 - adds \C5, \C5, \T0 - and \T0, \T0, xzr - adc \T1, \T1, \T2 - - bfi \T0, \C4, #60, #4 - lsr \C4, \C4, #4 - bfi \C4, \C5, #60, #4 - lsr \C5, \C5, #4 - bfi \C5, \T1, #60, #4 - lsr \T1, \T1, #4 - - adds \C1, \C1, \T0 - adcs \C2, \C2, \C4 - adcs \C3, \C3, \C5 - adc \T1, \T1, xzr - - mul \C4, \A2, \B2 - umulh \C5, \A2, \B2 - bfi \T0, \C4, #56, #8 - lsr \C4, \C4, #8 - bfi \C4, \C5, #56, #8 - lsr \C5, \C5, #8 - - adds \C3, \C3, \T0 - adcs \C4, \C4, \T1 - adc \C5, \C5, xzr -.endm //////////////////////////////////////////// MACRO @@ -472,7 +413,7 @@ oqs_kem_sike_mul434_asm: adcs x15, x15, x20 adcs x16, x16, x21 stp x26, x27, [x2,#0] - adcs x17, x17, x22 + adc x17, x17, x22 // x8-x9, x30, x19-x23 <- (AH+AL) x (BH+BL), low part MUL256_KARATSUBA_COMBA x2, x26, x27, x28, x29, x11, x12, x13, x14, x8, x9, x30, x19, x20, x21, x22, x23, x24, x25 @@ -483,7 +424,7 @@ oqs_kem_sike_mul434_asm: adcs x15, x15, x21 adcs x16, x16, x22 ldp x13, x14, [x1,#16] - adcs x17, x17, x23 + adc x17, x17, x23 // x20-x27 <- AL x BL MUL256_KARATSUBA_COMBA x0, x3, x4, x5, x6, x11, x12, x13, x14, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29 @@ -506,7 +447,7 @@ oqs_kem_sike_mul434_asm: umulh x23, x3, x11 sbcs x15, x15, x25 sbcs x16, x16, x26 - sbcs x17, x17, x27 + sbc x17, x17, x27 // x20-x23, x28-x29 <- AH x BH MUL192_COMBA_CUT x3, x4, x5, x11, x12, x13, x20, x21, x22, x23, x28, x29, x6, x0 @@ -519,7 +460,7 @@ oqs_kem_sike_mul434_asm: sbcs x10, x10, x28 sbcs x15, x15, x29 sbcs x16, x16, xzr - sbcs x17, x17, xzr + sbc x17, x17, xzr adds x8, x8, x24 adcs x9, x9, x25 @@ -770,7 +711,7 @@ oqs_kem_sike_mp_add434x2_asm: ldp x11, x12, [x1,#64] ldp x5, x6, [x0,#80] ldp x13, x14, [x1,#80] - + ldp x7, x8, [x0,#96] ldp x15, x16, [x1,#96] adcs x3, x3, x11 @@ -795,7 +736,7 @@ oqs_kem_sike_mp_subadd434x2_asm: ldp x11, x12, [x1,#0] ldp x5, x6, [x0,#16] ldp x13, x14, [x1,#16] - + ldp x7, x8, [x0,#32] subs x3, x3, x11 sbcs x4, x4, x12 @@ -810,14 +751,14 @@ oqs_kem_sike_mp_subadd434x2_asm: sbcs x8, x8, x12 stp x7, x8, [x2,#32] sbcs x9, x9, x15 - sbcs x10, x10, x16 + sbcs x10, x10, x16 str x9, [x2,#48] ldp x3, x4, [x0,#64] ldp x11, x12, [x1,#64] ldp x5, x6, [x0,#80] ldp x13, x14, [x1,#80] - + ldp x7, x8, [x0,#96] ldp x15, x16, [x1,#96] sbcs x3, x3, x11 @@ -839,16 +780,16 @@ oqs_kem_sike_mp_subadd434x2_asm: and x13, x13, x0 and x14, x14, x0 and x15, x15, x0 - adds x10, x10, x11 + adds x10, x10, x11 str x10, [x2,#56] - adcs x3, x3, x11 - adcs x4, x4, x11 + adcs x3, x3, x11 + adcs x4, x4, x11 stp x3, x4, [x2,#64] - adcs x5, x5, x12 - adcs x6, x6, x13 + adcs x5, x5, x12 + adcs x6, x6, x13 stp x5, x6, [x2,#80] - adcs x7, x7, x14 - adc x8, x8, x15 + adcs x7, x7, x14 + adc x8, x8, x15 stp x7, x8, [x2,#96] ret @@ -864,7 +805,7 @@ oqs_kem_sike_mp_dblsub434x2_asm: stp x29, x30, [sp, #16] ldp x3, x4, [x2,#0] ldp x5, x6, [x2,#16] - + ldp x27, x28, [x0,#0] ldp x29, x30, [x0,#16] ldp x7, x8, [x2,#32] diff --git a/src/kem/sike/external/P434/generic/fp_generic.c b/src/kem/sike/external/P434/generic/fp_generic.c index 78caf63a0..e771c3b3a 100644 --- a/src/kem/sike/external/P434/generic/fp_generic.c +++ b/src/kem/sike/external/P434/generic/fp_generic.c @@ -9,10 +9,10 @@ /* OQS note: this file is #include'd with the defs of these consts; removed to avoid re-defs // Global constants -extern const uint64_t p434[NWORDS_FIELD]; -extern const uint64_t p434p1[NWORDS_FIELD]; -extern const uint64_t p434x2[NWORDS_FIELD]; -extern const uint64_t p434x4[NWORDS_FIELD]; +extern const uint64_t p434[NWORDS64_FIELD]; +extern const uint64_t p434p1[NWORDS64_FIELD]; +extern const uint64_t p434x2[NWORDS64_FIELD]; +extern const uint64_t p434x4[NWORDS64_FIELD]; */ __inline void mp_sub434_p2(const digit_t* a, const digit_t* b, digit_t* c) diff --git a/src/kem/sike/external/P503/generic/fp_generic.c b/src/kem/sike/external/P503/generic/fp_generic.c index 18b038f2c..45231dea0 100644 --- a/src/kem/sike/external/P503/generic/fp_generic.c +++ b/src/kem/sike/external/P503/generic/fp_generic.c @@ -9,10 +9,10 @@ /* OQS note: this file is #include'd with the defs of these consts; removed to avoid re-defs // Global constants -extern const uint64_t p503[NWORDS_FIELD]; -extern const uint64_t p503p1[NWORDS_FIELD]; -extern const uint64_t p503x2[NWORDS_FIELD]; -extern const uint64_t p503x4[NWORDS_FIELD]; +extern const uint64_t p503[NWORDS64_FIELD]; +extern const uint64_t p503p1[NWORDS64_FIELD]; +extern const uint64_t p503x2[NWORDS64_FIELD]; +extern const uint64_t p503x4[NWORDS64_FIELD]; */ __inline void mp_sub503_p2(const digit_t* a, const digit_t* b, digit_t* c) diff --git a/src/kem/sike/external/P610/generic/fp_generic.c b/src/kem/sike/external/P610/generic/fp_generic.c index 586efe5b8..5d26d9c9b 100644 --- a/src/kem/sike/external/P610/generic/fp_generic.c +++ b/src/kem/sike/external/P610/generic/fp_generic.c @@ -9,10 +9,10 @@ /* OQS note: this file is #include'd with the defs of these consts; removed to avoid re-defs // Global constants -extern const uint64_t p610[NWORDS_FIELD]; -extern const uint64_t p610p1[NWORDS_FIELD]; -extern const uint64_t p610x2[NWORDS_FIELD]; -extern const uint64_t p610x4[NWORDS_FIELD]; +extern const uint64_t p610[NWORDS64_FIELD]; +extern const uint64_t p610p1[NWORDS64_FIELD]; +extern const uint64_t p610x2[NWORDS64_FIELD]; +extern const uint64_t p610x4[NWORDS64_FIELD]; */ __inline void mp_sub610_p2(const digit_t* a, const digit_t* b, digit_t* c) diff --git a/src/kem/sike/external/P751/generic/fp_generic.c b/src/kem/sike/external/P751/generic/fp_generic.c index be35bc397..bae6d826d 100644 --- a/src/kem/sike/external/P751/generic/fp_generic.c +++ b/src/kem/sike/external/P751/generic/fp_generic.c @@ -9,10 +9,10 @@ /* OQS note: this file is #include'd with the defs of these consts; removed to avoid re-defs // Global constants -extern const uint64_t p751[NWORDS_FIELD]; -extern const uint64_t p751p1[NWORDS_FIELD]; -extern const uint64_t p751x2[NWORDS_FIELD]; -extern const uint64_t p751x4[NWORDS_FIELD]; +extern const uint64_t p751[NWORDS64_FIELD]; +extern const uint64_t p751p1[NWORDS64_FIELD]; +extern const uint64_t p751x2[NWORDS64_FIELD]; +extern const uint64_t p751x4[NWORDS64_FIELD]; */ __inline void mp_sub751_p2(const digit_t* a, const digit_t* b, digit_t* c) diff --git a/src/kem/sike/external/fpx.c b/src/kem/sike/external/fpx.c index 8443387f7..7c5fa19bc 100644 --- a/src/kem/sike/external/fpx.c +++ b/src/kem/sike/external/fpx.c @@ -1109,6 +1109,9 @@ static void fpinv_mont_bingcd(felm_t a) felm_t x, t; unsigned int k; + if (is_felm_zero(a) == true) + return; + fpinv_mont_bingcd_partial(a, x, &k); if (k < MAXBITS_FIELD) { fpmul_mont(x, (digit_t*)&Montgomery_R2, x); diff --git a/src/kem/sike/kem_sike.c b/src/kem/sike/kem_sike.c index b05dd379c..f656bcc06 100644 --- a/src/kem/sike/kem_sike.c +++ b/src/kem/sike/kem_sike.c @@ -15,7 +15,7 @@ OQS_KEM *OQS_KEM_sike_p434_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p434; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 1; kem->ind_cca = true; @@ -45,7 +45,7 @@ OQS_KEM *OQS_KEM_sike_p434_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p434_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 1; kem->ind_cca = true; @@ -75,7 +75,7 @@ OQS_KEM *OQS_KEM_sike_p503_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p503; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 2; kem->ind_cca = true; @@ -105,7 +105,7 @@ OQS_KEM *OQS_KEM_sike_p503_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p503_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 2; kem->ind_cca = true; @@ -135,7 +135,7 @@ OQS_KEM *OQS_KEM_sike_p610_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p610; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 3; kem->ind_cca = true; @@ -165,7 +165,7 @@ OQS_KEM *OQS_KEM_sike_p610_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p610_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 3; kem->ind_cca = true; @@ -195,7 +195,7 @@ OQS_KEM *OQS_KEM_sike_p751_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p751; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 5; kem->ind_cca = true; @@ -225,7 +225,7 @@ OQS_KEM *OQS_KEM_sike_p751_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sike_p751_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 5; kem->ind_cca = true; @@ -255,7 +255,7 @@ OQS_KEM *OQS_KEM_sidh_p434_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p434; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 1; kem->ind_cca = false; @@ -325,7 +325,7 @@ OQS_KEM *OQS_KEM_sidh_p434_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p434_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 1; kem->ind_cca = false; @@ -395,7 +395,7 @@ OQS_KEM *OQS_KEM_sidh_p503_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p503; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 2; kem->ind_cca = false; @@ -465,7 +465,7 @@ OQS_KEM *OQS_KEM_sidh_p503_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p503_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 2; kem->ind_cca = false; @@ -535,7 +535,7 @@ OQS_KEM *OQS_KEM_sidh_p610_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p610; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 3; kem->ind_cca = false; @@ -605,7 +605,7 @@ OQS_KEM *OQS_KEM_sidh_p610_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p610_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 3; kem->ind_cca = false; @@ -675,7 +675,7 @@ OQS_KEM *OQS_KEM_sidh_p751_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p751; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 5; kem->ind_cca = false; @@ -745,7 +745,7 @@ OQS_KEM *OQS_KEM_sidh_p751_compressed_new() { return NULL; } kem->method_name = OQS_KEM_alg_sidh_p751_compressed; - kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/521aabbaa8c65124d2c143ce6537c98f55eda242"; + kem->alg_version = "https://github.com/microsoft/PQCrypto-SIDH/commit/011e11f350f9dc39b367c4a30c52002f803513d6"; kem->claimed_nist_level = 5; kem->ind_cca = false;