From 75b648e9f6d2b4cd59f2776ae2511509ca29f4b3 Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Mon, 13 Sep 2021 21:07:25 +0200 Subject: [PATCH] Kyber/Dilithium copy_from_upstream (#1088) * Kyber/Dilithium copy_from_upstream * Updated algorithm docs --- docs/algorithms/kem/kyber.md | 32 +++++++-------- docs/algorithms/kem/kyber.yml | 34 +++++++++------- docs/algorithms/sig/dilithium.md | 14 +++---- docs/algorithms/sig/dilithium.yml | 39 ++++++++----------- .../copy_from_upstream/copy_from_upstream.yml | 4 +- .../pqcrystals-kyber_common_ref/aes256ctr.c | 6 +-- .../pqcrystals-kyber_kyber1024-90s_avx2/kem.c | 16 ++++---- .../poly.h | 4 +- .../pqcrystals-kyber_kyber1024-90s_ref/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber1024_avx2/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber1024_avx2/poly.h | 4 +- .../pqcrystals-kyber_kyber1024_ref/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber512-90s_avx2/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber512-90s_avx2/poly.h | 4 +- .../pqcrystals-kyber_kyber512-90s_ref/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber512_avx2/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber512_avx2/poly.h | 4 +- .../kyber/pqcrystals-kyber_kyber512_ref/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber768-90s_avx2/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber768-90s_avx2/poly.h | 4 +- .../pqcrystals-kyber_kyber768-90s_ref/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber768_avx2/kem.c | 16 ++++---- .../pqcrystals-kyber_kyber768_avx2/poly.h | 4 +- .../kyber/pqcrystals-kyber_kyber768_ref/kem.c | 16 ++++---- .../aes256ctr.c | 24 ------------ .../aes256ctr.h | 6 --- .../aes256ctr.c | 39 +------------------ .../aes256ctr.h | 6 --- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- .../aes256ctr.h | 6 --- .../poly.c | 8 ++-- .../poly.h | 4 +- .../rejsample.h | 2 +- 52 files changed, 217 insertions(+), 323 deletions(-) diff --git a/docs/algorithms/kem/kyber.md b/docs/algorithms/kem/kyber.md index f7aaa61d8..bc253093c 100644 --- a/docs/algorithms/kem/kyber.md +++ b/docs/algorithms/kem/kyber.md @@ -6,7 +6,7 @@ - **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé. - **Authors' website**: https://pq-crystals.org/ - **Specification version**: NIST Round 3 submission. -- **Implementation source**: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream patches +- **Implementation source**: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2 with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0. ## Parameter set summary @@ -25,7 +25,7 @@ | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -33,10 +33,10 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. ## Kyber512-90s implementation characteristics -| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | -|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False | +| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | +|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| +| ref | All | All | None | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -45,16 +45,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. ## Kyber768-90s implementation characteristics -| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | -|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False | +| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | +|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| +| ref | All | All | None | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -63,16 +63,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. ## Kyber1024-90s implementation characteristics -| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | -|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| -| ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False | +| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | +|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| +| ref | All | All | None | True | True | False | +| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff --git a/docs/algorithms/kem/kyber.yml b/docs/algorithms/kem/kyber.yml index a01c33adb..5aba89827 100644 --- a/docs/algorithms/kem/kyber.yml +++ b/docs/algorithms/kem/kyber.yml @@ -17,8 +17,8 @@ website: https://pq-crystals.org/ nist-round: 3 spec-version: NIST Round 3 submission spdx-license-identifier: CC0-1.0 -upstream: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream - patches +upstream: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2 + with copy_from_upstream patches parameter-sets: - name: Kyber512 claimed-nist-level: 1 @@ -44,8 +44,8 @@ parameter-sets: - Darwin required_flags: - avx2 - - bmi2 - popcnt + - bmi2 common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -75,10 +75,12 @@ parameter-sets: - Linux - Darwin required_flags: - - aes - - avx2 - - bmi2 + - sse2 - popcnt + - bmi2 + - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals-kyber_common_aes - SHA3: liboqs @@ -109,8 +111,8 @@ parameter-sets: - Darwin required_flags: - avx2 - - bmi2 - popcnt + - bmi2 common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -140,10 +142,12 @@ parameter-sets: - Linux - Darwin required_flags: - - aes - - avx2 - - bmi2 + - sse2 - popcnt + - bmi2 + - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals-kyber_common_aes - SHA3: liboqs @@ -174,8 +178,8 @@ parameter-sets: - Darwin required_flags: - avx2 - - bmi2 - popcnt + - bmi2 common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true @@ -205,10 +209,12 @@ parameter-sets: - Linux - Darwin required_flags: - - aes - - avx2 - - bmi2 + - sse2 - popcnt + - bmi2 + - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals-kyber_common_aes - SHA3: liboqs diff --git a/docs/algorithms/sig/dilithium.md b/docs/algorithms/sig/dilithium.md index 26ae26d7d..6fe2d04b4 100644 --- a/docs/algorithms/sig/dilithium.md +++ b/docs/algorithms/sig/dilithium.md @@ -6,7 +6,7 @@ - **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé. - **Authors' website**: https://pq-crystals.org/dilithium/ - **Specification version**: 3.1. -- **Implementation source**: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 +- **Implementation source**: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06 with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0. ## Parameter set summary @@ -25,7 +25,7 @@ | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -36,7 +36,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -45,7 +45,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -54,7 +54,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -63,7 +63,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. @@ -72,7 +72,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| | ref | All | All | None | True | True | False | -| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False | +| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False | Are implementations chosen based on runtime CPU feature detection? **Yes**. diff --git a/docs/algorithms/sig/dilithium.yml b/docs/algorithms/sig/dilithium.yml index 94aef77d3..de6e55d61 100644 --- a/docs/algorithms/sig/dilithium.yml +++ b/docs/algorithms/sig/dilithium.yml @@ -15,7 +15,8 @@ website: https://pq-crystals.org/dilithium/ nist-round: 3 spec-version: 3.1 spdx-license-identifier: CC0-1.0 -upstream: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 +upstream: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06 + with copy_from_upstream patches parameter-sets: - name: Dilithium2 claimed-nist-level: 2 @@ -37,13 +38,11 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - avx2 - popcnt - - sse2 - - ssse3 common-crypto: - AES: pqcrystals - SHA3: liboqs @@ -70,13 +69,11 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - avx2 - popcnt - - sse2 - - ssse3 common-crypto: - AES: pqcrystals - SHA3: liboqs @@ -103,13 +100,11 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - avx2 - popcnt - - sse2 - - ssse3 common-crypto: - AES: pqcrystals - SHA3: liboqs @@ -136,14 +131,14 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - - aes - - avx2 - - popcnt - sse2 + - popcnt - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals - SHA3: liboqs @@ -170,14 +165,14 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - - aes - - avx2 - - popcnt - sse2 + - popcnt - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals - SHA3: liboqs @@ -204,14 +199,14 @@ parameter-sets: supported-platforms: - architecture: x86_64 operating_systems: - - Linux - Darwin + - Linux required_flags: - - aes - - avx2 - - popcnt - sse2 + - popcnt - ssse3 + - avx2 + - aes common-crypto: - AES: pqcrystals - SHA3: liboqs diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml index f9edbca8d..0d30f2242 100644 --- a/scripts/copy_from_upstream/copy_from_upstream.yml +++ b/scripts/copy_from_upstream/copy_from_upstream.yml @@ -13,7 +13,7 @@ upstreams: name: pqcrystals-kyber git_url: https://github.com/pq-crystals/kyber.git git_branch: master - git_commit: fd83229e9dcc7c235a5ea8bb320d1fbade812452 + git_commit: faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2 kem_meta_path: '{pretty_name_full}_META.yml' common_meta_path: 'Common_META.yml' kem_scheme_path: '.' @@ -22,7 +22,7 @@ upstreams: name: pqcrystals-dilithium git_url: https://github.com/pq-crystals/dilithium.git git_branch: master - git_commit: 9dddb2a0537734e749ec2c8d4f952cb90cd9e67b + git_commit: 61b51a71701b8ae9f546a1e5d220e1950ed20d06 sig_meta_path: '{pretty_name_full}_META.yml' common_meta_path: 'Common_META.yml' sig_scheme_path: '.' diff --git a/src/kem/kyber/pqcrystals-kyber_common_ref/aes256ctr.c b/src/kem/kyber/pqcrystals-kyber_common_ref/aes256ctr.c index 4382bcafe..cf0a3bc5f 100644 --- a/src/kem/kyber/pqcrystals-kyber_common_ref/aes256ctr.c +++ b/src/kem/kyber/pqcrystals-kyber_common_ref/aes256ctr.c @@ -483,7 +483,7 @@ static void inc4_be(uint32_t *x) *x = br_swap32(*x); } -static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[64]) +static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[120]) { uint32_t w[16]; uint64_t q[8]; @@ -554,7 +554,7 @@ static void br_aes_ct64_ctr_run(uint64_t sk_exp[120], const uint8_t *iv, uint32_ } } -void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce) +void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t key[32], const uint8_t nonce[12]) { uint64_t sk_exp[120]; @@ -562,7 +562,7 @@ void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_ br_aes_ct64_ctr_run(sk_exp, nonce, 0, out, outlen); } -void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce) +void aes256ctr_init(aes256ctr_ctx *s, const uint8_t key[32], const uint8_t nonce[12]) { br_aes_ct64_ctr_init(s->sk_exp, key); diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024-90s_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber1024_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber512-90s_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber512_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber512_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber768-90s_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/kem.c index 6bbcc64c7..c48a955d4 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/kem.c @@ -21,8 +21,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { indcpa_keypair(pk, sk); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES); @@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/poly.h b/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/poly.h index 933e1ca85..6a9cf71c7 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/poly.h +++ b/src/kem/kyber/pqcrystals-kyber_kyber768_avx2/poly.h @@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, @@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0, poly *r1, poly *r2, poly *r3, - const uint8_t *seed, + const uint8_t seed[32], uint8_t nonce0, uint8_t nonce1, uint8_t nonce2, diff --git a/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c b/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c index fcc94ac3e..f376bd236 100644 --- a/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c +++ b/src/kem/kyber/pqcrystals-kyber_kyber768_ref/kem.c @@ -20,8 +20,8 @@ * * Returns 0 (success) **************************************************/ -int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], - uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_keypair(uint8_t *pk, + uint8_t *sk) { size_t i; indcpa_keypair(pk, sk); @@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES], * * Returns 0 (success) **************************************************/ -int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], - uint8_t ss[KYBER_SSBYTES], - const uint8_t pk[KYBER_PUBLICKEYBYTES]) +int crypto_kem_enc(uint8_t *ct, + uint8_t *ss, + const uint8_t *pk) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ @@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES], * * On failure, ss will contain a pseudo-random value. **************************************************/ -int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES], - const uint8_t ct[KYBER_CIPHERTEXTBYTES], - const uint8_t sk[KYBER_SECRETKEYBYTES]) +int crypto_kem_dec(uint8_t *ss, + const uint8_t *ct, + const uint8_t *sk) { size_t i; int fail; diff --git a/src/sig/dilithium/pqcrystals-dilithium_common_aes/aes256ctr.c b/src/sig/dilithium/pqcrystals-dilithium_common_aes/aes256ctr.c index 4a85f0ca6..711998406 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_common_aes/aes256ctr.c +++ b/src/sig/dilithium/pqcrystals-dilithium_common_aes/aes256ctr.c @@ -119,27 +119,3 @@ void aes256ctr_squeezeblocks(uint8_t *out, out += 64; } } - -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t seed[32], - uint64_t nonce) -{ - unsigned int i; - uint8_t buf[64]; - aes256ctr_ctx state; - - aes256ctr_init(&state, seed, nonce); - - while(outlen >= 64) { - aesni_encrypt4(out, &state.n, state.rkeys); - outlen -= 64; - out += 64; - } - - if(outlen) { - aesni_encrypt4(buf, &state.n, state.rkeys); - for(i=0;i 64) { - aes_ctr4x(data, ivw, sk_exp); - data += 64; - len -= 64; - } - if(len > 0) { - uint8_t tmp[64]; - aes_ctr4x(tmp, ivw, sk_exp); - for(i=0;isk_exp, key); diff --git a/src/sig/dilithium/pqcrystals-dilithium_common_ref/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_common_ref/aes256ctr.h index 182ff9dcc..458213132 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_common_ref/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_common_ref/aes256ctr.h @@ -13,12 +13,6 @@ typedef struct { uint32_t ivw[16]; } aes256ctr_ctx; -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - const uint8_t nonce[12]); - #define aes256ctr_init AES256CTR_NAMESPACE(init) void aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/aes256ctr.h index b66093b46..29c93ac77 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/aes256ctr.h @@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state); -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - uint64_t nonce); - #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_ref/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_ref/aes256ctr.h index 182ff9dcc..458213132 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_ref/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2-aes_ref/aes256ctr.h @@ -13,12 +13,6 @@ typedef struct { uint32_t ivw[16]; } aes256ctr_ctx; -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - const uint8_t nonce[12]); - #define aes256ctr_init AES256CTR_NAMESPACE(init) void aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/aes256ctr.h index b66093b46..29c93ac77 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/aes256ctr.h @@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state); -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - uint64_t nonce); - #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_ref/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_ref/aes256ctr.h index 182ff9dcc..458213132 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_ref/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3-aes_ref/aes256ctr.h @@ -13,12 +13,6 @@ typedef struct { uint32_t ivw[16]; } aes256ctr_ctx; -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - const uint8_t nonce[12]); - #define aes256ctr_init AES256CTR_NAMESPACE(init) void aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium3_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/aes256ctr.h index b66093b46..29c93ac77 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/aes256ctr.h @@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state); -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - uint64_t nonce); - #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_ref/aes256ctr.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_ref/aes256ctr.h index 182ff9dcc..458213132 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_ref/aes256ctr.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5-aes_ref/aes256ctr.h @@ -13,12 +13,6 @@ typedef struct { uint32_t ivw[16]; } aes256ctr_ctx; -#define aes256ctr_prf AES256CTR_NAMESPACE(prf) -void aes256ctr_prf(uint8_t *out, - size_t outlen, - const uint8_t key[32], - const uint8_t nonce[12]); - #define aes256ctr_init AES256CTR_NAMESPACE(init) void aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.c b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.c index bb268fd4e..f1e28e985 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.c +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.c @@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) { * - const uint8_t *a: byte array with bit-packed polynomial **************************************************/ #if GAMMA1 == (1 << 17) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1, @@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) { } #elif GAMMA1 == (1 << 19) -void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { +void polyz_unpack(poly * restrict r, const uint8_t *a) { unsigned int i; __m256i f; const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2, @@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) { * - const poly *a: pointer to input polynomial **************************************************/ #if GAMMA2 == (Q-1)/88 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0,f1,f2,f3; const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1); @@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) { } #elif GAMMA2 == (Q-1)/32 -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) { +void polyw1_pack(uint8_t *r, const poly * restrict a) { unsigned int i; __m256i f0, f1, f2, f3, f4, f5, f6, f7; const __m256i shift = _mm256_set1_epi16((16 << 8) + 1); diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.h index 0b0e2fde5..ce22726d9 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/poly.h @@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]); #define polyz_pack DILITHIUM_NAMESPACE(polyz_pack) void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a); #define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack) -void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]); +void polyz_unpack(poly *r, const uint8_t *a); #define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack) -void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a); +void polyw1_pack(uint8_t *r, const poly *a); #endif diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/rejsample.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/rejsample.h index 592eace73..61f3f357a 100644 --- a/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/rejsample.h +++ b/src/sig/dilithium/pqcrystals-dilithium_dilithium_5_avx2/rejsample.h @@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8]; unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]); #define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx) -unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]); +unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]); #endif