mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-11-27 00:04:24 -05:00
Kyber/Dilithium copy_from_upstream (#1088)
* Kyber/Dilithium copy_from_upstream * Updated algorithm docs
This commit is contained in:
Basil Hess
GitHub
parent
86bfbf4a76
commit
75b648e9f6
@ -6,7 +6,7 @@
|
|||||||
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
|
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
|
||||||
- **Authors' website**: https://pq-crystals.org/
|
- **Authors' website**: https://pq-crystals.org/
|
||||||
- **Specification version**: NIST Round 3 submission.
|
- **Specification version**: NIST Round 3 submission.
|
||||||
- **Implementation source**: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream patches
|
- **Implementation source**: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2 with copy_from_upstream patches
|
||||||
- **Implementation license (SPDX-Identifier)**: CC0-1.0.
|
- **Implementation license (SPDX-Identifier)**: CC0-1.0.
|
||||||
|
|
||||||
## Parameter set summary
|
## Parameter set summary
|
||||||
@ -25,7 +25,7 @@
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -33,10 +33,10 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
|
|
||||||
## Kyber512-90s implementation characteristics
|
## Kyber512-90s implementation characteristics
|
||||||
|
|
||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -45,16 +45,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
## Kyber768-90s implementation characteristics
|
## Kyber768-90s implementation characteristics
|
||||||
|
|
||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -63,16 +63,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
## Kyber1024-90s implementation characteristics
|
## Kyber1024-90s implementation characteristics
|
||||||
|
|
||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
|
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
|
|||||||
@ -17,8 +17,8 @@ website: https://pq-crystals.org/
|
|||||||
nist-round: 3
|
nist-round: 3
|
||||||
spec-version: NIST Round 3 submission
|
spec-version: NIST Round 3 submission
|
||||||
spdx-license-identifier: CC0-1.0
|
spdx-license-identifier: CC0-1.0
|
||||||
upstream: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream
|
upstream: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2
|
||||||
patches
|
with copy_from_upstream patches
|
||||||
parameter-sets:
|
parameter-sets:
|
||||||
- name: Kyber512
|
- name: Kyber512
|
||||||
claimed-nist-level: 1
|
claimed-nist-level: 1
|
||||||
@ -44,8 +44,8 @@ parameter-sets:
|
|||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
no-secret-dependent-branching-claimed: true
|
no-secret-dependent-branching-claimed: true
|
||||||
@ -75,10 +75,12 @@ parameter-sets:
|
|||||||
- Linux
|
- Linux
|
||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
- sse2
|
||||||
- avx2
|
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals-kyber_common_aes
|
- AES: pqcrystals-kyber_common_aes
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -109,8 +111,8 @@ parameter-sets:
|
|||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
no-secret-dependent-branching-claimed: true
|
no-secret-dependent-branching-claimed: true
|
||||||
@ -140,10 +142,12 @@ parameter-sets:
|
|||||||
- Linux
|
- Linux
|
||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
- sse2
|
||||||
- avx2
|
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals-kyber_common_aes
|
- AES: pqcrystals-kyber_common_aes
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -174,8 +178,8 @@ parameter-sets:
|
|||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
no-secret-dependent-branching-claimed: true
|
no-secret-dependent-branching-claimed: true
|
||||||
@ -205,10 +209,12 @@ parameter-sets:
|
|||||||
- Linux
|
- Linux
|
||||||
- Darwin
|
- Darwin
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
- sse2
|
||||||
- avx2
|
|
||||||
- bmi2
|
|
||||||
- popcnt
|
- popcnt
|
||||||
|
- bmi2
|
||||||
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals-kyber_common_aes
|
- AES: pqcrystals-kyber_common_aes
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
- **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
|
- **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
|
||||||
- **Authors' website**: https://pq-crystals.org/dilithium/
|
- **Authors' website**: https://pq-crystals.org/dilithium/
|
||||||
- **Specification version**: 3.1.
|
- **Specification version**: 3.1.
|
||||||
- **Implementation source**: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
|
- **Implementation source**: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06 with copy_from_upstream patches
|
||||||
- **Implementation license (SPDX-Identifier)**: CC0-1.0.
|
- **Implementation license (SPDX-Identifier)**: CC0-1.0.
|
||||||
|
|
||||||
## Parameter set summary
|
## Parameter set summary
|
||||||
@ -25,7 +25,7 @@
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -36,7 +36,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -54,7 +54,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -63,7 +63,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
|||||||
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|
||||||
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
|:------------------------:|:----------------------------|:--------------------------------|:---------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
|
||||||
| ref | All | All | None | True | True | False |
|
| ref | All | All | None | True | True | False |
|
||||||
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,POPCNT,SSE2,SSSE3 | True | True | False |
|
| avx2 | x86\_64 | Darwin,Linux | SSE2,POPCNT,SSSE3,AVX2,AES | True | True | False |
|
||||||
|
|
||||||
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
Are implementations chosen based on runtime CPU feature detection? **Yes**.
|
||||||
|
|
||||||
|
|||||||
@ -15,7 +15,8 @@ website: https://pq-crystals.org/dilithium/
|
|||||||
nist-round: 3
|
nist-round: 3
|
||||||
spec-version: 3.1
|
spec-version: 3.1
|
||||||
spdx-license-identifier: CC0-1.0
|
spdx-license-identifier: CC0-1.0
|
||||||
upstream: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409
|
upstream: https://github.com/pq-crystals/dilithium/commit/61b51a71701b8ae9f546a1e5d220e1950ed20d06
|
||||||
|
with copy_from_upstream patches
|
||||||
parameter-sets:
|
parameter-sets:
|
||||||
- name: Dilithium2
|
- name: Dilithium2
|
||||||
claimed-nist-level: 2
|
claimed-nist-level: 2
|
||||||
@ -37,13 +38,11 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- popcnt
|
- popcnt
|
||||||
- sse2
|
|
||||||
- ssse3
|
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -70,13 +69,11 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- popcnt
|
- popcnt
|
||||||
- sse2
|
|
||||||
- ssse3
|
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -103,13 +100,11 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- avx2
|
- avx2
|
||||||
- popcnt
|
- popcnt
|
||||||
- sse2
|
|
||||||
- ssse3
|
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -136,14 +131,14 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
|
||||||
- avx2
|
|
||||||
- popcnt
|
|
||||||
- sse2
|
- sse2
|
||||||
|
- popcnt
|
||||||
- ssse3
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -170,14 +165,14 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
|
||||||
- avx2
|
|
||||||
- popcnt
|
|
||||||
- sse2
|
- sse2
|
||||||
|
- popcnt
|
||||||
- ssse3
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
@ -204,14 +199,14 @@ parameter-sets:
|
|||||||
supported-platforms:
|
supported-platforms:
|
||||||
- architecture: x86_64
|
- architecture: x86_64
|
||||||
operating_systems:
|
operating_systems:
|
||||||
- Linux
|
|
||||||
- Darwin
|
- Darwin
|
||||||
|
- Linux
|
||||||
required_flags:
|
required_flags:
|
||||||
- aes
|
|
||||||
- avx2
|
|
||||||
- popcnt
|
|
||||||
- sse2
|
- sse2
|
||||||
|
- popcnt
|
||||||
- ssse3
|
- ssse3
|
||||||
|
- avx2
|
||||||
|
- aes
|
||||||
common-crypto:
|
common-crypto:
|
||||||
- AES: pqcrystals
|
- AES: pqcrystals
|
||||||
- SHA3: liboqs
|
- SHA3: liboqs
|
||||||
|
|||||||
@ -13,7 +13,7 @@ upstreams:
|
|||||||
name: pqcrystals-kyber
|
name: pqcrystals-kyber
|
||||||
git_url: https://github.com/pq-crystals/kyber.git
|
git_url: https://github.com/pq-crystals/kyber.git
|
||||||
git_branch: master
|
git_branch: master
|
||||||
git_commit: fd83229e9dcc7c235a5ea8bb320d1fbade812452
|
git_commit: faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2
|
||||||
kem_meta_path: '{pretty_name_full}_META.yml'
|
kem_meta_path: '{pretty_name_full}_META.yml'
|
||||||
common_meta_path: 'Common_META.yml'
|
common_meta_path: 'Common_META.yml'
|
||||||
kem_scheme_path: '.'
|
kem_scheme_path: '.'
|
||||||
@ -22,7 +22,7 @@ upstreams:
|
|||||||
name: pqcrystals-dilithium
|
name: pqcrystals-dilithium
|
||||||
git_url: https://github.com/pq-crystals/dilithium.git
|
git_url: https://github.com/pq-crystals/dilithium.git
|
||||||
git_branch: master
|
git_branch: master
|
||||||
git_commit: 9dddb2a0537734e749ec2c8d4f952cb90cd9e67b
|
git_commit: 61b51a71701b8ae9f546a1e5d220e1950ed20d06
|
||||||
sig_meta_path: '{pretty_name_full}_META.yml'
|
sig_meta_path: '{pretty_name_full}_META.yml'
|
||||||
common_meta_path: 'Common_META.yml'
|
common_meta_path: 'Common_META.yml'
|
||||||
sig_scheme_path: '.'
|
sig_scheme_path: '.'
|
||||||
|
|||||||
@ -483,7 +483,7 @@ static void inc4_be(uint32_t *x)
|
|||||||
*x = br_swap32(*x);
|
*x = br_swap32(*x);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[64])
|
static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[120])
|
||||||
{
|
{
|
||||||
uint32_t w[16];
|
uint32_t w[16];
|
||||||
uint64_t q[8];
|
uint64_t q[8];
|
||||||
@ -554,7 +554,7 @@ static void br_aes_ct64_ctr_run(uint64_t sk_exp[120], const uint8_t *iv, uint32_
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
|
void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t key[32], const uint8_t nonce[12])
|
||||||
{
|
{
|
||||||
uint64_t sk_exp[120];
|
uint64_t sk_exp[120];
|
||||||
|
|
||||||
@ -562,7 +562,7 @@ void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_
|
|||||||
br_aes_ct64_ctr_run(sk_exp, nonce, 0, out, outlen);
|
br_aes_ct64_ctr_run(sk_exp, nonce, 0, out, outlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
|
void aes256ctr_init(aes256ctr_ctx *s, const uint8_t key[32], const uint8_t nonce[12])
|
||||||
{
|
{
|
||||||
br_aes_ct64_ctr_init(s->sk_exp, key);
|
br_aes_ct64_ctr_init(s->sk_exp, key);
|
||||||
|
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_INDCPA_PUBLICKEYBYTES);
|
||||||
@ -47,9 +47,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -90,9 +90,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
int fail;
|
int fail;
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
|
|||||||
@ -34,7 +34,7 @@ void poly_getnoise_eta1_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
@ -46,7 +46,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
|
|||||||
poly *r1,
|
poly *r1,
|
||||||
poly *r2,
|
poly *r2,
|
||||||
poly *r3,
|
poly *r3,
|
||||||
const uint8_t *seed,
|
const uint8_t seed[32],
|
||||||
uint8_t nonce0,
|
uint8_t nonce0,
|
||||||
uint8_t nonce1,
|
uint8_t nonce1,
|
||||||
uint8_t nonce2,
|
uint8_t nonce2,
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
int crypto_kem_keypair(uint8_t *pk,
|
||||||
uint8_t sk[KYBER_SECRETKEYBYTES])
|
uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
indcpa_keypair(pk, sk);
|
indcpa_keypair(pk, sk);
|
||||||
@ -48,9 +48,9 @@ int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
int crypto_kem_enc(uint8_t *ct,
|
||||||
uint8_t ss[KYBER_SSBYTES],
|
uint8_t *ss,
|
||||||
const uint8_t pk[KYBER_PUBLICKEYBYTES])
|
const uint8_t *pk)
|
||||||
{
|
{
|
||||||
uint8_t buf[2*KYBER_SYMBYTES];
|
uint8_t buf[2*KYBER_SYMBYTES];
|
||||||
/* Will contain key, coins */
|
/* Will contain key, coins */
|
||||||
@ -91,9 +91,9 @@ int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a pseudo-random value.
|
* On failure, ss will contain a pseudo-random value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int crypto_kem_dec(uint8_t ss[KYBER_SSBYTES],
|
int crypto_kem_dec(uint8_t *ss,
|
||||||
const uint8_t ct[KYBER_CIPHERTEXTBYTES],
|
const uint8_t *ct,
|
||||||
const uint8_t sk[KYBER_SECRETKEYBYTES])
|
const uint8_t *sk)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
int fail;
|
int fail;
|
||||||
|
|||||||
@ -119,27 +119,3 @@ void aes256ctr_squeezeblocks(uint8_t *out,
|
|||||||
out += 64;
|
out += 64;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t seed[32],
|
|
||||||
uint64_t nonce)
|
|
||||||
{
|
|
||||||
unsigned int i;
|
|
||||||
uint8_t buf[64];
|
|
||||||
aes256ctr_ctx state;
|
|
||||||
|
|
||||||
aes256ctr_init(&state, seed, nonce);
|
|
||||||
|
|
||||||
while(outlen >= 64) {
|
|
||||||
aesni_encrypt4(out, &state.n, state.rkeys);
|
|
||||||
outlen -= 64;
|
|
||||||
out += 64;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(outlen) {
|
|
||||||
aesni_encrypt4(buf, &state.n, state.rkeys);
|
|
||||||
for(i=0;i<outlen;i++)
|
|
||||||
out[i] = buf[i];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out,
|
|||||||
size_t nblocks,
|
size_t nblocks,
|
||||||
aes256ctr_ctx *state);
|
aes256ctr_ctx *state);
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
uint64_t nonce);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -483,7 +483,7 @@ static void inc4_be(uint32_t *x)
|
|||||||
*x = br_swap32(*x);
|
*x = br_swap32(*x);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[64])
|
static void aes_ctr4x(uint8_t out[64], uint32_t ivw[16], uint64_t sk_exp[120])
|
||||||
{
|
{
|
||||||
uint32_t w[16];
|
uint32_t w[16];
|
||||||
uint64_t q[8];
|
uint64_t q[8];
|
||||||
@ -527,42 +527,7 @@ static void br_aes_ct64_ctr_init(uint64_t sk_exp[120], const uint8_t *key)
|
|||||||
br_aes_ct64_skey_expand(sk_exp, skey);
|
br_aes_ct64_skey_expand(sk_exp, skey);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void br_aes_ct64_ctr_run(uint64_t sk_exp[120], const uint8_t *iv, uint32_t cc, uint8_t *data, size_t len)
|
void aes256ctr_init(aes256ctr_ctx *s, const uint8_t key[32], const uint8_t nonce[12])
|
||||||
{
|
|
||||||
uint32_t ivw[16];
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
br_range_dec32le(ivw, 3, iv);
|
|
||||||
memcpy(ivw + 4, ivw, 3 * sizeof(uint32_t));
|
|
||||||
memcpy(ivw + 8, ivw, 3 * sizeof(uint32_t));
|
|
||||||
memcpy(ivw + 12, ivw, 3 * sizeof(uint32_t));
|
|
||||||
ivw[ 3] = br_swap32(cc);
|
|
||||||
ivw[ 7] = br_swap32(cc + 1);
|
|
||||||
ivw[11] = br_swap32(cc + 2);
|
|
||||||
ivw[15] = br_swap32(cc + 3);
|
|
||||||
|
|
||||||
while (len > 64) {
|
|
||||||
aes_ctr4x(data, ivw, sk_exp);
|
|
||||||
data += 64;
|
|
||||||
len -= 64;
|
|
||||||
}
|
|
||||||
if(len > 0) {
|
|
||||||
uint8_t tmp[64];
|
|
||||||
aes_ctr4x(tmp, ivw, sk_exp);
|
|
||||||
for(i=0;i<len;i++)
|
|
||||||
data[i] = tmp[i];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
|
|
||||||
{
|
|
||||||
uint64_t sk_exp[120];
|
|
||||||
|
|
||||||
br_aes_ct64_ctr_init(sk_exp, key);
|
|
||||||
br_aes_ct64_ctr_run(sk_exp, nonce, 0, out, outlen);
|
|
||||||
}
|
|
||||||
|
|
||||||
void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
|
|
||||||
{
|
{
|
||||||
br_aes_ct64_ctr_init(s->sk_exp, key);
|
br_aes_ct64_ctr_init(s->sk_exp, key);
|
||||||
|
|
||||||
|
|||||||
@ -13,12 +13,6 @@ typedef struct {
|
|||||||
uint32_t ivw[16];
|
uint32_t ivw[16];
|
||||||
} aes256ctr_ctx;
|
} aes256ctr_ctx;
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
const uint8_t nonce[12]);
|
|
||||||
|
|
||||||
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
||||||
void aes256ctr_init(aes256ctr_ctx *state,
|
void aes256ctr_init(aes256ctr_ctx *state,
|
||||||
const uint8_t key[32],
|
const uint8_t key[32],
|
||||||
|
|||||||
@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out,
|
|||||||
size_t nblocks,
|
size_t nblocks,
|
||||||
aes256ctr_ctx *state);
|
aes256ctr_ctx *state);
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
uint64_t nonce);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -13,12 +13,6 @@ typedef struct {
|
|||||||
uint32_t ivw[16];
|
uint32_t ivw[16];
|
||||||
} aes256ctr_ctx;
|
} aes256ctr_ctx;
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
const uint8_t nonce[12]);
|
|
||||||
|
|
||||||
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
||||||
void aes256ctr_init(aes256ctr_ctx *state,
|
void aes256ctr_init(aes256ctr_ctx *state,
|
||||||
const uint8_t key[32],
|
const uint8_t key[32],
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out,
|
|||||||
size_t nblocks,
|
size_t nblocks,
|
||||||
aes256ctr_ctx *state);
|
aes256ctr_ctx *state);
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
uint64_t nonce);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -13,12 +13,6 @@ typedef struct {
|
|||||||
uint32_t ivw[16];
|
uint32_t ivw[16];
|
||||||
} aes256ctr_ctx;
|
} aes256ctr_ctx;
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
const uint8_t nonce[12]);
|
|
||||||
|
|
||||||
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
||||||
void aes256ctr_init(aes256ctr_ctx *state,
|
void aes256ctr_init(aes256ctr_ctx *state,
|
||||||
const uint8_t key[32],
|
const uint8_t key[32],
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -24,10 +24,4 @@ void aes256ctr_squeezeblocks(uint8_t *out,
|
|||||||
size_t nblocks,
|
size_t nblocks,
|
||||||
aes256ctr_ctx *state);
|
aes256ctr_ctx *state);
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
uint64_t nonce);
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -13,12 +13,6 @@ typedef struct {
|
|||||||
uint32_t ivw[16];
|
uint32_t ivw[16];
|
||||||
} aes256ctr_ctx;
|
} aes256ctr_ctx;
|
||||||
|
|
||||||
#define aes256ctr_prf AES256CTR_NAMESPACE(prf)
|
|
||||||
void aes256ctr_prf(uint8_t *out,
|
|
||||||
size_t outlen,
|
|
||||||
const uint8_t key[32],
|
|
||||||
const uint8_t nonce[12]);
|
|
||||||
|
|
||||||
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
#define aes256ctr_init AES256CTR_NAMESPACE(init)
|
||||||
void aes256ctr_init(aes256ctr_ctx *state,
|
void aes256ctr_init(aes256ctr_ctx *state,
|
||||||
const uint8_t key[32],
|
const uint8_t key[32],
|
||||||
|
|||||||
@ -1021,7 +1021,7 @@ void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly * restrict a) {
|
|||||||
* - const uint8_t *a: byte array with bit-packed polynomial
|
* - const uint8_t *a: byte array with bit-packed polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA1 == (1 << 17)
|
#if GAMMA1 == (1 << 17)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
const __m256i shufbidx = _mm256_set_epi8(-1, 9, 8, 7,-1, 7, 6, 5,-1, 5, 4, 3,-1, 3, 2, 1,
|
||||||
@ -1045,7 +1045,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+14]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA1 == (1 << 19)
|
#elif GAMMA1 == (1 << 19)
|
||||||
void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
void polyz_unpack(poly * restrict r, const uint8_t *a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f;
|
__m256i f;
|
||||||
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
const __m256i shufbidx = _mm256_set_epi8(-1,11,10, 9,-1, 9, 8, 7,-1, 6, 5, 4,-1, 4, 3, 2,
|
||||||
@ -1080,7 +1080,7 @@ void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
|
|||||||
* - const poly *a: pointer to input polynomial
|
* - const poly *a: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
#if GAMMA2 == (Q-1)/88
|
#if GAMMA2 == (Q-1)/88
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0,f1,f2,f3;
|
__m256i f0,f1,f2,f3;
|
||||||
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
const __m256i shift1 = _mm256_set1_epi16((64 << 8) + 1);
|
||||||
@ -1111,7 +1111,7 @@ void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly * restrict a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#elif GAMMA2 == (Q-1)/32
|
#elif GAMMA2 == (Q-1)/32
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
|
void polyw1_pack(uint8_t *r, const poly * restrict a) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
__m256i f0, f1, f2, f3, f4, f5, f6, f7;
|
||||||
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
const __m256i shift = _mm256_set1_epi16((16 << 8) + 1);
|
||||||
|
|||||||
@ -106,9 +106,9 @@ void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
|
|||||||
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
#define polyz_pack DILITHIUM_NAMESPACE(polyz_pack)
|
||||||
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
|
||||||
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
#define polyz_unpack DILITHIUM_NAMESPACE(polyz_unpack)
|
||||||
void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
|
void polyz_unpack(poly *r, const uint8_t *a);
|
||||||
|
|
||||||
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
#define polyw1_pack DILITHIUM_NAMESPACE(polyw1_pack)
|
||||||
void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
|
void polyw1_pack(uint8_t *r, const poly *a);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -22,7 +22,7 @@ extern const uint8_t idxlut[256][8];
|
|||||||
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
unsigned int rej_uniform_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN+8]);
|
||||||
|
|
||||||
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
#define rej_eta_avx DILITHIUM_NAMESPACE(rej_eta_avx)
|
||||||
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_BUFLEN]);
|
unsigned int rej_eta_avx(int32_t *r, const uint8_t buf[REJ_UNIFORM_ETA_BUFLEN]);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user