diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake
index bf8e4d56c..bdd4d94ce 100644
--- a/.CMake/alg_support.cmake
+++ b/.CMake/alg_support.cmake
@@ -127,11 +127,8 @@ cmake_dependent_option(OQS_ENABLE_KEM_kyber_768 "" ON "OQS_ENABLE_KEM_KYBER" OFF
cmake_dependent_option(OQS_ENABLE_KEM_kyber_1024 "" ON "OQS_ENABLE_KEM_KYBER" OFF)
option(OQS_ENABLE_KEM_ML_KEM "Enable ml_kem algorithm family" ON)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
option(OQS_ENABLE_SIG_DILITHIUM "Enable dilithium algorithm family" ON)
@@ -320,21 +317,18 @@ endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
- cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
- cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
- cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024_ipd" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()
diff --git a/.github/workflows/unix.yml b/.github/workflows/unix.yml
index 6c1739459..35bb8deb6 100644
--- a/.github/workflows/unix.yml
+++ b/.github/workflows/unix.yml
@@ -223,7 +223,7 @@ jobs:
path: build/*.deb
- name: Check STD algorithm and alias
if: matrix.name == 'jammy-std-openssl3'
- run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512-ipd:\n isnull: true"'
+ run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"'
working-directory: build
linux_arm_emulated:
diff --git a/README.md b/README.md
index f207046b4..db67a3115 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ Details on each supported algorithm can be found in the [docs/algorithms](https:
The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
-The only algorithms in `liboqs` that implement NIST standards drafts are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/ipd) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-kem-ipd" and "ml-kem" as well as "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below.
+The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) (initial public draft) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below.
Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
@@ -54,7 +54,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
- **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
- **HQC**: HQC-128, HQC-192, HQC-256
- **Kyber**: Kyber512, Kyber768, Kyber1024
-- **ML-KEM**: ML-KEM-512-ipd (alias: ML-KEM-512), ML-KEM-768-ipd (alias: ML-KEM-768), ML-KEM-1024-ipd (alias: ML-KEM-1024)
+- **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024
- **NTRU-Prime**: sntrup761
diff --git a/docs/algorithms/kem/ml_kem.md b/docs/algorithms/kem/ml_kem.md
index 7d5e0561a..d1806517b 100644
--- a/docs/algorithms/kem/ml_kem.md
+++ b/docs/algorithms/kem/ml_kem.md
@@ -4,10 +4,10 @@
- **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- **Principal submitters**: Peter Schwabe.
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
-- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
-- **Specification version**: ML-KEM-ipd.
+- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
+- **Specification version**: ML-KEM.
- **Primary Source**:
- - **Source**: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 with copy_from_upstream patches
+ - **Source**: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
@@ -15,11 +15,11 @@
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
-| ML-KEM-512-ipd | ML-KEM-512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
-| ML-KEM-768-ipd | ML-KEM-768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
-| ML-KEM-1024-ipd | ML-KEM-1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
+| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
+| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
+| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
-## ML-KEM-512-ipd implementation characteristics
+## ML-KEM-512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
@@ -30,7 +30,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
-## ML-KEM-768-ipd implementation characteristics
+## ML-KEM-768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
@@ -39,7 +39,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
-## ML-KEM-1024-ipd implementation characteristics
+## ML-KEM-1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
diff --git a/docs/algorithms/kem/ml_kem.yml b/docs/algorithms/kem/ml_kem.yml
index 58d2ce19b..81ef2b6c4 100644
--- a/docs/algorithms/kem/ml_kem.yml
+++ b/docs/algorithms/kem/ml_kem.yml
@@ -13,16 +13,15 @@ auxiliary-submitters:
- Gregor Seiler
- Damien Stehlé
crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
-website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
-nist-round: ipd
-spec-version: ML-KEM-ipd
+website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
+nist-round: FIPS203
+spec-version: ML-KEM
primary-upstream:
- source: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
+ source: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
parameter-sets:
-- name: ML-KEM-512-ipd
- alias: ML-KEM-512
+- name: ML-KEM-512
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 800
@@ -55,8 +54,7 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
-- name: ML-KEM-768-ipd
- alias: ML-KEM-768
+- name: ML-KEM-768
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1184
@@ -89,8 +87,7 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
-- name: ML-KEM-1024-ipd
- alias: ML-KEM-1024
+- name: ML-KEM-1024
claimed-nist-level: 5
claimed-security: IND-CCA2
length-public-key: 1568
diff --git a/docs/cbom.json b/docs/cbom.json
index f605276ac..2fab7718a 100644
--- a/docs/cbom.json
+++ b/docs/cbom.json
@@ -1,23 +1,23 @@
{
"bomFormat": "CBOM",
"specVersion": "1.4-cbom-1.0",
- "serialNumber": "urn:uuid:58a975ac-ea6b-4ce9-a5ae-80d35105db30",
+ "serialNumber": "urn:uuid:b953d460-1246-4cbb-aff9-642a0308d18b",
"version": 1,
"metadata": {
- "timestamp": "2024-04-09T21:46:17.101849",
+ "timestamp": "2024-08-26T18:04:44.668645",
"component": {
"type": "library",
- "bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872",
+ "bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"name": "liboqs",
- "version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872"
+ "version": "062e793edf54cbc1073b54d0689795063fd41910"
}
},
"components": [
{
"type": "library",
- "bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872",
+ "bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"name": "liboqs",
- "version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872"
+ "version": "062e793edf54cbc1073b54d0689795063fd41910"
},
{
"type": "crypto-asset",
@@ -1041,12 +1041,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-512-ipd:generic",
+ "bom-ref": "alg:ML-KEM-512:generic",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-512-ipd",
+ "variant": "ML-KEM-512",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -1061,12 +1061,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-512-ipd:x86_64",
+ "bom-ref": "alg:ML-KEM-512:x86_64",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-512-ipd",
+ "variant": "ML-KEM-512",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -1081,12 +1081,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-768-ipd:generic",
+ "bom-ref": "alg:ML-KEM-768:generic",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-768-ipd",
+ "variant": "ML-KEM-768",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -1101,12 +1101,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-768-ipd:x86_64",
+ "bom-ref": "alg:ML-KEM-768:x86_64",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-768-ipd",
+ "variant": "ML-KEM-768",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -1121,12 +1121,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-1024-ipd:generic",
+ "bom-ref": "alg:ML-KEM-1024:generic",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-1024-ipd",
+ "variant": "ML-KEM-1024",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -1141,12 +1141,12 @@
},
{
"type": "crypto-asset",
- "bom-ref": "alg:ML-KEM-1024-ipd:x86_64",
+ "bom-ref": "alg:ML-KEM-1024:x86_64",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "variant": "ML-KEM-1024-ipd",
+ "variant": "ML-KEM-1024",
"primitive": "kem",
"implementationLevel": "softwarePlainRam",
"cryptoFunctions": [
@@ -2408,7 +2408,7 @@
],
"dependencies": [
{
- "ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872",
+ "ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"dependsOn": [
"alg:BIKE-L1:x86_64",
"alg:BIKE-L3:x86_64",
@@ -2461,12 +2461,12 @@
"alg:Kyber1024:generic",
"alg:Kyber1024:x86_64",
"alg:Kyber1024:armv8-a",
- "alg:ML-KEM-512-ipd:generic",
- "alg:ML-KEM-512-ipd:x86_64",
- "alg:ML-KEM-768-ipd:generic",
- "alg:ML-KEM-768-ipd:x86_64",
- "alg:ML-KEM-1024-ipd:generic",
- "alg:ML-KEM-1024-ipd:x86_64",
+ "alg:ML-KEM-512:generic",
+ "alg:ML-KEM-512:x86_64",
+ "alg:ML-KEM-768:generic",
+ "alg:ML-KEM-768:x86_64",
+ "alg:ML-KEM-1024:generic",
+ "alg:ML-KEM-1024:x86_64",
"alg:sntrup761:generic",
"alg:sntrup761:x86_64",
"alg:Dilithium2:generic",
@@ -2893,42 +2893,42 @@
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-512-ipd:generic",
+ "ref": "alg:ML-KEM-512:generic",
"dependsOn": [
"alg:sha3"
],
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-512-ipd:x86_64",
+ "ref": "alg:ML-KEM-512:x86_64",
"dependsOn": [
"alg:sha3"
],
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-768-ipd:generic",
+ "ref": "alg:ML-KEM-768:generic",
"dependsOn": [
"alg:sha3"
],
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-768-ipd:x86_64",
+ "ref": "alg:ML-KEM-768:x86_64",
"dependsOn": [
"alg:sha3"
],
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-1024-ipd:generic",
+ "ref": "alg:ML-KEM-1024:generic",
"dependsOn": [
"alg:sha3"
],
"dependencyType": "uses"
},
{
- "ref": "alg:ML-KEM-1024-ipd:x86_64",
+ "ref": "alg:ML-KEM-1024:x86_64",
"dependsOn": [
"alg:sha3"
],
diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml
index 12cfec79b..216a99ae1 100644
--- a/scripts/copy_from_upstream/copy_from_upstream.yml
+++ b/scripts/copy_from_upstream/copy_from_upstream.yml
@@ -32,11 +32,11 @@ upstreams:
-
name: pqcrystals-kyber-standard
git_url: https://github.com/pq-crystals/kyber.git
- git_branch: standard
- git_commit: d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
+ git_branch: main
+ git_commit: 10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd
kem_meta_path: '{pretty_name_full}_META.yml'
kem_scheme_path: '.'
- patches: [pqcrystals-ml_kem_ipd.patch]
+ patches: [pqcrystals-ml_kem.patch]
-
name: pqcrystals-dilithium
git_url: https://github.com/pq-crystals/dilithium.git
@@ -161,22 +161,19 @@ kems:
upstream_location: pqcrystals-kyber-standard
schemes:
-
- scheme: "512_ipd"
- pqclean_scheme: ml-kem-512-ipd
- pretty_name_full: ML-KEM-512-ipd
- alias_scheme: "512"
+ scheme: "512"
+ pqclean_scheme: ml-kem-512
+ pretty_name_full: ML-KEM-512
alias_pretty_name_full: ML-KEM-512
-
- scheme: "768_ipd"
- pqclean_scheme: ml-kem-768-ipd
- pretty_name_full: ML-KEM-768-ipd
- alias_scheme: "768"
+ scheme: "768"
+ pqclean_scheme: ml-kem-768
+ pretty_name_full: ML-KEM-768
alias_pretty_name_full: ML-KEM-768
-
- scheme: "1024_ipd"
- pqclean_scheme: ml-kem-1024-ipd
- pretty_name_full: ML-KEM-1024-ipd
- alias_scheme: "1024"
+ scheme: "1024"
+ pqclean_scheme: ml-kem-1024
+ pretty_name_full: ML-KEM-1024
alias_pretty_name_full: ML-KEM-1024
sigs:
-
diff --git a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch b/scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch
similarity index 86%
rename from scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch
rename to scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch
index ba138bf3c..952f0db5a 100644
--- a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch
+++ b/scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch
@@ -1,10 +1,13 @@
-diff --git a/Kyber1024_META.yml b/ML-KEM-1024-ipd_META.yml
-index baa5ca3..ffafcf0 100644
+diff --git a/Kyber1024_META.yml b/ML-KEM-1024_META.yml
+similarity index 55%
+rename from Kyber1024_META.yml
+rename to ML-KEM-1024_META.yml
+index baa5ca3..fdfc298 100644
--- a/Kyber1024_META.yml
-+++ b/ML-KEM-1024-ipd_META.yml
++++ b/ML-KEM-1024_META.yml
@@ -1,4 +1,4 @@
-name: Kyber1024
-+name: ML-KEM-1024-ipd
++name: ML-KEM-1024
type: kem
claimed-nist-level: 5
claimed-security: IND-CCA2
@@ -14,7 +17,7 @@ index baa5ca3..ffafcf0 100644
length-shared-secret: 32
-nistkat-sha256: 5afcf2a568ad32d49b55105b032af1850f03f3888ff9e2a72f4059c58e968f60
-testvectors-sha256: ff1a854b9b6761a70c65ccae85246fe0596a949e72eae0866a8a2a2d4ea54b10
-+nistkat-sha256: 03d6494b74c45d010e61b0328c1ab318c4df3b7f9dbd04d0e35b3468848584b7
++nistkat-sha256: f580d851e5fb27e6876e5e203fa18be4cdbfd49e05d48fec3d3992c8f43a13e6
+testvectors-sha256: 85ab251d6e749e6b27507a8a6ec473ba2e8419c1aef87d0cd5ec9903c1bb92df
principal-submitters:
- Peter Schwabe
@@ -32,9 +35,9 @@ index baa5ca3..ffafcf0 100644
- signature_dec: pqcrystals_kyber1024_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
-+ signature_keypair: pqcrystals_ml_kem_1024_ipd_ref_keypair
-+ signature_enc: pqcrystals_ml_kem_1024_ipd_ref_enc
-+ signature_dec: pqcrystals_ml_kem_1024_ipd_ref_dec
++ signature_keypair: pqcrystals_ml_kem_1024_ref_keypair
++ signature_enc: pqcrystals_ml_kem_1024_ref_enc
++ signature_dec: pqcrystals_ml_kem_1024_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
@@ -45,20 +48,23 @@ index baa5ca3..ffafcf0 100644
- signature_dec: pqcrystals_kyber1024_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
-+ signature_keypair: pqcrystals_ml_kem_1024_ipd_avx2_keypair
-+ signature_enc: pqcrystals_ml_kem_1024_ipd_avx2_enc
-+ signature_dec: pqcrystals_ml_kem_1024_ipd_avx2_dec
++ signature_keypair: pqcrystals_ml_kem_1024_avx2_keypair
++ signature_enc: pqcrystals_ml_kem_1024_avx2_enc
++ signature_dec: pqcrystals_ml_kem_1024_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
-diff --git a/Kyber512_META.yml b/ML-KEM-512-ipd_META.yml
-index b251701..d20f0b1 100644
+diff --git a/Kyber512_META.yml b/ML-KEM-512_META.yml
+similarity index 55%
+rename from Kyber512_META.yml
+rename to ML-KEM-512_META.yml
+index b251701..40440a8 100644
--- a/Kyber512_META.yml
-+++ b/ML-KEM-512-ipd_META.yml
++++ b/ML-KEM-512_META.yml
@@ -1,4 +1,4 @@
-name: Kyber512
-+name: ML-KEM-512-ipd
++name: ML-KEM-512
type: kem
claimed-nist-level: 1
claimed-security: IND-CCA2
@@ -68,7 +74,7 @@ index b251701..d20f0b1 100644
length-shared-secret: 32
-nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
-testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85
-+nistkat-sha256: 76aae1fa3f8367522700b22da635a5bc4ced4298edb0eb9947aa3ba60d62676f
++nistkat-sha256: c70041a761e01cd6426fa60e9fd6a4412c2be817386c8d0f3334898082512782
+testvectors-sha256: e1ac6fb45e2511f4170a3527c0c50dcd61336f47113df7a299a61ef8394bd669
principal-submitters:
- Peter Schwabe
@@ -86,9 +92,9 @@ index b251701..d20f0b1 100644
- signature_dec: pqcrystals_kyber512_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
-+ signature_keypair: pqcrystals_ml_kem_512_ipd_ref_keypair
-+ signature_enc: pqcrystals_ml_kem_512_ipd_ref_enc
-+ signature_dec: pqcrystals_ml_kem_512_ipd_ref_dec
++ signature_keypair: pqcrystals_ml_kem_512_ref_keypair
++ signature_enc: pqcrystals_ml_kem_512_ref_enc
++ signature_dec: pqcrystals_ml_kem_512_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/36414d64fc1890ed58d1ca8b1e0cab23635d1ac2
@@ -99,20 +105,23 @@ index b251701..d20f0b1 100644
- signature_dec: pqcrystals_kyber512_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
-+ signature_keypair: pqcrystals_ml_kem_512_ipd_avx2_keypair
-+ signature_enc: pqcrystals_ml_kem_512_ipd_avx2_enc
-+ signature_dec: pqcrystals_ml_kem_512_ipd_avx2_dec
++ signature_keypair: pqcrystals_ml_kem_512_avx2_keypair
++ signature_enc: pqcrystals_ml_kem_512_avx2_enc
++ signature_dec: pqcrystals_ml_kem_512_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
-diff --git a/Kyber768_META.yml b/ML-KEM-768-ipd_META.yml
-index 7a0cc3d..e768cd5 100644
+diff --git a/Kyber768_META.yml b/ML-KEM-768_META.yml
+similarity index 55%
+rename from Kyber768_META.yml
+rename to ML-KEM-768_META.yml
+index 7a0cc3d..4277df3 100644
--- a/Kyber768_META.yml
-+++ b/ML-KEM-768-ipd_META.yml
++++ b/ML-KEM-768_META.yml
@@ -1,4 +1,4 @@
-name: Kyber768
-+name: ML-KEM-768-ipd
++name: ML-KEM-768
type: kem
claimed-nist-level: 3
claimed-security: IND-CCA2
@@ -122,7 +131,7 @@ index 7a0cc3d..e768cd5 100644
length-shared-secret: 32
-nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172
-testvectors-sha256: 667c8ca2ca93729c0df6ff24588460bad1bbdbfb64ece0fe8563852a7ff348c6
-+nistkat-sha256: c7e76b4b30c786b5b70c152a446e7832c1cb42b3816ec048dbeaf7041211b310
++nistkat-sha256: 5352539586b6c3df58be6158a6250aeff402bd73060b0a3de68850ac074c17c3
+testvectors-sha256: 2586721a714c439f6fef26e29ee1c4c67c6207186f810617f278e6ce3e67ea0d
principal-submitters:
- Peter Schwabe
@@ -140,9 +149,9 @@ index 7a0cc3d..e768cd5 100644
- signature_dec: pqcrystals_kyber768_ref_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
- common_dep: common_ref
-+ signature_keypair: pqcrystals_ml_kem_768_ipd_ref_keypair
-+ signature_enc: pqcrystals_ml_kem_768_ipd_ref_enc
-+ signature_dec: pqcrystals_ml_kem_768_ipd_ref_dec
++ signature_keypair: pqcrystals_ml_kem_768_ref_keypair
++ signature_enc: pqcrystals_ml_kem_768_ref_enc
++ signature_dec: pqcrystals_ml_kem_768_ref_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
- name: avx2
- version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
@@ -153,15 +162,15 @@ index 7a0cc3d..e768cd5 100644
- signature_dec: pqcrystals_kyber768_avx2_dec
- sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
- common_dep: common_avx2 common_keccak4x_avx2
-+ signature_keypair: pqcrystals_ml_kem_768_ipd_avx2_keypair
-+ signature_enc: pqcrystals_ml_kem_768_ipd_avx2_enc
-+ signature_dec: pqcrystals_ml_kem_768_ipd_avx2_dec
++ signature_keypair: pqcrystals_ml_kem_768_avx2_keypair
++ signature_enc: pqcrystals_ml_kem_768_avx2_enc
++ signature_dec: pqcrystals_ml_kem_768_avx2_dec
+ sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
supported_platforms:
- architecture: x86_64
operating_systems:
diff --git a/avx2/indcpa.c b/avx2/indcpa.c
-index 4f3b782..572ce49 100644
+index 18b9d08..c4b2b3a 100644
--- a/avx2/indcpa.c
+++ b/avx2/indcpa.c
@@ -175,7 +175,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
@@ -260,26 +269,26 @@ index bc70ebf..fdc688e 100644
#define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber512_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s
++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_avx2_##s
#endif
#elif (KYBER_K == 3)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber768_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s
++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_avx2_##s
#endif
#elif (KYBER_K == 4)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s
++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_avx2_##s
#endif
#else
#error "KYBER_K must be in {2,3,4}"
diff --git a/avx2/poly.c b/avx2/poly.c
-index ab148a2..96bad86 100644
+index 56a5e1e..681fd6d 100644
--- a/avx2/poly.c
+++ b/avx2/poly.c
@@ -2,6 +2,7 @@
@@ -290,7 +299,7 @@ index ab148a2..96bad86 100644
#include "params.h"
#include "poly.h"
#include "ntt.h"
-@@ -412,7 +413,7 @@ void poly_getnoise_eta1_4x(poly *r0,
+@@ -325,7 +326,7 @@ void poly_getnoise_eta1_4x(poly *r0,
{
ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
__m256i f;
@@ -299,7 +308,7 @@ index ab148a2..96bad86 100644
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
-@@ -425,8 +426,10 @@ void poly_getnoise_eta1_4x(poly *r0,
+@@ -338,8 +339,10 @@ void poly_getnoise_eta1_4x(poly *r0,
buf[2].coeffs[32] = nonce2;
buf[3].coeffs[32] = nonce3;
@@ -310,7 +319,7 @@ index ab148a2..96bad86 100644
poly_cbd_eta1(r0, buf[0].vec);
poly_cbd_eta1(r1, buf[1].vec);
-@@ -447,7 +450,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
+@@ -360,7 +363,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
{
ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
__m256i f;
@@ -319,7 +328,7 @@ index ab148a2..96bad86 100644
f = _mm256_loadu_si256((__m256i *)seed);
_mm256_store_si256(buf[0].vec, f);
-@@ -460,8 +463,10 @@ void poly_getnoise_eta1122_4x(poly *r0,
+@@ -373,8 +376,10 @@ void poly_getnoise_eta1122_4x(poly *r0,
buf[2].coeffs[32] = nonce2;
buf[3].coeffs[32] = nonce3;
@@ -348,18 +357,18 @@ index 627b891..e4941f7 100644
uint8_t x,
uint8_t y);
diff --git a/ref/indcpa.c b/ref/indcpa.c
-index 5d74518..4a8b4c8 100644
+index 9a78c09..726cfa9 100644
--- a/ref/indcpa.c
+++ b/ref/indcpa.c
-@@ -164,6 +164,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
- unsigned int buflen, off;
- uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES+2];
+@@ -168,6 +168,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
+ unsigned int buflen;
+ uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES];
xof_state state;
+ xof_init(&state, seed);
for(i=0;i)
+if(OQS_ENABLE_KEM_ml_kem_512)
+ add_library(ml_kem_512_ref OBJECT kem_ml_kem_512.c pqcrystals-kyber-standard_ml-kem-512_ref/cbd.c pqcrystals-kyber-standard_ml-kem-512_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-512_ref/kem.c pqcrystals-kyber-standard_ml-kem-512_ref/ntt.c pqcrystals-kyber-standard_ml-kem-512_ref/poly.c pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512_ref/verify.c)
+ target_compile_options(ml_kem_512_ref PUBLIC -DKYBER_K=2)
+ target_include_directories(ml_kem_512_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512_ref)
+ target_include_directories(ml_kem_512_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_512_ref PUBLIC -DKYBER_K=2)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
-if(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_512_avx2)
- add_library(ml_kem_512_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/verify.c)
- target_include_directories(ml_kem_512_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2)
- target_include_directories(ml_kem_512_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
- target_compile_options(ml_kem_512_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
- target_compile_options(ml_kem_512_ipd_avx2 PUBLIC -DKYBER_K=2)
- set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
+if(OQS_ENABLE_KEM_ml_kem_512_avx2)
+ add_library(ml_kem_512_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-512_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-512_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-512_avx2/consts.c pqcrystals-kyber-standard_ml-kem-512_avx2/fq.S pqcrystals-kyber-standard_ml-kem-512_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-512_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-512_avx2/kem.c pqcrystals-kyber-standard_ml-kem-512_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-512_avx2/poly.c pqcrystals-kyber-standard_ml-kem-512_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-512_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-512_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-512_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512_avx2/verify.c)
+ target_include_directories(ml_kem_512_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512_avx2)
+ target_include_directories(ml_kem_512_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_512_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
+ target_compile_options(ml_kem_512_avx2 PUBLIC -DKYBER_K=2)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
-if(OQS_ENABLE_KEM_ml_kem_768_ipd OR OQS_ENABLE_KEM_ml_kem_768)
- add_library(ml_kem_768_ipd_ref OBJECT kem_ml_kem_768_ipd.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/cbd.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/kem.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/ntt.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/poly.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c)
- target_compile_options(ml_kem_768_ipd_ref PUBLIC -DKYBER_K=3)
- target_include_directories(ml_kem_768_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768-ipd_ref)
- target_include_directories(ml_kem_768_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
- target_compile_options(ml_kem_768_ipd_ref PUBLIC -DKYBER_K=3)
- set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
+if(OQS_ENABLE_KEM_ml_kem_768)
+ add_library(ml_kem_768_ref OBJECT kem_ml_kem_768.c pqcrystals-kyber-standard_ml-kem-768_ref/cbd.c pqcrystals-kyber-standard_ml-kem-768_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-768_ref/kem.c pqcrystals-kyber-standard_ml-kem-768_ref/ntt.c pqcrystals-kyber-standard_ml-kem-768_ref/poly.c pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768_ref/verify.c)
+ target_compile_options(ml_kem_768_ref PUBLIC -DKYBER_K=3)
+ target_include_directories(ml_kem_768_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768_ref)
+ target_include_directories(ml_kem_768_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_768_ref PUBLIC -DKYBER_K=3)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
-if(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_768_avx2)
- add_library(ml_kem_768_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/verify.c)
- target_include_directories(ml_kem_768_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2)
- target_include_directories(ml_kem_768_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
- target_compile_options(ml_kem_768_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
- target_compile_options(ml_kem_768_ipd_avx2 PUBLIC -DKYBER_K=3)
- set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
+if(OQS_ENABLE_KEM_ml_kem_768_avx2)
+ add_library(ml_kem_768_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-768_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-768_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-768_avx2/consts.c pqcrystals-kyber-standard_ml-kem-768_avx2/fq.S pqcrystals-kyber-standard_ml-kem-768_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-768_avx2/kem.c pqcrystals-kyber-standard_ml-kem-768_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-768_avx2/poly.c pqcrystals-kyber-standard_ml-kem-768_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-768_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-768_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-768_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768_avx2/verify.c)
+ target_include_directories(ml_kem_768_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768_avx2)
+ target_include_directories(ml_kem_768_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_768_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
+ target_compile_options(ml_kem_768_avx2 PUBLIC -DKYBER_K=3)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
-if(OQS_ENABLE_KEM_ml_kem_1024_ipd OR OQS_ENABLE_KEM_ml_kem_1024)
- add_library(ml_kem_1024_ipd_ref OBJECT kem_ml_kem_1024_ipd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/cbd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/kem.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/ntt.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/poly.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c)
- target_compile_options(ml_kem_1024_ipd_ref PUBLIC -DKYBER_K=4)
- target_include_directories(ml_kem_1024_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref)
- target_include_directories(ml_kem_1024_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
- target_compile_options(ml_kem_1024_ipd_ref PUBLIC -DKYBER_K=4)
- set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
+if(OQS_ENABLE_KEM_ml_kem_1024)
+ add_library(ml_kem_1024_ref OBJECT kem_ml_kem_1024.c pqcrystals-kyber-standard_ml-kem-1024_ref/cbd.c pqcrystals-kyber-standard_ml-kem-1024_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-1024_ref/kem.c pqcrystals-kyber-standard_ml-kem-1024_ref/ntt.c pqcrystals-kyber-standard_ml-kem-1024_ref/poly.c pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c)
+ target_compile_options(ml_kem_1024_ref PUBLIC -DKYBER_K=4)
+ target_include_directories(ml_kem_1024_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024_ref)
+ target_include_directories(ml_kem_1024_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_1024_ref PUBLIC -DKYBER_K=4)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
-if(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_1024_avx2)
- add_library(ml_kem_1024_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/verify.c)
- target_include_directories(ml_kem_1024_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2)
- target_include_directories(ml_kem_1024_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
- target_compile_options(ml_kem_1024_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
- target_compile_options(ml_kem_1024_ipd_avx2 PUBLIC -DKYBER_K=4)
- set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
+if(OQS_ENABLE_KEM_ml_kem_1024_avx2)
+ add_library(ml_kem_1024_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c)
+ target_include_directories(ml_kem_1024_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024_avx2)
+ target_include_directories(ml_kem_1024_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims)
+ target_compile_options(ml_kem_1024_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt )
+ target_compile_options(ml_kem_1024_avx2 PUBLIC -DKYBER_K=4)
+ set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $)
endif()
set(ML_KEM_OBJS ${_ML_KEM_OBJS} PARENT_SCOPE)
diff --git a/src/kem/ml_kem/kem_ml_kem.h b/src/kem/ml_kem/kem_ml_kem.h
index b3e3d99cf..f8383607f 100644
--- a/src/kem/ml_kem/kem_ml_kem.h
+++ b/src/kem/ml_kem/kem_ml_kem.h
@@ -5,64 +5,37 @@
#include
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd) || defined(OQS_ENABLE_KEM_ml_kem_512)
-#define OQS_KEM_ml_kem_512_ipd_length_public_key 800
-#define OQS_KEM_ml_kem_512_ipd_length_secret_key 1632
-#define OQS_KEM_ml_kem_512_ipd_length_ciphertext 768
-#define OQS_KEM_ml_kem_512_ipd_length_shared_secret 32
-OQS_KEM *OQS_KEM_ml_kem_512_ipd_new(void);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_keypair(uint8_t *public_key, uint8_t *secret_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
-
-#define OQS_KEM_ml_kem_512_length_public_key OQS_KEM_ml_kem_512_ipd_length_public_key
-#define OQS_KEM_ml_kem_512_length_secret_key OQS_KEM_ml_kem_512_ipd_length_secret_key
-#define OQS_KEM_ml_kem_512_length_ciphertext OQS_KEM_ml_kem_512_ipd_length_ciphertext
-#define OQS_KEM_ml_kem_512_length_shared_secret OQS_KEM_ml_kem_512_ipd_length_shared_secret
+#if defined(OQS_ENABLE_KEM_ml_kem_512)
+#define OQS_KEM_ml_kem_512_length_public_key 800
+#define OQS_KEM_ml_kem_512_length_secret_key 1632
+#define OQS_KEM_ml_kem_512_length_ciphertext 768
+#define OQS_KEM_ml_kem_512_length_shared_secret 32
OQS_KEM *OQS_KEM_ml_kem_512_new(void);
-#define OQS_KEM_ml_kem_512_keypair OQS_KEM_ml_kem_512_ipd_keypair
-#define OQS_KEM_ml_kem_512_encaps OQS_KEM_ml_kem_512_ipd_encaps
-#define OQS_KEM_ml_kem_512_decaps OQS_KEM_ml_kem_512_ipd_decaps
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
#endif
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd) || defined(OQS_ENABLE_KEM_ml_kem_768)
-#define OQS_KEM_ml_kem_768_ipd_length_public_key 1184
-#define OQS_KEM_ml_kem_768_ipd_length_secret_key 2400
-#define OQS_KEM_ml_kem_768_ipd_length_ciphertext 1088
-#define OQS_KEM_ml_kem_768_ipd_length_shared_secret 32
-OQS_KEM *OQS_KEM_ml_kem_768_ipd_new(void);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_keypair(uint8_t *public_key, uint8_t *secret_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
-
-#define OQS_KEM_ml_kem_768_length_public_key OQS_KEM_ml_kem_768_ipd_length_public_key
-#define OQS_KEM_ml_kem_768_length_secret_key OQS_KEM_ml_kem_768_ipd_length_secret_key
-#define OQS_KEM_ml_kem_768_length_ciphertext OQS_KEM_ml_kem_768_ipd_length_ciphertext
-#define OQS_KEM_ml_kem_768_length_shared_secret OQS_KEM_ml_kem_768_ipd_length_shared_secret
+#if defined(OQS_ENABLE_KEM_ml_kem_768)
+#define OQS_KEM_ml_kem_768_length_public_key 1184
+#define OQS_KEM_ml_kem_768_length_secret_key 2400
+#define OQS_KEM_ml_kem_768_length_ciphertext 1088
+#define OQS_KEM_ml_kem_768_length_shared_secret 32
OQS_KEM *OQS_KEM_ml_kem_768_new(void);
-#define OQS_KEM_ml_kem_768_keypair OQS_KEM_ml_kem_768_ipd_keypair
-#define OQS_KEM_ml_kem_768_encaps OQS_KEM_ml_kem_768_ipd_encaps
-#define OQS_KEM_ml_kem_768_decaps OQS_KEM_ml_kem_768_ipd_decaps
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
#endif
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd) || defined(OQS_ENABLE_KEM_ml_kem_1024)
-#define OQS_KEM_ml_kem_1024_ipd_length_public_key 1568
-#define OQS_KEM_ml_kem_1024_ipd_length_secret_key 3168
-#define OQS_KEM_ml_kem_1024_ipd_length_ciphertext 1568
-#define OQS_KEM_ml_kem_1024_ipd_length_shared_secret 32
-OQS_KEM *OQS_KEM_ml_kem_1024_ipd_new(void);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_keypair(uint8_t *public_key, uint8_t *secret_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
-
-#define OQS_KEM_ml_kem_1024_length_public_key OQS_KEM_ml_kem_1024_ipd_length_public_key
-#define OQS_KEM_ml_kem_1024_length_secret_key OQS_KEM_ml_kem_1024_ipd_length_secret_key
-#define OQS_KEM_ml_kem_1024_length_ciphertext OQS_KEM_ml_kem_1024_ipd_length_ciphertext
-#define OQS_KEM_ml_kem_1024_length_shared_secret OQS_KEM_ml_kem_1024_ipd_length_shared_secret
+#if defined(OQS_ENABLE_KEM_ml_kem_1024)
+#define OQS_KEM_ml_kem_1024_length_public_key 1568
+#define OQS_KEM_ml_kem_1024_length_secret_key 3168
+#define OQS_KEM_ml_kem_1024_length_ciphertext 1568
+#define OQS_KEM_ml_kem_1024_length_shared_secret 32
OQS_KEM *OQS_KEM_ml_kem_1024_new(void);
-#define OQS_KEM_ml_kem_1024_keypair OQS_KEM_ml_kem_1024_ipd_keypair
-#define OQS_KEM_ml_kem_1024_encaps OQS_KEM_ml_kem_1024_ipd_encaps
-#define OQS_KEM_ml_kem_1024_decaps OQS_KEM_ml_kem_1024_ipd_decaps
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key);
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);
#endif
#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_1024.c b/src/kem/ml_kem/kem_ml_kem_1024.c
new file mode 100644
index 000000000..51297a61f
--- /dev/null
+++ b/src/kem/ml_kem/kem_ml_kem_1024.c
@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: MIT
+
+#include
+
+#include
+
+#if defined(OQS_ENABLE_KEM_ml_kem_1024)
+
+OQS_KEM *OQS_KEM_ml_kem_1024_new(void) {
+
+ OQS_KEM *kem = malloc(sizeof(OQS_KEM));
+ if (kem == NULL) {
+ return NULL;
+ }
+ kem->method_name = OQS_KEM_alg_ml_kem_1024;
+ kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
+
+ kem->claimed_nist_level = 5;
+ kem->ind_cca = true;
+
+ kem->length_public_key = OQS_KEM_ml_kem_1024_length_public_key;
+ kem->length_secret_key = OQS_KEM_ml_kem_1024_length_secret_key;
+ kem->length_ciphertext = OQS_KEM_ml_kem_1024_length_ciphertext;
+ kem->length_shared_secret = OQS_KEM_ml_kem_1024_length_shared_secret;
+
+ kem->keypair = OQS_KEM_ml_kem_1024_keypair;
+ kem->encaps = OQS_KEM_ml_kem_1024_encaps;
+ kem->decaps = OQS_KEM_ml_kem_1024_decaps;
+
+ return kem;
+}
+
+extern int pqcrystals_ml_kem_1024_ref_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_1024_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_1024_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+
+#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
+extern int pqcrystals_ml_kem_1024_avx2_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_1024_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_1024_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+#endif
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_keypair(public_key, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_keypair(public_key, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_keypair(public_key, secret_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_enc(ciphertext, shared_secret, public_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_enc(ciphertext, shared_secret, public_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_enc(ciphertext, shared_secret, public_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_dec(shared_secret, ciphertext, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_dec(shared_secret, ciphertext, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_dec(shared_secret, ciphertext, secret_key);
+#endif
+}
+
+#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_1024_ipd.c b/src/kem/ml_kem/kem_ml_kem_1024_ipd.c
deleted file mode 100644
index 7667187f4..000000000
--- a/src/kem/ml_kem/kem_ml_kem_1024_ipd.c
+++ /dev/null
@@ -1,121 +0,0 @@
-// SPDX-License-Identifier: MIT
-
-#include
-
-#include
-
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd) || defined(OQS_ENABLE_KEM_ml_kem_1024)
-
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd)
-
-OQS_KEM *OQS_KEM_ml_kem_1024_ipd_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_1024_ipd;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 5;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_1024_ipd_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_1024_ipd_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_1024_ipd_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_1024_ipd_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_1024_ipd_keypair;
- kem->encaps = OQS_KEM_ml_kem_1024_ipd_encaps;
- kem->decaps = OQS_KEM_ml_kem_1024_ipd_decaps;
-
- return kem;
-}
-#endif
-
-#if defined(OQS_ENABLE_KEM_ml_kem_1024)
-/** Alias */
-OQS_KEM *OQS_KEM_ml_kem_1024_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_1024;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 5;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_1024_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_1024_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_1024_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_1024_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_1024_keypair;
- kem->encaps = OQS_KEM_ml_kem_1024_encaps;
- kem->decaps = OQS_KEM_ml_kem_1024_decaps;
-
- return kem;
-}
-#endif
-
-extern int pqcrystals_ml_kem_1024_ipd_ref_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_1024_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_1024_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
-extern int pqcrystals_ml_kem_1024_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_1024_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_1024_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-#endif
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_keypair(public_key, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_keypair(public_key, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_keypair(public_key, secret_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_enc(ciphertext, shared_secret, public_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_enc(ciphertext, shared_secret, public_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_enc(ciphertext, shared_secret, public_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_dec(shared_secret, ciphertext, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_dec(shared_secret, ciphertext, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_dec(shared_secret, ciphertext, secret_key);
-#endif
-}
-
-#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_512.c b/src/kem/ml_kem/kem_ml_kem_512.c
new file mode 100644
index 000000000..ec1e147c5
--- /dev/null
+++ b/src/kem/ml_kem/kem_ml_kem_512.c
@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: MIT
+
+#include
+
+#include
+
+#if defined(OQS_ENABLE_KEM_ml_kem_512)
+
+OQS_KEM *OQS_KEM_ml_kem_512_new(void) {
+
+ OQS_KEM *kem = malloc(sizeof(OQS_KEM));
+ if (kem == NULL) {
+ return NULL;
+ }
+ kem->method_name = OQS_KEM_alg_ml_kem_512;
+ kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
+
+ kem->claimed_nist_level = 1;
+ kem->ind_cca = true;
+
+ kem->length_public_key = OQS_KEM_ml_kem_512_length_public_key;
+ kem->length_secret_key = OQS_KEM_ml_kem_512_length_secret_key;
+ kem->length_ciphertext = OQS_KEM_ml_kem_512_length_ciphertext;
+ kem->length_shared_secret = OQS_KEM_ml_kem_512_length_shared_secret;
+
+ kem->keypair = OQS_KEM_ml_kem_512_keypair;
+ kem->encaps = OQS_KEM_ml_kem_512_encaps;
+ kem->decaps = OQS_KEM_ml_kem_512_decaps;
+
+ return kem;
+}
+
+extern int pqcrystals_ml_kem_512_ref_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_512_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_512_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+
+#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
+extern int pqcrystals_ml_kem_512_avx2_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_512_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_512_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+#endif
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_keypair(public_key, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_enc(ciphertext, shared_secret, public_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_enc(ciphertext, shared_secret, public_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_enc(ciphertext, shared_secret, public_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_dec(shared_secret, ciphertext, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key);
+#endif
+}
+
+#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_512_ipd.c b/src/kem/ml_kem/kem_ml_kem_512_ipd.c
deleted file mode 100644
index c9cf81663..000000000
--- a/src/kem/ml_kem/kem_ml_kem_512_ipd.c
+++ /dev/null
@@ -1,121 +0,0 @@
-// SPDX-License-Identifier: MIT
-
-#include
-
-#include
-
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd) || defined(OQS_ENABLE_KEM_ml_kem_512)
-
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd)
-
-OQS_KEM *OQS_KEM_ml_kem_512_ipd_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_512_ipd;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 1;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_512_ipd_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_512_ipd_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_512_ipd_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_512_ipd_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_512_ipd_keypair;
- kem->encaps = OQS_KEM_ml_kem_512_ipd_encaps;
- kem->decaps = OQS_KEM_ml_kem_512_ipd_decaps;
-
- return kem;
-}
-#endif
-
-#if defined(OQS_ENABLE_KEM_ml_kem_512)
-/** Alias */
-OQS_KEM *OQS_KEM_ml_kem_512_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_512;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 1;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_512_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_512_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_512_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_512_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_512_keypair;
- kem->encaps = OQS_KEM_ml_kem_512_encaps;
- kem->decaps = OQS_KEM_ml_kem_512_decaps;
-
- return kem;
-}
-#endif
-
-extern int pqcrystals_ml_kem_512_ipd_ref_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_512_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_512_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
-extern int pqcrystals_ml_kem_512_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_512_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_512_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-#endif
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_keypair(public_key, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_keypair(public_key, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_keypair(public_key, secret_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_enc(ciphertext, shared_secret, public_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_enc(ciphertext, shared_secret, public_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_enc(ciphertext, shared_secret, public_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_dec(shared_secret, ciphertext, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_dec(shared_secret, ciphertext, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_dec(shared_secret, ciphertext, secret_key);
-#endif
-}
-
-#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_768.c b/src/kem/ml_kem/kem_ml_kem_768.c
new file mode 100644
index 000000000..789e3ffd7
--- /dev/null
+++ b/src/kem/ml_kem/kem_ml_kem_768.c
@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: MIT
+
+#include
+
+#include
+
+#if defined(OQS_ENABLE_KEM_ml_kem_768)
+
+OQS_KEM *OQS_KEM_ml_kem_768_new(void) {
+
+ OQS_KEM *kem = malloc(sizeof(OQS_KEM));
+ if (kem == NULL) {
+ return NULL;
+ }
+ kem->method_name = OQS_KEM_alg_ml_kem_768;
+ kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
+
+ kem->claimed_nist_level = 3;
+ kem->ind_cca = true;
+
+ kem->length_public_key = OQS_KEM_ml_kem_768_length_public_key;
+ kem->length_secret_key = OQS_KEM_ml_kem_768_length_secret_key;
+ kem->length_ciphertext = OQS_KEM_ml_kem_768_length_ciphertext;
+ kem->length_shared_secret = OQS_KEM_ml_kem_768_length_shared_secret;
+
+ kem->keypair = OQS_KEM_ml_kem_768_keypair;
+ kem->encaps = OQS_KEM_ml_kem_768_encaps;
+ kem->decaps = OQS_KEM_ml_kem_768_decaps;
+
+ return kem;
+}
+
+extern int pqcrystals_ml_kem_768_ref_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_768_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_768_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+
+#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
+extern int pqcrystals_ml_kem_768_avx2_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_768_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+extern int pqcrystals_ml_kem_768_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+#endif
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_keypair(public_key, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_keypair(public_key, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_keypair(public_key, secret_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_enc(ciphertext, shared_secret, public_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_enc(ciphertext, shared_secret, public_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_enc(ciphertext, shared_secret, public_key);
+#endif
+}
+
+OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
+#if defined(OQS_DIST_BUILD)
+ if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
+#endif /* OQS_DIST_BUILD */
+ return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_dec(shared_secret, ciphertext, secret_key);
+#if defined(OQS_DIST_BUILD)
+ } else {
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_dec(shared_secret, ciphertext, secret_key);
+ }
+#endif /* OQS_DIST_BUILD */
+#else
+ return (OQS_STATUS) pqcrystals_ml_kem_768_ref_dec(shared_secret, ciphertext, secret_key);
+#endif
+}
+
+#endif
diff --git a/src/kem/ml_kem/kem_ml_kem_768_ipd.c b/src/kem/ml_kem/kem_ml_kem_768_ipd.c
deleted file mode 100644
index da8ef0883..000000000
--- a/src/kem/ml_kem/kem_ml_kem_768_ipd.c
+++ /dev/null
@@ -1,121 +0,0 @@
-// SPDX-License-Identifier: MIT
-
-#include
-
-#include
-
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd) || defined(OQS_ENABLE_KEM_ml_kem_768)
-
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd)
-
-OQS_KEM *OQS_KEM_ml_kem_768_ipd_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_768_ipd;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 3;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_768_ipd_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_768_ipd_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_768_ipd_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_768_ipd_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_768_ipd_keypair;
- kem->encaps = OQS_KEM_ml_kem_768_ipd_encaps;
- kem->decaps = OQS_KEM_ml_kem_768_ipd_decaps;
-
- return kem;
-}
-#endif
-
-#if defined(OQS_ENABLE_KEM_ml_kem_768)
-/** Alias */
-OQS_KEM *OQS_KEM_ml_kem_768_new(void) {
-
- OQS_KEM *kem = malloc(sizeof(OQS_KEM));
- if (kem == NULL) {
- return NULL;
- }
- kem->method_name = OQS_KEM_alg_ml_kem_768;
- kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard";
-
- kem->claimed_nist_level = 3;
- kem->ind_cca = true;
-
- kem->length_public_key = OQS_KEM_ml_kem_768_length_public_key;
- kem->length_secret_key = OQS_KEM_ml_kem_768_length_secret_key;
- kem->length_ciphertext = OQS_KEM_ml_kem_768_length_ciphertext;
- kem->length_shared_secret = OQS_KEM_ml_kem_768_length_shared_secret;
-
- kem->keypair = OQS_KEM_ml_kem_768_keypair;
- kem->encaps = OQS_KEM_ml_kem_768_encaps;
- kem->decaps = OQS_KEM_ml_kem_768_decaps;
-
- return kem;
-}
-#endif
-
-extern int pqcrystals_ml_kem_768_ipd_ref_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_768_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_768_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
-extern int pqcrystals_ml_kem_768_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk);
-extern int pqcrystals_ml_kem_768_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-extern int pqcrystals_ml_kem_768_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-#endif
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_keypair(public_key, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_keypair(public_key, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_keypair(public_key, secret_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_enc(ciphertext, shared_secret, public_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_enc(ciphertext, shared_secret, public_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_enc(ciphertext, shared_secret, public_key);
-#endif
-}
-
-OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
-#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2)
-#if defined(OQS_DIST_BUILD)
- if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
-#endif /* OQS_DIST_BUILD */
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_dec(shared_secret, ciphertext, secret_key);
-#if defined(OQS_DIST_BUILD)
- } else {
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_dec(shared_secret, ciphertext, secret_key);
- }
-#endif /* OQS_DIST_BUILD */
-#else
- return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_dec(shared_secret, ciphertext, secret_key);
-#endif
-}
-
-#endif
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/LICENSE b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/LICENSE
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/LICENSE
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/LICENSE
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/align.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/align.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/align.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/align.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/api.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/api.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/api.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/api.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.inc b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.inc
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.inc
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.inc
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/indcpa.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c
similarity index 99%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/indcpa.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c
index 572ce4900..c4b2b3a89 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/indcpa.c
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c
@@ -440,7 +440,9 @@ void indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
polyvec a[KYBER_K], e, pkpv, skpv;
- hash_g(buf, coins, KYBER_SYMBYTES);
+ memcpy(buf, coins, KYBER_SYMBYTES);
+ buf[KYBER_SYMBYTES] = KYBER_K;
+ hash_g(buf, buf, KYBER_SYMBYTES+1);
gen_a(a, publicseed);
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/params.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h
similarity index 90%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/params.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h
index fdc688ea2..ecfabce4a 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/params.h
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h
@@ -12,19 +12,19 @@
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_avx2_##s
#endif
#elif (KYBER_K == 3)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_avx2_##s
#endif
#elif (KYBER_K == 4)
#ifdef KYBER_90S
#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s
#else
-#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s
+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_avx2_##s
#endif
#else
#error "KYBER_K must be in {2,3,4}"
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/reduce.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/reduce.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/reduce.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.inc b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.inc
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.inc
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.inc
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c
similarity index 83%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/verify.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c
index aa8e2850b..06243b837 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/verify.c
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c
@@ -57,6 +57,16 @@ void cmov(uint8_t * restrict r, const uint8_t *x, size_t len, uint8_t b)
size_t i;
__m256i xvec, rvec, bvec;
+#if defined(__GNUC__) || defined(__clang__)
+ // Prevent the compiler from
+ // 1) inferring that b is 0/1-valued, and
+ // 2) handling the two cases with a branch.
+ // This is not necessary when verify.c and kem.c are separate translation
+ // units, but we expect that downstream consumers will copy this code and/or
+ // change how it is built.
+ __asm__("" : "+r"(b) : /* no inputs */);
+#endif
+
bvec = _mm256_set1_epi64x(-(uint64_t)b);
for(i=0;i>= 31;
t[k] = d0 & 0x7ff;
-
}
r[ 0] = (t[0] >> 0);
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c
similarity index 82%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c
index aad03b029..914ccd448 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c
@@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;
+#if defined(__GNUC__) || defined(__clang__)
+ // Prevent the compiler from
+ // 1) inferring that b is 0/1-valued, and
+ // 2) handling the two cases with a branch.
+ // This is not necessary when verify.c and kem.c are separate translation
+ // units, but we expect that downstream consumers will copy this code and/or
+ // change how it is built.
+ __asm__("" : "+r"(b) : /* no inputs */);
+#endif
+
b = -b;
for(i=0;i>= 31;
t[k] = d0 & 0x7ff;
-
}
r[ 0] = (t[0] >> 0);
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/polyvec.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric-shake.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c
similarity index 82%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c
index aad03b029..914ccd448 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c
@@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;
+#if defined(__GNUC__) || defined(__clang__)
+ // Prevent the compiler from
+ // 1) inferring that b is 0/1-valued, and
+ // 2) handling the two cases with a branch.
+ // This is not necessary when verify.c and kem.c are separate translation
+ // units, but we expect that downstream consumers will copy this code and/or
+ // change how it is built.
+ __asm__("" : "+r"(b) : /* no inputs */);
+#endif
+
b = -b;
for(i=0;i>= 31;
t[k] = d0 & 0x7ff;
-
}
r[ 0] = (t[0] >> 0);
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric.h
similarity index 100%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric.h
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric.h
diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c
similarity index 82%
rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c
rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c
index aad03b029..914ccd448 100644
--- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c
+++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c
@@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;
+#if defined(__GNUC__) || defined(__clang__)
+ // Prevent the compiler from
+ // 1) inferring that b is 0/1-valued, and
+ // 2) handling the two cases with a branch.
+ // This is not necessary when verify.c and kem.c are separate translation
+ // units, but we expect that downstream consumers will copy this code and/or
+ // change how it is built.
+ __asm__("" : "+r"(b) : /* no inputs */);
+#endif
+
b = -b;
for(i=0;i
#include
@@ -20,15 +20,6 @@ struct {
.pos = 0
};
-/* Displays hexadecimal strings */
-static void OQS_print_hex_string(const char *label, const uint8_t *str, size_t len) {
- printf("%-20s (%4zu bytes): ", label, len);
- for (size_t i = 0; i < (len); i++) {
- printf("%02X", str[i]);
- }
- printf("\n");
-}
-
static void fprintBstr(FILE *fp, const char *S, const uint8_t *A, size_t L) {
size_t i;
fprintf(fp, "%s", S);
@@ -69,10 +60,7 @@ static void hexStringToByteArray(const char *hexString, uint8_t *byteArray) {
/* HQC-specific functions */
static inline bool is_ml_kem(const char *method_name) {
- return (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512_ipd))
- || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_768_ipd))
- || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_1024_ipd))
- || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512))
+ return (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512))
|| (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_768))
|| (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_1024));
}
@@ -91,21 +79,16 @@ static void MLKEM_randombytes_free(void) {
prng_state.pos = 0;
}
-OQS_STATUS kem_vector(const char *method_name,
- uint8_t *prng_output_stream,
- const uint8_t *encaps_pk, const uint8_t *encaps_K,
- const uint8_t *decaps_sk, const uint8_t *decaps_ciphertext, const uint8_t *decaps_kprime) {
+static OQS_STATUS kem_kg_vector(const char *method_name,
+ uint8_t *prng_output_stream,
+ const uint8_t *kg_pk, const uint8_t *kg_sk) {
uint8_t *entropy_input;
FILE *fh = NULL;
OQS_KEM *kem = NULL;
uint8_t *public_key = NULL;
uint8_t *secret_key = NULL;
- uint8_t *ss_encaps = NULL;
- uint8_t *ct_encaps = NULL;
- uint8_t *ss_decaps = NULL;
OQS_STATUS rc, ret = OQS_ERROR;
- int rv;
void (*randombytes_init)(const uint8_t *, const uint8_t *) = NULL;
void (*randombytes_free)(void) = NULL;
@@ -122,7 +105,7 @@ OQS_STATUS kem_vector(const char *method_name,
randombytes_free = &MLKEM_randombytes_free;
entropy_input = (uint8_t *) prng_output_stream;
} else {
- // Only ML-KEM-ipd supported
+ // Only ML-KEM supported
goto err;
}
@@ -132,15 +115,13 @@ OQS_STATUS kem_vector(const char *method_name,
public_key = malloc(kem->length_public_key);
secret_key = malloc(kem->length_secret_key);
- ss_encaps = malloc(kem->length_shared_secret);
- ct_encaps = malloc(kem->length_ciphertext);
- ss_decaps = malloc(kem->length_shared_secret);
- if ((public_key == NULL) || (secret_key == NULL) || (ss_encaps == NULL) || (ct_encaps == NULL) || (ss_decaps == NULL)) {
+
+ if ((public_key == NULL) || (secret_key == NULL)) {
fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name);
goto err;
}
- if ((prng_output_stream == NULL) || (encaps_pk == NULL) || (encaps_K == NULL) || (decaps_sk == NULL) || (decaps_ciphertext == NULL) || (decaps_kprime == NULL)) {
+ if ((prng_output_stream == NULL) || (kg_pk == NULL) || (kg_sk == NULL)) {
fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name);
goto err;
}
@@ -153,29 +134,12 @@ OQS_STATUS kem_vector(const char *method_name,
fprintBstr(fh, "ek: ", public_key, kem->length_public_key);
fprintBstr(fh, "dk: ", secret_key, kem->length_secret_key);
- rc = OQS_KEM_encaps(kem, ct_encaps, ss_encaps, encaps_pk);
- if (rc != OQS_SUCCESS) {
- fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name);
- goto err;
+ if (!memcmp(public_key, kg_pk, kem->length_public_key) && !memcmp(secret_key, kg_sk, kem->length_secret_key)) {
+ ret = OQS_SUCCESS;
+ } else {
+ ret = OQS_ERROR;
+ fprintf(stderr, "[vectors_kem] %s ERROR: public key or private key doesn't match!\n", method_name);
}
-
- fprintBstr(fh, "c: ", ct_encaps, kem->length_ciphertext);
- fprintBstr(fh, "K: ", ss_encaps, kem->length_shared_secret);
-
- rc = OQS_KEM_decaps(kem, ss_decaps, decaps_ciphertext, decaps_sk);
- if (rc != OQS_SUCCESS) {
- fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_decaps failed!\n", method_name);
- goto err;
- }
-
- rv = memcmp(ss_decaps, decaps_kprime, kem->length_shared_secret);
- if (rv != 0) {
- fprintf(stderr, "[vectors_kem] %s ERROR: shared secrets are not equal\n", method_name);
- OQS_print_hex_string("ss_decaps", ss_decaps, kem->length_shared_secret);
- goto err;
- }
-
- ret = OQS_SUCCESS;
goto cleanup;
err:
@@ -188,26 +152,166 @@ algo_not_enabled:
cleanup:
if (kem != NULL) {
OQS_MEM_secure_free(secret_key, kem->length_secret_key);
- OQS_MEM_secure_free(ss_encaps, kem->length_shared_secret);
- OQS_MEM_secure_free(ss_decaps, kem->length_shared_secret);
}
if (randombytes_free != NULL) {
randombytes_free();
}
OQS_MEM_insecure_free(public_key);
+ OQS_KEM_free(kem);
+ return ret;
+}
+
+static OQS_STATUS kem_vector_encdec_aft(const char *method_name,
+ uint8_t *prng_output_stream,
+ const uint8_t *encdec_pk,
+ const uint8_t *encdec_k, const uint8_t *encdec_c) {
+
+ uint8_t *entropy_input;
+ FILE *fh = NULL;
+ OQS_KEM *kem = NULL;
+ uint8_t *ss_encaps = NULL;
+ uint8_t *ct_encaps = NULL;
+ OQS_STATUS rc, ret = OQS_ERROR;
+
+ void (*randombytes_init)(const uint8_t *, const uint8_t *) = NULL;
+ void (*randombytes_free)(void) = NULL;
+
+ kem = OQS_KEM_new(method_name);
+ if (kem == NULL) {
+ printf("[vectors_kem] %s was not enabled at compile-time.\n", method_name);
+ goto algo_not_enabled;
+ }
+
+ if (is_ml_kem(method_name)) {
+ OQS_randombytes_custom_algorithm(&MLKEM_randombytes);
+ randombytes_init = &MLKEM_randombytes_init;
+ randombytes_free = &MLKEM_randombytes_free;
+ entropy_input = (uint8_t *) prng_output_stream;
+ } else {
+ // Only ML-KEM supported
+ goto err;
+ }
+
+ randombytes_init(entropy_input, NULL);
+
+ fh = stdout;
+
+ ss_encaps = malloc(kem->length_shared_secret);
+ ct_encaps = malloc(kem->length_ciphertext);
+ if ((ss_encaps == NULL) || (ct_encaps == NULL)) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name);
+ goto err;
+ }
+
+ if ((prng_output_stream == NULL) || (encdec_pk == NULL) || (encdec_k == NULL) || (encdec_c == NULL)) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name);
+ goto err;
+ }
+
+ rc = OQS_KEM_encaps(kem, ct_encaps, ss_encaps, encdec_pk);
+ if (rc != OQS_SUCCESS) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name);
+ goto err;
+ }
+
+ fprintBstr(fh, "c: ", ct_encaps, kem->length_ciphertext);
+ fprintBstr(fh, "k: ", ss_encaps, kem->length_shared_secret);
+
+ if (!memcmp(ct_encaps, encdec_c, kem->length_ciphertext) && !memcmp(ss_encaps, encdec_k, kem->length_shared_secret)) {
+ ret = OQS_SUCCESS;
+ } else {
+ ret = OQS_ERROR;
+ fprintf(stderr, "[vectors_kem] %s ERROR (AFT): ciphertext or shared secret doesn't match!\n", method_name);
+ }
+
+ goto cleanup;
+
+err:
+ ret = OQS_ERROR;
+ goto cleanup;
+
+algo_not_enabled:
+ ret = OQS_SUCCESS;
+
+cleanup:
+ if (kem != NULL) {
+ OQS_MEM_secure_free(ss_encaps, kem->length_shared_secret);
+ }
+ if (randombytes_free != NULL) {
+ randombytes_free();
+ }
OQS_MEM_insecure_free(ct_encaps);
OQS_KEM_free(kem);
return ret;
}
+static OQS_STATUS kem_vector_encdec_val(const char *method_name,
+ const uint8_t *encdec_sk, const uint8_t *encdec_c,
+ const uint8_t *encdec_k) {
+ FILE *fh = NULL;
+ OQS_KEM *kem = NULL;
+ uint8_t *ss_decaps = NULL;
+ OQS_STATUS rc, ret = OQS_ERROR;
+
+ kem = OQS_KEM_new(method_name);
+ if (kem == NULL) {
+ printf("[vectors_kem] %s was not enabled at compile-time.\n", method_name);
+ goto algo_not_enabled;
+ }
+
+ fh = stdout;
+
+ ss_decaps = malloc(kem->length_shared_secret);
+
+ if (ss_decaps == NULL) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name);
+ goto err;
+ }
+
+ if ((encdec_sk == NULL) || (encdec_k == NULL) || (encdec_c == NULL)) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name);
+ goto err;
+ }
+
+ rc = OQS_KEM_decaps(kem, ss_decaps, encdec_c, encdec_sk);
+ if (rc != OQS_SUCCESS) {
+ fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name);
+ goto err;
+ }
+
+ fprintBstr(fh, "k: ", ss_decaps, kem->length_shared_secret);
+
+ if (!memcmp(ss_decaps, encdec_k, kem->length_shared_secret)) {
+ ret = OQS_SUCCESS;
+ } else {
+ ret = OQS_ERROR;
+ fprintf(stderr, "[vectors_kem] %s ERROR (AFT): ciphertext or shared secret doesn't match!\n", method_name);
+ }
+
+ goto cleanup;
+
+err:
+ ret = OQS_ERROR;
+ goto cleanup;
+
+algo_not_enabled:
+ ret = OQS_SUCCESS;
+
+cleanup:
+ if (kem != NULL) {
+ OQS_MEM_secure_free(ss_decaps, kem->length_shared_secret);
+ }
+ OQS_KEM_free(kem);
+ return ret;
+}
+
int main(int argc, char **argv) {
- OQS_STATUS rc;
+ OQS_STATUS rc = OQS_SUCCESS;
OQS_init();
- if (argc != 8) {
- fprintf(stderr, "Usage: vectors_kem algname prng_output_stream encaps_pk encaps_K decaps_sk decaps_ciphertext decaps_kprime\n");
- fprintf(stderr, " algname: ");
+ if (argc != 6 && argc != 7) {
+ fprintf(stderr, "Usage: vectors_kem algname testname [testargs]\n");
for (size_t i = 0; i < OQS_KEM_algs_length; i++) {
if (i > 0) {
fprintf(stderr, ", ");
@@ -222,21 +326,29 @@ int main(int argc, char **argv) {
}
char *alg_name = argv[1];
- char *prng_output_stream = argv[2]; // d || z || m
+ char *test_name = argv[2];
+ char *prng_output_stream;
+ char *kg_pk;
+ char *kg_sk;
+ char *encdec_aft_pk;
+ char *encdec_aft_k;
+ char *encdec_aft_c;
- char *encaps_pk = argv[3];
- char *encaps_K = argv[4];
-
- char *decaps_sk = argv[5];
- char *decaps_ciphertext = argv[6];
- char *decaps_kprime = argv[7];
+ char *encdec_val_sk;
+ char *encdec_val_k;
+ char *encdec_val_c;
uint8_t *prng_output_stream_bytes = NULL;
- uint8_t *encaps_pk_bytes = NULL;
- uint8_t *encaps_K_bytes = NULL;
- uint8_t *decaps_sk_bytes = NULL;
- uint8_t *decaps_ciphertext_bytes = NULL;
- uint8_t *decaps_kprime_bytes = NULL;
+ uint8_t *kg_pk_bytes = NULL;
+ uint8_t *kg_sk_bytes = NULL;
+
+ uint8_t *encdec_aft_pk_bytes = NULL;
+ uint8_t *encdec_aft_k_bytes = NULL;
+ uint8_t *encdec_aft_c_bytes = NULL;
+
+ uint8_t *encdec_val_sk_bytes = NULL;
+ uint8_t *encdec_val_k_bytes = NULL;
+ uint8_t *encdec_val_c_bytes = NULL;
OQS_KEM *kem = OQS_KEM_new(alg_name);
if (kem == NULL) {
@@ -245,45 +357,108 @@ int main(int argc, char **argv) {
goto err;
}
- if (strlen(prng_output_stream) % 2 != 0 ||
- strlen(encaps_pk) != 2 * kem->length_public_key ||
- strlen(encaps_K) != 2 * kem->length_shared_secret ||
- strlen(decaps_sk) != 2 * kem->length_secret_key ||
- strlen(decaps_ciphertext) != 2 * kem->length_ciphertext ||
- strlen(decaps_kprime) != 2 * kem->length_shared_secret ) {
- rc = OQS_ERROR;
- goto err;
+ if (!strcmp(test_name, "keyGen")) {
+ prng_output_stream = argv[3]; // d || z
+ kg_pk = argv[4];
+ kg_sk = argv[5];
+
+ if (strlen(prng_output_stream) % 2 != 0 ||
+ strlen(kg_pk) != 2 * kem->length_public_key ||
+ strlen(kg_sk) != 2 * kem->length_secret_key) {
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2);
+ kg_pk_bytes = malloc(kem->length_public_key);
+ kg_sk_bytes = malloc(kem->length_secret_key);
+
+ if ((prng_output_stream_bytes == NULL) || (kg_pk_bytes == NULL) || (kg_sk_bytes == NULL)) {
+ fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n");
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ hexStringToByteArray(prng_output_stream, prng_output_stream_bytes);
+ hexStringToByteArray(kg_pk, kg_pk_bytes);
+ hexStringToByteArray(kg_sk, kg_sk_bytes);
+
+
+ rc = kem_kg_vector(alg_name, prng_output_stream_bytes, kg_pk_bytes, kg_sk_bytes);
+ } else if (!strcmp(test_name, "encDecAFT")) {
+ prng_output_stream = argv[3]; // m
+ encdec_aft_pk = argv[4];
+ encdec_aft_k = argv[5];
+ encdec_aft_c = argv[6];
+
+ if (strlen(prng_output_stream) % 2 != 0 ||
+ strlen(encdec_aft_c) != 2 * kem->length_ciphertext ||
+ strlen(encdec_aft_k) != 2 * kem->length_shared_secret ||
+ strlen(encdec_aft_pk) != 2 * kem->length_public_key) {
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2);
+ encdec_aft_pk_bytes = malloc(kem->length_public_key);
+ encdec_aft_k_bytes = malloc(kem->length_shared_secret);
+ encdec_aft_c_bytes = malloc(kem->length_ciphertext);
+
+ if ((prng_output_stream_bytes == NULL) || (encdec_aft_pk_bytes == NULL) || (encdec_aft_k_bytes == NULL) || (encdec_aft_c_bytes == NULL)) {
+ fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n");
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ hexStringToByteArray(prng_output_stream, prng_output_stream_bytes);
+ hexStringToByteArray(encdec_aft_pk, encdec_aft_pk_bytes);
+ hexStringToByteArray(encdec_aft_k, encdec_aft_k_bytes);
+ hexStringToByteArray(encdec_aft_c, encdec_aft_c_bytes);
+
+ rc = kem_vector_encdec_aft(alg_name, prng_output_stream_bytes, encdec_aft_pk_bytes, encdec_aft_k_bytes, encdec_aft_c_bytes);
+ } else if (!strcmp(test_name, "encDecVAL")) {
+ encdec_val_sk = argv[3];
+ encdec_val_k = argv[4];
+ encdec_val_c = argv[5];
+
+ if (strlen(encdec_val_c) != 2 * kem->length_ciphertext ||
+ strlen(encdec_val_k) != 2 * kem->length_shared_secret ||
+ strlen(encdec_val_sk) != 2 * kem->length_secret_key) {
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ encdec_val_sk_bytes = malloc(kem->length_secret_key);
+ encdec_val_k_bytes = malloc(kem->length_shared_secret);
+ encdec_val_c_bytes = malloc(kem->length_ciphertext);
+
+ if ((encdec_val_sk_bytes == NULL) || (encdec_val_k_bytes == NULL) || (encdec_val_c_bytes == NULL)) {
+ fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n");
+ rc = OQS_ERROR;
+ goto err;
+ }
+
+ hexStringToByteArray(encdec_val_sk, encdec_val_sk_bytes);
+ hexStringToByteArray(encdec_val_k, encdec_val_k_bytes);
+ hexStringToByteArray(encdec_val_c, encdec_val_c_bytes);
+
+ rc = kem_vector_encdec_val(alg_name, encdec_val_sk_bytes, encdec_val_c_bytes, encdec_val_k_bytes);
+ } else {
+ printf("[vectors_kem] %s only keyGen supported!\n", alg_name);
}
- prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2);
- encaps_pk_bytes = malloc(kem->length_public_key);
- encaps_K_bytes = malloc(kem->length_shared_secret);
- decaps_sk_bytes = malloc(kem->length_secret_key);
- decaps_ciphertext_bytes = malloc(kem->length_ciphertext);
- decaps_kprime_bytes = malloc(kem->length_shared_secret);
-
- if ((prng_output_stream_bytes == NULL) || (encaps_pk_bytes == NULL) || (encaps_K_bytes == NULL) || (decaps_sk_bytes == NULL) || (decaps_ciphertext_bytes == NULL) || (decaps_kprime_bytes == NULL)) {
- fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n");
- rc = OQS_ERROR;
- goto err;
- }
-
- hexStringToByteArray(prng_output_stream, prng_output_stream_bytes);
- hexStringToByteArray(encaps_pk, encaps_pk_bytes);
- hexStringToByteArray(encaps_K, encaps_K_bytes);
- hexStringToByteArray(decaps_sk, decaps_sk_bytes);
- hexStringToByteArray(decaps_ciphertext, decaps_ciphertext_bytes);
- hexStringToByteArray(decaps_kprime, decaps_kprime_bytes);
-
- rc = kem_vector(alg_name, prng_output_stream_bytes, encaps_pk_bytes, encaps_K_bytes, decaps_sk_bytes, decaps_ciphertext_bytes, decaps_kprime_bytes);
-
err:
OQS_MEM_insecure_free(prng_output_stream_bytes);
- OQS_MEM_insecure_free(encaps_pk_bytes);
- OQS_MEM_insecure_free(encaps_K_bytes);
- OQS_MEM_insecure_free(decaps_sk_bytes);
- OQS_MEM_insecure_free(decaps_ciphertext_bytes);
- OQS_MEM_insecure_free(decaps_kprime_bytes);
+ OQS_MEM_insecure_free(kg_pk_bytes);
+ OQS_MEM_insecure_free(kg_sk_bytes);
+
+ OQS_MEM_insecure_free(encdec_aft_c_bytes);
+ OQS_MEM_insecure_free(encdec_aft_k_bytes);
+ OQS_MEM_insecure_free(encdec_aft_pk_bytes);
+
+ OQS_MEM_insecure_free(encdec_val_c_bytes);
+ OQS_MEM_insecure_free(encdec_val_k_bytes);
+ OQS_MEM_insecure_free(encdec_val_sk_bytes);
OQS_KEM_free(kem);