From 9901a286cac06f6f9513baa8e2b800bd45b8e131 Mon Sep 17 00:00:00 2001 From: Loganaden Velvindron Date: Tue, 20 Aug 2024 17:13:44 +0400 Subject: [PATCH 1/8] Use explicit_memset if available. NetBSD has support for it: (#1872) https://man.netbsd.org/NetBSD-10.0/explicit_memset.3 Work done together with Ritesh Gomind & Ali Koheeallee from University of Mauritius RICRG while porting liboqs to NetBSD. Signed-off-by: Loganaden Velvindron --- src/common/CMakeLists.txt | 8 +++++++- src/common/common.c | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 958375fc0..3ef653574 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -131,8 +131,9 @@ if(CMAKE_HAVE_MEMALIGN) target_compile_definitions(internal PRIVATE OQS_HAVE_MEMALIGN) endif() -# check if explicit_bzero exists or memset_s +# check if explicit_bzero, or explicit_memset exists or memset_s check_symbol_exists(explicit_bzero string.h CMAKE_HAVE_EXPLICIT_BZERO) +check_symbol_exists(explicit_memset string.h CMAKE_HAVE_EXPLICIT_MEMSET) check_symbol_exists(memset_s string.h CMAKE_HAVE_MEMSET_S) if(CMAKE_HAVE_EXPLICIT_BZERO) @@ -140,6 +141,11 @@ if(CMAKE_HAVE_EXPLICIT_BZERO) target_compile_definitions(internal PRIVATE OQS_HAVE_EXPLICIT_BZERO) endif() +if(CMAKE_HAVE_EXPLICIT_MEMSET) + target_compile_definitions(common PRIVATE OQS_HAVE_EXPLICIT_MEMSET) + target_compile_definitions(internal PRIVATE OQS_HAVE_EXPLICIT_MEMSET) +endif() + if(CMAKE_HAVE_MEMSET_S) target_compile_definitions(common PRIVATE OQS_HAVE_MEMSET_S) target_compile_definitions(internal PRIVATE OQS_HAVE_MEMSET_S) diff --git a/src/common/common.c b/src/common/common.c index f0044fe9b..ee7b19f70 100644 --- a/src/common/common.c +++ b/src/common/common.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 AND MIT -#if !defined(OQS_USE_OPENSSL) && !defined(_WIN32) && !defined(OQS_HAVE_EXPLICIT_BZERO) +#if !defined(OQS_USE_OPENSSL) && !defined(_WIN32) && !defined(OQS_HAVE_EXPLICIT_BZERO) && !defined(OQS_HAVE_EXPLICIT_MEMSET) // Request memset_s #define __STDC_WANT_LIB_EXT1__ 1 #endif @@ -262,6 +262,8 @@ OQS_API void OQS_MEM_cleanse(void *ptr, size_t len) { SecureZeroMemory(ptr, len); #elif defined(OQS_HAVE_EXPLICIT_BZERO) explicit_bzero(ptr, len); +#elif defined(OQS_HAVE_EXPLICIT_MEMSET) + explicit_memset(ptr, 0, len); #elif defined(__STDC_LIB_EXT1__) || defined(OQS_HAVE_MEMSET_S) if (0U < len && memset_s(ptr, (rsize_t)len, 0, (rsize_t)len) != 0) { abort(); From 6a24482eaca77b5b1ffb2f2ae4b76ce0fad66927 Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 22 Aug 2024 13:14:07 +0200 Subject: [PATCH 2/8] Disable erroring TravisCI build (#1901) Signed-off-by: Basil Hess --- .travis.yml | 21 --------------------- README.md | 2 -- 2 files changed, 23 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index f16d17c0b..000000000 --- a/.travis.yml +++ /dev/null @@ -1,21 +0,0 @@ -language: c -before_script: - - sudo apt update && sudo apt -y install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz valgrind -jobs: - include: - - arch: ppc64le # The IBM Power LXD container based build for OSS only - os: linux # required for arch different than amd64 - dist: focal # or bionic | xenial with xenial as default - compiler: gcc - if: NOT branch =~ /^ghactionsonly-/ - script: - - mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja - - cd build & ninja run_tests - - arch: s390x - os: linux - dist: focal - compiler: gcc - if: NOT branch =~ /^ghactionsonly-/ - script: - - mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja - - cd build & ninja run_tests diff --git a/README.md b/README.md index 7637b770b..f207046b4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -![Travis Build Status](https://img.shields.io/travis/com/open-quantum-safe/liboqs?logo=travis&label=travis%20ci) - liboqs ====================== From 66f713f5508badd86a2ebe72ade0fda1f4912497 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Thu, 22 Aug 2024 09:51:54 -0400 Subject: [PATCH 3/8] Update OpenSSH downstream branch to OQS-v9 (#1898) * Trigger GitHub CI for OpenSSH OQS-v9 Signed-off-by: Spencer Wilson --- .github/workflows/commit-to-main.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/commit-to-main.yml b/.github/workflows/commit-to-main.yml index 7c1daa6f3..92e73bd35 100644 --- a/.github/workflows/commit-to-main.yml +++ b/.github/workflows/commit-to-main.yml @@ -38,12 +38,13 @@ jobs: run: | curl --silent \ --write-out "\n%{response_code}\n" \ - --user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \ --request POST \ - --header "Content-Type: application/json" \ - --data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \ - https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \ - && grep -q "201" curl_out + --header "Accept: application/vnd.github+json" \ + --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \ + --header "X-GitHub-Api-Version: 2022-11-28" \ + --data '{"ref":"OQS-v9"}' \ + https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \ + && grep -q "204" curl_out - name: Trigger oqs-provider CI run: | curl --silent \ From a6e0bfcb754f5800884bf2d59a994c9a4321f68b Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Mon, 26 Aug 2024 16:38:57 -0400 Subject: [PATCH 4/8] Fix incorrect formatting in unix.yml (#1902) * fix GH action file unix.yml Signed-off-by: Pravek Sharma * add additional test entries under include for testing libjade in unix.yml and weekly.yml Signed-off-by: Pravek Sharma --------- Signed-off-by: Pravek Sharma --- .github/workflows/unix.yml | 32 ++++++++++++++++++++++++++------ .github/workflows/weekly.yml | 15 +++++++++------ 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/.github/workflows/unix.yml b/.github/workflows/unix.yml index fbaa3f20c..6c1739459 100644 --- a/.github/workflows/unix.yml +++ b/.github/workflows/unix.yml @@ -112,6 +112,11 @@ jobs: container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py + - name: alpine + runner: ubuntu-latest + container: openquantumsafe/ci-alpine-amd64:latest + CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-no-stfl-key-sig-gen runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest @@ -142,6 +147,11 @@ jobs: container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py + - name: focal-noopenssl + runner: ubuntu-latest + container: openquantumsafe/ci-ubuntu-focal-x86_64:latest + CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: focal-shared-noopenssl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-focal-x86_64:latest @@ -157,11 +167,21 @@ jobs: container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py + - name: jammy-std-openssl3-libjade + runner: ubuntu-latest + container: openquantumsafe/ci-ubuntu-jammy:latest + CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: jammy-std-openssl3-dlopen runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py + - name: jammy-std-openssl3-dlopen-libjade + runner: ubuntu-latest + container: openquantumsafe/ci-ubuntu-jammy:latest + CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: address-sanitizer runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-focal-x86_64:latest @@ -172,19 +192,19 @@ jobs: container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 + - name: address-sanitizer-libjade + runner: ubuntu-latest + container: openquantumsafe/ci-ubuntu-focal-x86_64:latest + CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 runs-on: ${{ matrix.runner }} - libjade-build: - - -DOQS_LIBJADE_BUILD=OFF - # Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by - # libjade to minimise repeated tests - - -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST container: image: ${{ matrix.container }} steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure - run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N .. + run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build run: ninja working-directory: build diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index dc2ff8346..23a3235f0 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -55,22 +55,25 @@ jobs: container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all' + - name: generic-libjade + container: openquantumsafe/ci-ubuntu-focal-x86_64:latest + CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all' - name: extensions container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all' - libjade-build: - - -DOQS_LIBJADE_BUILD=OFF - # Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by - # libjade to minimise repeated tests - - -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + - name: extensions-libjade + container: openquantumsafe/ci-ubuntu-focal-x86_64:latest + CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST + PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all' container: image: ${{ matrix.container }} steps: - name: Checkout code uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2 - name: Configure - run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }}.. && cmake -LA -N .. + run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build run: ninja working-directory: build From 0a8ec5741483b0bef345a8332865afd7c6bf64fc Mon Sep 17 00:00:00 2001 From: Sergey Fedorov Date: Tue, 27 Aug 2024 14:09:41 +0000 Subject: [PATCH 5/8] CMakeLists: add ppc case (#1816) Signed-off-by: Sergey Fedorov --- CMakeLists.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 257d302a4..4d897e664 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -81,6 +81,24 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)") if(${OQS_DIST_BUILD}) set(OQS_DIST_PPC64_BUILD ON) endif() +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc|powerpc)") + message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR}) + # CMake uses uname to derive CMAKE_SYSTEM_PROCESSOR value, so on Darwin + # the value is identical for ppc and ppc64. To have the right build arch + # in 64-bit case, we use CMAKE_OSX_ARCHITECTURES. + if(APPLE AND CMAKE_OSX_ARCHITECTURES STREQUAL "ppc64") + set(ARCH "ppc64") + set(ARCH_PPC64 ON) + if(${OQS_DIST_BUILD}) + set(OQS_DIST_PPC64_BUILD ON) + endif() + else() + set(ARCH "ppc") + set(ARCH_PPC ON) + if(${OQS_DIST_BUILD}) + set(OQS_DIST_PPC_BUILD ON) + endif() + endif() elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x") set(ARCH "s390x") set(ARCH_S390X ON) From 8d173c5e9751e226983836675d26e540d04ee80a Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Tue, 27 Aug 2024 10:13:28 -0400 Subject: [PATCH 6/8] Remove old ad hoc CI for Apple M1 (#1907) Signed-off-by: Douglas Stebila --- .dsci.yml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 .dsci.yml diff --git a/.dsci.yml b/.dsci.yml deleted file mode 100644 index 3bbba9bed..000000000 --- a/.dsci.yml +++ /dev/null @@ -1,10 +0,0 @@ -jobs: - - name: Building and minimal testing on M1 - env: - PYTEST_ARGS: tests/test_code_conventions.py tests/test_kat.py - cmds: - - uname -a && mkdir build && cd build && cmake -GNinja .. && ninja && cd .. && python3 -m pytest --numprocesses=auto --verbose $PYTEST_ARGS ; rm -rf build - - name: Building and testing using gcc-11 on M1 - cmds: - - uname -a && mkdir build && cd build && cmake -DCMAKE_C_COMPILER=gcc-11 -GNinja .. && ninja && ninja run_tests ; cd .. && rm -rf build - From dc4deaa4e19485b42cb1dbfcab003d49c4f253cb Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Tue, 27 Aug 2024 18:57:04 +0200 Subject: [PATCH 7/8] Add ML-KEM / FIPS203 final (#1899) * Add ML-KEM * Add ACVP vectors for ML-KEM * Removes ML-KEM-ipd --------- Signed-off-by: Basil Hess --- .CMake/alg_support.cmake | 6 - .github/workflows/unix.yml | 2 +- README.md | 4 +- docs/algorithms/kem/ml_kem.md | 18 +- docs/algorithms/kem/ml_kem.yml | 17 +- docs/cbom.json | 62 +- .../copy_from_upstream/copy_from_upstream.yml | 27 +- ..._kem_ipd.patch => pqcrystals-ml_kem.patch} | 109 +- src/kem/kem.c | 45 - src/kem/kem.h | 8 +- src/kem/ml_kem/CMakeLists.txt | 84 +- src/kem/ml_kem/kem_ml_kem.h | 75 +- src/kem/ml_kem/kem_ml_kem_1024.c | 91 ++ src/kem/ml_kem/kem_ml_kem_1024_ipd.c | 121 -- src/kem/ml_kem/kem_ml_kem_512.c | 91 ++ src/kem/ml_kem/kem_ml_kem_512_ipd.c | 121 -- src/kem/ml_kem/kem_ml_kem_768.c | 91 ++ src/kem/ml_kem/kem_ml_kem_768_ipd.c | 121 -- .../LICENSE | 0 .../align.h | 0 .../api.h | 0 .../basemul.S | 0 .../cbd.c | 0 .../cbd.h | 0 .../consts.c | 0 .../consts.h | 0 .../fq.S | 0 .../fq.inc | 0 .../indcpa.c | 4 +- .../indcpa.h | 0 .../invntt.S | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.S | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 0 .../poly.h | 0 .../polyvec.c | 0 .../polyvec.h | 0 .../reduce.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 .../LICENSE | 0 .../api.h | 0 .../cbd.c | 0 .../cbd.h | 0 .../indcpa.c | 21 +- .../indcpa.h | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.c | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 2 +- .../poly.h | 0 .../polyvec.c | 1 - .../polyvec.h | 0 .../reduce.c | 0 .../reduce.h | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 .../LICENSE | 0 .../align.h | 0 .../api.h | 0 .../basemul.S | 0 .../cbd.c | 0 .../cbd.h | 0 .../consts.c | 0 .../consts.h | 0 .../fq.S | 0 .../fq.inc | 0 .../indcpa.c | 4 +- .../indcpa.h | 0 .../invntt.S | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.S | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 0 .../poly.h | 0 .../polyvec.c | 0 .../polyvec.h | 0 .../reduce.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 .../LICENSE | 0 .../api.h | 0 .../cbd.c | 0 .../cbd.h | 0 .../indcpa.c | 21 +- .../indcpa.h | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.c | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 2 +- .../poly.h | 0 .../polyvec.c | 1 - .../polyvec.h | 0 .../reduce.c | 0 .../reduce.h | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 .../LICENSE | 0 .../align.h | 0 .../api.h | 0 .../basemul.S | 0 .../cbd.c | 0 .../cbd.h | 0 .../consts.c | 0 .../consts.h | 0 .../fq.S | 0 .../fq.inc | 0 .../indcpa.c | 4 +- .../indcpa.h | 0 .../invntt.S | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.S | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 0 .../poly.h | 0 .../polyvec.c | 0 .../polyvec.h | 0 .../reduce.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 .../LICENSE | 0 .../api.h | 0 .../cbd.c | 0 .../cbd.h | 0 .../indcpa.c | 21 +- .../indcpa.h | 0 .../kem.c | 0 .../kem.h | 0 .../ntt.c | 0 .../ntt.h | 0 .../params.h | 6 +- .../poly.c | 2 +- .../poly.h | 0 .../polyvec.c | 1 - .../polyvec.h | 0 .../reduce.c | 0 .../reduce.h | 0 .../symmetric-shake.c | 0 .../symmetric.h | 0 .../verify.c | 10 + .../verify.h | 0 src/oqsconfig.h.cmake | 6 - .../internalProjection.json | 555 +++++++++ .../internalProjection.json | 507 ++++++++ .../internalProjection.json | 396 +++++++ .../internalProjection.json | 1023 +++++++++++++++++ .../internalProjection.json | 630 ++++++++++ tests/ACVP_Vectors/fetch_values.sh | 25 + tests/KATs/kem/kats.json | 24 +- tests/constant_time/kem/issues.json | 3 - tests/constant_time/kem/passes.json | 3 - tests/test_acvp_vectors.py | 117 ++ tests/test_vectors.py | 31 - tests/test_vectors.sh | 30 - tests/vectors_kem.c | 359 ++++-- 188 files changed, 4113 insertions(+), 869 deletions(-) rename scripts/copy_from_upstream/patches/{pqcrystals-ml_kem_ipd.patch => pqcrystals-ml_kem.patch} (86%) create mode 100644 src/kem/ml_kem/kem_ml_kem_1024.c delete mode 100644 src/kem/ml_kem/kem_ml_kem_1024_ipd.c create mode 100644 src/kem/ml_kem/kem_ml_kem_512.c delete mode 100644 src/kem/ml_kem/kem_ml_kem_512_ipd.c create mode 100644 src/kem/ml_kem/kem_ml_kem_768.c delete mode 100644 src/kem/ml_kem/kem_ml_kem_768_ipd.c rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/align.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/basemul.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/consts.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/consts.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/fq.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/fq.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/indcpa.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/invntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/ntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/params.h (90%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/poly.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/polyvec.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/rejsample.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/rejsample.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/shuffle.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/shuffle.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/verify.c (83%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-1024_avx2}/verify.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/indcpa.c (96%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/ntt.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/params.h (89%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/poly.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/polyvec.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/reduce.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/verify.c (82%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-1024_ref}/verify.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/align.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/basemul.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/consts.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/consts.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/fq.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/fq.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/indcpa.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/invntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/ntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/params.h (90%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/poly.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/polyvec.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/rejsample.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/rejsample.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/shuffle.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/shuffle.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/verify.c (83%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-512_avx2}/verify.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/indcpa.c (96%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/ntt.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/params.h (89%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/poly.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/polyvec.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/reduce.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/verify.c (82%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-512_ref}/verify.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/align.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/basemul.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/consts.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/consts.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/fq.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/fq.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/indcpa.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/invntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/ntt.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/params.h (90%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/poly.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/polyvec.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/rejsample.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/rejsample.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/shuffle.S (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/shuffle.inc (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/verify.c (83%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_avx2 => pqcrystals-kyber-standard_ml-kem-768_avx2}/verify.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/LICENSE (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/api.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/cbd.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/cbd.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/indcpa.c (96%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/indcpa.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/kem.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/kem.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/ntt.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/ntt.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/params.h (89%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/poly.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/poly.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-1024-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/polyvec.c (99%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/polyvec.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/reduce.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/reduce.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/symmetric-shake.c (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/symmetric.h (100%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-512-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/verify.c (82%) rename src/kem/ml_kem/{pqcrystals-kyber-standard_ml-kem-768-ipd_ref => pqcrystals-kyber-standard_ml-kem-768_ref}/verify.h (100%) create mode 100644 tests/ACVP_Vectors/ML-DSA-keyGen-FIPS204/internalProjection.json create mode 100644 tests/ACVP_Vectors/ML-DSA-sigGen-FIPS204/internalProjection.json create mode 100644 tests/ACVP_Vectors/ML-DSA-sigVer-FIPS204/internalProjection.json create mode 100644 tests/ACVP_Vectors/ML-KEM-encapDecap-FIPS203/internalProjection.json create mode 100644 tests/ACVP_Vectors/ML-KEM-keyGen-FIPS203/internalProjection.json create mode 100644 tests/ACVP_Vectors/fetch_values.sh create mode 100644 tests/test_acvp_vectors.py delete mode 100644 tests/test_vectors.py diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake index bf8e4d56c..bdd4d94ce 100644 --- a/.CMake/alg_support.cmake +++ b/.CMake/alg_support.cmake @@ -127,11 +127,8 @@ cmake_dependent_option(OQS_ENABLE_KEM_kyber_768 "" ON "OQS_ENABLE_KEM_KYBER" OFF cmake_dependent_option(OQS_ENABLE_KEM_kyber_1024 "" ON "OQS_ENABLE_KEM_KYBER" OFF) option(OQS_ENABLE_KEM_ML_KEM "Enable ml_kem algorithm family" ON) -cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) -cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) -cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF) option(OQS_ENABLE_SIG_DILITHIUM "Enable dilithium algorithm family" ON) @@ -320,21 +317,18 @@ endif() if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512_ipd" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF) endif() endif() if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768_ipd" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF) endif() endif() if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024_ipd" OFF) cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF) endif() endif() diff --git a/.github/workflows/unix.yml b/.github/workflows/unix.yml index 6c1739459..35bb8deb6 100644 --- a/.github/workflows/unix.yml +++ b/.github/workflows/unix.yml @@ -223,7 +223,7 @@ jobs: path: build/*.deb - name: Check STD algorithm and alias if: matrix.name == 'jammy-std-openssl3' - run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512-ipd:\n isnull: true"' + run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"' working-directory: build linux_arm_emulated: diff --git a/README.md b/README.md index f207046b4..db67a3115 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Details on each supported algorithm can be found in the [docs/algorithms](https: The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES. -The only algorithms in `liboqs` that implement NIST standards drafts are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/ipd) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-kem-ipd" and "ml-kem" as well as "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below. +The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) (initial public draft) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below. Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts. @@ -54,7 +54,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes - **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE - **HQC**: HQC-128, HQC-192, HQC-256 - **Kyber**: Kyber512, Kyber768, Kyber1024 -- **ML-KEM**: ML-KEM-512-ipd (alias: ML-KEM-512), ML-KEM-768-ipd (alias: ML-KEM-768), ML-KEM-1024-ipd (alias: ML-KEM-1024) +- **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024 - **NTRU-Prime**: sntrup761 diff --git a/docs/algorithms/kem/ml_kem.md b/docs/algorithms/kem/ml_kem.md index 7d5e0561a..d1806517b 100644 --- a/docs/algorithms/kem/ml_kem.md +++ b/docs/algorithms/kem/ml_kem.md @@ -4,10 +4,10 @@ - **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1). - **Principal submitters**: Peter Schwabe. - **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé. -- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd -- **Specification version**: ML-KEM-ipd. +- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203 +- **Specification version**: ML-KEM. - **Primary Source**: - - **Source**: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 with copy_from_upstream patches + - **Source**: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0 @@ -15,11 +15,11 @@ | Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| ML-KEM-512-ipd | ML-KEM-512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | -| ML-KEM-768-ipd | ML-KEM-768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | -| ML-KEM-1024-ipd | ML-KEM-1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | +| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | +| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | +| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | -## ML-KEM-512-ipd implementation characteristics +## ML-KEM-512 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| @@ -30,7 +30,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file. -## ML-KEM-768-ipd implementation characteristics +## ML-KEM-768 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| @@ -39,7 +39,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**. -## ML-KEM-1024-ipd implementation characteristics +## ML-KEM-1024 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| diff --git a/docs/algorithms/kem/ml_kem.yml b/docs/algorithms/kem/ml_kem.yml index 58d2ce19b..81ef2b6c4 100644 --- a/docs/algorithms/kem/ml_kem.yml +++ b/docs/algorithms/kem/ml_kem.yml @@ -13,16 +13,15 @@ auxiliary-submitters: - Gregor Seiler - Damien Stehlé crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1) -website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd -nist-round: ipd -spec-version: ML-KEM-ipd +website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203 +nist-round: FIPS203 +spec-version: ML-KEM primary-upstream: - source: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 + source: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches spdx-license-identifier: CC0-1.0 or Apache-2.0 parameter-sets: -- name: ML-KEM-512-ipd - alias: ML-KEM-512 +- name: ML-KEM-512 claimed-nist-level: 1 claimed-security: IND-CCA2 length-public-key: 800 @@ -55,8 +54,7 @@ parameter-sets: no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false -- name: ML-KEM-768-ipd - alias: ML-KEM-768 +- name: ML-KEM-768 claimed-nist-level: 3 claimed-security: IND-CCA2 length-public-key: 1184 @@ -89,8 +87,7 @@ parameter-sets: no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false -- name: ML-KEM-1024-ipd - alias: ML-KEM-1024 +- name: ML-KEM-1024 claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1568 diff --git a/docs/cbom.json b/docs/cbom.json index f605276ac..2fab7718a 100644 --- a/docs/cbom.json +++ b/docs/cbom.json @@ -1,23 +1,23 @@ { "bomFormat": "CBOM", "specVersion": "1.4-cbom-1.0", - "serialNumber": "urn:uuid:58a975ac-ea6b-4ce9-a5ae-80d35105db30", + "serialNumber": "urn:uuid:b953d460-1246-4cbb-aff9-642a0308d18b", "version": 1, "metadata": { - "timestamp": "2024-04-09T21:46:17.101849", + "timestamp": "2024-08-26T18:04:44.668645", "component": { "type": "library", - "bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872", + "bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910", "name": "liboqs", - "version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872" + "version": "062e793edf54cbc1073b54d0689795063fd41910" } }, "components": [ { "type": "library", - "bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872", + "bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910", "name": "liboqs", - "version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872" + "version": "062e793edf54cbc1073b54d0689795063fd41910" }, { "type": "crypto-asset", @@ -1041,12 +1041,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-512-ipd:generic", + "bom-ref": "alg:ML-KEM-512:generic", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-512-ipd", + "variant": "ML-KEM-512", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -1061,12 +1061,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-512-ipd:x86_64", + "bom-ref": "alg:ML-KEM-512:x86_64", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-512-ipd", + "variant": "ML-KEM-512", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -1081,12 +1081,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-768-ipd:generic", + "bom-ref": "alg:ML-KEM-768:generic", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-768-ipd", + "variant": "ML-KEM-768", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -1101,12 +1101,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-768-ipd:x86_64", + "bom-ref": "alg:ML-KEM-768:x86_64", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-768-ipd", + "variant": "ML-KEM-768", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -1121,12 +1121,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-1024-ipd:generic", + "bom-ref": "alg:ML-KEM-1024:generic", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-1024-ipd", + "variant": "ML-KEM-1024", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -1141,12 +1141,12 @@ }, { "type": "crypto-asset", - "bom-ref": "alg:ML-KEM-1024-ipd:x86_64", + "bom-ref": "alg:ML-KEM-1024:x86_64", "name": "ML-KEM", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "variant": "ML-KEM-1024-ipd", + "variant": "ML-KEM-1024", "primitive": "kem", "implementationLevel": "softwarePlainRam", "cryptoFunctions": [ @@ -2408,7 +2408,7 @@ ], "dependencies": [ { - "ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872", + "ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910", "dependsOn": [ "alg:BIKE-L1:x86_64", "alg:BIKE-L3:x86_64", @@ -2461,12 +2461,12 @@ "alg:Kyber1024:generic", "alg:Kyber1024:x86_64", "alg:Kyber1024:armv8-a", - "alg:ML-KEM-512-ipd:generic", - "alg:ML-KEM-512-ipd:x86_64", - "alg:ML-KEM-768-ipd:generic", - "alg:ML-KEM-768-ipd:x86_64", - "alg:ML-KEM-1024-ipd:generic", - "alg:ML-KEM-1024-ipd:x86_64", + "alg:ML-KEM-512:generic", + "alg:ML-KEM-512:x86_64", + "alg:ML-KEM-768:generic", + "alg:ML-KEM-768:x86_64", + "alg:ML-KEM-1024:generic", + "alg:ML-KEM-1024:x86_64", "alg:sntrup761:generic", "alg:sntrup761:x86_64", "alg:Dilithium2:generic", @@ -2893,42 +2893,42 @@ "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-512-ipd:generic", + "ref": "alg:ML-KEM-512:generic", "dependsOn": [ "alg:sha3" ], "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-512-ipd:x86_64", + "ref": "alg:ML-KEM-512:x86_64", "dependsOn": [ "alg:sha3" ], "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-768-ipd:generic", + "ref": "alg:ML-KEM-768:generic", "dependsOn": [ "alg:sha3" ], "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-768-ipd:x86_64", + "ref": "alg:ML-KEM-768:x86_64", "dependsOn": [ "alg:sha3" ], "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-1024-ipd:generic", + "ref": "alg:ML-KEM-1024:generic", "dependsOn": [ "alg:sha3" ], "dependencyType": "uses" }, { - "ref": "alg:ML-KEM-1024-ipd:x86_64", + "ref": "alg:ML-KEM-1024:x86_64", "dependsOn": [ "alg:sha3" ], diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml index 12cfec79b..216a99ae1 100644 --- a/scripts/copy_from_upstream/copy_from_upstream.yml +++ b/scripts/copy_from_upstream/copy_from_upstream.yml @@ -32,11 +32,11 @@ upstreams: - name: pqcrystals-kyber-standard git_url: https://github.com/pq-crystals/kyber.git - git_branch: standard - git_commit: d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 + git_branch: main + git_commit: 10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd kem_meta_path: '{pretty_name_full}_META.yml' kem_scheme_path: '.' - patches: [pqcrystals-ml_kem_ipd.patch] + patches: [pqcrystals-ml_kem.patch] - name: pqcrystals-dilithium git_url: https://github.com/pq-crystals/dilithium.git @@ -161,22 +161,19 @@ kems: upstream_location: pqcrystals-kyber-standard schemes: - - scheme: "512_ipd" - pqclean_scheme: ml-kem-512-ipd - pretty_name_full: ML-KEM-512-ipd - alias_scheme: "512" + scheme: "512" + pqclean_scheme: ml-kem-512 + pretty_name_full: ML-KEM-512 alias_pretty_name_full: ML-KEM-512 - - scheme: "768_ipd" - pqclean_scheme: ml-kem-768-ipd - pretty_name_full: ML-KEM-768-ipd - alias_scheme: "768" + scheme: "768" + pqclean_scheme: ml-kem-768 + pretty_name_full: ML-KEM-768 alias_pretty_name_full: ML-KEM-768 - - scheme: "1024_ipd" - pqclean_scheme: ml-kem-1024-ipd - pretty_name_full: ML-KEM-1024-ipd - alias_scheme: "1024" + scheme: "1024" + pqclean_scheme: ml-kem-1024 + pretty_name_full: ML-KEM-1024 alias_pretty_name_full: ML-KEM-1024 sigs: - diff --git a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch b/scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch similarity index 86% rename from scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch rename to scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch index ba138bf3c..952f0db5a 100644 --- a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch +++ b/scripts/copy_from_upstream/patches/pqcrystals-ml_kem.patch @@ -1,10 +1,13 @@ -diff --git a/Kyber1024_META.yml b/ML-KEM-1024-ipd_META.yml -index baa5ca3..ffafcf0 100644 +diff --git a/Kyber1024_META.yml b/ML-KEM-1024_META.yml +similarity index 55% +rename from Kyber1024_META.yml +rename to ML-KEM-1024_META.yml +index baa5ca3..fdfc298 100644 --- a/Kyber1024_META.yml -+++ b/ML-KEM-1024-ipd_META.yml ++++ b/ML-KEM-1024_META.yml @@ -1,4 +1,4 @@ -name: Kyber1024 -+name: ML-KEM-1024-ipd ++name: ML-KEM-1024 type: kem claimed-nist-level: 5 claimed-security: IND-CCA2 @@ -14,7 +17,7 @@ index baa5ca3..ffafcf0 100644 length-shared-secret: 32 -nistkat-sha256: 5afcf2a568ad32d49b55105b032af1850f03f3888ff9e2a72f4059c58e968f60 -testvectors-sha256: ff1a854b9b6761a70c65ccae85246fe0596a949e72eae0866a8a2a2d4ea54b10 -+nistkat-sha256: 03d6494b74c45d010e61b0328c1ab318c4df3b7f9dbd04d0e35b3468848584b7 ++nistkat-sha256: f580d851e5fb27e6876e5e203fa18be4cdbfd49e05d48fec3d3992c8f43a13e6 +testvectors-sha256: 85ab251d6e749e6b27507a8a6ec473ba2e8419c1aef87d0cd5ec9903c1bb92df principal-submitters: - Peter Schwabe @@ -32,9 +35,9 @@ index baa5ca3..ffafcf0 100644 - signature_dec: pqcrystals_kyber1024_ref_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref -+ signature_keypair: pqcrystals_ml_kem_1024_ipd_ref_keypair -+ signature_enc: pqcrystals_ml_kem_1024_ipd_ref_enc -+ signature_dec: pqcrystals_ml_kem_1024_ipd_ref_dec ++ signature_keypair: pqcrystals_ml_kem_1024_ref_keypair ++ signature_enc: pqcrystals_ml_kem_1024_ref_enc ++ signature_dec: pqcrystals_ml_kem_1024_ref_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c - name: avx2 - version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff @@ -45,20 +48,23 @@ index baa5ca3..ffafcf0 100644 - signature_dec: pqcrystals_kyber1024_avx2_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 common_keccak4x_avx2 -+ signature_keypair: pqcrystals_ml_kem_1024_ipd_avx2_keypair -+ signature_enc: pqcrystals_ml_kem_1024_ipd_avx2_enc -+ signature_dec: pqcrystals_ml_kem_1024_ipd_avx2_dec ++ signature_keypair: pqcrystals_ml_kem_1024_avx2_keypair ++ signature_enc: pqcrystals_ml_kem_1024_avx2_enc ++ signature_dec: pqcrystals_ml_kem_1024_avx2_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: -diff --git a/Kyber512_META.yml b/ML-KEM-512-ipd_META.yml -index b251701..d20f0b1 100644 +diff --git a/Kyber512_META.yml b/ML-KEM-512_META.yml +similarity index 55% +rename from Kyber512_META.yml +rename to ML-KEM-512_META.yml +index b251701..40440a8 100644 --- a/Kyber512_META.yml -+++ b/ML-KEM-512-ipd_META.yml ++++ b/ML-KEM-512_META.yml @@ -1,4 +1,4 @@ -name: Kyber512 -+name: ML-KEM-512-ipd ++name: ML-KEM-512 type: kem claimed-nist-level: 1 claimed-security: IND-CCA2 @@ -68,7 +74,7 @@ index b251701..d20f0b1 100644 length-shared-secret: 32 -nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca -testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85 -+nistkat-sha256: 76aae1fa3f8367522700b22da635a5bc4ced4298edb0eb9947aa3ba60d62676f ++nistkat-sha256: c70041a761e01cd6426fa60e9fd6a4412c2be817386c8d0f3334898082512782 +testvectors-sha256: e1ac6fb45e2511f4170a3527c0c50dcd61336f47113df7a299a61ef8394bd669 principal-submitters: - Peter Schwabe @@ -86,9 +92,9 @@ index b251701..d20f0b1 100644 - signature_dec: pqcrystals_kyber512_ref_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref -+ signature_keypair: pqcrystals_ml_kem_512_ipd_ref_keypair -+ signature_enc: pqcrystals_ml_kem_512_ipd_ref_enc -+ signature_dec: pqcrystals_ml_kem_512_ipd_ref_dec ++ signature_keypair: pqcrystals_ml_kem_512_ref_keypair ++ signature_enc: pqcrystals_ml_kem_512_ref_enc ++ signature_dec: pqcrystals_ml_kem_512_ref_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c - name: avx2 - version: https://github.com/pq-crystals/kyber/commit/36414d64fc1890ed58d1ca8b1e0cab23635d1ac2 @@ -99,20 +105,23 @@ index b251701..d20f0b1 100644 - signature_dec: pqcrystals_kyber512_avx2_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 common_keccak4x_avx2 -+ signature_keypair: pqcrystals_ml_kem_512_ipd_avx2_keypair -+ signature_enc: pqcrystals_ml_kem_512_ipd_avx2_enc -+ signature_dec: pqcrystals_ml_kem_512_ipd_avx2_dec ++ signature_keypair: pqcrystals_ml_kem_512_avx2_keypair ++ signature_enc: pqcrystals_ml_kem_512_avx2_enc ++ signature_dec: pqcrystals_ml_kem_512_avx2_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: -diff --git a/Kyber768_META.yml b/ML-KEM-768-ipd_META.yml -index 7a0cc3d..e768cd5 100644 +diff --git a/Kyber768_META.yml b/ML-KEM-768_META.yml +similarity index 55% +rename from Kyber768_META.yml +rename to ML-KEM-768_META.yml +index 7a0cc3d..4277df3 100644 --- a/Kyber768_META.yml -+++ b/ML-KEM-768-ipd_META.yml ++++ b/ML-KEM-768_META.yml @@ -1,4 +1,4 @@ -name: Kyber768 -+name: ML-KEM-768-ipd ++name: ML-KEM-768 type: kem claimed-nist-level: 3 claimed-security: IND-CCA2 @@ -122,7 +131,7 @@ index 7a0cc3d..e768cd5 100644 length-shared-secret: 32 -nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172 -testvectors-sha256: 667c8ca2ca93729c0df6ff24588460bad1bbdbfb64ece0fe8563852a7ff348c6 -+nistkat-sha256: c7e76b4b30c786b5b70c152a446e7832c1cb42b3816ec048dbeaf7041211b310 ++nistkat-sha256: 5352539586b6c3df58be6158a6250aeff402bd73060b0a3de68850ac074c17c3 +testvectors-sha256: 2586721a714c439f6fef26e29ee1c4c67c6207186f810617f278e6ce3e67ea0d principal-submitters: - Peter Schwabe @@ -140,9 +149,9 @@ index 7a0cc3d..e768cd5 100644 - signature_dec: pqcrystals_kyber768_ref_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref -+ signature_keypair: pqcrystals_ml_kem_768_ipd_ref_keypair -+ signature_enc: pqcrystals_ml_kem_768_ipd_ref_enc -+ signature_dec: pqcrystals_ml_kem_768_ipd_ref_dec ++ signature_keypair: pqcrystals_ml_kem_768_ref_keypair ++ signature_enc: pqcrystals_ml_kem_768_ref_enc ++ signature_dec: pqcrystals_ml_kem_768_ref_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c - name: avx2 - version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff @@ -153,15 +162,15 @@ index 7a0cc3d..e768cd5 100644 - signature_dec: pqcrystals_kyber768_avx2_dec - sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 common_keccak4x_avx2 -+ signature_keypair: pqcrystals_ml_kem_768_ipd_avx2_keypair -+ signature_enc: pqcrystals_ml_kem_768_ipd_avx2_enc -+ signature_dec: pqcrystals_ml_kem_768_ipd_avx2_dec ++ signature_keypair: pqcrystals_ml_kem_768_avx2_keypair ++ signature_enc: pqcrystals_ml_kem_768_avx2_enc ++ signature_dec: pqcrystals_ml_kem_768_avx2_dec + sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: diff --git a/avx2/indcpa.c b/avx2/indcpa.c -index 4f3b782..572ce49 100644 +index 18b9d08..c4b2b3a 100644 --- a/avx2/indcpa.c +++ b/avx2/indcpa.c @@ -175,7 +175,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed) @@ -260,26 +269,26 @@ index bc70ebf..fdc688e 100644 #define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_kyber512_avx2_##s -+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s ++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_avx2_##s #endif #elif (KYBER_K == 3) #ifdef KYBER_90S #define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_kyber768_avx2_##s -+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s ++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_avx2_##s #endif #elif (KYBER_K == 4) #ifdef KYBER_90S #define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_avx2_##s -+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s ++#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_avx2_##s #endif #else #error "KYBER_K must be in {2,3,4}" diff --git a/avx2/poly.c b/avx2/poly.c -index ab148a2..96bad86 100644 +index 56a5e1e..681fd6d 100644 --- a/avx2/poly.c +++ b/avx2/poly.c @@ -2,6 +2,7 @@ @@ -290,7 +299,7 @@ index ab148a2..96bad86 100644 #include "params.h" #include "poly.h" #include "ntt.h" -@@ -412,7 +413,7 @@ void poly_getnoise_eta1_4x(poly *r0, +@@ -325,7 +326,7 @@ void poly_getnoise_eta1_4x(poly *r0, { ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4]; __m256i f; @@ -299,7 +308,7 @@ index ab148a2..96bad86 100644 f = _mm256_loadu_si256((__m256i *)seed); _mm256_store_si256(buf[0].vec, f); -@@ -425,8 +426,10 @@ void poly_getnoise_eta1_4x(poly *r0, +@@ -338,8 +339,10 @@ void poly_getnoise_eta1_4x(poly *r0, buf[2].coeffs[32] = nonce2; buf[3].coeffs[32] = nonce3; @@ -310,7 +319,7 @@ index ab148a2..96bad86 100644 poly_cbd_eta1(r0, buf[0].vec); poly_cbd_eta1(r1, buf[1].vec); -@@ -447,7 +450,7 @@ void poly_getnoise_eta1122_4x(poly *r0, +@@ -360,7 +363,7 @@ void poly_getnoise_eta1122_4x(poly *r0, { ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4]; __m256i f; @@ -319,7 +328,7 @@ index ab148a2..96bad86 100644 f = _mm256_loadu_si256((__m256i *)seed); _mm256_store_si256(buf[0].vec, f); -@@ -460,8 +463,10 @@ void poly_getnoise_eta1122_4x(poly *r0, +@@ -373,8 +376,10 @@ void poly_getnoise_eta1122_4x(poly *r0, buf[2].coeffs[32] = nonce2; buf[3].coeffs[32] = nonce3; @@ -348,18 +357,18 @@ index 627b891..e4941f7 100644 uint8_t x, uint8_t y); diff --git a/ref/indcpa.c b/ref/indcpa.c -index 5d74518..4a8b4c8 100644 +index 9a78c09..726cfa9 100644 --- a/ref/indcpa.c +++ b/ref/indcpa.c -@@ -164,6 +164,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) - unsigned int buflen, off; - uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES+2]; +@@ -168,6 +168,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) + unsigned int buflen; + uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES]; xof_state state; + xof_init(&state, seed); for(i=0;i) +if(OQS_ENABLE_KEM_ml_kem_512) + add_library(ml_kem_512_ref OBJECT kem_ml_kem_512.c pqcrystals-kyber-standard_ml-kem-512_ref/cbd.c pqcrystals-kyber-standard_ml-kem-512_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-512_ref/kem.c pqcrystals-kyber-standard_ml-kem-512_ref/ntt.c pqcrystals-kyber-standard_ml-kem-512_ref/poly.c pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512_ref/verify.c) + target_compile_options(ml_kem_512_ref PUBLIC -DKYBER_K=2) + target_include_directories(ml_kem_512_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512_ref) + target_include_directories(ml_kem_512_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_512_ref PUBLIC -DKYBER_K=2) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() -if(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_512_avx2) - add_library(ml_kem_512_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/verify.c) - target_include_directories(ml_kem_512_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2) - target_include_directories(ml_kem_512_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_kem_512_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) - target_compile_options(ml_kem_512_ipd_avx2 PUBLIC -DKYBER_K=2) - set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) +if(OQS_ENABLE_KEM_ml_kem_512_avx2) + add_library(ml_kem_512_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-512_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-512_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-512_avx2/consts.c pqcrystals-kyber-standard_ml-kem-512_avx2/fq.S pqcrystals-kyber-standard_ml-kem-512_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-512_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-512_avx2/kem.c pqcrystals-kyber-standard_ml-kem-512_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-512_avx2/poly.c pqcrystals-kyber-standard_ml-kem-512_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-512_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-512_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-512_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-512_avx2/verify.c) + target_include_directories(ml_kem_512_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-512_avx2) + target_include_directories(ml_kem_512_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_512_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) + target_compile_options(ml_kem_512_avx2 PUBLIC -DKYBER_K=2) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() -if(OQS_ENABLE_KEM_ml_kem_768_ipd OR OQS_ENABLE_KEM_ml_kem_768) - add_library(ml_kem_768_ipd_ref OBJECT kem_ml_kem_768_ipd.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/cbd.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/kem.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/ntt.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/poly.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c) - target_compile_options(ml_kem_768_ipd_ref PUBLIC -DKYBER_K=3) - target_include_directories(ml_kem_768_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768-ipd_ref) - target_include_directories(ml_kem_768_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_kem_768_ipd_ref PUBLIC -DKYBER_K=3) - set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) +if(OQS_ENABLE_KEM_ml_kem_768) + add_library(ml_kem_768_ref OBJECT kem_ml_kem_768.c pqcrystals-kyber-standard_ml-kem-768_ref/cbd.c pqcrystals-kyber-standard_ml-kem-768_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-768_ref/kem.c pqcrystals-kyber-standard_ml-kem-768_ref/ntt.c pqcrystals-kyber-standard_ml-kem-768_ref/poly.c pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768_ref/verify.c) + target_compile_options(ml_kem_768_ref PUBLIC -DKYBER_K=3) + target_include_directories(ml_kem_768_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768_ref) + target_include_directories(ml_kem_768_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_768_ref PUBLIC -DKYBER_K=3) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() -if(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_768_avx2) - add_library(ml_kem_768_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768-ipd_avx2/verify.c) - target_include_directories(ml_kem_768_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768-ipd_avx2) - target_include_directories(ml_kem_768_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_kem_768_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) - target_compile_options(ml_kem_768_ipd_avx2 PUBLIC -DKYBER_K=3) - set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) +if(OQS_ENABLE_KEM_ml_kem_768_avx2) + add_library(ml_kem_768_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-768_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-768_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-768_avx2/consts.c pqcrystals-kyber-standard_ml-kem-768_avx2/fq.S pqcrystals-kyber-standard_ml-kem-768_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-768_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-768_avx2/kem.c pqcrystals-kyber-standard_ml-kem-768_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-768_avx2/poly.c pqcrystals-kyber-standard_ml-kem-768_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-768_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-768_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-768_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-768_avx2/verify.c) + target_include_directories(ml_kem_768_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-768_avx2) + target_include_directories(ml_kem_768_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_768_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) + target_compile_options(ml_kem_768_avx2 PUBLIC -DKYBER_K=3) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() -if(OQS_ENABLE_KEM_ml_kem_1024_ipd OR OQS_ENABLE_KEM_ml_kem_1024) - add_library(ml_kem_1024_ipd_ref OBJECT kem_ml_kem_1024_ipd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/cbd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/kem.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/ntt.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/poly.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c) - target_compile_options(ml_kem_1024_ipd_ref PUBLIC -DKYBER_K=4) - target_include_directories(ml_kem_1024_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref) - target_include_directories(ml_kem_1024_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_kem_1024_ipd_ref PUBLIC -DKYBER_K=4) - set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) +if(OQS_ENABLE_KEM_ml_kem_1024) + add_library(ml_kem_1024_ref OBJECT kem_ml_kem_1024.c pqcrystals-kyber-standard_ml-kem-1024_ref/cbd.c pqcrystals-kyber-standard_ml-kem-1024_ref/indcpa.c pqcrystals-kyber-standard_ml-kem-1024_ref/kem.c pqcrystals-kyber-standard_ml-kem-1024_ref/ntt.c pqcrystals-kyber-standard_ml-kem-1024_ref/poly.c pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.c pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c) + target_compile_options(ml_kem_1024_ref PUBLIC -DKYBER_K=4) + target_include_directories(ml_kem_1024_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024_ref) + target_include_directories(ml_kem_1024_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_1024_ref PUBLIC -DKYBER_K=4) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() -if(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 OR OQS_ENABLE_KEM_ml_kem_1024_avx2) - add_library(ml_kem_1024_ipd_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/verify.c) - target_include_directories(ml_kem_1024_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2) - target_include_directories(ml_kem_1024_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_kem_1024_ipd_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) - target_compile_options(ml_kem_1024_ipd_avx2 PUBLIC -DKYBER_K=4) - set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) +if(OQS_ENABLE_KEM_ml_kem_1024_avx2) + add_library(ml_kem_1024_avx2 OBJECT pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c) + target_include_directories(ml_kem_1024_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-kyber-standard_ml-kem-1024_avx2) + target_include_directories(ml_kem_1024_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_kem_1024_avx2 PRIVATE -mavx2 -mbmi2 -mpopcnt ) + target_compile_options(ml_kem_1024_avx2 PUBLIC -DKYBER_K=4) + set(_ML_KEM_OBJS ${_ML_KEM_OBJS} $) endif() set(ML_KEM_OBJS ${_ML_KEM_OBJS} PARENT_SCOPE) diff --git a/src/kem/ml_kem/kem_ml_kem.h b/src/kem/ml_kem/kem_ml_kem.h index b3e3d99cf..f8383607f 100644 --- a/src/kem/ml_kem/kem_ml_kem.h +++ b/src/kem/ml_kem/kem_ml_kem.h @@ -5,64 +5,37 @@ #include -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd) || defined(OQS_ENABLE_KEM_ml_kem_512) -#define OQS_KEM_ml_kem_512_ipd_length_public_key 800 -#define OQS_KEM_ml_kem_512_ipd_length_secret_key 1632 -#define OQS_KEM_ml_kem_512_ipd_length_ciphertext 768 -#define OQS_KEM_ml_kem_512_ipd_length_shared_secret 32 -OQS_KEM *OQS_KEM_ml_kem_512_ipd_new(void); -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); - -#define OQS_KEM_ml_kem_512_length_public_key OQS_KEM_ml_kem_512_ipd_length_public_key -#define OQS_KEM_ml_kem_512_length_secret_key OQS_KEM_ml_kem_512_ipd_length_secret_key -#define OQS_KEM_ml_kem_512_length_ciphertext OQS_KEM_ml_kem_512_ipd_length_ciphertext -#define OQS_KEM_ml_kem_512_length_shared_secret OQS_KEM_ml_kem_512_ipd_length_shared_secret +#if defined(OQS_ENABLE_KEM_ml_kem_512) +#define OQS_KEM_ml_kem_512_length_public_key 800 +#define OQS_KEM_ml_kem_512_length_secret_key 1632 +#define OQS_KEM_ml_kem_512_length_ciphertext 768 +#define OQS_KEM_ml_kem_512_length_shared_secret 32 OQS_KEM *OQS_KEM_ml_kem_512_new(void); -#define OQS_KEM_ml_kem_512_keypair OQS_KEM_ml_kem_512_ipd_keypair -#define OQS_KEM_ml_kem_512_encaps OQS_KEM_ml_kem_512_ipd_encaps -#define OQS_KEM_ml_kem_512_decaps OQS_KEM_ml_kem_512_ipd_decaps +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); #endif -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd) || defined(OQS_ENABLE_KEM_ml_kem_768) -#define OQS_KEM_ml_kem_768_ipd_length_public_key 1184 -#define OQS_KEM_ml_kem_768_ipd_length_secret_key 2400 -#define OQS_KEM_ml_kem_768_ipd_length_ciphertext 1088 -#define OQS_KEM_ml_kem_768_ipd_length_shared_secret 32 -OQS_KEM *OQS_KEM_ml_kem_768_ipd_new(void); -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); - -#define OQS_KEM_ml_kem_768_length_public_key OQS_KEM_ml_kem_768_ipd_length_public_key -#define OQS_KEM_ml_kem_768_length_secret_key OQS_KEM_ml_kem_768_ipd_length_secret_key -#define OQS_KEM_ml_kem_768_length_ciphertext OQS_KEM_ml_kem_768_ipd_length_ciphertext -#define OQS_KEM_ml_kem_768_length_shared_secret OQS_KEM_ml_kem_768_ipd_length_shared_secret +#if defined(OQS_ENABLE_KEM_ml_kem_768) +#define OQS_KEM_ml_kem_768_length_public_key 1184 +#define OQS_KEM_ml_kem_768_length_secret_key 2400 +#define OQS_KEM_ml_kem_768_length_ciphertext 1088 +#define OQS_KEM_ml_kem_768_length_shared_secret 32 OQS_KEM *OQS_KEM_ml_kem_768_new(void); -#define OQS_KEM_ml_kem_768_keypair OQS_KEM_ml_kem_768_ipd_keypair -#define OQS_KEM_ml_kem_768_encaps OQS_KEM_ml_kem_768_ipd_encaps -#define OQS_KEM_ml_kem_768_decaps OQS_KEM_ml_kem_768_ipd_decaps +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); #endif -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd) || defined(OQS_ENABLE_KEM_ml_kem_1024) -#define OQS_KEM_ml_kem_1024_ipd_length_public_key 1568 -#define OQS_KEM_ml_kem_1024_ipd_length_secret_key 3168 -#define OQS_KEM_ml_kem_1024_ipd_length_ciphertext 1568 -#define OQS_KEM_ml_kem_1024_ipd_length_shared_secret 32 -OQS_KEM *OQS_KEM_ml_kem_1024_ipd_new(void); -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); - -#define OQS_KEM_ml_kem_1024_length_public_key OQS_KEM_ml_kem_1024_ipd_length_public_key -#define OQS_KEM_ml_kem_1024_length_secret_key OQS_KEM_ml_kem_1024_ipd_length_secret_key -#define OQS_KEM_ml_kem_1024_length_ciphertext OQS_KEM_ml_kem_1024_ipd_length_ciphertext -#define OQS_KEM_ml_kem_1024_length_shared_secret OQS_KEM_ml_kem_1024_ipd_length_shared_secret +#if defined(OQS_ENABLE_KEM_ml_kem_1024) +#define OQS_KEM_ml_kem_1024_length_public_key 1568 +#define OQS_KEM_ml_kem_1024_length_secret_key 3168 +#define OQS_KEM_ml_kem_1024_length_ciphertext 1568 +#define OQS_KEM_ml_kem_1024_length_shared_secret 32 OQS_KEM *OQS_KEM_ml_kem_1024_new(void); -#define OQS_KEM_ml_kem_1024_keypair OQS_KEM_ml_kem_1024_ipd_keypair -#define OQS_KEM_ml_kem_1024_encaps OQS_KEM_ml_kem_1024_ipd_encaps -#define OQS_KEM_ml_kem_1024_decaps OQS_KEM_ml_kem_1024_ipd_decaps +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); #endif #endif diff --git a/src/kem/ml_kem/kem_ml_kem_1024.c b/src/kem/ml_kem/kem_ml_kem_1024.c new file mode 100644 index 000000000..51297a61f --- /dev/null +++ b/src/kem/ml_kem/kem_ml_kem_1024.c @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_KEM_ml_kem_1024) + +OQS_KEM *OQS_KEM_ml_kem_1024_new(void) { + + OQS_KEM *kem = malloc(sizeof(OQS_KEM)); + if (kem == NULL) { + return NULL; + } + kem->method_name = OQS_KEM_alg_ml_kem_1024; + kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; + + kem->claimed_nist_level = 5; + kem->ind_cca = true; + + kem->length_public_key = OQS_KEM_ml_kem_1024_length_public_key; + kem->length_secret_key = OQS_KEM_ml_kem_1024_length_secret_key; + kem->length_ciphertext = OQS_KEM_ml_kem_1024_length_ciphertext; + kem->length_shared_secret = OQS_KEM_ml_kem_1024_length_shared_secret; + + kem->keypair = OQS_KEM_ml_kem_1024_keypair; + kem->encaps = OQS_KEM_ml_kem_1024_encaps; + kem->decaps = OQS_KEM_ml_kem_1024_decaps; + + return kem; +} + +extern int pqcrystals_ml_kem_1024_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_1024_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_1024_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); + +#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) +extern int pqcrystals_ml_kem_1024_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_1024_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_1024_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +#endif + +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_enc(ciphertext, shared_secret, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_enc(ciphertext, shared_secret, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_enc(ciphertext, shared_secret, public_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_1024_avx2_dec(shared_secret, ciphertext, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_dec(shared_secret, ciphertext, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_1024_ref_dec(shared_secret, ciphertext, secret_key); +#endif +} + +#endif diff --git a/src/kem/ml_kem/kem_ml_kem_1024_ipd.c b/src/kem/ml_kem/kem_ml_kem_1024_ipd.c deleted file mode 100644 index 7667187f4..000000000 --- a/src/kem/ml_kem/kem_ml_kem_1024_ipd.c +++ /dev/null @@ -1,121 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd) || defined(OQS_ENABLE_KEM_ml_kem_1024) - -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd) - -OQS_KEM *OQS_KEM_ml_kem_1024_ipd_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_1024_ipd; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 5; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_1024_ipd_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_1024_ipd_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_1024_ipd_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_1024_ipd_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_1024_ipd_keypair; - kem->encaps = OQS_KEM_ml_kem_1024_ipd_encaps; - kem->decaps = OQS_KEM_ml_kem_1024_ipd_decaps; - - return kem; -} -#endif - -#if defined(OQS_ENABLE_KEM_ml_kem_1024) -/** Alias */ -OQS_KEM *OQS_KEM_ml_kem_1024_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_1024; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 5; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_1024_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_1024_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_1024_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_1024_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_1024_keypair; - kem->encaps = OQS_KEM_ml_kem_1024_encaps; - kem->decaps = OQS_KEM_ml_kem_1024_decaps; - - return kem; -} -#endif - -extern int pqcrystals_ml_kem_1024_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_1024_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_1024_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); - -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) -extern int pqcrystals_ml_kem_1024_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_1024_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_1024_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -#endif - -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_enc(ciphertext, shared_secret, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_enc(ciphertext, shared_secret, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_enc(ciphertext, shared_secret, public_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_1024_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_avx2_dec(shared_secret, ciphertext, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_dec(shared_secret, ciphertext, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_1024_ipd_ref_dec(shared_secret, ciphertext, secret_key); -#endif -} - -#endif diff --git a/src/kem/ml_kem/kem_ml_kem_512.c b/src/kem/ml_kem/kem_ml_kem_512.c new file mode 100644 index 000000000..ec1e147c5 --- /dev/null +++ b/src/kem/ml_kem/kem_ml_kem_512.c @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_KEM_ml_kem_512) + +OQS_KEM *OQS_KEM_ml_kem_512_new(void) { + + OQS_KEM *kem = malloc(sizeof(OQS_KEM)); + if (kem == NULL) { + return NULL; + } + kem->method_name = OQS_KEM_alg_ml_kem_512; + kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; + + kem->claimed_nist_level = 1; + kem->ind_cca = true; + + kem->length_public_key = OQS_KEM_ml_kem_512_length_public_key; + kem->length_secret_key = OQS_KEM_ml_kem_512_length_secret_key; + kem->length_ciphertext = OQS_KEM_ml_kem_512_length_ciphertext; + kem->length_shared_secret = OQS_KEM_ml_kem_512_length_shared_secret; + + kem->keypair = OQS_KEM_ml_kem_512_keypair; + kem->encaps = OQS_KEM_ml_kem_512_encaps; + kem->decaps = OQS_KEM_ml_kem_512_decaps; + + return kem; +} + +extern int pqcrystals_ml_kem_512_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_512_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_512_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); + +#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2) +extern int pqcrystals_ml_kem_512_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_512_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_512_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +#endif + +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_enc(ciphertext, shared_secret, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_enc(ciphertext, shared_secret, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_enc(ciphertext, shared_secret, public_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_512_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_dec(shared_secret, ciphertext, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key); +#endif +} + +#endif diff --git a/src/kem/ml_kem/kem_ml_kem_512_ipd.c b/src/kem/ml_kem/kem_ml_kem_512_ipd.c deleted file mode 100644 index c9cf81663..000000000 --- a/src/kem/ml_kem/kem_ml_kem_512_ipd.c +++ /dev/null @@ -1,121 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd) || defined(OQS_ENABLE_KEM_ml_kem_512) - -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd) - -OQS_KEM *OQS_KEM_ml_kem_512_ipd_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_512_ipd; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 1; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_512_ipd_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_512_ipd_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_512_ipd_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_512_ipd_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_512_ipd_keypair; - kem->encaps = OQS_KEM_ml_kem_512_ipd_encaps; - kem->decaps = OQS_KEM_ml_kem_512_ipd_decaps; - - return kem; -} -#endif - -#if defined(OQS_ENABLE_KEM_ml_kem_512) -/** Alias */ -OQS_KEM *OQS_KEM_ml_kem_512_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_512; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 1; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_512_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_512_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_512_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_512_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_512_keypair; - kem->encaps = OQS_KEM_ml_kem_512_encaps; - kem->decaps = OQS_KEM_ml_kem_512_decaps; - - return kem; -} -#endif - -extern int pqcrystals_ml_kem_512_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_512_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_512_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); - -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2) -extern int pqcrystals_ml_kem_512_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_512_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_512_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -#endif - -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_enc(ciphertext, shared_secret, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_enc(ciphertext, shared_secret, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_enc(ciphertext, shared_secret, public_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_512_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_512_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_avx2_dec(shared_secret, ciphertext, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_dec(shared_secret, ciphertext, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_512_ipd_ref_dec(shared_secret, ciphertext, secret_key); -#endif -} - -#endif diff --git a/src/kem/ml_kem/kem_ml_kem_768.c b/src/kem/ml_kem/kem_ml_kem_768.c new file mode 100644 index 000000000..789e3ffd7 --- /dev/null +++ b/src/kem/ml_kem/kem_ml_kem_768.c @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_KEM_ml_kem_768) + +OQS_KEM *OQS_KEM_ml_kem_768_new(void) { + + OQS_KEM *kem = malloc(sizeof(OQS_KEM)); + if (kem == NULL) { + return NULL; + } + kem->method_name = OQS_KEM_alg_ml_kem_768; + kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; + + kem->claimed_nist_level = 3; + kem->ind_cca = true; + + kem->length_public_key = OQS_KEM_ml_kem_768_length_public_key; + kem->length_secret_key = OQS_KEM_ml_kem_768_length_secret_key; + kem->length_ciphertext = OQS_KEM_ml_kem_768_length_ciphertext; + kem->length_shared_secret = OQS_KEM_ml_kem_768_length_shared_secret; + + kem->keypair = OQS_KEM_ml_kem_768_keypair; + kem->encaps = OQS_KEM_ml_kem_768_encaps; + kem->decaps = OQS_KEM_ml_kem_768_decaps; + + return kem; +} + +extern int pqcrystals_ml_kem_768_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_768_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_768_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); + +#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2) +extern int pqcrystals_ml_kem_768_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_kem_768_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); +extern int pqcrystals_ml_kem_768_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +#endif + +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_enc(ciphertext, shared_secret, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_enc(ciphertext, shared_secret, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_enc(ciphertext, shared_secret, public_key); +#endif +} + +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_KEM_ml_kem_768_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_kem_768_avx2_dec(shared_secret, ciphertext, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_dec(shared_secret, ciphertext, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_kem_768_ref_dec(shared_secret, ciphertext, secret_key); +#endif +} + +#endif diff --git a/src/kem/ml_kem/kem_ml_kem_768_ipd.c b/src/kem/ml_kem/kem_ml_kem_768_ipd.c deleted file mode 100644 index da8ef0883..000000000 --- a/src/kem/ml_kem/kem_ml_kem_768_ipd.c +++ /dev/null @@ -1,121 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd) || defined(OQS_ENABLE_KEM_ml_kem_768) - -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd) - -OQS_KEM *OQS_KEM_ml_kem_768_ipd_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_768_ipd; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 3; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_768_ipd_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_768_ipd_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_768_ipd_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_768_ipd_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_768_ipd_keypair; - kem->encaps = OQS_KEM_ml_kem_768_ipd_encaps; - kem->decaps = OQS_KEM_ml_kem_768_ipd_decaps; - - return kem; -} -#endif - -#if defined(OQS_ENABLE_KEM_ml_kem_768) -/** Alias */ -OQS_KEM *OQS_KEM_ml_kem_768_new(void) { - - OQS_KEM *kem = malloc(sizeof(OQS_KEM)); - if (kem == NULL) { - return NULL; - } - kem->method_name = OQS_KEM_alg_ml_kem_768; - kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; - - kem->claimed_nist_level = 3; - kem->ind_cca = true; - - kem->length_public_key = OQS_KEM_ml_kem_768_length_public_key; - kem->length_secret_key = OQS_KEM_ml_kem_768_length_secret_key; - kem->length_ciphertext = OQS_KEM_ml_kem_768_length_ciphertext; - kem->length_shared_secret = OQS_KEM_ml_kem_768_length_shared_secret; - - kem->keypair = OQS_KEM_ml_kem_768_keypair; - kem->encaps = OQS_KEM_ml_kem_768_encaps; - kem->decaps = OQS_KEM_ml_kem_768_decaps; - - return kem; -} -#endif - -extern int pqcrystals_ml_kem_768_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_768_ipd_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_768_ipd_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); - -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2) -extern int pqcrystals_ml_kem_768_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_kem_768_ipd_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); -extern int pqcrystals_ml_kem_768_ipd_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); -#endif - -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_enc(ciphertext, shared_secret, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_enc(ciphertext, shared_secret, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_enc(ciphertext, shared_secret, public_key); -#endif -} - -OQS_API OQS_STATUS OQS_KEM_ml_kem_768_ipd_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2) || defined(OQS_ENABLE_KEM_ml_kem_768_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_avx2_dec(shared_secret, ciphertext, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_dec(shared_secret, ciphertext, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_kem_768_ipd_ref_dec(shared_secret, ciphertext, secret_key); -#endif -} - -#endif diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/LICENSE b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/LICENSE similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/LICENSE rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/LICENSE diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/align.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/align.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/align.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/align.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/api.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/api.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/api.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/api.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/basemul.S rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/basemul.S diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/cbd.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/cbd.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/consts.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/consts.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.S rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.S diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.inc b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.inc similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/fq.inc rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/fq.inc diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/indcpa.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c similarity index 99% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/indcpa.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c index 572ce4900..c4b2b3a89 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_avx2/indcpa.c +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.c @@ -440,7 +440,9 @@ void indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t *noiseseed = buf + KYBER_SYMBYTES; polyvec a[KYBER_K], e, pkpv, skpv; - hash_g(buf, coins, KYBER_SYMBYTES); + memcpy(buf, coins, KYBER_SYMBYTES); + buf[KYBER_SYMBYTES] = KYBER_K; + hash_g(buf, buf, KYBER_SYMBYTES+1); gen_a(a, publicseed); diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/indcpa.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/indcpa.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/invntt.S rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/invntt.S diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/kem.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/kem.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.S rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.S diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/ntt.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/ntt.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/params.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h similarity index 90% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/params.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h index fdc688ea2..ecfabce4a 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/params.h +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/params.h @@ -12,19 +12,19 @@ #ifdef KYBER_90S #define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s +#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_avx2_##s #endif #elif (KYBER_K == 3) #ifdef KYBER_90S #define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s +#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_avx2_##s #endif #elif (KYBER_K == 4) #ifdef KYBER_90S #define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s #else -#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s +#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_avx2_##s #endif #else #error "KYBER_K must be in {2,3,4}" diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/poly.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/poly.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/polyvec.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/polyvec.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/reduce.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/reduce.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/reduce.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/rejsample.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/rejsample.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.S rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.S diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.inc b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.inc similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/shuffle.inc rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/shuffle.inc diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric-shake.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric-shake.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/symmetric.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/symmetric.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c similarity index 83% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/verify.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c index aa8e2850b..06243b837 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_avx2/verify.c +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c @@ -57,6 +57,16 @@ void cmov(uint8_t * restrict r, const uint8_t *x, size_t len, uint8_t b) size_t i; __m256i xvec, rvec, bvec; +#if defined(__GNUC__) || defined(__clang__) + // Prevent the compiler from + // 1) inferring that b is 0/1-valued, and + // 2) handling the two cases with a branch. + // This is not necessary when verify.c and kem.c are separate translation + // units, but we expect that downstream consumers will copy this code and/or + // change how it is built. + __asm__("" : "+r"(b) : /* no inputs */); +#endif + bvec = _mm256_set1_epi64x(-(uint64_t)b); for(i=0;i>= 31; t[k] = d0 & 0x7ff; - } r[ 0] = (t[0] >> 0); diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/polyvec.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/polyvec.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/reduce.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/reduce.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric-shake.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric-shake.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/symmetric.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/symmetric.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c similarity index 82% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c index aad03b029..914ccd448 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/verify.c +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) { size_t i; +#if defined(__GNUC__) || defined(__clang__) + // Prevent the compiler from + // 1) inferring that b is 0/1-valued, and + // 2) handling the two cases with a branch. + // This is not necessary when verify.c and kem.c are separate translation + // units, but we expect that downstream consumers will copy this code and/or + // change how it is built. + __asm__("" : "+r"(b) : /* no inputs */); +#endif + b = -b; for(i=0;i>= 31; t[k] = d0 & 0x7ff; - } r[ 0] = (t[0] >> 0); diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/polyvec.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/polyvec.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/reduce.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/reduce.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric-shake.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric-shake.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/symmetric.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/symmetric.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c similarity index 82% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c index aad03b029..914ccd448 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024-ipd_ref/verify.c +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) { size_t i; +#if defined(__GNUC__) || defined(__clang__) + // Prevent the compiler from + // 1) inferring that b is 0/1-valued, and + // 2) handling the two cases with a branch. + // This is not necessary when verify.c and kem.c are separate translation + // units, but we expect that downstream consumers will copy this code and/or + // change how it is built. + __asm__("" : "+r"(b) : /* no inputs */); +#endif + b = -b; for(i=0;i>= 31; t[k] = d0 & 0x7ff; - } r[ 0] = (t[0] >> 0); diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/polyvec.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/polyvec.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/reduce.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/reduce.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric-shake.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric-shake.c diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric.h b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric.h similarity index 100% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768-ipd_ref/symmetric.h rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/symmetric.h diff --git a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c similarity index 82% rename from src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c rename to src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c index aad03b029..914ccd448 100644 --- a/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512-ipd_ref/verify.c +++ b/src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) { size_t i; +#if defined(__GNUC__) || defined(__clang__) + // Prevent the compiler from + // 1) inferring that b is 0/1-valued, and + // 2) handling the two cases with a branch. + // This is not necessary when verify.c and kem.c are separate translation + // units, but we expect that downstream consumers will copy this code and/or + // change how it is built. + __asm__("" : "+r"(b) : /* no inputs */); +#endif + b = -b; for(i=0;i #include @@ -20,15 +20,6 @@ struct { .pos = 0 }; -/* Displays hexadecimal strings */ -static void OQS_print_hex_string(const char *label, const uint8_t *str, size_t len) { - printf("%-20s (%4zu bytes): ", label, len); - for (size_t i = 0; i < (len); i++) { - printf("%02X", str[i]); - } - printf("\n"); -} - static void fprintBstr(FILE *fp, const char *S, const uint8_t *A, size_t L) { size_t i; fprintf(fp, "%s", S); @@ -69,10 +60,7 @@ static void hexStringToByteArray(const char *hexString, uint8_t *byteArray) { /* HQC-specific functions */ static inline bool is_ml_kem(const char *method_name) { - return (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512_ipd)) - || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_768_ipd)) - || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_1024_ipd)) - || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512)) + return (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512)) || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_768)) || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_1024)); } @@ -91,21 +79,16 @@ static void MLKEM_randombytes_free(void) { prng_state.pos = 0; } -OQS_STATUS kem_vector(const char *method_name, - uint8_t *prng_output_stream, - const uint8_t *encaps_pk, const uint8_t *encaps_K, - const uint8_t *decaps_sk, const uint8_t *decaps_ciphertext, const uint8_t *decaps_kprime) { +static OQS_STATUS kem_kg_vector(const char *method_name, + uint8_t *prng_output_stream, + const uint8_t *kg_pk, const uint8_t *kg_sk) { uint8_t *entropy_input; FILE *fh = NULL; OQS_KEM *kem = NULL; uint8_t *public_key = NULL; uint8_t *secret_key = NULL; - uint8_t *ss_encaps = NULL; - uint8_t *ct_encaps = NULL; - uint8_t *ss_decaps = NULL; OQS_STATUS rc, ret = OQS_ERROR; - int rv; void (*randombytes_init)(const uint8_t *, const uint8_t *) = NULL; void (*randombytes_free)(void) = NULL; @@ -122,7 +105,7 @@ OQS_STATUS kem_vector(const char *method_name, randombytes_free = &MLKEM_randombytes_free; entropy_input = (uint8_t *) prng_output_stream; } else { - // Only ML-KEM-ipd supported + // Only ML-KEM supported goto err; } @@ -132,15 +115,13 @@ OQS_STATUS kem_vector(const char *method_name, public_key = malloc(kem->length_public_key); secret_key = malloc(kem->length_secret_key); - ss_encaps = malloc(kem->length_shared_secret); - ct_encaps = malloc(kem->length_ciphertext); - ss_decaps = malloc(kem->length_shared_secret); - if ((public_key == NULL) || (secret_key == NULL) || (ss_encaps == NULL) || (ct_encaps == NULL) || (ss_decaps == NULL)) { + + if ((public_key == NULL) || (secret_key == NULL)) { fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name); goto err; } - if ((prng_output_stream == NULL) || (encaps_pk == NULL) || (encaps_K == NULL) || (decaps_sk == NULL) || (decaps_ciphertext == NULL) || (decaps_kprime == NULL)) { + if ((prng_output_stream == NULL) || (kg_pk == NULL) || (kg_sk == NULL)) { fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name); goto err; } @@ -153,29 +134,96 @@ OQS_STATUS kem_vector(const char *method_name, fprintBstr(fh, "ek: ", public_key, kem->length_public_key); fprintBstr(fh, "dk: ", secret_key, kem->length_secret_key); - rc = OQS_KEM_encaps(kem, ct_encaps, ss_encaps, encaps_pk); - if (rc != OQS_SUCCESS) { - fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name); + if (!memcmp(public_key, kg_pk, kem->length_public_key) && !memcmp(secret_key, kg_sk, kem->length_secret_key)) { + ret = OQS_SUCCESS; + } else { + ret = OQS_ERROR; + fprintf(stderr, "[vectors_kem] %s ERROR: public key or private key doesn't match!\n", method_name); + } + goto cleanup; + +err: + ret = OQS_ERROR; + goto cleanup; + +algo_not_enabled: + ret = OQS_SUCCESS; + +cleanup: + if (kem != NULL) { + OQS_MEM_secure_free(secret_key, kem->length_secret_key); + } + if (randombytes_free != NULL) { + randombytes_free(); + } + OQS_MEM_insecure_free(public_key); + OQS_KEM_free(kem); + return ret; +} + +static OQS_STATUS kem_vector_encdec_aft(const char *method_name, + uint8_t *prng_output_stream, + const uint8_t *encdec_pk, + const uint8_t *encdec_k, const uint8_t *encdec_c) { + + uint8_t *entropy_input; + FILE *fh = NULL; + OQS_KEM *kem = NULL; + uint8_t *ss_encaps = NULL; + uint8_t *ct_encaps = NULL; + OQS_STATUS rc, ret = OQS_ERROR; + + void (*randombytes_init)(const uint8_t *, const uint8_t *) = NULL; + void (*randombytes_free)(void) = NULL; + + kem = OQS_KEM_new(method_name); + if (kem == NULL) { + printf("[vectors_kem] %s was not enabled at compile-time.\n", method_name); + goto algo_not_enabled; + } + + if (is_ml_kem(method_name)) { + OQS_randombytes_custom_algorithm(&MLKEM_randombytes); + randombytes_init = &MLKEM_randombytes_init; + randombytes_free = &MLKEM_randombytes_free; + entropy_input = (uint8_t *) prng_output_stream; + } else { + // Only ML-KEM supported goto err; } - fprintBstr(fh, "c: ", ct_encaps, kem->length_ciphertext); - fprintBstr(fh, "K: ", ss_encaps, kem->length_shared_secret); + randombytes_init(entropy_input, NULL); - rc = OQS_KEM_decaps(kem, ss_decaps, decaps_ciphertext, decaps_sk); - if (rc != OQS_SUCCESS) { - fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_decaps failed!\n", method_name); + fh = stdout; + + ss_encaps = malloc(kem->length_shared_secret); + ct_encaps = malloc(kem->length_ciphertext); + if ((ss_encaps == NULL) || (ct_encaps == NULL)) { + fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name); goto err; } - rv = memcmp(ss_decaps, decaps_kprime, kem->length_shared_secret); - if (rv != 0) { - fprintf(stderr, "[vectors_kem] %s ERROR: shared secrets are not equal\n", method_name); - OQS_print_hex_string("ss_decaps", ss_decaps, kem->length_shared_secret); + if ((prng_output_stream == NULL) || (encdec_pk == NULL) || (encdec_k == NULL) || (encdec_c == NULL)) { + fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name); goto err; } - ret = OQS_SUCCESS; + rc = OQS_KEM_encaps(kem, ct_encaps, ss_encaps, encdec_pk); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name); + goto err; + } + + fprintBstr(fh, "c: ", ct_encaps, kem->length_ciphertext); + fprintBstr(fh, "k: ", ss_encaps, kem->length_shared_secret); + + if (!memcmp(ct_encaps, encdec_c, kem->length_ciphertext) && !memcmp(ss_encaps, encdec_k, kem->length_shared_secret)) { + ret = OQS_SUCCESS; + } else { + ret = OQS_ERROR; + fprintf(stderr, "[vectors_kem] %s ERROR (AFT): ciphertext or shared secret doesn't match!\n", method_name); + } + goto cleanup; err: @@ -187,27 +235,83 @@ OQS_STATUS kem_vector(const char *method_name, cleanup: if (kem != NULL) { - OQS_MEM_secure_free(secret_key, kem->length_secret_key); OQS_MEM_secure_free(ss_encaps, kem->length_shared_secret); - OQS_MEM_secure_free(ss_decaps, kem->length_shared_secret); } if (randombytes_free != NULL) { randombytes_free(); } - OQS_MEM_insecure_free(public_key); OQS_MEM_insecure_free(ct_encaps); OQS_KEM_free(kem); return ret; } +static OQS_STATUS kem_vector_encdec_val(const char *method_name, + const uint8_t *encdec_sk, const uint8_t *encdec_c, + const uint8_t *encdec_k) { + FILE *fh = NULL; + OQS_KEM *kem = NULL; + uint8_t *ss_decaps = NULL; + OQS_STATUS rc, ret = OQS_ERROR; + + kem = OQS_KEM_new(method_name); + if (kem == NULL) { + printf("[vectors_kem] %s was not enabled at compile-time.\n", method_name); + goto algo_not_enabled; + } + + fh = stdout; + + ss_decaps = malloc(kem->length_shared_secret); + + if (ss_decaps == NULL) { + fprintf(stderr, "[vectors_kem] %s ERROR: malloc failed!\n", method_name); + goto err; + } + + if ((encdec_sk == NULL) || (encdec_k == NULL) || (encdec_c == NULL)) { + fprintf(stderr, "[vectors_kem] %s ERROR: inputs NULL!\n", method_name); + goto err; + } + + rc = OQS_KEM_decaps(kem, ss_decaps, encdec_c, encdec_sk); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "[vectors_kem] %s ERROR: OQS_KEM_encaps failed!\n", method_name); + goto err; + } + + fprintBstr(fh, "k: ", ss_decaps, kem->length_shared_secret); + + if (!memcmp(ss_decaps, encdec_k, kem->length_shared_secret)) { + ret = OQS_SUCCESS; + } else { + ret = OQS_ERROR; + fprintf(stderr, "[vectors_kem] %s ERROR (AFT): ciphertext or shared secret doesn't match!\n", method_name); + } + + goto cleanup; + +err: + ret = OQS_ERROR; + goto cleanup; + +algo_not_enabled: + ret = OQS_SUCCESS; + +cleanup: + if (kem != NULL) { + OQS_MEM_secure_free(ss_decaps, kem->length_shared_secret); + } + OQS_KEM_free(kem); + return ret; +} + int main(int argc, char **argv) { - OQS_STATUS rc; + OQS_STATUS rc = OQS_SUCCESS; OQS_init(); - if (argc != 8) { - fprintf(stderr, "Usage: vectors_kem algname prng_output_stream encaps_pk encaps_K decaps_sk decaps_ciphertext decaps_kprime\n"); - fprintf(stderr, " algname: "); + if (argc != 6 && argc != 7) { + fprintf(stderr, "Usage: vectors_kem algname testname [testargs]\n"); for (size_t i = 0; i < OQS_KEM_algs_length; i++) { if (i > 0) { fprintf(stderr, ", "); @@ -222,21 +326,29 @@ int main(int argc, char **argv) { } char *alg_name = argv[1]; - char *prng_output_stream = argv[2]; // d || z || m + char *test_name = argv[2]; + char *prng_output_stream; + char *kg_pk; + char *kg_sk; + char *encdec_aft_pk; + char *encdec_aft_k; + char *encdec_aft_c; + + char *encdec_val_sk; + char *encdec_val_k; + char *encdec_val_c; - char *encaps_pk = argv[3]; - char *encaps_K = argv[4]; + uint8_t *prng_output_stream_bytes = NULL; + uint8_t *kg_pk_bytes = NULL; + uint8_t *kg_sk_bytes = NULL; - char *decaps_sk = argv[5]; - char *decaps_ciphertext = argv[6]; - char *decaps_kprime = argv[7]; + uint8_t *encdec_aft_pk_bytes = NULL; + uint8_t *encdec_aft_k_bytes = NULL; + uint8_t *encdec_aft_c_bytes = NULL; - uint8_t *prng_output_stream_bytes = NULL; - uint8_t *encaps_pk_bytes = NULL; - uint8_t *encaps_K_bytes = NULL; - uint8_t *decaps_sk_bytes = NULL; - uint8_t *decaps_ciphertext_bytes = NULL; - uint8_t *decaps_kprime_bytes = NULL; + uint8_t *encdec_val_sk_bytes = NULL; + uint8_t *encdec_val_k_bytes = NULL; + uint8_t *encdec_val_c_bytes = NULL; OQS_KEM *kem = OQS_KEM_new(alg_name); if (kem == NULL) { @@ -245,45 +357,108 @@ int main(int argc, char **argv) { goto err; } - if (strlen(prng_output_stream) % 2 != 0 || - strlen(encaps_pk) != 2 * kem->length_public_key || - strlen(encaps_K) != 2 * kem->length_shared_secret || - strlen(decaps_sk) != 2 * kem->length_secret_key || - strlen(decaps_ciphertext) != 2 * kem->length_ciphertext || - strlen(decaps_kprime) != 2 * kem->length_shared_secret ) { - rc = OQS_ERROR; - goto err; - } + if (!strcmp(test_name, "keyGen")) { + prng_output_stream = argv[3]; // d || z + kg_pk = argv[4]; + kg_sk = argv[5]; - prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2); - encaps_pk_bytes = malloc(kem->length_public_key); - encaps_K_bytes = malloc(kem->length_shared_secret); - decaps_sk_bytes = malloc(kem->length_secret_key); - decaps_ciphertext_bytes = malloc(kem->length_ciphertext); - decaps_kprime_bytes = malloc(kem->length_shared_secret); + if (strlen(prng_output_stream) % 2 != 0 || + strlen(kg_pk) != 2 * kem->length_public_key || + strlen(kg_sk) != 2 * kem->length_secret_key) { + rc = OQS_ERROR; + goto err; + } - if ((prng_output_stream_bytes == NULL) || (encaps_pk_bytes == NULL) || (encaps_K_bytes == NULL) || (decaps_sk_bytes == NULL) || (decaps_ciphertext_bytes == NULL) || (decaps_kprime_bytes == NULL)) { - fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n"); - rc = OQS_ERROR; - goto err; - } + prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2); + kg_pk_bytes = malloc(kem->length_public_key); + kg_sk_bytes = malloc(kem->length_secret_key); - hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); - hexStringToByteArray(encaps_pk, encaps_pk_bytes); - hexStringToByteArray(encaps_K, encaps_K_bytes); - hexStringToByteArray(decaps_sk, decaps_sk_bytes); - hexStringToByteArray(decaps_ciphertext, decaps_ciphertext_bytes); - hexStringToByteArray(decaps_kprime, decaps_kprime_bytes); + if ((prng_output_stream_bytes == NULL) || (kg_pk_bytes == NULL) || (kg_sk_bytes == NULL)) { + fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n"); + rc = OQS_ERROR; + goto err; + } + + hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); + hexStringToByteArray(kg_pk, kg_pk_bytes); + hexStringToByteArray(kg_sk, kg_sk_bytes); + + + rc = kem_kg_vector(alg_name, prng_output_stream_bytes, kg_pk_bytes, kg_sk_bytes); + } else if (!strcmp(test_name, "encDecAFT")) { + prng_output_stream = argv[3]; // m + encdec_aft_pk = argv[4]; + encdec_aft_k = argv[5]; + encdec_aft_c = argv[6]; + + if (strlen(prng_output_stream) % 2 != 0 || + strlen(encdec_aft_c) != 2 * kem->length_ciphertext || + strlen(encdec_aft_k) != 2 * kem->length_shared_secret || + strlen(encdec_aft_pk) != 2 * kem->length_public_key) { + rc = OQS_ERROR; + goto err; + } + + prng_output_stream_bytes = malloc(strlen(prng_output_stream) / 2); + encdec_aft_pk_bytes = malloc(kem->length_public_key); + encdec_aft_k_bytes = malloc(kem->length_shared_secret); + encdec_aft_c_bytes = malloc(kem->length_ciphertext); - rc = kem_vector(alg_name, prng_output_stream_bytes, encaps_pk_bytes, encaps_K_bytes, decaps_sk_bytes, decaps_ciphertext_bytes, decaps_kprime_bytes); + if ((prng_output_stream_bytes == NULL) || (encdec_aft_pk_bytes == NULL) || (encdec_aft_k_bytes == NULL) || (encdec_aft_c_bytes == NULL)) { + fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n"); + rc = OQS_ERROR; + goto err; + } + + hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); + hexStringToByteArray(encdec_aft_pk, encdec_aft_pk_bytes); + hexStringToByteArray(encdec_aft_k, encdec_aft_k_bytes); + hexStringToByteArray(encdec_aft_c, encdec_aft_c_bytes); + + rc = kem_vector_encdec_aft(alg_name, prng_output_stream_bytes, encdec_aft_pk_bytes, encdec_aft_k_bytes, encdec_aft_c_bytes); + } else if (!strcmp(test_name, "encDecVAL")) { + encdec_val_sk = argv[3]; + encdec_val_k = argv[4]; + encdec_val_c = argv[5]; + + if (strlen(encdec_val_c) != 2 * kem->length_ciphertext || + strlen(encdec_val_k) != 2 * kem->length_shared_secret || + strlen(encdec_val_sk) != 2 * kem->length_secret_key) { + rc = OQS_ERROR; + goto err; + } + + encdec_val_sk_bytes = malloc(kem->length_secret_key); + encdec_val_k_bytes = malloc(kem->length_shared_secret); + encdec_val_c_bytes = malloc(kem->length_ciphertext); + + if ((encdec_val_sk_bytes == NULL) || (encdec_val_k_bytes == NULL) || (encdec_val_c_bytes == NULL)) { + fprintf(stderr, "[vectors_kem] ERROR: malloc failed!\n"); + rc = OQS_ERROR; + goto err; + } + + hexStringToByteArray(encdec_val_sk, encdec_val_sk_bytes); + hexStringToByteArray(encdec_val_k, encdec_val_k_bytes); + hexStringToByteArray(encdec_val_c, encdec_val_c_bytes); + + rc = kem_vector_encdec_val(alg_name, encdec_val_sk_bytes, encdec_val_c_bytes, encdec_val_k_bytes); + } else { + printf("[vectors_kem] %s only keyGen supported!\n", alg_name); + } err: OQS_MEM_insecure_free(prng_output_stream_bytes); - OQS_MEM_insecure_free(encaps_pk_bytes); - OQS_MEM_insecure_free(encaps_K_bytes); - OQS_MEM_insecure_free(decaps_sk_bytes); - OQS_MEM_insecure_free(decaps_ciphertext_bytes); - OQS_MEM_insecure_free(decaps_kprime_bytes); + OQS_MEM_insecure_free(kg_pk_bytes); + OQS_MEM_insecure_free(kg_sk_bytes); + + OQS_MEM_insecure_free(encdec_aft_c_bytes); + OQS_MEM_insecure_free(encdec_aft_k_bytes); + OQS_MEM_insecure_free(encdec_aft_pk_bytes); + + OQS_MEM_insecure_free(encdec_val_c_bytes); + OQS_MEM_insecure_free(encdec_val_k_bytes); + OQS_MEM_insecure_free(encdec_val_sk_bytes); OQS_KEM_free(kem); From 6d92fc4a6ed82895a8ebd47111d1e0169c424f5d Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Tue, 27 Aug 2024 16:11:18 -0400 Subject: [PATCH 8/8] Update checkout action in weekly.yml (#1908) Signed-off-by: Pravek Sharma --- .github/workflows/weekly.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 23a3235f0..8f66afced 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -35,7 +35,7 @@ jobs: image: ${{ matrix.container }} steps: - name: Checkout code - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build @@ -71,7 +71,7 @@ jobs: image: ${{ matrix.container }} steps: - name: Checkout code - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build