Merge branch 'nist-kat' into more-ntru

This commit is contained in:
Douglas Stebila 2019-04-16 21:00:30 -04:00
commit 51102e05ce
27 changed files with 54 additions and 39 deletions

View File

@ -2,7 +2,7 @@
<!-- Type some lines about your submission -->
<!-- If you are not submitting a new scheme, we suggest removing the following lines -->
#### Manually checked properties
<!-- These checkboxes serve for the maintainers of PQClean to verify your submission. Please do not check them yourself. -->

View File

@ -26,9 +26,8 @@ See the section [API](#API) below.
type: <kem|signature>
claimed-nist-level: <N>
length-public-key: <N> # KEM and signature
length-secret-key: <N> # KEM and signature
length-ciphertext: <N> # KEM only
length-shared-secret: <N> # KEM only
length-shared-secret: <N> # KEM only
length-signature: <N> # Signature only
testvectors-sha256: sha256sum of output of testvectors
principal-submitter: Eve
@ -38,6 +37,7 @@ See the section [API](#API) below.
- ...
implementations:
- name: clean
length-secret-key: <N> # KEM and signature
version: <some version indicator>
```

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j;
size_t i;
unsigned int j;
for (i = 0; i < n; ++i) {
uint8_t sample = 0;

0
crypto_kem/ntruhps2048509/clean/api.h Executable file → Normal file
View File

2
crypto_kem/ntruhps2048509/clean/crypto_sort.c Executable file → Normal file
View File

@ -8,7 +8,7 @@
#define int32_MINMAX(a,b) \
do { \
int32_t ab = (b) ^ (a); \
int32_t c = (b) - (a); \
int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
c ^= ab & (c ^ (b)); \
c >>= 31; \
c &= ab; \

0
crypto_kem/ntruhps2048509/clean/crypto_sort.h Executable file → Normal file
View File

5
crypto_kem/ntruhps2048509/clean/kem.c Executable file → Normal file
View File

@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
int i, fail;
uint8_t rm[NTRU_OWCPA_MSGBYTES];
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
fail = PQCLEAN_NTRUHPS2048509_CLEAN_owcpa_dec(rm, c, sk);
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
}
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
cmp[i] = c[i];
buf[NTRU_PRFKEYBYTES + i] = c[i];
}
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
PQCLEAN_NTRUHPS2048509_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);

0
crypto_kem/ntruhps2048509/clean/owcpa.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/owcpa.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/pack3.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/packq.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/params.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/poly.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/poly.h Executable file → Normal file
View File

10
crypto_kem/ntruhps2048509/clean/sample.c Executable file → Normal file
View File

@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_iid(poly *r, const unsigned char unifor
void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
int32_t s[NTRU_N - 1];
uint32_t s[NTRU_N - 1];
int i;
// Use 30 bits of u per word
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26);
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28);
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30);
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24);
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t)u[15 * i + 3] << 26);
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t)u[15 * i + 7] << 28);
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t)u[15 * i + 11] << 30);
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t)u[15 * i + 14] << 24);
}
for (i = 0; i < NTRU_WEIGHT / 2; i++) {

0
crypto_kem/ntruhps2048509/clean/sample.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/verify.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/verify.h Executable file → Normal file
View File

View File

@ -68,7 +68,7 @@ static void base_w(unsigned int *output, const size_t out_len,
bits += 8;
}
bits -= SPX_WOTS_LOGW;
output[out] = (total >> bits) & (SPX_WOTS_W - 1);
output[out] = (unsigned int)((total >> bits) & (SPX_WOTS_W - 1));
out++;
}
}

View File

@ -73,3 +73,7 @@ clean:
$(RM) $(DEST_DIR)/test_aes
$(RM) $(DEST_DIR)/test_fips202
$(RM) $(DEST_DIR)/test_sha2
.PHONY: distclean
distclean:
$(RM) -r $(DEST_DIR)

View File

@ -14,14 +14,14 @@ import helpers
def test_functest():
for scheme in pqclean.Scheme.all_schemes():
for implementation in scheme.implementations:
if helpers.permit_test('functest', implementation):
if helpers.permit_test('functest', implementation):
yield check_functest, implementation
def test_functest_sanitizers():
for scheme in pqclean.Scheme.all_schemes():
for implementation in scheme.implementations:
if helpers.permit_test('functest_sanitizers', implementation):
if helpers.permit_test('functest_sanitizers', implementation):
yield check_functest_sanitizers, implementation
@ -41,39 +41,44 @@ def check_functest(implementation):
)
@helpers.skip_windows
@helpers.skip_windows()
def check_functest_sanitizers(implementation):
env = None
if platform.machine() == 'ppc' and os.environ.get('CC', 'gcc') == 'clang':
raise unittest.SkipTest("Clang does not support ASAN on ppc")
elif platform.machine() in ['armv7l', 'aarch64']:
env = {'ASAN_OPTIONS': 'detect_leaks=0'}
elif platform.system() == 'Darwin':
raise unittest.SkipTest('valgrind is not reliable on OSX')
else:
print("Supported platform: {}".format(platform.machine()))
helpers.ensure_available('valgrind')
helpers.make('clean-scheme', 'functest',
TYPE=implementation.scheme.type,
SCHEME=implementation.scheme.name,
IMPLEMENTATION=implementation.name,
EXTRAFLAGS='-fsanitize=address,undefined',
EXTRAFLAGS='-g -fsanitize=address,undefined',
working_dir=os.path.join('..', 'test'),
env=env)
helpers.run_subprocess(
[os.path.join('..', 'bin', 'functest_{}_{}{}'.format(
implementation.scheme.name,
implementation.name,
'.exe' if os.name == 'nt' else ''
))],
os.path.join('..', 'bin'),
env=env,
)
# Remove files with ASAN library compiled in
helpers.make('clean-scheme',
TYPE=implementation.scheme.type,
SCHEME=implementation.scheme.name,
IMPLEMENTATION=implementation.name,
working_dir=os.path.join('..', 'test'))
try:
helpers.run_subprocess(
[os.path.join('..', 'bin', 'functest_{}_{}{}'.format(
implementation.scheme.name,
implementation.name,
'.exe' if os.name == 'nt' else ''
))],
os.path.join('..', 'bin'),
env=env,
)
except AssertionError as e:
raise e
finally:
# Remove files with ASAN library compiled in
helpers.make('clean-scheme',
TYPE=implementation.scheme.type,
SCHEME=implementation.scheme.name,
IMPLEMENTATION=implementation.name,
working_dir=os.path.join('..', 'test'))
if __name__ == '__main__':

View File

@ -16,6 +16,7 @@ def test_clang_tidy():
yield check_tidy, implementation
@helpers.skip_windows()
def check_tidy(implementation: pqclean.Implementation):
helpers.ensure_available('clang-tidy')
cfiles = implementation.cfiles()