Merge branch 'nist-kat' into more-ntru
This commit is contained in:
commit
51102e05ce
2
.github/pull_request_template.md
vendored
2
.github/pull_request_template.md
vendored
@ -2,7 +2,7 @@
|
||||
|
||||
<!-- Type some lines about your submission -->
|
||||
|
||||
|
||||
<!-- If you are not submitting a new scheme, we suggest removing the following lines -->
|
||||
#### Manually checked properties
|
||||
<!-- These checkboxes serve for the maintainers of PQClean to verify your submission. Please do not check them yourself. -->
|
||||
|
||||
|
@ -26,9 +26,8 @@ See the section [API](#API) below.
|
||||
type: <kem|signature>
|
||||
claimed-nist-level: <N>
|
||||
length-public-key: <N> # KEM and signature
|
||||
length-secret-key: <N> # KEM and signature
|
||||
length-ciphertext: <N> # KEM only
|
||||
length-shared-secret: <N> # KEM only
|
||||
length-shared-secret: <N> # KEM only
|
||||
length-signature: <N> # Signature only
|
||||
testvectors-sha256: sha256sum of output of testvectors
|
||||
principal-submitter: Eve
|
||||
@ -38,6 +37,7 @@ See the section [API](#API) below.
|
||||
- ...
|
||||
implementations:
|
||||
- name: clean
|
||||
length-secret-key: <N> # KEM and signature
|
||||
version: <some version indicator>
|
||||
```
|
||||
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344AES_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640AES_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976AES_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
|
||||
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
|
||||
// The distribution is specified by its CDF.
|
||||
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
|
||||
size_t i, j;
|
||||
size_t i;
|
||||
unsigned int j;
|
||||
|
||||
for (i = 0; i < n; ++i) {
|
||||
uint8_t sample = 0;
|
||||
|
0
crypto_kem/ntruhps2048509/clean/api.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/api.h
Executable file → Normal file
2
crypto_kem/ntruhps2048509/clean/crypto_sort.c
Executable file → Normal file
2
crypto_kem/ntruhps2048509/clean/crypto_sort.c
Executable file → Normal file
@ -8,7 +8,7 @@
|
||||
#define int32_MINMAX(a,b) \
|
||||
do { \
|
||||
int32_t ab = (b) ^ (a); \
|
||||
int32_t c = (b) - (a); \
|
||||
int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
|
||||
c ^= ab & (c ^ (b)); \
|
||||
c >>= 31; \
|
||||
c &= ab; \
|
||||
|
0
crypto_kem/ntruhps2048509/clean/crypto_sort.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/crypto_sort.h
Executable file → Normal file
5
crypto_kem/ntruhps2048509/clean/kem.c
Executable file → Normal file
5
crypto_kem/ntruhps2048509/clean/kem.c
Executable file → Normal file
@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
||||
int i, fail;
|
||||
uint8_t rm[NTRU_OWCPA_MSGBYTES];
|
||||
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
|
||||
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
|
||||
|
||||
fail = PQCLEAN_NTRUHPS2048509_CLEAN_owcpa_dec(rm, c, sk);
|
||||
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
|
||||
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
|
||||
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
|
||||
}
|
||||
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
|
||||
cmp[i] = c[i];
|
||||
buf[NTRU_PRFKEYBYTES + i] = c[i];
|
||||
}
|
||||
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
||||
sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
|
||||
|
||||
PQCLEAN_NTRUHPS2048509_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);
|
||||
|
||||
|
0
crypto_kem/ntruhps2048509/clean/owcpa.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/owcpa.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/owcpa.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/owcpa.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/pack3.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/pack3.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/packq.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/packq.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/params.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/params.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/poly.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/poly.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/poly.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/poly.h
Executable file → Normal file
10
crypto_kem/ntruhps2048509/clean/sample.c
Executable file → Normal file
10
crypto_kem/ntruhps2048509/clean/sample.c
Executable file → Normal file
@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_iid(poly *r, const unsigned char unifor
|
||||
void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
|
||||
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
|
||||
|
||||
int32_t s[NTRU_N - 1];
|
||||
uint32_t s[NTRU_N - 1];
|
||||
int i;
|
||||
|
||||
// Use 30 bits of u per word
|
||||
for (i = 0; i < (NTRU_N - 1) / 4; i++) {
|
||||
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26);
|
||||
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28);
|
||||
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30);
|
||||
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24);
|
||||
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t)u[15 * i + 3] << 26);
|
||||
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t)u[15 * i + 7] << 28);
|
||||
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t)u[15 * i + 11] << 30);
|
||||
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t)u[15 * i + 14] << 24);
|
||||
}
|
||||
|
||||
for (i = 0; i < NTRU_WEIGHT / 2; i++) {
|
||||
|
0
crypto_kem/ntruhps2048509/clean/sample.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/sample.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/verify.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/verify.c
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/verify.h
Executable file → Normal file
0
crypto_kem/ntruhps2048509/clean/verify.h
Executable file → Normal file
@ -68,7 +68,7 @@ static void base_w(unsigned int *output, const size_t out_len,
|
||||
bits += 8;
|
||||
}
|
||||
bits -= SPX_WOTS_LOGW;
|
||||
output[out] = (total >> bits) & (SPX_WOTS_W - 1);
|
||||
output[out] = (unsigned int)((total >> bits) & (SPX_WOTS_W - 1));
|
||||
out++;
|
||||
}
|
||||
}
|
||||
|
@ -73,3 +73,7 @@ clean:
|
||||
$(RM) $(DEST_DIR)/test_aes
|
||||
$(RM) $(DEST_DIR)/test_fips202
|
||||
$(RM) $(DEST_DIR)/test_sha2
|
||||
|
||||
.PHONY: distclean
|
||||
distclean:
|
||||
$(RM) -r $(DEST_DIR)
|
||||
|
@ -14,14 +14,14 @@ import helpers
|
||||
def test_functest():
|
||||
for scheme in pqclean.Scheme.all_schemes():
|
||||
for implementation in scheme.implementations:
|
||||
if helpers.permit_test('functest', implementation):
|
||||
if helpers.permit_test('functest', implementation):
|
||||
yield check_functest, implementation
|
||||
|
||||
|
||||
def test_functest_sanitizers():
|
||||
for scheme in pqclean.Scheme.all_schemes():
|
||||
for implementation in scheme.implementations:
|
||||
if helpers.permit_test('functest_sanitizers', implementation):
|
||||
if helpers.permit_test('functest_sanitizers', implementation):
|
||||
yield check_functest_sanitizers, implementation
|
||||
|
||||
|
||||
@ -41,39 +41,44 @@ def check_functest(implementation):
|
||||
)
|
||||
|
||||
|
||||
@helpers.skip_windows
|
||||
@helpers.skip_windows()
|
||||
def check_functest_sanitizers(implementation):
|
||||
env = None
|
||||
if platform.machine() == 'ppc' and os.environ.get('CC', 'gcc') == 'clang':
|
||||
raise unittest.SkipTest("Clang does not support ASAN on ppc")
|
||||
elif platform.machine() in ['armv7l', 'aarch64']:
|
||||
env = {'ASAN_OPTIONS': 'detect_leaks=0'}
|
||||
elif platform.system() == 'Darwin':
|
||||
raise unittest.SkipTest('valgrind is not reliable on OSX')
|
||||
else:
|
||||
print("Supported platform: {}".format(platform.machine()))
|
||||
|
||||
helpers.ensure_available('valgrind')
|
||||
helpers.make('clean-scheme', 'functest',
|
||||
TYPE=implementation.scheme.type,
|
||||
SCHEME=implementation.scheme.name,
|
||||
IMPLEMENTATION=implementation.name,
|
||||
EXTRAFLAGS='-fsanitize=address,undefined',
|
||||
EXTRAFLAGS='-g -fsanitize=address,undefined',
|
||||
working_dir=os.path.join('..', 'test'),
|
||||
env=env)
|
||||
helpers.run_subprocess(
|
||||
[os.path.join('..', 'bin', 'functest_{}_{}{}'.format(
|
||||
implementation.scheme.name,
|
||||
implementation.name,
|
||||
'.exe' if os.name == 'nt' else ''
|
||||
))],
|
||||
os.path.join('..', 'bin'),
|
||||
env=env,
|
||||
)
|
||||
# Remove files with ASAN library compiled in
|
||||
helpers.make('clean-scheme',
|
||||
TYPE=implementation.scheme.type,
|
||||
SCHEME=implementation.scheme.name,
|
||||
IMPLEMENTATION=implementation.name,
|
||||
working_dir=os.path.join('..', 'test'))
|
||||
try:
|
||||
helpers.run_subprocess(
|
||||
[os.path.join('..', 'bin', 'functest_{}_{}{}'.format(
|
||||
implementation.scheme.name,
|
||||
implementation.name,
|
||||
'.exe' if os.name == 'nt' else ''
|
||||
))],
|
||||
os.path.join('..', 'bin'),
|
||||
env=env,
|
||||
)
|
||||
except AssertionError as e:
|
||||
raise e
|
||||
finally:
|
||||
# Remove files with ASAN library compiled in
|
||||
helpers.make('clean-scheme',
|
||||
TYPE=implementation.scheme.type,
|
||||
SCHEME=implementation.scheme.name,
|
||||
IMPLEMENTATION=implementation.name,
|
||||
working_dir=os.path.join('..', 'test'))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
@ -16,6 +16,7 @@ def test_clang_tidy():
|
||||
yield check_tidy, implementation
|
||||
|
||||
|
||||
@helpers.skip_windows()
|
||||
def check_tidy(implementation: pqclean.Implementation):
|
||||
helpers.ensure_available('clang-tidy')
|
||||
cfiles = implementation.cfiles()
|
||||
|
Loading…
Reference in New Issue
Block a user