kris/pqc
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'nist-kat' into more-ntru

Browse Source
This commit is contained in:
Douglas Stebila 2019-04-16 21:00:30 -04:00
commit 51102e05ce
27 changed files with 54 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/pull_request_template.md vendored
View File

@ -2,7 +2,7 @@
<!-- Type some lines about your submission --> <!-- Type some lines about your submission -->
<!-- If you are not submitting a new scheme, we suggest removing the following lines -->
#### Manually checked properties #### Manually checked properties
<!-- These checkboxes serve for the maintainers of PQClean to verify your submission. Please do not check them yourself. --> <!-- These checkboxes serve for the maintainers of PQClean to verify your submission. Please do not check them yourself. -->

4
CONTRIBUTING.md
View File

@ -26,9 +26,8 @@ See the section [API](#API) below.
type: <kem|signature> type: <kem|signature>
claimed-nist-level: <N> claimed-nist-level: <N>
length-public-key: <N> # KEM and signature length-public-key: <N> # KEM and signature
length-secret-key: <N> # KEM and signature
length-ciphertext: <N> # KEM only length-ciphertext: <N> # KEM only
length-shared-secret: <N> # KEM only length-shared-secret: <N> # KEM only
length-signature: <N> # Signature only length-signature: <N> # Signature only
testvectors-sha256: sha256sum of output of testvectors testvectors-sha256: sha256sum of output of testvectors
principal-submitter: Eve principal-submitter: Eve
@ -38,6 +37,7 @@ See the section [API](#API) below.
- ... - ...
implementations: implementations:
- name: clean - name: clean
length-secret-key: <N> # KEM and signature
version: <some version indicator> version: <some version indicator>
``` ```

3
crypto_kem/frodokem1344aes/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

3
crypto_kem/frodokem1344shake/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

3
crypto_kem/frodokem640aes/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

3
crypto_kem/frodokem640shake/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

3
crypto_kem/frodokem976aes/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976AES_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

3
crypto_kem/frodokem976shake/clean/noise.c
View File

@ -16,7 +16,8 @@ void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
// Fills vector s with n samples from the noise distribution which requires 16 bits to sample. // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
// The distribution is specified by its CDF. // The distribution is specified by its CDF.
// Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output. // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.
size_t i, j; size_t i;
unsigned int j;
for (i = 0; i < n; ++i) { for (i = 0; i < n; ++i) {
uint8_t sample = 0; uint8_t sample = 0;

0
crypto_kem/ntruhps2048509/clean/api.h Executable file → Normal file
View File

2
crypto_kem/ntruhps2048509/clean/crypto_sort.c Executable file → Normal file
View File

@ -8,7 +8,7 @@
#define int32_MINMAX(a,b) \ #define int32_MINMAX(a,b) \
do { \ do { \
int32_t ab = (b) ^ (a); \ int32_t ab = (b) ^ (a); \
int32_t c = (b) - (a); \ int32_t c = (int32_t)((int64_t)(b) - (int64_t)(a)); \
c ^= ab & (c ^ (b)); \ c ^= ab & (c ^ (b)); \
c >>= 31; \ c >>= 31; \
c &= ab; \ c &= ab; \

0
crypto_kem/ntruhps2048509/clean/crypto_sort.h Executable file → Normal file
View File

5
crypto_kem/ntruhps2048509/clean/kem.c Executable file → Normal file
View File

@ -37,7 +37,6 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
int i, fail; int i, fail;
uint8_t rm[NTRU_OWCPA_MSGBYTES]; uint8_t rm[NTRU_OWCPA_MSGBYTES];
uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES]; uint8_t buf[NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES];
uint8_t *cmp = buf + NTRU_PRFKEYBYTES;
fail = PQCLEAN_NTRUHPS2048509_CLEAN_owcpa_dec(rm, c, sk); fail = PQCLEAN_NTRUHPS2048509_CLEAN_owcpa_dec(rm, c, sk);
/* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */ /* If fail = 0 then c = Enc(h, rm), there is no need to re-encapsulate. */
@ -50,9 +49,9 @@ int PQCLEAN_NTRUHPS2048509_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, co
buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES]; buf[i] = sk[i + NTRU_OWCPA_SECRETKEYBYTES];
} }
for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) { for (i = 0; i < NTRU_CIPHERTEXTBYTES; i++) {
cmp[i] = c[i]; buf[NTRU_PRFKEYBYTES + i] = c[i];
} }
sha3_256(rm, cmp, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES); sha3_256(rm, buf, NTRU_PRFKEYBYTES + NTRU_CIPHERTEXTBYTES);
PQCLEAN_NTRUHPS2048509_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail); PQCLEAN_NTRUHPS2048509_CLEAN_cmov(k, rm, NTRU_SHAREDKEYBYTES, (unsigned char) fail);

0
crypto_kem/ntruhps2048509/clean/owcpa.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/owcpa.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/pack3.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/packq.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/params.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/poly.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/poly.h Executable file → Normal file
View File

10
crypto_kem/ntruhps2048509/clean/sample.c Executable file → Normal file
View File

@ -25,15 +25,15 @@ void PQCLEAN_NTRUHPS2048509_CLEAN_sample_iid(poly *r, const unsigned char unifor
void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) { void PQCLEAN_NTRUHPS2048509_CLEAN_sample_fixed_type(poly *r, const unsigned char u[NTRU_SAMPLE_FT_BYTES]) {
// Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8) // Assumes NTRU_SAMPLE_FT_BYTES = ceil(30*(n-1)/8)
int32_t s[NTRU_N - 1]; uint32_t s[NTRU_N - 1];
int i; int i;
// Use 30 bits of u per word // Use 30 bits of u per word
for (i = 0; i < (NTRU_N - 1) / 4; i++) { for (i = 0; i < (NTRU_N - 1) / 4; i++) {
s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + (u[15 * i + 3] << 26); s[4 * i + 0] = (u[15 * i + 0] << 2) + (u[15 * i + 1] << 10) + (u[15 * i + 2] << 18) + ((uint32_t)u[15 * i + 3] << 26);
s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + (u[15 * i + 7] << 28); s[4 * i + 1] = ((u[15 * i + 3] & 0xc0) >> 4) + (u[15 * i + 4] << 4) + (u[15 * i + 5] << 12) + (u[15 * i + 6] << 20) + ((uint32_t)u[15 * i + 7] << 28);
s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + (u[15 * i + 11] << 30); s[4 * i + 2] = ((u[15 * i + 7] & 0xf0) >> 2) + (u[15 * i + 8] << 6) + (u[15 * i + 9] << 14) + (u[15 * i + 10] << 22) + ((uint32_t)u[15 * i + 11] << 30);
s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + (u[15 * i + 14] << 24); s[4 * i + 3] = (u[15 * i + 11] & 0xfc) + (u[15 * i + 12] << 8) + (u[15 * i + 13] << 15) + ((uint32_t)u[15 * i + 14] << 24);
} }
for (i = 0; i < NTRU_WEIGHT / 2; i++) { for (i = 0; i < NTRU_WEIGHT / 2; i++) {

0
crypto_kem/ntruhps2048509/clean/sample.h Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/verify.c Executable file → Normal file
View File

0
crypto_kem/ntruhps2048509/clean/verify.h Executable file → Normal file
View File

2
crypto_sign/sphincs-shake256-128f-simple/clean/wots.c
View File

@ -68,7 +68,7 @@ static void base_w(unsigned int *output, const size_t out_len,
bits += 8; bits += 8;
} }
bits -= SPX_WOTS_LOGW; bits -= SPX_WOTS_LOGW;
output[out] = (total >> bits) & (SPX_WOTS_W - 1); output[out] = (unsigned int)((total >> bits) & (SPX_WOTS_W - 1));
out++; out++;
} }
} }

4
test/Makefile
View File

@ -73,3 +73,7 @@ clean:
$(RM) $(DEST_DIR)/test_aes $(RM) $(DEST_DIR)/test_aes
$(RM) $(DEST_DIR)/test_fips202 $(RM) $(DEST_DIR)/test_fips202
$(RM) $(DEST_DIR)/test_sha2 $(RM) $(DEST_DIR)/test_sha2
.PHONY: distclean
distclean:
$(RM) -r $(DEST_DIR)

45
test/test_functest.py
View File

@ -14,14 +14,14 @@ import helpers
def test_functest(): def test_functest():
for scheme in pqclean.Scheme.all_schemes(): for scheme in pqclean.Scheme.all_schemes():
for implementation in scheme.implementations: for implementation in scheme.implementations:
if helpers.permit_test('functest', implementation): if helpers.permit_test('functest', implementation):
yield check_functest, implementation yield check_functest, implementation
def test_functest_sanitizers(): def test_functest_sanitizers():
for scheme in pqclean.Scheme.all_schemes(): for scheme in pqclean.Scheme.all_schemes():
for implementation in scheme.implementations: for implementation in scheme.implementations:
if helpers.permit_test('functest_sanitizers', implementation): if helpers.permit_test('functest_sanitizers', implementation):
yield check_functest_sanitizers, implementation yield check_functest_sanitizers, implementation
@ -41,39 +41,44 @@ def check_functest(implementation):
) )
@helpers.skip_windows @helpers.skip_windows()
def check_functest_sanitizers(implementation): def check_functest_sanitizers(implementation):
env = None env = None
if platform.machine() == 'ppc' and os.environ.get('CC', 'gcc') == 'clang': if platform.machine() == 'ppc' and os.environ.get('CC', 'gcc') == 'clang':
raise unittest.SkipTest("Clang does not support ASAN on ppc") raise unittest.SkipTest("Clang does not support ASAN on ppc")
elif platform.machine() in ['armv7l', 'aarch64']: elif platform.machine() in ['armv7l', 'aarch64']:
env = {'ASAN_OPTIONS': 'detect_leaks=0'} env = {'ASAN_OPTIONS': 'detect_leaks=0'}
elif platform.system() == 'Darwin':
raise unittest.SkipTest('valgrind is not reliable on OSX')
else: else:
print("Supported platform: {}".format(platform.machine())) print("Supported platform: {}".format(platform.machine()))
helpers.ensure_available('valgrind')
helpers.make('clean-scheme', 'functest', helpers.make('clean-scheme', 'functest',
TYPE=implementation.scheme.type, TYPE=implementation.scheme.type,
SCHEME=implementation.scheme.name, SCHEME=implementation.scheme.name,
IMPLEMENTATION=implementation.name, IMPLEMENTATION=implementation.name,
EXTRAFLAGS='-fsanitize=address,undefined', EXTRAFLAGS='-g -fsanitize=address,undefined',
working_dir=os.path.join('..', 'test'), working_dir=os.path.join('..', 'test'),
env=env) env=env)
helpers.run_subprocess( try:
[os.path.join('..', 'bin', 'functest_{}_{}{}'.format( helpers.run_subprocess(
implementation.scheme.name, [os.path.join('..', 'bin', 'functest_{}_{}{}'.format(
implementation.name, implementation.scheme.name,
'.exe' if os.name == 'nt' else '' implementation.name,
))], '.exe' if os.name == 'nt' else ''
os.path.join('..', 'bin'), ))],
env=env, os.path.join('..', 'bin'),
) env=env,
# Remove files with ASAN library compiled in )
helpers.make('clean-scheme', except AssertionError as e:
TYPE=implementation.scheme.type, raise e
SCHEME=implementation.scheme.name, finally:
IMPLEMENTATION=implementation.name, # Remove files with ASAN library compiled in
working_dir=os.path.join('..', 'test')) helpers.make('clean-scheme',
TYPE=implementation.scheme.type,
SCHEME=implementation.scheme.name,
IMPLEMENTATION=implementation.name,
working_dir=os.path.join('..', 'test'))
if __name__ == '__main__': if __name__ == '__main__':

1
test/test_linter.py
View File

@ -16,6 +16,7 @@ def test_clang_tidy():
yield check_tidy, implementation yield check_tidy, implementation
@helpers.skip_windows()
def check_tidy(implementation: pqclean.Implementation): def check_tidy(implementation: pqclean.Implementation):
helpers.ensure_available('clang-tidy') helpers.ensure_available('clang-tidy')
cfiles = implementation.cfiles() cfiles = implementation.cfiles()