From abd01782193bb92fd93c19494ef72d5a8caa9240 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Mon, 7 Sep 2020 09:27:39 -0400 Subject: [PATCH] NTRU Prime: Get random bytes in one shot and use corresponding KATs --- crypto_kem/ntrulpr653/META.yml | 2 +- crypto_kem/ntrulpr653/avx2/kem.c | 18 ++---------------- crypto_kem/ntrulpr653/clean/kem.c | 18 ++---------------- crypto_kem/ntrulpr761/META.yml | 2 +- crypto_kem/ntrulpr761/avx2/kem.c | 18 ++---------------- crypto_kem/ntrulpr761/clean/kem.c | 18 ++---------------- crypto_kem/ntrulpr857/META.yml | 2 +- crypto_kem/ntrulpr857/avx2/kem.c | 18 ++---------------- crypto_kem/ntrulpr857/clean/kem.c | 18 ++---------------- crypto_kem/sntrup653/META.yml | 2 +- crypto_kem/sntrup653/avx2/kem.c | 22 ++++------------------ crypto_kem/sntrup653/clean/kem.c | 22 ++++------------------ crypto_kem/sntrup761/META.yml | 2 +- crypto_kem/sntrup761/avx2/kem.c | 22 ++++------------------ crypto_kem/sntrup761/clean/kem.c | 22 ++++------------------ crypto_kem/sntrup857/META.yml | 2 +- crypto_kem/sntrup857/avx2/kem.c | 22 ++++------------------ crypto_kem/sntrup857/clean/kem.c | 22 ++++------------------ 18 files changed, 42 insertions(+), 210 deletions(-) diff --git a/crypto_kem/ntrulpr653/META.yml b/crypto_kem/ntrulpr653/META.yml index 78ca966f..e89e5f9a 100644 --- a/crypto_kem/ntrulpr653/META.yml +++ b/crypto_kem/ntrulpr653/META.yml @@ -6,7 +6,7 @@ length-public-key: 897 length-secret-key: 1125 length-ciphertext: 1025 length-shared-secret: 32 -nistkat-sha256: 6f8be58bb5d9785a0693fa8d34f5d89193757e1244e26f6182372c3e6de84fb2 +nistkat-sha256: 1b24f14e46c7a2fe7d3b5b1d15f5d901311e1a94d64d35ee2e17a6deb7a75d61 principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/ntrulpr653/avx2/kem.c b/crypto_kem/ntrulpr653/avx2/kem.c index 98b7b970..b30045a5 100644 --- a/crypto_kem/ntrulpr653/avx2/kem.c +++ b/crypto_kem/ntrulpr653/avx2/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/ntrulpr653/clean/kem.c b/crypto_kem/ntrulpr653/clean/kem.c index 3b83e0e3..b56a30a6 100644 --- a/crypto_kem/ntrulpr653/clean/kem.c +++ b/crypto_kem/ntrulpr653/clean/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/ntrulpr761/META.yml b/crypto_kem/ntrulpr761/META.yml index 62529f47..d6f0523a 100644 --- a/crypto_kem/ntrulpr761/META.yml +++ b/crypto_kem/ntrulpr761/META.yml @@ -6,7 +6,7 @@ length-public-key: 1039 length-secret-key: 1294 length-ciphertext: 1167 length-shared-secret: 32 -nistkat-sha256: 212f68484864e927c674a656ea44ea0f47c048d0dd3518b102c98a9eacd16a72 +nistkat-sha256: 06aa733e296035f1f171c4f48d1700571979cb0ccb27a4c0479c3ca32684797f principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/ntrulpr761/avx2/kem.c b/crypto_kem/ntrulpr761/avx2/kem.c index 9836b530..81c07d81 100644 --- a/crypto_kem/ntrulpr761/avx2/kem.c +++ b/crypto_kem/ntrulpr761/avx2/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/ntrulpr761/clean/kem.c b/crypto_kem/ntrulpr761/clean/kem.c index ac6ed628..de3bbfbb 100644 --- a/crypto_kem/ntrulpr761/clean/kem.c +++ b/crypto_kem/ntrulpr761/clean/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/ntrulpr857/META.yml b/crypto_kem/ntrulpr857/META.yml index 0726373b..ff0749d3 100644 --- a/crypto_kem/ntrulpr857/META.yml +++ b/crypto_kem/ntrulpr857/META.yml @@ -6,7 +6,7 @@ length-public-key: 1184 length-secret-key: 1463 length-ciphertext: 1312 length-shared-secret: 32 -nistkat-sha256: cc8c8b8f3e31c07cce27c0e54c636884426593bf0f71c6e9215bde2ed3f516ef +nistkat-sha256: b5816d6156b856a42b9152322b23aca53db17c67c8b30ba660e1ff6d389d2608 principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/ntrulpr857/avx2/kem.c b/crypto_kem/ntrulpr857/avx2/kem.c index d1e3990e..540b4528 100644 --- a/crypto_kem/ntrulpr857/avx2/kem.c +++ b/crypto_kem/ntrulpr857/avx2/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/ntrulpr857/clean/kem.c b/crypto_kem/ntrulpr857/clean/kem.c index 4fb3e074..f07b1651 100644 --- a/crypto_kem/ntrulpr857/clean/kem.c +++ b/crypto_kem/ntrulpr857/clean/kem.c @@ -107,25 +107,11 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[p]; - int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); Short_fromlist(out, L); } diff --git a/crypto_kem/sntrup653/META.yml b/crypto_kem/sntrup653/META.yml index 1a72f374..c27eb1c1 100644 --- a/crypto_kem/sntrup653/META.yml +++ b/crypto_kem/sntrup653/META.yml @@ -6,7 +6,7 @@ length-public-key: 994 length-secret-key: 1518 length-ciphertext: 897 length-shared-secret: 32 -nistkat-sha256: 91dae8987131825001061f9d194bbfde53b3d17f3962f6992a3ec5fa3cf141d7 +nistkat-sha256: 0d8643f1c81a20f4de836542224c49f01a3d4498d612f98577d76710896ed7fc principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/sntrup653/avx2/kem.c b/crypto_kem/sntrup653/avx2/kem.c index 12c67d51..3c9a11e7 100644 --- a/crypto_kem/sntrup653/avx2/kem.c +++ b/crypto_kem/sntrup653/avx2/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } diff --git a/crypto_kem/sntrup653/clean/kem.c b/crypto_kem/sntrup653/clean/kem.c index c589097c..c5b3052a 100644 --- a/crypto_kem/sntrup653/clean/kem.c +++ b/crypto_kem/sntrup653/clean/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } diff --git a/crypto_kem/sntrup761/META.yml b/crypto_kem/sntrup761/META.yml index 0cc0b1a8..6f383db4 100644 --- a/crypto_kem/sntrup761/META.yml +++ b/crypto_kem/sntrup761/META.yml @@ -6,7 +6,7 @@ length-public-key: 1158 length-secret-key: 1763 length-ciphertext: 1039 length-shared-secret: 32 -nistkat-sha256: 2eba10673b9077530ba9c063d22f2534e415a6da42985c333c6baee133cc0ff1 +nistkat-sha256: afc42c3a5b10f4ef69654250097ebda9b9564570f4086744b24a6daf2bd1f89a principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/sntrup761/avx2/kem.c b/crypto_kem/sntrup761/avx2/kem.c index 4f579ffa..ff1672eb 100644 --- a/crypto_kem/sntrup761/avx2/kem.c +++ b/crypto_kem/sntrup761/avx2/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } diff --git a/crypto_kem/sntrup761/clean/kem.c b/crypto_kem/sntrup761/clean/kem.c index 87175305..ffc06b23 100644 --- a/crypto_kem/sntrup761/clean/kem.c +++ b/crypto_kem/sntrup761/clean/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } diff --git a/crypto_kem/sntrup857/META.yml b/crypto_kem/sntrup857/META.yml index b6ddd07e..ac3b2de4 100644 --- a/crypto_kem/sntrup857/META.yml +++ b/crypto_kem/sntrup857/META.yml @@ -6,7 +6,7 @@ length-public-key: 1322 length-secret-key: 1999 length-ciphertext: 1184 length-shared-secret: 32 -nistkat-sha256: eb63dfbd70483c57c558f00db8211a723255c0c86e395ab4ce88148a623b2d27 +nistkat-sha256: 8e58185a923122f15522eba1626f7f01f5bd5aa4503c1245df88f0e31a22d967 principal-submitters: - Daniel J. Bernstein - Chitchanok Chuengsatiansup diff --git a/crypto_kem/sntrup857/avx2/kem.c b/crypto_kem/sntrup857/avx2/kem.c index 97772835..7a1b2d52 100644 --- a/crypto_kem/sntrup857/avx2/kem.c +++ b/crypto_kem/sntrup857/avx2/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } diff --git a/crypto_kem/sntrup857/clean/kem.c b/crypto_kem/sntrup857/clean/kem.c index 057a17c6..48b14651 100644 --- a/crypto_kem/sntrup857/clean/kem.c +++ b/crypto_kem/sntrup857/clean/kem.c @@ -73,25 +73,12 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) { /* ----- higher-level randomness */ -static uint32 urandom32(void) { - unsigned char c[4]; - uint32 out[4]; - - randombytes(c, 4); - out[0] = (uint32)c[0]; - out[1] = ((uint32)c[1]) << 8; - out[2] = ((uint32)c[2]) << 16; - out[3] = ((uint32)c[3]) << 24; - return out[0] + out[1] + out[2] + out[3]; -} - static void Short_random(small *out) { uint32 L[ppadsort]; int i; - for (i = 0; i < ppadsort; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, 4 * p); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < w; ++i) { L[i] = L[i] & (uint32) - 2; } @@ -111,9 +98,8 @@ static void Small_random(small *out) { uint32 L[p]; int i; - for (i = 0; i < p; ++i) { - L[i] = urandom32(); - } + randombytes((unsigned char *) L, sizeof L); + crypto_decode_pxint32(L, (unsigned char *) L); for (i = 0; i < p; ++i) { out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); }