Commit Graph

38 Commits

Author SHA1 Message Date
Matthias J. Kannwischer
3d7d2024fa
FrodoKEM: Fix bug in the output of the ct_verify function (#367)
* Fix bug in the output of the ct_verify function

A bug in the CCA transformation was reported on the pqc-forum on 2020-12-10
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/kSUKzDNc5ME

It was fixed today in 669522db63.
This commit ports that fix to PQClean

* add note to SECURITY.md

* update upstream commit in META.yml
2020-12-14 10:39:10 -05:00
Thom Wiggers
cdd11413f3
Fix missed overflowing mul in FrodoKEM
It happened in another place
2020-11-24 11:50:33 +01:00
Thom Wiggers
6d0684df63
Fix more overflowing muls in Frodo 2020-11-19 07:48:32 +01:00
Thom Wiggers
01f709ac33
Also fix problem in FrodoKEM-SHAKE 2020-11-18 09:05:35 +01:00
Thom Wiggers
3efcd2b186
Fix overflowing multiplication in FrodoKEM AES 2020-11-17 12:25:34 +01:00
John M. Schanck
9064186cdb astyle 2020-09-17 07:19:31 -04:00
John M. Schanck
a59cf4cba7 frodo: satisfy test_boolean 2020-09-17 07:19:31 -04:00
Douglas Stebila
ae1530d192 Fix timing leak in decapsulation.
As identified in: Qian Guo, Thomas Johansson, Alexander Nilsson. A 
key-recovery timing attack on post-quantum primitives using the 
Fujisaki-Okamoto transformation and its application on FrodoKEM. In 
CRYPTO 2020.

Based on 
155c24c3df
2020-06-19 13:15:13 -04:00
Thom Wiggers
db0d5800c5
Merge pull request #279 from PQClean/ds-aes-keyexp
Split aes*_keyexp up into ecb and ctr variants
2020-04-03 10:00:50 +02:00
Douglas Stebila
585a001fda Split aes*_keyexp up into ecb and ctr variants 2020-03-26 20:18:02 -04:00
Thom Wiggers
35e4b0faa1
fixup! Fix uint8_t to uint16_t upcast in Frodo 2020-03-13 16:30:01 -04:00
Thom Wiggers
5436ec0476
Fix uint8_t to uint16_t upcast in Frodo 2020-03-13 15:58:15 -04:00
Thom Wiggers
f792b925b4 Enable optimizers on Windows (#244) 2019-10-21 14:23:59 +02:00
Thom Wiggers
2108bdcdb5
Make a static global explicitly const 2019-07-18 13:42:37 +02:00
Douglas Stebila
4157e0fbad Add release function for AES key schedule 2019-06-25 09:37:23 -04:00
Thom Wiggers
4cea81d15f
Convert principal-submitter into a list
There are schemes, like SABER (#192) that have more than one principal
submitter. Consistency warrants that we turn it into a list for all
schemes and don't do something with allowing either a str or a list:
that would just be very annoying to parse.

Closes #194
2019-06-21 09:30:55 +02:00
Douglas Stebila
9a82706697
Merge pull request #176 from PQClean/frodoopt
Add optimized FrodoKEM
2019-05-22 11:45:20 +02:00
Matthias J. Kannwischer
743b28f7a8 make VS compiler happy in matrix_aes.c 2019-05-22 07:31:03 +02:00
Matthias J. Kannwischer
cf8e4e5179 add optimized frodokem640aes 2019-05-21 15:46:59 +02:00
Thom Wiggers
199adb8072
Add -Wredundant-decls 2019-05-20 16:12:01 +02:00
Matthias J. Kannwischer
0127ba93f5 Add IND-CPA/IND-CCA2 security field to METADATA. add test for it as well (#165) 2019-05-13 11:20:32 -04:00
Douglas Stebila
3494c96e53
Update to latest changes from upstream, fix correctness on MS Visual Studio (#163) 2019-05-05 18:33:34 -04:00
Douglas Stebila
6e1f66d047
Don't run testvectors checks on KEMs (#161) 2019-04-30 11:15:57 -04:00
Joost Rijneveld
68b12866ce
Use more standard Wvla 2019-04-24 13:52:02 +02:00
Joost Rijneveld
e32666a0ab
Throw errors when using variable-length arrays
Windows already complains about this in CI, but this will
let us catch these issues on Linux as well.
2019-04-24 12:35:17 +02:00
Joost Rijneveld
baf93e2826
Merge pull request #146 from PQClean/move-secret-key-to-scheme-meta
Move secret key length back to scheme-level META
2019-04-18 17:14:08 +02:00
Thom Wiggers
b5d4e93478
Add -O3 to CFLAGS 2019-04-17 11:56:16 +02:00
Joost Rijneveld
972315dec5
Move secret key length back to scheme-level META 2019-04-17 11:08:45 +02:00
Douglas Stebila
c0cf260113 Merge branch 'master' into nist-kat 2019-04-16 16:20:31 -04:00
Thom Wiggers
eb5f7f1e57
Fix int/size_t comparison in frodo 2019-04-16 13:37:50 +02:00
Douglas Stebila
c42619d855 Merge branch 'master' into nist-kat 2019-04-14 19:28:59 -04:00
Douglas Stebila
ff71e7de11 Correct FrodoKEM submitter list 2019-04-14 17:38:53 -04:00
Douglas Stebila
8e7cf2b5cd Fix linter complaints 2019-04-14 17:29:58 -04:00
Douglas Stebila
a815543f32 Add NIST KAT check for KEMs 2019-04-14 17:17:11 -04:00
Matthias J. Kannwischer
5587cdb4a8 Add -Wmissing-prototypes (#109)
* fix prototypes for sphincs and static functions in aes.c

* fix missing prototypes in all frodo variants

* fix missing prototypes in kyber

* remove const from non-pointer arguments in Frodo

* add missing prototypes to requirements in README
2019-04-13 11:47:29 -04:00
Douglas Stebila
6ca367e2e6 Apply astyle 2019-04-11 08:18:49 -04:00
Douglas Stebila
7e8bd90d8c Fix Windows compiler warnings and endianness 2019-04-10 12:21:53 -04:00
Douglas Stebila
e9427afeb2 Add FrodoKEM-640-AES 2019-04-10 11:51:09 -04:00