kris/pqcrypto
1
1
Fork 0
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-22 15:39:07 +00:00
Code Issues 1 Releases Wiki Activity

Prepare for round 3 update with packaging script

Browse Source
This commit is contained in:
John M. Schanck 2020-10-26 20:05:07 -04:00 committed by Kris Kwiatkowski
parent 7df37208d6
commit 60111b36b2
344 changed files with 3564 additions and 2443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto_kem/kyber1024-90s/META.yml
View File

@ -21,14 +21,14 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: clean
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
- name: avx2
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Linux
- Darwin
required_flags:
- aes
- avx2

41
crypto_kem/kyber1024-90s/avx2/Makefile
View File

@ -1,44 +1,11 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024-90s_avx2.a
HEADERS= \
aes256ctr.h \
align.h \
api.h \
cbd.h \
cdecl.inc \
consts.h \
fq.inc \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
rejsample.h \
shuffle.inc \
symmetric.h \
verify.h
OBJECTS= \
aes256ctr.o \
basemul.o \
cbd.o \
consts.o \
fq.o \
indcpa.o \
invntt.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
rejsample.o \
shuffle.o \
verify.o
HEADERS=aes256ctr.h align.h api.h cbd.h cdecl.h consts.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h fq.inc shuffle.inc
OBJECTS=aes256ctr.o cbd.o consts.o indcpa.o kem.o poly.o polyvec.o rejsample.o verify.o basemul.o fq.o invntt.o ntt.o shuffle.o
CFLAGS=-mavx2 -maes -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-Wmissing-prototypes -Wredundant-decls -std=c99 \
-I../../../common $(EXTRAFLAGS)
-Wmissing-prototypes -Wredundant-decls -std=c99 \
-I../../../common $(EXTRAFLAGS)
all: $(LIB)

16
crypto_kem/kyber1024-90s/avx2/aes256ctr.c
View File

@ -1,3 +1,7 @@
#include "aes256ctr.h"
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
/*
Based heavily on public-domain code by Romain Dolbeau
Different handling of nonce+counter than original version
@ -5,10 +9,6 @@
Public Domain
*/
#include "aes256ctr.h"
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
static inline void aesni_encrypt4(uint8_t out[64],
__m128i *n,
@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
size_t nblocks,
aes256ctr_ctx *state) {
size_t i = 0;
size_t i;
for (i = 0; i < nblocks; i++) {
aesni_encrypt4(out, &state->n, state->rkeys);
out += 64;
@ -123,13 +123,13 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
size_t outlen,
const uint8_t seed[32],
const uint8_t key[32],
uint64_t nonce) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[64];
aes256ctr_ctx state;
PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, seed, nonce);
PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, key, nonce);
while (outlen >= 64) {
aesni_encrypt4(out, &state.n, state.rkeys);

20
crypto_kem/kyber1024-90s/avx2/aes256ctr.h
View File

@ -1,11 +1,10 @@
#ifndef AES256CTR_H
#define AES256CTR_H
#ifndef PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
#define PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
#define AES256CTR_NAMESPACE(s) pqcrystals_aes256ctr_avx2##s
#define AES256CTR_BLOCKBYTES 64
@ -14,8 +13,17 @@ typedef struct {
__m128i n;
} aes256ctr_ctx;
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t seed[32], uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state,
const uint8_t key[32],
uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
size_t nblocks,
aes256ctr_ctx *state);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
size_t outlen,
const uint8_t key[32],
uint64_t nonce);
#endif

1
crypto_kem/kyber1024-90s/avx2/align.h
View File

@ -1,5 +1,6 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_ALIGN_H
#define PQCLEAN_KYBER102490S_AVX2_ALIGN_H
#include <immintrin.h>
#define ALIGN16_TYPE(t) \

1
crypto_kem/kyber1024-90s/avx2/api.h
View File

@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uin
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

6
crypto_kem/kyber1024-90s/avx2/basemul.S
View File

@ -1,5 +1,5 @@
#include "cdecl.h"
#include "params.h"
#include "cdecl.inc"
.macro schoolbook off,sign
#load
@ -165,7 +165,9 @@ vmovdqa %ymm5,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1
@ -215,7 +217,9 @@ vmovdqa %ymm12,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1

4
crypto_kem/kyber1024-90s/avx2/cbd.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,7 +14,7 @@
* - const unsigned char *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
unsigned int i = 0;
unsigned int i;
__m256i vec0, vec1, vec2, vec3, tmp;
const __m256i mask55 = _mm256_set1_epi32(0x55555555);
const __m256i mask33 = _mm256_set1_epi32(0x33333333);

2
crypto_kem/kyber1024-90s/avx2/cbd.h
View File

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_CBD_H
#define PQCLEAN_KYBER102490S_AVX2_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

10
crypto_kem/kyber1024-90s/avx2/cdecl.inc → crypto_kem/kyber1024-90s/avx2/cdecl.h
View File

@ -1,5 +1,5 @@
#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
#define PQCLEAN_DILITHIUM2_AVX2_CDECL
#ifndef PQCLEAN_KYBER102490S_AVX2_CDECL_H
#define PQCLEAN_KYBER102490S_AVX2_CDECL_H
#define _16XQ 0
#define _16XQINV 16
@ -21,10 +21,6 @@
* This define helps us get around this
*/
#if defined(__WIN32__) || defined(__APPLE__)
#define cdecl(s) _##s
#else
#define _cdecl(s) _##s
#define cdecl(s) s
#endif
#endif

2
crypto_kem/kyber1024-90s/avx2/consts.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "consts.h"
#include "params.h"
#include <stdint.h>
#define Q KYBER_Q

5
crypto_kem/kyber1024-90s/avx2/consts.h
View File

@ -1,12 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_CONSTS_H
#define PQCLEAN_KYBER102490S_AVX2_CONSTS_H
#include "cdecl.inc"
#include "cdecl.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
#define ALIGNED_UINT16_T(N) \
union { \
__m256i as_vec; \

8
crypto_kem/kyber1024-90s/avx2/fq.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.text
@ -35,7 +35,9 @@ vmovdqa %ymm9,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XV*2(%rsi),%ymm1
@ -77,7 +79,9 @@ vmovdqa %ymm8,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
call csubq128_avx
@ -118,7 +122,9 @@ vmovdqa %ymm10,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XMONTSQLO*2(%rsi),%ymm1

14
crypto_kem/kyber1024-90s/avx2/indcpa.c
View File

@ -25,7 +25,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
#define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0, i = 0, j = 0;
unsigned int ctr, i, j;
ALIGN16_TYPE(uint64_t) nonce = {.orig = 0};
ALIGN32_ARRAY(uint8_t, GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES) buf;
aes256ctr_ctx state;
@ -211,7 +211,7 @@ void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_S
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
const uint8_t *publicseed = buf.arr;
const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@ -276,7 +276,7 @@ void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
polyvec sp, pkpv, ep, at[KYBER_K], bp;
poly v, k, epp;

14
crypto_kem/kyber1024-90s/avx2/indcpa.h
View File

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_INDCPA_H
#define PQCLEAN_KYBER102490S_AVX2_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

4
crypto_kem/kyber1024-90s/avx2/invntt.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -210,7 +210,9 @@ vmovdqa %ymm7,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

9
crypto_kem/kyber1024-90s/avx2/kem.c
View File

@ -8,7 +8,6 @@
#include <stddef.h>
#include <stdint.h>
/*************************************************
* Name: PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair
*
@ -23,7 +22,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -94,8 +93,8 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
/* Will contain key, coins */
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@ -119,7 +118,7 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
/* Overwrite pre-k with z on re-encryption failure */
PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
/* hash concatenation of pre-k and H(c) to k */
kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

3
crypto_kem/kyber1024-90s/avx2/kem.h
View File

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_KEM_H
#define PQCLEAN_KYBER102490S_AVX2_KEM_H
#include "params.h"
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

4
crypto_kem/kyber1024-90s/avx2/ntt.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -203,7 +203,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

26
crypto_kem/kyber1024-90s/avx2/ntt.h
View File

@ -1,28 +1,24 @@
#ifndef NTT_H
#define NTT_H
#ifndef PQCLEAN_KYBER102490S_AVX2_NTT_H
#define PQCLEAN_KYBER102490S_AVX2_NTT_H
#include "consts.h"
#include "params.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
#endif

3
crypto_kem/kyber1024-90s/avx2/params.h
View File

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_PARAMS_H
#define PQCLEAN_KYBER102490S_AVX2_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

22
crypto_kem/kyber1024-90s/avx2/poly.c
View File

@ -19,7 +19,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
unsigned int i = 0, j = 0;
unsigned int i, j;
uint8_t t[8];
PQCLEAN_KYBER102490S_AVX2_poly_csubq(a);
@ -50,9 +50,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *restrict r,
const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
unsigned int i;
unsigned int j = 0;
unsigned int j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
#define FROMMSG64(i) \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_sllv_epi32(g3,shift); \
g3 = _mm256_shuffle_epi8(g3,idx); \
g0 = _mm256_slli_epi16(g3,12); \
@ -136,9 +136,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
g2 = _mm256_permute2x128_si256(h0,h1,0x31); \
g1 = _mm256_permute2x128_si256(h2,h3,0x20); \
g3 = _mm256_permute2x128_si256(h2,h3,0x31); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
f = _mm256_load_si256((__m256i *)msg);
@ -157,8 +157,8 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
unsigned int i = 0;
uint32_t small = 0;
unsigned int i;
uint32_t small;
__m256i f0, f1, g0, g1;
const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@ -293,7 +293,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {
@ -314,7 +314,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {

17
crypto_kem/kyber1024-90s/avx2/poly.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_POLY_H
#define PQCLEAN_KYBER102490S_AVX2_POLY_H
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,43 +13,27 @@ typedef union {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER102490S_AVX2_poly_ntt(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_nttunpack(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_AVX2_poly_tomont(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_reduce(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
#endif

28
crypto_kem/kyber1024-90s/avx2/polyvec.c
View File

@ -1,6 +1,6 @@
#include "params.h"
#include "consts.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "polyvec.h"
#include <stdint.h>
@ -16,7 +16,7 @@
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
polyvec *restrict a) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(a);
@ -24,10 +24,8 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (t[0] >> 0);
@ -58,7 +56,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -90,7 +88,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -107,7 +105,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], po
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -121,7 +119,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYB
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_ntt(&r->vec[i]);
}
@ -136,7 +134,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(&r->vec[i]);
}
@ -155,7 +153,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER102490S_AVX2_qdata);
PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER102490S_AVX2_qdata);
}
/*************************************************
@ -168,7 +166,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_reduce(&r->vec[i]);
}
@ -185,7 +183,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_csubq(&r->vec[i]);
}
@ -201,7 +199,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

11
crypto_kem/kyber1024-90s/avx2/polyvec.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
#define PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

12
crypto_kem/kyber1024-90s/avx2/reduce.h
View File

@ -1,16 +1,10 @@
#ifndef REDUCE_H
#define REDUCE_H
#ifndef PQCLEAN_KYBER102490S_AVX2_REDUCE_H
#define PQCLEAN_KYBER102490S_AVX2_REDUCE_H
#include "consts.h"
#include <stdint.h>
#include "consts.h"
#include "params.h"
int16_t PQCLEAN_KYBER102490S_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
int16_t PQCLEAN_KYBER102490S_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
int16_t PQCLEAN_KYBER102490S_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
#endif

9
crypto_kem/kyber1024-90s/avx2/rejsample.c
View File

@ -2,6 +2,7 @@
#include "consts.h"
#include "params.h"
#include "rejsample.h"
#include <immintrin.h>
#include <stdint.h>
static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
#define REJ_UNIFORM_BUFLEN 576
unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
const uint8_t *restrict buf) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
uint32_t good = 0;
unsigned int ctr, pos;
uint16_t val;
uint32_t good;
const __m256i bound = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
const __m256i ones = _mm256_set1_epi8(1);
const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER102490S_AVX2_qdata.as_arr[_16XQ]);
@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
//g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
//g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
//g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
/* Barrett reduction of (still unsigned) values */
g2 = _mm256_mulhi_epu16(f0, v);

6
crypto_kem/kyber1024-90s/avx2/rejsample.h
View File

@ -1,10 +1,8 @@
#ifndef REJSAMPLE_H
#define REJSAMPLE_H
#ifndef PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
#define PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
#include "params.h"
#include <stdint.h>
unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *r,
const unsigned char *buf);

8
crypto_kem/kyber1024-90s/avx2/shuffle.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.include "shuffle.inc"
@ -92,7 +92,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
call nttunpack128_avx
add $256,%rdi
call nttunpack128_avx
@ -169,7 +171,9 @@ vmovdqu %ymm9,160(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
#consts
vmovdqa _16XQ*2(%rdx),%ymm0
call ntttobytes128_avx
@ -245,7 +249,9 @@ vmovdqa %ymm1,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
#consts
vmovdqa _16XMASK*2(%rdx),%ymm0
call nttfrombytes128_avx

9
crypto_kem/kyber1024-90s/avx2/symmetric.h
View File

@ -1,13 +1,12 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
#define PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
#include "aes256ctr.h"
#include "params.h"
#include "sha2.h"
#include <stddef.h>
#include <stdint.h>
#include "aes256ctr.h"
#include "sha2.h"
typedef aes256ctr_ctx xof_state;

6
crypto_kem/kyber1024-90s/avx2/verify.c
View File

@ -15,8 +15,8 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t pos = 0;
uint64_t r = 0;
size_t pos;
uint64_t r;
__m256i avec, bvec, cvec;
cvec = _mm256_setzero_si256();
@ -53,7 +53,7 @@ int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t
* unsigned char b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
size_t pos = 0;
size_t pos;
__m256i xvec, rvec, bvec;
b = -b;

3
crypto_kem/kyber1024-90s/avx2/verify.h
View File

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_VERIFY_H
#define PQCLEAN_KYBER102490S_AVX2_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

25
crypto_kem/kyber1024-90s/clean/Makefile
View File

@ -1,29 +1,8 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024-90s_clean.a
HEADERS= \
api.h \
cbd.h \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
symmetric-aes.h \
symmetric.h \
verify.h
OBJECTS= \
cbd.o \
indcpa.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
reduce.o \
verify.o \
symmetric-aes.o
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric-aes.h symmetric.h verify.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-aes.o verify.o
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)

2
crypto_kem/kyber1024-90s/clean/Makefile.Microsoft_nmake
View File

@ -2,7 +2,7 @@
# nmake /f Makefile.Microsoft_nmake
LIBRARY=libkyber1024-90s_clean.lib
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-aes.obj
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-aes.obj verify.obj
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as

1
crypto_kem/kyber1024-90s/clean/api.h
View File

@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const ui
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

10
crypto_kem/kyber1024-90s/clean/cbd.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <stdint.h>
/*************************************************
@ -13,7 +13,7 @@
* Returns 32-bit unsigned integer loaded from x
**************************************************/
static uint32_t load32_littleendian(const uint8_t x[4]) {
uint32_t r = 0;
uint32_t r;
r = (uint32_t)x[0];
r |= (uint32_t)x[1] << 8;
r |= (uint32_t)x[2] << 16;
@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
* - const uint8_t *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
unsigned int i = 0, j = 0;
uint32_t t = 0, d = 0;
int16_t a = 0, b = 0;
unsigned int i, j;
uint32_t t, d;
int16_t a, b;
for (i = 0; i < KYBER_N / 8; i++) {
t = load32_littleendian(buf + 4 * i);

2
crypto_kem/kyber1024-90s/clean/cbd.h
View File

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_CBD_H
#define PQCLEAN_KYBER102490S_CLEAN_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

15
crypto_kem/kyber1024-90s/clean/indcpa.c
View File

@ -22,7 +22,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
// Not static for benchmarking
void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0;
uint8_t i = 0, j = 0;
unsigned int ctr, i, j;
uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
xof_state state;
@ -208,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[2 * KYBER_SYMBYTES];
const uint8_t *publicseed = buf;
const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@ -264,7 +263,7 @@ void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t seed[KYBER_SYMBYTES];
uint8_t nonce = 0;
polyvec sp, pkpv, ep, at[KYBER_K], bp;

14
crypto_kem/kyber1024-90s/clean/indcpa.h
View File

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
#define PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

6
crypto_kem/kyber1024-90s/clean/kem.c
View File

@ -21,7 +21,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -92,8 +92,8 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
uint8_t buf[2 * KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2 * KYBER_SYMBYTES];

3
crypto_kem/kyber1024-90s/clean/kem.h
View File

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_KEM_H
#define PQCLEAN_KYBER102490S_CLEAN_KEM_H
#include "params.h"
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

15
crypto_kem/kyber1024-90s/clean/ntt.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "ntt.h"
#include "params.h"
#include "reduce.h"
#include <stdint.h>
@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
* of Zq
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
unsigned int len = 0, start = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int len, start, j, k;
int16_t t, zeta;
k = 1;
for (len = 128; len >= 2; len >>= 1) {
@ -116,8 +116,8 @@ void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
* of Zq
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
unsigned int start = 0, len = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int start, len, j, k;
int16_t t, zeta;
k = 0;
for (len = 2; len <= 128; len <<= 1) {
@ -148,7 +148,10 @@ void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
* - const int16_t b[2]: pointer to the second factor
* - int16_t zeta: integer defining the reduction polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta) {
r[0] = fqmul(a[1], b[1]);
r[0] = fqmul(r[0], zeta);
r[0] += fqmul(a[0], b[0]);

11
crypto_kem/kyber1024-90s/clean/ntt.h
View File

@ -1,22 +1,19 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_NTT_H
#define PQCLEAN_KYBER102490S_CLEAN_NTT_H
#include "params.h"
#include <stdint.h>
extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas[128];
extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas_inv[128];
void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]);
void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]);
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta);
#endif

3
crypto_kem/kyber1024-90s/clean/params.h
View File

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
#define PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

34
crypto_kem/kyber1024-90s/clean/poly.c
View File

@ -1,6 +1,6 @@
#include "params.h"
#include "cbd.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "reduce.h"
#include "symmetric.h"
@ -16,7 +16,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a) {
unsigned int i = 0, j = 0;
size_t i, j;
uint8_t t[8];
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -46,9 +46,9 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTE
* (of length KYBER_POLYCOMPRESSEDBYTES bytes)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
size_t i;
unsigned int j = 0;
size_t j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -77,8 +77,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_P
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) {
unsigned int i = 0;
uint16_t t0 = 0, t1 = 0;
size_t i;
uint16_t t0, t1;
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -102,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a
* (of KYBER_POLYBYTES bytes)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N / 2; i++) {
r->coeffs[2 * i] = ((a[3 * i + 0] >> 0) | ((uint16_t)a[3 * i + 1] << 8)) & 0xFFF;
r->coeffs[2 * i + 1] = ((a[3 * i + 1] >> 4) | ((uint16_t)a[3 * i + 2] << 4)) & 0xFFF;
@ -118,8 +118,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_PO
* - const uint8_t *msg: pointer to input message
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]) {
unsigned int i = 0, j = 0;
int16_t mask = 0;
size_t i, j;
int16_t mask;
for (i = 0; i < KYBER_N / 8; i++) {
for (j = 0; j < 8; j++) {
@ -138,8 +138,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_IN
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a) {
unsigned int i = 0, j = 0;
uint16_t t = 0;
size_t i, j;
uint16_t t;
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -207,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N / 4; i++) {
PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i], &a->coeffs[4 * i], &b->coeffs[4 * i], PQCLEAN_KYBER102490S_CLEAN_zetas[64 + i]);
PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i + 2], &a->coeffs[4 * i + 2], &b->coeffs[4 * i + 2],
@ -224,7 +224,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
unsigned int i = 0;
size_t i;
const int16_t f = (1ULL << 32) % KYBER_Q;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce((int32_t)r->coeffs[i] * f);
@ -240,7 +240,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(r->coeffs[i]);
}
@ -256,7 +256,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_csubq(r->coeffs[i]);
}
@ -272,7 +272,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = a->coeffs[i] + b->coeffs[i];
}
@ -288,7 +288,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b)
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = a->coeffs[i] - b->coeffs[i];
}

16
crypto_kem/kyber1024-90s/clean/poly.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_POLY_H
#define PQCLEAN_KYBER102490S_CLEAN_POLY_H
#include "params.h"
#include <stdint.h>
@ -12,41 +11,26 @@ typedef struct {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER102490S_CLEAN_poly_ntt(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
#endif

26
crypto_kem/kyber1024-90s/clean/polyvec.c
View File

@ -13,7 +13,7 @@
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a) {
unsigned int i = 0, j = 0, k = 0;
unsigned int i, j, k;
PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(a);
@ -21,10 +21,8 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (uint8_t)(t[0] >> 0);
@ -55,7 +53,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
unsigned int i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -87,7 +85,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -104,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], p
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -118,7 +116,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KY
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_ntt(&r->vec[i]);
}
@ -133,7 +131,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(&r->vec[i]);
}
@ -152,7 +150,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
unsigned int i = 0;
unsigned int i;
poly t;
PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(r, &a->vec[0], &b->vec[0]);
@ -174,7 +172,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_reduce(&r->vec[i]);
}
@ -191,7 +189,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(&r->vec[i]);
}
@ -207,7 +205,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

11
crypto_kem/kyber1024-90s/clean/polyvec.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
#define PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

6
crypto_kem/kyber1024-90s/clean/reduce.c
View File

@ -15,8 +15,8 @@
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
**************************************************/
int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
int32_t t = 0;
int16_t u = 0;
int32_t t;
int16_t u;
u = (int16_t)(a * (int64_t)QINV);
t = (int32_t)u * KYBER_Q;
@ -36,7 +36,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
* Returns: integer in {0,...,q} congruent to a modulo q.
**************************************************/
int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a) {
int16_t t = 0;
int16_t t;
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
t = (int32_t)v * a >> 26;

4
crypto_kem/kyber1024-90s/clean/reduce.h
View File

@ -1,19 +1,15 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
#define PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
#include "params.h"
#include <stdint.h>
#define MONT 2285 // 2^16 mod q
#define QINV 62209 // q^-1 mod 2^16
int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a);
int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a);
int16_t PQCLEAN_KYBER102490S_CLEAN_csubq(int16_t a);
#endif

9
crypto_kem/kyber1024-90s/clean/symmetric-aes.c
View File

@ -1,5 +1,6 @@
#include "symmetric-aes.h"
#include "aes.h"
#include "params.h"
#include "symmetric.h"
#include <stddef.h>
#include <stdint.h>
#include <string.h>
@ -34,7 +35,7 @@ static void aes256_ctr_xof(unsigned char *out, size_t outlen, const unsigned cha
}
/*************************************************
* Name: aes256_prf
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256_prf
*
* Description: AES256 stream generation in CTR mode using 32-bit counter,
* nonce is zero-padded to 12 bytes, counter starts at zero
@ -58,7 +59,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
}
/*************************************************
* Name: aes256xof_absorb
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb
*
* Description: AES256 CTR used as a replacement for a XOF; this function
* "absorbs" a 32-byte key and two additional bytes that are zero-padded
@ -80,7 +81,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t
}
/*************************************************
* Name: aes256xof_squeezeblocks
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256xof_squeezeblocks
*
* Description: AES256 CTR used as a replacement for a XOF; this function
* generates 4 blocks out AES256-CTR output

7
crypto_kem/kyber1024-90s/clean/symmetric-aes.h
View File

@ -1,11 +1,10 @@
#ifndef AES256CTR_H
#define AES256CTR_H
#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
#include "aes.h"
#include <stddef.h>
#include <stdint.h>
typedef struct {
aes256ctx sk_exp;
uint8_t iv[12];

9
crypto_kem/kyber1024-90s/clean/symmetric.h
View File

@ -1,13 +1,12 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
#include "params.h"
#include "sha2.h"
#include "symmetric-aes.h"
#include <stddef.h>
#include <stdint.h>
#include "sha2.h"
#include "symmetric-aes.h"
typedef aes256xof_ctx xof_state;

4
crypto_kem/kyber1024-90s/clean/verify.c
View File

@ -14,7 +14,7 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t i = 0;
size_t i;
uint8_t r = 0;
for (i = 0; i < len; i++) {
@ -38,7 +38,7 @@ int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t
* uint8_t b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) {
size_t i = 0;
size_t i;
b = -b;
for (i = 0; i < len; i++) {

3
crypto_kem/kyber1024-90s/clean/verify.h
View File

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
#define PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

9
crypto_kem/kyber1024/META.yml
View File

@ -21,15 +21,16 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: clean
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
- name: avx2
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- popcnt

44
crypto_kem/kyber1024/avx2/Makefile
View File

@ -1,50 +1,16 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024_avx2.a
HEADERS= \
align.h \
api.h \
cbd.h \
cdecl.inc \
consts.h \
fips202x4.h \
fq.inc \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
rejsample.h \
shuffle.inc \
symmetric.h \
verify.h
OBJECTS= \
basemul.o \
cbd.o \
consts.o \
fips202x4.o \
fq.o \
indcpa.o \
invntt.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
rejsample.o \
shuffle.o \
symmetric-shake.o \
verify.o
HEADERS=align.h api.h cbd.h cdecl.h consts.h fips202x4.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h fq.inc shuffle.inc
OBJECTS=cbd.o consts.o fips202x4.o indcpa.o kem.o poly.o polyvec.o rejsample.o symmetric-shake.o verify.o basemul.o fq.o invntt.o ntt.o shuffle.o
KECCAK4XDIR=../../../common/keccak4x
KECCAK4XOBJ=KeccakP-1600-times4-SIMD256.o
KECCAK4X=$(KECCAK4XDIR)/$(KECCAK4XOBJ)
CFLAGS=-mavx2 -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-Wmissing-prototypes -Wredundant-decls \
-Wpointer-arith -Wshadow \
-std=c99 -I../../../common $(EXTRAFLAGS)
-Wmissing-prototypes -Wredundant-decls \
-Wpointer-arith -Wshadow \
-std=c99 -I../../../common $(EXTRAFLAGS)
all: $(LIB)

1
crypto_kem/kyber1024/avx2/align.h
View File

@ -1,5 +1,6 @@
#ifndef PQCLEAN_KYBER1024_AVX2_ALIGN_H
#define PQCLEAN_KYBER1024_AVX2_ALIGN_H
#include <immintrin.h>
#define ALIGN16_TYPE(t) \

1
crypto_kem/kyber1024/avx2/api.h
View File

@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

6
crypto_kem/kyber1024/avx2/basemul.S
View File

@ -1,5 +1,5 @@
#include "cdecl.h"
#include "params.h"
#include "cdecl.inc"
.macro schoolbook off,sign
#load
@ -165,7 +165,9 @@ vmovdqa %ymm5,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1
@ -215,7 +217,9 @@ vmovdqa %ymm12,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1

4
crypto_kem/kyber1024/avx2/cbd.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,7 +14,7 @@
* - const unsigned char *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER1024_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
unsigned int i = 0;
unsigned int i;
__m256i vec0, vec1, vec2, vec3, tmp;
const __m256i mask55 = _mm256_set1_epi32(0x55555555);
const __m256i mask33 = _mm256_set1_epi32(0x33333333);

2
crypto_kem/kyber1024/avx2/cbd.h
View File

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER1024_AVX2_CBD_H
#define PQCLEAN_KYBER1024_AVX2_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

10
crypto_kem/kyber1024/avx2/cdecl.inc → crypto_kem/kyber1024/avx2/cdecl.h
View File

@ -1,5 +1,5 @@
#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
#define PQCLEAN_DILITHIUM2_AVX2_CDECL
#ifndef PQCLEAN_KYBER1024_AVX2_CDECL_H
#define PQCLEAN_KYBER1024_AVX2_CDECL_H
#define _16XQ 0
#define _16XQINV 16
@ -21,10 +21,6 @@
* This define helps us get around this
*/
#if defined(__WIN32__) || defined(__APPLE__)
#define cdecl(s) _##s
#else
#define _cdecl(s) _##s
#define cdecl(s) s
#endif
#endif

2
crypto_kem/kyber1024/avx2/consts.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "consts.h"
#include "params.h"
#include <stdint.h>
#define Q KYBER_Q

5
crypto_kem/kyber1024/avx2/consts.h
View File

@ -1,12 +1,11 @@
#ifndef PQCLEAN_KYBER1024_AVX2_CONSTS_H
#define PQCLEAN_KYBER1024_AVX2_CONSTS_H
#include "cdecl.inc"
#include "cdecl.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
#define ALIGNED_UINT16_T(N) \
union { \
__m256i as_vec; \

34
crypto_kem/kyber1024/avx2/fips202x4.c
View File

@ -10,7 +10,7 @@
extern void KeccakF1600_StatePermute4x(__m256i *s);
static inline void store64(uint8_t x[8], uint64_t u) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < 8; i++) {
x[i] = u >> 8 * i;
@ -25,7 +25,7 @@ static void keccakx4_absorb(__m256i s[25],
const uint8_t *in3,
size_t inlen,
uint8_t p) {
size_t i = 0, pos = 0;
size_t i, pos = 0;
__m256i t, idx;
for (i = 0; i < 25; ++i) {
@ -74,8 +74,8 @@ static void keccakx4_squeezeblocks(uint8_t *out0,
size_t nblocks,
unsigned int r,
__m256i s[25]) {
unsigned int i = 0;
uint64_t f0 = 0, f1 = 0, f2 = 0, f3 = 0;
unsigned int i;
uint64_t f0, f1, f2, f3;
while (nblocks > 0) {
KeccakF1600_StatePermute4x(s);
@ -137,8 +137,17 @@ void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
state->s);
}
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
unsigned int i = 0;
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen) {
unsigned int i;
size_t nblocks = outlen / SHAKE128_RATE;
uint8_t t[4][SHAKE128_RATE];
keccakx4_state state;
@ -163,8 +172,17 @@ void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *ou
}
}
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
unsigned int i = 0;
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen) {
unsigned int i;
size_t nblocks = outlen / SHAKE256_RATE;
uint8_t t[4][SHAKE256_RATE];
keccakx4_state state;

57
crypto_kem/kyber1024/avx2/fips202x4.h
View File

@ -1,5 +1,5 @@
#ifndef FIPS202X4_H
#define FIPS202X4_H
#ifndef PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
#define PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
#include <immintrin.h>
#include <stddef.h>
@ -9,17 +9,54 @@ typedef struct {
__m256i s[25];
} keccakx4_state;
void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks, keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks,
void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t nblocks,
keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t nblocks,
keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
#endif

8
crypto_kem/kyber1024/avx2/fq.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.text
@ -35,7 +35,9 @@ vmovdqa %ymm9,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XV*2(%rsi),%ymm1
@ -77,7 +79,9 @@ vmovdqa %ymm8,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
call csubq128_avx
@ -118,7 +122,9 @@ vmovdqa %ymm10,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XMONTSQLO*2(%rsi),%ymm1

14
crypto_kem/kyber1024/avx2/indcpa.c
View File

@ -25,7 +25,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
#define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int transposed) {
unsigned int i = 0, ctr0 = 0, ctr1 = 0, ctr2 = 0, ctr3 = 0;
unsigned int i, ctr0, ctr1, ctr2, ctr3;
ALIGN32_ARRAY_2D(uint8_t, 4, (GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES + 31) / 32 * 32) buf;
__m256i f;
keccakx4_state state;
@ -242,7 +242,7 @@ void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int t
**************************************************/
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
const uint8_t *publicseed = buf.arr;
const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@ -295,7 +295,7 @@ void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
polyvec sp, pkpv, ep, at[KYBER_K], bp;
poly v, k, epp;

14
crypto_kem/kyber1024/avx2/indcpa.h
View File

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER1024_AVX2_INDCPA_H
#define PQCLEAN_KYBER1024_AVX2_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

4
crypto_kem/kyber1024/avx2/invntt.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -210,7 +210,9 @@ vmovdqa %ymm7,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

9
crypto_kem/kyber1024/avx2/kem.c
View File

@ -8,7 +8,6 @@
#include <stddef.h>
#include <stdint.h>
/*************************************************
* Name: PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair
*
@ -23,7 +22,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -94,8 +93,8 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
/* Will contain key, coins */
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@ -119,7 +118,7 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
/* Overwrite pre-k with z on re-encryption failure */
PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
/* hash concatenation of pre-k and H(c) to k */
kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

3
crypto_kem/kyber1024/avx2/kem.h
View File

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER1024_AVX2_KEM_H
#define PQCLEAN_KYBER1024_AVX2_KEM_H
#include "params.h"
int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

4
crypto_kem/kyber1024/avx2/ntt.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -203,7 +203,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

26
crypto_kem/kyber1024/avx2/ntt.h
View File

@ -1,28 +1,24 @@
#ifndef NTT_H
#define NTT_H
#ifndef PQCLEAN_KYBER1024_AVX2_NTT_H
#define PQCLEAN_KYBER1024_AVX2_NTT_H
#include "consts.h"
#include "params.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
#endif

3
crypto_kem/kyber1024/avx2/params.h
View File

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER1024_AVX2_PARAMS_H
#define PQCLEAN_KYBER1024_AVX2_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

22
crypto_kem/kyber1024/avx2/poly.c
View File

@ -19,7 +19,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
unsigned int i = 0, j = 0;
unsigned int i, j;
uint8_t t[8];
PQCLEAN_KYBER1024_AVX2_poly_csubq(a);
@ -50,9 +50,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES],
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *restrict r,
const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
unsigned int i;
unsigned int j = 0;
unsigned int j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -114,7 +114,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
#define FROMMSG64(i) \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_sllv_epi32(g3,shift); \
g3 = _mm256_shuffle_epi8(g3,idx); \
g0 = _mm256_slli_epi16(g3,12); \
@ -136,9 +136,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
g2 = _mm256_permute2x128_si256(h0,h1,0x31); \
g1 = _mm256_permute2x128_si256(h2,h3,0x20); \
g3 = _mm256_permute2x128_si256(h2,h3,0x31); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
f = _mm256_load_si256((__m256i *)msg);
@ -157,8 +157,8 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
unsigned int i = 0;
uint32_t small = 0;
unsigned int i;
uint32_t small;
__m256i f0, f1, g0, g1;
const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@ -325,7 +325,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {
@ -346,7 +346,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {

18
crypto_kem/kyber1024/avx2/poly.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER1024_AVX2_POLY_H
#define PQCLEAN_KYBER1024_AVX2_POLY_H
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,24 +13,16 @@ typedef union {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
poly *r1,
poly *r2,
@ -42,25 +33,16 @@ void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
uint8_t nonce2,
uint8_t nonce3);
void PQCLEAN_KYBER1024_AVX2_poly_ntt(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_nttunpack(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER1024_AVX2_poly_tomont(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_reduce(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
#endif

28
crypto_kem/kyber1024/avx2/polyvec.c
View File

@ -1,6 +1,6 @@
#include "params.h"
#include "consts.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "polyvec.h"
#include <stdint.h>
@ -16,7 +16,7 @@
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
polyvec *restrict a) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
PQCLEAN_KYBER1024_AVX2_polyvec_csubq(a);
@ -24,10 +24,8 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (t[0] >> 0);
@ -58,7 +56,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -90,7 +88,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -107,7 +105,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyv
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -121,7 +119,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_ntt(&r->vec[i]);
}
@ -136,7 +134,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(&r->vec[i]);
}
@ -155,7 +153,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER1024_AVX2_qdata);
PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER1024_AVX2_qdata);
}
/*************************************************
@ -168,7 +166,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_reduce(&r->vec[i]);
}
@ -185,7 +183,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_csubq(&r->vec[i]);
}
@ -201,7 +199,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

11
crypto_kem/kyber1024/avx2/polyvec.h
View File

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER1024_AVX2_POLYVEC_H
#define PQCLEAN_KYBER1024_AVX2_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

12
crypto_kem/kyber1024/avx2/reduce.h
View File

@ -1,16 +1,10 @@
#ifndef REDUCE_H
#define REDUCE_H
#ifndef PQCLEAN_KYBER1024_AVX2_REDUCE_H
#define PQCLEAN_KYBER1024_AVX2_REDUCE_H
#include "consts.h"
#include <stdint.h>
#include "consts.h"
#include "params.h"
int16_t PQCLEAN_KYBER1024_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
int16_t PQCLEAN_KYBER1024_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
int16_t PQCLEAN_KYBER1024_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
#endif

9
crypto_kem/kyber1024/avx2/rejsample.c
View File

@ -2,6 +2,7 @@
#include "consts.h"
#include "params.h"
#include "rejsample.h"
#include <immintrin.h>
#include <stdint.h>
static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
#define REJ_UNIFORM_BUFLEN 672
unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
const uint8_t *restrict buf) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
uint32_t good = 0;
unsigned int ctr, pos;
uint16_t val;
uint32_t good;
const __m256i bound = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
const __m256i ones = _mm256_set1_epi8(1);
const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER1024_AVX2_qdata.as_arr[_16XQ]);
@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
//g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
//g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
//g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
/* Barrett reduction of (still unsigned) values */
g2 = _mm256_mulhi_epu16(f0, v);

6
crypto_kem/kyber1024/avx2/rejsample.h
View File

@ -1,10 +1,8 @@
#ifndef REJSAMPLE_H
#define REJSAMPLE_H
#ifndef PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
#define PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
#include "params.h"
#include <stdint.h>
unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *r,
const unsigned char *buf);

8
crypto_kem/kyber1024/avx2/shuffle.S
View File

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.include "shuffle.inc"
@ -92,7 +92,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
call nttunpack128_avx
add $256,%rdi
call nttunpack128_avx
@ -169,7 +171,9 @@ vmovdqu %ymm9,160(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
#consts
vmovdqa _16XQ*2(%rdx),%ymm0
call ntttobytes128_avx
@ -245,7 +249,9 @@ vmovdqa %ymm1,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
#consts
vmovdqa _16XMASK*2(%rdx),%ymm0
call nttfrombytes128_avx

8
crypto_kem/kyber1024/avx2/symmetric-shake.c
View File

@ -9,8 +9,8 @@
*
* Description: Absorb step of the SHAKE128 specialized for the Kyber context.
*
* Arguments: - keccak_state *state: pointer to (uninitialized) output
* Keccak state
* Arguments: - xof_state *state: pointer to (uninitialized) output
* Keccak state
* - const uint8_t *seed: pointer to KYBER_SYMBYTES input
* to be absorbed into state
* - uint8_t i additional byte of input
@ -20,7 +20,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *state,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y) {
unsigned int i = 0;
unsigned int i;
uint8_t extseed[KYBER_SYMBYTES + 2];
for (i = 0; i < KYBER_SYMBYTES; i++) {
@ -48,7 +48,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake256_prf(uint8_t *out,
size_t outlen,
const uint8_t key[KYBER_SYMBYTES],
uint8_t nonce) {
unsigned int i = 0;
unsigned int i;
uint8_t extkey[KYBER_SYMBYTES + 1];
for (i = 0; i < KYBER_SYMBYTES; i++) {

11
crypto_kem/kyber1024/avx2/symmetric.h
View File

@ -1,17 +1,16 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
#define PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
#include "fips202.h"
#include "fips202x4.h"
#include "params.h"
#include <stddef.h>
#include <stdint.h>
#include "fips202.h"
#include "fips202x4.h"
typedef shake128ctx xof_state;
void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(shake128ctx *s,
void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *s,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y);

6
crypto_kem/kyber1024/avx2/verify.c
View File

@ -15,8 +15,8 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t pos = 0;
uint64_t r = 0;
size_t pos;
uint64_t r;
__m256i avec, bvec, cvec;
cvec = _mm256_setzero_si256();
@ -53,7 +53,7 @@ int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len
* unsigned char b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
size_t pos = 0;
size_t pos;
__m256i xvec, rvec, bvec;
b = -b;

3
crypto_kem/kyber1024/avx2/verify.h
View File

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER1024_AVX2_VERIFY_H
#define PQCLEAN_KYBER1024_AVX2_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

4
crypto_kem/kyber1024/clean/Makefile
View File

@ -1,8 +1,8 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024_clean.a
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h verify.h symmetric.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o verify.o symmetric-shake.o
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)

2
crypto_kem/kyber1024/clean/Makefile.Microsoft_nmake
View File

@ -2,7 +2,7 @@
# nmake /f Makefile.Microsoft_nmake
LIBRARY=libkyber1024_clean.lib
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-shake.obj
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-shake.obj verify.obj
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as

1
crypto_kem/kyber1024/clean/api.h
View File

@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

10
crypto_kem/kyber1024/clean/cbd.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <stdint.h>
/*************************************************
@ -13,7 +13,7 @@
* Returns 32-bit unsigned integer loaded from x
**************************************************/
static uint32_t load32_littleendian(const uint8_t x[4]) {
uint32_t r = 0;
uint32_t r;
r = (uint32_t)x[0];
r |= (uint32_t)x[1] << 8;
r |= (uint32_t)x[2] << 16;
@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
* - const uint8_t *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
unsigned int i = 0, j = 0;
uint32_t t = 0, d = 0;
int16_t a = 0, b = 0;
unsigned int i, j;
uint32_t t, d;
int16_t a, b;
for (i = 0; i < KYBER_N / 8; i++) {
t = load32_littleendian(buf + 4 * i);

2
crypto_kem/kyber1024/clean/cbd.h
View File

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_CBD_H
#define PQCLEAN_KYBER1024_CLEAN_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

15
crypto_kem/kyber1024/clean/indcpa.c
View File

@ -22,7 +22,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
// Not static for benchmarking
void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0;
uint8_t i = 0, j = 0;
unsigned int ctr, i, j;
uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
xof_state state;
@ -208,7 +207,7 @@ void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYM
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[2 * KYBER_SYMBYTES];
const uint8_t *publicseed = buf;
const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@ -264,7 +263,7 @@ void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t seed[KYBER_SYMBYTES];
uint8_t nonce = 0;
polyvec sp, pkpv, ep, at[KYBER_K], bp;

14
crypto_kem/kyber1024/clean/indcpa.h
View File

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_INDCPA_H
#define PQCLEAN_KYBER1024_CLEAN_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

6
crypto_kem/kyber1024/clean/kem.c
View File

@ -21,7 +21,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -92,8 +92,8 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
uint8_t buf[2 * KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2 * KYBER_SYMBYTES];

3
crypto_kem/kyber1024/clean/kem.h
View File

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_KEM_H
#define PQCLEAN_KYBER1024_CLEAN_KEM_H
#include "params.h"
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

15
crypto_kem/kyber1024/clean/ntt.c
View File

@ -1,5 +1,5 @@
#include "params.h"
#include "ntt.h"
#include "params.h"
#include "reduce.h"
#include <stdint.h>
@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
* of Zq
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
unsigned int len = 0, start = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int len, start, j, k;
int16_t t, zeta;
k = 1;
for (len = 128; len >= 2; len >>= 1) {
@ -116,8 +116,8 @@ void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
* of Zq
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
unsigned int start = 0, len = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int start, len, j, k;
int16_t t, zeta;
k = 0;
for (len = 2; len <= 128; len <<= 1) {
@ -148,7 +148,10 @@ void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
* - const int16_t b[2]: pointer to the second factor
* - int16_t zeta: integer defining the reduction polynomial
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta) {
r[0] = fqmul(a[1], b[1]);
r[0] = fqmul(r[0], zeta);
r[0] += fqmul(a[0], b[0]);

11
crypto_kem/kyber1024/clean/ntt.h
View File

@ -1,22 +1,19 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_NTT_H
#define PQCLEAN_KYBER1024_CLEAN_NTT_H
#include "params.h"
#include <stdint.h>
extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas[128];
extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas_inv[128];
void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]);
void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]);
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta);
#endif

3
crypto_kem/kyber1024/clean/params.h
View File

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_PARAMS_H
#define PQCLEAN_KYBER1024_CLEAN_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

Some files were not shown because too many files have changed in this diff Show More