adds support for most of the schemes

README.md

@@ -7,14 +7,12 @@ This is a repository of post-quantum schemes coppied from the submission to the
 ### Key Encapsulation Mechanisms
 
 **Finalists:**
-* Classic McEliece
 * Kyber
 * NTRU
 * SABER
 
 **Alternate candidates:**
 * FrodoKEM
-* HQC
 
 ### Signature schemes
 
@@ -25,27 +23,3 @@ This is a repository of post-quantum schemes coppied from the submission to the
 
 **Alternate candidates:**
 * SPHINCS+
-
-Implementations previously available in PQClean and dropped in Round 3 of the NIST standardization effort are available in the [`round2` tag](https://github.com/PQClean/PQClean/releases/tag/round2).
-
-## API used by PQClean
-
-PQClean is essentially using the same API as required for the NIST reference implementations,
-which is also used by SUPERCOP and by libpqcrypto. The only differences to that API are
-the following:
-* All functions are namespaced;
-* All lengths are passed as type `size_t` instead of `unsigned long long`; and
-* Signatures offer two additional functions that follow the "traditional" approach used
-in most software stacks of computing and verifying signatures instead of producing and
-recovering signed messages. Specifically, those functions have the following name and signature:
-
-```c
-int PQCLEAN_SCHEME_IMPL_crypto_sign_signature(
-    uint8_t *sig, size_t *siglen,
-    const uint8_t *m, size_t mlen,
-    const uint8_t *sk);
-int PQCLEAN_SCHEME_IMPL_crypto_sign_verify(
-    const uint8_t *sig, size_t siglen,
-    const uint8_t *m, size_t mlen,
-    const uint8_t *pk);
-```

src/capi/pqapi.c

@@ -114,7 +114,7 @@
 #include "kem/saber/saber/clean/api.h"
 #include "kem/saber/saber/avx2/api.h"
 
-// helpers
+// not proud of this thingy
 #define OPT_VERSION _CLEAN_
 
 // Helper to stringify constants
@@ -164,7 +164,7 @@
     .secret_bsz = PQC_KEM_BSZ(ID),    \
     .encapsulate = PQC_FN_ENCAPS(ID), \
     .decapsulate = PQC_FN_DECAPS(ID), \
-}
+},
 
 // Macro magic needed to initialize parameters for a scheme
 #define REG_SIG(ID)                   \
@@ -174,27 +174,38 @@
     .sign_bsz = PQC_SIGN_BSZ(ID),     \
     .sign = PQC_FN_SIGN(ID),          \
     .verify = PQC_FN_VERIFY(ID),      \
-}
-
-enum {
-    KYBER512,
-    KYBER768,
-    KYBER1024,
-    FALCON512,
-    DILITHIUM3,
-};
+},
 
+// Registers supported KEMs
 const kem_params_t kems[] = {
-    REG_KEM(KYBER512),
-    REG_KEM(KYBER768),
-    REG_KEM(KYBER1024),
+    PQC_SUPPORTED_KEMS(REG_KEM)
 };
 
+// Registers supported signatures
 const sig_params_t sigs[] = {
-    REG_SIG(FALCON512),
-    REG_SIG(DILITHIUM3),
+    PQC_SUPPORTED_SIGS(REG_SIG)
 };
 
+const params_t *pqc_kem_alg_by_id(uint8_t id) {
+    int i;
+    for(i=0; i<PQC_ALG_KEM_MAX; i++) {
+        if (kems[i].p.alg_id == id) {
+            return (params_t*)&kems[i];
+        }
+    }
+    return 0;
+}
+
+const params_t *pqc_sig_alg_by_id(uint8_t id) {
+    int i;
+    for(i=0; i<PQC_ALG_SIG_MAX; i++) {
+        if (sigs[i].p.alg_id == id) {
+            return (params_t*)&sigs[i];
+        }
+    }
+    return 0;
+}
+
 bool pqc_keygen(const params_t *p, uint8_t *sk, uint8_t *pk) {
     return !p->keygen(sk, pk);
 }

src/capi/pqapi.h

@@ -8,6 +8,68 @@ extern "C" {
 #include <stdint.h>
 #include <stdbool.h>
 
+// defines supported signature algorithm list
+#define PQC_SUPPORTED_SIGS(_)    \
+    _(DILITHIUM2)                \
+    _(DILITHIUM3)                \
+    _(DILITHIUM5)                \
+    _(FALCON1024)                \
+    _(FALCON512)                 \
+    _(RAINBOWVCLASSIC)           \
+    _(RAINBOWICLASSIC)           \
+    _(RAINBOWIIICLASSIC)         \
+    _(SPHINCSSHA256192FSIMPLE)   \
+    _(SPHINCSSHAKE256256FSIMPLE) \
+    _(SPHINCSSHAKE256192FROBUST) \
+    _(SPHINCSSHAKE256128FSIMPLE) \
+    _(SPHINCSSHAKE256256SSIMPLE) \
+    _(SPHINCSSHAKE256128SSIMPLE) \
+    _(SPHINCSSHA256128FROBUST)   \
+    _(SPHINCSSHA256192SROBUST)   \
+    _(SPHINCSSHAKE256128FROBUST) \
+    _(SPHINCSSHAKE256128SROBUST) \
+    _(SPHINCSSHAKE256256SROBUST) \
+    _(SPHINCSSHA256192SSIMPLE)   \
+    _(SPHINCSSHAKE256192SSIMPLE) \
+    _(SPHINCSSHAKE256192SROBUST) \
+    _(SPHINCSSHAKE256192FSIMPLE) \
+    _(SPHINCSSHA256256SSIMPLE)   \
+    _(SPHINCSSHA256128SSIMPLE)   \
+    _(SPHINCSSHAKE256256FROBUST) \
+    _(SPHINCSSHA256256FROBUST)   \
+    _(SPHINCSSHA256256FSIMPLE)   \
+    _(SPHINCSSHA256256SROBUST)   \
+    _(SPHINCSSHA256128SROBUST)   \
+    _(SPHINCSSHA256128FSIMPLE)   \
+    _(SPHINCSSHA256192FROBUST)
+
+// defines supported kem algorithm list
+#define PQC_SUPPORTED_KEMS(_)\
+    _(FRODOKEM976SHAKE)  \
+    _(FRODOKEM1344SHAKE) \
+    _(FRODOKEM640SHAKE)  \
+    _(KYBER768)          \
+    _(KYBER1024)         \
+    _(KYBER512)          \
+    _(NTRUHPS4096821)    \
+    _(NTRUHPS2048509)    \
+    _(NTRUHRSS701)       \
+    _(NTRUHPS2048677)    \
+    _(NTRULPR761)        \
+    _(NTRULPR653)        \
+    _(NTRULPR857)        \
+    _(LIGHTSABER)        \
+    _(FIRESABER)         \
+    _(SABER)
+
+// Defines IDs for each algorithm. The
+// PQC_ALG_SIG/KEM_MAX indicates number
+// of KEM and signature schemes supported.
+#define DEFNUM(N) N,
+enum { PQC_SUPPORTED_SIGS(DEFNUM) PQC_ALG_SIG_MAX };
+enum { PQC_SUPPORTED_KEMS(DEFNUM) PQC_ALG_KEM_MAX };
+#undef DEFNUM
+
 // Parameters of the scheme
 typedef struct params_t {
     const uint8_t alg_id;
@@ -81,6 +143,10 @@ bool pqc_sig_verify(
     const uint8_t *m, uint64_t mlen,
     const uint8_t *pk);
 
+
+const params_t *pqc_kem_alg_by_id(uint8_t id);
+const params_t *pqc_sig_alg_by_id(uint8_t id);
+
 #ifdef __cplusplus
 }
 #endif

src/kem/frodo/frodokem1344shake/clean/api.h

@@ -1,20 +1,20 @@
-#ifndef PQCLEAN_FRODOKEM1344SHAKE_OPT_API_H
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_API_H
+#ifndef PQCLEAN_FRODOKEM1344SHAKE_CLEAN_API_H
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_API_H
 
 #include <stddef.h>
 #include <stdint.h>
 
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_SECRETKEYBYTES  43088     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_PUBLICKEYBYTES  21520     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_BYTES              32
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES 21632     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES  43088     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES  21520     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_BYTES              32
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES 21632     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
 
-#define PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_ALGNAME "FrodoKEM-1344-SHAKE"
+#define PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_ALGNAME "FrodoKEM-1344-SHAKE"
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
 #endif

src/kem/frodo/frodokem1344shake/clean/common.h

@@ -1,21 +1,21 @@
 #ifndef COMMON_H
 #define COMMON_H
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(uint16_t *s, size_t n);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
-int8_t PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n);
-uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(uint16_t n);
-uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(uint16_t n);
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(uint16_t *s, size_t n);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
+int8_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n);
+uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(uint16_t n);
+uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(uint16_t n);
 
 #endif

src/kem/frodo/frodokem1344shake/clean/kem.c

@@ -14,7 +14,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     // FrodoKEM's key generation
     // Outputs: public key pk (               BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 bytes)
     //          secret key sk (CRYPTO_BYTES + BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH bytes)
@@ -42,20 +42,20 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     memcpy(&shake_input_seedSE[1], randomness_seedSE, CRYPTO_BYTES);
     shake((uint8_t *)S, 2 * PARAMS_N * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < 2 * PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(S[i]);
+        S[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(S[i]);
     }
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(S, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(E, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_as_plus_e(B, S, E, pk);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(S, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(E, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_as_plus_e(B, S, E, pk);
 
     // Encode the second part of the public key
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Add s, pk and S to the secret key
     memcpy(sk_s, randomness_s, CRYPTO_BYTES);
     memcpy(sk_pk, pk, CRYPTO_PUBLICKEYBYTES);
     for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(S[i]);
+        S[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(S[i]);
     }
     memcpy(sk_S, S, 2 * PARAMS_N * PARAMS_NBAR);
 
@@ -63,15 +63,15 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     shake(sk_pkh, BYTES_PKHASH, pk, CRYPTO_PUBLICKEYBYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(randomness, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(randomness, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
     // FrodoKEM's key encapsulation
     const uint8_t *pk_seedA = &pk[0];
     const uint8_t *pk_b = &pk[BYTES_SEED_A];
@@ -105,22 +105,22 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     memcpy(&shake_input_seedSE[1], seedSE, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Generate Epp, and compute V = Sp*B + Epp
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sb_plus_e(V, B, Sp, Epp);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sb_plus_e(V, B, Sp, Epp);
 
     // Encode mu, and compute C = V + enc(mu) (mod q)
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_key_encode(C, (uint16_t *)mu);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_add(C, V, C);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_encode(C, (uint16_t *)mu);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_add(C, V, C);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Compute ss = F(ct||KK)
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -128,19 +128,19 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(mu, BYTES_MU);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(mu, BYTES_MU);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
     // FrodoKEM's key decapsulation
     uint16_t B[PARAMS_N * PARAMS_NBAR] = {0};
     uint16_t Bp[PARAMS_N * PARAMS_NBAR] = {0};
@@ -176,11 +176,11 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     }
 
     // Compute W = C - Bp*S (mod q), and decode the randomness mu
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_bs(W, Bp, S);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sub(W, C, W);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_key_decode((uint16_t *)muprime, W);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_bs(W, Bp, S);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sub(W, C, W);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_decode((uint16_t *)muprime, W);
 
     // Generate (seedSE' || k') = G_2(pkh || mu')
     memcpy(pkh, sk_pkh, BYTES_PKHASH);
@@ -191,20 +191,20 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     memcpy(&shake_input_seedSEprime[1], seedSEprime, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
 
     // Generate Epp, and compute W = Sp*B + Epp
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sb_plus_e(W, B, Sp, Epp);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sb_plus_e(W, B, Sp, Epp);
 
     // Encode mu, and compute CC = W + enc(mu') (mod q)
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_key_encode(CC, (uint16_t *)muprime);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_add(CC, W, CC);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_encode(CC, (uint16_t *)muprime);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_add(CC, W, CC);
 
     // Prepare input to F
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -218,20 +218,20 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     // Needs to avoid branching on secret data as per:
     //     Qian Guo, Thomas Johansson, Alexander Nilsson. A key-recovery timing attack on post-quantum
     //     primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. In CRYPTO 2020.
-    int8_t selector = PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
+    int8_t selector = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
     // If (selector == 0) then load k' to do ss = F(ct || k'), else if (selector == -1) load s to do ss = F(ct || s)
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(muprime, BYTES_MU);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(muprime, BYTES_MU);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     return 0;
 }

src/kem/frodo/frodokem1344shake/clean/matrix_shake.c

@@ -13,7 +13,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) row-wise, multiply by s on the right.
     // Inputs: s, e (N x N_BAR)
     // Output: out = A*s + e (N x N_BAR)
@@ -29,16 +29,16 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (i = 0; i < PARAMS_N; i += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(i + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(i + 0);
         shake128((unsigned char *)(a_row + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(i + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(i + 1);
         shake128((unsigned char *)(a_row + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(i + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(i + 2);
         shake128((unsigned char *)(a_row + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(i + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(i + 3);
         shake128((unsigned char *)(a_row + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (k = 0; k < 4 * PARAMS_N; k++) {
-            a_row[k] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(a_row[k]);
+            a_row[k] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(a_row[k]);
         }
         for (k = 0; k < PARAMS_NBAR; k++) {
             uint16_t sum[4] = {0};
@@ -61,7 +61,7 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_
 
 
 
-int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) column-wise, multiply by s' on the left.
     // Inputs: s', e' (N_BAR x N)
     // Output: out = s'*A + e' (N_BAR x N)
@@ -79,16 +79,16 @@ int PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (kk = 0; kk < PARAMS_N; kk += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(kk + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(kk + 0);
         shake128((unsigned char *)(a_cols + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(kk + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(kk + 1);
         shake128((unsigned char *)(a_cols + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(kk + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(kk + 2);
         shake128((unsigned char *)(a_cols + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(kk + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(kk + 3);
         shake128((unsigned char *)(a_cols + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (i = 0; i < 4 * PARAMS_N; i++) {
-            a_cols[i] = PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(a_cols[i]);
+            a_cols[i] = PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(a_cols[i]);
         }
 
         for (i = 0; i < PARAMS_NBAR; i++) {

src/kem/frodo/frodokem1344shake/clean/noise.c

@@ -12,7 +12,7 @@
 
 static const uint16_t CDF_TABLE[CDF_TABLE_LEN] = CDF_TABLE_DATA;
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_sample_n(uint16_t *s, size_t n) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
     // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
     // The distribution is specified by its CDF.
     // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.

src/kem/frodo/frodokem1344shake/clean/params.h

@@ -1,10 +1,10 @@
 #ifndef PARAMS_H
 #define PARAMS_H
 
-#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_SECRETKEYBYTES
-#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_PUBLICKEYBYTES
-#define CRYPTO_BYTES PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_BYTES
-#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM1344SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES
+#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES
+#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define CRYPTO_BYTES PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_BYTES
+#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM1344SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES
 
 #define PARAMS_N 1344
 #define PARAMS_NBAR 8

src/kem/frodo/frodokem1344shake/clean/util.c

@@ -18,11 +18,11 @@ static inline uint8_t min(uint8_t x, uint8_t y) {
     return y;
 }
 
-uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_LE_TO_UINT16(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) {
     return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8));
 }
 
-uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_UINT16_TO_LE(uint16_t n) {
     uint16_t y;
     uint8_t *z = (uint8_t *) &y;
     z[0] = n & 0xFF;
@@ -30,7 +30,7 @@ uint16_t PQCLEAN_FRODOKEM1344SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
     return y;
 }
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
     // Multiply by s on the right
     // Inputs: b (N_BAR x N), s (N x N_BAR)
     // Output: out = b*s (N_BAR x N_BAR)
@@ -48,7 +48,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, cons
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
     // Multiply by s on the left
     // Inputs: b (N x N_BAR), s (N_BAR x N), e (N_BAR x N_BAR)
     // Output: out = s*b + e (N_BAR x N_BAR)
@@ -66,7 +66,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Add a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a + b
@@ -77,7 +77,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const u
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Subtract a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a - b
@@ -88,7 +88,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const u
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in) {
     // Encoding
     unsigned int i, j, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -109,7 +109,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in) {
     // Decoding
     unsigned int i, j, index = 0, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -131,7 +131,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
     // Pack the input uint16 vector into a char output vector, copying lsb bits from each input element.
     // If inlen * lsb / 8 > outlen, only outlen * 8 bits are copied.
     memset(out, 0, outlen);
@@ -180,7 +180,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint1
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
     // Unpack the input char vector into a uint16_t output vector, copying lsb bits
     // for each output element from input. outlen must be at least ceil(inlen * 8 / lsb).
     memset(out, 0, outlen * sizeof(uint16_t));
@@ -229,7 +229,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const ui
 }
 
 
-int8_t PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
+int8_t PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
     // Compare two arrays in constant time.
     // Returns 0 if the byte arrays are equal, -1 otherwise.
     uint16_t r = 0;
@@ -243,7 +243,7 @@ int8_t PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
     // Select one of the two input arrays to be moved to r
     // If (selector == 0) then load r with a, else if (selector == -1) load r with b
 
@@ -253,7 +253,7 @@ void PQCLEAN_FRODOKEM1344SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const
 }
 
 
-void PQCLEAN_FRODOKEM1344SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n) {
+void PQCLEAN_FRODOKEM1344SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n) {
     // Clear 8-bit bytes from memory. "n" indicates the number of bytes to be zeroed.
     // This function uses the volatile type qualifier to inform the compiler not to optimize out the memory clearing.
     volatile uint8_t *v = mem;

src/kem/frodo/frodokem640shake/clean/api.h

@@ -1,20 +1,20 @@
-#ifndef PQCLEAN_FRODOKEM640SHAKE_OPT_API_H
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_API_H
+#ifndef PQCLEAN_FRODOKEM640SHAKE_CLEAN_API_H
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_API_H
 
 #include <stddef.h>
 #include <stdint.h>
 
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_SECRETKEYBYTES  19888     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_PUBLICKEYBYTES   9616     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_BYTES              16
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES  9720     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES  19888     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES   9616     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_BYTES              16
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES  9720     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
 
-#define PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_ALGNAME "FrodoKEM-640-SHAKE"
+#define PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_ALGNAME "FrodoKEM-640-SHAKE"
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
 #endif

src/kem/frodo/frodokem640shake/clean/common.h

@@ -1,21 +1,21 @@
 #ifndef COMMON_H
 #define COMMON_H
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(uint16_t *s, size_t n);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
-int8_t PQCLEAN_FRODOKEM640SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
-void PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n);
-uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(uint16_t n);
-uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(uint16_t n);
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(uint16_t *s, size_t n);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
+int8_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n);
+uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(uint16_t n);
+uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(uint16_t n);
 
 #endif

src/kem/frodo/frodokem640shake/clean/kem.c

@@ -14,7 +14,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     // FrodoKEM's key generation
     // Outputs: public key pk (               BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 bytes)
     //          secret key sk (CRYPTO_BYTES + BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH bytes)
@@ -42,20 +42,20 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     memcpy(&shake_input_seedSE[1], randomness_seedSE, CRYPTO_BYTES);
     shake((uint8_t *)S, 2 * PARAMS_N * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < 2 * PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(S[i]);
+        S[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(S[i]);
     }
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(S, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(E, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_as_plus_e(B, S, E, pk);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(S, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(E, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_as_plus_e(B, S, E, pk);
 
     // Encode the second part of the public key
-    PQCLEAN_FRODOKEM640SHAKE_OPT_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Add s, pk and S to the secret key
     memcpy(sk_s, randomness_s, CRYPTO_BYTES);
     memcpy(sk_pk, pk, CRYPTO_PUBLICKEYBYTES);
     for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(S[i]);
+        S[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(S[i]);
     }
     memcpy(sk_S, S, 2 * PARAMS_N * PARAMS_NBAR);
 
@@ -63,15 +63,15 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     shake(sk_pkh, BYTES_PKHASH, pk, CRYPTO_PUBLICKEYBYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(randomness, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(randomness, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
     // FrodoKEM's key encapsulation
     const uint8_t *pk_seedA = &pk[0];
     const uint8_t *pk_b = &pk[BYTES_SEED_A];
@@ -105,22 +105,22 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     memcpy(&shake_input_seedSE[1], seedSE, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Generate Epp, and compute V = Sp*B + Epp
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sb_plus_e(V, B, Sp, Epp);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sb_plus_e(V, B, Sp, Epp);
 
     // Encode mu, and compute C = V + enc(mu) (mod q)
-    PQCLEAN_FRODOKEM640SHAKE_OPT_key_encode(C, (uint16_t *)mu);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_add(C, V, C);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_encode(C, (uint16_t *)mu);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_add(C, V, C);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Compute ss = F(ct||KK)
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -128,19 +128,19 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(mu, BYTES_MU);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(mu, BYTES_MU);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
     // FrodoKEM's key decapsulation
     uint16_t B[PARAMS_N * PARAMS_NBAR] = {0};
     uint16_t Bp[PARAMS_N * PARAMS_NBAR] = {0};
@@ -176,11 +176,11 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     }
 
     // Compute W = C - Bp*S (mod q), and decode the randomness mu
-    PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_bs(W, Bp, S);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sub(W, C, W);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_key_decode((uint16_t *)muprime, W);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_bs(W, Bp, S);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sub(W, C, W);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_decode((uint16_t *)muprime, W);
 
     // Generate (seedSE' || k') = G_2(pkh || mu')
     memcpy(pkh, sk_pkh, BYTES_PKHASH);
@@ -191,20 +191,20 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     memcpy(&shake_input_seedSEprime[1], seedSEprime, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
 
     // Generate Epp, and compute W = Sp*B + Epp
-    PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sb_plus_e(W, B, Sp, Epp);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sb_plus_e(W, B, Sp, Epp);
 
     // Encode mu, and compute CC = W + enc(mu') (mod q)
-    PQCLEAN_FRODOKEM640SHAKE_OPT_key_encode(CC, (uint16_t *)muprime);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_add(CC, W, CC);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_encode(CC, (uint16_t *)muprime);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_add(CC, W, CC);
 
     // Prepare input to F
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -218,20 +218,20 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     // Needs to avoid branching on secret data as per:
     //     Qian Guo, Thomas Johansson, Alexander Nilsson. A key-recovery timing attack on post-quantum
     //     primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. In CRYPTO 2020.
-    int8_t selector = PQCLEAN_FRODOKEM640SHAKE_OPT_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM640SHAKE_OPT_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
+    int8_t selector = PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
     // If (selector == 0) then load k' to do ss = F(ct || k'), else if (selector == -1) load s to do ss = F(ct || s)
-    PQCLEAN_FRODOKEM640SHAKE_OPT_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(muprime, BYTES_MU);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(muprime, BYTES_MU);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     return 0;
 }

src/kem/frodo/frodokem640shake/clean/matrix_shake.c

@@ -13,7 +13,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) row-wise, multiply by s on the right.
     // Inputs: s, e (N x N_BAR)
     // Output: out = A*s + e (N x N_BAR)
@@ -29,16 +29,16 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (i = 0; i < PARAMS_N; i += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(i + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(i + 0);
         shake128((unsigned char *)(a_row + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(i + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(i + 1);
         shake128((unsigned char *)(a_row + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(i + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(i + 2);
         shake128((unsigned char *)(a_row + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(i + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(i + 3);
         shake128((unsigned char *)(a_row + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (k = 0; k < 4 * PARAMS_N; k++) {
-            a_row[k] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(a_row[k]);
+            a_row[k] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(a_row[k]);
         }
         for (k = 0; k < PARAMS_NBAR; k++) {
             uint16_t sum[4] = {0};
@@ -61,7 +61,7 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t
 
 
 
-int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) column-wise, multiply by s' on the left.
     // Inputs: s', e' (N_BAR x N)
     // Output: out = s'*A + e' (N_BAR x N)
@@ -79,16 +79,16 @@ int PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (kk = 0; kk < PARAMS_N; kk += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(kk + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(kk + 0);
         shake128((unsigned char *)(a_cols + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(kk + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(kk + 1);
         shake128((unsigned char *)(a_cols + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(kk + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(kk + 2);
         shake128((unsigned char *)(a_cols + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(kk + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(kk + 3);
         shake128((unsigned char *)(a_cols + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (i = 0; i < 4 * PARAMS_N; i++) {
-            a_cols[i] = PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(a_cols[i]);
+            a_cols[i] = PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(a_cols[i]);
         }
 
         for (i = 0; i < PARAMS_NBAR; i++) {

src/kem/frodo/frodokem640shake/clean/noise.c

@@ -12,7 +12,7 @@
 
 static const uint16_t CDF_TABLE[CDF_TABLE_LEN] = CDF_TABLE_DATA;
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_sample_n(uint16_t *s, size_t n) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
     // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
     // The distribution is specified by its CDF.
     // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.

src/kem/frodo/frodokem640shake/clean/params.h

@@ -1,10 +1,10 @@
 #ifndef PARAMS_H
 #define PARAMS_H
 
-#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_SECRETKEYBYTES
-#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_PUBLICKEYBYTES
-#define CRYPTO_BYTES PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_BYTES
-#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM640SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES
+#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES
+#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define CRYPTO_BYTES PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_BYTES
+#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM640SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES
 
 #define PARAMS_N 640
 #define PARAMS_NBAR 8

src/kem/frodo/frodokem640shake/clean/util.c

@@ -18,11 +18,11 @@ static inline uint8_t min(uint8_t x, uint8_t y) {
     return y;
 }
 
-uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_LE_TO_UINT16(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) {
     return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8));
 }
 
-uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_UINT16_TO_LE(uint16_t n) {
     uint16_t y;
     uint8_t *z = (uint8_t *) &y;
     z[0] = n & 0xFF;
@@ -30,7 +30,7 @@ uint16_t PQCLEAN_FRODOKEM640SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
     return y;
 }
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
     // Multiply by s on the right
     // Inputs: b (N_BAR x N), s (N x N_BAR)
     // Output: out = b*s (N_BAR x N_BAR)
@@ -48,7 +48,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
     // Multiply by s on the left
     // Inputs: b (N x N_BAR), s (N_BAR x N), e (N_BAR x N_BAR)
     // Output: out = s*b + e (N_BAR x N_BAR)
@@ -66,7 +66,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Add a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a + b
@@ -77,7 +77,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const ui
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Subtract a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a - b
@@ -88,7 +88,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const ui
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in) {
     // Encoding
     unsigned int i, j, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -109,7 +109,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in) {
     // Decoding
     unsigned int i, j, index = 0, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -131,7 +131,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
     // Pack the input uint16 vector into a char output vector, copying lsb bits from each input element.
     // If inlen * lsb / 8 > outlen, only outlen * 8 bits are copied.
     memset(out, 0, outlen);
@@ -180,7 +180,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
     // Unpack the input char vector into a uint16_t output vector, copying lsb bits
     // for each output element from input. outlen must be at least ceil(inlen * 8 / lsb).
     memset(out, 0, outlen * sizeof(uint16_t));
@@ -229,7 +229,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uin
 }
 
 
-int8_t PQCLEAN_FRODOKEM640SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
+int8_t PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
     // Compare two arrays in constant time.
     // Returns 0 if the byte arrays are equal, -1 otherwise.
     uint16_t r = 0;
@@ -243,7 +243,7 @@ int8_t PQCLEAN_FRODOKEM640SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
     // Select one of the two input arrays to be moved to r
     // If (selector == 0) then load r with a, else if (selector == -1) load r with b
 
@@ -253,7 +253,7 @@ void PQCLEAN_FRODOKEM640SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const
 }
 
 
-void PQCLEAN_FRODOKEM640SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n) {
+void PQCLEAN_FRODOKEM640SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n) {
     // Clear 8-bit bytes from memory. "n" indicates the number of bytes to be zeroed.
     // This function uses the volatile type qualifier to inform the compiler not to optimize out the memory clearing.
     volatile uint8_t *v = mem;

src/kem/frodo/frodokem976shake/clean/api.h

@@ -1,20 +1,20 @@
-#ifndef PQCLEAN_FRODOKEM976SHAKE_OPT_API_H
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_API_H
+#ifndef PQCLEAN_FRODOKEM976SHAKE_CLEAN_API_H
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_API_H
 
 #include <stddef.h>
 #include <stdint.h>
 
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_SECRETKEYBYTES  31296     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_PUBLICKEYBYTES  15632     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_BYTES              24
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES  15744     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES  31296     // sizeof(s) + CRYPTO_PUBLICKEYBYTES + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES  15632     // sizeof(seed_A) + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_BYTES              24
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES  15744     // (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + (PARAMS_LOGQ*PARAMS_NBAR*PARAMS_NBAR)/8
 
-#define PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_ALGNAME "FrodoKEM-976-SHAKE"
+#define PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_ALGNAME "FrodoKEM-976-SHAKE"
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
 #endif

src/kem/frodo/frodokem976shake/clean/common.h

@@ -1,21 +1,21 @@
 #ifndef COMMON_H
 #define COMMON_H
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(uint16_t *s, size_t n);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
-int8_t PQCLEAN_FRODOKEM976SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
-void PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n);
-uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(uint16_t n);
-uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(uint16_t n);
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(uint16_t *s, size_t n);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb);
+int8_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector);
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n);
+uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(uint16_t n);
+uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(uint16_t n);
 
 #endif

src/kem/frodo/frodokem976shake/clean/kem.c

@@ -14,7 +14,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     // FrodoKEM's key generation
     // Outputs: public key pk (               BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 bytes)
     //          secret key sk (CRYPTO_BYTES + BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 + 2*PARAMS_N*PARAMS_NBAR + BYTES_PKHASH bytes)
@@ -42,20 +42,20 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     memcpy(&shake_input_seedSE[1], randomness_seedSE, CRYPTO_BYTES);
     shake((uint8_t *)S, 2 * PARAMS_N * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < 2 * PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(S[i]);
+        S[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(S[i]);
     }
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(S, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(E, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_as_plus_e(B, S, E, pk);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(S, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(E, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_as_plus_e(B, S, E, pk);
 
     // Encode the second part of the public key
-    PQCLEAN_FRODOKEM976SHAKE_OPT_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_pack(pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, B, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Add s, pk and S to the secret key
     memcpy(sk_s, randomness_s, CRYPTO_BYTES);
     memcpy(sk_pk, pk, CRYPTO_PUBLICKEYBYTES);
     for (size_t i = 0; i < PARAMS_N * PARAMS_NBAR; i++) {
-        S[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(S[i]);
+        S[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(S[i]);
     }
     memcpy(sk_S, S, 2 * PARAMS_N * PARAMS_NBAR);
 
@@ -63,15 +63,15 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
     shake(sk_pkh, BYTES_PKHASH, pk, CRYPTO_PUBLICKEYBYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(randomness, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)E, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(randomness, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
     // FrodoKEM's key encapsulation
     const uint8_t *pk_seedA = &pk[0];
     const uint8_t *pk_b = &pk[BYTES_SEED_A];
@@ -105,22 +105,22 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     memcpy(&shake_input_seedSE[1], seedSE, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSE, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sa_plus_e(Bp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_pack(ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, Bp, PARAMS_N * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Generate Epp, and compute V = Sp*B + Epp
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sb_plus_e(V, B, Sp, Epp);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sb_plus_e(V, B, Sp, Epp);
 
     // Encode mu, and compute C = V + enc(mu) (mod q)
-    PQCLEAN_FRODOKEM976SHAKE_OPT_key_encode(C, (uint16_t *)mu);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_add(C, V, C);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_encode(C, (uint16_t *)mu);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_add(C, V, C);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_pack(ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, C, PARAMS_NBAR * PARAMS_NBAR, PARAMS_LOGQ);
 
     // Compute ss = F(ct||KK)
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -128,19 +128,19 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(mu, BYTES_MU);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)V, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(mu, BYTES_MU);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(shake_input_seedSE, 1 + CRYPTO_BYTES);
     return 0;
 }
 
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
     // FrodoKEM's key decapsulation
     uint16_t B[PARAMS_N * PARAMS_NBAR] = {0};
     uint16_t Bp[PARAMS_N * PARAMS_NBAR] = {0};
@@ -176,11 +176,11 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     }
 
     // Compute W = C - Bp*S (mod q), and decode the randomness mu
-    PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_bs(W, Bp, S);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sub(W, C, W);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_key_decode((uint16_t *)muprime, W);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(Bp, PARAMS_N * PARAMS_NBAR, ct_c1, (PARAMS_LOGQ * PARAMS_N * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(C, PARAMS_NBAR * PARAMS_NBAR, ct_c2, (PARAMS_LOGQ * PARAMS_NBAR * PARAMS_NBAR) / 8, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_bs(W, Bp, S);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sub(W, C, W);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_decode((uint16_t *)muprime, W);
 
     // Generate (seedSE' || k') = G_2(pkh || mu')
     memcpy(pkh, sk_pkh, BYTES_PKHASH);
@@ -191,20 +191,20 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     memcpy(&shake_input_seedSEprime[1], seedSEprime, CRYPTO_BYTES);
     shake((uint8_t *)Sp, (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR * sizeof(uint16_t), shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     for (size_t i = 0; i < (2 * PARAMS_N + PARAMS_NBAR) * PARAMS_NBAR; i++) {
-        Sp[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(Sp[i]);
+        Sp[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(Sp[i]);
     }
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Sp, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Ep, PARAMS_N * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sa_plus_e(BBp, Sp, Ep, pk_seedA);
 
     // Generate Epp, and compute W = Sp*B + Epp
-    PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sb_plus_e(W, B, Sp, Epp);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(Epp, PARAMS_NBAR * PARAMS_NBAR);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(B, PARAMS_N * PARAMS_NBAR, pk_b, CRYPTO_PUBLICKEYBYTES - BYTES_SEED_A, PARAMS_LOGQ);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sb_plus_e(W, B, Sp, Epp);
 
     // Encode mu, and compute CC = W + enc(mu') (mod q)
-    PQCLEAN_FRODOKEM976SHAKE_OPT_key_encode(CC, (uint16_t *)muprime);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_add(CC, W, CC);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_encode(CC, (uint16_t *)muprime);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_add(CC, W, CC);
 
     // Prepare input to F
     memcpy(Fin_ct, ct, CRYPTO_CIPHERTEXTBYTES);
@@ -218,20 +218,20 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_crypto_kem_dec(uint8_t *ss, const uint8_t *ct,
     // Needs to avoid branching on secret data as per:
     //     Qian Guo, Thomas Johansson, Alexander Nilsson. A key-recovery timing attack on post-quantum
     //     primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. In CRYPTO 2020.
-    int8_t selector = PQCLEAN_FRODOKEM976SHAKE_OPT_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM976SHAKE_OPT_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
+    int8_t selector = PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_verify(Bp, BBp, PARAMS_N * PARAMS_NBAR) | PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_verify(C, CC, PARAMS_NBAR * PARAMS_NBAR);
     // If (selector == 0) then load k' to do ss = F(ct || k'), else if (selector == -1) load s to do ss = F(ct || s)
-    PQCLEAN_FRODOKEM976SHAKE_OPT_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_select((uint8_t *)Fin_k, (uint8_t *)kprime, (uint8_t *)sk_s, CRYPTO_BYTES, selector);
     shake(ss, CRYPTO_BYTES, Fin, CRYPTO_CIPHERTEXTBYTES + CRYPTO_BYTES);
 
     // Cleanup:
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(muprime, BYTES_MU);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(G2out, 2 * CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(Fin_k, CRYPTO_BYTES);
-    PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)W, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Sp, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)S, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Ep, PARAMS_N * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes((uint8_t *)Epp, PARAMS_NBAR * PARAMS_NBAR * sizeof(uint16_t));
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(muprime, BYTES_MU);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(G2out, 2 * CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(Fin_k, CRYPTO_BYTES);
+    PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(shake_input_seedSEprime, 1 + CRYPTO_BYTES);
     return 0;
 }

src/kem/frodo/frodokem976shake/clean/matrix_shake.c

@@ -13,7 +13,7 @@
 #include "common.h"
 #include "params.h"
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_as_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) row-wise, multiply by s on the right.
     // Inputs: s, e (N x N_BAR)
     // Output: out = A*s + e (N x N_BAR)
@@ -29,16 +29,16 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (i = 0; i < PARAMS_N; i += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(i + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(i + 0);
         shake128((unsigned char *)(a_row + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(i + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(i + 1);
         shake128((unsigned char *)(a_row + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(i + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(i + 2);
         shake128((unsigned char *)(a_row + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(i + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(i + 3);
         shake128((unsigned char *)(a_row + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (k = 0; k < 4 * PARAMS_N; k++) {
-            a_row[k] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(a_row[k]);
+            a_row[k] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(a_row[k]);
         }
         for (k = 0; k < PARAMS_NBAR; k++) {
             uint16_t sum[4] = {0};
@@ -61,7 +61,7 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_as_plus_e(uint16_t *out, const uint16_t
 
 
 
-int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
+int PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sa_plus_e(uint16_t *out, const uint16_t *s, const uint16_t *e, const uint8_t *seed_A) {
     // Generate-and-multiply: generate matrix A (N x N) column-wise, multiply by s' on the left.
     // Inputs: s', e' (N_BAR x N)
     // Output: out = s'*A + e' (N_BAR x N)
@@ -79,16 +79,16 @@ int PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sa_plus_e(uint16_t *out, const uint16_t
     uint16_t *seed_A_origin = (uint16_t *)&seed_A_separated;
     memcpy(&seed_A_separated[2], seed_A, BYTES_SEED_A);
     for (kk = 0; kk < PARAMS_N; kk += 4) {
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(kk + 0);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(kk + 0);
         shake128((unsigned char *)(a_cols + 0 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(kk + 1);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(kk + 1);
         shake128((unsigned char *)(a_cols + 1 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(kk + 2);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(kk + 2);
         shake128((unsigned char *)(a_cols + 2 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
-        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(kk + 3);
+        seed_A_origin[0] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(kk + 3);
         shake128((unsigned char *)(a_cols + 3 * PARAMS_N), (unsigned long long)(2 * PARAMS_N), seed_A_separated, 2 + BYTES_SEED_A);
         for (i = 0; i < 4 * PARAMS_N; i++) {
-            a_cols[i] = PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(a_cols[i]);
+            a_cols[i] = PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(a_cols[i]);
         }
 
         for (i = 0; i < PARAMS_NBAR; i++) {

src/kem/frodo/frodokem976shake/clean/noise.c

@@ -12,7 +12,7 @@
 
 static const uint16_t CDF_TABLE[CDF_TABLE_LEN] = CDF_TABLE_DATA;
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_sample_n(uint16_t *s, size_t n) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sample_n(uint16_t *s, size_t n) {
     // Fills vector s with n samples from the noise distribution which requires 16 bits to sample.
     // The distribution is specified by its CDF.
     // Input: pseudo-random values (2*n bytes) passed in s. The input is overwritten by the output.

src/kem/frodo/frodokem976shake/clean/params.h

@@ -1,10 +1,10 @@
 #ifndef PARAMS_H
 #define PARAMS_H
 
-#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_SECRETKEYBYTES
-#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_PUBLICKEYBYTES
-#define CRYPTO_BYTES PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_BYTES
-#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM976SHAKE_OPT_CRYPTO_CIPHERTEXTBYTES
+#define CRYPTO_SECRETKEYBYTES PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_SECRETKEYBYTES
+#define CRYPTO_PUBLICKEYBYTES PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_PUBLICKEYBYTES
+#define CRYPTO_BYTES PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_BYTES
+#define CRYPTO_CIPHERTEXTBYTES PQCLEAN_FRODOKEM976SHAKE_CLEAN_CRYPTO_CIPHERTEXTBYTES
 
 #define PARAMS_N 976
 #define PARAMS_NBAR 8

src/kem/frodo/frodokem976shake/clean/util.c

@@ -18,11 +18,11 @@ static inline uint8_t min(uint8_t x, uint8_t y) {
     return y;
 }
 
-uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_LE_TO_UINT16(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_LE_TO_UINT16(uint16_t n) {
     return (((uint8_t *) &n)[0] | (((uint8_t *) &n)[1] << 8));
 }
 
-uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
+uint16_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_UINT16_TO_LE(uint16_t n) {
     uint16_t y;
     uint8_t *z = (uint8_t *) &y;
     z[0] = n & 0xFF;
@@ -30,7 +30,7 @@ uint16_t PQCLEAN_FRODOKEM976SHAKE_OPT_UINT16_TO_LE(uint16_t n) {
     return y;
 }
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_bs(uint16_t *out, const uint16_t *b, const uint16_t *s) {
     // Multiply by s on the right
     // Inputs: b (N_BAR x N), s (N x N_BAR)
     // Output: out = b*s (N_BAR x N_BAR)
@@ -48,7 +48,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_bs(uint16_t *out, const uint16_t *b, const
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_mul_add_sb_plus_e(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e) {
     // Multiply by s on the left
     // Inputs: b (N x N_BAR), s (N_BAR x N), e (N_BAR x N_BAR)
     // Output: out = s*b + e (N_BAR x N_BAR)
@@ -66,7 +66,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_mul_add_sb_plus_e(uint16_t *out, const uint16_
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_add(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Add a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a + b
@@ -77,7 +77,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_add(uint16_t *out, const uint16_t *a, const ui
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_sub(uint16_t *out, const uint16_t *a, const uint16_t *b) {
     // Subtract a and b
     // Inputs: a, b (N_BAR x N_BAR)
     // Output: c = a - b
@@ -88,7 +88,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_sub(uint16_t *out, const uint16_t *a, const ui
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_encode(uint16_t *out, const uint16_t *in) {
     // Encoding
     unsigned int i, j, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -109,7 +109,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_key_encode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_key_decode(uint16_t *out, const uint16_t *in) {
     // Decoding
     unsigned int i, j, index = 0, npieces_word = 8;
     unsigned int nwords = (PARAMS_NBAR * PARAMS_NBAR) / 8;
@@ -131,7 +131,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_key_decode(uint16_t *out, const uint16_t *in)
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_pack(uint8_t *out, size_t outlen, const uint16_t *in, size_t inlen, uint8_t lsb) {
     // Pack the input uint16 vector into a char output vector, copying lsb bits from each input element.
     // If inlen * lsb / 8 > outlen, only outlen * 8 bits are copied.
     memset(out, 0, outlen);
@@ -180,7 +180,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_pack(uint8_t *out, size_t outlen, const uint16
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_unpack(uint16_t *out, size_t outlen, const uint8_t *in, size_t inlen, uint8_t lsb) {
     // Unpack the input char vector into a uint16_t output vector, copying lsb bits
     // for each output element from input. outlen must be at least ceil(inlen * 8 / lsb).
     memset(out, 0, outlen * sizeof(uint16_t));
@@ -229,7 +229,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_unpack(uint16_t *out, size_t outlen, const uin
 }
 
 
-int8_t PQCLEAN_FRODOKEM976SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
+int8_t PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_verify(const uint16_t *a, const uint16_t *b, size_t len) {
     // Compare two arrays in constant time.
     // Returns 0 if the byte arrays are equal, -1 otherwise.
     uint16_t r = 0;
@@ -243,7 +243,7 @@ int8_t PQCLEAN_FRODOKEM976SHAKE_OPT_ct_verify(const uint16_t *a, const uint16_t
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_ct_select(uint8_t *r, const uint8_t *a, const uint8_t *b, size_t len, int8_t selector) {
     // Select one of the two input arrays to be moved to r
     // If (selector == 0) then load r with a, else if (selector == -1) load r with b
 
@@ -253,7 +253,7 @@ void PQCLEAN_FRODOKEM976SHAKE_OPT_ct_select(uint8_t *r, const uint8_t *a, const
 }
 
 
-void PQCLEAN_FRODOKEM976SHAKE_OPT_clear_bytes(uint8_t *mem, size_t n) {
+void PQCLEAN_FRODOKEM976SHAKE_CLEAN_clear_bytes(uint8_t *mem, size_t n) {
     // Clear 8-bit bytes from memory. "n" indicates the number of bytes to be zeroed.
     // This function uses the volatile type qualifier to inform the compiler not to optimize out the memory clearing.
     volatile uint8_t *v = mem;

test/common/nistkatrng.c

@@ -1,104 +0,0 @@
-//
-//  rng.c
-//
-//  Created by Bassham, Lawrence E (Fed) on 8/29/17.
-//  Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved.
-//  Modified for liboqs by Douglas Stebila
-//
-
-#include <assert.h>
-#include <string.h>
-
-#include "aes.h"
-#include "randombytes.h"
-
-typedef struct {
-    uint8_t Key[32];
-    uint8_t V[16];
-    int reseed_counter;
-} AES256_CTR_DRBG_struct;
-
-static AES256_CTR_DRBG_struct DRBG_ctx;
-static void AES256_CTR_DRBG_Update(const uint8_t *provided_data, uint8_t *Key, uint8_t *V);
-
-// Use whatever AES implementation you have. This uses AES from openSSL library
-//    key - 256-bit AES key
-//    ctr - a 128-bit plaintext value
-//    buffer - a 128-bit ciphertext value
-static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) {
-    aes256ctx ctx;
-    aes256_ecb_keyexp(&ctx, key);
-    aes256_ecb(buffer, ctr, 1, &ctx);
-    aes256_ctx_release(&ctx);
-}
-
-void nist_kat_init(uint8_t *entropy_input, const uint8_t *personalization_string, int security_strength);
-void nist_kat_init(uint8_t *entropy_input, const uint8_t *personalization_string, int security_strength) {
-    uint8_t seed_material[48];
-
-    assert(security_strength == 256);
-    memcpy(seed_material, entropy_input, 48);
-    if (personalization_string) {
-        for (int i = 0; i < 48; i++) {
-            seed_material[i] ^= personalization_string[i];
-        }
-    }
-    memset(DRBG_ctx.Key, 0x00, 32);
-    memset(DRBG_ctx.V, 0x00, 16);
-    AES256_CTR_DRBG_Update(seed_material, DRBG_ctx.Key, DRBG_ctx.V);
-    DRBG_ctx.reseed_counter = 1;
-}
-
-int randombytes(uint8_t *buf, size_t n) {
-    uint8_t block[16];
-    int i = 0;
-
-    while (n > 0) {
-        //increment V
-        for (int j = 15; j >= 0; j--) {
-            if (DRBG_ctx.V[j] == 0xff) {
-                DRBG_ctx.V[j] = 0x00;
-            } else {
-                DRBG_ctx.V[j]++;
-                break;
-            }
-        }
-        AES256_ECB(DRBG_ctx.Key, DRBG_ctx.V, block);
-        if (n > 15) {
-            memcpy(buf + i, block, 16);
-            i += 16;
-            n -= 16;
-        } else {
-            memcpy(buf + i, block, n);
-            n = 0;
-        }
-    }
-    AES256_CTR_DRBG_Update(NULL, DRBG_ctx.Key, DRBG_ctx.V);
-    DRBG_ctx.reseed_counter++;
-    return 0;
-}
-
-static void AES256_CTR_DRBG_Update(const uint8_t *provided_data, uint8_t *Key, uint8_t *V) {
-    uint8_t temp[48];
-
-    for (int i = 0; i < 3; i++) {
-        //increment V
-        for (int j = 15; j >= 0; j--) {
-            if (V[j] == 0xff) {
-                V[j] = 0x00;
-            } else {
-                V[j]++;
-                break;
-            }
-        }
-
-        AES256_ECB(Key, V, temp + 16 * i);
-    }
-    if (provided_data != NULL) {
-        for (int i = 0; i < 48; i++) {
-            temp[i] ^= provided_data[i];
-        }
-    }
-    memcpy(Key, temp, 32);
-    memcpy(V, temp + 32, 16);
-}

test/common/notrandombytes.c

@@ -1,78 +0,0 @@
-/**
- * WARNING
- *
- * This file generates a PREDICTABLE and NOT AT ALL RANDOM sequence of bytes.
- *
- * Its purpose is to support our testing suite and it MUST NOT be used in any
- * scenario where you are expecting actual cryptography to happen.
- */
-
-#include "randombytes.h"
-#include <stdint.h>
-
-static uint32_t seed[32] = { 3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5, 8, 9, 7, 9, 3,
-                             2, 3, 8, 4, 6, 2, 6, 4, 3, 3, 8, 3, 2, 7, 9, 5
-                           };
-static uint32_t in[12];
-static uint32_t out[8];
-static int32_t outleft = 0;
-
-#define ROTATE(x, b) (((x) << (b)) | ((x) >> (32 - (b))))
-#define MUSH(i, b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x, b));
-
-static void surf(void) {
-    uint32_t t[12];
-    uint32_t x;
-    uint32_t sum = 0;
-    int32_t r;
-    int32_t i;
-    int32_t loop;
-
-    for (i = 0; i < 12; ++i) {
-        t[i] = in[i] ^ seed[12 + i];
-    }
-    for (i = 0; i < 8; ++i) {
-        out[i] = seed[24 + i];
-    }
-    x = t[11];
-    for (loop = 0; loop < 2; ++loop) {
-        for (r = 0; r < 16; ++r) {
-            sum += 0x9e3779b9;
-            MUSH(0, 5)
-            MUSH(1, 7)
-            MUSH(2, 9)
-            MUSH(3, 13)
-            MUSH(4, 5)
-            MUSH(5, 7)
-            MUSH(6, 9)
-            MUSH(7, 13)
-            MUSH(8, 5)
-            MUSH(9, 7)
-            MUSH(10, 9)
-            MUSH(11, 13)
-        }
-        for (i = 0; i < 8; ++i) {
-            out[i] ^= t[i + 4];
-        }
-    }
-}
-
-int randombytes(uint8_t *buf, size_t n) {
-    while (n > 0) {
-        if (!outleft) {
-            if (!++in[0]) {
-                if (!++in[1]) {
-                    if (!++in[2]) {
-                        ++in[3];
-                    }
-                }
-            }
-            surf();
-            outleft = 8;
-        }
-        *buf = (uint8_t) out[--outleft];
-        ++buf;
-        --n;
-    }
-    return 0;
-}

test/duplicate_consistency/dilithium2_avx2.yml

@@ -1,133 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - rejsample.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c

test/duplicate_consistency/dilithium2_clean.yml

@@ -1,137 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium2aes_avx2.yml

@@ -1,129 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - sign.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - rejsample.c
-      - sign.c

test/duplicate_consistency/dilithium2aes_clean.yml

@@ -1,135 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium3_avx2.yml

@@ -1,132 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - rounding.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c

test/duplicate_consistency/dilithium3_clean.yml

@@ -1,139 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium3aes_avx2.yml

@@ -1,128 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - sign.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - rounding.c
-      - sign.c

test/duplicate_consistency/dilithium3aes_clean.yml

@@ -1,137 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium5_avx2.yml

@@ -1,135 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - rejsample.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - consts.c
-      - fips202x4.c
-      - packing.c
-      - rounding.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c

test/duplicate_consistency/dilithium5_clean.yml

@@ -1,139 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - symmetric.h
-      - packing.c
-      - symmetric-shake.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium5aes_avx2.yml

@@ -1,131 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - rejsample.c
-      - sign.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - consts.c
-      - packing.c
-      - polyvec.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - align.h
-      - cdecl.h
-      - consts.h
-      - ntt.h
-      - packing.h
-      - rejsample.h
-      - rounding.h
-      - sign.h
-      - consts.c
-      - packing.c
-      - rounding.c
-    - source:
-        scheme: dilithium5aes
-        implementation: clean
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/dilithium5aes_clean.yml

@@ -1,137 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: dilithium2
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-    - source:
-        scheme: dilithium2
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium2aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium2aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium3
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium3aes
-        implementation: clean
-      files:
-      - aes256ctr.h
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - symmetric.h
-      - aes256ctr.c
-      - ntt.c
-      - packing.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-      - symmetric-aes.c
-    - source:
-        scheme: dilithium3aes
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5
-        implementation: clean
-      files:
-      - ntt.h
-      - packing.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rounding.h
-      - sign.h
-      - ntt.c
-      - packing.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - rounding.c
-      - sign.c
-    - source:
-        scheme: dilithium5
-        implementation: avx2
-      files:
-      - packing.h
-      - sign.h
-      - packing.c
-    - source:
-        scheme: dilithium5aes
-        implementation: avx2
-      files:
-      - api.h
-      - packing.h
-      - params.h
-      - sign.h
-      - packing.c

test/duplicate_consistency/falcon-1024_avx2.yml

@@ -1,33 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon-512
-      implementation: clean
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c
-  - source:
-      scheme: falcon-512
-      implementation: avx2
-    files:
-      - fpr.h
-      - inner.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: clean
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c

test/duplicate_consistency/falcon-1024_clean.yml

@@ -1,32 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon-512
-      implementation: clean
-    files:
-      - fpr.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c
-  - source:
-      scheme: falcon-512
-      implementation: avx2
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: avx2
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c

test/duplicate_consistency/falcon-512_avx2.yml

@@ -1,33 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon-512
-      implementation: clean
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: clean
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: avx2
-    files:
-      - fpr.h
-      - inner.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c

test/duplicate_consistency/falcon-512_clean.yml

@@ -1,32 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon-512
-      implementation: avx2
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: clean
-    files:
-      - fpr.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c
-  - source:
-      scheme: falcon-1024
-      implementation: avx2
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c

test/duplicate_consistency/falcon1024_avx2.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon1024
-      implementation: clean
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c

test/duplicate_consistency/falcon1024_clean.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon1024
-      implementation: avx2
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c

test/duplicate_consistency/falcon512_avx2.yml

@@ -1,33 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon512
-      implementation: clean
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c
-  - source:
-      scheme: falcon1024
-      implementation: clean
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c
-  - source:
-      scheme: falcon1024
-      implementation: avx2
-    files:
-      - fpr.h
-      - inner.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c

test/duplicate_consistency/falcon512_clean.yml

@@ -1,32 +0,0 @@
-consistency_checks:
-  - source:
-      scheme: falcon512
-      implementation: avx2
-    files:
-      - api.h
-      - codec.c
-      - common.c
-      - keygen.c
-      - pqclean.c
-      - vrfy.c
-  - source:
-      scheme: falcon1024
-      implementation: clean
-    files:
-      - fpr.h
-      - codec.c
-      - common.c
-      - fft.c
-      - fpr.c
-      - keygen.c
-      - rng.c
-      - sign.c
-      - vrfy.c
-  - source:
-      scheme: falcon1024
-      implementation: avx2
-    files:
-      - codec.c
-      - common.c
-      - keygen.c
-      - vrfy.c

test/duplicate_consistency/firesaber_avx2.yml

@@ -1,15 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: firesaber
-        implementation: clean
-      files:
-      - api.h
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - SABER_params.h
-      - verify.h
-      - cbd.c
-      - kem.c
-      - pack_unpack.c
-      - verify.c

test/duplicate_consistency/firesaber_clean.yml

@@ -1,15 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: firesaber
-        implementation: avx2
-      files:
-      - api.h
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - SABER_params.h
-      - verify.h
-      - cbd.c
-      - kem.c
-      - pack_unpack.c
-      - verify.c

test/duplicate_consistency/frodokem1344aes_clean.yml

@@ -1,15 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640aes
-    implementation: clean
-  files:
-    - common.h
-    - kem.c
-    - matrix_aes.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem1344shake
-    implementation: clean
-  files:
-    - params.h

test/duplicate_consistency/frodokem1344aes_opt.yml

@@ -1,16 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem1344aes
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem640aes
-    implementation: opt
-  files:
-    - matrix_aes.c

test/duplicate_consistency/frodokem1344shake_clean.yml

@@ -1,10 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640shake
-    implementation: clean
-  files:
-    - common.h
-    - kem.c
-    - matrix_shake.c
-    - noise.c
-    - util.c

test/duplicate_consistency/frodokem1344shake_opt.yml

@@ -1,16 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem1344shake
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem640shake
-    implementation: opt
-  files:
-    - matrix_shake.c

test/duplicate_consistency/frodokem640aes_clean.yml

@@ -1,10 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640shake
-    implementation: clean
-  files:
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c

test/duplicate_consistency/frodokem640aes_opt.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640aes
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c

test/duplicate_consistency/frodokem640shake_opt.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640shake
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c

test/duplicate_consistency/frodokem976aes_clean.yml

@@ -1,15 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640aes
-    implementation: clean
-  files:
-    - common.h
-    - kem.c
-    - matrix_aes.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem976shake
-    implementation: clean
-  files:
-    - params.h

test/duplicate_consistency/frodokem976aes_opt.yml

@@ -1,16 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem976aes
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem640aes
-    implementation: opt
-  files:
-    - matrix_aes.c

test/duplicate_consistency/frodokem976shake_clean.yml

@@ -1,10 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem640shake
-    implementation: clean
-  files:
-    - common.h
-    - kem.c
-    - matrix_shake.c
-    - noise.c
-    - util.c

test/duplicate_consistency/frodokem976shake_opt.yml

@@ -1,16 +0,0 @@
-consistency_checks:
-- source:
-    scheme: frodokem976shake
-    implementation: clean
-  files:
-    - api.h
-    - common.h
-    - params.h
-    - kem.c
-    - noise.c
-    - util.c
-- source:
-    scheme: frodokem640shake
-    implementation: opt
-  files:
-    - matrix_shake.c

test/duplicate_consistency/hqc-128-1-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-192-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-128_avx2.yml

@@ -1,88 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-128
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-192
-        implementation: clean
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-192
-        implementation: avx2
-      files:
-      - alpha_table.h
-      - bch.h
-      - code.h
-      - fft.h
-      - gen_matrix.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - repetition.c
-      - vector.c
-    - source:
-        scheme: hqc-256
-        implementation: clean
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-256
-        implementation: avx2
-      files:
-      - bch.h
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c

test/duplicate_consistency/hqc-128_clean.yml

@@ -1,97 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-128
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-192
-        implementation: clean
-      files:
-      - bch.h
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-192
-        implementation: avx2
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-256
-        implementation: clean
-      files:
-      - bch.h
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-256
-        implementation: avx2
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c

test/duplicate_consistency/hqc-192-1-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-128-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-192-2-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-128-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-192_avx2.yml

@@ -1,59 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-192
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-256
-        implementation: clean
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-256
-        implementation: avx2
-      files:
-      - bch.h
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c

test/duplicate_consistency/hqc-192_clean.yml

@@ -1,69 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-192
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-256
-        implementation: clean
-      files:
-      - bch.h
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - repetition.h
-      - vector.h
-      - bch.c
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-256
-        implementation: avx2
-      files:
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c

test/duplicate_consistency/hqc-256-1-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-128-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-256-2-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-128-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-256-3-cca2_leaktime.yml

@@ -1,26 +0,0 @@
-consistency_checks:
-- source:
-    scheme: hqc-128-1-cca2
-    implementation: leaktime
-  files:
-    - bch.c
-    - bch.h
-    - fft.c
-    - fft.h
-    - gf.c
-    - gf.h
-    - gf2x.c
-    - gf2x.h
-    - hqc.c
-    - hqc.h
-    - kem.c
-    - parsing.c
-    - parsing.h
-    - repetition.c
-    - repetition.h
-    - tensor.c
-    - tensor.h
-    - vector.c
-    - vector.h
-    - util.c
-    - util.h

test/duplicate_consistency/hqc-256_avx2.yml

@@ -1,33 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-256
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - parsing.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - parsing.c

test/duplicate_consistency/hqc-256_clean.yml

@@ -1,41 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-256
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - hqc.h
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - gf2x.h
-      - parsing.h
-      - vector.h
-      - gf2x.c
-      - gf.c
-      - parsing.c
-      - vector.c

test/duplicate_consistency/hqc-rmrs-128_avx2.yml

@@ -1,69 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - vector.c

test/duplicate_consistency/hqc-rmrs-128_clean.yml

@@ -1,73 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-128
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - reed_solomon.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - reed_solomon.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c

test/duplicate_consistency/hqc-rmrs-192_avx2.yml

@@ -1,40 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - vector.c

test/duplicate_consistency/hqc-rmrs-192_clean.yml

@@ -1,42 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-192
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - code.h
-      - fft.h
-      - gf2x.h
-      - gf.h
-      - hqc.h
-      - parsing.h
-      - reed_muller.h
-      - vector.h
-      - code.c
-      - fft.c
-      - gf2x.c
-      - gf.c
-      - hqc.c
-      - kem.c
-      - parsing.c
-      - reed_muller.c
-      - reed_solomon.c
-      - vector.c
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c

test/duplicate_consistency/hqc-rmrs-256_avx2.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: clean
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c

test/duplicate_consistency/hqc-rmrs-256_clean.yml

@@ -1,11 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: hqc-rmrs-256
-        implementation: avx2
-      files:
-      - api.h
-      - code.h
-      - fft.h
-      - hqc.h
-      - reed_muller.h
-      - fft.c

test/duplicate_consistency/kyber1024-90s_avx2.yml

@@ -1,154 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - cbd.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber1024-90s_clean.yml

@@ -1,141 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber1024_avx2.yml

@@ -1,156 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c

test/duplicate_consistency/kyber1024_clean.yml

@@ -1,142 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber512-90s_avx2.yml

@@ -1,155 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - poly.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - rejsample.c
-      - verify.c

test/duplicate_consistency/kyber512-90s_clean.yml

@@ -1,143 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber512_avx2.yml

@@ -1,155 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c

test/duplicate_consistency/kyber512_clean.yml

@@ -1,144 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber768-90s_avx2.yml

@@ -1,157 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - poly.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - aes256ctr.h
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - aes256ctr.c
-      - cbd.c
-      - consts.c
-      - indcpa.c
-      - kem.c
-      - rejsample.c
-      - verify.c

test/duplicate_consistency/kyber768-90s_clean.yml

@@ -1,145 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric-aes.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-aes.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/kyber768_avx2.yml

@@ -1,158 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber768
-        implementation: clean
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - polyvec.c
-      - rejsample.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - fips202x4.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - fips202x4.c
-      - kem.c
-      - rejsample.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - align.h
-      - cbd.h
-      - cdecl.h
-      - consts.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - polyvec.h
-      - reduce.h
-      - rejsample.h
-      - verify.h
-      - cbd.c
-      - consts.c
-      - kem.c
-      - rejsample.c
-      - verify.c

test/duplicate_consistency/kyber768_clean.yml

@@ -1,146 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: kyber512
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber512
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber512-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber512-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber768
-        implementation: avx2
-      files:
-      - api.h
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber768-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - params.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - poly.c
-      - polyvec.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber768-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-    - source:
-        scheme: kyber1024
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - symmetric.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - symmetric-shake.c
-      - verify.c
-    - source:
-        scheme: kyber1024
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h
-      - symmetric-shake.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: clean
-      files:
-      - cbd.h
-      - indcpa.h
-      - kem.h
-      - ntt.h
-      - poly.h
-      - polyvec.h
-      - reduce.h
-      - verify.h
-      - cbd.c
-      - indcpa.c
-      - kem.c
-      - ntt.c
-      - reduce.c
-      - verify.c
-    - source:
-        scheme: kyber1024-90s
-        implementation: avx2
-      files:
-      - indcpa.h
-      - kem.h
-      - verify.h

test/duplicate_consistency/lightsaber_avx2.yml

@@ -1,63 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: lightsaber
-        implementation: clean
-      files:
-      - api.h
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - SABER_params.h
-      - verify.h
-      - cbd.c
-      - kem.c
-      - pack_unpack.c
-      - verify.c
-    - source:
-        scheme: saber
-        implementation: clean
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - verify.c
-    - source:
-        scheme: saber
-        implementation: avx2
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - poly.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - poly.c
-      - poly_mul.c
-      - SABER_indcpa.c
-      - verify.c
-    - source:
-        scheme: firesaber
-        implementation: clean
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - verify.c
-    - source:
-        scheme: firesaber
-        implementation: avx2
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - poly.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - poly.c
-      - poly_mul.c
-      - SABER_indcpa.c
-      - verify.c

test/duplicate_consistency/lightsaber_clean.yml

@@ -1,65 +0,0 @@
-consistency_checks:
-    - source:
-        scheme: lightsaber
-        implementation: avx2
-      files:
-      - api.h
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - SABER_params.h
-      - verify.h
-      - cbd.c
-      - kem.c
-      - pack_unpack.c
-      - verify.c
-    - source:
-        scheme: saber
-        implementation: clean
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - poly.h
-      - poly_mul.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - poly.c
-      - poly_mul.c
-      - SABER_indcpa.c
-      - verify.c
-    - source:
-        scheme: saber
-        implementation: avx2
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - verify.c
-    - source:
-        scheme: firesaber
-        implementation: clean
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - poly.h
-      - poly_mul.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - poly.c
-      - poly_mul.c
-      - SABER_indcpa.c
-      - verify.c
-    - source:
-        scheme: firesaber
-        implementation: avx2
-      files:
-      - cbd.h
-      - pack_unpack.h
-      - SABER_indcpa.h
-      - verify.h
-      - kem.c
-      - verify.c

test/duplicate_consistency/mceliece348864_avx.yml

@@ -1,293 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864_clean.yml

@@ -1,395 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.c
-  - benes.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.c
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864_sse.yml

@@ -1,293 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864_vec.yml

@@ -1,345 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.c
-  - benes.h
-  - bm.c
-  - bm.h
-  - consts.inc
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - fft.c
-  - fft.h
-  - fft_tr.c
-  - fft_tr.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - powers.inc
-  - scalars.inc
-  - scalars_2x.inc
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - util.c
-  - vec.c
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864f_avx.yml

@@ -1,293 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864f_clean.yml

@@ -1,395 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.c
-  - benes.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.c
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - bm.c
-  - bm.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - pk_gen.c
-  - pk_gen.h
-  - root.c
-  - root.h
-  - sk_gen.c
-  - sk_gen.h
-  - synd.c
-  - synd.h
-  - transpose.c
-  - transpose.h
-  - util.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864f_sse.yml

@@ -1,293 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - scalars.inc
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece348864f_vec.yml

@@ -1,345 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.c
-  - benes.h
-  - bm.c
-  - bm.h
-  - consts.inc
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.c
-  - decrypt.h
-  - encrypt.c
-  - encrypt.h
-  - fft.c
-  - fft.h
-  - fft_tr.c
-  - fft_tr.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - powers.inc
-  - scalars.inc
-  - scalars_2x.inc
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - util.c
-  - vec.c
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - fft_tr.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - benes.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  - transpose.c
-  - transpose.h
-  - vec.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f

test/duplicate_consistency/mceliece460896_avx.yml

@@ -1,297 +0,0 @@
-consistency_checks:
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece348864f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - api.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.c
-  - gf.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - params.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece460896f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - gf.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6688128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece6960119f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: clean
-    scheme: mceliece8192128f
-- files:
-  - aes256ctr.c
-  - aes256ctr.h
-  - controlbits.c
-  - controlbits.h
-  - crypto_hash.h
-  - decrypt.h
-  - encrypt.h
-  - operations.c
-  - pk_gen.h
-  - sk_gen.c
-  - sk_gen.h
-  source:
-    implementation: vec
-    scheme: mceliece8192128f