From d73a713fd4f89c353e30d7fc1008371f2c58e6f8 Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 10 Sep 2020 16:27:12 -0400 Subject: [PATCH] Fix endianness issues --- crypto_kem/hqc-128/avx2/kem.c | 8 +-- crypto_kem/hqc-128/avx2/parameters.h | 4 ++ crypto_kem/hqc-128/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-128/avx2/parsing.h | 9 +++ crypto_kem/hqc-128/avx2/vector.c | 5 +- crypto_kem/hqc-192/avx2/kem.c | 8 +-- crypto_kem/hqc-192/avx2/parameters.h | 4 ++ crypto_kem/hqc-192/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-192/avx2/parsing.h | 9 +++ crypto_kem/hqc-256/avx2/kem.c | 8 +-- crypto_kem/hqc-256/avx2/parameters.h | 4 ++ crypto_kem/hqc-256/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-256/avx2/parsing.h | 9 +++ crypto_kem/hqc-rmrs-128/avx2/kem.c | 8 +-- crypto_kem/hqc-rmrs-128/avx2/parameters.h | 4 ++ crypto_kem/hqc-rmrs-128/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-rmrs-128/avx2/parsing.h | 9 +++ crypto_kem/hqc-rmrs-128/avx2/vector.c | 5 +- crypto_kem/hqc-rmrs-192/avx2/kem.c | 8 +-- crypto_kem/hqc-rmrs-192/avx2/parameters.h | 4 ++ crypto_kem/hqc-rmrs-192/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-rmrs-192/avx2/parsing.h | 9 +++ crypto_kem/hqc-rmrs-192/avx2/vector.c | 5 +- crypto_kem/hqc-rmrs-256/avx2/kem.c | 8 +-- crypto_kem/hqc-rmrs-256/avx2/parameters.h | 4 ++ crypto_kem/hqc-rmrs-256/avx2/parsing.c | 70 +++++++++++++++++-- crypto_kem/hqc-rmrs-256/avx2/parsing.h | 9 +++ crypto_kem/hqc-rmrs-256/avx2/vector.c | 5 +- test/duplicate_consistency/hqc-128_avx2.yml | 5 -- test/duplicate_consistency/hqc-128_clean.yml | 3 - test/duplicate_consistency/hqc-192_avx2.yml | 5 -- test/duplicate_consistency/hqc-192_clean.yml | 2 - test/duplicate_consistency/hqc-256_avx2.yml | 4 -- test/duplicate_consistency/hqc-256_clean.yml | 1 - .../hqc-rmrs-128_avx2.yml | 3 + .../hqc-rmrs-128_clean.yml | 3 + .../hqc-rmrs-192_avx2.yml | 2 + .../hqc-rmrs-192_clean.yml | 2 + .../hqc-rmrs-256_avx2.yml | 1 + .../hqc-rmrs-256_clean.yml | 1 + 40 files changed, 510 insertions(+), 88 deletions(-) diff --git a/crypto_kem/hqc-128/avx2/kem.c b/crypto_kem/hqc-128/avx2/kem.c index 8a6b60c8..ee1cfa0d 100644 --- a/crypto_kem/hqc-128/avx2/kem.c +++ b/crypto_kem/hqc-128/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQC128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-128/avx2/parameters.h b/crypto_kem/hqc-128/avx2/parameters.h index 14768d8d..0f5b2880 100644 --- a/crypto_kem/hqc-128/avx2/parameters.h +++ b/crypto_kem/hqc-128/avx2/parameters.h @@ -47,6 +47,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the BCH code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the BCH code #define PARAM_G Define the size of the generator polynomial of BCH code @@ -96,6 +98,8 @@ #define PARAM_DELTA 57 #define PARAM_M 10 #define PARAM_GF_POLY 0x409 +#define PARAM_GF_POLY_WT 3 +#define PARAM_GF_POLY_M2 7 #define PARAM_GF_MUL_ORDER 1023 #define PARAM_K 256 #define PARAM_G 511 diff --git a/crypto_kem/hqc-128/avx2/parsing.c b/crypto_kem/hqc-128/avx2/parsing.c index 2c6d653f..7e577509 100644 --- a/crypto_kem/hqc-128/avx2/parsing.c +++ b/crypto_kem/hqc-128/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQC128_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQC128_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQC128_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQC128_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQC128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQC128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui */ void PQCLEAN_HQC128_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQC128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQC128_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQC128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co * @param[in] d String containing the hash d */ void PQCLEAN_HQC128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC128_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQC128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQC128_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-128/avx2/parsing.h b/crypto_kem/hqc-128/avx2/parsing.h index 4cb0f0a4..cfdb6b5d 100644 --- a/crypto_kem/hqc-128/avx2/parsing.h +++ b/crypto_kem/hqc-128/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQC128_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQC128_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQC128_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQC128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQC128_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQC128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-128/avx2/vector.c b/crypto_kem/hqc-128/avx2/vector.c index 0a100b7a..3f7b1717 100644 --- a/crypto_kem/hqc-128/avx2/vector.c +++ b/crypto_kem/hqc-128/avx2/vector.c @@ -1,5 +1,6 @@ #include "nistseedexpander.h" #include "parameters.h" +#include "parsing.h" #include "randombytes.h" #include "vector.h" #include @@ -115,7 +116,7 @@ void PQCLEAN_HQC128_AVX2_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) { seedexpander(ctx, rand_bytes, VEC_N_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_N_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_load8_arr(v, VEC_N_SIZE_64, rand_bytes, VEC_N1N2_SIZE_BYTES); v[VEC_N_SIZE_64 - 1] &= RED_MASK; } @@ -132,7 +133,7 @@ void PQCLEAN_HQC128_AVX2_vect_set_random_from_randombytes(uint64_t *v) { uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0}; randombytes(rand_bytes, VEC_K_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_K_SIZE_BYTES); + PQCLEAN_HQC128_AVX2_load8_arr(v, VEC_K_SIZE_64, rand_bytes, VEC_K_SIZE_BYTES); } diff --git a/crypto_kem/hqc-192/avx2/kem.c b/crypto_kem/hqc-192/avx2/kem.c index 28284080..51d05ff8 100644 --- a/crypto_kem/hqc-192/avx2/kem.c +++ b/crypto_kem/hqc-192/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQC192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-192/avx2/parameters.h b/crypto_kem/hqc-192/avx2/parameters.h index 99643ff6..5be2a170 100644 --- a/crypto_kem/hqc-192/avx2/parameters.h +++ b/crypto_kem/hqc-192/avx2/parameters.h @@ -47,6 +47,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the BCH code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the BCH code #define PARAM_G Define the size of the generator polynomial of BCH code @@ -96,6 +98,8 @@ #define PARAM_DELTA 57 #define PARAM_M 10 #define PARAM_GF_POLY 0x409 +#define PARAM_GF_POLY_WT 3 +#define PARAM_GF_POLY_M2 7 #define PARAM_GF_MUL_ORDER 1023 #define PARAM_K 256 #define PARAM_G 511 diff --git a/crypto_kem/hqc-192/avx2/parsing.c b/crypto_kem/hqc-192/avx2/parsing.c index 15d3c22b..ea33d12c 100644 --- a/crypto_kem/hqc-192/avx2/parsing.c +++ b/crypto_kem/hqc-192/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQC192_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQC192_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQC192_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQC192_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQC192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQC192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui */ void PQCLEAN_HQC192_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQC192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQC192_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQC192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co * @param[in] d String containing the hash d */ void PQCLEAN_HQC192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC192_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQC192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQC192_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQC192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-192/avx2/parsing.h b/crypto_kem/hqc-192/avx2/parsing.h index 9a336102..5e969e46 100644 --- a/crypto_kem/hqc-192/avx2/parsing.h +++ b/crypto_kem/hqc-192/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQC192_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQC192_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQC192_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQC192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQC192_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQC192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-256/avx2/kem.c b/crypto_kem/hqc-256/avx2/kem.c index 85b85276..4a4d8e2b 100644 --- a/crypto_kem/hqc-256/avx2/kem.c +++ b/crypto_kem/hqc-256/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, con // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQC256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned char *c // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-256/avx2/parameters.h b/crypto_kem/hqc-256/avx2/parameters.h index 5ec18b53..96c3cf73 100644 --- a/crypto_kem/hqc-256/avx2/parameters.h +++ b/crypto_kem/hqc-256/avx2/parameters.h @@ -47,6 +47,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the BCH code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the BCH code #define PARAM_G Define the size of the generator polynomial of BCH code @@ -96,6 +98,8 @@ #define PARAM_DELTA 60 #define PARAM_M 10 #define PARAM_GF_POLY 0x409 +#define PARAM_GF_POLY_WT 3 +#define PARAM_GF_POLY_M2 7 #define PARAM_GF_MUL_ORDER 1023 #define PARAM_K 256 #define PARAM_G 541 diff --git a/crypto_kem/hqc-256/avx2/parsing.c b/crypto_kem/hqc-256/avx2/parsing.c index 0ecd1562..500e0757 100644 --- a/crypto_kem/hqc-256/avx2/parsing.c +++ b/crypto_kem/hqc-256/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQC256_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQC256_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQC256_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQC256_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQC256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQC256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui */ void PQCLEAN_HQC256_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQC256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQC256_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQC256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co * @param[in] d String containing the hash d */ void PQCLEAN_HQC256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQC256_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQC256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQC256_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQC256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-256/avx2/parsing.h b/crypto_kem/hqc-256/avx2/parsing.h index 87a88e96..ab84964b 100644 --- a/crypto_kem/hqc-256/avx2/parsing.h +++ b/crypto_kem/hqc-256/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQC256_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQC256_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQC256_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQC256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQC256_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQC256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-rmrs-128/avx2/kem.c b/crypto_kem/hqc-rmrs-128/avx2/kem.c index cb64bad6..0861a341 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-128/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQCRMRS128_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-rmrs-128/avx2/parameters.h b/crypto_kem/hqc-rmrs-128/avx2/parameters.h index 31380e1a..63f549fc 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/parameters.h +++ b/crypto_kem/hqc-rmrs-128/avx2/parameters.h @@ -46,6 +46,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the Reed-Solomon code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the Reed-Solomon code #define PARAM_G Define the size of the generator polynomial of Reed-Solomon code @@ -93,6 +95,8 @@ #define PARAM_DELTA 24 #define PARAM_M 8 #define PARAM_GF_POLY 0x11D +#define PARAM_GF_POLY_WT 5 +#define PARAM_GF_POLY_M2 4 #define PARAM_GF_MUL_ORDER 255 #define PARAM_K 32 #define PARAM_G 49 diff --git a/crypto_kem/hqc-rmrs-128/avx2/parsing.c b/crypto_kem/hqc-rmrs-128/avx2/parsing.c index 6ac71097..01f86a61 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/parsing.c +++ b/crypto_kem/hqc-rmrs-128/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQCRMRS128_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQCRMRS128_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQCRMRS128_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQCRMRS128_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQCRMRS128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y */ void PQCLEAN_HQCRMRS128_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQCRMRS128_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s * @param[in] d String containing the hash d */ void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS128_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_ * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-rmrs-128/avx2/parsing.h b/crypto_kem/hqc-rmrs-128/avx2/parsing.h index 9a6ce620..c958bee8 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/parsing.h +++ b/crypto_kem/hqc-rmrs-128/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQCRMRS128_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQCRMRS128_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQCRMRS128_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQCRMRS128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQCRMRS128_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQCRMRS128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-rmrs-128/avx2/vector.c b/crypto_kem/hqc-rmrs-128/avx2/vector.c index 86a97259..d1043deb 100644 --- a/crypto_kem/hqc-rmrs-128/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-128/avx2/vector.c @@ -1,5 +1,6 @@ #include "nistseedexpander.h" #include "parameters.h" +#include "parsing.h" #include "randombytes.h" #include "vector.h" #include @@ -115,7 +116,7 @@ void PQCLEAN_HQCRMRS128_AVX2_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) { seedexpander(ctx, rand_bytes, VEC_N_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_load8_arr(v, VEC_N_SIZE_64, rand_bytes, VEC_N1N2_SIZE_BYTES); v[VEC_N_SIZE_64 - 1] &= RED_MASK; } @@ -132,7 +133,7 @@ void PQCLEAN_HQCRMRS128_AVX2_vect_set_random_from_randombytes(uint64_t *v) { uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0}; randombytes(rand_bytes, VEC_K_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_K_SIZE_BYTES); + PQCLEAN_HQCRMRS128_AVX2_load8_arr(v, VEC_K_SIZE_64, rand_bytes, VEC_K_SIZE_BYTES); } diff --git a/crypto_kem/hqc-rmrs-192/avx2/kem.c b/crypto_kem/hqc-rmrs-192/avx2/kem.c index d9b9425b..0e14a7c8 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-192/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQCRMRS192_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-rmrs-192/avx2/parameters.h b/crypto_kem/hqc-rmrs-192/avx2/parameters.h index 7c55d7fd..39d98b22 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/parameters.h +++ b/crypto_kem/hqc-rmrs-192/avx2/parameters.h @@ -46,6 +46,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the Reed-Solomon code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the Reed-Solomon code #define PARAM_G Define the size of the generator polynomial of Reed-Solomon code @@ -93,6 +95,8 @@ #define PARAM_DELTA 22 #define PARAM_M 8 #define PARAM_GF_POLY 0x11D +#define PARAM_GF_POLY_WT 5 +#define PARAM_GF_POLY_M2 4 #define PARAM_GF_MUL_ORDER 255 #define PARAM_K 32 #define PARAM_G 45 diff --git a/crypto_kem/hqc-rmrs-192/avx2/parsing.c b/crypto_kem/hqc-rmrs-192/avx2/parsing.c index 96451cef..496b5eff 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/parsing.c +++ b/crypto_kem/hqc-rmrs-192/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQCRMRS192_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQCRMRS192_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQCRMRS192_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQCRMRS192_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQCRMRS192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y */ void PQCLEAN_HQCRMRS192_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQCRMRS192_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s * @param[in] d String containing the hash d */ void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS192_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_ * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-rmrs-192/avx2/parsing.h b/crypto_kem/hqc-rmrs-192/avx2/parsing.h index 6c13d6fb..058ddf74 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/parsing.h +++ b/crypto_kem/hqc-rmrs-192/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQCRMRS192_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQCRMRS192_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQCRMRS192_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQCRMRS192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQCRMRS192_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQCRMRS192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-rmrs-192/avx2/vector.c b/crypto_kem/hqc-rmrs-192/avx2/vector.c index 754c6503..8c01ed7c 100644 --- a/crypto_kem/hqc-rmrs-192/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-192/avx2/vector.c @@ -1,5 +1,6 @@ #include "nistseedexpander.h" #include "parameters.h" +#include "parsing.h" #include "randombytes.h" #include "vector.h" #include @@ -115,7 +116,7 @@ void PQCLEAN_HQCRMRS192_AVX2_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) { seedexpander(ctx, rand_bytes, VEC_N_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_load8_arr(v, VEC_N_SIZE_64, rand_bytes, VEC_N1N2_SIZE_BYTES); v[VEC_N_SIZE_64 - 1] &= RED_MASK; } @@ -132,7 +133,7 @@ void PQCLEAN_HQCRMRS192_AVX2_vect_set_random_from_randombytes(uint64_t *v) { uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0}; randombytes(rand_bytes, VEC_K_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_K_SIZE_BYTES); + PQCLEAN_HQCRMRS192_AVX2_load8_arr(v, VEC_K_SIZE_64, rand_bytes, VEC_K_SIZE_BYTES); } diff --git a/crypto_kem/hqc-rmrs-256/avx2/kem.c b/crypto_kem/hqc-rmrs-256/avx2/kem.c index bc795aba..a9960e9b 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/kem.c +++ b/crypto_kem/hqc-rmrs-256/avx2/kem.c @@ -67,8 +67,8 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_enc(unsigned char *ct, unsigned char *ss, // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Computing ciphertext @@ -122,8 +122,8 @@ int PQCLEAN_HQCRMRS256_AVX2_crypto_kem_dec(unsigned char *ss, const unsigned cha // Computing shared secret memcpy(mc, m, VEC_K_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES, u, VEC_N_SIZE_BYTES); - memcpy(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64); sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES); // Abort if c != c' or d != d' diff --git a/crypto_kem/hqc-rmrs-256/avx2/parameters.h b/crypto_kem/hqc-rmrs-256/avx2/parameters.h index 3ff20c34..0b5438f6 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/parameters.h +++ b/crypto_kem/hqc-rmrs-256/avx2/parameters.h @@ -46,6 +46,8 @@ #define PARAM_DELTA Define the parameter delta of the scheme (correcting capacity of the Reed-Solomon code) #define PARAM_M Define a positive integer #define PARAM_GF_POLY Generator polynomial of galois field GF(2^PARAM_M), represented in hexadecimial form + #define PARAM_GF_POLY_WT Hamming weight of PARAM_GF_POLY + #define PARAM_GF_POLY_M2 Distance between the primitive polynomial first two set bits #define PARAM_GF_MUL_ORDER Define the size of the multiplicative group of GF(2^PARAM_M), i.e 2^PARAM_M -1 #define PARAM_K Define the size of the information bits of the Reed-Solomon code #define PARAM_G Define the size of the generator polynomial of Reed-Solomon code @@ -93,6 +95,8 @@ #define PARAM_DELTA 23 #define PARAM_M 8 #define PARAM_GF_POLY 0x11D +#define PARAM_GF_POLY_WT 5 +#define PARAM_GF_POLY_M2 4 #define PARAM_GF_MUL_ORDER 255 #define PARAM_K 32 #define PARAM_G 47 diff --git a/crypto_kem/hqc-rmrs-256/avx2/parsing.c b/crypto_kem/hqc-rmrs-256/avx2/parsing.c index e5eca6ac..42fb6a44 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/parsing.c +++ b/crypto_kem/hqc-rmrs-256/avx2/parsing.c @@ -11,6 +11,64 @@ */ +void PQCLEAN_HQCRMRS256_AVX2_store8(unsigned char *out, uint64_t in) { + out[0] = (in >> 0x00) & 0xFF; + out[1] = (in >> 0x08) & 0xFF; + out[2] = (in >> 0x10) & 0xFF; + out[3] = (in >> 0x18) & 0xFF; + out[4] = (in >> 0x20) & 0xFF; + out[5] = (in >> 0x28) & 0xFF; + out[6] = (in >> 0x30) & 0xFF; + out[7] = (in >> 0x38) & 0xFF; +} + + +uint64_t PQCLEAN_HQCRMRS256_AVX2_load8(const unsigned char *in) { + uint64_t ret = in[7]; + + for (int8_t i = 6; i >= 0; i--) { + ret <<= 8; + ret |= in[i]; + } + + return ret; +} + +void PQCLEAN_HQCRMRS256_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen) { + size_t index_in = 0; + size_t index_out = 0; + + // first copy by 8 bytes + if (inlen >= 8 && outlen >= 1) { + while (index_out < outlen && index_in + 8 <= inlen) { + out64[index_out] = PQCLEAN_HQCRMRS256_AVX2_load8(in8 + index_in); + + index_in += 8; + index_out += 1; + } + } + + // we now need to do the last 7 bytes if necessary + if (index_in >= inlen || index_out >= outlen) { + return; + } + out64[index_out] = in8[inlen - 1]; + for (int8_t i = (int8_t)(inlen - index_in) - 2; i >= 0; i--) { + out64[index_out] <<= 8; + out64[index_out] |= in8[index_in + i]; + } +} + +void PQCLEAN_HQCRMRS256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen) { + for (size_t index_out = 0, index_in = 0; index_out < outlen && index_in < inlen;) { + out8[index_out] = (in64[index_in] >> ((index_out % 8) * 8)) & 0xFF; + index_out++; + if (index_out % 8 == 0) { + index_in++; + } + } +} + /** * @brief Parse a secret key into a string @@ -61,7 +119,7 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y */ void PQCLEAN_HQCRMRS256_AVX2_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) { memcpy(pk, pk_seed, SEED_BYTES); - memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64); } @@ -83,7 +141,7 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH); PQCLEAN_HQCRMRS256_AVX2_vect_set_random(&pk_seedexpander, h); - memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES); } @@ -98,8 +156,8 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s * @param[in] d String containing the hash d */ void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) { - memcpy(ct, u, VEC_N_SIZE_BYTES); - memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64); + PQCLEAN_HQCRMRS256_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64); memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES); } @@ -115,7 +173,7 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_ * @param[in] ct String containing the ciphertext */ void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) { - memcpy(u, ct, VEC_N_SIZE_BYTES); - memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES); memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES); } diff --git a/crypto_kem/hqc-rmrs-256/avx2/parsing.h b/crypto_kem/hqc-rmrs-256/avx2/parsing.h index 15bf5a64..938c2d9c 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/parsing.h +++ b/crypto_kem/hqc-rmrs-256/avx2/parsing.h @@ -11,6 +11,15 @@ #include +void PQCLEAN_HQCRMRS256_AVX2_store8(unsigned char *out, uint64_t in); + +uint64_t PQCLEAN_HQCRMRS256_AVX2_load8(const unsigned char *in); + +void PQCLEAN_HQCRMRS256_AVX2_load8_arr(uint64_t *out64, size_t outlen, const uint8_t *in8, size_t inlen); + +void PQCLEAN_HQCRMRS256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t *in64, size_t inlen); + + void PQCLEAN_HQCRMRS256_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk); void PQCLEAN_HQCRMRS256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, uint8_t *pk, const uint8_t *sk); diff --git a/crypto_kem/hqc-rmrs-256/avx2/vector.c b/crypto_kem/hqc-rmrs-256/avx2/vector.c index c2fc9f9d..2c04979c 100644 --- a/crypto_kem/hqc-rmrs-256/avx2/vector.c +++ b/crypto_kem/hqc-rmrs-256/avx2/vector.c @@ -1,5 +1,6 @@ #include "nistseedexpander.h" #include "parameters.h" +#include "parsing.h" #include "randombytes.h" #include "vector.h" #include @@ -115,7 +116,7 @@ void PQCLEAN_HQCRMRS256_AVX2_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) { seedexpander(ctx, rand_bytes, VEC_N_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_N_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_load8_arr(v, VEC_N_SIZE_64, rand_bytes, VEC_N1N2_SIZE_BYTES); v[VEC_N_SIZE_64 - 1] &= RED_MASK; } @@ -132,7 +133,7 @@ void PQCLEAN_HQCRMRS256_AVX2_vect_set_random_from_randombytes(uint64_t *v) { uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0}; randombytes(rand_bytes, VEC_K_SIZE_BYTES); - memcpy(v, rand_bytes, VEC_K_SIZE_BYTES); + PQCLEAN_HQCRMRS256_AVX2_load8_arr(v, VEC_K_SIZE_64, rand_bytes, VEC_K_SIZE_BYTES); } diff --git a/test/duplicate_consistency/hqc-128_avx2.yml b/test/duplicate_consistency/hqc-128_avx2.yml index 00012332..7a83a7c6 100644 --- a/test/duplicate_consistency/hqc-128_avx2.yml +++ b/test/duplicate_consistency/hqc-128_avx2.yml @@ -5,14 +5,12 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-192 implementation: clean files: - code.h - - gf.h - hqc.h - source: scheme: hqc-192 @@ -36,13 +34,11 @@ consistency_checks: - kem.c - parsing.c - repetition.c - - vector.c - source: scheme: hqc-256 implementation: clean files: - code.h - - gf.h - hqc.h - source: scheme: hqc-256 @@ -63,7 +59,6 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c - source: scheme: hqc-rmrs-128 implementation: clean diff --git a/test/duplicate_consistency/hqc-128_clean.yml b/test/duplicate_consistency/hqc-128_clean.yml index 6abc98d3..b5aada62 100644 --- a/test/duplicate_consistency/hqc-128_clean.yml +++ b/test/duplicate_consistency/hqc-128_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-192 @@ -34,7 +33,6 @@ consistency_checks: implementation: avx2 files: - code.h - - gf.h - hqc.h - source: scheme: hqc-256 @@ -63,7 +61,6 @@ consistency_checks: implementation: avx2 files: - code.h - - gf.h - hqc.h - source: scheme: hqc-rmrs-128 diff --git a/test/duplicate_consistency/hqc-192_avx2.yml b/test/duplicate_consistency/hqc-192_avx2.yml index 8b8681e7..4f8d0c23 100644 --- a/test/duplicate_consistency/hqc-192_avx2.yml +++ b/test/duplicate_consistency/hqc-192_avx2.yml @@ -5,14 +5,12 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-256 implementation: clean files: - code.h - - gf.h - hqc.h - source: scheme: hqc-256 @@ -52,7 +50,6 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c - source: scheme: hqc-rmrs-192 implementation: clean @@ -72,7 +69,6 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c - source: scheme: hqc-rmrs-256 implementation: clean @@ -91,4 +87,3 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c diff --git a/test/duplicate_consistency/hqc-192_clean.yml b/test/duplicate_consistency/hqc-192_clean.yml index 945bef3b..f6f68861 100644 --- a/test/duplicate_consistency/hqc-192_clean.yml +++ b/test/duplicate_consistency/hqc-192_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-256 @@ -34,7 +33,6 @@ consistency_checks: implementation: avx2 files: - code.h - - gf.h - hqc.h - source: scheme: hqc-rmrs-128 diff --git a/test/duplicate_consistency/hqc-256_avx2.yml b/test/duplicate_consistency/hqc-256_avx2.yml index 78de7336..1064d264 100644 --- a/test/duplicate_consistency/hqc-256_avx2.yml +++ b/test/duplicate_consistency/hqc-256_avx2.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-rmrs-128 @@ -25,7 +24,6 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c - source: scheme: hqc-rmrs-192 implementation: clean @@ -44,7 +42,6 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c - source: scheme: hqc-rmrs-256 implementation: clean @@ -64,4 +61,3 @@ consistency_checks: - hqc.c - kem.c - parsing.c - - vector.c diff --git a/test/duplicate_consistency/hqc-256_clean.yml b/test/duplicate_consistency/hqc-256_clean.yml index 68f688b8..31097533 100644 --- a/test/duplicate_consistency/hqc-256_clean.yml +++ b/test/duplicate_consistency/hqc-256_clean.yml @@ -5,7 +5,6 @@ consistency_checks: files: - api.h - code.h - - gf.h - hqc.h - source: scheme: hqc-rmrs-128 diff --git a/test/duplicate_consistency/hqc-rmrs-128_avx2.yml b/test/duplicate_consistency/hqc-rmrs-128_avx2.yml index 32258a03..a16db890 100644 --- a/test/duplicate_consistency/hqc-rmrs-128_avx2.yml +++ b/test/duplicate_consistency/hqc-rmrs-128_avx2.yml @@ -11,6 +11,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-192 implementation: clean @@ -22,6 +23,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-192 implementation: avx2 @@ -54,6 +56,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-256 implementation: avx2 diff --git a/test/duplicate_consistency/hqc-rmrs-128_clean.yml b/test/duplicate_consistency/hqc-rmrs-128_clean.yml index 68beced3..4bed9a73 100644 --- a/test/duplicate_consistency/hqc-rmrs-128_clean.yml +++ b/test/duplicate_consistency/hqc-rmrs-128_clean.yml @@ -11,6 +11,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-192 implementation: clean @@ -44,6 +45,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-256 implementation: clean @@ -77,3 +79,4 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c diff --git a/test/duplicate_consistency/hqc-rmrs-192_avx2.yml b/test/duplicate_consistency/hqc-rmrs-192_avx2.yml index 468c4448..ab92b812 100644 --- a/test/duplicate_consistency/hqc-rmrs-192_avx2.yml +++ b/test/duplicate_consistency/hqc-rmrs-192_avx2.yml @@ -11,6 +11,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-256 implementation: clean @@ -22,6 +23,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-256 implementation: avx2 diff --git a/test/duplicate_consistency/hqc-rmrs-192_clean.yml b/test/duplicate_consistency/hqc-rmrs-192_clean.yml index 58649dff..db7a8c32 100644 --- a/test/duplicate_consistency/hqc-rmrs-192_clean.yml +++ b/test/duplicate_consistency/hqc-rmrs-192_clean.yml @@ -11,6 +11,7 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c - source: scheme: hqc-rmrs-256 implementation: clean @@ -44,3 +45,4 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c diff --git a/test/duplicate_consistency/hqc-rmrs-256_avx2.yml b/test/duplicate_consistency/hqc-rmrs-256_avx2.yml index c70728ab..755728eb 100644 --- a/test/duplicate_consistency/hqc-rmrs-256_avx2.yml +++ b/test/duplicate_consistency/hqc-rmrs-256_avx2.yml @@ -11,3 +11,4 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c diff --git a/test/duplicate_consistency/hqc-rmrs-256_clean.yml b/test/duplicate_consistency/hqc-rmrs-256_clean.yml index 98ffa2ad..895ecd4b 100644 --- a/test/duplicate_consistency/hqc-rmrs-256_clean.yml +++ b/test/duplicate_consistency/hqc-rmrs-256_clean.yml @@ -11,3 +11,4 @@ consistency_checks: - reed_muller.h - reed_solomon.h - code.c + - fft.c