Skip to content

Commit

Permalink
pull update from upstream
Browse files Browse the repository at this point in the history
Signed-off-by: Basil Hess <[email protected]>
  • Loading branch information
bhess committed Aug 26, 2024
1 parent 062e793 commit 78585b1
Show file tree
Hide file tree
Showing 22 changed files with 81 additions and 36 deletions.
2 changes: 1 addition & 1 deletion docs/algorithms/kem/ml_kem.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
- **Specification version**: ML-KEM.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/kyber/commit/3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4 with copy_from_upstream patches
- **Source**: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0


Expand Down
2 changes: 1 addition & 1 deletion docs/algorithms/kem/ml_kem.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
nist-round: FIPS203
spec-version: ML-KEM
primary-upstream:
source: https://github.com/pq-crystals/kyber/commit/3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4
source: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
parameter-sets:
Expand Down
16 changes: 8 additions & 8 deletions docs/cbom.json
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
{
"bomFormat": "CBOM",
"specVersion": "1.4-cbom-1.0",
"serialNumber": "urn:uuid:58a975ac-ea6b-4ce9-a5ae-80d35105db30",
"serialNumber": "urn:uuid:b953d460-1246-4cbb-aff9-642a0308d18b",
"version": 1,
"metadata": {
"timestamp": "2024-04-09T21:46:17.101849",
"timestamp": "2024-08-26T18:04:44.668645",
"component": {
"type": "library",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"name": "liboqs",
"version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872"
"version": "062e793edf54cbc1073b54d0689795063fd41910"
}
},
"components": [
{
"type": "library",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@2fd65d9ec99a2608149713e5fcaeb9b6402e5872",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"name": "liboqs",
"version": "2fd65d9ec99a2608149713e5fcaeb9b6402e5872"
"version": "062e793edf54cbc1073b54d0689795063fd41910"
},
{
"type": "crypto-asset",
Expand Down Expand Up @@ -2408,7 +2408,7 @@
],
"dependencies": [
{
"ref": "pkg:github/open-quantum-safe/liboqs@ca5d956097e10672aaa9bb7994057bcc58291b65",
"ref": "pkg:github/open-quantum-safe/liboqs@062e793edf54cbc1073b54d0689795063fd41910",
"dependsOn": [
"alg:BIKE-L1:x86_64",
"alg:BIKE-L3:x86_64",
Expand Down Expand Up @@ -3284,4 +3284,4 @@
"dependencyType": "uses"
}
]
}
}
4 changes: 2 additions & 2 deletions scripts/copy_from_upstream/copy_from_upstream.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ upstreams:
-
name: pqcrystals-kyber-standard
git_url: https://github.com/pq-crystals/kyber.git
git_branch: standard
git_commit: 3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4
git_branch: main
git_commit: 10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd
kem_meta_path: '{pretty_name_full}_META.yml'
kem_scheme_path: '.'
patches: [pqcrystals-ml_kem.patch]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_avx2/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,16 @@ void cmov(uint8_t * restrict r, const uint8_t *x, size_t len, uint8_t b)
size_t i;
__m256i xvec, rvec, bvec;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

bvec = _mm256_set1_epi64x(-(uint64_t)b);
for(i=0;i<len/32;i++) {
rvec = _mm256_loadu_si256((__m256i *)&r[32*i]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const poly *a)
{
unsigned int i,j;
int32_t u;
int16_t u;
uint32_t d0;
uint8_t t[8];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a)
d0 *= 645084;
d0 >>= 31;
t[k] = d0 & 0x7ff;

}

r[ 0] = (t[0] >> 0);
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-1024_ref/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

b = -b;
for(i=0;i<len;i++)
r[i] ^= b & (r[i] ^ x[i]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_avx2/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,16 @@ void cmov(uint8_t * restrict r, const uint8_t *x, size_t len, uint8_t b)
size_t i;
__m256i xvec, rvec, bvec;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

bvec = _mm256_set1_epi64x(-(uint64_t)b);
for(i=0;i<len/32;i++) {
rvec = _mm256_loadu_si256((__m256i *)&r[32*i]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const poly *a)
{
unsigned int i,j;
int32_t u;
int16_t u;
uint32_t d0;
uint8_t t[8];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a)
d0 *= 645084;
d0 >>= 31;
t[k] = d0 & 0x7ff;

}

r[ 0] = (t[0] >> 0);
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-512_ref/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

b = -b;
for(i=0;i<len;i++)
r[i] ^= b & (r[i] ^ x[i]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_avx2/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,16 @@ void cmov(uint8_t * restrict r, const uint8_t *x, size_t len, uint8_t b)
size_t i;
__m256i xvec, rvec, bvec;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

bvec = _mm256_set1_epi64x(-(uint64_t)b);
for(i=0;i<len/32;i++) {
rvec = _mm256_loadu_si256((__m256i *)&r[32*i]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,14 @@ int crypto_kem_enc_derand(uint8_t *ct,
const uint8_t *pk,
const uint8_t *coins)
{
uint8_t buf[2*KYBER_SYMBYTES+1];
uint8_t buf[2*KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2*KYBER_SYMBYTES];

memcpy(buf, coins, KYBER_SYMBYTES);

/* Multitarget countermeasure for coins + contributory KEM */
hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Add byte separating Kyber parameter sets */
buf[2*KYBER_SYMBYTES] = KYBER_K;
hash_g(kr, buf, 2*KYBER_SYMBYTES);

/* coins are in kr+KYBER_SYMBYTES */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const poly *a)
{
unsigned int i,j;
int32_t u;
int16_t u;
uint32_t d0;
uint8_t t[8];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], const polyvec *a)
d0 *= 645084;
d0 >>= 31;
t[k] = d0 & 0x7ff;

}

r[ 0] = (t[0] >> 0);
Expand Down
10 changes: 10 additions & 0 deletions src/kem/ml_kem/pqcrystals-kyber-standard_ml-kem-768_ref/verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b)
{
size_t i;

#if defined(__GNUC__) || defined(__clang__)
// Prevent the compiler from
// 1) inferring that b is 0/1-valued, and
// 2) handling the two cases with a branch.
// This is not necessary when verify.c and kem.c are separate translation
// units, but we expect that downstream consumers will copy this code and/or
// change how it is built.
__asm__("" : "+r"(b) : /* no inputs */);
#endif

b = -b;
for(i=0;i<len;i++)
r[i] ^= b & (r[i] ^ x[i]);
Expand Down

0 comments on commit 78585b1

Please sign in to comment.