Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: randombit/botan
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: fa74b71bc8415d2202b4e4802ee849829b7da1d4
Choose a base ref
..
head repository: randombit/botan
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1ae5b96e15ae659941cd0f8dae22b91f1b377c92
Choose a head ref
4 changes: 2 additions & 2 deletions src/cli/speed.cpp
Original file line number Diff line number Diff line change
@@ -128,7 +128,7 @@
#include <botan/sphincsplus.h>
#endif

#if defined(BOTAN_HAS_FRODOKEM_AES) || defined(BOTAN_HAS_FRODOKEM_SHAKE)
#if defined(BOTAN_HAS_FRODOKEM)
#include <botan/frodokem.h>
#endif

@@ -2047,7 +2047,7 @@ class Speed final : public Command {
}
#endif

#if defined(BOTAN_HAS_FRODOKEM_AES) || defined(BOTAN_HAS_FRODOKEM_SHAKE)
#if defined(BOTAN_HAS_FRODOKEM)
void bench_frodokem(const std::string& provider, std::chrono::milliseconds msec) {
std::vector<Botan::FrodoKEMMode> frodo_modes{
Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
Original file line number Diff line number Diff line change
@@ -17,6 +17,10 @@
namespace Botan {

FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode) {
#if !defined(BOTAN_HAS_AES)
BOTAN_ARG_CHECK(!mode.is_aes(), "cannot instantiate AES-based FrodoKEM: This build does not support AES");
#endif

//Common for all parameter sets:
m_n_bar = 8;
m_len_a = 128;
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -14,21 +14,17 @@
#include <botan/frodokem.h>
#include <botan/hex.h>
#include <botan/mem_ops.h>
#if defined(BOTAN_HAS_AES)
#include <botan/internal/aes.h>
#endif
#include <botan/internal/bit_ops.h>
#include <botan/internal/ct_utils.h>
#include <botan/internal/frodo_constants.h>
#include <botan/internal/frodo_matrix.h>
#include <botan/internal/loadstor.h>
#include <botan/internal/shake_xof.h>
#include <botan/internal/stl_util.h>

#if defined(BOTAN_HAS_FRODOKEM_AES)
#include <botan/internal/frodo_expansion_aes.h>
#endif

#if defined(BOTAN_HAS_FRODOKEM_SHAKE)
#include <botan/internal/frodo_expansion_shake.h>
#endif

#include <array>
#include <cmath>
#include <cstdint>
@@ -46,19 +42,52 @@ std::vector<uint16_t> make_elements_vector(const FrodoMatrix::Dimensions& dimens
return std::vector<uint16_t>(static_cast<size_t>(std::get<0>(dimensions)) * std::get<1>(dimensions));
}

FrodoRowGenerator make_row_generator(const FrodoKEMConstants& constants, StrongSpan<const FrodoSeedA> seed_a) {
#if defined(BOTAN_HAS_FRODOKEM_AES)
std::function<void(std::span<uint8_t> out, uint16_t i)> make_row_generator(const FrodoKEMConstants& constants,
StrongSpan<const FrodoSeedA> seed_a) {
#if defined(BOTAN_HAS_AES)
if(constants.mode().is_aes()) {
return frodo_aes_row_generator(constants, seed_a);
// precondition the block cipher for "seed a" to avoid
// regenerating the AES' key schedule for each matrix row
AES_128 aes;
aes.set_key(seed_a);

return [n = constants.n(), aes](std::span<uint8_t> out, uint16_t i) mutable {
BufferStuffer out_bs(out);

for(size_t j = 0; j < n; j += 8) {
// set up the to-be-encrypted 'b' value in the out variable
// for in-place encryption of the block cipher
auto out_coefs = out_bs.next(aes.block_size());

// b = i || j || 0000...
store_le(static_cast<uint16_t>(i), out_coefs.data());
store_le(static_cast<uint16_t>(j), out_coefs.data() + sizeof(uint16_t));
for(size_t ii = 4; ii < out_coefs.size(); ++ii) {
out_coefs[ii] = 0;
}

aes.encrypt(out_coefs);
}
};
}
#endif

#if defined(BOTAN_HAS_FRODOKEM_SHAKE)
if(constants.mode().is_shake()) {
return frodo_shake_row_generator(constants, seed_a);
SHAKE_128_XOF xof;
return [xof, a = FrodoSeedA(seed_a)](std::span<uint8_t> out, uint16_t i) mutable {
xof.clear();
// TODO: update that once #3707 is merged
// potentially add a new method: std::array<uint8_t, XX> as_le(uintXX_t)
std::array<uint8_t, 2> le;
store_le(i, le.data());
xof.update(le);
xof.update(a);
xof.output(out);
};
}
#endif

// If we don't have AES in this build, the instantiation of the FrodoKEM instance
// is blocked upstream already. Hence, assert is save here.
BOTAN_ASSERT_UNREACHABLE();
}

@@ -129,10 +158,10 @@ FrodoMatrix FrodoMatrix::mul_add_as_plus_e(const FrodoKEMConstants& constants,
auto a_row = BufferStuffer(a_row_data_bytes);

// Do 4 invocations to fill 4 rows
row_generator.get()(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 0));
row_generator.get()(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 1));
row_generator.get()(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 2));
row_generator.get()(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 3));
row_generator(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 0));
row_generator(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 1));
row_generator(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 2));
row_generator(a_row.next(constants.n() * sizeof(uint16_t)), static_cast<uint16_t>(i + 3));

// Use generated bytes to fill 16-bit data
load_le<uint16_t>(a_row_data.data(), a_row_data_bytes.data(), 4 * constants.n());
@@ -194,14 +223,14 @@ FrodoMatrix FrodoMatrix::mul_add_sa_plus_e(const FrodoKEMConstants& constants,
auto a_row = BufferStuffer(a_row_data_bytes);

// Do 8 invocations to fill 8 rows
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 0));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 1));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 2));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 3));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 4));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 5));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 6));
row_generator.get()(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 7));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 0));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 1));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 2));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 3));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 4));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 5));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 6));
row_generator(a_row.next(sizeof(uint16_t) * constants.n()), static_cast<uint16_t>(i + 7));

// Use generated bytes to fill 16-bit data
load_le<uint16_t>(a_row_data.data(), a_row_data_bytes.data(), 8 * constants.n());
File renamed without changes.
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -15,7 +15,6 @@
#include <botan/strong_type.h>

#include <array>
#include <functional>
#include <vector>

namespace Botan {
@@ -40,8 +39,6 @@ using FrodoSalt = Strong<std::vector<uint8_t>, struct FrodoSalt_>;
// TODO: Find a better name for this
using FrodoK = Strong<secure_vector<uint8_t>, struct FrodoK_>;

using FrodoRowGenerator = Strong<std::function<void(std::span<uint8_t>, uint16_t)>, struct FrodoRowGenerator_>;

} // namespace Botan

#endif
File renamed without changes.
File renamed without changes.
51 changes: 0 additions & 51 deletions src/lib/pubkey/frodokem/frodokem_aes/frodo_expansion_aes.cpp

This file was deleted.

28 changes: 0 additions & 28 deletions src/lib/pubkey/frodokem/frodokem_aes/frodo_expansion_aes.h

This file was deleted.

18 changes: 0 additions & 18 deletions src/lib/pubkey/frodokem/frodokem_aes/info.txt

This file was deleted.

37 changes: 0 additions & 37 deletions src/lib/pubkey/frodokem/frodokem_shake/frodo_expansion_shake.cpp

This file was deleted.

29 changes: 0 additions & 29 deletions src/lib/pubkey/frodokem/frodokem_shake/frodo_expansion_shake.h

This file was deleted.

17 changes: 0 additions & 17 deletions src/lib/pubkey/frodokem/frodokem_shake/info.txt

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
<defines>
FRODOKEM_COMMON -> 20230801
FRODOKEM -> 20230801
</defines>

<module_info>
name -> "FrodoKEM (common)"
brief -> "Base implementation of FrodoKEM"
type -> "Internal"
name -> "FrodoKEM"
</module_info>

<requires>
shake_xof
sha3
</requires>

<header:public>
Loading