From dfca5625716a94a6a2262e606c49acc9c89095f3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 6 Jan 2025 07:29:52 +0000 Subject: [PATCH] Introduce public API header mlkem_native.h Signed-off-by: Hanno Becker --- examples/bring_your_own_fips202/main.c | 2 +- examples/custom_backend/main.c | 2 +- examples/mlkem_native_as_code_package/main.c | 2 +- examples/monolithic_build/mlkem_native_all.c | 334 +++++++++++++------ mlkem/common.h | 1 - mlkem/config.h | 56 ++++ mlkem/kem.c | 46 +-- mlkem/kem.h | 69 ++-- mlkem/mlkem_native.h | 170 ++++++++++ mlkem/namespace.h | 40 --- mlkem/params.h | 9 +- test/acvp_mlkem.c | 42 +-- test/bench_mlkem.c | 2 +- test/gen_KAT.c | 5 +- test/gen_NISTKAT.c | 2 +- test/test_mlkem.c | 2 +- 16 files changed, 563 insertions(+), 221 deletions(-) create mode 100644 mlkem/mlkem_native.h delete mode 100644 mlkem/namespace.h diff --git a/examples/bring_your_own_fips202/main.c b/examples/bring_your_own_fips202/main.c index 5dc1cc2a8..1ea54442c 100644 --- a/examples/bring_your_own_fips202/main.c +++ b/examples/bring_your_own_fips202/main.c @@ -6,7 +6,7 @@ #include #include -#include +#include const uint8_t expected_key[] = {0xe9, 0x13, 0x77, 0x84, 0x0e, 0x6b, 0x66, 0x94, 0xea, 0xa9, 0xf0, 0x1c, 0x97, 0xff, 0x68, 0x87, diff --git a/examples/custom_backend/main.c b/examples/custom_backend/main.c index 5dc1cc2a8..1ea54442c 100644 --- a/examples/custom_backend/main.c +++ b/examples/custom_backend/main.c @@ -6,7 +6,7 @@ #include #include -#include +#include const uint8_t expected_key[] = {0xe9, 0x13, 0x77, 0x84, 0x0e, 0x6b, 0x66, 0x94, 0xea, 0xa9, 0xf0, 0x1c, 0x97, 0xff, 0x68, 0x87, diff --git a/examples/mlkem_native_as_code_package/main.c b/examples/mlkem_native_as_code_package/main.c index d6bb92888..7f3237ca6 100644 --- a/examples/mlkem_native_as_code_package/main.c +++ b/examples/mlkem_native_as_code_package/main.c @@ -6,7 +6,7 @@ #include #include -#include +#include int main(void) { diff --git a/examples/monolithic_build/mlkem_native_all.c b/examples/monolithic_build/mlkem_native_all.c index c90dfab76..3c7224123 100644 --- a/examples/monolithic_build/mlkem_native_all.c +++ b/examples/monolithic_build/mlkem_native_all.c @@ -224,42 +224,42 @@ #undef MLKEM_NATIVE_COMMON_H #endif -/* mlkem/common.h:28 */ +/* mlkem/common.h:27 */ #if defined(MLKEM_NATIVE_ARITH_BACKEND_NAME) #undef MLKEM_NATIVE_ARITH_BACKEND_NAME #endif -/* mlkem/common.h:32 */ +/* mlkem/common.h:31 */ #if defined(MLKEM_NATIVE_FIPS202_BACKEND_NAME) #undef MLKEM_NATIVE_FIPS202_BACKEND_NAME #endif -/* mlkem/common.h:39 */ +/* mlkem/common.h:38 */ #if defined(MLKEM_ASM_NAMESPACE) #undef MLKEM_ASM_NAMESPACE #endif -/* mlkem/common.h:40 */ +/* mlkem/common.h:39 */ #if defined(FIPS202_ASM_NAMESPACE) #undef FIPS202_ASM_NAMESPACE #endif -/* mlkem/common.h:42 */ +/* mlkem/common.h:41 */ #if defined(_PREFIX_UNDERSCORE) #undef _PREFIX_UNDERSCORE #endif -/* mlkem/common.h:43 */ +/* mlkem/common.h:42 */ #if defined(PREFIX_UNDERSCORE) #undef PREFIX_UNDERSCORE #endif -/* mlkem/common.h:44 */ +/* mlkem/common.h:43 */ #if defined(MLKEM_ASM_NAMESPACE) #undef MLKEM_ASM_NAMESPACE #endif -/* mlkem/common.h:45 */ +/* mlkem/common.h:44 */ #if defined(FIPS202_ASM_NAMESPACE) #undef FIPS202_ASM_NAMESPACE #endif @@ -294,6 +294,51 @@ #undef MLKEM_NATIVE_FIPS202_BACKEND #endif +/* mlkem/config.h:107 */ +#if defined(MLKEM_NATIVE_API_STANDARD) +#undef MLKEM_NATIVE_API_STANDARD +#endif + +/* mlkem/config.h:126 */ +#if defined(FIPS202_DEFAULT_NAMESPACE___) +#undef FIPS202_DEFAULT_NAMESPACE___ +#endif + +/* mlkem/config.h:127 */ +#if defined(FIPS202_DEFAULT_NAMESPACE__) +#undef FIPS202_DEFAULT_NAMESPACE__ +#endif + +/* mlkem/config.h:129 */ +#if defined(FIPS202_DEFAULT_NAMESPACE) +#undef FIPS202_DEFAULT_NAMESPACE +#endif + +/* mlkem/config.h:140 */ +#if defined(MLKEM_DEFAULT_NAMESPACE___) +#undef MLKEM_DEFAULT_NAMESPACE___ +#endif + +/* mlkem/config.h:141 */ +#if defined(MLKEM_DEFAULT_NAMESPACE__) +#undef MLKEM_DEFAULT_NAMESPACE__ +#endif + +/* mlkem/config.h:145 */ +#if defined(MLKEM_DEFAULT_NAMESPACE) +#undef MLKEM_DEFAULT_NAMESPACE +#endif + +/* mlkem/config.h:148 */ +#if defined(MLKEM_DEFAULT_NAMESPACE) +#undef MLKEM_DEFAULT_NAMESPACE +#endif + +/* mlkem/config.h:151 */ +#if defined(MLKEM_DEFAULT_NAMESPACE) +#undef MLKEM_DEFAULT_NAMESPACE +#endif + /* mlkem/debug/debug.c:4 */ #if defined(_ISOC99_SOURCE) #undef _ISOC99_SOURCE @@ -1204,12 +1249,12 @@ #undef indcpa_dec #endif -/* mlkem/kem.c:17 */ +/* mlkem/kem.c:18 */ #if defined(check_pk) #undef check_pk #endif -/* mlkem/kem.c:18 */ +/* mlkem/kem.c:19 */ #if defined(check_sk) #undef check_sk #endif @@ -1219,114 +1264,184 @@ #undef KEM_H #endif -/* mlkem/kem.h:11 */ -#if defined(CRYPTO_SECRETKEYBYTES) -#undef CRYPTO_SECRETKEYBYTES +/* mlkem/kem.h:27 */ +#if defined(crypto_kem_keypair_derand) +#undef crypto_kem_keypair_derand #endif -/* mlkem/kem.h:12 */ -#if defined(CRYPTO_PUBLICKEYBYTES) -#undef CRYPTO_PUBLICKEYBYTES +/* mlkem/kem.h:55 */ +#if defined(crypto_kem_keypair) +#undef crypto_kem_keypair #endif -/* mlkem/kem.h:13 */ -#if defined(CRYPTO_CIPHERTEXTBYTES) -#undef CRYPTO_CIPHERTEXTBYTES +/* mlkem/kem.h:79 */ +#if defined(crypto_kem_enc_derand) +#undef crypto_kem_enc_derand #endif -/* mlkem/kem.h:14 */ -#if defined(CRYPTO_BYTES) -#undef CRYPTO_BYTES +/* mlkem/kem.h:112 */ +#if defined(crypto_kem_enc) +#undef crypto_kem_enc #endif -/* mlkem/kem.h:17 */ -#if defined(CRYPTO_ALGNAME) -#undef CRYPTO_ALGNAME +/* mlkem/kem.h:140 */ +#if defined(crypto_kem_dec) +#undef crypto_kem_dec #endif -/* mlkem/kem.h:19 */ -#if defined(CRYPTO_ALGNAME) -#undef CRYPTO_ALGNAME +/* mlkem/mlkem_native.h:5 */ +#if defined(MLKEM_NATIVE_H) +#undef MLKEM_NATIVE_H #endif -/* mlkem/kem.h:21 */ -#if defined(CRYPTO_ALGNAME) -#undef CRYPTO_ALGNAME +/* mlkem/mlkem_native.h:19 */ +#if defined(MLKEM512_SECRETKEYBYTES) +#undef MLKEM512_SECRETKEYBYTES #endif -/* mlkem/kem.h:24 */ -#if defined(crypto_kem_keypair_derand) -#undef crypto_kem_keypair_derand +/* mlkem/mlkem_native.h:20 */ +#if defined(MLKEM512_PUBLICKEYBYTES) +#undef MLKEM512_PUBLICKEYBYTES #endif -/* mlkem/kem.h:50 */ -#if defined(crypto_kem_keypair) -#undef crypto_kem_keypair +/* mlkem/mlkem_native.h:21 */ +#if defined(MLKEM512_CIPHERTEXTBYTES) +#undef MLKEM512_CIPHERTEXTBYTES #endif -/* mlkem/kem.h:72 */ -#if defined(crypto_kem_enc_derand) -#undef crypto_kem_enc_derand +/* mlkem/mlkem_native.h:23 */ +#if defined(MLKEM768_SECRETKEYBYTES) +#undef MLKEM768_SECRETKEYBYTES #endif -/* mlkem/kem.h:103 */ -#if defined(crypto_kem_enc) -#undef crypto_kem_enc +/* mlkem/mlkem_native.h:24 */ +#if defined(MLKEM768_PUBLICKEYBYTES) +#undef MLKEM768_PUBLICKEYBYTES #endif -/* mlkem/kem.h:129 */ -#if defined(crypto_kem_dec) -#undef crypto_kem_dec +/* mlkem/mlkem_native.h:25 */ +#if defined(MLKEM768_CIPHERTEXTBYTES) +#undef MLKEM768_CIPHERTEXTBYTES #endif -/* mlkem/namespace.h:5 */ -#if defined(MLKEM_NATIVE_NAMESPACE_H) -#undef MLKEM_NATIVE_NAMESPACE_H +/* mlkem/mlkem_native.h:27 */ +#if defined(MLKEM1024_SECRETKEYBYTES) +#undef MLKEM1024_SECRETKEYBYTES #endif -/* mlkem/namespace.h:9 */ -#if defined(MLKEM_PARAM_NAME) -#undef MLKEM_PARAM_NAME +/* mlkem/mlkem_native.h:28 */ +#if defined(MLKEM1024_PUBLICKEYBYTES) +#undef MLKEM1024_PUBLICKEYBYTES #endif -/* mlkem/namespace.h:11 */ -#if defined(MLKEM_PARAM_NAME) -#undef MLKEM_PARAM_NAME +/* mlkem/mlkem_native.h:29 */ +#if defined(MLKEM1024_CIPHERTEXTBYTES) +#undef MLKEM1024_CIPHERTEXTBYTES #endif -/* mlkem/namespace.h:13 */ -#if defined(MLKEM_PARAM_NAME) -#undef MLKEM_PARAM_NAME +/* mlkem/mlkem_native.h:32 */ +#if defined(MLKEM_SECRETKEYBYTES_) +#undef MLKEM_SECRETKEYBYTES_ #endif -/* mlkem/namespace.h:18 */ -#if defined(___MLKEM_DEFAULT_NAMESPACE) -#undef ___MLKEM_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:33 */ +#if defined(MLKEM_PUBLICKEYBYTES_) +#undef MLKEM_PUBLICKEYBYTES_ #endif -/* mlkem/namespace.h:19 */ -#if defined(__MLKEM_DEFAULT_NAMESPACE) -#undef __MLKEM_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:34 */ +#if defined(MLKEM_CIPHERTEXTBYTES_) +#undef MLKEM_CIPHERTEXTBYTES_ #endif -/* mlkem/namespace.h:26 */ -#if defined(MLKEM_DEFAULT_NAMESPACE) -#undef MLKEM_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:35 */ +#if defined(MLKEM_SECRETKEYBYTES) +#undef MLKEM_SECRETKEYBYTES +#endif + +/* mlkem/mlkem_native.h:36 */ +#if defined(MLKEM_PUBLICKEYBYTES) +#undef MLKEM_PUBLICKEYBYTES #endif -/* mlkem/namespace.h:29 */ -#if defined(___FIPS202_DEFAULT_NAMESPACE) -#undef ___FIPS202_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:37 */ +#if defined(MLKEM_CIPHERTEXTBYTES) +#undef MLKEM_CIPHERTEXTBYTES #endif -/* mlkem/namespace.h:30 */ -#if defined(__FIPS202_DEFAULT_NAMESPACE) -#undef __FIPS202_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:39 */ +#if defined(MLKEM_SYMBYTES) +#undef MLKEM_SYMBYTES #endif -/* mlkem/namespace.h:36 */ -#if defined(FIPS202_DEFAULT_NAMESPACE) -#undef FIPS202_DEFAULT_NAMESPACE +/* mlkem/mlkem_native.h:40 */ +#if defined(MLKEM_SSBYTES) +#undef MLKEM_SSBYTES +#endif + +/* mlkem/mlkem_native.h:150 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/mlkem_native.h:152 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/mlkem_native.h:154 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/mlkem_native.h:156 */ +#if defined(CRYPTO_SECRETKEYBYTES) +#undef CRYPTO_SECRETKEYBYTES +#endif + +/* mlkem/mlkem_native.h:157 */ +#if defined(CRYPTO_PUBLICKEYBYTES) +#undef CRYPTO_PUBLICKEYBYTES +#endif + +/* mlkem/mlkem_native.h:158 */ +#if defined(CRYPTO_CIPHERTEXTBYTES) +#undef CRYPTO_CIPHERTEXTBYTES +#endif + +/* mlkem/mlkem_native.h:159 */ +#if defined(CRYPTO_SYMBYTES) +#undef CRYPTO_SYMBYTES +#endif + +/* mlkem/mlkem_native.h:160 */ +#if defined(CRYPTO_BYTES) +#undef CRYPTO_BYTES +#endif + +/* mlkem/mlkem_native.h:162 */ +#if defined(crypto_kem_keypair_derand) +#undef crypto_kem_keypair_derand +#endif + +/* mlkem/mlkem_native.h:163 */ +#if defined(crypto_kem_keypair) +#undef crypto_kem_keypair +#endif + +/* mlkem/mlkem_native.h:164 */ +#if defined(crypto_kem_enc_derand) +#undef crypto_kem_enc_derand +#endif + +/* mlkem/mlkem_native.h:165 */ +#if defined(crypto_kem_enc) +#undef crypto_kem_enc +#endif + +/* mlkem/mlkem_native.h:166 */ +#if defined(crypto_kem_dec) +#undef crypto_kem_dec #endif /* mlkem/native/aarch64/clean.h:10 */ @@ -2095,106 +2210,121 @@ #endif /* mlkem/params.h:28 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/params.h:29 */ #if defined(MLKEM_ETA1) #undef MLKEM_ETA1 #endif -/* mlkem/params.h:29 */ +/* mlkem/params.h:30 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DV) #undef MLKEM_POLYCOMPRESSEDBYTES_DV #endif -/* mlkem/params.h:30 */ +/* mlkem/params.h:31 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DU) #undef MLKEM_POLYCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:31 */ +/* mlkem/params.h:32 */ #if defined(MLKEM_POLYVECCOMPRESSEDBYTES_DU) #undef MLKEM_POLYVECCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:33 */ +/* mlkem/params.h:34 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/params.h:35 */ #if defined(MLKEM_ETA1) #undef MLKEM_ETA1 #endif -/* mlkem/params.h:34 */ +/* mlkem/params.h:36 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DV) #undef MLKEM_POLYCOMPRESSEDBYTES_DV #endif -/* mlkem/params.h:35 */ +/* mlkem/params.h:37 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DU) #undef MLKEM_POLYCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:36 */ +/* mlkem/params.h:38 */ #if defined(MLKEM_POLYVECCOMPRESSEDBYTES_DU) #undef MLKEM_POLYVECCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:38 */ +/* mlkem/params.h:40 */ +#if defined(MLKEM_LVL) +#undef MLKEM_LVL +#endif + +/* mlkem/params.h:41 */ #if defined(MLKEM_ETA1) #undef MLKEM_ETA1 #endif -/* mlkem/params.h:39 */ +/* mlkem/params.h:42 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DV) #undef MLKEM_POLYCOMPRESSEDBYTES_DV #endif -/* mlkem/params.h:40 */ +/* mlkem/params.h:43 */ #if defined(MLKEM_POLYCOMPRESSEDBYTES_DU) #undef MLKEM_POLYCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:41 */ +/* mlkem/params.h:44 */ #if defined(MLKEM_POLYVECCOMPRESSEDBYTES_DU) #undef MLKEM_POLYVECCOMPRESSEDBYTES_DU #endif -/* mlkem/params.h:44 */ +/* mlkem/params.h:47 */ #if defined(MLKEM_ETA2) #undef MLKEM_ETA2 #endif -/* mlkem/params.h:46 */ +/* mlkem/params.h:49 */ #if defined(MLKEM_INDCPA_MSGBYTES) #undef MLKEM_INDCPA_MSGBYTES #endif -/* mlkem/params.h:47 */ +/* mlkem/params.h:50 */ #if defined(MLKEM_INDCPA_PUBLICKEYBYTES) #undef MLKEM_INDCPA_PUBLICKEYBYTES #endif -/* mlkem/params.h:48 */ +/* mlkem/params.h:51 */ #if defined(MLKEM_INDCPA_SECRETKEYBYTES) #undef MLKEM_INDCPA_SECRETKEYBYTES #endif -/* mlkem/params.h:49 */ +/* mlkem/params.h:52 */ #if defined(MLKEM_INDCPA_BYTES) #undef MLKEM_INDCPA_BYTES #endif -/* mlkem/params.h:52 */ -#if defined(MLKEM_PUBLICKEYBYTES) -#undef MLKEM_PUBLICKEYBYTES +/* mlkem/params.h:55 */ +#if defined(MLKEM_INDCCA_PUBLICKEYBYTES) +#undef MLKEM_INDCCA_PUBLICKEYBYTES #endif -/* mlkem/params.h:54 */ -#if defined(MLKEM_SECRETKEYBYTES) -#undef MLKEM_SECRETKEYBYTES +/* mlkem/params.h:57 */ +#if defined(MLKEM_INDCCA_SECRETKEYBYTES) +#undef MLKEM_INDCCA_SECRETKEYBYTES #endif -/* mlkem/params.h:57 */ -#if defined(MLKEM_CIPHERTEXTBYTES) -#undef MLKEM_CIPHERTEXTBYTES +/* mlkem/params.h:60 */ +#if defined(MLKEM_INDCCA_CIPHERTEXTBYTES) +#undef MLKEM_INDCCA_CIPHERTEXTBYTES #endif -/* mlkem/params.h:59 */ +/* mlkem/params.h:62 */ #if defined(KECCAK_WAY) #undef KECCAK_WAY #endif diff --git a/mlkem/common.h b/mlkem/common.h index c71468a69..8114e5aee 100644 --- a/mlkem/common.h +++ b/mlkem/common.h @@ -11,7 +11,6 @@ #include "config.h" #endif /* MLKEM_NATIVE_CONFIG_FILE */ -#include "namespace.h" #include "params.h" #include "sys.h" diff --git a/mlkem/config.h b/mlkem/config.h index dca18ecd6..faa974a49 100644 --- a/mlkem/config.h +++ b/mlkem/config.h @@ -97,4 +97,60 @@ #define MLKEM_NATIVE_FIPS202_BACKEND "fips202/native/default.h" #endif /* MLKEM_NATIVE_FIPS202_BACKEND */ +/****************************************************************************** + * Name: MLKEM_NATIVE_API_STANDARD + * + * Description: Define this to extend api.h to also export key sizes and public + * API in the CRYPTO_xxx and crypto_kem_xxx format as used e.g. by + * SUPERCOP. + * + *****************************************************************************/ +#define MLKEM_NATIVE_API_STANDARD + + +/************************* Config internals ********************************/ + +/* Default namespace + * + * Don't change this. If you need a different namespace, re-define + * MLKEM_NAMESPACE above instead, and remove the following. + */ + +/* + * The default FIPS202 namespace is + * + * PQCP_MLKEM_NATIVE_FIPS202__ + * + * e.g., PQCP_MLKEM_NATIVE_FIPS202_C_ + */ + +#define FIPS202_DEFAULT_NAMESPACE___(x1, x2) x1##_##x2 +#define FIPS202_DEFAULT_NAMESPACE__(x1, x2) FIPS202_DEFAULT_NAMESPACE___(x1, x2) + +#define FIPS202_DEFAULT_NAMESPACE(s) \ + FIPS202_DEFAULT_NAMESPACE__(PQCP_MLKEM_NATIVE_FIPS202, s) + +/* + * The default MLKEM namespace is + * + * PQCP_MLKEM_NATIVE_MLKEM__ + * + * e.g., PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_ + */ + +#define MLKEM_DEFAULT_NAMESPACE___(x1, x2, x3) x1##_##x2##_##x3 +#define MLKEM_DEFAULT_NAMESPACE__(x1, x2, x3) \ + MLKEM_DEFAULT_NAMESPACE___(x1, x2, x3) + +#if MLKEM_K == 2 +#define MLKEM_DEFAULT_NAMESPACE(s) \ + MLKEM_DEFAULT_NAMESPACE__(PQCP_MLKEM_NATIVE, MLKEM512, s) +#elif MLKEM_K == 3 +#define MLKEM_DEFAULT_NAMESPACE(s) \ + MLKEM_DEFAULT_NAMESPACE__(PQCP_MLKEM_NATIVE, MLKEM768, s) +#elif MLKEM_K == 4 +#define MLKEM_DEFAULT_NAMESPACE(s) \ + MLKEM_DEFAULT_NAMESPACE__(PQCP_MLKEM_NATIVE, MLKEM1024, s) +#endif + #endif /* MLkEM_NATIVE_CONFIG_H */ diff --git a/mlkem/kem.c b/mlkem/kem.c index 6026d362b..1ea2b476f 100644 --- a/mlkem/kem.c +++ b/mlkem/kem.c @@ -2,11 +2,12 @@ * Copyright (c) 2024 The mlkem-native project authors * SPDX-License-Identifier: Apache-2.0 */ -#include "kem.h" #include #include #include + #include "indcpa.h" +#include "kem.h" #include "randombytes.h" #include "symmetric.h" #include "verify.h" @@ -36,11 +37,12 @@ __contract__( * Described in Section 7.2 of FIPS203. * * Arguments: - const uint8_t *pk: pointer to input public key - * (an already allocated array of MLKEM_PUBLICKEYBYTES bytes) - ** + * (an already allocated array of MLKEM_INDCCA_PUBLICKEYBYTES + * bytes) + * * Returns 0 on success, and -1 on failure **************************************************/ -static int check_pk(const uint8_t pk[MLKEM_PUBLICKEYBYTES]) +static int check_pk(const uint8_t pk[MLKEM_INDCCA_PUBLICKEYBYTES]) { polyvec p; uint8_t p_reencoded[MLKEM_POLYVECBYTES]; @@ -64,11 +66,12 @@ static int check_pk(const uint8_t pk[MLKEM_PUBLICKEYBYTES]) * Described in Section 7.3 of FIPS203. * * Arguments: - const uint8_t *sk: pointer to input private key - * (an already allocated array of MLKEM_SECRETKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_SECRETKEYBYTES + * bytes) * * Returns 0 on success, and -1 on failure **************************************************/ -static int check_sk(const uint8_t sk[MLKEM_SECRETKEYBYTES]) +static int check_sk(const uint8_t sk[MLKEM_INDCCA_SECRETKEYBYTES]) { uint8_t test[MLKEM_SYMBYTES]; /* @@ -76,8 +79,8 @@ static int check_sk(const uint8_t sk[MLKEM_SECRETKEYBYTES]) * no public information is leaked through the runtime or the return value * of this function. */ - hash_h(test, sk + MLKEM_INDCPA_SECRETKEYBYTES, MLKEM_PUBLICKEYBYTES); - if (memcmp(sk + MLKEM_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, test, + hash_h(test, sk + MLKEM_INDCPA_SECRETKEYBYTES, MLKEM_INDCCA_PUBLICKEYBYTES); + if (memcmp(sk + MLKEM_INDCCA_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, test, MLKEM_SYMBYTES)) { return -1; @@ -88,12 +91,12 @@ static int check_sk(const uint8_t sk[MLKEM_SECRETKEYBYTES]) int crypto_kem_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins) { indcpa_keypair_derand(pk, sk, coins); - memcpy(sk + MLKEM_INDCPA_SECRETKEYBYTES, pk, MLKEM_PUBLICKEYBYTES); - hash_h(sk + MLKEM_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, pk, - MLKEM_PUBLICKEYBYTES); + memcpy(sk + MLKEM_INDCPA_SECRETKEYBYTES, pk, MLKEM_INDCCA_PUBLICKEYBYTES); + hash_h(sk + MLKEM_INDCCA_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, pk, + MLKEM_INDCCA_PUBLICKEYBYTES); /* Value z for pseudo-random output on reject */ - memcpy(sk + MLKEM_SECRETKEYBYTES - MLKEM_SYMBYTES, coins + MLKEM_SYMBYTES, - MLKEM_SYMBYTES); + memcpy(sk + MLKEM_INDCCA_SECRETKEYBYTES - MLKEM_SYMBYTES, + coins + MLKEM_SYMBYTES, MLKEM_SYMBYTES); return 0; } @@ -120,7 +123,7 @@ int crypto_kem_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, memcpy(buf, coins, MLKEM_SYMBYTES); /* Multitarget countermeasure for coins + contributory KEM */ - hash_h(buf + MLKEM_SYMBYTES, pk, MLKEM_PUBLICKEYBYTES); + hash_h(buf + MLKEM_SYMBYTES, pk, MLKEM_INDCCA_PUBLICKEYBYTES); hash_g(kr, buf, 2 * MLKEM_SYMBYTES); /* coins are in kr+MLKEM_SYMBYTES */ @@ -153,25 +156,26 @@ int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) indcpa_dec(buf, ct, sk); /* Multitarget countermeasure for coins + contributory KEM */ - memcpy(buf + MLKEM_SYMBYTES, sk + MLKEM_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, - MLKEM_SYMBYTES); + memcpy(buf + MLKEM_SYMBYTES, + sk + MLKEM_INDCCA_SECRETKEYBYTES - 2 * MLKEM_SYMBYTES, MLKEM_SYMBYTES); hash_g(kr, buf, 2 * MLKEM_SYMBYTES); /* Recompute and compare ciphertext */ { /* Temporary buffer */ - ALIGN uint8_t cmp[MLKEM_CIPHERTEXTBYTES]; + ALIGN uint8_t cmp[MLKEM_INDCCA_CIPHERTEXTBYTES]; /* coins are in kr+MLKEM_SYMBYTES */ indcpa_enc(cmp, buf, pk, kr + MLKEM_SYMBYTES); - fail = ct_memcmp(ct, cmp, MLKEM_CIPHERTEXTBYTES); + fail = ct_memcmp(ct, cmp, MLKEM_INDCCA_CIPHERTEXTBYTES); } /* Compute rejection key */ { /* Temporary buffer */ - ALIGN uint8_t tmp[MLKEM_SYMBYTES + MLKEM_CIPHERTEXTBYTES]; - memcpy(tmp, sk + MLKEM_SECRETKEYBYTES - MLKEM_SYMBYTES, MLKEM_SYMBYTES); - memcpy(tmp + MLKEM_SYMBYTES, ct, MLKEM_CIPHERTEXTBYTES); + ALIGN uint8_t tmp[MLKEM_SYMBYTES + MLKEM_INDCCA_CIPHERTEXTBYTES]; + memcpy(tmp, sk + MLKEM_INDCCA_SECRETKEYBYTES - MLKEM_SYMBYTES, + MLKEM_SYMBYTES); + memcpy(tmp + MLKEM_SYMBYTES, ct, MLKEM_INDCCA_CIPHERTEXTBYTES); hash_j(ss, tmp, sizeof(tmp)); } diff --git a/mlkem/kem.h b/mlkem/kem.h index 534e3783c..350a79b04 100644 --- a/mlkem/kem.h +++ b/mlkem/kem.h @@ -9,10 +9,21 @@ #include "cbmc.h" #include "common.h" -#define CRYPTO_SECRETKEYBYTES MLKEM_SECRETKEYBYTES -#define CRYPTO_PUBLICKEYBYTES MLKEM_PUBLICKEYBYTES -#define CRYPTO_CIPHERTEXTBYTES MLKEM_CIPHERTEXTBYTES -#define CRYPTO_BYTES MLKEM_SSBYTES +/* Include to ensure consistency between internal kem.h + * and external mlkem_native.h. */ +#include "mlkem_native.h" + +#if MLKEM_INDCCA_SECRETKEYBYTES != MLKEM_SECRETKEYBYTES(MLKEM_LVL) +#error Mismatch for SECRETKEYBYTES between kem.h and mlkem_native.h +#endif + +#if MLKEM_INDCCA_PUBLICKEYBYTES != MLKEM_PUBLICKEYBYTES(MLKEM_LVL) +#error Mismatch for PUBLICKEYBYTES between kem.h and mlkem_native.h +#endif + +#if MLKEM_INDCCA_CIPHERTEXTBYTES != MLKEM_CIPHERTEXTBYTES(MLKEM_LVL) +#error Mismatch for CIPHERTEXTBYTES between kem.h and mlkem_native.h +#endif #define crypto_kem_keypair_derand MLKEM_NAMESPACE(keypair_derand) /************************************************* @@ -22,9 +33,11 @@ * for CCA-secure ML-KEM key encapsulation mechanism * * Arguments: - uint8_t *pk: pointer to output public key - * (an already allocated array of MLKEM_PUBLICKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_PUBLICKEYBYTES + *bytes) * - uint8_t *sk: pointer to output private key - * (an already allocated array of MLKEM_SECRETKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_SECRETKEYBYTES + *bytes) * - uint8_t *coins: pointer to input randomness * (an already allocated array filled with 2*MLKEM_SYMBYTES *random bytes) @@ -33,8 +46,8 @@ **************************************************/ int crypto_kem_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins) __contract__( - requires(memory_no_alias(pk, MLKEM_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, MLKEM_SECRETKEYBYTES)) + requires(memory_no_alias(pk, MLKEM_INDCCA_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLKEM_INDCCA_SECRETKEYBYTES)) requires(memory_no_alias(coins, 2 * MLKEM_SYMBYTES)) assigns(object_whole(pk)) assigns(object_whole(sk)) @@ -48,16 +61,18 @@ __contract__( * for CCA-secure ML-KEM key encapsulation mechanism * * Arguments: - uint8_t *pk: pointer to output public key - * (an already allocated array of MLKEM_PUBLICKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_PUBLICKEYBYTES + *bytes) * - uint8_t *sk: pointer to output private key - * (an already allocated array of MLKEM_SECRETKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_SECRETKEYBYTES + *bytes) * * Returns 0 (success) **************************************************/ int crypto_kem_keypair(uint8_t *pk, uint8_t *sk) __contract__( - requires(memory_no_alias(pk, MLKEM_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, MLKEM_SECRETKEYBYTES)) + requires(memory_no_alias(pk, MLKEM_INDCCA_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLKEM_INDCCA_SECRETKEYBYTES)) assigns(object_whole(pk)) assigns(object_whole(sk)) ); @@ -70,11 +85,13 @@ __contract__( * secret for given public key * * Arguments: - uint8_t *ct: pointer to output cipher text - * (an already allocated array of MLKEM_CIPHERTEXTBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_CIPHERTEXTBYTES + *bytes) * - uint8_t *ss: pointer to output shared secret * (an already allocated array of MLKEM_SSBYTES bytes) * - const uint8_t *pk: pointer to input public key - * (an already allocated array of MLKEM_PUBLICKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_PUBLICKEYBYTES + *bytes) * - const uint8_t *coins: pointer to input randomness * (an already allocated array filled with MLKEM_SYMBYTES random *bytes) @@ -85,9 +102,9 @@ __contract__( int crypto_kem_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) __contract__( - requires(memory_no_alias(ct, MLKEM_CIPHERTEXTBYTES)) + requires(memory_no_alias(ct, MLKEM_INDCCA_CIPHERTEXTBYTES)) requires(memory_no_alias(ss, MLKEM_SSBYTES)) - requires(memory_no_alias(pk, MLKEM_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLKEM_INDCCA_PUBLICKEYBYTES)) requires(memory_no_alias(coins, MLKEM_SYMBYTES)) assigns(object_whole(ct)) assigns(object_whole(ss)) @@ -101,20 +118,22 @@ __contract__( * secret for given public key * * Arguments: - uint8_t *ct: pointer to output cipher text - * (an already allocated array of MLKEM_CIPHERTEXTBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_CIPHERTEXTBYTES + *bytes) * - uint8_t *ss: pointer to output shared secret * (an already allocated array of MLKEM_SSBYTES bytes) * - const uint8_t *pk: pointer to input public key - * (an already allocated array of MLKEM_PUBLICKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_PUBLICKEYBYTES + *bytes) * * Returns 0 on success, and -1 if the public key modulus check (see Section 7.2 * of FIPS203) fails. **************************************************/ int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) __contract__( - requires(memory_no_alias(ct, MLKEM_CIPHERTEXTBYTES)) + requires(memory_no_alias(ct, MLKEM_INDCCA_CIPHERTEXTBYTES)) requires(memory_no_alias(ss, MLKEM_SSBYTES)) - requires(memory_no_alias(pk, MLKEM_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLKEM_INDCCA_PUBLICKEYBYTES)) assigns(object_whole(ct)) assigns(object_whole(ss)) ); @@ -129,9 +148,11 @@ __contract__( * Arguments: - uint8_t *ss: pointer to output shared secret * (an already allocated array of MLKEM_SSBYTES bytes) * - const uint8_t *ct: pointer to input cipher text - * (an already allocated array of MLKEM_CIPHERTEXTBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_CIPHERTEXTBYTES + *bytes) * - const uint8_t *sk: pointer to input private key - * (an already allocated array of MLKEM_SECRETKEYBYTES bytes) + * (an already allocated array of MLKEM_INDCCA_SECRETKEYBYTES + *bytes) * * Returns 0 on success, and -1 if the secret key hash check (see Section 7.3 of * FIPS203) fails. @@ -141,8 +162,8 @@ __contract__( int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) __contract__( requires(memory_no_alias(ss, MLKEM_SSBYTES)) - requires(memory_no_alias(ct, MLKEM_CIPHERTEXTBYTES)) - requires(memory_no_alias(sk, MLKEM_SECRETKEYBYTES)) + requires(memory_no_alias(ct, MLKEM_INDCCA_CIPHERTEXTBYTES)) + requires(memory_no_alias(sk, MLKEM_INDCCA_SECRETKEYBYTES)) assigns(object_whole(ss)) ); diff --git a/mlkem/mlkem_native.h b/mlkem/mlkem_native.h new file mode 100644 index 000000000..4b5f6822a --- /dev/null +++ b/mlkem/mlkem_native.h @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2024 The mlkem-native project authors + * SPDX-License-Identifier: Apache-2.0 + */ +#ifndef MLKEM_NATIVE_H +#define MLKEM_NATIVE_H + +#include + +#if defined(MLKEM_NATIVE_CONFIG_FILE) +#include MLKEM_NATIVE_CONFIG_FILE +#else +#include "config.h" +#endif + +#if !defined(MLKEM_NAMESPACE) +#error Something went wrong -- don't have a namespace +#endif + +#define MLKEM512_SECRETKEYBYTES 1632 +#define MLKEM512_PUBLICKEYBYTES 800 +#define MLKEM512_CIPHERTEXTBYTES 768 + +#define MLKEM768_SECRETKEYBYTES 2400 +#define MLKEM768_PUBLICKEYBYTES 1184 +#define MLKEM768_CIPHERTEXTBYTES 1088 + +#define MLKEM1024_SECRETKEYBYTES 3168 +#define MLKEM1024_PUBLICKEYBYTES 1568 +#define MLKEM1024_CIPHERTEXTBYTES 1568 + +/* You must use those macros LVL unfolding to 512,768,1024. */ +#define MLKEM_SECRETKEYBYTES_(LVL) MLKEM##LVL##_SECRETKEYBYTES +#define MLKEM_PUBLICKEYBYTES_(LVL) MLKEM##LVL##_PUBLICKEYBYTES +#define MLKEM_CIPHERTEXTBYTES_(LVL) MLKEM##LVL##_CIPHERTEXTBYTES +#define MLKEM_SECRETKEYBYTES(LVL) MLKEM_SECRETKEYBYTES_(LVL) +#define MLKEM_PUBLICKEYBYTES(LVL) MLKEM_PUBLICKEYBYTES_(LVL) +#define MLKEM_CIPHERTEXTBYTES(LVL) MLKEM_CIPHERTEXTBYTES_(LVL) + +#define MLKEM_SYMBYTES 32 +#define MLKEM_SSBYTES 32 + +/************************************************* + * Name: crypto_kem_keypair_derand + * + * Description: Generates public and private key + * for CCA-secure ML-KEM key encapsulation mechanism + * + * Arguments: - uint8_t *pk: pointer to output public key + * (an already allocated array of MLKEM_PUBLICKEYBYTES(lvl) + *bytes) + * - uint8_t *sk: pointer to output private key + * (an already allocated array of MLKEM_SECRETKEYBYTES(lvl) + *bytes) + * - uint8_t *coins: pointer to input randomness + * (an already allocated array filled with 2*MLKEM_SYMBYTES + *random bytes) + ** + * Returns 0 (success) + **************************************************/ +int MLKEM_NAMESPACE(keypair_derand)(uint8_t *pk, uint8_t *sk, + const uint8_t *coins); + +/************************************************* + * Name: crypto_kem_keypair + * + * Description: Generates public and private key + * for CCA-secure ML-KEM key encapsulation mechanism + * + * Arguments: - uint8_t *pk: pointer to output public key + * (an already allocated array of MLKEM_PUBLICKEYBYTES(lvl) + *bytes) + * - uint8_t *sk: pointer to output private key + * (an already allocated array of MLKEM_SECRETKEYBYTES(lvl) + *bytes) + * + * Returns 0 (success) + **************************************************/ +int MLKEM_NAMESPACE(keypair)(uint8_t *pk, uint8_t *sk); + +/************************************************* + * Name: crypto_kem_enc_derand + * + * Description: Generates cipher text and shared + * secret for given public key + * + * Arguments: - uint8_t *ct: pointer to output cipher text + * (an already allocated array of MLKEM_CIPHERTEXTBYTES(lvl) + *bytes) + * - uint8_t *ss: pointer to output shared secret + * (an already allocated array of MLKEM_SSBYTES bytes) + * - const uint8_t *pk: pointer to input public key + * (an already allocated array of MLKEM_PUBLICKEYBYTES(lvl) + *bytes) + * - const uint8_t *coins: pointer to input randomness + * (an already allocated array filled with MLKEM_SYMBYTES random + * bytes) + * + * Returns 0 on success, and -1 if the public key modulus check (see Section 7.2 + * of FIPS203) fails. + **************************************************/ +int MLKEM_NAMESPACE(enc_derand)(uint8_t *ct, uint8_t *ss, const uint8_t *pk, + const uint8_t *coins); + +/************************************************* + * Name: crypto_kem_enc + * + * Description: Generates cipher text and shared + * secret for given public key + * + * Arguments: - uint8_t *ct: pointer to output cipher text + * (an already allocated array of MLKEM_CIPHERTEXTBYTES(lvl) + *bytes) + * - uint8_t *ss: pointer to output shared secret + * (an already allocated array of MLKEM_SSBYTES bytes) + * - const uint8_t *pk: pointer to input public key + * (an already allocated array of MLKEM_PUBLICKEYBYTES(lvl) + *bytes) + * + * Returns 0 on success, and -1 if the public key modulus check (see Section 7.2 + * of FIPS203) fails. + **************************************************/ +int MLKEM_NAMESPACE(enc)(uint8_t *ct, uint8_t *ss, const uint8_t *pk); + +/************************************************* + * Name: crypto_kem_dec + * + * Description: Generates shared secret for given + * cipher text and private key + * + * Arguments: - uint8_t *ss: pointer to output shared secret + * (an already allocated array of MLKEM_SSBYTES bytes) + * - const uint8_t *ct: pointer to input cipher text + * (an already allocated array of MLKEM_CIPHERTEXTBYTES(lvl) + *bytes) + * - const uint8_t *sk: pointer to input private key + * (an already allocated array of MLKEM_SECRETKEYBYTES(lvl) + *bytes) + * + * Returns 0 on success, and -1 if the secret key hash check (see Section 7.3 of + * FIPS203) fails. + * + * On failure, ss will contain a pseudo-random value. + **************************************************/ +int MLKEM_NAMESPACE(dec)(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); + +/* If requested, export API in CRYPTO_xxx and crypto_kem_xxx format as used + * e.g. by SUPERCOP. */ +#if defined(MLKEM_NATIVE_API_STANDARD) +#if MLKEM_K == 2 +#define MLKEM_LVL 512 +#elif MLKEM_K == 3 +#define MLKEM_LVL 768 +#elif MLKEM_K == 4 +#define MLKEM_LVL 1024 +#endif +#define CRYPTO_SECRETKEYBYTES MLKEM_SECRETKEYBYTES(MLKEM_LVL) +#define CRYPTO_PUBLICKEYBYTES MLKEM_PUBLICKEYBYTES(MLKEM_LVL) +#define CRYPTO_CIPHERTEXTBYTES MLKEM_CIPHERTEXTBYTES(MLKEM_LVL) +#define CRYPTO_SYMBYTES MLKEM_SYMBYTES +#define CRYPTO_BYTES MLKEM_SSBYTES + +#define crypto_kem_keypair_derand MLKEM_NAMESPACE(keypair_derand) +#define crypto_kem_keypair MLKEM_NAMESPACE(keypair) +#define crypto_kem_enc_derand MLKEM_NAMESPACE(enc_derand) +#define crypto_kem_enc MLKEM_NAMESPACE(enc) +#define crypto_kem_dec MLKEM_NAMESPACE(dec) +#endif /* MLKEM_NATIVE_API_STANDARD */ + +#endif diff --git a/mlkem/namespace.h b/mlkem/namespace.h deleted file mode 100644 index f1490b8e7..000000000 --- a/mlkem/namespace.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2024 The mlkem-native project authors - * SPDX-License-Identifier: Apache-2.0 - */ -#ifndef MLKEM_NATIVE_NAMESPACE_H -#define MLKEM_NATIVE_NAMESPACE_H - -/* Don't change parameters below this line */ -#if (MLKEM_K == 2) -#define MLKEM_PARAM_NAME MLKEM512 -#elif (MLKEM_K == 3) -#define MLKEM_PARAM_NAME MLKEM768 -#elif (MLKEM_K == 4) -#define MLKEM_PARAM_NAME MLKEM1024 -#else -#error "MLKEM_K must be in {2,3,4}" -#endif - -#define ___MLKEM_DEFAULT_NAMESPACE(x1, x2, x3) x1##_##x2##_##x3 -#define __MLKEM_DEFAULT_NAMESPACE(x1, x2, x3) \ - ___MLKEM_DEFAULT_NAMESPACE(x1, x2, x3) - -/* - * NAMESPACE is PQCP_MLKEM_NATIVE___ - * e.g., PQCP_MLKEM_NATIVE_MLKEM512_ - */ -#define MLKEM_DEFAULT_NAMESPACE(s) \ - __MLKEM_DEFAULT_NAMESPACE(PQCP_MLKEM_NATIVE, MLKEM_PARAM_NAME, s) - -#define ___FIPS202_DEFAULT_NAMESPACE(x1, x2) x1##_##x2 -#define __FIPS202_DEFAULT_NAMESPACE(x1, x2) ___FIPS202_DEFAULT_NAMESPACE(x1, x2) - -/* - * NAMESPACE is PQCP_MLKEM_NATIVE_FIPS202__ - * e.g., PQCP_MLKEM_NATIVE_FIPS202_ - */ -#define FIPS202_DEFAULT_NAMESPACE(s) \ - __FIPS202_DEFAULT_NAMESPACE(PQCP_MLKEM_NATIVE_FIPS202, s) - -#endif /* MLKEM_NATIVE_NAMESPACE_H */ diff --git a/mlkem/params.h b/mlkem/params.h index 656758475..d9a24a38b 100644 --- a/mlkem/params.h +++ b/mlkem/params.h @@ -26,16 +26,19 @@ #define MLKEM_POLYVECBYTES (MLKEM_K * MLKEM_POLYBYTES) #if MLKEM_K == 2 +#define MLKEM_LVL 512 #define MLKEM_ETA1 3 #define MLKEM_POLYCOMPRESSEDBYTES_DV 128 #define MLKEM_POLYCOMPRESSEDBYTES_DU 320 #define MLKEM_POLYVECCOMPRESSEDBYTES_DU (MLKEM_K * MLKEM_POLYCOMPRESSEDBYTES_DU) #elif MLKEM_K == 3 +#define MLKEM_LVL 768 #define MLKEM_ETA1 2 #define MLKEM_POLYCOMPRESSEDBYTES_DV 128 #define MLKEM_POLYCOMPRESSEDBYTES_DU 320 #define MLKEM_POLYVECCOMPRESSEDBYTES_DU (MLKEM_K * MLKEM_POLYCOMPRESSEDBYTES_DU) #elif MLKEM_K == 4 +#define MLKEM_LVL 1024 #define MLKEM_ETA1 2 #define MLKEM_POLYCOMPRESSEDBYTES_DV 160 #define MLKEM_POLYCOMPRESSEDBYTES_DU 352 @@ -50,12 +53,12 @@ #define MLKEM_INDCPA_BYTES \ (MLKEM_POLYVECCOMPRESSEDBYTES_DU + MLKEM_POLYCOMPRESSEDBYTES_DV) -#define MLKEM_PUBLICKEYBYTES (MLKEM_INDCPA_PUBLICKEYBYTES) +#define MLKEM_INDCCA_PUBLICKEYBYTES (MLKEM_INDCPA_PUBLICKEYBYTES) /* 32 bytes of additional space to save H(pk) */ -#define MLKEM_SECRETKEYBYTES \ +#define MLKEM_INDCCA_SECRETKEYBYTES \ (MLKEM_INDCPA_SECRETKEYBYTES + MLKEM_INDCPA_PUBLICKEYBYTES + \ 2 * MLKEM_SYMBYTES) -#define MLKEM_CIPHERTEXTBYTES (MLKEM_INDCPA_BYTES) +#define MLKEM_INDCCA_CIPHERTEXTBYTES (MLKEM_INDCPA_BYTES) #define KECCAK_WAY 4 #endif diff --git a/test/acvp_mlkem.c b/test/acvp_mlkem.c index cd4a44af5..a4e54c08f 100644 --- a/test/acvp_mlkem.c +++ b/test/acvp_mlkem.c @@ -5,7 +5,7 @@ #include #include #include -#include "kem.h" +#include "mlkem_native.h" #include "randombytes.h" #define USAGE \ @@ -114,11 +114,11 @@ static void print_hex(const char *name, const unsigned char *raw, size_t len) } static void acvp_mlkem_encapDecp_AFT_encapsulation( - unsigned char const ek[MLKEM_INDCPA_PUBLICKEYBYTES], - unsigned char const m[MLKEM_SYMBYTES]) + unsigned char const ek[CRYPTO_PUBLICKEYBYTES], + unsigned char const m[CRYPTO_SYMBYTES]) { - unsigned char ct[MLKEM_CIPHERTEXTBYTES]; - unsigned char ss[MLKEM_SSBYTES]; + unsigned char ct[CRYPTO_CIPHERTEXTBYTES]; + unsigned char ss[CRYPTO_BYTES]; crypto_kem_enc_derand(ct, ss, ek, m); @@ -127,25 +127,25 @@ static void acvp_mlkem_encapDecp_AFT_encapsulation( } static void acvp_mlkem_encapDecp_VAL_decapsulation( - unsigned char const dk[MLKEM_SECRETKEYBYTES], - unsigned char const c[MLKEM_CIPHERTEXTBYTES]) + unsigned char const dk[CRYPTO_SECRETKEYBYTES], + unsigned char const c[CRYPTO_CIPHERTEXTBYTES]) { - unsigned char ss[MLKEM_SSBYTES]; + unsigned char ss[CRYPTO_BYTES]; crypto_kem_dec(ss, c, dk); print_hex("k", ss, sizeof(ss)); } -static void acvp_mlkem_keyGen_AFT(unsigned char const z[MLKEM_SYMBYTES], - unsigned char const d[MLKEM_SYMBYTES]) +static void acvp_mlkem_keyGen_AFT(unsigned char const z[CRYPTO_SYMBYTES], + unsigned char const d[CRYPTO_SYMBYTES]) { - unsigned char ek[MLKEM_INDCPA_PUBLICKEYBYTES]; - unsigned char dk[MLKEM_SECRETKEYBYTES]; + unsigned char ek[CRYPTO_PUBLICKEYBYTES]; + unsigned char dk[CRYPTO_SECRETKEYBYTES]; - unsigned char zd[2 * MLKEM_SYMBYTES]; - memcpy(zd, d, MLKEM_SYMBYTES); - memcpy(zd + MLKEM_SYMBYTES, z, MLKEM_SYMBYTES); + unsigned char zd[2 * CRYPTO_SYMBYTES]; + memcpy(zd, d, CRYPTO_SYMBYTES); + memcpy(zd + CRYPTO_SYMBYTES, z, CRYPTO_SYMBYTES); crypto_kem_keypair_derand(ek, dk, zd); @@ -234,8 +234,8 @@ int main(int argc, char *argv[]) { case encapsulation: { - unsigned char ek[MLKEM_INDCPA_PUBLICKEYBYTES]; - unsigned char m[MLKEM_SYMBYTES]; + unsigned char ek[CRYPTO_PUBLICKEYBYTES]; + unsigned char m[CRYPTO_SYMBYTES]; /* Encapsulation only for "AFT" */ if (type != AFT) { @@ -262,8 +262,8 @@ int main(int argc, char *argv[]) } case decapsulation: { - unsigned char dk[MLKEM_SECRETKEYBYTES]; - unsigned char c[MLKEM_CIPHERTEXTBYTES]; + unsigned char dk[CRYPTO_SECRETKEYBYTES]; + unsigned char c[CRYPTO_CIPHERTEXTBYTES]; /* Decapsulation only for "VAL" */ if (type != VAL) { @@ -293,8 +293,8 @@ int main(int argc, char *argv[]) } case keyGen: { - unsigned char z[MLKEM_SYMBYTES]; - unsigned char d[MLKEM_SYMBYTES]; + unsigned char z[CRYPTO_SYMBYTES]; + unsigned char d[CRYPTO_SYMBYTES]; /* keyGen only for "AFT" */ if (type != AFT) { diff --git a/test/bench_mlkem.c b/test/bench_mlkem.c index d34e0ff3f..204d4964f 100644 --- a/test/bench_mlkem.c +++ b/test/bench_mlkem.c @@ -8,7 +8,7 @@ #include #include #include "hal.h" -#include "kem.h" +#include "mlkem_native.h" #include "randombytes.h" #define NWARMUP 50 diff --git a/test/gen_KAT.c b/test/gen_KAT.c index 5ea0d7dd9..69d9c8dee 100644 --- a/test/gen_KAT.c +++ b/test/gen_KAT.c @@ -6,8 +6,7 @@ #include #include #include "fips202.h" -#include "kem.h" -#include "params.h" +#include "mlkem_native.h" #define NTESTS 1000 @@ -25,7 +24,7 @@ static void print_hex(const char *label, const uint8_t *data, size_t size) int main(void) { unsigned int i; - ALIGN uint8_t coins[3 * MLKEM_SYMBYTES]; + ALIGN uint8_t coins[3 * CRYPTO_SYMBYTES]; ALIGN uint8_t pk[CRYPTO_PUBLICKEYBYTES]; ALIGN uint8_t sk[CRYPTO_SECRETKEYBYTES]; ALIGN uint8_t ct[CRYPTO_CIPHERTEXTBYTES]; diff --git a/test/gen_NISTKAT.c b/test/gen_NISTKAT.c index 91cfc0056..5e11bac17 100644 --- a/test/gen_NISTKAT.c +++ b/test/gen_NISTKAT.c @@ -6,7 +6,7 @@ #include #include -#include "kem.h" +#include "mlkem_native.h" #include "nistrng.h" #include "randombytes.h" diff --git a/test/test_mlkem.c b/test/test_mlkem.c index e8c20f901..84b683c88 100644 --- a/test/test_mlkem.c +++ b/test/test_mlkem.c @@ -5,7 +5,7 @@ #include #include #include -#include "kem.h" +#include "mlkem_native.h" #include "randombytes.h" #define NTESTS 1000