diff --git a/docs/algorithms/kem/bike.md b/docs/algorithms/kem/bike.md index 841993739c..87afd4406b 100644 --- a/docs/algorithms/kem/bike.md +++ b/docs/algorithms/kem/bike.md @@ -13,11 +13,11 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 | -| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 | -| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| BIKE-L1 | NA | IND-CPA | 1 | 1541 | 5223 | 1573 | 32 | NA | +| BIKE-L3 | NA | IND-CPA | 3 | 3083 | 10105 | 3115 | 32 | NA | +| BIKE-L5 | NA | IND-CPA | 5 | 5122 | 16494 | 5154 | 32 | NA | ## BIKE-L1 implementation characteristics diff --git a/docs/algorithms/kem/classic_mceliece.md b/docs/algorithms/kem/classic_mceliece.md index 7bc74028cd..c552be002e 100644 --- a/docs/algorithms/kem/classic_mceliece.md +++ b/docs/algorithms/kem/classic_mceliece.md @@ -18,18 +18,18 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | -| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | -| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | -| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | -| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | -| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | -| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | -| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | -| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | -| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| Classic-McEliece-348864 | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA | +| Classic-McEliece-348864f | NA | IND-CCA2 | 1 | 261120 | 6492 | 96 | 32 | NA | +| Classic-McEliece-460896 | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA | +| Classic-McEliece-460896f | NA | IND-CCA2 | 3 | 524160 | 13608 | 156 | 32 | NA | +| Classic-McEliece-6688128 | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA | +| Classic-McEliece-6688128f | NA | IND-CCA2 | 5 | 1044992 | 13932 | 208 | 32 | NA | +| Classic-McEliece-6960119 | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA | +| Classic-McEliece-6960119f | NA | IND-CCA2 | 5 | 1047319 | 13948 | 194 | 32 | NA | +| Classic-McEliece-8192128 | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA | +| Classic-McEliece-8192128f | NA | IND-CCA2 | 5 | 1357824 | 14120 | 208 | 32 | NA | ## Classic-McEliece-348864 implementation characteristics diff --git a/docs/algorithms/kem/frodokem.md b/docs/algorithms/kem/frodokem.md index 07f216a5a5..22860dc17f 100644 --- a/docs/algorithms/kem/frodokem.md +++ b/docs/algorithms/kem/frodokem.md @@ -12,14 +12,14 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | -| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | -| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | -| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | -| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | -| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | +| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | +| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | +| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | +| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | +| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | ## FrodoKEM-640-AES implementation characteristics diff --git a/docs/algorithms/kem/hqc.md b/docs/algorithms/kem/hqc.md index 585055a9a4..7ba7b0b77e 100644 --- a/docs/algorithms/kem/hqc.md +++ b/docs/algorithms/kem/hqc.md @@ -14,11 +14,11 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | -| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | -| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | NA | +| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | NA | +| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | NA | ## HQC-128 implementation characteristics diff --git a/docs/algorithms/kem/kyber.md b/docs/algorithms/kem/kyber.md index 8e59251ca6..3f9e31b64b 100644 --- a/docs/algorithms/kem/kyber.md +++ b/docs/algorithms/kem/kyber.md @@ -21,11 +21,11 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | -| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | -| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| Kyber512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | NA | +| Kyber768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | NA | +| Kyber1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | NA | ## Kyber512 implementation characteristics diff --git a/docs/algorithms/kem/ml_kem.md b/docs/algorithms/kem/ml_kem.md index 88c8277670..79df56ec90 100644 --- a/docs/algorithms/kem/ml_kem.md +++ b/docs/algorithms/kem/ml_kem.md @@ -17,11 +17,11 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | -| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | -| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| ML-KEM-512 | NA | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 | NA | +| ML-KEM-768 | NA | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 | NA | +| ML-KEM-1024 | NA | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 | NA | ## ML-KEM-512 implementation characteristics diff --git a/docs/algorithms/kem/ml_kem.yml b/docs/algorithms/kem/ml_kem.yml index e5d0dc82f5..933dbbef53 100644 --- a/docs/algorithms/kem/ml_kem.yml +++ b/docs/algorithms/kem/ml_kem.yml @@ -32,6 +32,7 @@ parameter-sets: length-ciphertext: 768 length-secret-key: 1632 length-shared-secret: 32 + length-keypair-seed: 64 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream @@ -87,6 +88,7 @@ parameter-sets: length-ciphertext: 1088 length-secret-key: 2400 length-shared-secret: 32 + length-keypair-seed: 64 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream @@ -142,6 +144,7 @@ parameter-sets: length-ciphertext: 1568 length-secret-key: 3168 length-shared-secret: 32 + length-keypair-seed: 64 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream diff --git a/docs/algorithms/kem/ntruprime.md b/docs/algorithms/kem/ntruprime.md index 5ff56716ff..e0d6056f0c 100644 --- a/docs/algorithms/kem/ntruprime.md +++ b/docs/algorithms/kem/ntruprime.md @@ -14,9 +14,9 @@ ## Parameter set summary -| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | -|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:| -| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 | +| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair coins (bytes) | +|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:------------------------| +| sntrup761 | NA | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 | NA | ## sntrup761 implementation characteristics diff --git a/scripts/copy_from_upstream/copy_from_upstream.py b/scripts/copy_from_upstream/copy_from_upstream.py index 4f69380ba6..508100ae44 100755 --- a/scripts/copy_from_upstream/copy_from_upstream.py +++ b/scripts/copy_from_upstream/copy_from_upstream.py @@ -200,6 +200,8 @@ def load_instructions(file='copy_from_upstream.yml'): scheme['upstream_location'] = family['upstream_location'] if (not 'arch_specific_upstream_locations' in scheme) and 'arch_specific_upstream_locations' in family: scheme['arch_specific_upstream_locations'] = family['arch_specific_upstream_locations'] + if (not 'derandomized_keypair' in scheme) and 'derandomized_keypair' in family: + scheme['derandomized_keypair'] = family['derandomized_keypair'] if not 'git_commit' in scheme: scheme['git_commit'] = upstreams[scheme['upstream_location']]['git_commit'] if not 'git_branch' in scheme: diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml index ac1fddc323..c9115bf6e4 100644 --- a/scripts/copy_from_upstream/copy_from_upstream.yml +++ b/scripts/copy_from_upstream/copy_from_upstream.yml @@ -37,7 +37,7 @@ upstreams: git_commit: 3f1b9fc214a3c3f18e88b144f68814ea7ae88625 kem_meta_path: 'integration/liboqs/{pretty_name_full}_META.yml' kem_scheme_path: '.' - patches: [mlkem-native-ml_kem.patch] + patches: [mlkem-native-ml_kem.patch, mlkem-native-ml_kem_derand.patch] preserve_folder_structure: True - name: cupqc @@ -180,6 +180,7 @@ kems: arch_specific_upstream_locations: cuda: cupqc upstream_location: mlkem-native + derandomized_keypair: true schemes: - scheme: "512" diff --git a/scripts/copy_from_upstream/patches/mlkem-native-ml_kem_derand.patch b/scripts/copy_from_upstream/patches/mlkem-native-ml_kem_derand.patch new file mode 100644 index 0000000000..d46b62e484 --- /dev/null +++ b/scripts/copy_from_upstream/patches/mlkem-native-ml_kem_derand.patch @@ -0,0 +1,140 @@ +7c5d267743637704a729178de21cd6f53188a707 +diff --git a/META.yml b/META.yml +index 3a11c07..a6ac7fa 100644 +--- a/META.yml ++++ b/META.yml +@@ -10,6 +10,8 @@ implementations: + length-ciphertext: 768 + length-secret-key: 1632 + length-shared-secret: 32 ++ length-keypair-coins: 64 ++ length-encaps-coins: 32 + kat-sha256: cc398096eee868ea6164b5f51e9a751da65d8ed44e636b09573ed57bc50ac4ed + nistkat-sha256: a30184edee53b3b009356e1e31d7f9e93ce82550e3c622d7192e387b0cc84f2e + nistkat-shake256-256: 8517b4bed03f8f97f464ccbebbb395e887530d3426f171d77dd3b3a0e5add7ce +@@ -20,6 +22,8 @@ implementations: + length-ciphertext: 1088 + length-secret-key: 2400 + length-shared-secret: 32 ++ length-keypair-coins: 64 ++ length-encaps-coins: 32 + kat-sha256: b328a57e85808d78766d994f17c9d85a2e554b80a6a16fb8c099534353350551 + nistkat-sha256: 729367b590637f4a93c68d5e4a4d2e2b4454842a52c9eec503e3a0d24cb66471 + nistkat-shake256-256: 1383531be7867e0eab6c914472abfaed2f3846e518e401195880f8d25239c93e +@@ -30,6 +34,8 @@ implementations: + length-ciphertext: 1568 + length-secret-key: 3168 + length-shared-secret: 32 ++ length-keypair-coins: 64 ++ length-encaps-coins: 32 + kat-sha256: 8854d2ee93e01d07dd91807fb033194f08decde49fffc5a56e38fc41f984330f + nistkat-sha256: 3fba7327d0320cb6134badf2a1bcb963a5b3c0026c7dece8f00d6a6155e47b33 + nistkat-shake256-256: 2c567fe56c8a1f60b7757d7c5367ec57d9b41e7cae3f157fd24616f3ce952f17 +diff --git a/integration/liboqs/ML-KEM-1024_META.yml b/integration/liboqs/ML-KEM-1024_META.yml +index 0a06a7a..a99ddaf 100644 +--- a/integration/liboqs/ML-KEM-1024_META.yml ++++ b/integration/liboqs/ML-KEM-1024_META.yml +@@ -8,6 +8,7 @@ length-public-key: 1568 + length-ciphertext: 1568 + length-secret-key: 3168 + length-shared-secret: 32 ++length-keypair-coins: 64 + nistkat-sha256: f580d851e5fb27e6876e5e203fa18be4cdbfd49e05d48fec3d3992c8f43a13e6 + testvectors-sha256: ff1a854b9b6761a70c65ccae85246fe0596a949e72eae0866a8a2a2d4ea54b10 + principal-submitters: +@@ -27,6 +28,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=4 -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM1024_C ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM1024_C_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM1024_C_dec +@@ -35,6 +37,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=4 -DFORCE_X86_64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=X86_64_DEFAULT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_dec +@@ -52,6 +55,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=4 -DFORCE_AARCH64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=AARCH64_OPT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_dec +diff --git a/integration/liboqs/ML-KEM-512_META.yml b/integration/liboqs/ML-KEM-512_META.yml +index 78c82e8..e808cc3 100644 +--- a/integration/liboqs/ML-KEM-512_META.yml ++++ b/integration/liboqs/ML-KEM-512_META.yml +@@ -8,6 +8,7 @@ length-public-key: 800 + length-ciphertext: 768 + length-secret-key: 1632 + length-shared-secret: 32 ++length-keypair-coins: 64 + nistkat-sha256: c70041a761e01cd6426fa60e9fd6a4412c2be817386c8d0f3334898082512782 + testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85 + principal-submitters: +@@ -27,6 +28,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=2 -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM512_C ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM512_C_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM512_C_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM512_C_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM512_C_dec +@@ -35,6 +37,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=2 -DFORCE_X86_64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=X86_64_DEFAULT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_dec +@@ -52,6 +55,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=2 -DFORCE_AARCH64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=AARCH64_OPT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_dec +diff --git a/integration/liboqs/ML-KEM-768_META.yml b/integration/liboqs/ML-KEM-768_META.yml +index 829f101..a5025ad 100644 +--- a/integration/liboqs/ML-KEM-768_META.yml ++++ b/integration/liboqs/ML-KEM-768_META.yml +@@ -8,6 +8,7 @@ length-public-key: 1184 + length-ciphertext: 1088 + length-secret-key: 2400 + length-shared-secret: 32 ++length-keypair-coins: 64 + nistkat-sha256: 5352539586b6c3df58be6158a6250aeff402bd73060b0a3de68850ac074c17c3 + testvectors-sha256: 667c8ca2ca93729c0df6ff24588460bad1bbdbfb64ece0fe8563852a7ff348c6 + principal-submitters: +@@ -27,6 +28,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=3 -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM768_C ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM768_C_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM768_C_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM768_C_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM768_C_dec +@@ -35,6 +37,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=3 -DFORCE_X86_64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=X86_64_DEFAULT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_dec +@@ -52,6 +55,7 @@ implementations: + version: FIPS203 + folder_name: mlkem + compile_opts: -DMLKEM_K=3 -DFORCE_AARCH64 -DMLKEM_NATIVE_ARITH_BACKEND_NAME=AARCH64_OPT -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NAMESPACE_PREFIX=PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT ++ signature_keypair_derand: PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_keypair_derand + signature_keypair: PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_keypair + signature_enc: PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_enc + signature_dec: PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_dec diff --git a/scripts/copy_from_upstream/src/kem/family/kem_family.h b/scripts/copy_from_upstream/src/kem/family/kem_family.h index caa7cd7471..8d709c5db9 100644 --- a/scripts/copy_from_upstream/src/kem/family/kem_family.h +++ b/scripts/copy_from_upstream/src/kem/family/kem_family.h @@ -11,7 +11,13 @@ #define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_secret_key {{ scheme['metadata']['length-secret-key'] }} #define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext {{ scheme['metadata']['length-ciphertext'] }} #define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret {{ scheme['metadata']['length-shared-secret'] }} +{%- if scheme['metadata']['length-keypair-coins'] is defined %} +#define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_keypair_coins {{ scheme['metadata']['length-keypair-coins'] }} +{%- else %} +#define OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_keypair_coins 0 +{%- endif %} OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void); +OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -20,7 +26,9 @@ OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps(uint8_t *s #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_secret_key OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_secret_key #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_ciphertext OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_shared_secret OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret +#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_keypair_coins OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_keypair_coins OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void); +#define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair_derand OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps #define OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_decaps OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps diff --git a/scripts/copy_from_upstream/src/kem/family/kem_scheme.c b/scripts/copy_from_upstream/src/kem/family/kem_scheme.c index 630aee1389..4b0ba982ee 100644 --- a/scripts/copy_from_upstream/src/kem/family/kem_scheme.c +++ b/scripts/copy_from_upstream/src/kem/family/kem_scheme.c @@ -25,7 +25,9 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void) { kem->length_secret_key = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_secret_key; kem->length_ciphertext = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_ciphertext; kem->length_shared_secret = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_length_keypair_coins; + kem->keypair_derand = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand; kem->keypair = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair; kem->encaps = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_encaps; kem->decaps = OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_decaps; @@ -56,7 +58,9 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) { kem->length_secret_key = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_secret_key; kem->length_ciphertext = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_ciphertext; kem->length_shared_secret = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_length_keypair_coins; + kem->keypair_derand = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair_derand; kem->keypair = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_keypair; kem->encaps = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_encaps; kem->decaps = OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_decaps; @@ -68,6 +72,11 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) { {%- for impl in scheme['metadata']['implementations'] if impl['name'] == scheme['default_implementation'] %} + {%- if impl['signature_keypair_derand'] %} + {%- set cleankeypairderand = scheme['metadata'].update({'default_keypair_derand_signature': impl['signature_keypair_derand']}) %} +extern int {{ scheme['metadata']['default_keypair_derand_signature'] }}(uint8_t *pk, uint8_t *sk, const uint8_t *coins); + {%- endif %} + {%- if impl['signature_keypair'] %} {%- set cleankeypair = scheme['metadata'].update({'default_keypair_signature': impl['signature_keypair']}) -%} {%- else %} @@ -97,6 +106,10 @@ extern int {{ scheme['metadata']['default_dec_signature'] }}(uint8_t *ss, const #if defined(OQS_USE_CUPQC) {%- endif %} #if defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- if impl['signature_keypair_derand'] %} +extern int {{ impl['signature_keypair_derand'] }}(uint8_t *pk, uint8_t *sk, const uint8_t *coins); + {%- endif %} + {%- if impl['signature_keypair'] %} extern int {{ impl['signature_keypair'] }}(uint8_t *pk, uint8_t *sk); {%- else %} @@ -133,6 +146,47 @@ extern int libjade_{{ scheme['pqclean_scheme_c'] }}_{{ impl['name'] }}_dec(uint8 {% endfor -%} {% endif %} +OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { +{%- if scheme['derandomized_keypair'] %} + {%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %} + {%- if loop.first %} +#if defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- else %} +#elif defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + if ({%- for flag in impl['required_flags'] -%}OQS_CPU_has_extension(OQS_CPU_EXT_{{ flag|upper }}){%- if not loop.last %} && {% endif -%}{%- endfor -%}) { +#endif /* OQS_DIST_BUILD */ + {%- endif -%} + {%- if impl['signature_keypair_derand'] %} + {% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) {{ impl['signature_keypair_derand'] }}(public_key, secret_key, coins); + {%- else %} + {% if 'required_flags' in impl and impl['required_flags'] %} {% endif -%}return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_kem_keypair_derand(public_key, secret_key, coins); + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) {{ scheme['metadata']['default_keypair_derand_signature'] }}(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ + {%- endif -%} + {%- endfor %} + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#else + {%- endif %} + return (OQS_STATUS) {{ scheme['metadata']['default_keypair_derand_signature'] }}(public_key, secret_key, coins); + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#endif + {%- endif %} + {%- else %} + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; + {%- endif %} +} + OQS_API OQS_STATUS OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *public_key, uint8_t *secret_key) { {%- if libjade_implementation is defined and scheme['libjade_implementation'] %} #if defined(OQS_LIBJADE_BUILD) && (defined(OQS_ENABLE_LIBJADE_KEM_{{ family }}_{{ scheme['scheme'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_LIBJADE_KEM_{{ family }}_{{ scheme['alias_scheme'] }}){%- endif %}) diff --git a/scripts/copy_from_upstream/update_upstream_alg_docs.py b/scripts/copy_from_upstream/update_upstream_alg_docs.py index ba765b84c1..b6bf646aa1 100755 --- a/scripts/copy_from_upstream/update_upstream_alg_docs.py +++ b/scripts/copy_from_upstream/update_upstream_alg_docs.py @@ -165,6 +165,9 @@ def update_upstream_kem_alg_docs(liboqs_root, kems, upstream_info, write_changes oqs_scheme_yaml['length-secret-key'] = rhs_if_not_equal(oqs_scheme_yaml['length-secret-key'], upstream_yaml['length-secret-key'], "legnth-secret-key") oqs_scheme_yaml['length-shared-secret'] = rhs_if_not_equal(oqs_scheme_yaml['length-shared-secret'], upstream_yaml['length-shared-secret'], "length-shared-secret") + if "length-keypair-coins" in oqs_scheme_yaml: + oqs_scheme_yaml['length-keypair-coins'] = rhs_if_not_equal(oqs_scheme_yaml['length-keypair-coins'], upstream_yaml['length-keypair-coins'], "length-keypair-coins") + _upstream_yaml = upstream_yaml for impl_index, impl in enumerate(oqs_scheme_yaml['implementations']): if impl['upstream'] != 'libjade': diff --git a/scripts/update_docs_from_yaml.py b/scripts/update_docs_from_yaml.py index 2c642332a7..b8cea49656 100644 --- a/scripts/update_docs_from_yaml.py +++ b/scripts/update_docs_from_yaml.py @@ -75,7 +75,8 @@ def do_it(liboqs_root): 'Public key size (bytes)', 'Secret key size (bytes)', 'Ciphertext size (bytes)', - 'Shared secret size (bytes)']] + 'Shared secret size (bytes)', + 'Keypair coins (bytes)']] for parameter_set in kem_yaml['parameter-sets']: table.append([parameter_set['name'], parameter_set['alias'] if 'alias' in parameter_set else "NA", @@ -84,7 +85,8 @@ def do_it(liboqs_root): parameter_set['length-public-key'], parameter_set['length-secret-key'], parameter_set['length-ciphertext'], - parameter_set['length-shared-secret']]) + parameter_set['length-shared-secret'], + parameter_set['length-keypair-coins'] if 'length-keypair-coins' in parameter_set else "NA"]) out_md.write(tabulate.tabulate(table, tablefmt="pipe", headers="firstrow", colalign=("center",))) out_md.write('\n') diff --git a/src/kem/bike/additional_r4/kem.c b/src/kem/bike/additional_r4/kem.c index 1b5e810804..178f54e94a 100644 --- a/src/kem/bike/additional_r4/kem.c +++ b/src/kem/bike/additional_r4/kem.c @@ -270,3 +270,13 @@ OQS_API int decaps(OUT unsigned char * ss, return SUCCESS; } + +OQS_API int keypair_derand(OUT unsigned char * pk, + OUT unsigned char * sk, + IN const unsigned char *coins) +{ + (void)pk; + (void)sk; + (void)coins; + return OQS_ERROR; +} diff --git a/src/kem/bike/functions_renaming.h b/src/kem/bike/functions_renaming.h index 20c1d4a66a..d193349f4b 100644 --- a/src/kem/bike/functions_renaming.h +++ b/src/kem/bike/functions_renaming.h @@ -44,6 +44,7 @@ #define RENAME_FUNC_NAME(fname) EVALUATOR(FUNC_PREFIX, fname) #define keypair RENAME_FUNC_NAME(keypair) +#define keypair_derand RENAME_FUNC_NAME(keypair_derand) #define decaps RENAME_FUNC_NAME(decaps) #define encaps RENAME_FUNC_NAME(encaps) diff --git a/src/kem/bike/kem_bike.c b/src/kem/bike/kem_bike.c index 52c4f3d049..ebea2563d2 100644 --- a/src/kem/bike/kem_bike.c +++ b/src/kem/bike/kem_bike.c @@ -20,7 +20,9 @@ OQS_KEM *OQS_KEM_bike_l1_new(void) { kem->length_secret_key = OQS_KEM_bike_l1_length_secret_key; kem->length_ciphertext = OQS_KEM_bike_l1_length_ciphertext; kem->length_shared_secret = OQS_KEM_bike_l1_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_bike_l1_length_keypair_coins; + kem->keypair_derand = OQS_KEM_bike_l1_keypair_derand; kem->keypair = OQS_KEM_bike_l1_keypair; kem->encaps = OQS_KEM_bike_l1_encaps; kem->decaps = OQS_KEM_bike_l1_decaps; @@ -45,7 +47,9 @@ OQS_KEM *OQS_KEM_bike_l3_new(void) { kem->length_secret_key = OQS_KEM_bike_l3_length_secret_key; kem->length_ciphertext = OQS_KEM_bike_l3_length_ciphertext; kem->length_shared_secret = OQS_KEM_bike_l3_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_bike_l3_length_keypair_coins; + kem->keypair_derand = OQS_KEM_bike_l3_keypair_derand; kem->keypair = OQS_KEM_bike_l3_keypair; kem->encaps = OQS_KEM_bike_l3_encaps; kem->decaps = OQS_KEM_bike_l3_decaps; @@ -70,7 +74,9 @@ OQS_KEM *OQS_KEM_bike_l5_new(void) { kem->length_secret_key = OQS_KEM_bike_l5_length_secret_key; kem->length_ciphertext = OQS_KEM_bike_l5_length_ciphertext; kem->length_shared_secret = OQS_KEM_bike_l5_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_bike_l5_length_keypair_coins; + kem->keypair_derand = OQS_KEM_bike_l5_keypair_derand; kem->keypair = OQS_KEM_bike_l5_keypair; kem->encaps = OQS_KEM_bike_l5_encaps; kem->decaps = OQS_KEM_bike_l5_decaps; diff --git a/src/kem/bike/kem_bike.h b/src/kem/bike/kem_bike.h index a85d950ed0..4935ed938b 100644 --- a/src/kem/bike/kem_bike.h +++ b/src/kem/bike/kem_bike.h @@ -11,7 +11,9 @@ #define OQS_KEM_bike_l1_length_public_key 1541 #define OQS_KEM_bike_l1_length_ciphertext 1573 #define OQS_KEM_bike_l1_length_shared_secret 32 +#define OQS_KEM_bike_l1_length_keypair_coins 0 OQS_KEM *OQS_KEM_bike_l1_new(void); +OQS_API OQS_STATUS OQS_KEM_bike_l1_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_bike_l1_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_bike_l1_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_bike_l1_decaps(uint8_t *shared_secret, const unsigned char *ciphertext, const uint8_t *secret_key); @@ -22,7 +24,9 @@ OQS_API OQS_STATUS OQS_KEM_bike_l1_decaps(uint8_t *shared_secret, const unsigned #define OQS_KEM_bike_l3_length_public_key 3083 #define OQS_KEM_bike_l3_length_ciphertext 3115 #define OQS_KEM_bike_l3_length_shared_secret 32 +#define OQS_KEM_bike_l3_length_keypair_coins 0 OQS_KEM *OQS_KEM_bike_l3_new(void); +OQS_API OQS_STATUS OQS_KEM_bike_l3_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_bike_l3_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_bike_l3_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_bike_l3_decaps(uint8_t *shared_secret, const unsigned char *ciphertext, const uint8_t *secret_key); @@ -33,7 +37,9 @@ OQS_API OQS_STATUS OQS_KEM_bike_l3_decaps(uint8_t *shared_secret, const unsigned #define OQS_KEM_bike_l5_length_public_key 5122 #define OQS_KEM_bike_l5_length_ciphertext 5154 #define OQS_KEM_bike_l5_length_shared_secret 32 +#define OQS_KEM_bike_l5_length_keypair_coins 0 OQS_KEM *OQS_KEM_bike_l5_new(void); +OQS_API OQS_STATUS OQS_KEM_bike_l5_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_bike_l5_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_bike_l5_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_bike_l5_decaps(uint8_t *shared_secret, const unsigned char *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/classic_mceliece/kem_classic_mceliece.h b/src/kem/classic_mceliece/kem_classic_mceliece.h index 2bbd969820..6862fea5c1 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece.h +++ b/src/kem/classic_mceliece/kem_classic_mceliece.h @@ -10,7 +10,9 @@ #define OQS_KEM_classic_mceliece_348864_length_secret_key 6492 #define OQS_KEM_classic_mceliece_348864_length_ciphertext 96 #define OQS_KEM_classic_mceliece_348864_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_348864_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_348864_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_decaps(uint8_t *shared_secret #define OQS_KEM_classic_mceliece_348864f_length_secret_key 6492 #define OQS_KEM_classic_mceliece_348864f_length_ciphertext 96 #define OQS_KEM_classic_mceliece_348864f_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_348864f_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_348864f_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -32,7 +36,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_decaps(uint8_t *shared_secre #define OQS_KEM_classic_mceliece_460896_length_secret_key 13608 #define OQS_KEM_classic_mceliece_460896_length_ciphertext 156 #define OQS_KEM_classic_mceliece_460896_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_460896_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_460896_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -43,7 +49,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_decaps(uint8_t *shared_secret #define OQS_KEM_classic_mceliece_460896f_length_secret_key 13608 #define OQS_KEM_classic_mceliece_460896f_length_ciphertext 156 #define OQS_KEM_classic_mceliece_460896f_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_460896f_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_460896f_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -54,7 +62,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_decaps(uint8_t *shared_secre #define OQS_KEM_classic_mceliece_6688128_length_secret_key 13932 #define OQS_KEM_classic_mceliece_6688128_length_ciphertext 208 #define OQS_KEM_classic_mceliece_6688128_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_6688128_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_6688128_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -65,7 +75,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_decaps(uint8_t *shared_secre #define OQS_KEM_classic_mceliece_6688128f_length_secret_key 13932 #define OQS_KEM_classic_mceliece_6688128f_length_ciphertext 208 #define OQS_KEM_classic_mceliece_6688128f_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_6688128f_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_6688128f_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -76,7 +88,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_decaps(uint8_t *shared_secr #define OQS_KEM_classic_mceliece_6960119_length_secret_key 13948 #define OQS_KEM_classic_mceliece_6960119_length_ciphertext 194 #define OQS_KEM_classic_mceliece_6960119_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_6960119_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_6960119_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -87,7 +101,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_decaps(uint8_t *shared_secre #define OQS_KEM_classic_mceliece_6960119f_length_secret_key 13948 #define OQS_KEM_classic_mceliece_6960119f_length_ciphertext 194 #define OQS_KEM_classic_mceliece_6960119f_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_6960119f_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_6960119f_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -98,7 +114,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_decaps(uint8_t *shared_secr #define OQS_KEM_classic_mceliece_8192128_length_secret_key 14120 #define OQS_KEM_classic_mceliece_8192128_length_ciphertext 208 #define OQS_KEM_classic_mceliece_8192128_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_8192128_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_8192128_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -109,7 +127,9 @@ OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_decaps(uint8_t *shared_secre #define OQS_KEM_classic_mceliece_8192128f_length_secret_key 14120 #define OQS_KEM_classic_mceliece_8192128f_length_ciphertext 208 #define OQS_KEM_classic_mceliece_8192128f_length_shared_secret 32 +#define OQS_KEM_classic_mceliece_8192128f_length_keypair_coins 0 OQS_KEM *OQS_KEM_classic_mceliece_8192128f_new(void); +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_348864.c b/src/kem/classic_mceliece/kem_classic_mceliece_348864.c index b935b8c6ff..3680027509 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_348864.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_348864.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_348864_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_348864_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_348864_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_348864_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_348864_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_348864_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_348864_keypair; kem->encaps = OQS_KEM_classic_mceliece_348864_encaps; kem->decaps = OQS_KEM_classic_mceliece_348864_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE348864_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE348864_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_348864_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_348864f.c b/src/kem/classic_mceliece/kem_classic_mceliece_348864f.c index e54ad855cf..f1ee272a3f 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_348864f.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_348864f.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_348864f_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_348864f_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_348864f_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_348864f_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_348864f_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_348864f_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_348864f_keypair; kem->encaps = OQS_KEM_classic_mceliece_348864f_encaps; kem->decaps = OQS_KEM_classic_mceliece_348864f_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE348864F_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE348864F_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_348864f_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_348864f_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_460896.c b/src/kem/classic_mceliece/kem_classic_mceliece_460896.c index 458d8a95c7..ac81b0b8db 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_460896.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_460896.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_460896_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_460896_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_460896_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_460896_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_460896_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_460896_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_460896_keypair; kem->encaps = OQS_KEM_classic_mceliece_460896_encaps; kem->decaps = OQS_KEM_classic_mceliece_460896_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE460896_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE460896_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_460896_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_460896f.c b/src/kem/classic_mceliece/kem_classic_mceliece_460896f.c index f1cbc1ee88..3a4090e5df 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_460896f.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_460896f.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_460896f_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_460896f_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_460896f_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_460896f_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_460896f_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_460896f_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_460896f_keypair; kem->encaps = OQS_KEM_classic_mceliece_460896f_encaps; kem->decaps = OQS_KEM_classic_mceliece_460896f_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE460896F_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE460896F_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_460896f_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_460896f_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_6688128.c b/src/kem/classic_mceliece/kem_classic_mceliece_6688128.c index 9b302f1975..5eab7d5672 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_6688128.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_6688128.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_6688128_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_6688128_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_6688128_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_6688128_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_6688128_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_6688128_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_6688128_keypair; kem->encaps = OQS_KEM_classic_mceliece_6688128_encaps; kem->decaps = OQS_KEM_classic_mceliece_6688128_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE6688128_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE6688128_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_6688128_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_6688128f.c b/src/kem/classic_mceliece/kem_classic_mceliece_6688128f.c index 2ccf2e2f79..99512e9b3b 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_6688128f.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_6688128f.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_6688128f_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_6688128f_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_6688128f_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_6688128f_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_6688128f_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_6688128f_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_6688128f_keypair; kem->encaps = OQS_KEM_classic_mceliece_6688128f_encaps; kem->decaps = OQS_KEM_classic_mceliece_6688128f_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE6688128F_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss extern int PQCLEAN_MCELIECE6688128F_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6688128f_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_6688128f_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_6960119.c b/src/kem/classic_mceliece/kem_classic_mceliece_6960119.c index 31ebbe0532..7d8e46746d 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_6960119.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_6960119.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_6960119_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_6960119_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_6960119_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_6960119_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_6960119_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_6960119_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_6960119_keypair; kem->encaps = OQS_KEM_classic_mceliece_6960119_encaps; kem->decaps = OQS_KEM_classic_mceliece_6960119_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE6960119_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_6960119_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_6960119f.c b/src/kem/classic_mceliece/kem_classic_mceliece_6960119f.c index 45f2e624e4..9f74290ee6 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_6960119f.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_6960119f.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_6960119f_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_6960119f_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_6960119f_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_6960119f_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_6960119f_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_6960119f_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_6960119f_keypair; kem->encaps = OQS_KEM_classic_mceliece_6960119f_encaps; kem->decaps = OQS_KEM_classic_mceliece_6960119f_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE6960119F_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss extern int PQCLEAN_MCELIECE6960119F_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_6960119f_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_6960119f_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_8192128.c b/src/kem/classic_mceliece/kem_classic_mceliece_8192128.c index df39ea18d6..e3dcb9203c 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_8192128.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_8192128.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_8192128_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_8192128_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_8192128_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_8192128_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_8192128_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_8192128_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_8192128_keypair; kem->encaps = OQS_KEM_classic_mceliece_8192128_encaps; kem->decaps = OQS_KEM_classic_mceliece_8192128_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, extern int PQCLEAN_MCELIECE8192128_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_8192128_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/classic_mceliece/kem_classic_mceliece_8192128f.c b/src/kem/classic_mceliece/kem_classic_mceliece_8192128f.c index c1253440ce..90edd36b77 100644 --- a/src/kem/classic_mceliece/kem_classic_mceliece_8192128f.c +++ b/src/kem/classic_mceliece/kem_classic_mceliece_8192128f.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_classic_mceliece_8192128f_new(void) { kem->length_secret_key = OQS_KEM_classic_mceliece_8192128f_length_secret_key; kem->length_ciphertext = OQS_KEM_classic_mceliece_8192128f_length_ciphertext; kem->length_shared_secret = OQS_KEM_classic_mceliece_8192128f_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_classic_mceliece_8192128f_length_keypair_coins; + kem->keypair_derand = OQS_KEM_classic_mceliece_8192128f_keypair_derand; kem->keypair = OQS_KEM_classic_mceliece_8192128f_keypair; kem->encaps = OQS_KEM_classic_mceliece_8192128f_encaps; kem->decaps = OQS_KEM_classic_mceliece_8192128f_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_MCELIECE8192128F_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss extern int PQCLEAN_MCELIECE8192128F_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_classic_mceliece_8192128f_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_classic_mceliece_8192128f_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/frodokem/external/frodo1344aes_params.h b/src/kem/frodokem/external/frodo1344aes_params.h index 33ec73d897..a8a778a123 100644 --- a/src/kem/frodokem/external/frodo1344aes_params.h +++ b/src/kem/frodokem/external/frodo1344aes_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_1344_aes_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_1344_aes_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_1344_aes_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_1344_aes_length_keypair_coins // Parameters for "FrodoKEM-1344" #define PARAMS_N 1344 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake256 #define USE_AES128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_1344_aes_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_1344_aes_keypair #define crypto_kem_enc OQS_KEM_frodokem_1344_aes_encaps #define crypto_kem_dec OQS_KEM_frodokem_1344_aes_decaps diff --git a/src/kem/frodokem/external/frodo1344shake_params.h b/src/kem/frodokem/external/frodo1344shake_params.h index a65bb45c38..5c5576d15b 100644 --- a/src/kem/frodokem/external/frodo1344shake_params.h +++ b/src/kem/frodokem/external/frodo1344shake_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_1344_shake_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_1344_shake_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_1344_shake_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_1344_shake_length_keypair_coins // Parameters for "FrodoKEM-1344" #define PARAMS_N 1344 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake256 #define USE_SHAKE128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_1344_shake_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_1344_shake_keypair #define crypto_kem_enc OQS_KEM_frodokem_1344_shake_encaps #define crypto_kem_dec OQS_KEM_frodokem_1344_shake_decaps diff --git a/src/kem/frodokem/external/frodo640aes_params.h b/src/kem/frodokem/external/frodo640aes_params.h index 0883ef1f98..05afb636e2 100644 --- a/src/kem/frodokem/external/frodo640aes_params.h +++ b/src/kem/frodokem/external/frodo640aes_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_640_aes_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_640_aes_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_640_aes_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_640_aes_length_keypair_coins // Parameters for "FrodoKEM-640" #define PARAMS_N 640 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake128 #define USE_AES128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_640_aes_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_640_aes_keypair #define crypto_kem_enc OQS_KEM_frodokem_640_aes_encaps #define crypto_kem_dec OQS_KEM_frodokem_640_aes_decaps diff --git a/src/kem/frodokem/external/frodo640shake_params.h b/src/kem/frodokem/external/frodo640shake_params.h index 0fb179d072..1312c18a15 100644 --- a/src/kem/frodokem/external/frodo640shake_params.h +++ b/src/kem/frodokem/external/frodo640shake_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_640_shake_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_640_shake_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_640_shake_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_640_shake_length_keypair_coins // Parameters for "FrodoKEM-640" #define PARAMS_N 640 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake128 #define USE_SHAKE128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_640_shake_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_640_shake_keypair #define crypto_kem_enc OQS_KEM_frodokem_640_shake_encaps #define crypto_kem_dec OQS_KEM_frodokem_640_shake_decaps diff --git a/src/kem/frodokem/external/frodo976aes_params.h b/src/kem/frodokem/external/frodo976aes_params.h index f7e2ff4990..5ff67726d0 100644 --- a/src/kem/frodokem/external/frodo976aes_params.h +++ b/src/kem/frodokem/external/frodo976aes_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_976_aes_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_976_aes_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_976_aes_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_976_aes_length_keypair_coins // Parameters for "FrodoKEM-976" #define PARAMS_N 976 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake256 #define USE_AES128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_976_aes_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_976_aes_keypair #define crypto_kem_enc OQS_KEM_frodokem_976_aes_encaps #define crypto_kem_dec OQS_KEM_frodokem_976_aes_decaps diff --git a/src/kem/frodokem/external/frodo976shake_params.h b/src/kem/frodokem/external/frodo976shake_params.h index 6f76dc0508..454f130f59 100644 --- a/src/kem/frodokem/external/frodo976shake_params.h +++ b/src/kem/frodokem/external/frodo976shake_params.h @@ -4,6 +4,7 @@ #define CRYPTO_SECRETKEYBYTES OQS_KEM_frodokem_976_shake_length_secret_key #define CRYPTO_CIPHERTEXTBYTES OQS_KEM_frodokem_976_shake_length_ciphertext #define CRYPTO_BYTES OQS_KEM_frodokem_976_shake_length_shared_secret +#define CRYPTO_KEYPAIRCOINBYTES OQS_KEM_frodokem_976_shake_length_keypair_coins // Parameters for "FrodoKEM-976" #define PARAMS_N 976 @@ -27,6 +28,7 @@ #define shake OQS_SHA3_shake256 #define USE_SHAKE128_FOR_A +#define crypto_kem_keypair_derand OQS_KEM_frodokem_976_shake_keypair_derand #define crypto_kem_keypair OQS_KEM_frodokem_976_shake_keypair #define crypto_kem_enc OQS_KEM_frodokem_976_shake_encaps #define crypto_kem_dec OQS_KEM_frodokem_976_shake_decaps diff --git a/src/kem/frodokem/external/kem.c b/src/kem/frodokem/external/kem.c index 0cbbeb79a9..4bcce53f03 100644 --- a/src/kem/frodokem/external/kem.c +++ b/src/kem/frodokem/external/kem.c @@ -6,6 +6,15 @@ #include +OQS_STATUS crypto_kem_keypair_derand(unsigned char *pk, unsigned char *sk, const unsigned char *coins) +{ + (void)pk; + (void)sk; + (void)coins; + return OQS_ERROR; +} + + OQS_STATUS crypto_kem_keypair(unsigned char* pk, unsigned char* sk) { // FrodoKEM's key generation // Outputs: public key pk ( BYTES_SEED_A + (PARAMS_LOGQ*PARAMS_N*PARAMS_NBAR)/8 bytes) @@ -206,7 +215,7 @@ OQS_STATUS crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsi // If (Bp == BBp & C == CC) then ss = F(ct || k'), else ss = F(ct || s) // Needs to avoid branching on secret data as per: - // Qian Guo, Thomas Johansson, Alexander Nilsson. A key-recovery timing attack on post-quantum + // Qian Guo, Thomas Johansson, Alexander Nilsson. A key-recovery timing attack on post-quantum // primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. In CRYPTO 2020. int8_t selector = ct_verify(Bp, BBp, PARAMS_N*PARAMS_NBAR) | ct_verify(C, CC, PARAMS_NBAR*PARAMS_NBAR); // If (selector == 0) then load k' to do ss = F(ct || k'), else if (selector == -1) load s to do ss = F(ct || s) diff --git a/src/kem/frodokem/kem_frodokem.h b/src/kem/frodokem/kem_frodokem.h index 2967cbb201..e67bfcf7d4 100644 --- a/src/kem/frodokem/kem_frodokem.h +++ b/src/kem/frodokem/kem_frodokem.h @@ -10,7 +10,9 @@ #define OQS_KEM_frodokem_640_aes_length_secret_key 19888 #define OQS_KEM_frodokem_640_aes_length_ciphertext 9720 #define OQS_KEM_frodokem_640_aes_length_shared_secret 16 +#define OQS_KEM_frodokem_640_aes_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_640_aes_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_frodokem_640_aes_decaps(uint8_t *shared_secret, const #define OQS_KEM_frodokem_640_shake_length_secret_key 19888 #define OQS_KEM_frodokem_640_shake_length_ciphertext 9720 #define OQS_KEM_frodokem_640_shake_length_shared_secret 16 +#define OQS_KEM_frodokem_640_shake_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_640_shake_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_640_shake_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_640_shake_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_640_shake_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_640_shake_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -32,7 +36,9 @@ OQS_API OQS_STATUS OQS_KEM_frodokem_640_shake_decaps(uint8_t *shared_secret, con #define OQS_KEM_frodokem_976_aes_length_secret_key 31296 #define OQS_KEM_frodokem_976_aes_length_ciphertext 15744 #define OQS_KEM_frodokem_976_aes_length_shared_secret 24 +#define OQS_KEM_frodokem_976_aes_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_976_aes_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_976_aes_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_976_aes_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_976_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_976_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -43,7 +49,9 @@ OQS_API OQS_STATUS OQS_KEM_frodokem_976_aes_decaps(uint8_t *shared_secret, const #define OQS_KEM_frodokem_976_shake_length_secret_key 31296 #define OQS_KEM_frodokem_976_shake_length_ciphertext 15744 #define OQS_KEM_frodokem_976_shake_length_shared_secret 24 +#define OQS_KEM_frodokem_976_shake_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_976_shake_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_976_shake_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_976_shake_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_976_shake_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_976_shake_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -54,7 +62,9 @@ OQS_API OQS_STATUS OQS_KEM_frodokem_976_shake_decaps(uint8_t *shared_secret, con #define OQS_KEM_frodokem_1344_aes_length_secret_key 43088 #define OQS_KEM_frodokem_1344_aes_length_ciphertext 21632 #define OQS_KEM_frodokem_1344_aes_length_shared_secret 32 +#define OQS_KEM_frodokem_1344_aes_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_1344_aes_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_1344_aes_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_aes_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_aes_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_aes_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -65,7 +75,9 @@ OQS_API OQS_STATUS OQS_KEM_frodokem_1344_aes_decaps(uint8_t *shared_secret, cons #define OQS_KEM_frodokem_1344_shake_length_secret_key 43088 #define OQS_KEM_frodokem_1344_shake_length_ciphertext 21632 #define OQS_KEM_frodokem_1344_shake_length_shared_secret 32 +#define OQS_KEM_frodokem_1344_shake_length_keypair_coins 0 OQS_KEM *OQS_KEM_frodokem_1344_shake_new(void); +OQS_API OQS_STATUS OQS_KEM_frodokem_1344_shake_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_shake_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_shake_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_frodokem_1344_shake_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/frodokem/kem_frodokem1344aes.c b/src/kem/frodokem/kem_frodokem1344aes.c index 199db1dace..575c9e8ca3 100644 --- a/src/kem/frodokem/kem_frodokem1344aes.c +++ b/src/kem/frodokem/kem_frodokem1344aes.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_1344_aes_new(void) { kem->length_secret_key = OQS_KEM_frodokem_1344_aes_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_1344_aes_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_1344_aes_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_1344_aes_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_1344_aes_keypair_derand; kem->keypair = OQS_KEM_frodokem_1344_aes_keypair; kem->encaps = OQS_KEM_frodokem_1344_aes_encaps; kem->decaps = OQS_KEM_frodokem_1344_aes_decaps; diff --git a/src/kem/frodokem/kem_frodokem1344shake.c b/src/kem/frodokem/kem_frodokem1344shake.c index 9ab6d186b0..8aadf3ac21 100644 --- a/src/kem/frodokem/kem_frodokem1344shake.c +++ b/src/kem/frodokem/kem_frodokem1344shake.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_1344_shake_new(void) { kem->length_secret_key = OQS_KEM_frodokem_1344_shake_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_1344_shake_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_1344_shake_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_1344_shake_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_1344_shake_keypair_derand; kem->keypair = OQS_KEM_frodokem_1344_shake_keypair; kem->encaps = OQS_KEM_frodokem_1344_shake_encaps; kem->decaps = OQS_KEM_frodokem_1344_shake_decaps; diff --git a/src/kem/frodokem/kem_frodokem640aes.c b/src/kem/frodokem/kem_frodokem640aes.c index c582013065..25b32cf631 100644 --- a/src/kem/frodokem/kem_frodokem640aes.c +++ b/src/kem/frodokem/kem_frodokem640aes.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_640_aes_new(void) { kem->length_secret_key = OQS_KEM_frodokem_640_aes_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_640_aes_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_640_aes_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_640_aes_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_640_aes_keypair_derand; kem->keypair = OQS_KEM_frodokem_640_aes_keypair; kem->encaps = OQS_KEM_frodokem_640_aes_encaps; kem->decaps = OQS_KEM_frodokem_640_aes_decaps; diff --git a/src/kem/frodokem/kem_frodokem640shake.c b/src/kem/frodokem/kem_frodokem640shake.c index 1ff37c30a3..817285917f 100644 --- a/src/kem/frodokem/kem_frodokem640shake.c +++ b/src/kem/frodokem/kem_frodokem640shake.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_640_shake_new(void) { kem->length_secret_key = OQS_KEM_frodokem_640_shake_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_640_shake_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_640_shake_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_640_shake_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_640_shake_keypair_derand; kem->keypair = OQS_KEM_frodokem_640_shake_keypair; kem->encaps = OQS_KEM_frodokem_640_shake_encaps; kem->decaps = OQS_KEM_frodokem_640_shake_decaps; diff --git a/src/kem/frodokem/kem_frodokem976aes.c b/src/kem/frodokem/kem_frodokem976aes.c index fadf28373d..5a9e00d02d 100644 --- a/src/kem/frodokem/kem_frodokem976aes.c +++ b/src/kem/frodokem/kem_frodokem976aes.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_976_aes_new(void) { kem->length_secret_key = OQS_KEM_frodokem_976_aes_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_976_aes_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_976_aes_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_976_aes_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_976_aes_keypair_derand; kem->keypair = OQS_KEM_frodokem_976_aes_keypair; kem->encaps = OQS_KEM_frodokem_976_aes_encaps; kem->decaps = OQS_KEM_frodokem_976_aes_decaps; diff --git a/src/kem/frodokem/kem_frodokem976shake.c b/src/kem/frodokem/kem_frodokem976shake.c index cdc4d2964f..eb234edcb4 100644 --- a/src/kem/frodokem/kem_frodokem976shake.c +++ b/src/kem/frodokem/kem_frodokem976shake.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_frodokem_976_shake_new(void) { kem->length_secret_key = OQS_KEM_frodokem_976_shake_length_secret_key; kem->length_ciphertext = OQS_KEM_frodokem_976_shake_length_ciphertext; kem->length_shared_secret = OQS_KEM_frodokem_976_shake_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_frodokem_976_shake_length_keypair_coins; + kem->keypair_derand = OQS_KEM_frodokem_976_shake_keypair_derand; kem->keypair = OQS_KEM_frodokem_976_shake_keypair; kem->encaps = OQS_KEM_frodokem_976_shake_encaps; kem->decaps = OQS_KEM_frodokem_976_shake_decaps; diff --git a/src/kem/hqc/kem_hqc.h b/src/kem/hqc/kem_hqc.h index b1f022374d..aa0dcfed81 100644 --- a/src/kem/hqc/kem_hqc.h +++ b/src/kem/hqc/kem_hqc.h @@ -10,7 +10,9 @@ #define OQS_KEM_hqc_128_length_secret_key 2305 #define OQS_KEM_hqc_128_length_ciphertext 4433 #define OQS_KEM_hqc_128_length_shared_secret 64 +#define OQS_KEM_hqc_128_length_keypair_coins 0 OQS_KEM *OQS_KEM_hqc_128_new(void); +OQS_API OQS_STATUS OQS_KEM_hqc_128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_hqc_128_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_hqc_128_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_hqc_128_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_hqc_128_decaps(uint8_t *shared_secret, const uint8_t #define OQS_KEM_hqc_192_length_secret_key 4586 #define OQS_KEM_hqc_192_length_ciphertext 8978 #define OQS_KEM_hqc_192_length_shared_secret 64 +#define OQS_KEM_hqc_192_length_keypair_coins 0 OQS_KEM *OQS_KEM_hqc_192_new(void); +OQS_API OQS_STATUS OQS_KEM_hqc_192_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_hqc_192_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_hqc_192_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_hqc_192_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -32,7 +36,9 @@ OQS_API OQS_STATUS OQS_KEM_hqc_192_decaps(uint8_t *shared_secret, const uint8_t #define OQS_KEM_hqc_256_length_secret_key 7317 #define OQS_KEM_hqc_256_length_ciphertext 14421 #define OQS_KEM_hqc_256_length_shared_secret 64 +#define OQS_KEM_hqc_256_length_keypair_coins 0 OQS_KEM *OQS_KEM_hqc_256_new(void); +OQS_API OQS_STATUS OQS_KEM_hqc_256_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_hqc_256_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_hqc_256_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_hqc_256_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/hqc/kem_hqc_128.c b/src/kem/hqc/kem_hqc_128.c index 0b26784b9d..24b6b03e36 100644 --- a/src/kem/hqc/kem_hqc_128.c +++ b/src/kem/hqc/kem_hqc_128.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_hqc_128_new(void) { kem->length_secret_key = OQS_KEM_hqc_128_length_secret_key; kem->length_ciphertext = OQS_KEM_hqc_128_length_ciphertext; kem->length_shared_secret = OQS_KEM_hqc_128_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_hqc_128_length_keypair_coins; + kem->keypair_derand = OQS_KEM_hqc_128_keypair_derand; kem->keypair = OQS_KEM_hqc_128_keypair; kem->encaps = OQS_KEM_hqc_128_encaps; kem->decaps = OQS_KEM_hqc_128_decaps; @@ -34,6 +36,13 @@ extern int PQCLEAN_HQC128_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk); extern int PQCLEAN_HQC128_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +OQS_API OQS_STATUS OQS_KEM_hqc_128_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_hqc_128_keypair(uint8_t *public_key, uint8_t *secret_key) { return (OQS_STATUS) PQCLEAN_HQC128_CLEAN_crypto_kem_keypair(public_key, secret_key); } diff --git a/src/kem/hqc/kem_hqc_192.c b/src/kem/hqc/kem_hqc_192.c index 10f9ba7e5c..96cafe756a 100644 --- a/src/kem/hqc/kem_hqc_192.c +++ b/src/kem/hqc/kem_hqc_192.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_hqc_192_new(void) { kem->length_secret_key = OQS_KEM_hqc_192_length_secret_key; kem->length_ciphertext = OQS_KEM_hqc_192_length_ciphertext; kem->length_shared_secret = OQS_KEM_hqc_192_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_hqc_192_length_keypair_coins; + kem->keypair_derand = OQS_KEM_hqc_192_keypair_derand; kem->keypair = OQS_KEM_hqc_192_keypair; kem->encaps = OQS_KEM_hqc_192_encaps; kem->decaps = OQS_KEM_hqc_192_decaps; @@ -34,6 +36,13 @@ extern int PQCLEAN_HQC192_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk); extern int PQCLEAN_HQC192_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +OQS_API OQS_STATUS OQS_KEM_hqc_192_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_hqc_192_keypair(uint8_t *public_key, uint8_t *secret_key) { return (OQS_STATUS) PQCLEAN_HQC192_CLEAN_crypto_kem_keypair(public_key, secret_key); } diff --git a/src/kem/hqc/kem_hqc_256.c b/src/kem/hqc/kem_hqc_256.c index aaf60fd968..726554841f 100644 --- a/src/kem/hqc/kem_hqc_256.c +++ b/src/kem/hqc/kem_hqc_256.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_hqc_256_new(void) { kem->length_secret_key = OQS_KEM_hqc_256_length_secret_key; kem->length_ciphertext = OQS_KEM_hqc_256_length_ciphertext; kem->length_shared_secret = OQS_KEM_hqc_256_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_hqc_256_length_keypair_coins; + kem->keypair_derand = OQS_KEM_hqc_256_keypair_derand; kem->keypair = OQS_KEM_hqc_256_keypair; kem->encaps = OQS_KEM_hqc_256_encaps; kem->decaps = OQS_KEM_hqc_256_decaps; @@ -34,6 +36,13 @@ extern int PQCLEAN_HQC256_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk); extern int PQCLEAN_HQC256_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); +OQS_API OQS_STATUS OQS_KEM_hqc_256_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_hqc_256_keypair(uint8_t *public_key, uint8_t *secret_key) { return (OQS_STATUS) PQCLEAN_HQC256_CLEAN_crypto_kem_keypair(public_key, secret_key); } diff --git a/src/kem/kem.c b/src/kem/kem.c index b03da5dbcf..453101219d 100644 --- a/src/kem/kem.c +++ b/src/kem/kem.c @@ -466,6 +466,14 @@ OQS_API OQS_KEM *OQS_KEM_new(const char *method_name) { } } +OQS_API OQS_STATUS OQS_KEM_keypair_derand(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + if (kem == NULL) { + return OQS_ERROR; + } else { + return kem->keypair_derand(public_key, secret_key, coins); + } +} + OQS_API OQS_STATUS OQS_KEM_keypair(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key) { if (kem == NULL) { return OQS_ERROR; diff --git a/src/kem/kem.h b/src/kem/kem.h index 6c9d7ff9af..027de4e969 100644 --- a/src/kem/kem.h +++ b/src/kem/kem.h @@ -157,6 +157,24 @@ typedef struct OQS_KEM { size_t length_ciphertext; /** The length, in bytes, of shared secrets for this KEM. */ size_t length_shared_secret; + /** The length, in bytes, of coins for derandomized keypair generation for this KEM. */ + size_t length_keypair_coins; + /** The length, in bytes, of coins for derandomized encapsulation for this KEM. */ + size_t length_encaps_coins; + + /** + * Derandomized keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @param[in] coins The input randomness represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*keypair_derand)(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); /** * Keypair generation algorithm. @@ -212,6 +230,21 @@ typedef struct OQS_KEM { */ OQS_API OQS_KEM *OQS_KEM_new(const char *method_name); +/** + * Derandomized keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[in] kem The OQS_KEM object representing the KEM. + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @param[in] coins The input randomness represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_KEM_keypair_derand(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); + /** * Keypair generation algorithm. * diff --git a/src/kem/kyber/kem_kyber.h b/src/kem/kyber/kem_kyber.h index cb475aff27..30b1463c4f 100644 --- a/src/kem/kyber/kem_kyber.h +++ b/src/kem/kyber/kem_kyber.h @@ -10,7 +10,9 @@ #define OQS_KEM_kyber_512_length_secret_key 1632 #define OQS_KEM_kyber_512_length_ciphertext 768 #define OQS_KEM_kyber_512_length_shared_secret 32 +#define OQS_KEM_kyber_512_length_keypair_coins 0 OQS_KEM *OQS_KEM_kyber_512_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_512_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_kyber_512_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_kyber_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_kyber_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_kyber_512_decaps(uint8_t *shared_secret, const uint8_ #define OQS_KEM_kyber_768_length_secret_key 2400 #define OQS_KEM_kyber_768_length_ciphertext 1088 #define OQS_KEM_kyber_768_length_shared_secret 32 +#define OQS_KEM_kyber_768_length_keypair_coins 0 OQS_KEM *OQS_KEM_kyber_768_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_768_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_kyber_768_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_kyber_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_kyber_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -32,7 +36,9 @@ OQS_API OQS_STATUS OQS_KEM_kyber_768_decaps(uint8_t *shared_secret, const uint8_ #define OQS_KEM_kyber_1024_length_secret_key 3168 #define OQS_KEM_kyber_1024_length_ciphertext 1568 #define OQS_KEM_kyber_1024_length_shared_secret 32 +#define OQS_KEM_kyber_1024_length_keypair_coins 0 OQS_KEM *OQS_KEM_kyber_1024_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_kyber_1024_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_kyber_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_kyber_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/kyber/kem_kyber_1024.c b/src/kem/kyber/kem_kyber_1024.c index 44c8879b1a..6a3add80bb 100644 --- a/src/kem/kyber/kem_kyber_1024.c +++ b/src/kem/kyber/kem_kyber_1024.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_kyber_1024_new(void) { kem->length_secret_key = OQS_KEM_kyber_1024_length_secret_key; kem->length_ciphertext = OQS_KEM_kyber_1024_length_ciphertext; kem->length_shared_secret = OQS_KEM_kyber_1024_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_kyber_1024_length_keypair_coins; + kem->keypair_derand = OQS_KEM_kyber_1024_keypair_derand; kem->keypair = OQS_KEM_kyber_1024_keypair; kem->encaps = OQS_KEM_kyber_1024_encaps; kem->decaps = OQS_KEM_kyber_1024_decaps; @@ -46,6 +48,13 @@ extern int PQCLEAN_KYBER1024_AARCH64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, co extern int PQCLEAN_KYBER1024_AARCH64_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_kyber_1024_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_kyber_1024_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_kyber_1024_avx2) #if defined(OQS_DIST_BUILD) diff --git a/src/kem/kyber/kem_kyber_512.c b/src/kem/kyber/kem_kyber_512.c index db6618fe45..6bc6c69082 100644 --- a/src/kem/kyber/kem_kyber_512.c +++ b/src/kem/kyber/kem_kyber_512.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_kyber_512_new(void) { kem->length_secret_key = OQS_KEM_kyber_512_length_secret_key; kem->length_ciphertext = OQS_KEM_kyber_512_length_ciphertext; kem->length_shared_secret = OQS_KEM_kyber_512_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_kyber_512_length_keypair_coins; + kem->keypair_derand = OQS_KEM_kyber_512_keypair_derand; kem->keypair = OQS_KEM_kyber_512_keypair; kem->encaps = OQS_KEM_kyber_512_encaps; kem->decaps = OQS_KEM_kyber_512_decaps; @@ -59,6 +61,13 @@ extern int libjade_kyber512_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8 #endif +OQS_API OQS_STATUS OQS_KEM_kyber_512_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_kyber_512_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_LIBJADE_BUILD) && (defined(OQS_ENABLE_LIBJADE_KEM_kyber_512)) #if defined(OQS_ENABLE_LIBJADE_KEM_kyber_512_avx2) diff --git a/src/kem/kyber/kem_kyber_768.c b/src/kem/kyber/kem_kyber_768.c index 263f8a081d..4c66672a5f 100644 --- a/src/kem/kyber/kem_kyber_768.c +++ b/src/kem/kyber/kem_kyber_768.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_kyber_768_new(void) { kem->length_secret_key = OQS_KEM_kyber_768_length_secret_key; kem->length_ciphertext = OQS_KEM_kyber_768_length_ciphertext; kem->length_shared_secret = OQS_KEM_kyber_768_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_kyber_768_length_keypair_coins; + kem->keypair_derand = OQS_KEM_kyber_768_keypair_derand; kem->keypair = OQS_KEM_kyber_768_keypair; kem->encaps = OQS_KEM_kyber_768_encaps; kem->decaps = OQS_KEM_kyber_768_decaps; @@ -59,6 +61,13 @@ extern int libjade_kyber768_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8 #endif +OQS_API OQS_STATUS OQS_KEM_kyber_768_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_kyber_768_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_LIBJADE_BUILD) && (defined(OQS_ENABLE_LIBJADE_KEM_kyber_768)) #if defined(OQS_ENABLE_LIBJADE_KEM_kyber_768_avx2) diff --git a/src/kem/ml_kem/kem_ml_kem.h b/src/kem/ml_kem/kem_ml_kem.h index f8383607f6..c9217e9b16 100644 --- a/src/kem/ml_kem/kem_ml_kem.h +++ b/src/kem/ml_kem/kem_ml_kem.h @@ -10,7 +10,9 @@ #define OQS_KEM_ml_kem_512_length_secret_key 1632 #define OQS_KEM_ml_kem_512_length_ciphertext 768 #define OQS_KEM_ml_kem_512_length_shared_secret 32 +#define OQS_KEM_ml_kem_512_length_keypair_coins 64 OQS_KEM *OQS_KEM_ml_kem_512_new(void); +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -21,7 +23,9 @@ OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8 #define OQS_KEM_ml_kem_768_length_secret_key 2400 #define OQS_KEM_ml_kem_768_length_ciphertext 1088 #define OQS_KEM_ml_kem_768_length_shared_secret 32 +#define OQS_KEM_ml_kem_768_length_keypair_coins 64 OQS_KEM *OQS_KEM_ml_kem_768_new(void); +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); @@ -32,7 +36,9 @@ OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8 #define OQS_KEM_ml_kem_1024_length_secret_key 3168 #define OQS_KEM_ml_kem_1024_length_ciphertext 1568 #define OQS_KEM_ml_kem_1024_length_shared_secret 32 +#define OQS_KEM_ml_kem_1024_length_keypair_coins 64 OQS_KEM *OQS_KEM_ml_kem_1024_new(void); +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/ml_kem/kem_ml_kem_1024.c b/src/kem/ml_kem/kem_ml_kem_1024.c index 52f6de69cd..6107350e02 100644 --- a/src/kem/ml_kem/kem_ml_kem_1024.c +++ b/src/kem/ml_kem/kem_ml_kem_1024.c @@ -22,25 +22,30 @@ OQS_KEM *OQS_KEM_ml_kem_1024_new(void) { kem->length_secret_key = OQS_KEM_ml_kem_1024_length_secret_key; kem->length_ciphertext = OQS_KEM_ml_kem_1024_length_ciphertext; kem->length_shared_secret = OQS_KEM_ml_kem_1024_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_ml_kem_1024_length_keypair_coins; + kem->keypair_derand = OQS_KEM_ml_kem_1024_keypair_derand; kem->keypair = OQS_KEM_ml_kem_1024_keypair; kem->encaps = OQS_KEM_ml_kem_1024_encaps; kem->decaps = OQS_KEM_ml_kem_1024_decaps; return kem; } +extern int PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_C_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_C_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #if defined(OQS_ENABLE_KEM_ml_kem_1024_x86_64) +extern int PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif #if defined(OQS_ENABLE_KEM_ml_kem_1024_aarch64) +extern int PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); @@ -54,6 +59,34 @@ extern int cupqc_ml_kem_1024_dec(uint8_t *ss, const uint8_t *ct, const uint8_t * #endif #endif /* OQS_USE_CUPQC */ +OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { +#if defined(OQS_ENABLE_KEM_ml_kem_1024_x86_64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM1024_X86_64_DEFAULT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_1024_aarch64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_NEON)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM1024_AARCH64_OPT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_1024_cuda) + return (OQS_STATUS) PQCLEAN_MLKEM1024_CUDA_crypto_kem_keypair_derand(public_key, secret_key, coins); +#else + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM1024_C_keypair_derand(public_key, secret_key, coins); +#endif +} + OQS_API OQS_STATUS OQS_KEM_ml_kem_1024_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_USE_CUPQC) && defined(OQS_ENABLE_KEM_ml_kem_1024_cuda) return (OQS_STATUS) cupqc_ml_kem_1024_keypair(public_key, secret_key); diff --git a/src/kem/ml_kem/kem_ml_kem_512.c b/src/kem/ml_kem/kem_ml_kem_512.c index 8f451b0fd1..f68377becb 100644 --- a/src/kem/ml_kem/kem_ml_kem_512.c +++ b/src/kem/ml_kem/kem_ml_kem_512.c @@ -22,25 +22,30 @@ OQS_KEM *OQS_KEM_ml_kem_512_new(void) { kem->length_secret_key = OQS_KEM_ml_kem_512_length_secret_key; kem->length_ciphertext = OQS_KEM_ml_kem_512_length_ciphertext; kem->length_shared_secret = OQS_KEM_ml_kem_512_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_ml_kem_512_length_keypair_coins; + kem->keypair_derand = OQS_KEM_ml_kem_512_keypair_derand; kem->keypair = OQS_KEM_ml_kem_512_keypair; kem->encaps = OQS_KEM_ml_kem_512_encaps; kem->decaps = OQS_KEM_ml_kem_512_decaps; return kem; } +extern int PQCP_MLKEM_NATIVE_MLKEM512_C_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM512_C_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM512_C_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM512_C_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #if defined(OQS_ENABLE_KEM_ml_kem_512_x86_64) +extern int PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif #if defined(OQS_ENABLE_KEM_ml_kem_512_aarch64) +extern int PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); @@ -54,6 +59,34 @@ extern int cupqc_ml_kem_512_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *s #endif #endif /* OQS_USE_CUPQC */ +OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { +#if defined(OQS_ENABLE_KEM_ml_kem_512_x86_64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM512_X86_64_DEFAULT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM512_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_512_aarch64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_NEON)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM512_AARCH64_OPT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM512_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_512_cuda) + return (OQS_STATUS) PQCLEAN_MLKEM512_CUDA_crypto_kem_keypair_derand(public_key, secret_key, coins); +#else + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM512_C_keypair_derand(public_key, secret_key, coins); +#endif +} + OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_USE_CUPQC) && defined(OQS_ENABLE_KEM_ml_kem_512_cuda) return (OQS_STATUS) cupqc_ml_kem_512_keypair(public_key, secret_key); diff --git a/src/kem/ml_kem/kem_ml_kem_768.c b/src/kem/ml_kem/kem_ml_kem_768.c index ef64c5c406..891f36a7c5 100644 --- a/src/kem/ml_kem/kem_ml_kem_768.c +++ b/src/kem/ml_kem/kem_ml_kem_768.c @@ -22,25 +22,30 @@ OQS_KEM *OQS_KEM_ml_kem_768_new(void) { kem->length_secret_key = OQS_KEM_ml_kem_768_length_secret_key; kem->length_ciphertext = OQS_KEM_ml_kem_768_length_ciphertext; kem->length_shared_secret = OQS_KEM_ml_kem_768_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_ml_kem_768_length_keypair_coins; + kem->keypair_derand = OQS_KEM_ml_kem_768_keypair_derand; kem->keypair = OQS_KEM_ml_kem_768_keypair; kem->encaps = OQS_KEM_ml_kem_768_encaps; kem->decaps = OQS_KEM_ml_kem_768_decaps; return kem; } +extern int PQCP_MLKEM_NATIVE_MLKEM768_C_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM768_C_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM768_C_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM768_C_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #if defined(OQS_ENABLE_KEM_ml_kem_768_x86_64) +extern int PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif #if defined(OQS_ENABLE_KEM_ml_kem_768_aarch64) +extern int PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins); extern int PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_keypair(uint8_t *pk, uint8_t *sk); extern int PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk); extern int PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); @@ -54,6 +59,34 @@ extern int cupqc_ml_kem_768_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *s #endif #endif /* OQS_USE_CUPQC */ +OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { +#if defined(OQS_ENABLE_KEM_ml_kem_768_x86_64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM768_X86_64_DEFAULT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM768_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_768_aarch64) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_ARM_NEON)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM768_AARCH64_OPT_keypair_derand(public_key, secret_key, coins); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM768_C_keypair_derand(public_key, secret_key, coins); + } +#endif /* OQS_DIST_BUILD */ +#elif defined(OQS_ENABLE_KEM_ml_kem_768_cuda) + return (OQS_STATUS) PQCLEAN_MLKEM768_CUDA_crypto_kem_keypair_derand(public_key, secret_key, coins); +#else + return (OQS_STATUS) PQCP_MLKEM_NATIVE_MLKEM768_C_keypair_derand(public_key, secret_key, coins); +#endif +} + OQS_API OQS_STATUS OQS_KEM_ml_kem_768_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_USE_CUPQC) && defined(OQS_ENABLE_KEM_ml_kem_768_cuda) return (OQS_STATUS) cupqc_ml_kem_768_keypair(public_key, secret_key); diff --git a/src/kem/ntruprime/kem_ntruprime.h b/src/kem/ntruprime/kem_ntruprime.h index bdbab28710..85e99574ab 100644 --- a/src/kem/ntruprime/kem_ntruprime.h +++ b/src/kem/ntruprime/kem_ntruprime.h @@ -10,7 +10,9 @@ #define OQS_KEM_ntruprime_sntrup761_length_secret_key 1763 #define OQS_KEM_ntruprime_sntrup761_length_ciphertext 1039 #define OQS_KEM_ntruprime_sntrup761_length_shared_secret 32 +#define OQS_KEM_ntruprime_sntrup761_length_keypair_coins 0 OQS_KEM *OQS_KEM_ntruprime_sntrup761_new(void); +OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins); OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); diff --git a/src/kem/ntruprime/kem_ntruprime_sntrup761.c b/src/kem/ntruprime/kem_ntruprime_sntrup761.c index f8c4567641..16aeca31bb 100644 --- a/src/kem/ntruprime/kem_ntruprime_sntrup761.c +++ b/src/kem/ntruprime/kem_ntruprime_sntrup761.c @@ -22,7 +22,9 @@ OQS_KEM *OQS_KEM_ntruprime_sntrup761_new(void) { kem->length_secret_key = OQS_KEM_ntruprime_sntrup761_length_secret_key; kem->length_ciphertext = OQS_KEM_ntruprime_sntrup761_length_ciphertext; kem->length_shared_secret = OQS_KEM_ntruprime_sntrup761_length_shared_secret; + kem->length_keypair_coins = OQS_KEM_ntruprime_sntrup761_length_keypair_coins; + kem->keypair_derand = OQS_KEM_ntruprime_sntrup761_keypair_derand; kem->keypair = OQS_KEM_ntruprime_sntrup761_keypair; kem->encaps = OQS_KEM_ntruprime_sntrup761_encaps; kem->decaps = OQS_KEM_ntruprime_sntrup761_decaps; @@ -40,6 +42,13 @@ extern int PQCLEAN_SNTRUP761_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const extern int PQCLEAN_SNTRUP761_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk); #endif +OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_keypair_derand(uint8_t *public_key, uint8_t *secret_key, const uint8_t *coins) { + (void)public_key; + (void)secret_key; + (void)coins; + return OQS_ERROR; +} + OQS_API OQS_STATUS OQS_KEM_ntruprime_sntrup761_keypair(uint8_t *public_key, uint8_t *secret_key) { #if defined(OQS_ENABLE_KEM_ntruprime_sntrup761_avx2) #if defined(OQS_DIST_BUILD) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 6d08516a89..4c1a69e794 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -97,7 +97,10 @@ target_link_libraries(test_kem_mem PRIVATE ${TEST_DEPS}) add_executable(speed_kem speed_kem.c) target_link_libraries(speed_kem PRIVATE ${TEST_DEPS}) -set(KEM_TESTS example_kem kat_kem test_kem test_kem_mem speed_kem vectors_kem) +add_executable(test_kem_derand test_kem_derand.c) +target_link_libraries(test_kem_derand PRIVATE ${TEST_DEPS}) + +set(KEM_TESTS example_kem kat_kem test_kem test_kem_mem speed_kem vectors_kem test_kem_derand) # SIG API tests add_executable(example_sig example_sig.c) diff --git a/tests/test_cmdline.py b/tests/test_cmdline.py index faf662f7d5..91fac01d04 100644 --- a/tests/test_cmdline.py +++ b/tests/test_cmdline.py @@ -44,6 +44,14 @@ def test_sig_stfl(sig_stfl_name): [helpers.path_to_executable('test_sig_stfl'), sig_stfl_name], ) +@helpers.filtered_test +@pytest.mark.parametrize('kem_name', helpers.available_kems_by_name()) +def test_kem_derand(kem_name): + if not(helpers.is_kem_enabled_by_name(kem_name)): pytest.skip('Not enabled') + helpers.run_subprocess( + [helpers.path_to_executable('test_kem_derand'), kem_name], + ) + if __name__ == "__main__": import sys pytest.main(sys.argv) diff --git a/tests/test_constant_time.py b/tests/test_constant_time.py index c31436480d..b368b5c419 100644 --- a/tests/test_constant_time.py +++ b/tests/test_constant_time.py @@ -266,6 +266,27 @@ def test_constant_time_sig(sig_name): ] ) +@helpers.filtered_test +@helpers.test_requires_build_options(*REQ_LIBOQS_BUILD_OPTS) +@helpers.test_requires_valgrind_version_at_least(*MIN_VALGRIND_VERSION) +@pytest.mark.parametrize('kem_name', helpers.available_kems_by_name()) +def test_constant_time_kem_derand(kem_name): + if not(helpers.is_kem_enabled_by_name(kem_name)): pytest.skip('Not enabled') + if ('SKIP_ALGS' in os.environ) and len(os.environ['SKIP_ALGS'])>0: + for algexp in os.environ['SKIP_ALGS'].split(','): + if len(re.findall(algexp, kem_name))>0: + pytest.skip("Test disabled by alg filter") + passes = get_ct_passes('kem', kem_name) + issues = get_ct_issues('kem', kem_name) + output = helpers.run_subprocess( + VALGRIND + [ + *(['--suppressions='+f for f in passes]), + *(['--suppressions='+f for f in issues]), + helpers.path_to_executable('test_kem_derand'), + kem_name + ] + ) + if __name__ == '__main__': pytest.main(sys.argv) diff --git a/tests/test_distbuild.py b/tests/test_distbuild.py index 907b09038a..29d6035c7f 100644 --- a/tests/test_distbuild.py +++ b/tests/test_distbuild.py @@ -37,6 +37,17 @@ def test_sig(sig_name): helpers.run_subprocess(["qemu-"+platform.machine()+"-static", "-cpu", MINCPU, helpers.path_to_executable('test_sig'), sig_name]) +@helpers.filtered_test +@pytest.mark.parametrize('kem_name', helpers.available_kems_by_name()) +@helpers.test_requires_build_options("OQS_DIST_BUILD") +@helpers.test_requires_qemu(platform.machine(), MINCPU) +def test_kem_derand(kem_name): + if not(helpers.is_kem_enabled_by_name(kem_name)): + pytest.skip('Not enabled') + + helpers.run_subprocess(["qemu-"+platform.machine()+"-static", "-cpu", MINCPU, + helpers.path_to_executable('test_kem_derand'), kem_name]) + if __name__ == "__main__": import sys pytest.main(sys.argv) diff --git a/tests/test_kem_derand.c b/tests/test_kem_derand.c new file mode 100644 index 0000000000..7a1c4598d0 --- /dev/null +++ b/tests/test_kem_derand.c @@ -0,0 +1,311 @@ +// SPDX-License-Identifier: MIT + +#include +#include +#include +#include + +#include + +#if OQS_USE_PTHREADS +#include +#endif + +#ifdef OQS_ENABLE_TEST_CONSTANT_TIME +#include +#define OQS_TEST_CT_CLASSIFY(addr, len) VALGRIND_MAKE_MEM_UNDEFINED(addr, len) +#define OQS_TEST_CT_DECLASSIFY(addr, len) VALGRIND_MAKE_MEM_DEFINED(addr, len) +#else +#define OQS_TEST_CT_CLASSIFY(addr, len) +#define OQS_TEST_CT_DECLASSIFY(addr, len) +#endif + +#include "system_info.c" + +/* Displays hexadecimal strings */ +static void OQS_print_hex_string(const char *label, const uint8_t *str, size_t len) { + printf("%-20s (%4zu bytes): ", label, len); + for (size_t i = 0; i < (len); i++) { + printf("%02X", str[i]); + } + printf("\n"); +} + +typedef struct magic_s { + uint8_t val[31]; +} magic_t; + +static OQS_STATUS kem_test_correctness(const char *method_name) { + + OQS_KEM *kem = NULL; + uint8_t *public_key = NULL; + uint8_t *secret_key = NULL; + uint8_t *ciphertext = NULL; + uint8_t *shared_secret_e = NULL; + uint8_t *shared_secret_d = NULL; + uint8_t *coins_k = NULL; + uint8_t *coins_e = NULL; + OQS_STATUS rc, ret = OQS_ERROR; + int rv; + + //The magic numbers are random values. + //The length of the magic number was chosen to be 31 to break alignment + magic_t magic; + OQS_randombytes(magic.val, sizeof(magic_t)); + + kem = OQS_KEM_new(method_name); + if (kem == NULL) { + fprintf(stderr, "ERROR: OQS_KEM_new failed\n"); + goto err; + } + + printf("================================================================================\n"); + printf("Sample computation for KEM %s\n", kem->method_name); + printf("================================================================================\n"); + + public_key = malloc(kem->length_public_key + 2 * sizeof(magic_t)); + secret_key = malloc(kem->length_secret_key + 2 * sizeof(magic_t)); + ciphertext = malloc(kem->length_ciphertext + 2 * sizeof(magic_t)); + shared_secret_e = malloc(kem->length_shared_secret + 2 * sizeof(magic_t)); + shared_secret_d = malloc(kem->length_shared_secret + 2 * sizeof(magic_t)); + coins_k = malloc(kem->length_keypair_coins + 2 * sizeof(magic_t)); + + if ((public_key == NULL) || (secret_key == NULL) || (ciphertext == NULL) || (shared_secret_e == NULL) || (shared_secret_d == NULL) || (coins_k == NULL) || (coins_e == NULL)) { + fprintf(stderr, "ERROR: malloc failed\n"); + goto err; + } + + //Set the magic numbers before + memcpy(public_key, magic.val, sizeof(magic_t)); + memcpy(secret_key, magic.val, sizeof(magic_t)); + memcpy(ciphertext, magic.val, sizeof(magic_t)); + memcpy(shared_secret_e, magic.val, sizeof(magic_t)); + memcpy(shared_secret_d, magic.val, sizeof(magic_t)); + memcpy(coins_k, magic.val, sizeof(magic_t)); + memcpy(coins_e, magic.val, sizeof(magic_t)); + + public_key += sizeof(magic_t); + secret_key += sizeof(magic_t); + ciphertext += sizeof(magic_t); + shared_secret_e += sizeof(magic_t); + shared_secret_d += sizeof(magic_t); + coins_k += sizeof(magic_t); + coins_e += sizeof(magic_t); + + + // and after + memcpy(public_key + kem->length_public_key, magic.val, sizeof(magic_t)); + memcpy(secret_key + kem->length_secret_key, magic.val, sizeof(magic_t)); + memcpy(ciphertext + kem->length_ciphertext, magic.val, sizeof(magic_t)); + memcpy(shared_secret_e + kem->length_shared_secret, magic.val, sizeof(magic_t)); + memcpy(shared_secret_d + kem->length_shared_secret, magic.val, sizeof(magic_t)); + memcpy(coins_k + kem->length_keypair_coins, magic.val, sizeof(magic_t)); + + // On some systems, getentropy fails if given a zero-length array + if (kem->length_keypair_coins > 0) { + OQS_randombytes(coins_k, kem->length_keypair_coins); + } + rc = OQS_KEM_keypair_derand(kem, public_key, secret_key, coins_k); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (kem->length_keypair_coins == 0) { + // If length_keypair_coins is set to 0 for this KEM scheme, a failure is expected + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_KEM_keypair_derand succeeded but expected a failure\n"); + goto err; + } + } else { + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_KEM_keypair_derand failed\n"); + goto err; + } + } + + OQS_TEST_CT_DECLASSIFY(public_key, kem->length_public_key); + rc = OQS_KEM_encaps(kem, ciphertext, shared_secret_e, public_key, coins_e); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_KEM_encaps failed\n"); + goto err; + } + + OQS_TEST_CT_DECLASSIFY(ciphertext, kem->length_ciphertext); + rc = OQS_KEM_decaps(kem, shared_secret_d, ciphertext, secret_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_KEM_decaps failed\n"); + goto err; + } + + OQS_TEST_CT_DECLASSIFY(shared_secret_d, kem->length_shared_secret); + OQS_TEST_CT_DECLASSIFY(shared_secret_e, kem->length_shared_secret); + rv = memcmp(shared_secret_e, shared_secret_d, kem->length_shared_secret); + if (rv != 0) { + fprintf(stderr, "ERROR: shared secrets are not equal\n"); + OQS_print_hex_string("shared_secret_e", shared_secret_e, kem->length_shared_secret); + OQS_print_hex_string("shared_secret_d", shared_secret_d, kem->length_shared_secret); + goto err; + } else { + printf("shared secrets are equal\n"); + } + + // test invalid encapsulation (call should either fail or result in invalid shared secret) + OQS_randombytes(ciphertext, kem->length_ciphertext); + OQS_TEST_CT_DECLASSIFY(ciphertext, kem->length_ciphertext); + rc = OQS_KEM_decaps(kem, shared_secret_d, ciphertext, secret_key); + OQS_TEST_CT_DECLASSIFY(shared_secret_d, kem->length_shared_secret); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc == OQS_SUCCESS && memcmp(shared_secret_e, shared_secret_d, kem->length_shared_secret) == 0) { + fprintf(stderr, "ERROR: OQS_KEM_decaps succeeded on wrong input\n"); + goto err; + } + +#ifndef OQS_ENABLE_TEST_CONSTANT_TIME + rv = memcmp(public_key + kem->length_public_key, magic.val, sizeof(magic_t)); + rv |= memcmp(secret_key + kem->length_secret_key, magic.val, sizeof(magic_t)); + rv |= memcmp(ciphertext + kem->length_ciphertext, magic.val, sizeof(magic_t)); + rv |= memcmp(shared_secret_e + kem->length_shared_secret, magic.val, sizeof(magic_t)); + rv |= memcmp(shared_secret_d + kem->length_shared_secret, magic.val, sizeof(magic_t)); + rv |= memcmp(coins_k + kem->length_keypair_coins, magic.val, sizeof(magic_t)); + rv |= memcmp(coins_e + kem->length_encaps_coins, magic.val, sizeof(magic_t)); + rv |= memcmp(public_key - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(secret_key - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(ciphertext - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(shared_secret_e - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(shared_secret_d - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(coins_k - sizeof(magic_t), magic.val, sizeof(magic_t)); + rv |= memcmp(coins_e - sizeof(magic_t), magic.val, sizeof(magic_t)); + if (rv != 0) { + fprintf(stderr, "ERROR: Magic numbers do not match\n"); + goto err; + } +#endif + + ret = OQS_SUCCESS; + goto cleanup; + +err: + ret = OQS_ERROR; + +cleanup: + if (secret_key) { + OQS_MEM_secure_free(secret_key - sizeof(magic_t), kem->length_secret_key + 2 * sizeof(magic_t)); + } + if (shared_secret_e) { + OQS_MEM_secure_free(shared_secret_e - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t)); + } + if (shared_secret_d) { + OQS_MEM_secure_free(shared_secret_d - sizeof(magic_t), kem->length_shared_secret + 2 * sizeof(magic_t)); + } + if (public_key) { + OQS_MEM_insecure_free(public_key - sizeof(magic_t)); + } + if (ciphertext) { + OQS_MEM_insecure_free(ciphertext - sizeof(magic_t)); + } + if (coins_k) { + OQS_MEM_secure_free(coins_k - sizeof(magic_t), kem->length_keypair_coins + 2 * sizeof(magic_t)); + } + OQS_KEM_free(kem); + + return ret; +} + +#ifdef OQS_ENABLE_TEST_CONSTANT_TIME +static void TEST_KEM_randombytes(uint8_t *random_array, size_t bytes_to_read) { + // We can't make direct calls to the system randombytes on some platforms, + // so we have to swap out the OQS_randombytes provider. + OQS_randombytes_switch_algorithm("system"); + OQS_randombytes(random_array, bytes_to_read); + OQS_randombytes_custom_algorithm(&TEST_KEM_randombytes); + + // OQS_TEST_CT_CLASSIFY tells Valgrind's memcheck tool to issue a warning if + // the program branches on any byte that depends on random_array. This helps us + // identify timing side-channels, as these bytes often contain secret data. + OQS_TEST_CT_CLASSIFY(random_array, bytes_to_read); +} +#endif + +#if OQS_USE_PTHREADS +struct thread_data { + char *alg_name; + OQS_STATUS rc; +}; + +void *test_wrapper(void *arg) { + struct thread_data *td = arg; + td->rc = kem_test_correctness(td->alg_name); + return NULL; +} +#endif + +int main(int argc, char **argv) { + OQS_init(); + + printf("Testing KEM algorithms using liboqs version %s\n", OQS_version()); + + if (argc != 2) { + fprintf(stderr, "Usage: test_kem_derand algname\n"); + fprintf(stderr, " algname: "); + for (size_t i = 0; i < OQS_KEM_algs_length; i++) { + if (i > 0) { + fprintf(stderr, ", "); + } + fprintf(stderr, "%s", OQS_KEM_alg_identifier(i)); + } + fprintf(stderr, "\n"); + OQS_destroy(); + return EXIT_FAILURE; + } + + print_system_info(); + + char *alg_name = argv[1]; + if (!OQS_KEM_alg_is_enabled(alg_name)) { + printf("KEM algorithm %s not enabled!\n", alg_name); + OQS_destroy(); + return EXIT_FAILURE; + } + +#ifdef OQS_ENABLE_TEST_CONSTANT_TIME + OQS_randombytes_custom_algorithm(&TEST_KEM_randombytes); +#else + OQS_randombytes_switch_algorithm("system"); +#endif + + OQS_STATUS rc; +#if OQS_USE_PTHREADS +#define MAX_LEN_KEM_NAME_ 64 + // don't run Classic McEliece in threads because of large stack usage + char no_thread_kem_patterns[][MAX_LEN_KEM_NAME_] = {"Classic-McEliece", "HQC-256-"}; + int test_in_thread = 1; + for (size_t i = 0 ; i < sizeof(no_thread_kem_patterns) / MAX_LEN_KEM_NAME_; ++i) { + if (strstr(alg_name, no_thread_kem_patterns[i]) != NULL) { + test_in_thread = 0; + break; + } + } + if (test_in_thread) { + pthread_t thread; + struct thread_data td; + td.alg_name = alg_name; + int trc = pthread_create(&thread, NULL, test_wrapper, &td); + if (trc) { + fprintf(stderr, "ERROR: Creating pthread\n"); + OQS_destroy(); + return EXIT_FAILURE; + } + pthread_join(thread, NULL); + rc = td.rc; + } else { + rc = kem_test_correctness(alg_name); + } +#else + rc = kem_test_correctness(alg_name); +#endif + if (rc != OQS_SUCCESS) { + OQS_destroy(); + return EXIT_FAILURE; + } + OQS_destroy(); + return EXIT_SUCCESS; +} diff --git a/tests/test_leaks.py b/tests/test_leaks.py index f75fece11a..f80090cc62 100644 --- a/tests/test_leaks.py +++ b/tests/test_leaks.py @@ -40,6 +40,15 @@ def test_sig_stfl_leak(sig_stfl_name): ["valgrind", "-s", "--error-exitcode=1", "--leak-check=full", "--show-leak-kinds=all", helpers.path_to_executable('test_sig_stfl'), sig_stfl_name], ) +@helpers.filtered_test +@pytest.mark.parametrize('kem_name', helpers.available_kems_by_name()) +def test_kem_derand_leak(kem_name): + if not(helpers.is_kem_enabled_by_name(kem_name)): pytest.skip('Not enabled') + if sys.platform != "linux" or os.system("grep ubuntu /etc/os-release") != 0 or os.system("uname -a | grep x86_64") != 0: pytest.skip('Leak testing not supported on this platform') + helpers.run_subprocess( + ["valgrind", "-s", "--error-exitcode=1", "--leak-check=full", "--show-leak-kinds=all", "--vex-guest-max-insns=25", "--track-origins=yes", helpers.path_to_executable('test_kem_derand'), kem_name], + ) + if __name__ == "__main__": import sys pytest.main(sys.argv)