From d9c214cc64315e527fd96fe7501203e07b15f7ec Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Tue, 26 Nov 2024 13:45:10 +0100 Subject: [PATCH] Add ML-DSA / FIPS 204 final (#1919) * Pull ML-DSA from pq-crystals upstream. * Removes ML-DSA-ipd * Adds support for context strings to OQS SIG API. * Adding _with_ctx_str APIs, templating * Adds ACVP tests for ML-DSA * export symbols for acvp tests (dynamic linking) * remove IPD intermediate values * adds flag for ctx support * Update constant-time passes after line nubmer and function name changes * Update KATs * API with checks for signatures without ctx support * Additional test for signatures with ctx * Change alg_version to FIPS204 * Update ML-DSA security claim to SUF-CMA, according to FIPS204 * Update src/sig/sig.h * Fix test_alg_info --------- Signed-off-by: Basil Hess Co-authored-by: Spencer Wilson --- .CMake/alg_support.cmake | 6 - .github/workflows/linux.yml | 2 +- README.md | 4 +- docs/algorithms/sig/ml_dsa.md | 18 +- docs/algorithms/sig/ml_dsa.yml | 23 +- docs/cbom.json | 62 +- .../copy_from_upstream/copy_from_upstream.yml | 33 +- ..._dsa_ipd.patch => pqcrystals-ml_dsa.patch} | 531 +++++++++--------- .../src/sig/family/sig_family.h | 7 + .../src/sig/family/sig_scheme.c | 146 +++++ .../update_upstream_alg_docs.py | 3 +- src/oqsconfig.h.cmake | 6 - src/sig/cross/sig_cross.h | 36 ++ src/sig/cross/sig_cross_rsdp_128_balanced.c | 19 +- src/sig/cross/sig_cross_rsdp_128_fast.c | 19 +- src/sig/cross/sig_cross_rsdp_128_small.c | 19 +- src/sig/cross/sig_cross_rsdp_192_balanced.c | 19 +- src/sig/cross/sig_cross_rsdp_192_fast.c | 19 +- src/sig/cross/sig_cross_rsdp_192_small.c | 19 +- src/sig/cross/sig_cross_rsdp_256_balanced.c | 19 +- src/sig/cross/sig_cross_rsdp_256_fast.c | 19 +- src/sig/cross/sig_cross_rsdp_256_small.c | 19 +- src/sig/cross/sig_cross_rsdpg_128_balanced.c | 19 +- src/sig/cross/sig_cross_rsdpg_128_fast.c | 19 +- src/sig/cross/sig_cross_rsdpg_128_small.c | 19 +- src/sig/cross/sig_cross_rsdpg_192_balanced.c | 19 +- src/sig/cross/sig_cross_rsdpg_192_fast.c | 19 +- src/sig/cross/sig_cross_rsdpg_192_small.c | 19 +- src/sig/cross/sig_cross_rsdpg_256_balanced.c | 19 +- src/sig/cross/sig_cross_rsdpg_256_fast.c | 19 +- src/sig/cross/sig_cross_rsdpg_256_small.c | 19 +- src/sig/dilithium/sig_dilithium.h | 6 + src/sig/dilithium/sig_dilithium_2.c | 19 +- src/sig/dilithium/sig_dilithium_3.c | 19 +- src/sig/dilithium/sig_dilithium_5.c | 19 +- src/sig/falcon/sig_falcon.h | 8 + src/sig/falcon/sig_falcon_1024.c | 19 +- src/sig/falcon/sig_falcon_512.c | 19 +- src/sig/falcon/sig_falcon_padded_1024.c | 19 +- src/sig/falcon/sig_falcon_padded_512.c | 19 +- src/sig/mayo/sig_mayo.h | 8 + src/sig/mayo/sig_mayo_1.c | 19 +- src/sig/mayo/sig_mayo_2.c | 19 +- src/sig/mayo/sig_mayo_3.c | 19 +- src/sig/mayo/sig_mayo_5.c | 19 +- src/sig/ml_dsa/CMakeLists.txt | 84 +-- .../api.h | 88 --- .../config.h | 27 - .../sign.h | 36 -- .../config.h | 27 - .../sign.h | 36 -- .../LICENSE | 0 .../align.h | 0 .../api.h | 100 ++++ .../config.h | 27 + .../consts.c | 0 .../consts.h | 0 .../invntt.S | 0 .../ntt.S | 1 - .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../pointwise.S | 0 .../poly.c | 8 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../sign.c | 157 +++++- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 .../LICENSE | 0 .../api.h | 14 +- .../config.h | 27 + .../ntt.c | 0 .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../poly.c | 10 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../reduce.c | 2 +- .../reduce.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../sign.c | 181 ++++-- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 .../api.h | 88 --- .../config.h | 27 - .../sign.h | 36 -- .../config.h | 27 - .../sign.h | 36 -- .../LICENSE | 0 .../align.h | 0 .../api.h | 100 ++++ .../config.h | 27 + .../consts.c | 0 .../consts.h | 0 .../invntt.S | 0 .../ntt.S | 1 - .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../pointwise.S | 0 .../poly.c | 8 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../sign.c | 157 +++++- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 .../LICENSE | 0 .../api.h | 14 +- .../config.h | 27 + .../ntt.c | 0 .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../poly.c | 10 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../reduce.c | 2 +- .../reduce.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../sign.c | 181 ++++-- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 .../api.h | 88 --- .../config.h | 27 - .../sign.h | 36 -- .../config.h | 27 - .../sign.h | 36 -- .../LICENSE | 0 .../align.h | 0 .../api.h | 100 ++++ .../config.h | 27 + .../consts.c | 0 .../consts.h | 0 .../invntt.S | 0 .../ntt.S | 1 - .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../pointwise.S | 0 .../poly.c | 8 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../rejsample.c | 0 .../rejsample.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../shuffle.S | 0 .../shuffle.inc | 0 .../sign.c | 157 +++++- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 .../LICENSE | 0 .../api.h | 14 +- .../config.h | 27 + .../ntt.c | 0 .../ntt.h | 0 .../packing.c | 0 .../packing.h | 0 .../params.h | 0 .../poly.c | 10 +- .../poly.h | 2 +- .../polyvec.c | 2 +- .../polyvec.h | 0 .../reduce.c | 2 +- .../reduce.h | 0 .../rounding.c | 0 .../rounding.h | 0 .../sign.c | 181 ++++-- .../sign.h | 58 ++ .../symmetric-shake.c | 0 .../symmetric.h | 0 src/sig/ml_dsa/sig_ml_dsa.h | 72 +-- src/sig/ml_dsa/sig_ml_dsa_44.c | 122 ++++ src/sig/ml_dsa/sig_ml_dsa_44_ipd.c | 119 ---- src/sig/ml_dsa/sig_ml_dsa_65.c | 122 ++++ src/sig/ml_dsa/sig_ml_dsa_65_ipd.c | 119 ---- src/sig/ml_dsa/sig_ml_dsa_87.c | 122 ++++ src/sig/ml_dsa/sig_ml_dsa_87_ipd.c | 119 ---- src/sig/sig.c | 61 +- src/sig/sig.h | 84 ++- src/sig/sphincs/sig_sphincs.h | 24 + .../sphincs/sig_sphincs_sha2_128f_simple.c | 19 +- .../sphincs/sig_sphincs_sha2_128s_simple.c | 19 +- .../sphincs/sig_sphincs_sha2_192f_simple.c | 19 +- .../sphincs/sig_sphincs_sha2_192s_simple.c | 19 +- .../sphincs/sig_sphincs_sha2_256f_simple.c | 19 +- .../sphincs/sig_sphincs_sha2_256s_simple.c | 19 +- .../sphincs/sig_sphincs_shake_128f_simple.c | 19 +- .../sphincs/sig_sphincs_shake_128s_simple.c | 19 +- .../sphincs/sig_sphincs_shake_192f_simple.c | 19 +- .../sphincs/sig_sphincs_shake_192s_simple.c | 19 +- .../sphincs/sig_sphincs_shake_256f_simple.c | 19 +- .../sphincs/sig_sphincs_shake_256s_simple.c | 19 +- tests/KATs/sig/kats.json | 24 +- tests/PQC_Intermediate_Values/ML-DSA-44.txt | 11 - tests/PQC_Intermediate_Values/ML-DSA-65.txt | 11 - tests/PQC_Intermediate_Values/ML-DSA-87.txt | 11 - tests/PQC_Intermediate_Values/ML-KEM-1024.txt | 12 - tests/PQC_Intermediate_Values/ML-KEM-512.txt | 12 - tests/PQC_Intermediate_Values/ML-KEM-768.txt | 12 - tests/PQC_Intermediate_Values/fetch_values.sh | 53 -- tests/constant_time/sig/issues.json | 3 - tests/constant_time/sig/passes.json | 3 - tests/constant_time/sig/passes/ml_dsa | 18 +- tests/constant_time/sig/passes/ml_dsa-avx2 | 26 +- tests/kat_sig.c | 6 +- tests/test_acvp_vectors.py | 104 +++- tests/test_alg_info.py | 7 +- tests/test_sig.c | 71 +++ tests/vectors_kem.c | 2 +- tests/vectors_sig.c | 499 ++++++++++++---- zephyr/Kconfig | 4 +- 243 files changed, 4129 insertions(+), 2081 deletions(-) rename scripts/copy_from_upstream/patches/{pqcrystals-ml_dsa_ipd.patch => pqcrystals-ml_dsa.patch} (64%) delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/api.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/align.h (100%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/api.h create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/consts.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/consts.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/invntt.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/ntt.S (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/pointwise.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/poly.h (98%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/rejsample.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/rejsample.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/shuffle.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/shuffle.inc (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/sign.c (74%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-44_avx2}/symmetric.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/api.h (81%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/ntt.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/poly.h (97%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/reduce.c (95%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/reduce.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/sign.c (66%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-44_ref}/symmetric.h (100%) delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/api.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/align.h (100%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/api.h create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/consts.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/consts.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/invntt.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/ntt.S (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/pointwise.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/poly.h (98%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/rejsample.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/rejsample.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/shuffle.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/shuffle.inc (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/sign.c (74%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-65_avx2}/symmetric.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/api.h (81%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/ntt.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/poly.h (97%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/reduce.c (95%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/reduce.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/sign.c (66%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-65_ref}/symmetric.h (100%) delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/api.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/config.h delete mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/align.h (100%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/api.h create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/consts.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/consts.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/invntt.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/ntt.S (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/pointwise.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/poly.h (98%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/rejsample.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/rejsample.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/shuffle.S (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/shuffle.inc (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/sign.c (74%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2 => pqcrystals-dilithium-standard_ml-dsa-87_avx2}/symmetric.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/LICENSE (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/api.h (81%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/config.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/ntt.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/ntt.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/packing.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/packing.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/params.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/poly.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/poly.h (97%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/polyvec.c (99%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/polyvec.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/reduce.c (95%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/reduce.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/rounding.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/rounding.h (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/sign.c (66%) create mode 100644 src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.h rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/symmetric-shake.c (100%) rename src/sig/ml_dsa/{pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref => pqcrystals-dilithium-standard_ml-dsa-87_ref}/symmetric.h (100%) create mode 100644 src/sig/ml_dsa/sig_ml_dsa_44.c delete mode 100644 src/sig/ml_dsa/sig_ml_dsa_44_ipd.c create mode 100644 src/sig/ml_dsa/sig_ml_dsa_65.c delete mode 100644 src/sig/ml_dsa/sig_ml_dsa_65_ipd.c create mode 100644 src/sig/ml_dsa/sig_ml_dsa_87.c delete mode 100644 src/sig/ml_dsa/sig_ml_dsa_87_ipd.c delete mode 100644 tests/PQC_Intermediate_Values/ML-DSA-44.txt delete mode 100644 tests/PQC_Intermediate_Values/ML-DSA-65.txt delete mode 100644 tests/PQC_Intermediate_Values/ML-DSA-87.txt delete mode 100644 tests/PQC_Intermediate_Values/ML-KEM-1024.txt delete mode 100644 tests/PQC_Intermediate_Values/ML-KEM-512.txt delete mode 100644 tests/PQC_Intermediate_Values/ML-KEM-768.txt delete mode 100755 tests/PQC_Intermediate_Values/fetch_values.sh diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake index 9fdf37cb1c..9afa6e4b15 100644 --- a/.CMake/alg_support.cmake +++ b/.CMake/alg_support.cmake @@ -137,11 +137,8 @@ cmake_dependent_option(OQS_ENABLE_SIG_dilithium_3 "" ON "OQS_ENABLE_SIG_DILITHIU cmake_dependent_option(OQS_ENABLE_SIG_dilithium_5 "" ON "OQS_ENABLE_SIG_DILITHIUM" OFF) option(OQS_ENABLE_SIG_ML_DSA "Enable ml_dsa algorithm family" ON) -cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) -cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) -cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_ipd "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87 "" ON "OQS_ENABLE_SIG_ML_DSA" OFF) option(OQS_ENABLE_SIG_FALCON "Enable falcon algorithm family" ON) @@ -393,21 +390,18 @@ endif() if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_44_ipd" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_44_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_44" OFF) endif() endif() if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_65_ipd" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_65_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_65" OFF) endif() endif() if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux") if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS)) - cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_87_ipd" OFF) cmake_dependent_option(OQS_ENABLE_SIG_ml_dsa_87_avx2 "" ON "OQS_ENABLE_SIG_ml_dsa_87" OFF) endif() endif() diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index f41d1b718a..d83223bea7 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -138,7 +138,7 @@ jobs: path: build/*.deb - name: Check STD algorithm and alias if: matrix.name == 'jammy-std-openssl3' - run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"' + run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"' working-directory: build linux_arm_emulated: diff --git a/README.md b/README.md index b9a0d9f5d4..0e19b4399f 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Details on each supported algorithm can be found in the [docs/algorithms](https: The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES. -The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) (initial public draft) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below. +The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/final) (final standard) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts. @@ -69,7 +69,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes - **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5 - **Falcon**: Falcon-512, Falcon-1024, Falcon-padded-512, Falcon-padded-1024 - **MAYO**: MAYO-1, MAYO-2, MAYO-3, MAYO-5† -- **ML-DSA**: ML-DSA-44-ipd (alias: ML-DSA-44), ML-DSA-65-ipd (alias: ML-DSA-65), ML-DSA-87-ipd (alias: ML-DSA-87) +- **ML-DSA**: ML-DSA-44, ML-DSA-65, ML-DSA-87 - **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple - **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple diff --git a/docs/algorithms/sig/ml_dsa.md b/docs/algorithms/sig/ml_dsa.md index ab2b43488e..929eb6991e 100644 --- a/docs/algorithms/sig/ml_dsa.md +++ b/docs/algorithms/sig/ml_dsa.md @@ -4,10 +4,10 @@ - **Main cryptographic assumption**: hardness of lattice problems over module lattices. - **Principal submitters**: Vadim Lyubashevsky. - **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé. -- **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/ipd -- **Specification version**: ML-DSA-ipd. +- **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final +- **Specification version**: ML-DSA. - **Primary Source**: - - **Source**: https://github.com/pq-crystals/dilithium/commit/e7bed6258b9a3703ce78d4ec38021c86382ce31c with copy_from_upstream patches + - **Source**: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 with copy_from_upstream patches - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0 @@ -15,11 +15,11 @@ | Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) | |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:| -| ML-DSA-44-ipd | ML-DSA-44 | EUF-CMA | 2 | 1312 | 2560 | 2420 | -| ML-DSA-65-ipd | ML-DSA-65 | EUF-CMA | 3 | 1952 | 4032 | 3309 | -| ML-DSA-87-ipd | ML-DSA-87 | EUF-CMA | 5 | 2592 | 4896 | 4627 | +| ML-DSA-44 | NA | SUF-CMA | 2 | 1312 | 2560 | 2420 | +| ML-DSA-65 | NA | SUF-CMA | 3 | 1952 | 4032 | 3309 | +| ML-DSA-87 | NA | SUF-CMA | 5 | 2592 | 4896 | 4627 | -## ML-DSA-44-ipd implementation characteristics +## ML-DSA-44 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------| @@ -30,7 +30,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file. -## ML-DSA-65-ipd implementation characteristics +## ML-DSA-65 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| @@ -39,7 +39,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**. Are implementations chosen based on runtime CPU feature detection? **Yes**. -## ML-DSA-87-ipd implementation characteristics +## ML-DSA-87 implementation characteristics | Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? | |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------| diff --git a/docs/algorithms/sig/ml_dsa.yml b/docs/algorithms/sig/ml_dsa.yml index c936883588..ee29c20249 100644 --- a/docs/algorithms/sig/ml_dsa.yml +++ b/docs/algorithms/sig/ml_dsa.yml @@ -11,18 +11,17 @@ auxiliary-submitters: - Gregor Seiler - Damien Stehlé crypto-assumption: hardness of lattice problems over module lattices -website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/ipd -nist-round: ipd -spec-version: ML-DSA-ipd +website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final +nist-round: FIPS204 +spec-version: ML-DSA primary-upstream: - source: https://github.com/pq-crystals/dilithium/commit/e7bed6258b9a3703ce78d4ec38021c86382ce31c + source: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 with copy_from_upstream patches spdx-license-identifier: CC0-1.0 or Apache-2.0 parameter-sets: -- name: ML-DSA-44-ipd - alias: ML-DSA-44 +- name: ML-DSA-44 claimed-nist-level: 2 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 1312 length-secret-key: 2560 length-signature: 2420 @@ -51,10 +50,9 @@ parameter-sets: no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false -- name: ML-DSA-65-ipd - alias: ML-DSA-65 +- name: ML-DSA-65 claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 1952 length-secret-key: 4032 length-signature: 3309 @@ -83,10 +81,9 @@ parameter-sets: no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false -- name: ML-DSA-87-ipd - alias: ML-DSA-87 +- name: ML-DSA-87 claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 2592 length-secret-key: 4896 length-signature: 4627 diff --git a/docs/cbom.json b/docs/cbom.json index 57ef76b333..52cf0a0a59 100644 --- a/docs/cbom.json +++ b/docs/cbom.json @@ -2,23 +2,23 @@ "$schema": "https://raw.githubusercontent.com/CycloneDX/specification/1.6/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:679a1c2f-1dd4-4692-b098-1d4dacdfc75d", + "serialNumber": "urn:uuid:de1355bb-9681-4a7e-8aa9-0ccc414ebe3b", "version": 1, "metadata": { - "timestamp": "2024-10-01T14:21:06.857613+00:00", + "timestamp": "2024-11-05T12:25:53.012740+00:00", "component": { "type": "library", - "bom-ref": "pkg:github/open-quantum-safe/liboqs@bf7cbdca1bf2866da22b4b75e04b68baf6707a7b", + "bom-ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d", "name": "liboqs", - "version": "bf7cbdca1bf2866da22b4b75e04b68baf6707a7b" + "version": "69a80f8a66988521d51e94d716cff8c936c07b8d" } }, "components": [ { "type": "library", - "bom-ref": "pkg:github/open-quantum-safe/liboqs@bf7cbdca1bf2866da22b4b75e04b68baf6707a7b", + "bom-ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d", "name": "liboqs", - "version": "bf7cbdca1bf2866da22b4b75e04b68baf6707a7b" + "version": "69a80f8a66988521d51e94d716cff8c936c07b8d" }, { "type": "cryptographic-asset", @@ -2502,12 +2502,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-44-ipd:generic", + "bom-ref": "alg:ML-DSA-44:generic", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-44-ipd", + "parameterSetIdentifier": "ML-DSA-44", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -2522,12 +2522,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-44-ipd:x86_64", + "bom-ref": "alg:ML-DSA-44:x86_64", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-44-ipd", + "parameterSetIdentifier": "ML-DSA-44", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -2542,12 +2542,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-65-ipd:generic", + "bom-ref": "alg:ML-DSA-65:generic", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-65-ipd", + "parameterSetIdentifier": "ML-DSA-65", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -2562,12 +2562,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-65-ipd:x86_64", + "bom-ref": "alg:ML-DSA-65:x86_64", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-65-ipd", + "parameterSetIdentifier": "ML-DSA-65", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -2582,12 +2582,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-87-ipd:generic", + "bom-ref": "alg:ML-DSA-87:generic", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-87-ipd", + "parameterSetIdentifier": "ML-DSA-87", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -2602,12 +2602,12 @@ }, { "type": "cryptographic-asset", - "bom-ref": "alg:ML-DSA-87-ipd:x86_64", + "bom-ref": "alg:ML-DSA-87:x86_64", "name": "ML-DSA", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { - "parameterSetIdentifier": "ML-DSA-87-ipd", + "parameterSetIdentifier": "ML-DSA-87", "primitive": "signature", "executionEnvironment": "software-plain-ram", "cryptoFunctions": [ @@ -3127,7 +3127,7 @@ ], "dependencies": [ { - "ref": "pkg:github/open-quantum-safe/liboqs@bf7cbdca1bf2866da22b4b75e04b68baf6707a7b", + "ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d", "provides": [ "alg:BIKE-L1:x86_64", "alg:BIKE-L3:x86_64", @@ -3253,12 +3253,12 @@ "alg:MAYO-3:x86_64", "alg:MAYO-5:generic", "alg:MAYO-5:x86_64", - "alg:ML-DSA-44-ipd:generic", - "alg:ML-DSA-44-ipd:x86_64", - "alg:ML-DSA-65-ipd:generic", - "alg:ML-DSA-65-ipd:x86_64", - "alg:ML-DSA-87-ipd:generic", - "alg:ML-DSA-87-ipd:x86_64", + "alg:ML-DSA-44:generic", + "alg:ML-DSA-44:x86_64", + "alg:ML-DSA-65:generic", + "alg:ML-DSA-65:x86_64", + "alg:ML-DSA-87:generic", + "alg:ML-DSA-87:x86_64", "alg:SPHINCS+-SHA2-128f-simple:generic", "alg:SPHINCS+-SHA2-128f-simple:x86_64", "alg:SPHINCS+-SHA2-128s-simple:generic", @@ -4044,37 +4044,37 @@ ] }, { - "ref": "alg:ML-DSA-44-ipd:generic", + "ref": "alg:ML-DSA-44:generic", "dependsOn": [ "alg:sha3" ] }, { - "ref": "alg:ML-DSA-44-ipd:x86_64", + "ref": "alg:ML-DSA-44:x86_64", "dependsOn": [ "alg:sha3" ] }, { - "ref": "alg:ML-DSA-65-ipd:generic", + "ref": "alg:ML-DSA-65:generic", "dependsOn": [ "alg:sha3" ] }, { - "ref": "alg:ML-DSA-65-ipd:x86_64", + "ref": "alg:ML-DSA-65:x86_64", "dependsOn": [ "alg:sha3" ] }, { - "ref": "alg:ML-DSA-87-ipd:generic", + "ref": "alg:ML-DSA-87:generic", "dependsOn": [ "alg:sha3" ] }, { - "ref": "alg:ML-DSA-87-ipd:x86_64", + "ref": "alg:ML-DSA-87:x86_64", "dependsOn": [ "alg:sha3" ] diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml index 4dee43200e..ff23a2287d 100644 --- a/scripts/copy_from_upstream/copy_from_upstream.yml +++ b/scripts/copy_from_upstream/copy_from_upstream.yml @@ -49,11 +49,11 @@ upstreams: - name: pqcrystals-dilithium-standard git_url: https://github.com/pq-crystals/dilithium.git - git_branch: standard - git_commit: e7bed6258b9a3703ce78d4ec38021c86382ce31c + git_branch: master + git_commit: 444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 sig_meta_path: '{pretty_name_full}_META.yml' sig_scheme_path: '.' - patches: [pqcrystals-ml_dsa_ipd.patch] + patches: [pqcrystals-ml_dsa.patch] - name: pqmayo git_url: https://github.com/PQCMayo/MAYO-C.git @@ -172,17 +172,14 @@ kems: scheme: "512" pqclean_scheme: ml-kem-512 pretty_name_full: ML-KEM-512 - alias_pretty_name_full: ML-KEM-512 - scheme: "768" pqclean_scheme: ml-kem-768 pretty_name_full: ML-KEM-768 - alias_pretty_name_full: ML-KEM-768 - scheme: "1024" pqclean_scheme: ml-kem-1024 pretty_name_full: ML-KEM-1024 - alias_pretty_name_full: ML-KEM-1024 sigs: - name: dilithium @@ -214,26 +211,20 @@ sigs: upstream_location: pqcrystals-dilithium-standard schemes: - - scheme: "44_ipd" - pqclean_scheme: ml-dsa-44-ipd - pretty_name_full: ML-DSA-44-ipd + scheme: "44" + pqclean_scheme: ml-dsa-44 + pretty_name_full: ML-DSA-44 signed_msg_order: sig_then_msg - alias_scheme: "44" - alias_pretty_name_full: ML-DSA-44 - - scheme: "65_ipd" - pqclean_scheme: ml-dsa-65-ipd - pretty_name_full: ML-DSA-65-ipd + scheme: "65" + pqclean_scheme: ml-dsa-65 + pretty_name_full: ML-DSA-65 signed_msg_order: sig_then_msg - alias_scheme: "65" - alias_pretty_name_full: ML-DSA-65 - - scheme: "87_ipd" - pqclean_scheme: ml-dsa-87-ipd - pretty_name_full: ML-DSA-87-ipd + scheme: "87" + pqclean_scheme: ml-dsa-87 + pretty_name_full: ML-DSA-87 signed_msg_order: sig_then_msg - alias_scheme: "87" - alias_pretty_name_full: ML-DSA-87 - name: falcon default_implementation: clean diff --git a/scripts/copy_from_upstream/patches/pqcrystals-ml_dsa_ipd.patch b/scripts/copy_from_upstream/patches/pqcrystals-ml_dsa.patch similarity index 64% rename from scripts/copy_from_upstream/patches/pqcrystals-ml_dsa_ipd.patch rename to scripts/copy_from_upstream/patches/pqcrystals-ml_dsa.patch index 58e1cf34de..e82d5c1edb 100644 --- a/scripts/copy_from_upstream/patches/pqcrystals-ml_dsa_ipd.patch +++ b/scripts/copy_from_upstream/patches/pqcrystals-ml_dsa.patch @@ -1,29 +1,19 @@ -diff --git a/Dilithium2_META.yml b/ML-DSA-44-ipd_META.yml -index 0e2e6fc..d99edb5 100644 +diff --git a/Dilithium2_META.yml b/Dilithium2_META.yml +index 122b3ca..2d5686a 100644 --- a/Dilithium2_META.yml -+++ b/ML-DSA-44-ipd_META.yml -@@ -1,11 +1,11 @@ ++++ b/ML-DSA-44_META.yml +@@ -1,4 +1,4 @@ -name: Dilithium2 -+name: ML-DSA-44-ipd ++name: ML-DSA-44 type: signature claimed-nist-level: 2 length-public-key: 1312 --length-secret-key: 2528 -+length-secret-key: 2560 - length-signature: 2420 --nistkat-sha256: 26ae9c1224171e957dbe38672942d31edb7dffbe700825e0cb52128cdb45280a --testvectors-sha256: b56155479f5643a3cb3d73260ba2b1fd7e772a49b6f4cebcf742cd860fbf6879 -+nistkat-sha256: e6f3ec4dc0b02dd3bcbbc6b105190e1890ca0bb3f802e2b571f0d70f3993a2e1 -+testvectors-sha256: aff4dbcb0c5ad52c840036907661efd2cafd6c1cba95ed052184f45adf30f365 - principal-submitters: - - Vadim Lyubashevsky - auxiliary-submitters: -@@ -18,22 +18,20 @@ auxiliary-submitters: +@@ -18,22 +18,22 @@ auxiliary-submitters: - Damien Stehlé implementations: - name: ref -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 -+ version: https://github.com/pq-crystals/dilithium/tree/standard +- version: https://github.com/pq-crystals/dilithium/tree/master ++ version: FIPS204 folder_name: ref - compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium2_ref_keypair @@ -32,54 +22,45 @@ index 0e2e6fc..d99edb5 100644 - sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref + compile_opts: -DDILITHIUM_MODE=2 -+ signature_keypair: pqcrystals_ml_dsa_44_ipd_ref_keypair -+ signature_signature: pqcrystals_ml_dsa_44_ipd_ref_signature -+ signature_verify: pqcrystals_ml_dsa_44_ipd_ref_verify ++ signature_keypair: pqcrystals_ml_dsa_44_ref_keypair ++ signature_signature: pqcrystals_ml_dsa_44_ref_signature ++ signature_verify: pqcrystals_ml_dsa_44_ref_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c - name: avx2 -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 +- version: https://github.com/pq-crystals/dilithium/tree/master - compile_opts: -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium2_avx2_keypair - signature_signature: pqcrystals_dilithium2_avx2_signature - signature_verify: pqcrystals_dilithium2_avx2_verify - sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 -+ version: https://github.com/pq-crystals/dilithium/tree/standard ++ version: FIPS204 + compile_opts: -DDILITHIUM_MODE=2 -+ signature_keypair: pqcrystals_ml_dsa_44_ipd_avx2_keypair -+ signature_signature: pqcrystals_ml_dsa_44_ipd_avx2_signature -+ signature_verify: pqcrystals_ml_dsa_44_ipd_avx2_verify ++ signature_keypair: pqcrystals_ml_dsa_44_avx2_keypair ++ signature_signature: pqcrystals_ml_dsa_44_avx2_signature ++ signature_verify: pqcrystals_ml_dsa_44_avx2_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: -diff --git a/Dilithium3_META.yml b/ML-DSA-65-ipd_META.yml -index d1bca64..72a43e7 100644 +diff --git a/Dilithium3_META.yml b/Dilithium3_META.yml +index b108b4f..47a4ba0 100644 --- a/Dilithium3_META.yml -+++ b/ML-DSA-65-ipd_META.yml -@@ -1,11 +1,11 @@ ++++ b/ML-DSA-65_META.yml +@@ -1,4 +1,4 @@ -name: Dilithium3 -+name: ML-DSA-65-ipd ++name: ML-DSA-65 type: signature claimed-nist-level: 3 length-public-key: 1952 --length-secret-key: 4000 --length-signature: 3293 --nistkat-sha256: eea584803c3d6991a4acbf9f117147bbdd246faf822cfb1a17effe20b2052ba9 --testvectors-sha256: a237032c7840a0d2f922951f806c2199f8f86b8a8947f6f6f1b856c925222958 -+length-secret-key: 4032 -+length-signature: 3309 -+nistkat-sha256: 7225c4531086d88c9b7fa18101b0f78dda2d38df88812c65ddc1ae94fe3c01a7 -+testvectors-sha256: e0a98c0a29137dcbeb12104ccaa6a0555a9bdb4dcfbc2b0fc9a959dd8b6c8699 - principal-submitters: - - Vadim Lyubashevsky - auxiliary-submitters: -@@ -18,22 +18,20 @@ auxiliary-submitters: +@@ -18,22 +18,22 @@ auxiliary-submitters: - Damien Stehlé implementations: - name: ref -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 -+ version: https://github.com/pq-crystals/dilithium/tree/standard +- version: https://github.com/pq-crystals/dilithium/tree/master ++ version: FIPS204 folder_name: ref - compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium3_ref_keypair @@ -88,54 +69,45 @@ index d1bca64..72a43e7 100644 - sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref + compile_opts: -DDILITHIUM_MODE=3 -+ signature_keypair: pqcrystals_ml_dsa_65_ipd_ref_keypair -+ signature_signature: pqcrystals_ml_dsa_65_ipd_ref_signature -+ signature_verify: pqcrystals_ml_dsa_65_ipd_ref_verify ++ signature_keypair: pqcrystals_ml_dsa_65_ref_keypair ++ signature_signature: pqcrystals_ml_dsa_65_ref_signature ++ signature_verify: pqcrystals_ml_dsa_65_ref_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c - name: avx2 -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 +- version: https://github.com/pq-crystals/dilithium/tree/master - compile_opts: -DDILITHIUM_MODE=3 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium3_avx2_keypair - signature_signature: pqcrystals_dilithium3_avx2_signature - signature_verify: pqcrystals_dilithium3_avx2_verify - sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 -+ version: https://github.com/pq-crystals/dilithium/tree/standard ++ version: FIPS204 + compile_opts: -DDILITHIUM_MODE=3 -+ signature_keypair: pqcrystals_ml_dsa_65_ipd_avx2_keypair -+ signature_signature: pqcrystals_ml_dsa_65_ipd_avx2_signature -+ signature_verify: pqcrystals_ml_dsa_65_ipd_avx2_verify ++ signature_keypair: pqcrystals_ml_dsa_65_avx2_keypair ++ signature_signature: pqcrystals_ml_dsa_65_avx2_signature ++ signature_verify: pqcrystals_ml_dsa_65_avx2_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: -diff --git a/Dilithium5_META.yml b/ML-DSA-87-ipd_META.yml -index a4dbdbf..bf68590 100644 +diff --git a/Dilithium5_META.yml b/Dilithium5_META.yml +index 5163526..e9bff1e 100644 --- a/Dilithium5_META.yml -+++ b/ML-DSA-87-ipd_META.yml -@@ -1,11 +1,11 @@ ++++ b/ML-DSA-87_META.yml +@@ -1,4 +1,4 @@ -name: Dilithium5 -+name: ML-DSA-87-ipd ++name: ML-DSA-87 type: signature claimed-nist-level: 5 length-public-key: 2592 --length-secret-key: 4864 --length-signature: 4595 --nistkat-sha256: 3f6e58603a38be57cf08d79b01fcfd0ccc1129a09e14a6122c6fe22c906ddc3b --testvectors-sha256: ddeb95f4a743562010bce527ea7c99fed4ce1234bafd5ed6f44eea0f065ba49c -+length-secret-key: 4896 -+length-signature: 4627 -+nistkat-sha256: f5cb5ed44a261a4118f9cfd5d55b4210939cb5b8531968a10c37060551a8927f -+testvectors-sha256: 9a1985c10b13efefee50067edf3432ed8ab48a62965743feb45a317485980883 - principal-submitters: - - Vadim Lyubashevsky - auxiliary-submitters: -@@ -18,22 +18,20 @@ auxiliary-submitters: +@@ -18,22 +18,22 @@ auxiliary-submitters: - Damien Stehlé implementations: - name: ref -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 -+ version: https://github.com/pq-crystals/dilithium/tree/standard +- version: https://github.com/pq-crystals/dilithium/tree/master ++ version: FIPS204 folder_name: ref - compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium5_ref_keypair @@ -144,107 +116,33 @@ index a4dbdbf..bf68590 100644 - sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h fips202.h symmetric-shake.c - common_dep: common_ref + compile_opts: -DDILITHIUM_MODE=5 -+ signature_keypair: pqcrystals_ml_dsa_87_ipd_ref_keypair -+ signature_signature: pqcrystals_ml_dsa_87_ipd_ref_signature -+ signature_verify: pqcrystals_ml_dsa_87_ipd_ref_verify ++ signature_keypair: pqcrystals_ml_dsa_87_ref_keypair ++ signature_signature: pqcrystals_ml_dsa_87_ref_signature ++ signature_verify: pqcrystals_ml_dsa_87_ref_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.c ntt.h reduce.c reduce.h rounding.c rounding.h symmetric.h symmetric-shake.c - name: avx2 -- version: https://github.com/pq-crystals/dilithium/commit/d9c885d3f2e11c05529eeeb7d70d808c972b8409 +- version: https://github.com/pq-crystals/dilithium/tree/master - compile_opts: -DDILITHIUM_MODE=5 -DDILITHIUM_RANDOMIZED_SIGNING - signature_keypair: pqcrystals_dilithium5_avx2_keypair - signature_signature: pqcrystals_dilithium5_avx2_signature - signature_verify: pqcrystals_dilithium5_avx2_verify - sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h fips202.h fips202x4.h symmetric-shake.c - common_dep: common_avx2 -+ version: https://github.com/pq-crystals/dilithium/tree/standard ++ version: FIPS204 + compile_opts: -DDILITHIUM_MODE=5 -+ signature_keypair: pqcrystals_ml_dsa_87_ipd_avx2_keypair -+ signature_signature: pqcrystals_ml_dsa_87_ipd_avx2_signature -+ signature_verify: pqcrystals_ml_dsa_87_ipd_avx2_verify ++ signature_keypair: pqcrystals_ml_dsa_87_avx2_keypair ++ signature_signature: pqcrystals_ml_dsa_87_avx2_signature ++ signature_verify: pqcrystals_ml_dsa_87_avx2_verify ++ api-with-context-string: true + sources: ../LICENSE api.h config.h params.h align.h sign.c sign.h packing.c packing.h polyvec.c polyvec.h poly.c poly.h ntt.S invntt.S pointwise.S ntt.h shuffle.S shuffle.inc consts.c consts.h rejsample.c rejsample.h rounding.c rounding.h symmetric.h symmetric-shake.c supported_platforms: - architecture: x86_64 operating_systems: -diff --git a/README.md b/README.md -index 5a5d48d..d6b337a 100644 ---- a/README.md -+++ b/README.md -@@ -18,9 +18,9 @@ brew install openssl - ``` - Then, run - ```sh --export CFLAGS="-I/usr/local/opt/openssl@1.1/include" --export NISTFLAGS="-I/usr/local/opt/openssl@1.1/include" --export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib" -+export CFLAGS="-I/opt/homebrew/opt/openssl@1.1/include" -+export NISTFLAGS="-I/opt/homebrew/opt/openssl@1.1/include" -+export LDFLAGS="-L/opt/homebrew/opt/openssl@1.1/lib" - ``` - before compilation to add the OpenSSL header and library locations to the respective search paths. - -@@ -60,11 +60,11 @@ Our Dilithium implementations are contained in the [SUPERCOP](https://bench.cr.y - - ## Randomized signing - --By default our code implements Dilithium's deterministic signing mode. To change this to the randomized signing mode, define the `DILITHIUM_RANDOMIZED_SIGNING` preprocessor macro at compilation by either uncommenting the line -+By default our code implements Dilithium's randomized signing mode. To change this to the deterministic signing mode, undefine the `DILITHIUM_RANDOMIZED_SIGNING` preprocessor macro at compilation by commenting the line - ```sh --//#define DILITHIUM_RANDOMIZED_SIGNING -+#define DILITHIUM_RANDOMIZED_SIGNING - ``` --in config.h, or adding `-DDILITHIUM_RANDOMIZED_SIGNING` to the compiler flags in the environment variable `CFLAGS`. -+in config.h. - - ## Shared libraries - -diff --git a/avx2/api.h b/avx2/api.h -index 1948a96..55b6376 100644 ---- a/avx2/api.h -+++ b/avx2/api.h -@@ -5,7 +5,7 @@ - #include - - #define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 --#define pqcrystals_dilithium2_SECRETKEYBYTES 2528 -+#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 - #define pqcrystals_dilithium2_BYTES 2420 - - #define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES -@@ -32,8 +32,8 @@ int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, - - - #define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 --#define pqcrystals_dilithium3_SECRETKEYBYTES 4000 --#define pqcrystals_dilithium3_BYTES 3293 -+#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 -+#define pqcrystals_dilithium3_BYTES 3309 - - #define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES - #define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES -@@ -59,8 +59,8 @@ int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, - - - #define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 --#define pqcrystals_dilithium5_SECRETKEYBYTES 4864 --#define pqcrystals_dilithium5_BYTES 4595 -+#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 -+#define pqcrystals_dilithium5_BYTES 4627 - - #define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES - #define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES diff --git a/avx2/config.h b/avx2/config.h -index ba5caa8..e59f81a 100644 +index a9facc0..3944cb4 100644 --- a/avx2/config.h +++ b/avx2/config.h -@@ -2,7 +2,7 @@ - #define CONFIG_H - - //#define DILITHIUM_MODE 2 --//#define DILITHIUM_RANDOMIZED_SIGNING -+#define DILITHIUM_RANDOMIZED_SIGNING - //#define USE_RDPMC - //#define DBENCH - @@ -11,17 +11,17 @@ #endif @@ -252,28 +150,68 @@ index ba5caa8..e59f81a 100644 -#define CRYPTO_ALGNAME "Dilithium2" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_avx2_##s -+#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_avx2 -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_avx2_##s ++#define CRYPTO_ALGNAME "ML-DSA-44" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_avx2 ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_avx2_##s #elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "Dilithium3" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_avx2_##s -+#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_avx2 -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_avx2_##s ++#define CRYPTO_ALGNAME "ML-DSA-65" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_avx2 ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_avx2_##s #elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "Dilithium5" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_avx2_##s -+#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_avx2 -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_avx2_##s ++#define CRYPTO_ALGNAME "ML-DSA-87" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_avx2 ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_avx2_##s #endif #endif +diff --git a/avx2/f1600x4.S b/avx2/f1600x4.S +index 5455129..497b8ca 100644 +--- a/avx2/f1600x4.S ++++ b/avx2/f1600x4.S +@@ -905,5 +905,3 @@ addq $32, %rsi + subq $1, %rax + jnz looptop + ret +- +-.section .note.GNU-stack,"",@progbits +diff --git a/avx2/invntt.S b/avx2/invntt.S +index d40ca13..3e9864c 100644 +--- a/avx2/invntt.S ++++ b/avx2/invntt.S +@@ -236,5 +236,3 @@ levels6t7 2 + levels6t7 3 + + ret +- +-.section .note.GNU-stack,"",@progbits +diff --git a/avx2/ntt.S b/avx2/ntt.S +index 026f057..ebe17d3 100644 +--- a/avx2/ntt.S ++++ b/avx2/ntt.S +@@ -194,5 +194,3 @@ levels2t7 2 + levels2t7 3 + + ret +- +-.section .note.GNU-stack,"",@progbits +diff --git a/avx2/pointwise.S b/avx2/pointwise.S +index 6b687c7..ae7ff79 100644 +--- a/avx2/pointwise.S ++++ b/avx2/pointwise.S +@@ -209,5 +209,3 @@ cmp $16,%eax + jb _looptop2 + + ret +- +-.section .note.GNU-stack,"",@progbits diff --git a/avx2/poly.c b/avx2/poly.c -index c1b21c1..25d3682 100644 +index 340e91d..0a4ecb6 100644 --- a/avx2/poly.c +++ b/avx2/poly.c @@ -401,6 +401,7 @@ void poly_uniform(poly *a, const uint8_t seed[SEEDBYTES], uint16_t nonce) @@ -370,7 +308,7 @@ index c1b21c1..25d3682 100644 polyz_unpack(a0, buf[0].coeffs); polyz_unpack(a1, buf[1].coeffs); -@@ -670,12 +679,12 @@ void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) { +@@ -670,12 +679,12 @@ void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; ALIGNED_UINT8(SHAKE256_RATE) buf; @@ -378,17 +316,17 @@ index c1b21c1..25d3682 100644 + shake256incctx state; - shake256_init(&state); -- shake256_absorb(&state, seed, SEEDBYTES); +- shake256_absorb(&state, seed, CTILDEBYTES); - shake256_finalize(&state); - shake256_squeezeblocks(buf.coeffs, 1, &state); + shake256_inc_init(&state); -+ shake256_inc_absorb(&state, seed, SEEDBYTES); ++ shake256_inc_absorb(&state, seed, CTILDEBYTES); + shake256_inc_finalize(&state); + shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state); memcpy(&signs, buf.coeffs, 8); pos = 8; -@@ -695,6 +704,7 @@ void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) { +@@ -695,6 +704,7 @@ void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) { c->coeffs[b] = 1 - 2*(signs & 1); signs >>= 1; } @@ -396,11 +334,21 @@ index c1b21c1..25d3682 100644 } /************************************************* +diff --git a/avx2/shuffle.S b/avx2/shuffle.S +index 08c757c..133e051 100644 +--- a/avx2/shuffle.S ++++ b/avx2/shuffle.S +@@ -50,5 +50,3 @@ call nttunpack128_avx + add $256,%rdi + call nttunpack128_avx + ret +- +-.section .note.GNU-stack,"",@progbits diff --git a/avx2/sign.c b/avx2/sign.c -index c8f2398..a39f851 100644 +index efb6ea3..532e37c 100644 --- a/avx2/sign.c +++ b/avx2/sign.c -@@ -161,7 +161,7 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t +@@ -168,7 +168,7 @@ int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t * polyvecl y; polyveck w0; } tmpv; @@ -409,24 +357,40 @@ index c8f2398..a39f851 100644 rho = seedbuf; tr = rho + SEEDBYTES; -@@ -172,11 +172,11 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t +@@ -178,20 +178,20 @@ int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t * unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - /* Compute CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ - shake256_init(&state); - shake256_absorb(&state, tr, TRBYTES); +- shake256_absorb(&state, pre, prelen); - shake256_absorb(&state, m, mlen); - shake256_finalize(&state); - shake256_squeeze(mu, CRHBYTES, &state); + shake256_inc_init(&state); + shake256_inc_absorb(&state, tr, TRBYTES); ++ shake256_inc_absorb(&state, pre, prelen); + shake256_inc_absorb(&state, m, mlen); + shake256_inc_finalize(&state); + shake256_inc_squeeze(mu, CRHBYTES, &state); - #ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -@@ -223,11 +223,11 @@ rej: + /* Compute rhoprime = CRH(key, rnd, mu) */ +- shake256_init(&state); +- shake256_absorb(&state, key, SEEDBYTES); +- shake256_absorb(&state, rnd, RNDBYTES); +- shake256_absorb(&state, mu, CRHBYTES); +- shake256_finalize(&state); +- shake256_squeeze(rhoprime, CRHBYTES, &state); ++ shake256_inc_ctx_reset(&state); ++ shake256_inc_absorb(&state, key, SEEDBYTES); ++ shake256_inc_absorb(&state, rnd, RNDBYTES); ++ shake256_inc_absorb(&state, mu, CRHBYTES); ++ shake256_inc_finalize(&state); ++ shake256_inc_squeeze(rhoprime, CRHBYTES, &state); + + /* Expand matrix and transform vectors */ + polyvec_matrix_expand(mat, rho); +@@ -231,11 +231,11 @@ rej: polyveck_decompose(&w1, &tmpv.w0, &w1); polyveck_pack_w1(sig, &w1); @@ -443,7 +407,7 @@ index c8f2398..a39f851 100644 poly_challenge(&c, sig); poly_ntt(&c); -@@ -272,6 +272,7 @@ rej: +@@ -280,6 +280,7 @@ rej: hint[OMEGA + i] = pos = pos + n; } @@ -451,7 +415,7 @@ index c8f2398..a39f851 100644 /* Pack z into signature */ for(i = 0; i < L; i++) polyz_pack(sig + CTILDEBYTES + i*POLYZ_PACKEDBYTES, &z.vec[i]); -@@ -329,18 +330,19 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size +@@ -384,19 +385,19 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t polyvecl *row = rowbuf; polyvecl z; poly c, w1, h; @@ -461,24 +425,52 @@ index c8f2398..a39f851 100644 if(siglen != CRYPTO_BYTES) return -1; - /* Compute CRH(H(rho, t1), msg) */ - shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES); + /* Compute CRH(H(rho, t1), pre, msg) */ + shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); - shake256_init(&state); - shake256_absorb(&state, mu, CRHBYTES); +- shake256_absorb(&state, pre, prelen); - shake256_absorb(&state, m, mlen); - shake256_finalize(&state); - shake256_squeeze(mu, CRHBYTES, &state); + shake256_inc_init(&state); + shake256_inc_absorb(&state, mu, CRHBYTES); ++ shake256_inc_absorb(&state, pre, prelen); + shake256_inc_absorb(&state, m, mlen); + shake256_inc_finalize(&state); + shake256_inc_squeeze(mu, CRHBYTES, &state); -+ shake256_inc_ctx_release(&state); /* Expand challenge */ poly_challenge(&c, sig); -@@ -390,11 +392,12 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size - if(hint[j]) return -1; +@@ -426,12 +427,17 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t + + /* Get hint polynomial and reconstruct w1 */ + memset(h.vec, 0, sizeof(poly)); +- if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) ++ if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) { ++ shake256_inc_ctx_release(&state); + return -1; ++ } + + for(j = pos; j < hint[OMEGA + i]; ++j) { + /* Coefficients are ordered for strong unforgeability */ +- if(j > pos && hint[j] <= hint[j-1]) return -1; ++ if(j > pos && hint[j] <= hint[j-1]) { ++ shake256_inc_ctx_release(&state); ++ return -1; ++ } + h.coeffs[hint[j]] = 1; + } + pos = hint[OMEGA + i]; +@@ -443,14 +449,18 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t + + /* Extra indices are zero for strong unforgeability */ + for(j = pos; j < OMEGA; ++j) +- if(hint[j]) return -1; ++ if(hint[j]) { ++ shake256_inc_ctx_release(&state); ++ return -1; ++ } /* Call random oracle and verify challenge */ - shake256_init(&state); @@ -486,7 +478,7 @@ index c8f2398..a39f851 100644 - shake256_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES); - shake256_finalize(&state); - shake256_squeeze(buf.coeffs, CTILDEBYTES, &state); -+ shake256_inc_init(&state); ++ shake256_inc_ctx_reset(&state); + shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES); + shake256_inc_finalize(&state); @@ -527,41 +519,10 @@ index 8f3c3c5..fa49963 100644 +#define stream256_release(STATE) shake256_inc_ctx_release(STATE) #endif -diff --git a/ref/api.h b/ref/api.h -index cc5c6fe..78caa5c 100644 ---- a/ref/api.h -+++ b/ref/api.h -@@ -33,7 +33,7 @@ int pqcrystals_dilithium2_ref_open(uint8_t *m, size_t *mlen, - - #define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 - #define pqcrystals_dilithium3_SECRETKEYBYTES 4032 --#define pqcrystals_dilithium3_BYTES 3293 -+#define pqcrystals_dilithium3_BYTES 3309 - - #define pqcrystals_dilithium3_ref_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES - #define pqcrystals_dilithium3_ref_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES -@@ -60,7 +60,7 @@ int pqcrystals_dilithium3_ref_open(uint8_t *m, size_t *mlen, - - #define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 - #define pqcrystals_dilithium5_SECRETKEYBYTES 4896 --#define pqcrystals_dilithium5_BYTES 4595 -+#define pqcrystals_dilithium5_BYTES 4627 - - #define pqcrystals_dilithium5_ref_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES - #define pqcrystals_dilithium5_ref_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES diff --git a/ref/config.h b/ref/config.h -index 5ddcd8c..eddf13f 100644 +index 98b8ccb..8008e11 100644 --- a/ref/config.h +++ b/ref/config.h -@@ -2,7 +2,7 @@ - #define CONFIG_H - - //#define DILITHIUM_MODE 2 --//#define DILITHIUM_RANDOMIZED_SIGNING -+#define DILITHIUM_RANDOMIZED_SIGNING - //#define USE_RDPMC - //#define DBENCH - @@ -11,17 +11,17 @@ #endif @@ -569,49 +530,28 @@ index 5ddcd8c..eddf13f 100644 -#define CRYPTO_ALGNAME "Dilithium2" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium2_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium2_ref_##s -+#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_ref -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_ref_##s ++#define CRYPTO_ALGNAME "ML-DSA-44" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ref ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ref_##s #elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "Dilithium3" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium3_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium3_ref_##s -+#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_ref -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_ref_##s ++#define CRYPTO_ALGNAME "ML-DSA-65" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ref ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ref_##s #elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "Dilithium5" -#define DILITHIUM_NAMESPACETOP pqcrystals_dilithium5_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_dilithium5_ref_##s -+#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -+#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_ref -+#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_ref_##s ++#define CRYPTO_ALGNAME "ML-DSA-87" ++#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ref ++#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ref_##s #endif - #endif -diff --git a/ref/packing.h b/ref/packing.h -index 1e8e9e7..8e47728 100644 ---- a/ref/packing.h -+++ b/ref/packing.h -@@ -18,7 +18,7 @@ void pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES], - const polyveck *s2); - - #define pack_sig DILITHIUM_NAMESPACE(pack_sig) --void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[SEEDBYTES], const polyvecl *z, const polyveck *h); -+void pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[CTILDEBYTES], const polyvecl *z, const polyveck *h); - - #define unpack_pk DILITHIUM_NAMESPACE(unpack_pk) - void unpack_pk(uint8_t rho[SEEDBYTES], polyveck *t1, const uint8_t pk[CRYPTO_PUBLICKEYBYTES]); -@@ -33,6 +33,6 @@ void unpack_sk(uint8_t rho[SEEDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]); - - #define unpack_sig DILITHIUM_NAMESPACE(unpack_sig) --int unpack_sig(uint8_t c[SEEDBYTES], polyvecl *z, polyveck *h, const uint8_t sig[CRYPTO_BYTES]); -+int unpack_sig(uint8_t c[CTILDEBYTES], polyvecl *z, polyveck *h, const uint8_t sig[CRYPTO_BYTES]); - #endif diff --git a/ref/poly.c b/ref/poly.c -index fe3b787..7983aac 100644 +index 0db4f42..691b5e8 100644 --- a/ref/poly.c +++ b/ref/poly.c @@ -365,6 +365,7 @@ void poly_uniform(poly *a, @@ -638,7 +578,7 @@ index fe3b787..7983aac 100644 polyz_unpack(a, buf); } -@@ -490,11 +493,11 @@ void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) { +@@ -490,11 +493,11 @@ void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; uint8_t buf[SHAKE256_RATE]; @@ -646,15 +586,15 @@ index fe3b787..7983aac 100644 + shake256incctx state; - shake256_init(&state); -- shake256_absorb(&state, seed, SEEDBYTES); +- shake256_absorb(&state, seed, CTILDEBYTES); - shake256_finalize(&state); + shake256_inc_init(&state); -+ shake256_inc_absorb(&state, seed, SEEDBYTES); ++ shake256_inc_absorb(&state, seed, CTILDEBYTES); + shake256_inc_finalize(&state); shake256_squeezeblocks(buf, 1, &state); signs = 0; -@@ -518,6 +521,7 @@ void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) { +@@ -518,6 +521,7 @@ void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) { c->coeffs[b] = 1 - 2*(signs & 1); signs >>= 1; } @@ -663,10 +603,10 @@ index fe3b787..7983aac 100644 /************************************************* diff --git a/ref/sign.c b/ref/sign.c -index d25a399..9298ad2 100644 +index 7d3f882..abb033c 100644 --- a/ref/sign.c +++ b/ref/sign.c -@@ -90,7 +90,7 @@ int crypto_sign_signature(uint8_t *sig, +@@ -98,7 +98,7 @@ int crypto_sign_signature_internal(uint8_t *sig, polyvecl mat[K], s1, y, z; polyveck t0, s2, w1, w0, h; poly cp; @@ -675,24 +615,40 @@ index d25a399..9298ad2 100644 rho = seedbuf; tr = rho + SEEDBYTES; -@@ -102,11 +102,11 @@ int crypto_sign_signature(uint8_t *sig, - +@@ -108,20 +108,20 @@ int crypto_sign_signature_internal(uint8_t *sig, + unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - /* Compute mu = CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ - shake256_init(&state); - shake256_absorb(&state, tr, TRBYTES); +- shake256_absorb(&state, pre, prelen); - shake256_absorb(&state, m, mlen); - shake256_finalize(&state); - shake256_squeeze(mu, CRHBYTES, &state); + shake256_inc_init(&state); + shake256_inc_absorb(&state, tr, TRBYTES); ++ shake256_inc_absorb(&state, pre, prelen); + shake256_inc_absorb(&state, m, mlen); + shake256_inc_finalize(&state); + shake256_inc_squeeze(mu, CRHBYTES, &state); - #ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -@@ -138,11 +138,11 @@ rej: + /* Compute rhoprime = CRH(key, rnd, mu) */ +- shake256_init(&state); +- shake256_absorb(&state, key, SEEDBYTES); +- shake256_absorb(&state, rnd, RNDBYTES); +- shake256_absorb(&state, mu, CRHBYTES); +- shake256_finalize(&state); +- shake256_squeeze(rhoprime, CRHBYTES, &state); ++ shake256_inc_ctx_reset(&state); ++ shake256_inc_absorb(&state, key, SEEDBYTES); ++ shake256_inc_absorb(&state, rnd, RNDBYTES); ++ shake256_inc_absorb(&state, mu, CRHBYTES); ++ shake256_inc_finalize(&state); ++ shake256_inc_squeeze(rhoprime, CRHBYTES, &state); + + /* Expand matrix and transform vectors */ + polyvec_matrix_expand(mat, rho); +@@ -145,11 +145,11 @@ rej: polyveck_decompose(&w1, &w0, &w1); polyveck_pack_w1(sig, &w1); @@ -706,10 +662,10 @@ index d25a399..9298ad2 100644 + shake256_inc_absorb(&state, sig, K*POLYW1_PACKEDBYTES); + shake256_inc_finalize(&state); + shake256_inc_squeeze(sig, CTILDEBYTES, &state); - poly_challenge(&cp, sig); /* uses only the first SEEDBYTES bytes of sig */ + poly_challenge(&cp, sig); poly_ntt(&cp); -@@ -175,6 +175,8 @@ rej: +@@ -182,6 +182,8 @@ rej: if(n > OMEGA) goto rej; @@ -718,7 +674,7 @@ index d25a399..9298ad2 100644 /* Write signature */ pack_sig(sig, sig, &z, &h); *siglen = CRYPTO_BYTES; -@@ -240,7 +242,7 @@ int crypto_sign_verify(const uint8_t *sig, +@@ -303,7 +305,7 @@ int crypto_sign_verify_internal(const uint8_t *sig, poly cp; polyvecl mat[K], z; polyveck t1, w1, h; @@ -727,24 +683,26 @@ index d25a399..9298ad2 100644 if(siglen != CRYPTO_BYTES) return -1; -@@ -253,11 +255,11 @@ int crypto_sign_verify(const uint8_t *sig, +@@ -316,12 +318,12 @@ int crypto_sign_verify_internal(const uint8_t *sig, - /* Compute CRH(H(rho, t1), msg) */ - shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES); + /* Compute CRH(H(rho, t1), pre, msg) */ + shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); - shake256_init(&state); -- shake256_absorb(&state, mu, CRHBYTES); +- shake256_absorb(&state, mu, TRBYTES); +- shake256_absorb(&state, pre, prelen); - shake256_absorb(&state, m, mlen); - shake256_finalize(&state); - shake256_squeeze(mu, CRHBYTES, &state); + shake256_inc_init(&state); -+ shake256_inc_absorb(&state, mu, CRHBYTES); ++ shake256_inc_absorb(&state, mu, TRBYTES); ++ shake256_inc_absorb(&state, pre, prelen); + shake256_inc_absorb(&state, m, mlen); + shake256_inc_finalize(&state); + shake256_inc_squeeze(mu, CRHBYTES, &state); /* Matrix-vector multiplication; compute Az - c2^dt1 */ - poly_challenge(&cp, c); /* uses only the first SEEDBYTES bytes of c */ -@@ -281,11 +283,12 @@ int crypto_sign_verify(const uint8_t *sig, + poly_challenge(&cp, c); +@@ -345,11 +347,12 @@ int crypto_sign_verify_internal(const uint8_t *sig, polyveck_pack_w1(buf, &w1); /* Call random oracle and verify challenge */ @@ -762,6 +720,37 @@ index d25a399..9298ad2 100644 for(i = 0; i < CTILDEBYTES; ++i) if(c[i] != c2[i]) return -1; +diff --git a/ref/sign.h b/ref/sign.h +index 2741e8f..0b5f74a 100644 +--- a/ref/sign.h ++++ b/ref/sign.h +@@ -1,6 +1,8 @@ + #ifndef SIGN_H + #define SIGN_H + ++#include ++ + #include + #include + #include "params.h" +@@ -11,7 +13,7 @@ + int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + #define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +-int crypto_sign_signature_internal(uint8_t *sig, ++OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, +@@ -33,7 +35,7 @@ int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *sk); + + #define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +-int crypto_sign_verify_internal(const uint8_t *sig, ++OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, diff --git a/ref/symmetric-shake.c b/ref/symmetric-shake.c index 11ec09c..963f649 100644 --- a/ref/symmetric-shake.c diff --git a/scripts/copy_from_upstream/src/sig/family/sig_family.h b/scripts/copy_from_upstream/src/sig/family/sig_family.h index 94d3a78c15..63e571b656 100644 --- a/scripts/copy_from_upstream/src/sig/family/sig_family.h +++ b/scripts/copy_from_upstream/src/sig/family/sig_family.h @@ -6,6 +6,7 @@ #include {% for scheme in schemes -%} +{%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first -%} #if defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['alias_scheme'] }}){%- endif %} #define OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key {{ scheme['metadata']['length-public-key'] }} #define OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key {{ scheme['metadata']['length-secret-key'] }} @@ -15,6 +16,8 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void); OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); {% if 'alias_scheme' in scheme %} #define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_length_public_key OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key #define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_length_secret_key OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key @@ -23,6 +26,10 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void); #define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_keypair OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_keypair #define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_sign OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign #define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_verify OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify +{%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} +#define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_sign_with_ctx_str OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign +#define OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_verify_with_ctx_str OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify +{%- endif %} {% endif -%} #endif diff --git a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c index 235c857301..e32d4fec65 100644 --- a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c +++ b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c @@ -9,6 +9,7 @@ {% if 'alias_scheme' in scheme %} #if defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}) {% endif %} +{%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first -%} OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -20,6 +21,11 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) { sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }}; sig->euf_cma = {{ scheme['metadata']['euf_cma'] }}; + {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} + sig->sig_with_ctx_support = true; + {%- else %} + sig->sig_with_ctx_support = false; + {%- endif %} sig->length_public_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key; sig->length_secret_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key; @@ -28,6 +34,8 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) { sig->keypair = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_keypair; sig->sign = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign; sig->verify = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify; + sig->sign_with_ctx_str = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify_with_ctx_str; return sig; } @@ -58,6 +66,13 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) { sig->keypair = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_keypair; sig->sign = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign; sig->verify = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify; + {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} + sig->sign_with_ctx_str = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify_with_ctx_str; + {%- else %} + sig->sign_with_ctx_str = NULL + sig->verify_with_ctx_str = NULL; + {%- endif %} return sig; } @@ -79,14 +94,22 @@ extern int {{ scheme['metadata']['default_keypair_signature'] }}(uint8_t *pk, ui {%- else %} {%- set cleansignature = scheme['metadata'].update({'default_signature_signature': "PQCLEAN_"+scheme['pqclean_scheme_c']|upper+"_"+scheme['default_implementation']|upper+"_crypto_sign_signature"}) -%} {%- endif %} +{%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} +extern int {{ scheme['metadata']['default_signature_signature'] }}(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +{%- else %} extern int {{ scheme['metadata']['default_signature_signature'] }}(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); +{%- endif %} {%- if impl['signature_verify'] %} {%- set cleanverify = scheme['metadata'].update({'default_verify_signature': impl['signature_verify']}) -%} {%- else %} {%- set cleanverify = scheme['metadata'].update({'default_verify_signature': "PQCLEAN_"+scheme['pqclean_scheme_c']|upper+"_"+scheme['default_implementation']|upper+"_crypto_sign_verify"}) -%} {%- endif %} +{%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} +extern int {{ scheme['metadata']['default_verify_signature'] }}(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); +{%- else %} extern int {{ scheme['metadata']['default_verify_signature'] }}(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); +{%- endif %} {%- endfor %} @@ -100,13 +123,21 @@ extern int PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper {%- endif %} {%- if impl['signature_signature'] %} +{%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} +extern int {{ impl['signature_signature'] }}(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +{%- else %} extern int {{ impl['signature_signature'] }}(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); +{%- endif %} {%- else %} extern int PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); {%- endif %} {%- if impl['signature_verify'] %} +{%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} +extern int {{ impl['signature_verify'] }}(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); +{%- else %} extern int {{ impl['signature_verify'] }}(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); +{%- endif %} {%- else %} extern int PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); {%- endif %} @@ -160,14 +191,22 @@ OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign(uint8_t *sig #endif /* OQS_DIST_BUILD */ {%- endif %} {%- if impl['signature_signature'] %} + {%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} + return (OQS_STATUS) {{ impl['signature_signature'] }}(signature, signature_len, message, message_len, NULL, 0, secret_key); + {%- else %} return (OQS_STATUS) {{ impl['signature_signature'] }}(signature, signature_len, message, message_len, secret_key); + {%- endif %} {%- else %} return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_signature(signature, signature_len, message, message_len, secret_key); {%- endif %} {%- if 'required_flags' in impl and impl['required_flags'] %} #if defined(OQS_DIST_BUILD) } else { + {%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} + return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, NULL, 0, secret_key); + {%- else %} return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, secret_key); + {%- endif %} } #endif /* OQS_DIST_BUILD */ {%- endif %} @@ -175,7 +214,12 @@ OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign(uint8_t *sig {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} #else {%- endif %} + {%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first -%} + {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} + return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, NULL, 0, secret_key); + {%- else %} return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, secret_key); + {%- endif %} {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} #endif {%- endif %} @@ -194,14 +238,22 @@ OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify(const uint #endif /* OQS_DIST_BUILD */ {%- endif %} {%- if impl['signature_verify'] %} + {%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} + return (OQS_STATUS) {{ impl['signature_verify'] }}(signature, signature_len, message, message_len, NULL, 0, public_key); + {%- else %} return (OQS_STATUS) {{ impl['signature_verify'] }}(signature, signature_len, message, message_len, public_key); + {%- endif %} {%- else %} return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_verify(signature, signature_len, message, message_len, public_key); {%- endif %} {%- if 'required_flags' in impl and impl['required_flags'] %} #if defined(OQS_DIST_BUILD) } else { + {%- if 'api-with-context-string' in impl and impl['api-with-context-string'] %} + return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, NULL, 0, public_key); + {%- else %} return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, public_key); + {%- endif %} } #endif /* OQS_DIST_BUILD */ {%- endif %} @@ -209,11 +261,105 @@ OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify(const uint {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} #else {%- endif %} + {%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first -%} + {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} + return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, NULL, 0, public_key); + {%- else %} return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, public_key); + {%- endif %} {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} #endif {%- endif %} } +{%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first %} +{%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + {%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %} + {%- if loop.first %} +#if defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- else %} +#elif defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + if ({%- for flag in impl['required_flags'] -%}OQS_CPU_has_extension(OQS_CPU_EXT_{{ flag|upper }}){%- if not loop.last %} && {% endif -%}{%- endfor -%}) { +#endif /* OQS_DIST_BUILD */ + {%- endif %} + {%- if impl['signature_signature'] %} + return (OQS_STATUS) {{ impl['signature_signature'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + {%- else %} + return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + } +#endif /* OQS_DIST_BUILD */ + {%- endif %} + {%- endfor %} + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#else + {%- endif %} + {%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first %} + return (OQS_STATUS) {{ scheme['metadata']['default_signature_signature'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#endif + {%- endif %} +} + +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + {%- for impl in scheme['metadata']['implementations'] if impl['name'] != scheme['default_implementation'] %} + {%- if loop.first %} +#if defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- else %} +#elif defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['scheme'] }}_{{ impl['name'] }}) {%- if 'alias_scheme' in scheme %} || defined(OQS_ENABLE_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_{{ impl['name'] }}){%- endif %} + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + if ({%- for flag in impl['required_flags'] -%}OQS_CPU_has_extension(OQS_CPU_EXT_{{ flag|upper }}){%- if not loop.last %} && {% endif -%}{%- endfor -%}) { +#endif /* OQS_DIST_BUILD */ + {%- endif %} + {%- if impl['signature_verify'] %} + return (OQS_STATUS) {{ impl['signature_verify'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + {%- else %} + return (OQS_STATUS) PQCLEAN_{{ scheme['pqclean_scheme_c']|upper }}_{{ impl['name']|upper }}_crypto_sign_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + {%- endif %} + {%- if 'required_flags' in impl and impl['required_flags'] %} +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + } +#endif /* OQS_DIST_BUILD */ + {%- endif %} + {%- endfor %} + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#else + {%- endif %} + {%- set default_impl = scheme['metadata']['implementations'] | selectattr("name", "equalto", scheme['default_implementation']) | first %} + return (OQS_STATUS) {{ scheme['metadata']['default_verify_signature'] }}(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + {%- if scheme['metadata']['implementations']|rejectattr('name', 'equalto', scheme['default_implementation'])|list %} +#endif + {%- endif %} +} +{%- else %} + +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} +{%- endif %} #endif {% endfor -%} diff --git a/scripts/copy_from_upstream/update_upstream_alg_docs.py b/scripts/copy_from_upstream/update_upstream_alg_docs.py index 9bcc98eb13..33483067e2 100755 --- a/scripts/copy_from_upstream/update_upstream_alg_docs.py +++ b/scripts/copy_from_upstream/update_upstream_alg_docs.py @@ -383,7 +383,8 @@ def update_upstream_sig_alg_docs(liboqs_root, sigs, upstream_info, write_changes oqs_scheme_yaml['name'] = rhs_if_not_equal(oqs_scheme_yaml['name'], upstream_yaml['name'], "scheme pretty name") oqs_scheme_yaml['claimed-nist-level'] = rhs_if_not_equal(oqs_scheme_yaml['claimed-nist-level'], upstream_yaml['claimed-nist-level'], "claimed-nist-level") - oqs_scheme_yaml['claimed-security'] = rhs_if_not_equal(oqs_scheme_yaml['claimed-security'], 'EUF-CMA', "claimed-security") + if oqs_scheme_yaml['claimed-security'] not in ["EUF-CMA", "SUF-CMA"]: + oqs_scheme_yaml['claimed-security'] = rhs_if_not_equal(oqs_scheme_yaml['claimed-security'], 'EUF-CMA', "claimed-security") oqs_scheme_yaml['length-public-key'] = rhs_if_not_equal(oqs_scheme_yaml['length-public-key'], upstream_yaml['length-public-key'], "length-public-key") oqs_scheme_yaml['length-secret-key'] = rhs_if_not_equal(oqs_scheme_yaml['length-secret-key'], upstream_yaml['length-secret-key'], "legnth-secret-key") oqs_scheme_yaml['length-signature'] = rhs_if_not_equal(oqs_scheme_yaml['length-signature'], upstream_yaml['length-signature'], "length-signature") diff --git a/src/oqsconfig.h.cmake b/src/oqsconfig.h.cmake index dae1babad0..f1990e5897 100644 --- a/src/oqsconfig.h.cmake +++ b/src/oqsconfig.h.cmake @@ -131,17 +131,11 @@ #cmakedefine OQS_ENABLE_SIG_dilithium_5_aarch64 1 #cmakedefine OQS_ENABLE_SIG_ML_DSA 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_44_ipd 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_44 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_44_avx2 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_65_ipd 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_65 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_65_avx2 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_87_ipd 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_87 1 -#cmakedefine OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2 1 #cmakedefine OQS_ENABLE_SIG_ml_dsa_87_avx2 1 #cmakedefine OQS_ENABLE_SIG_FALCON 1 diff --git a/src/sig/cross/sig_cross.h b/src/sig/cross/sig_cross.h index 6410026438..584121692a 100644 --- a/src/sig/cross/sig_cross.h +++ b/src/sig/cross/sig_cross.h @@ -14,6 +14,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_128_fast) @@ -25,6 +27,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_128_small) @@ -36,6 +40,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_192_balanced) @@ -47,6 +53,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_192_fast) @@ -58,6 +66,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_192_small) @@ -69,6 +79,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_256_balanced) @@ -80,6 +92,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_256_fast) @@ -91,6 +105,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdp_256_small) @@ -102,6 +118,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_balanced) @@ -113,6 +131,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_fast) @@ -124,6 +144,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_small) @@ -135,6 +157,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_balanced) @@ -146,6 +170,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_fast) @@ -157,6 +183,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_small) @@ -168,6 +196,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_balanced) @@ -179,6 +209,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_fast) @@ -190,6 +222,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_small) @@ -201,6 +235,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_small_new(void); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/cross/sig_cross_rsdp_128_balanced.c b/src/sig/cross/sig_cross_rsdp_128_balanced.c index 0bf311bf51..497810b7ed 100644 --- a/src/sig/cross/sig_cross_rsdp_128_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_128_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_128_balanced) - OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_128_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdp_128_balanced_keypair; sig->sign = OQS_SIG_cross_rsdp_128_balanced_sign; sig->verify = OQS_SIG_cross_rsdp_128_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_128_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_128_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_verify(const uint8_t *message #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_128_fast.c b/src/sig/cross/sig_cross_rsdp_128_fast.c index f981c6feda..4adf088873 100644 --- a/src/sig/cross/sig_cross_rsdp_128_fast.c +++ b/src/sig/cross/sig_cross_rsdp_128_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_128_fast) - OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_128_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdp_128_fast_keypair; sig->sign = OQS_SIG_cross_rsdp_128_fast_sign; sig->verify = OQS_SIG_cross_rsdp_128_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_128_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_128_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_verify(const uint8_t *message, si #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_128_small.c b/src/sig/cross/sig_cross_rsdp_128_small.c index 6cd10ea3a9..ad50ba35bc 100644 --- a/src/sig/cross/sig_cross_rsdp_128_small.c +++ b/src/sig/cross/sig_cross_rsdp_128_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_128_small) - OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_128_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void) { sig->keypair = OQS_SIG_cross_rsdp_128_small_keypair; sig->sign = OQS_SIG_cross_rsdp_128_small_sign; sig->verify = OQS_SIG_cross_rsdp_128_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_128_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_128_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_128_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_128_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_192_balanced.c b/src/sig/cross/sig_cross_rsdp_192_balanced.c index c698b268a5..98289029f5 100644 --- a/src/sig/cross/sig_cross_rsdp_192_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_192_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_192_balanced) - OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_192_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdp_192_balanced_keypair; sig->sign = OQS_SIG_cross_rsdp_192_balanced_sign; sig->verify = OQS_SIG_cross_rsdp_192_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_192_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_192_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_verify(const uint8_t *message #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_192_fast.c b/src/sig/cross/sig_cross_rsdp_192_fast.c index 64556713fa..4490466dbc 100644 --- a/src/sig/cross/sig_cross_rsdp_192_fast.c +++ b/src/sig/cross/sig_cross_rsdp_192_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_192_fast) - OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_192_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdp_192_fast_keypair; sig->sign = OQS_SIG_cross_rsdp_192_fast_sign; sig->verify = OQS_SIG_cross_rsdp_192_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_192_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_192_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_verify(const uint8_t *message, si #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_192_small.c b/src/sig/cross/sig_cross_rsdp_192_small.c index df57669b54..1a78de79ac 100644 --- a/src/sig/cross/sig_cross_rsdp_192_small.c +++ b/src/sig/cross/sig_cross_rsdp_192_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_192_small) - OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_192_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void) { sig->keypair = OQS_SIG_cross_rsdp_192_small_keypair; sig->sign = OQS_SIG_cross_rsdp_192_small_sign; sig->verify = OQS_SIG_cross_rsdp_192_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_192_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_192_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_192_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_192_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_256_balanced.c b/src/sig/cross/sig_cross_rsdp_256_balanced.c index da1e03494a..f51ccb2176 100644 --- a/src/sig/cross/sig_cross_rsdp_256_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_256_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_256_balanced) - OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_256_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdp_256_balanced_keypair; sig->sign = OQS_SIG_cross_rsdp_256_balanced_sign; sig->verify = OQS_SIG_cross_rsdp_256_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_256_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_256_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_verify(const uint8_t *message #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_256_fast.c b/src/sig/cross/sig_cross_rsdp_256_fast.c index e11218a3d8..8b5f6e2ef2 100644 --- a/src/sig/cross/sig_cross_rsdp_256_fast.c +++ b/src/sig/cross/sig_cross_rsdp_256_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_256_fast) - OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_256_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdp_256_fast_keypair; sig->sign = OQS_SIG_cross_rsdp_256_fast_sign; sig->verify = OQS_SIG_cross_rsdp_256_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_256_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_256_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_verify(const uint8_t *message, si #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdp_256_small.c b/src/sig/cross/sig_cross_rsdp_256_small.c index 8c2a2512df..108ef4d710 100644 --- a/src/sig/cross/sig_cross_rsdp_256_small.c +++ b/src/sig/cross/sig_cross_rsdp_256_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdp_256_small) - OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdp_256_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void) { sig->keypair = OQS_SIG_cross_rsdp_256_small_keypair; sig->sign = OQS_SIG_cross_rsdp_256_small_sign; sig->verify = OQS_SIG_cross_rsdp_256_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdp_256_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdp_256_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdp_256_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdp_256_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_128_balanced.c b/src/sig/cross/sig_cross_rsdpg_128_balanced.c index 5e6ecd898c..d6f7774598 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_128_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_balanced) - OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_128_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_128_balanced_keypair; sig->sign = OQS_SIG_cross_rsdpg_128_balanced_sign; sig->verify = OQS_SIG_cross_rsdpg_128_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_128_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_128_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_128_fast.c b/src/sig/cross/sig_cross_rsdpg_128_fast.c index cfc4393e5a..369eb47f8c 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_128_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_fast) - OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_128_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_128_fast_keypair; sig->sign = OQS_SIG_cross_rsdpg_128_fast_sign; sig->verify = OQS_SIG_cross_rsdpg_128_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_128_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_128_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_128_small.c b/src/sig/cross/sig_cross_rsdpg_128_small.c index 455b82238c..50868405d5 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_small.c +++ b/src/sig/cross/sig_cross_rsdpg_128_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_128_small) - OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_128_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_128_small_keypair; sig->sign = OQS_SIG_cross_rsdpg_128_small_sign; sig->verify = OQS_SIG_cross_rsdpg_128_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_128_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_128_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_verify(const uint8_t *message, #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_128_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_128_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_192_balanced.c b/src/sig/cross/sig_cross_rsdpg_192_balanced.c index ead0d35b43..13b5c8b315 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_192_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_balanced) - OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_192_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_192_balanced_keypair; sig->sign = OQS_SIG_cross_rsdpg_192_balanced_sign; sig->verify = OQS_SIG_cross_rsdpg_192_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_192_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_192_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_192_fast.c b/src/sig/cross/sig_cross_rsdpg_192_fast.c index 1b421b767b..d020f5eb91 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_192_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_fast) - OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_192_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_192_fast_keypair; sig->sign = OQS_SIG_cross_rsdpg_192_fast_sign; sig->verify = OQS_SIG_cross_rsdpg_192_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_192_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_192_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_192_small.c b/src/sig/cross/sig_cross_rsdpg_192_small.c index 8b3c091c11..f996c15f80 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_small.c +++ b/src/sig/cross/sig_cross_rsdpg_192_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_192_small) - OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_192_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_192_small_keypair; sig->sign = OQS_SIG_cross_rsdpg_192_small_sign; sig->verify = OQS_SIG_cross_rsdpg_192_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_192_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_192_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_verify(const uint8_t *message, #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_192_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_192_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_256_balanced.c b/src/sig/cross/sig_cross_rsdpg_256_balanced.c index 0e7ce61e84..0ecc634849 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_256_balanced.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_balanced) - OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_balanced_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_256_balanced_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_256_balanced_keypair; sig->sign = OQS_SIG_cross_rsdpg_256_balanced_sign; sig->verify = OQS_SIG_cross_rsdpg_256_balanced_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_256_balanced_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_256_balanced_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_balanced_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_balanced_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_balanced_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_256_fast.c b/src/sig/cross/sig_cross_rsdpg_256_fast.c index 83105f1c8d..fc8c7ad9c4 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_256_fast.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_fast) - OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_fast_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_256_fast_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_256_fast_keypair; sig->sign = OQS_SIG_cross_rsdpg_256_fast_sign; sig->verify = OQS_SIG_cross_rsdpg_256_fast_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_256_fast_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_256_fast_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_verify(const uint8_t *message, s #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_fast_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_fast_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_fast_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/cross/sig_cross_rsdpg_256_small.c b/src/sig/cross/sig_cross_rsdpg_256_small.c index 72d8546aab..e4e7227a5f 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_small.c +++ b/src/sig/cross/sig_cross_rsdpg_256_small.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_cross_rsdpg_256_small) - OQS_SIG *OQS_SIG_cross_rsdpg_256_small_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_small_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_small_length_public_key; sig->length_secret_key = OQS_SIG_cross_rsdpg_256_small_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_small_new(void) { sig->keypair = OQS_SIG_cross_rsdpg_256_small_keypair; sig->sign = OQS_SIG_cross_rsdpg_256_small_sign; sig->verify = OQS_SIG_cross_rsdpg_256_small_verify; + sig->sign_with_ctx_str = OQS_SIG_cross_rsdpg_256_small_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_cross_rsdpg_256_small_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_verify(const uint8_t *message, #endif } +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_small_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_cross_rsdpg_256_small_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_cross_rsdpg_256_small_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/dilithium/sig_dilithium.h b/src/sig/dilithium/sig_dilithium.h index 2e24f58fe8..2e5ced50be 100644 --- a/src/sig/dilithium/sig_dilithium.h +++ b/src/sig/dilithium/sig_dilithium.h @@ -14,6 +14,8 @@ OQS_SIG *OQS_SIG_dilithium_2_new(void); OQS_API OQS_STATUS OQS_SIG_dilithium_2_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_dilithium_3) @@ -25,6 +27,8 @@ OQS_SIG *OQS_SIG_dilithium_3_new(void); OQS_API OQS_STATUS OQS_SIG_dilithium_3_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_3_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_3_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_dilithium_5) @@ -36,6 +40,8 @@ OQS_SIG *OQS_SIG_dilithium_5_new(void); OQS_API OQS_STATUS OQS_SIG_dilithium_5_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_5_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_dilithium_5_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/dilithium/sig_dilithium_2.c b/src/sig/dilithium/sig_dilithium_2.c index 89372111b3..06abc8d19d 100644 --- a/src/sig/dilithium/sig_dilithium_2.c +++ b/src/sig/dilithium/sig_dilithium_2.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_dilithium_2) - OQS_SIG *OQS_SIG_dilithium_2_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_2_new(void) { sig->claimed_nist_level = 2; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_2_length_public_key; sig->length_secret_key = OQS_SIG_dilithium_2_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_dilithium_2_new(void) { sig->keypair = OQS_SIG_dilithium_2_keypair; sig->sign = OQS_SIG_dilithium_2_sign; sig->verify = OQS_SIG_dilithium_2_verify; + sig->sign_with_ctx_str = OQS_SIG_dilithium_2_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_dilithium_2_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_dilithium_2_verify(const uint8_t *message, size_t mes #endif } +OQS_API OQS_STATUS OQS_SIG_dilithium_2_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_2_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_dilithium_2_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_2_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/dilithium/sig_dilithium_3.c b/src/sig/dilithium/sig_dilithium_3.c index 20cef1bf5d..3257588fc7 100644 --- a/src/sig/dilithium/sig_dilithium_3.c +++ b/src/sig/dilithium/sig_dilithium_3.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_dilithium_3) - OQS_SIG *OQS_SIG_dilithium_3_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_3_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_3_length_public_key; sig->length_secret_key = OQS_SIG_dilithium_3_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_dilithium_3_new(void) { sig->keypair = OQS_SIG_dilithium_3_keypair; sig->sign = OQS_SIG_dilithium_3_sign; sig->verify = OQS_SIG_dilithium_3_verify; + sig->sign_with_ctx_str = OQS_SIG_dilithium_3_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_dilithium_3_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_dilithium_3_verify(const uint8_t *message, size_t mes #endif } +OQS_API OQS_STATUS OQS_SIG_dilithium_3_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_3_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_dilithium_3_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_3_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/dilithium/sig_dilithium_5.c b/src/sig/dilithium/sig_dilithium_5.c index 2e7a985682..79a0bb471e 100644 --- a/src/sig/dilithium/sig_dilithium_5.c +++ b/src/sig/dilithium/sig_dilithium_5.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_dilithium_5) - OQS_SIG *OQS_SIG_dilithium_5_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_5_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_5_length_public_key; sig->length_secret_key = OQS_SIG_dilithium_5_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_dilithium_5_new(void) { sig->keypair = OQS_SIG_dilithium_5_keypair; sig->sign = OQS_SIG_dilithium_5_sign; sig->verify = OQS_SIG_dilithium_5_verify; + sig->sign_with_ctx_str = OQS_SIG_dilithium_5_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_dilithium_5_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_dilithium_5_verify(const uint8_t *message, size_t mes #endif } +OQS_API OQS_STATUS OQS_SIG_dilithium_5_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_5_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_dilithium_5_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_dilithium_5_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/falcon/sig_falcon.h b/src/sig/falcon/sig_falcon.h index a8eb1454f0..1721fe1f91 100644 --- a/src/sig/falcon/sig_falcon.h +++ b/src/sig/falcon/sig_falcon.h @@ -14,6 +14,8 @@ OQS_SIG *OQS_SIG_falcon_512_new(void); OQS_API OQS_STATUS OQS_SIG_falcon_512_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_512_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_512_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_falcon_512_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_512_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_falcon_1024) @@ -25,6 +27,8 @@ OQS_SIG *OQS_SIG_falcon_1024_new(void); OQS_API OQS_STATUS OQS_SIG_falcon_1024_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_1024_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_1024_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_falcon_1024_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_1024_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_falcon_padded_512) @@ -36,6 +40,8 @@ OQS_SIG *OQS_SIG_falcon_padded_512_new(void); OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_falcon_padded_1024) @@ -47,6 +53,8 @@ OQS_SIG *OQS_SIG_falcon_padded_1024_new(void); OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/falcon/sig_falcon_1024.c b/src/sig/falcon/sig_falcon_1024.c index b306f0c4b8..e6048fc73e 100644 --- a/src/sig/falcon/sig_falcon_1024.c +++ b/src/sig/falcon/sig_falcon_1024.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_falcon_1024) - OQS_SIG *OQS_SIG_falcon_1024_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_1024_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_1024_length_public_key; sig->length_secret_key = OQS_SIG_falcon_1024_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_falcon_1024_new(void) { sig->keypair = OQS_SIG_falcon_1024_keypair; sig->sign = OQS_SIG_falcon_1024_sign; sig->verify = OQS_SIG_falcon_1024_verify; + sig->sign_with_ctx_str = OQS_SIG_falcon_1024_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_falcon_1024_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_falcon_1024_verify(const uint8_t *message, size_t mes #endif } +OQS_API OQS_STATUS OQS_SIG_falcon_1024_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_1024_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_falcon_1024_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_1024_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/falcon/sig_falcon_512.c b/src/sig/falcon/sig_falcon_512.c index d66f51d266..aec1bc614f 100644 --- a/src/sig/falcon/sig_falcon_512.c +++ b/src/sig/falcon/sig_falcon_512.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_falcon_512) - OQS_SIG *OQS_SIG_falcon_512_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_512_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_512_length_public_key; sig->length_secret_key = OQS_SIG_falcon_512_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_falcon_512_new(void) { sig->keypair = OQS_SIG_falcon_512_keypair; sig->sign = OQS_SIG_falcon_512_sign; sig->verify = OQS_SIG_falcon_512_verify; + sig->sign_with_ctx_str = OQS_SIG_falcon_512_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_falcon_512_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_falcon_512_verify(const uint8_t *message, size_t mess #endif } +OQS_API OQS_STATUS OQS_SIG_falcon_512_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_512_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_falcon_512_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_512_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/falcon/sig_falcon_padded_1024.c b/src/sig/falcon/sig_falcon_padded_1024.c index 0389fc97e6..b2a777272b 100644 --- a/src/sig/falcon/sig_falcon_padded_1024.c +++ b/src/sig/falcon/sig_falcon_padded_1024.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_falcon_padded_1024) - OQS_SIG *OQS_SIG_falcon_padded_1024_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_padded_1024_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_padded_1024_length_public_key; sig->length_secret_key = OQS_SIG_falcon_padded_1024_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_falcon_padded_1024_new(void) { sig->keypair = OQS_SIG_falcon_padded_1024_keypair; sig->sign = OQS_SIG_falcon_padded_1024_sign; sig->verify = OQS_SIG_falcon_padded_1024_verify; + sig->sign_with_ctx_str = OQS_SIG_falcon_padded_1024_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_falcon_padded_1024_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_verify(const uint8_t *message, siz #endif } +OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_padded_1024_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_falcon_padded_1024_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_padded_1024_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/falcon/sig_falcon_padded_512.c b/src/sig/falcon/sig_falcon_padded_512.c index 781e7bf75a..3826074334 100644 --- a/src/sig/falcon/sig_falcon_padded_512.c +++ b/src/sig/falcon/sig_falcon_padded_512.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_falcon_padded_512) - OQS_SIG *OQS_SIG_falcon_padded_512_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_padded_512_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_padded_512_length_public_key; sig->length_secret_key = OQS_SIG_falcon_padded_512_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_falcon_padded_512_new(void) { sig->keypair = OQS_SIG_falcon_padded_512_keypair; sig->sign = OQS_SIG_falcon_padded_512_sign; sig->verify = OQS_SIG_falcon_padded_512_verify; + sig->sign_with_ctx_str = OQS_SIG_falcon_padded_512_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_falcon_padded_512_verify_with_ctx_str; return sig; } @@ -123,4 +125,19 @@ OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_verify(const uint8_t *message, size #endif } +OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_padded_512_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_falcon_padded_512_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_falcon_padded_512_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/mayo/sig_mayo.h b/src/sig/mayo/sig_mayo.h index 08717fb4d7..00d4b80dde 100644 --- a/src/sig/mayo/sig_mayo.h +++ b/src/sig/mayo/sig_mayo.h @@ -14,6 +14,8 @@ OQS_SIG *OQS_SIG_mayo_1_new(void); OQS_API OQS_STATUS OQS_SIG_mayo_1_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_1_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_1_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_mayo_1_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_mayo_1_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_mayo_2) @@ -25,6 +27,8 @@ OQS_SIG *OQS_SIG_mayo_2_new(void); OQS_API OQS_STATUS OQS_SIG_mayo_2_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_mayo_2_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_mayo_2_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_mayo_3) @@ -36,6 +40,8 @@ OQS_SIG *OQS_SIG_mayo_3_new(void); OQS_API OQS_STATUS OQS_SIG_mayo_3_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_3_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_3_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_mayo_3_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_mayo_3_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_mayo_5) @@ -47,6 +53,8 @@ OQS_SIG *OQS_SIG_mayo_5_new(void); OQS_API OQS_STATUS OQS_SIG_mayo_5_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_5_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_mayo_5_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_mayo_5_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_mayo_5_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/mayo/sig_mayo_1.c b/src/sig/mayo/sig_mayo_1.c index 9d78196278..be70917dbd 100644 --- a/src/sig/mayo/sig_mayo_1.c +++ b/src/sig/mayo/sig_mayo_1.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_mayo_1) - OQS_SIG *OQS_SIG_mayo_1_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_1_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_1_length_public_key; sig->length_secret_key = OQS_SIG_mayo_1_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_mayo_1_new(void) { sig->keypair = OQS_SIG_mayo_1_keypair; sig->sign = OQS_SIG_mayo_1_sign; sig->verify = OQS_SIG_mayo_1_verify; + sig->sign_with_ctx_str = OQS_SIG_mayo_1_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_mayo_1_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_mayo_1_verify(const uint8_t *message, size_t message_ #endif } +OQS_API OQS_STATUS OQS_SIG_mayo_1_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_1_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_mayo_1_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_1_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/mayo/sig_mayo_2.c b/src/sig/mayo/sig_mayo_2.c index 1dbdadddad..3a4e0dfd75 100644 --- a/src/sig/mayo/sig_mayo_2.c +++ b/src/sig/mayo/sig_mayo_2.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_mayo_2) - OQS_SIG *OQS_SIG_mayo_2_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_2_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_2_length_public_key; sig->length_secret_key = OQS_SIG_mayo_2_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_mayo_2_new(void) { sig->keypair = OQS_SIG_mayo_2_keypair; sig->sign = OQS_SIG_mayo_2_sign; sig->verify = OQS_SIG_mayo_2_verify; + sig->sign_with_ctx_str = OQS_SIG_mayo_2_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_mayo_2_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_mayo_2_verify(const uint8_t *message, size_t message_ #endif } +OQS_API OQS_STATUS OQS_SIG_mayo_2_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_2_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_mayo_2_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_2_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/mayo/sig_mayo_3.c b/src/sig/mayo/sig_mayo_3.c index ba8ee36dc6..d912107574 100644 --- a/src/sig/mayo/sig_mayo_3.c +++ b/src/sig/mayo/sig_mayo_3.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_mayo_3) - OQS_SIG *OQS_SIG_mayo_3_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_3_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_3_length_public_key; sig->length_secret_key = OQS_SIG_mayo_3_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_mayo_3_new(void) { sig->keypair = OQS_SIG_mayo_3_keypair; sig->sign = OQS_SIG_mayo_3_sign; sig->verify = OQS_SIG_mayo_3_verify; + sig->sign_with_ctx_str = OQS_SIG_mayo_3_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_mayo_3_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_mayo_3_verify(const uint8_t *message, size_t message_ #endif } +OQS_API OQS_STATUS OQS_SIG_mayo_3_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_3_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_mayo_3_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_3_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/mayo/sig_mayo_5.c b/src/sig/mayo/sig_mayo_5.c index 633328dcbb..812e0f1001 100644 --- a/src/sig/mayo/sig_mayo_5.c +++ b/src/sig/mayo/sig_mayo_5.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_mayo_5) - OQS_SIG *OQS_SIG_mayo_5_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_5_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_5_length_public_key; sig->length_secret_key = OQS_SIG_mayo_5_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_mayo_5_new(void) { sig->keypair = OQS_SIG_mayo_5_keypair; sig->sign = OQS_SIG_mayo_5_sign; sig->verify = OQS_SIG_mayo_5_verify; + sig->sign_with_ctx_str = OQS_SIG_mayo_5_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_mayo_5_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_mayo_5_verify(const uint8_t *message, size_t message_ #endif } +OQS_API OQS_STATUS OQS_SIG_mayo_5_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_5_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_mayo_5_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_mayo_5_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/ml_dsa/CMakeLists.txt b/src/sig/ml_dsa/CMakeLists.txt index f55d8fe486..37c1b373d7 100644 --- a/src/sig/ml_dsa/CMakeLists.txt +++ b/src/sig/ml_dsa/CMakeLists.txt @@ -5,58 +5,58 @@ set(_ML_DSA_OBJS "") -if(OQS_ENABLE_SIG_ml_dsa_44_ipd OR OQS_ENABLE_SIG_ml_dsa_44) - add_library(ml_dsa_44_ipd_ref OBJECT sig_ml_dsa_44_ipd.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/symmetric-shake.c) - target_compile_options(ml_dsa_44_ipd_ref PUBLIC -DDILITHIUM_MODE=2) - target_include_directories(ml_dsa_44_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref) - target_include_directories(ml_dsa_44_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_44_ipd_ref PUBLIC -DDILITHIUM_MODE=2) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_44) + add_library(ml_dsa_44_ref OBJECT sig_ml_dsa_44.c pqcrystals-dilithium-standard_ml-dsa-44_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-44_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-44_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-44_ref/symmetric-shake.c) + target_compile_options(ml_dsa_44_ref PUBLIC -DDILITHIUM_MODE=2) + target_include_directories(ml_dsa_44_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-44_ref) + target_include_directories(ml_dsa_44_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_44_ref PUBLIC -DDILITHIUM_MODE=2) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() -if(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2 OR OQS_ENABLE_SIG_ml_dsa_44_avx2) - add_library(ml_dsa_44_ipd_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/symmetric-shake.c) - target_include_directories(ml_dsa_44_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2) - target_include_directories(ml_dsa_44_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_44_ipd_avx2 PRIVATE -mavx2 -mpopcnt) - target_compile_options(ml_dsa_44_ipd_avx2 PUBLIC -DDILITHIUM_MODE=2) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_44_avx2) + add_library(ml_dsa_44_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-44_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-44_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-44_avx2/symmetric-shake.c) + target_include_directories(ml_dsa_44_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-44_avx2) + target_include_directories(ml_dsa_44_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_44_avx2 PRIVATE -mavx2 -mpopcnt) + target_compile_options(ml_dsa_44_avx2 PUBLIC -DDILITHIUM_MODE=2) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() -if(OQS_ENABLE_SIG_ml_dsa_65_ipd OR OQS_ENABLE_SIG_ml_dsa_65) - add_library(ml_dsa_65_ipd_ref OBJECT sig_ml_dsa_65_ipd.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/symmetric-shake.c) - target_compile_options(ml_dsa_65_ipd_ref PUBLIC -DDILITHIUM_MODE=3) - target_include_directories(ml_dsa_65_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref) - target_include_directories(ml_dsa_65_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_65_ipd_ref PUBLIC -DDILITHIUM_MODE=3) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_65) + add_library(ml_dsa_65_ref OBJECT sig_ml_dsa_65.c pqcrystals-dilithium-standard_ml-dsa-65_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-65_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-65_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-65_ref/symmetric-shake.c) + target_compile_options(ml_dsa_65_ref PUBLIC -DDILITHIUM_MODE=3) + target_include_directories(ml_dsa_65_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-65_ref) + target_include_directories(ml_dsa_65_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_65_ref PUBLIC -DDILITHIUM_MODE=3) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() -if(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2 OR OQS_ENABLE_SIG_ml_dsa_65_avx2) - add_library(ml_dsa_65_ipd_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/symmetric-shake.c) - target_include_directories(ml_dsa_65_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2) - target_include_directories(ml_dsa_65_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_65_ipd_avx2 PRIVATE -mavx2 -mpopcnt) - target_compile_options(ml_dsa_65_ipd_avx2 PUBLIC -DDILITHIUM_MODE=3) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_65_avx2) + add_library(ml_dsa_65_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-65_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-65_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-65_avx2/symmetric-shake.c) + target_include_directories(ml_dsa_65_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-65_avx2) + target_include_directories(ml_dsa_65_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_65_avx2 PRIVATE -mavx2 -mpopcnt) + target_compile_options(ml_dsa_65_avx2 PUBLIC -DDILITHIUM_MODE=3) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() -if(OQS_ENABLE_SIG_ml_dsa_87_ipd OR OQS_ENABLE_SIG_ml_dsa_87) - add_library(ml_dsa_87_ipd_ref OBJECT sig_ml_dsa_87_ipd.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/symmetric-shake.c) - target_compile_options(ml_dsa_87_ipd_ref PUBLIC -DDILITHIUM_MODE=5) - target_include_directories(ml_dsa_87_ipd_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref) - target_include_directories(ml_dsa_87_ipd_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_87_ipd_ref PUBLIC -DDILITHIUM_MODE=5) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_87) + add_library(ml_dsa_87_ref OBJECT sig_ml_dsa_87.c pqcrystals-dilithium-standard_ml-dsa-87_ref/ntt.c pqcrystals-dilithium-standard_ml-dsa-87_ref/packing.c pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.c pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.c pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.c pqcrystals-dilithium-standard_ml-dsa-87_ref/rounding.c pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.c pqcrystals-dilithium-standard_ml-dsa-87_ref/symmetric-shake.c) + target_compile_options(ml_dsa_87_ref PUBLIC -DDILITHIUM_MODE=5) + target_include_directories(ml_dsa_87_ref PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-87_ref) + target_include_directories(ml_dsa_87_ref PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_87_ref PUBLIC -DDILITHIUM_MODE=5) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() -if(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2 OR OQS_ENABLE_SIG_ml_dsa_87_avx2) - add_library(ml_dsa_87_ipd_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/symmetric-shake.c) - target_include_directories(ml_dsa_87_ipd_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2) - target_include_directories(ml_dsa_87_ipd_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) - target_compile_options(ml_dsa_87_ipd_avx2 PRIVATE -mavx2 -mpopcnt) - target_compile_options(ml_dsa_87_ipd_avx2 PUBLIC -DDILITHIUM_MODE=5) - set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) +if(OQS_ENABLE_SIG_ml_dsa_87_avx2) + add_library(ml_dsa_87_avx2 OBJECT pqcrystals-dilithium-standard_ml-dsa-87_avx2/consts.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/invntt.S pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.S pqcrystals-dilithium-standard_ml-dsa-87_avx2/packing.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/pointwise.S pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/rejsample.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/rounding.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/shuffle.S pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.c pqcrystals-dilithium-standard_ml-dsa-87_avx2/symmetric-shake.c) + target_include_directories(ml_dsa_87_avx2 PRIVATE ${CMAKE_CURRENT_LIST_DIR}/pqcrystals-dilithium-standard_ml-dsa-87_avx2) + target_include_directories(ml_dsa_87_avx2 PRIVATE ${PROJECT_SOURCE_DIR}/src/common/pqclean_shims) + target_compile_options(ml_dsa_87_avx2 PRIVATE -mavx2 -mpopcnt) + target_compile_options(ml_dsa_87_avx2 PUBLIC -DDILITHIUM_MODE=5) + set(_ML_DSA_OBJS ${_ML_DSA_OBJS} $) endif() set(ML_DSA_OBJS ${_ML_DSA_OBJS} PARENT_SCOPE) diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/api.h deleted file mode 100644 index 55b637669d..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/api.h +++ /dev/null @@ -1,88 +0,0 @@ -#ifndef API_H -#define API_H - -#include -#include - -#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 -#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 -#define pqcrystals_dilithium2_BYTES 2420 - -#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES -#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES -#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES - -int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 -#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 -#define pqcrystals_dilithium3_BYTES 3309 - -#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES -#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES -#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES - -int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 -#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 -#define pqcrystals_dilithium5_BYTES 4627 - -#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES -#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES -#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES - -int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/config.h deleted file mode 100644 index e59f81a5e8..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_avx2_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_avx2_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_avx2_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/config.h deleted file mode 100644 index eddf13f5ea..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_ref_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_ref_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_ref_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/align.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/align.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/align.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/align.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/api.h new file mode 100644 index 0000000000..36ec622e5d --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/api.h @@ -0,0 +1,100 @@ +#ifndef API_H +#define API_H + +#include +#include + +#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 +#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 +#define pqcrystals_dilithium2_BYTES 2420 + +#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES +#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES +#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES + +int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 +#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 +#define pqcrystals_dilithium3_BYTES 3309 + +#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES +#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES +#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES + +int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 +#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 +#define pqcrystals_dilithium5_BYTES 4627 + +#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES +#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES +#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES + +int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/config.h new file mode 100644 index 0000000000..3944cb4412 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_avx2_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_avx2_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_avx2_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/consts.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/consts.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/consts.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/consts.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/consts.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/consts.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/consts.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/consts.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/invntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/invntt.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/invntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/invntt.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.S similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.S index 38415de893..ebe17d3b8a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.S +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.S @@ -194,4 +194,3 @@ levels2t7 2 levels2t7 3 ret - diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/pointwise.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/pointwise.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/pointwise.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/pointwise.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.c index 25d36828ad..0a4ecb6e1e 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.c @@ -31,7 +31,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. Assumes input +* representative in [-6283009,6283008]. Assumes input * coefficients to be at most 2^31 - 2^22 - 1 in absolute value. * * Arguments: - poly *a: pointer to input/output polynomial @@ -673,16 +673,16 @@ void poly_uniform_gamma1_4x(poly *a0, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; ALIGNED_UINT8(SHAKE256_RATE) buf; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.h similarity index 98% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.h index 7bcd8e5e03..7d93088549 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/poly.h @@ -53,7 +53,7 @@ void poly_uniform_gamma1_preinit(poly *a, stream256_state *state); #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1) void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define poly_uniform_4x DILITHIUM_NAMESPACE(poly_uniform_4x) void poly_uniform_4x(poly *a0, diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.c index 6e2302168e..0db351496c 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.c @@ -363,7 +363,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283009,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rejsample.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rejsample.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rejsample.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rejsample.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rejsample.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rejsample.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rejsample.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rejsample.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/shuffle.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/shuffle.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/shuffle.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/shuffle.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/shuffle.inc b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/shuffle.inc similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/shuffle.inc rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/shuffle.inc diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.c similarity index 74% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.c index a39f8515c4..532e37c680 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.c @@ -74,7 +74,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -135,22 +137,27 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t rnd[RNDBYTES], const uint8_t *sk) +{ unsigned int i, n, pos; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *rnd, *mu, *rhoprime; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint8_t hintbuf[N]; uint8_t *hint = sig + CTILDEBYTES + L*POLYZ_PACKEDBYTES; uint64_t nonce = 0; @@ -166,24 +173,25 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - /* Compute CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - memset(rnd, 0, RNDBYTES); -#endif - shake256(rhoprime, CRHBYTES, key, SEEDBYTES + RNDBYTES + CRHBYTES); + /* Compute rhoprime = CRH(key, rnd, mu) */ + shake256_inc_ctx_reset(&state); + shake256_inc_absorb(&state, key, SEEDBYTES); + shake256_inc_absorb(&state, rnd, RNDBYTES); + shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_finalize(&state); + shake256_inc_squeeze(rhoprime, CRHBYTES, &state); /* Expand matrix and transform vectors */ polyvec_matrix_expand(mat, rho); @@ -281,6 +289,45 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t return 0; } +/************************************************* +* Name: crypto_sign_signature +* +* Description: Computes signature. +* +* Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) +* - size_t *siglen: pointer to output length of signature +* - uint8_t *m: pointer to message to be signed +* - size_t mlen: length of message +* - uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - uint8_t *sk: pointer to bit-packed secret key +* +* Returns 0 (success) or -1 (context string too long) +**************************************************/ +int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk) +{ + uint8_t pre[257]; + uint8_t rnd[RNDBYTES]; + + if(ctxlen > 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + memset(rnd, 0, RNDBYTES); +#endif + + crypto_sign_signature_internal(sig,siglen,m,mlen,pre,2+ctxlen,rnd,sk); + return 0; +} + /************************************************* * Name: crypto_sign * @@ -293,34 +340,42 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t * message * - const uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk) +{ size_t i; + int ret; for(i = 0; i < mlen; ++i) sm[CRYPTO_BYTES + mlen - 1 - i] = m[mlen - 1 - i]; - crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, sk); + ret = crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, ctx, ctxlen, sk); *smlen += mlen; - return 0; + return ret; } /************************************************* -* Name: crypto_sign_verify +* Name: crypto_sign_verify_internal * -* Description: Verifies signature. +* Description: Verifies signature. Internal API. * * Arguments: - uint8_t *m: pointer to input signature * - size_t siglen: length of signature * - const uint8_t *m: pointer to message * - size_t mlen: length of message +* - const uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk) { +int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t *pk) { unsigned int i, j, pos = 0; /* polyw1_pack writes additional 14 bytes */ ALIGNED_UINT8(K*POLYW1_PACKEDBYTES+14) buf; @@ -335,14 +390,14 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size if(siglen != CRYPTO_BYTES) return -1; - /* Compute CRH(H(rho, t1), msg) */ - shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES); + /* Compute CRH(H(rho, t1), pre, msg) */ + shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); shake256_inc_init(&state); shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); - shake256_inc_ctx_release(&state); /* Expand challenge */ poly_challenge(&c, sig); @@ -372,12 +427,17 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Get hint polynomial and reconstruct w1 */ memset(h.vec, 0, sizeof(poly)); - if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) + if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) { + shake256_inc_ctx_release(&state); return -1; + } for(j = pos; j < hint[OMEGA + i]; ++j) { /* Coefficients are ordered for strong unforgeability */ - if(j > pos && hint[j] <= hint[j-1]) return -1; + if(j > pos && hint[j] <= hint[j-1]) { + shake256_inc_ctx_release(&state); + return -1; + } h.coeffs[hint[j]] = 1; } pos = hint[OMEGA + i]; @@ -389,10 +449,13 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Extra indices are zero for strong unforgeability */ for(j = pos; j < OMEGA; ++j) - if(hint[j]) return -1; + if(hint[j]) { + shake256_inc_ctx_release(&state); + return -1; + } /* Call random oracle and verify challenge */ - shake256_inc_init(&state); + shake256_inc_ctx_reset(&state); shake256_inc_absorb(&state, mu, CRHBYTES); shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES); shake256_inc_finalize(&state); @@ -405,6 +468,35 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size return 0; } +/************************************************* +* Name: crypto_sign_verify +* +* Description: Verifies signature. +* +* Arguments: - uint8_t *m: pointer to input signature +* - size_t siglen: length of signature +* - const uint8_t *m: pointer to message +* - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - const uint8_t *pk: pointer to bit-packed public key +* +* Returns 0 if signature could be verified correctly and -1 otherwise +**************************************************/ +int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) +{ + uint8_t pre[257]; + + if(ctxlen > 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -415,18 +507,21 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, const uint8_t *pk) { +int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) { size_t i; if(smlen < CRYPTO_BYTES) goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -437,7 +532,7 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_avx2/symmetric.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/api.h similarity index 81% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/api.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/api.h index 78caa5c728..032fa9f9bb 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/api.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/api.h @@ -16,21 +16,24 @@ int pqcrystals_dilithium2_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium2_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium2_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 #define pqcrystals_dilithium3_SECRETKEYBYTES 4032 #define pqcrystals_dilithium3_BYTES 3309 @@ -43,21 +46,24 @@ int pqcrystals_dilithium3_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium3_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium3_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 #define pqcrystals_dilithium5_SECRETKEYBYTES 4896 #define pqcrystals_dilithium5_BYTES 4627 @@ -70,18 +76,22 @@ int pqcrystals_dilithium5_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium5_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium5_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/config.h new file mode 100644 index 0000000000..8008e11a92 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ref_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ref_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ref_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/ntt.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/ntt.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/ntt.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/ntt.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.c index 7983aacdd1..691b5e8909 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.c @@ -21,7 +21,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. +* representative in [-6283008,6283008]. * * Arguments: - poly *a: pointer to input/output polynomial **************************************************/ @@ -335,7 +335,7 @@ static unsigned int rej_uniform(int32_t *a, * * Description: Sample polynomial with uniformly random coefficients * in [0,Q-1] by performing rejection sampling on the -* output stream of SHAKE256(seed|nonce) +* output stream of SHAKE128(seed|nonce) * * Arguments: - poly *a: pointer to output polynomial * - const uint8_t seed[]: byte array with seed of length SEEDBYTES @@ -487,16 +487,16 @@ void poly_uniform_gamma1(poly *a, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; uint8_t buf[SHAKE256_RATE]; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_squeezeblocks(buf, 1, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.h similarity index 97% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.h index d2fd989b6a..904baa1ca4 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/poly.h @@ -51,7 +51,7 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define polyeta_pack DILITHIUM_NAMESPACE(polyeta_pack) void polyeta_pack(uint8_t *r, const poly *a); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.c index 40032b656b..241f618187 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.c @@ -161,7 +161,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283008,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.c similarity index 95% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.c index 75feff8bc5..8479a222cd 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.c @@ -24,7 +24,7 @@ int32_t montgomery_reduce(int64_t a) { * Name: reduce32 * * Description: For finite field element a with a <= 2^{31} - 2^{22} - 1, -* compute r \equiv a (mod Q) such that -6283009 <= r <= 6283007. +* compute r \equiv a (mod Q) such that -6283008 <= r <= 6283008. * * Arguments: - int32_t: finite field element a * diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/reduce.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.c similarity index 66% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.c index 9298ad2177..abb033c42a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.c @@ -30,7 +30,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -65,27 +67,33 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, - size_t *siglen, - const uint8_t *m, - size_t mlen, - const uint8_t *sk) +int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk) { unsigned int n; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *mu, *rhoprime, *rnd; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint16_t nonce = 0; polyvecl mat[K], s1, y, z; polyveck t0, s2, w1, w0, h; @@ -95,26 +103,25 @@ int crypto_sign_signature(uint8_t *sig, rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - - /* Compute mu = CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - for(n=0;n 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + for(i=0;i 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -306,6 +407,8 @@ int crypto_sign_verify(const uint8_t *sig, * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context tring +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise @@ -314,6 +417,8 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, + size_t ctxlen, const uint8_t *pk) { size_t i; @@ -322,7 +427,7 @@ int crypto_sign_open(uint8_t *m, goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -333,7 +438,7 @@ int crypto_sign_open(uint8_t *m, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44_ref/symmetric.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/api.h deleted file mode 100644 index 55b637669d..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/api.h +++ /dev/null @@ -1,88 +0,0 @@ -#ifndef API_H -#define API_H - -#include -#include - -#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 -#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 -#define pqcrystals_dilithium2_BYTES 2420 - -#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES -#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES -#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES - -int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 -#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 -#define pqcrystals_dilithium3_BYTES 3309 - -#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES -#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES -#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES - -int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 -#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 -#define pqcrystals_dilithium5_BYTES 4627 - -#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES -#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES -#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES - -int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/config.h deleted file mode 100644 index e59f81a5e8..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_avx2_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_avx2_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_avx2_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/config.h deleted file mode 100644 index eddf13f5ea..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_ref_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_ref_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_ref_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/align.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/align.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/align.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/align.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/api.h new file mode 100644 index 0000000000..36ec622e5d --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/api.h @@ -0,0 +1,100 @@ +#ifndef API_H +#define API_H + +#include +#include + +#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 +#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 +#define pqcrystals_dilithium2_BYTES 2420 + +#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES +#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES +#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES + +int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 +#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 +#define pqcrystals_dilithium3_BYTES 3309 + +#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES +#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES +#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES + +int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 +#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 +#define pqcrystals_dilithium5_BYTES 4627 + +#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES +#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES +#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES + +int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/config.h new file mode 100644 index 0000000000..3944cb4412 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_avx2_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_avx2_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_avx2_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/consts.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/consts.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/consts.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/consts.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/consts.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/consts.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/consts.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/consts.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/invntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/invntt.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/invntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/invntt.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.S similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.S index 38415de893..ebe17d3b8a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.S +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.S @@ -194,4 +194,3 @@ levels2t7 2 levels2t7 3 ret - diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/pointwise.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/pointwise.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/pointwise.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/pointwise.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.c index 25d36828ad..0a4ecb6e1e 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.c @@ -31,7 +31,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. Assumes input +* representative in [-6283009,6283008]. Assumes input * coefficients to be at most 2^31 - 2^22 - 1 in absolute value. * * Arguments: - poly *a: pointer to input/output polynomial @@ -673,16 +673,16 @@ void poly_uniform_gamma1_4x(poly *a0, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; ALIGNED_UINT8(SHAKE256_RATE) buf; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.h similarity index 98% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.h index 7bcd8e5e03..7d93088549 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/poly.h @@ -53,7 +53,7 @@ void poly_uniform_gamma1_preinit(poly *a, stream256_state *state); #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1) void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define poly_uniform_4x DILITHIUM_NAMESPACE(poly_uniform_4x) void poly_uniform_4x(poly *a0, diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.c index 6e2302168e..0db351496c 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.c @@ -363,7 +363,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283009,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rejsample.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rejsample.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rejsample.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rejsample.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rejsample.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rejsample.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rejsample.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rejsample.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/shuffle.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/shuffle.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/shuffle.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/shuffle.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/shuffle.inc b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/shuffle.inc similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/shuffle.inc rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/shuffle.inc diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.c similarity index 74% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.c index a39f8515c4..532e37c680 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.c @@ -74,7 +74,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -135,22 +137,27 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t rnd[RNDBYTES], const uint8_t *sk) +{ unsigned int i, n, pos; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *rnd, *mu, *rhoprime; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint8_t hintbuf[N]; uint8_t *hint = sig + CTILDEBYTES + L*POLYZ_PACKEDBYTES; uint64_t nonce = 0; @@ -166,24 +173,25 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - /* Compute CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - memset(rnd, 0, RNDBYTES); -#endif - shake256(rhoprime, CRHBYTES, key, SEEDBYTES + RNDBYTES + CRHBYTES); + /* Compute rhoprime = CRH(key, rnd, mu) */ + shake256_inc_ctx_reset(&state); + shake256_inc_absorb(&state, key, SEEDBYTES); + shake256_inc_absorb(&state, rnd, RNDBYTES); + shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_finalize(&state); + shake256_inc_squeeze(rhoprime, CRHBYTES, &state); /* Expand matrix and transform vectors */ polyvec_matrix_expand(mat, rho); @@ -281,6 +289,45 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t return 0; } +/************************************************* +* Name: crypto_sign_signature +* +* Description: Computes signature. +* +* Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) +* - size_t *siglen: pointer to output length of signature +* - uint8_t *m: pointer to message to be signed +* - size_t mlen: length of message +* - uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - uint8_t *sk: pointer to bit-packed secret key +* +* Returns 0 (success) or -1 (context string too long) +**************************************************/ +int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk) +{ + uint8_t pre[257]; + uint8_t rnd[RNDBYTES]; + + if(ctxlen > 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + memset(rnd, 0, RNDBYTES); +#endif + + crypto_sign_signature_internal(sig,siglen,m,mlen,pre,2+ctxlen,rnd,sk); + return 0; +} + /************************************************* * Name: crypto_sign * @@ -293,34 +340,42 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t * message * - const uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk) +{ size_t i; + int ret; for(i = 0; i < mlen; ++i) sm[CRYPTO_BYTES + mlen - 1 - i] = m[mlen - 1 - i]; - crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, sk); + ret = crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, ctx, ctxlen, sk); *smlen += mlen; - return 0; + return ret; } /************************************************* -* Name: crypto_sign_verify +* Name: crypto_sign_verify_internal * -* Description: Verifies signature. +* Description: Verifies signature. Internal API. * * Arguments: - uint8_t *m: pointer to input signature * - size_t siglen: length of signature * - const uint8_t *m: pointer to message * - size_t mlen: length of message +* - const uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk) { +int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t *pk) { unsigned int i, j, pos = 0; /* polyw1_pack writes additional 14 bytes */ ALIGNED_UINT8(K*POLYW1_PACKEDBYTES+14) buf; @@ -335,14 +390,14 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size if(siglen != CRYPTO_BYTES) return -1; - /* Compute CRH(H(rho, t1), msg) */ - shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES); + /* Compute CRH(H(rho, t1), pre, msg) */ + shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); shake256_inc_init(&state); shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); - shake256_inc_ctx_release(&state); /* Expand challenge */ poly_challenge(&c, sig); @@ -372,12 +427,17 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Get hint polynomial and reconstruct w1 */ memset(h.vec, 0, sizeof(poly)); - if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) + if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) { + shake256_inc_ctx_release(&state); return -1; + } for(j = pos; j < hint[OMEGA + i]; ++j) { /* Coefficients are ordered for strong unforgeability */ - if(j > pos && hint[j] <= hint[j-1]) return -1; + if(j > pos && hint[j] <= hint[j-1]) { + shake256_inc_ctx_release(&state); + return -1; + } h.coeffs[hint[j]] = 1; } pos = hint[OMEGA + i]; @@ -389,10 +449,13 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Extra indices are zero for strong unforgeability */ for(j = pos; j < OMEGA; ++j) - if(hint[j]) return -1; + if(hint[j]) { + shake256_inc_ctx_release(&state); + return -1; + } /* Call random oracle and verify challenge */ - shake256_inc_init(&state); + shake256_inc_ctx_reset(&state); shake256_inc_absorb(&state, mu, CRHBYTES); shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES); shake256_inc_finalize(&state); @@ -405,6 +468,35 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size return 0; } +/************************************************* +* Name: crypto_sign_verify +* +* Description: Verifies signature. +* +* Arguments: - uint8_t *m: pointer to input signature +* - size_t siglen: length of signature +* - const uint8_t *m: pointer to message +* - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - const uint8_t *pk: pointer to bit-packed public key +* +* Returns 0 if signature could be verified correctly and -1 otherwise +**************************************************/ +int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) +{ + uint8_t pre[257]; + + if(ctxlen > 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -415,18 +507,21 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, const uint8_t *pk) { +int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) { size_t i; if(smlen < CRYPTO_BYTES) goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -437,7 +532,7 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_avx2/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_avx2/symmetric.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/api.h similarity index 81% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/api.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/api.h index 78caa5c728..032fa9f9bb 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/api.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/api.h @@ -16,21 +16,24 @@ int pqcrystals_dilithium2_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium2_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium2_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 #define pqcrystals_dilithium3_SECRETKEYBYTES 4032 #define pqcrystals_dilithium3_BYTES 3309 @@ -43,21 +46,24 @@ int pqcrystals_dilithium3_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium3_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium3_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 #define pqcrystals_dilithium5_SECRETKEYBYTES 4896 #define pqcrystals_dilithium5_BYTES 4627 @@ -70,18 +76,22 @@ int pqcrystals_dilithium5_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium5_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium5_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/config.h new file mode 100644 index 0000000000..8008e11a92 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ref_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ref_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ref_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/ntt.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/ntt.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/ntt.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/ntt.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.c index 7983aacdd1..691b5e8909 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.c @@ -21,7 +21,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. +* representative in [-6283008,6283008]. * * Arguments: - poly *a: pointer to input/output polynomial **************************************************/ @@ -335,7 +335,7 @@ static unsigned int rej_uniform(int32_t *a, * * Description: Sample polynomial with uniformly random coefficients * in [0,Q-1] by performing rejection sampling on the -* output stream of SHAKE256(seed|nonce) +* output stream of SHAKE128(seed|nonce) * * Arguments: - poly *a: pointer to output polynomial * - const uint8_t seed[]: byte array with seed of length SEEDBYTES @@ -487,16 +487,16 @@ void poly_uniform_gamma1(poly *a, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; uint8_t buf[SHAKE256_RATE]; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_squeezeblocks(buf, 1, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.h similarity index 97% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.h index d2fd989b6a..904baa1ca4 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/poly.h @@ -51,7 +51,7 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define polyeta_pack DILITHIUM_NAMESPACE(polyeta_pack) void polyeta_pack(uint8_t *r, const poly *a); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.c index 40032b656b..241f618187 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.c @@ -161,7 +161,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283008,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.c similarity index 95% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.c index 75feff8bc5..8479a222cd 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.c @@ -24,7 +24,7 @@ int32_t montgomery_reduce(int64_t a) { * Name: reduce32 * * Description: For finite field element a with a <= 2^{31} - 2^{22} - 1, -* compute r \equiv a (mod Q) such that -6283009 <= r <= 6283007. +* compute r \equiv a (mod Q) such that -6283008 <= r <= 6283008. * * Arguments: - int32_t: finite field element a * diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/reduce.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/reduce.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.c similarity index 66% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.c index 9298ad2177..abb033c42a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.c @@ -30,7 +30,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -65,27 +67,33 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, - size_t *siglen, - const uint8_t *m, - size_t mlen, - const uint8_t *sk) +int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk) { unsigned int n; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *mu, *rhoprime, *rnd; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint16_t nonce = 0; polyvecl mat[K], s1, y, z; polyveck t0, s2, w1, w0, h; @@ -95,26 +103,25 @@ int crypto_sign_signature(uint8_t *sig, rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - - /* Compute mu = CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - for(n=0;n 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + for(i=0;i 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -306,6 +407,8 @@ int crypto_sign_verify(const uint8_t *sig, * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context tring +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise @@ -314,6 +417,8 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, + size_t ctxlen, const uint8_t *pk) { size_t i; @@ -322,7 +427,7 @@ int crypto_sign_open(uint8_t *m, goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -333,7 +438,7 @@ int crypto_sign_open(uint8_t *m, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65_ref/symmetric.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/api.h deleted file mode 100644 index 55b637669d..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/api.h +++ /dev/null @@ -1,88 +0,0 @@ -#ifndef API_H -#define API_H - -#include -#include - -#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 -#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 -#define pqcrystals_dilithium2_BYTES 2420 - -#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES -#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES -#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES - -int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 -#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 -#define pqcrystals_dilithium3_BYTES 3309 - -#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES -#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES -#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES - -int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 -#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 -#define pqcrystals_dilithium5_BYTES 4627 - -#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES -#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES -#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES - -int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); - -int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/config.h deleted file mode 100644 index e59f81a5e8..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_avx2_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_avx2_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_avx2 -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_avx2_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/config.h deleted file mode 100644 index eddf13f5ea..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/config.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef CONFIG_H -#define CONFIG_H - -//#define DILITHIUM_MODE 2 -#define DILITHIUM_RANDOMIZED_SIGNING -//#define USE_RDPMC -//#define DBENCH - -#ifndef DILITHIUM_MODE -#define DILITHIUM_MODE 2 -#endif - -#if DILITHIUM_MODE == 2 -#define CRYPTO_ALGNAME "ML-DSA-44-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ipd_ref_##s -#elif DILITHIUM_MODE == 3 -#define CRYPTO_ALGNAME "ML-DSA-65-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ipd_ref_##s -#elif DILITHIUM_MODE == 5 -#define CRYPTO_ALGNAME "ML-DSA-87-ipd" -#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ipd_ref -#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ipd_ref_##s -#endif - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.h deleted file mode 100644 index 295f378c00..0000000000 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/sign.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef SIGN_H -#define SIGN_H - -#include -#include -#include "params.h" -#include "polyvec.h" -#include "poly.h" - -#define challenge DILITHIUM_NAMESPACE(challenge) -void challenge(poly *c, const uint8_t seed[SEEDBYTES]); - -#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) -int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - -#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) -int crypto_sign_signature(uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign DILITHIUM_NAMESPACETOP -int crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) -int crypto_sign_verify(const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pk); - -#define crypto_sign_open DILITHIUM_NAMESPACE(open) -int crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - -#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/align.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/align.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/align.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/align.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/api.h new file mode 100644 index 0000000000..36ec622e5d --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/api.h @@ -0,0 +1,100 @@ +#ifndef API_H +#define API_H + +#include +#include + +#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312 +#define pqcrystals_dilithium2_SECRETKEYBYTES 2560 +#define pqcrystals_dilithium2_BYTES 2420 + +#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES +#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES +#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES + +int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 +#define pqcrystals_dilithium3_SECRETKEYBYTES 4032 +#define pqcrystals_dilithium3_BYTES 3309 + +#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES +#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES +#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES + +int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 +#define pqcrystals_dilithium5_SECRETKEYBYTES 4896 +#define pqcrystals_dilithium5_BYTES 4627 + +#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES +#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES +#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES + +int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk); + +int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/config.h new file mode 100644 index 0000000000..3944cb4412 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_avx2_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_avx2_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_avx2 +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_avx2_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/consts.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/consts.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/consts.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/consts.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/consts.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/consts.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/consts.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/consts.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/invntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/invntt.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/invntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/invntt.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.S similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.S index 38415de893..ebe17d3b8a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/ntt.S +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.S @@ -194,4 +194,3 @@ levels2t7 2 levels2t7 3 ret - diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/pointwise.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/pointwise.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/pointwise.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/pointwise.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.c index 25d36828ad..0a4ecb6e1e 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.c @@ -31,7 +31,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. Assumes input +* representative in [-6283009,6283008]. Assumes input * coefficients to be at most 2^31 - 2^22 - 1 in absolute value. * * Arguments: - poly *a: pointer to input/output polynomial @@ -673,16 +673,16 @@ void poly_uniform_gamma1_4x(poly *a0, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly * restrict c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly * restrict c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; ALIGNED_UINT8(SHAKE256_RATE) buf; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_inc_squeeze(buf.coeffs, SHAKE256_RATE, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.h similarity index 98% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.h index 7bcd8e5e03..7d93088549 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/poly.h @@ -53,7 +53,7 @@ void poly_uniform_gamma1_preinit(poly *a, stream256_state *state); #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1) void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define poly_uniform_4x DILITHIUM_NAMESPACE(poly_uniform_4x) void poly_uniform_4x(poly *a0, diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.c index 6e2302168e..0db351496c 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.c @@ -363,7 +363,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283009,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rejsample.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rejsample.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rejsample.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rejsample.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rejsample.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rejsample.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rejsample.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rejsample.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/shuffle.S b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/shuffle.S similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/shuffle.S rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/shuffle.S diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/shuffle.inc b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/shuffle.inc similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/shuffle.inc rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/shuffle.inc diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.c similarity index 74% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.c index a39f8515c4..532e37c680 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.c @@ -74,7 +74,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -135,22 +137,27 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign_signature_internal(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t rnd[RNDBYTES], const uint8_t *sk) +{ unsigned int i, n, pos; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *rnd, *mu, *rhoprime; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint8_t hintbuf[N]; uint8_t *hint = sig + CTILDEBYTES + L*POLYZ_PACKEDBYTES; uint64_t nonce = 0; @@ -166,24 +173,25 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - /* Compute CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - memset(rnd, 0, RNDBYTES); -#endif - shake256(rhoprime, CRHBYTES, key, SEEDBYTES + RNDBYTES + CRHBYTES); + /* Compute rhoprime = CRH(key, rnd, mu) */ + shake256_inc_ctx_reset(&state); + shake256_inc_absorb(&state, key, SEEDBYTES); + shake256_inc_absorb(&state, rnd, RNDBYTES); + shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_finalize(&state); + shake256_inc_squeeze(rhoprime, CRHBYTES, &state); /* Expand matrix and transform vectors */ polyvec_matrix_expand(mat, rho); @@ -281,6 +289,45 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t return 0; } +/************************************************* +* Name: crypto_sign_signature +* +* Description: Computes signature. +* +* Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) +* - size_t *siglen: pointer to output length of signature +* - uint8_t *m: pointer to message to be signed +* - size_t mlen: length of message +* - uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - uint8_t *sk: pointer to bit-packed secret key +* +* Returns 0 (success) or -1 (context string too long) +**************************************************/ +int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk) +{ + uint8_t pre[257]; + uint8_t rnd[RNDBYTES]; + + if(ctxlen > 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + memset(rnd, 0, RNDBYTES); +#endif + + crypto_sign_signature_internal(sig,siglen,m,mlen,pre,2+ctxlen,rnd,sk); + return 0; +} + /************************************************* * Name: crypto_sign * @@ -293,34 +340,42 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t * message * - const uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *sk) { +int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk) +{ size_t i; + int ret; for(i = 0; i < mlen; ++i) sm[CRYPTO_BYTES + mlen - 1 - i] = m[mlen - 1 - i]; - crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, sk); + ret = crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, ctx, ctxlen, sk); *smlen += mlen; - return 0; + return ret; } /************************************************* -* Name: crypto_sign_verify +* Name: crypto_sign_verify_internal * -* Description: Verifies signature. +* Description: Verifies signature. Internal API. * * Arguments: - uint8_t *m: pointer to input signature * - size_t siglen: length of signature * - const uint8_t *m: pointer to message * - size_t mlen: length of message +* - const uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk) { +int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *pre, size_t prelen, const uint8_t *pk) { unsigned int i, j, pos = 0; /* polyw1_pack writes additional 14 bytes */ ALIGNED_UINT8(K*POLYW1_PACKEDBYTES+14) buf; @@ -335,14 +390,14 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size if(siglen != CRYPTO_BYTES) return -1; - /* Compute CRH(H(rho, t1), msg) */ - shake256(mu, CRHBYTES, pk, CRYPTO_PUBLICKEYBYTES); + /* Compute CRH(H(rho, t1), pre, msg) */ + shake256(mu, TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); shake256_inc_init(&state); shake256_inc_absorb(&state, mu, CRHBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); - shake256_inc_ctx_release(&state); /* Expand challenge */ poly_challenge(&c, sig); @@ -372,12 +427,17 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Get hint polynomial and reconstruct w1 */ memset(h.vec, 0, sizeof(poly)); - if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) + if(hint[OMEGA + i] < pos || hint[OMEGA + i] > OMEGA) { + shake256_inc_ctx_release(&state); return -1; + } for(j = pos; j < hint[OMEGA + i]; ++j) { /* Coefficients are ordered for strong unforgeability */ - if(j > pos && hint[j] <= hint[j-1]) return -1; + if(j > pos && hint[j] <= hint[j-1]) { + shake256_inc_ctx_release(&state); + return -1; + } h.coeffs[hint[j]] = 1; } pos = hint[OMEGA + i]; @@ -389,10 +449,13 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size /* Extra indices are zero for strong unforgeability */ for(j = pos; j < OMEGA; ++j) - if(hint[j]) return -1; + if(hint[j]) { + shake256_inc_ctx_release(&state); + return -1; + } /* Call random oracle and verify challenge */ - shake256_inc_init(&state); + shake256_inc_ctx_reset(&state); shake256_inc_absorb(&state, mu, CRHBYTES); shake256_inc_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES); shake256_inc_finalize(&state); @@ -405,6 +468,35 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size return 0; } +/************************************************* +* Name: crypto_sign_verify +* +* Description: Verifies signature. +* +* Arguments: - uint8_t *m: pointer to input signature +* - size_t siglen: length of signature +* - const uint8_t *m: pointer to message +* - size_t mlen: length of message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string +* - const uint8_t *pk: pointer to bit-packed public key +* +* Returns 0 if signature could be verified correctly and -1 otherwise +**************************************************/ +int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) +{ + uint8_t pre[257]; + + if(ctxlen > 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + memcpy(&pre[2], ctx, ctxlen); + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -415,18 +507,21 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context string +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise **************************************************/ -int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, const uint8_t *pk) { +int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk) { size_t i; if(smlen < CRYPTO_BYTES) goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -437,7 +532,7 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_avx2/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_avx2/symmetric.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/LICENSE b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/LICENSE similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/LICENSE rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/LICENSE diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/api.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/api.h similarity index 81% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/api.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/api.h index 78caa5c728..032fa9f9bb 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/api.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/api.h @@ -16,21 +16,24 @@ int pqcrystals_dilithium2_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium2_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium2_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium2_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium3_PUBLICKEYBYTES 1952 #define pqcrystals_dilithium3_SECRETKEYBYTES 4032 #define pqcrystals_dilithium3_BYTES 3309 @@ -43,21 +46,24 @@ int pqcrystals_dilithium3_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium3_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium3_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium3_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); - #define pqcrystals_dilithium5_PUBLICKEYBYTES 2592 #define pqcrystals_dilithium5_SECRETKEYBYTES 4896 #define pqcrystals_dilithium5_BYTES 4627 @@ -70,18 +76,22 @@ int pqcrystals_dilithium5_ref_keypair(uint8_t *pk, uint8_t *sk); int pqcrystals_dilithium5_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); int pqcrystals_dilithium5_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); int pqcrystals_dilithium5_ref_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/config.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/config.h new file mode 100644 index 0000000000..8008e11a92 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/config.h @@ -0,0 +1,27 @@ +#ifndef CONFIG_H +#define CONFIG_H + +//#define DILITHIUM_MODE 2 +#define DILITHIUM_RANDOMIZED_SIGNING +//#define USE_RDPMC +//#define DBENCH + +#ifndef DILITHIUM_MODE +#define DILITHIUM_MODE 2 +#endif + +#if DILITHIUM_MODE == 2 +#define CRYPTO_ALGNAME "ML-DSA-44" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_44_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_44_ref_##s +#elif DILITHIUM_MODE == 3 +#define CRYPTO_ALGNAME "ML-DSA-65" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_65_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_65_ref_##s +#elif DILITHIUM_MODE == 5 +#define CRYPTO_ALGNAME "ML-DSA-87" +#define DILITHIUM_NAMESPACETOP pqcrystals_ml_dsa_87_ref +#define DILITHIUM_NAMESPACE(s) pqcrystals_ml_dsa_87_ref_##s +#endif + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/ntt.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/ntt.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/ntt.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/ntt.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/ntt.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/ntt.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/ntt.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/ntt.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/packing.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/packing.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/packing.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/packing.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/packing.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/packing.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/packing.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/packing.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/params.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/params.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/params.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/params.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.c index 7983aacdd1..691b5e8909 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.c @@ -21,7 +21,7 @@ extern uint64_t *tred, *tadd, *tmul, *tround, *tsample, *tpack; * Name: poly_reduce * * Description: Inplace reduction of all coefficients of polynomial to -* representative in [-6283009,6283007]. +* representative in [-6283008,6283008]. * * Arguments: - poly *a: pointer to input/output polynomial **************************************************/ @@ -335,7 +335,7 @@ static unsigned int rej_uniform(int32_t *a, * * Description: Sample polynomial with uniformly random coefficients * in [0,Q-1] by performing rejection sampling on the -* output stream of SHAKE256(seed|nonce) +* output stream of SHAKE128(seed|nonce) * * Arguments: - poly *a: pointer to output polynomial * - const uint8_t seed[]: byte array with seed of length SEEDBYTES @@ -487,16 +487,16 @@ void poly_uniform_gamma1(poly *a, * SHAKE256(seed). * * Arguments: - poly *c: pointer to output polynomial -* - const uint8_t mu[]: byte array containing seed of length SEEDBYTES +* - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES **************************************************/ -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) { +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) { unsigned int i, b, pos; uint64_t signs; uint8_t buf[SHAKE256_RATE]; shake256incctx state; shake256_inc_init(&state); - shake256_inc_absorb(&state, seed, SEEDBYTES); + shake256_inc_absorb(&state, seed, CTILDEBYTES); shake256_inc_finalize(&state); shake256_squeezeblocks(buf, 1, &state); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.h similarity index 97% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.h index d2fd989b6a..904baa1ca4 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/poly.h +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/poly.h @@ -51,7 +51,7 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce); #define poly_challenge DILITHIUM_NAMESPACE(poly_challenge) -void poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]); +void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]); #define polyeta_pack DILITHIUM_NAMESPACE(polyeta_pack) void polyeta_pack(uint8_t *r, const poly *a); diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.c similarity index 99% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.c index 40032b656b..241f618187 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-65-ipd_ref/polyvec.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.c @@ -161,7 +161,7 @@ void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t no * Name: polyveck_reduce * * Description: Reduce coefficients of polynomials in vector of length K -* to representatives in [-6283009,6283007]. +* to representatives in [-6283008,6283008]. * * Arguments: - polyveck *v: pointer to input/output vector **************************************************/ diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/polyvec.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/polyvec.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.c similarity index 95% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.c index 75feff8bc5..8479a222cd 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/reduce.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.c @@ -24,7 +24,7 @@ int32_t montgomery_reduce(int64_t a) { * Name: reduce32 * * Description: For finite field element a with a <= 2^{31} - 2^{22} - 1, -* compute r \equiv a (mod Q) such that -6283009 <= r <= 6283007. +* compute r \equiv a (mod Q) such that -6283008 <= r <= 6283008. * * Arguments: - int32_t: finite field element a * diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/reduce.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/reduce.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/rounding.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/rounding.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/rounding.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/rounding.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/rounding.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/rounding.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/rounding.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/rounding.h diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.c similarity index 66% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.c index 9298ad2177..abb033c42a 100644 --- a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-44-ipd_ref/sign.c +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.c @@ -30,7 +30,9 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { /* Get randomness for rho, rhoprime and key */ randombytes(seedbuf, SEEDBYTES); - shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES); + seedbuf[SEEDBYTES+0] = K; + seedbuf[SEEDBYTES+1] = L; + shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seedbuf, SEEDBYTES+2); rho = seedbuf; rhoprime = rho + SEEDBYTES; key = rhoprime + CRHBYTES; @@ -65,27 +67,33 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } /************************************************* -* Name: crypto_sign_signature +* Name: crypto_sign_signature_internal * -* Description: Computes signature. +* Description: Computes signature. Internal API. * * Arguments: - uint8_t *sig: pointer to output signature (of length CRYPTO_BYTES) * - size_t *siglen: pointer to output length of signature * - uint8_t *m: pointer to message to be signed * - size_t mlen: length of message +* - uint8_t *pre: pointer to prefix string +* - size_t prelen: length of prefix string +* - uint8_t *rnd: pointer to random seed * - uint8_t *sk: pointer to bit-packed secret key * * Returns 0 (success) **************************************************/ -int crypto_sign_signature(uint8_t *sig, - size_t *siglen, - const uint8_t *m, - size_t mlen, - const uint8_t *sk) +int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk) { unsigned int n; - uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES]; - uint8_t *rho, *tr, *key, *mu, *rhoprime, *rnd; + uint8_t seedbuf[2*SEEDBYTES + TRBYTES + 2*CRHBYTES]; + uint8_t *rho, *tr, *key, *mu, *rhoprime; uint16_t nonce = 0; polyvecl mat[K], s1, y, z; polyveck t0, s2, w1, w0, h; @@ -95,26 +103,25 @@ int crypto_sign_signature(uint8_t *sig, rho = seedbuf; tr = rho + SEEDBYTES; key = tr + TRBYTES; - rnd = key + SEEDBYTES; - mu = rnd + RNDBYTES; + mu = key + SEEDBYTES; rhoprime = mu + CRHBYTES; unpack_sk(rho, tr, key, &t0, &s1, &s2, sk); - - /* Compute mu = CRH(tr, msg) */ + /* Compute mu = CRH(tr, pre, msg) */ shake256_inc_init(&state); shake256_inc_absorb(&state, tr, TRBYTES); + shake256_inc_absorb(&state, pre, prelen); shake256_inc_absorb(&state, m, mlen); shake256_inc_finalize(&state); shake256_inc_squeeze(mu, CRHBYTES, &state); -#ifdef DILITHIUM_RANDOMIZED_SIGNING - randombytes(rnd, RNDBYTES); -#else - for(n=0;n 255) + return -1; + + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + +#ifdef DILITHIUM_RANDOMIZED_SIGNING + randombytes(rnd, RNDBYTES); +#else + for(i=0;i 255) + return -1; + + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + + return crypto_sign_verify_internal(sig,siglen,m,mlen,pre,2+ctxlen,pk); +} + /************************************************* * Name: crypto_sign_open * @@ -306,6 +407,8 @@ int crypto_sign_verify(const uint8_t *sig, * - size_t *mlen: pointer to output length of message * - const uint8_t *sm: pointer to signed message * - size_t smlen: length of signed message +* - const uint8_t *ctx: pointer to context tring +* - size_t ctxlen: length of context string * - const uint8_t *pk: pointer to bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise @@ -314,6 +417,8 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, + const uint8_t *ctx, + size_t ctxlen, const uint8_t *pk) { size_t i; @@ -322,7 +427,7 @@ int crypto_sign_open(uint8_t *m, goto badsig; *mlen = smlen - CRYPTO_BYTES; - if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, pk)) + if(crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, ctxlen, pk)) goto badsig; else { /* All good, copy msg, return 0 */ @@ -333,7 +438,7 @@ int crypto_sign_open(uint8_t *m, badsig: /* Signature verification failed */ - *mlen = -1; + *mlen = 0; for(i = 0; i < smlen; ++i) m[i] = 0; diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.h new file mode 100644 index 0000000000..0b5f74aae3 --- /dev/null +++ b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/sign.h @@ -0,0 +1,58 @@ +#ifndef SIGN_H +#define SIGN_H + +#include + +#include +#include +#include "params.h" +#include "polyvec.h" +#include "poly.h" + +#define crypto_sign_keypair DILITHIUM_NAMESPACE(keypair) +int crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + +#define crypto_sign_signature_internal DILITHIUM_NAMESPACE(signature_internal) +OQS_API int crypto_sign_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +#define crypto_sign_signature DILITHIUM_NAMESPACE(signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign DILITHIUM_NAMESPACETOP +int crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk); + +#define crypto_sign_verify_internal DILITHIUM_NAMESPACE(verify_internal) +OQS_API int crypto_sign_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); + +#define crypto_sign_verify DILITHIUM_NAMESPACE(verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#define crypto_sign_open DILITHIUM_NAMESPACE(open) +int crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); + +#endif diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/symmetric-shake.c b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/symmetric-shake.c similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/symmetric-shake.c rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/symmetric-shake.c diff --git a/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/symmetric.h b/src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/symmetric.h similarity index 100% rename from src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87-ipd_ref/symmetric.h rename to src/sig/ml_dsa/pqcrystals-dilithium-standard_ml-dsa-87_ref/symmetric.h diff --git a/src/sig/ml_dsa/sig_ml_dsa.h b/src/sig/ml_dsa/sig_ml_dsa.h index fe95a2d7cf..e5f00f4387 100644 --- a/src/sig/ml_dsa/sig_ml_dsa.h +++ b/src/sig/ml_dsa/sig_ml_dsa.h @@ -5,61 +5,43 @@ #include -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_44) -#define OQS_SIG_ml_dsa_44_ipd_length_public_key 1312 -#define OQS_SIG_ml_dsa_44_ipd_length_secret_key 2560 -#define OQS_SIG_ml_dsa_44_ipd_length_signature 2420 +#if defined(OQS_ENABLE_SIG_ml_dsa_44) +#define OQS_SIG_ml_dsa_44_length_public_key 1312 +#define OQS_SIG_ml_dsa_44_length_secret_key 2560 +#define OQS_SIG_ml_dsa_44_length_signature 2420 -OQS_SIG *OQS_SIG_ml_dsa_44_ipd_new(void); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); - -#define OQS_SIG_ml_dsa_44_length_public_key OQS_SIG_ml_dsa_44_ipd_length_public_key -#define OQS_SIG_ml_dsa_44_length_secret_key OQS_SIG_ml_dsa_44_ipd_length_secret_key -#define OQS_SIG_ml_dsa_44_length_signature OQS_SIG_ml_dsa_44_ipd_length_signature OQS_SIG *OQS_SIG_ml_dsa_44_new(void); -#define OQS_SIG_ml_dsa_44_keypair OQS_SIG_ml_dsa_44_ipd_keypair -#define OQS_SIG_ml_dsa_44_sign OQS_SIG_ml_dsa_44_ipd_sign -#define OQS_SIG_ml_dsa_44_verify OQS_SIG_ml_dsa_44_ipd_verify +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_65) -#define OQS_SIG_ml_dsa_65_ipd_length_public_key 1952 -#define OQS_SIG_ml_dsa_65_ipd_length_secret_key 4032 -#define OQS_SIG_ml_dsa_65_ipd_length_signature 3309 - -OQS_SIG *OQS_SIG_ml_dsa_65_ipd_new(void); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#if defined(OQS_ENABLE_SIG_ml_dsa_65) +#define OQS_SIG_ml_dsa_65_length_public_key 1952 +#define OQS_SIG_ml_dsa_65_length_secret_key 4032 +#define OQS_SIG_ml_dsa_65_length_signature 3309 -#define OQS_SIG_ml_dsa_65_length_public_key OQS_SIG_ml_dsa_65_ipd_length_public_key -#define OQS_SIG_ml_dsa_65_length_secret_key OQS_SIG_ml_dsa_65_ipd_length_secret_key -#define OQS_SIG_ml_dsa_65_length_signature OQS_SIG_ml_dsa_65_ipd_length_signature OQS_SIG *OQS_SIG_ml_dsa_65_new(void); -#define OQS_SIG_ml_dsa_65_keypair OQS_SIG_ml_dsa_65_ipd_keypair -#define OQS_SIG_ml_dsa_65_sign OQS_SIG_ml_dsa_65_ipd_sign -#define OQS_SIG_ml_dsa_65_verify OQS_SIG_ml_dsa_65_ipd_verify +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_87) -#define OQS_SIG_ml_dsa_87_ipd_length_public_key 2592 -#define OQS_SIG_ml_dsa_87_ipd_length_secret_key 4896 -#define OQS_SIG_ml_dsa_87_ipd_length_signature 4627 - -OQS_SIG *OQS_SIG_ml_dsa_87_ipd_new(void); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_keypair(uint8_t *public_key, uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#if defined(OQS_ENABLE_SIG_ml_dsa_87) +#define OQS_SIG_ml_dsa_87_length_public_key 2592 +#define OQS_SIG_ml_dsa_87_length_secret_key 4896 +#define OQS_SIG_ml_dsa_87_length_signature 4627 -#define OQS_SIG_ml_dsa_87_length_public_key OQS_SIG_ml_dsa_87_ipd_length_public_key -#define OQS_SIG_ml_dsa_87_length_secret_key OQS_SIG_ml_dsa_87_ipd_length_secret_key -#define OQS_SIG_ml_dsa_87_length_signature OQS_SIG_ml_dsa_87_ipd_length_signature OQS_SIG *OQS_SIG_ml_dsa_87_new(void); -#define OQS_SIG_ml_dsa_87_keypair OQS_SIG_ml_dsa_87_ipd_keypair -#define OQS_SIG_ml_dsa_87_sign OQS_SIG_ml_dsa_87_ipd_sign -#define OQS_SIG_ml_dsa_87_verify OQS_SIG_ml_dsa_87_ipd_verify +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_44.c b/src/sig/ml_dsa/sig_ml_dsa_44.c new file mode 100644 index 0000000000..1a786ae850 --- /dev/null +++ b/src/sig/ml_dsa/sig_ml_dsa_44.c @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_SIG_ml_dsa_44) +OQS_SIG *OQS_SIG_ml_dsa_44_new(void) { + + OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); + if (sig == NULL) { + return NULL; + } + sig->method_name = OQS_SIG_alg_ml_dsa_44; + sig->alg_version = "FIPS204"; + + sig->claimed_nist_level = 2; + sig->euf_cma = true; + sig->sig_with_ctx_support = true; + + sig->length_public_key = OQS_SIG_ml_dsa_44_length_public_key; + sig->length_secret_key = OQS_SIG_ml_dsa_44_length_secret_key; + sig->length_signature = OQS_SIG_ml_dsa_44_length_signature; + + sig->keypair = OQS_SIG_ml_dsa_44_keypair; + sig->sign = OQS_SIG_ml_dsa_44_sign; + sig->verify = OQS_SIG_ml_dsa_44_verify; + sig->sign_with_ctx_str = OQS_SIG_ml_dsa_44_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_ml_dsa_44_verify_with_ctx_str; + + return sig; +} + +extern int pqcrystals_ml_dsa_44_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_44_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_44_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); + +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +extern int pqcrystals_ml_dsa_44_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_44_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_44_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); +#endif + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_44_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_44_avx2_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_44_avx2_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#endif +} +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_44_avx2_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_44_avx2_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_44_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#endif +} +#endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_44_ipd.c b/src/sig/ml_dsa/sig_ml_dsa_44_ipd.c deleted file mode 100644 index 5856a4c531..0000000000 --- a/src/sig/ml_dsa/sig_ml_dsa_44_ipd.c +++ /dev/null @@ -1,119 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_44) - -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd) - -OQS_SIG *OQS_SIG_ml_dsa_44_ipd_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_44_ipd; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 2; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_44_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_44_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_44_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_44_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_44_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_44_ipd_verify; - - return sig; -} -#endif - -#if defined(OQS_ENABLE_SIG_ml_dsa_44) -/** Alias */ -OQS_SIG *OQS_SIG_ml_dsa_44_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_44; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 2; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_44_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_44_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_44_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_44_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_44_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_44_ipd_verify; - - return sig; -} -#endif - -extern int pqcrystals_ml_dsa_44_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_44_ipd_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_44_ipd_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); - -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) -extern int pqcrystals_ml_dsa_44_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_44_ipd_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_44_ipd_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); -#endif - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_avx2_signature(signature, signature_len, message, message_len, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_44_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_44_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_44_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_avx2_verify(signature, signature_len, message, message_len, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_verify(signature, signature_len, message, message_len, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_44_ipd_ref_verify(signature, signature_len, message, message_len, public_key); -#endif -} - -#endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_65.c b/src/sig/ml_dsa/sig_ml_dsa_65.c new file mode 100644 index 0000000000..094878d4c0 --- /dev/null +++ b/src/sig/ml_dsa/sig_ml_dsa_65.c @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_SIG_ml_dsa_65) +OQS_SIG *OQS_SIG_ml_dsa_65_new(void) { + + OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); + if (sig == NULL) { + return NULL; + } + sig->method_name = OQS_SIG_alg_ml_dsa_65; + sig->alg_version = "FIPS204"; + + sig->claimed_nist_level = 3; + sig->euf_cma = true; + sig->sig_with_ctx_support = true; + + sig->length_public_key = OQS_SIG_ml_dsa_65_length_public_key; + sig->length_secret_key = OQS_SIG_ml_dsa_65_length_secret_key; + sig->length_signature = OQS_SIG_ml_dsa_65_length_signature; + + sig->keypair = OQS_SIG_ml_dsa_65_keypair; + sig->sign = OQS_SIG_ml_dsa_65_sign; + sig->verify = OQS_SIG_ml_dsa_65_verify; + sig->sign_with_ctx_str = OQS_SIG_ml_dsa_65_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_ml_dsa_65_verify_with_ctx_str; + + return sig; +} + +extern int pqcrystals_ml_dsa_65_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_65_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_65_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); + +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +extern int pqcrystals_ml_dsa_65_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_65_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_65_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); +#endif + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_65_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_65_avx2_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_65_avx2_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#endif +} +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_65_avx2_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_65_avx2_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_65_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#endif +} +#endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_65_ipd.c b/src/sig/ml_dsa/sig_ml_dsa_65_ipd.c deleted file mode 100644 index 4fc828966f..0000000000 --- a/src/sig/ml_dsa/sig_ml_dsa_65_ipd.c +++ /dev/null @@ -1,119 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_65) - -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd) - -OQS_SIG *OQS_SIG_ml_dsa_65_ipd_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_65_ipd; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 3; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_65_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_65_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_65_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_65_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_65_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_65_ipd_verify; - - return sig; -} -#endif - -#if defined(OQS_ENABLE_SIG_ml_dsa_65) -/** Alias */ -OQS_SIG *OQS_SIG_ml_dsa_65_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_65; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 3; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_65_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_65_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_65_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_65_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_65_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_65_ipd_verify; - - return sig; -} -#endif - -extern int pqcrystals_ml_dsa_65_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_65_ipd_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_65_ipd_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); - -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) -extern int pqcrystals_ml_dsa_65_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_65_ipd_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_65_ipd_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); -#endif - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_avx2_signature(signature, signature_len, message, message_len, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_65_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_65_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_65_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_avx2_verify(signature, signature_len, message, message_len, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_verify(signature, signature_len, message, message_len, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_65_ipd_ref_verify(signature, signature_len, message, message_len, public_key); -#endif -} - -#endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_87.c b/src/sig/ml_dsa/sig_ml_dsa_87.c new file mode 100644 index 0000000000..689690aa61 --- /dev/null +++ b/src/sig/ml_dsa/sig_ml_dsa_87.c @@ -0,0 +1,122 @@ +// SPDX-License-Identifier: MIT + +#include + +#include + +#if defined(OQS_ENABLE_SIG_ml_dsa_87) +OQS_SIG *OQS_SIG_ml_dsa_87_new(void) { + + OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); + if (sig == NULL) { + return NULL; + } + sig->method_name = OQS_SIG_alg_ml_dsa_87; + sig->alg_version = "FIPS204"; + + sig->claimed_nist_level = 5; + sig->euf_cma = true; + sig->sig_with_ctx_support = true; + + sig->length_public_key = OQS_SIG_ml_dsa_87_length_public_key; + sig->length_secret_key = OQS_SIG_ml_dsa_87_length_secret_key; + sig->length_signature = OQS_SIG_ml_dsa_87_length_signature; + + sig->keypair = OQS_SIG_ml_dsa_87_keypair; + sig->sign = OQS_SIG_ml_dsa_87_sign; + sig->verify = OQS_SIG_ml_dsa_87_verify; + sig->sign_with_ctx_str = OQS_SIG_ml_dsa_87_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_ml_dsa_87_verify_with_ctx_str; + + return sig; +} + +extern int pqcrystals_ml_dsa_87_ref_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_87_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_87_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); + +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +extern int pqcrystals_ml_dsa_87_avx2_keypair(uint8_t *pk, uint8_t *sk); +extern int pqcrystals_ml_dsa_87_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *sk); +extern int pqcrystals_ml_dsa_87_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, const uint8_t *pk); +#endif + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_keypair(uint8_t *public_key, uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_87_avx2_keypair(public_key, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_keypair(public_key, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_keypair(public_key, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_87_avx2_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_signature(signature, signature_len, message, message_len, NULL, 0, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_87_avx2_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_verify(signature, signature_len, message, message_len, NULL, 0, public_key); +#endif +} +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_87_avx2_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_signature(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key); +#endif +} + +OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { +#if defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) +#if defined(OQS_DIST_BUILD) + if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { +#endif /* OQS_DIST_BUILD */ + return (OQS_STATUS) pqcrystals_ml_dsa_87_avx2_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#if defined(OQS_DIST_BUILD) + } else { + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); + } +#endif /* OQS_DIST_BUILD */ +#else + return (OQS_STATUS) pqcrystals_ml_dsa_87_ref_verify(signature, signature_len, message, message_len, ctx_str, ctx_str_len, public_key); +#endif +} +#endif diff --git a/src/sig/ml_dsa/sig_ml_dsa_87_ipd.c b/src/sig/ml_dsa/sig_ml_dsa_87_ipd.c deleted file mode 100644 index 5b362a2c08..0000000000 --- a/src/sig/ml_dsa/sig_ml_dsa_87_ipd.c +++ /dev/null @@ -1,119 +0,0 @@ -// SPDX-License-Identifier: MIT - -#include - -#include - -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd) || defined(OQS_ENABLE_SIG_ml_dsa_87) - -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd) - -OQS_SIG *OQS_SIG_ml_dsa_87_ipd_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_87_ipd; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 5; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_87_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_87_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_87_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_87_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_87_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_87_ipd_verify; - - return sig; -} -#endif - -#if defined(OQS_ENABLE_SIG_ml_dsa_87) -/** Alias */ -OQS_SIG *OQS_SIG_ml_dsa_87_new(void) { - - OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); - if (sig == NULL) { - return NULL; - } - sig->method_name = OQS_SIG_alg_ml_dsa_87; - sig->alg_version = "https://github.com/pq-crystals/dilithium/tree/standard"; - - sig->claimed_nist_level = 5; - sig->euf_cma = true; - - sig->length_public_key = OQS_SIG_ml_dsa_87_ipd_length_public_key; - sig->length_secret_key = OQS_SIG_ml_dsa_87_ipd_length_secret_key; - sig->length_signature = OQS_SIG_ml_dsa_87_ipd_length_signature; - - sig->keypair = OQS_SIG_ml_dsa_87_ipd_keypair; - sig->sign = OQS_SIG_ml_dsa_87_ipd_sign; - sig->verify = OQS_SIG_ml_dsa_87_ipd_verify; - - return sig; -} -#endif - -extern int pqcrystals_ml_dsa_87_ipd_ref_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_87_ipd_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_87_ipd_ref_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); - -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) -extern int pqcrystals_ml_dsa_87_ipd_avx2_keypair(uint8_t *pk, uint8_t *sk); -extern int pqcrystals_ml_dsa_87_ipd_avx2_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk); -extern int pqcrystals_ml_dsa_87_ipd_avx2_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk); -#endif - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_keypair(uint8_t *public_key, uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_avx2_keypair(public_key, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_keypair(public_key, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_keypair(public_key, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_avx2_signature(signature, signature_len, message, message_len, secret_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_signature(signature, signature_len, message, message_len, secret_key); -#endif -} - -OQS_API OQS_STATUS OQS_SIG_ml_dsa_87_ipd_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { -#if defined(OQS_ENABLE_SIG_ml_dsa_87_ipd_avx2) || defined(OQS_ENABLE_SIG_ml_dsa_87_avx2) -#if defined(OQS_DIST_BUILD) - if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) { -#endif /* OQS_DIST_BUILD */ - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_avx2_verify(signature, signature_len, message, message_len, public_key); -#if defined(OQS_DIST_BUILD) - } else { - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_verify(signature, signature_len, message, message_len, public_key); - } -#endif /* OQS_DIST_BUILD */ -#else - return (OQS_STATUS) pqcrystals_ml_dsa_87_ipd_ref_verify(signature, signature_len, message, message_len, public_key); -#endif -} - -#endif diff --git a/src/sig/sig.c b/src/sig/sig.c index 48a710e861..ad6a0f3e56 100644 --- a/src/sig/sig.c +++ b/src/sig/sig.c @@ -18,11 +18,8 @@ OQS_API const char *OQS_SIG_alg_identifier(size_t i) { OQS_SIG_alg_dilithium_2, OQS_SIG_alg_dilithium_3, OQS_SIG_alg_dilithium_5, - OQS_SIG_alg_ml_dsa_44_ipd, OQS_SIG_alg_ml_dsa_44, - OQS_SIG_alg_ml_dsa_65_ipd, OQS_SIG_alg_ml_dsa_65, - OQS_SIG_alg_ml_dsa_87_ipd, OQS_SIG_alg_ml_dsa_87, OQS_SIG_alg_falcon_512, OQS_SIG_alg_falcon_1024, @@ -101,13 +98,6 @@ OQS_API int OQS_SIG_alg_is_enabled(const char *method_name) { return 0; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_44_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_44_ipd - return 1; -#else - return 0; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_44)) { #ifdef OQS_ENABLE_SIG_ml_dsa_44 return 1; @@ -115,13 +105,6 @@ OQS_API int OQS_SIG_alg_is_enabled(const char *method_name) { return 0; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_65_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_65_ipd - return 1; -#else - return 0; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_65)) { #ifdef OQS_ENABLE_SIG_ml_dsa_65 return 1; @@ -129,13 +112,6 @@ OQS_API int OQS_SIG_alg_is_enabled(const char *method_name) { return 0; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_87_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_87_ipd - return 1; -#else - return 0; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_87)) { #ifdef OQS_ENABLE_SIG_ml_dsa_87 return 1; @@ -441,13 +417,6 @@ OQS_API OQS_SIG *OQS_SIG_new(const char *method_name) { return NULL; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_44_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_44_ipd - return OQS_SIG_ml_dsa_44_ipd_new(); -#else - return NULL; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_44)) { #ifdef OQS_ENABLE_SIG_ml_dsa_44 return OQS_SIG_ml_dsa_44_new(); @@ -455,13 +424,6 @@ OQS_API OQS_SIG *OQS_SIG_new(const char *method_name) { return NULL; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_65_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_65_ipd - return OQS_SIG_ml_dsa_65_ipd_new(); -#else - return NULL; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_65)) { #ifdef OQS_ENABLE_SIG_ml_dsa_65 return OQS_SIG_ml_dsa_65_new(); @@ -469,13 +431,6 @@ OQS_API OQS_SIG *OQS_SIG_new(const char *method_name) { return NULL; #endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_87_ipd)) { -#ifdef OQS_ENABLE_SIG_ml_dsa_87_ipd - return OQS_SIG_ml_dsa_87_ipd_new(); -#else - return NULL; -#endif - } else if (0 == strcasecmp(method_name, OQS_SIG_alg_ml_dsa_87)) { #ifdef OQS_ENABLE_SIG_ml_dsa_87 return OQS_SIG_ml_dsa_87_new(); @@ -771,6 +726,14 @@ OQS_API OQS_STATUS OQS_SIG_sign(const OQS_SIG *sig, uint8_t *signature, size_t * } } +OQS_API OQS_STATUS OQS_SIG_sign_with_ctx_str(const OQS_SIG *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (sig == NULL || sig->sign_with_ctx_str(signature, signature_len, message, message_len, ctx_str, ctx_str_len, secret_key) != OQS_SUCCESS) { + return OQS_ERROR; + } else { + return OQS_SUCCESS; + } +} + OQS_API OQS_STATUS OQS_SIG_verify(const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { if (sig == NULL || sig->verify(message, message_len, signature, signature_len, public_key) != OQS_SUCCESS) { return OQS_ERROR; @@ -779,6 +742,14 @@ OQS_API OQS_STATUS OQS_SIG_verify(const OQS_SIG *sig, const uint8_t *message, si } } +OQS_API OQS_STATUS OQS_SIG_verify_with_ctx_str(const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (sig == NULL || sig->verify_with_ctx_str(message, message_len, signature, signature_len, ctx_str, ctx_str_len, public_key) != OQS_SUCCESS) { + return OQS_ERROR; + } else { + return OQS_SUCCESS; + } +} + OQS_API void OQS_SIG_free(OQS_SIG *sig) { OQS_MEM_insecure_free(sig); } diff --git a/src/sig/sig.h b/src/sig/sig.h index 9fd97f27ce..0ba9da9d23 100644 --- a/src/sig/sig.h +++ b/src/sig/sig.h @@ -38,17 +38,11 @@ extern "C" { #define OQS_SIG_alg_dilithium_3 "Dilithium3" /** Algorithm identifier for Dilithium5 */ #define OQS_SIG_alg_dilithium_5 "Dilithium5" -/** Algorithm identifier for ML-DSA-44-ipd */ -#define OQS_SIG_alg_ml_dsa_44_ipd "ML-DSA-44-ipd" -/** Algorithm identifier for ML-DSA-44 SIG. */ +/** Algorithm identifier for ML-DSA-44 */ #define OQS_SIG_alg_ml_dsa_44 "ML-DSA-44" -/** Algorithm identifier for ML-DSA-65-ipd */ -#define OQS_SIG_alg_ml_dsa_65_ipd "ML-DSA-65-ipd" -/** Algorithm identifier for ML-DSA-65 SIG. */ +/** Algorithm identifier for ML-DSA-65 */ #define OQS_SIG_alg_ml_dsa_65 "ML-DSA-65" -/** Algorithm identifier for ML-DSA-87-ipd */ -#define OQS_SIG_alg_ml_dsa_87_ipd "ML-DSA-87-ipd" -/** Algorithm identifier for ML-DSA-87 SIG. */ +/** Algorithm identifier for ML-DSA-87 */ #define OQS_SIG_alg_ml_dsa_87 "ML-DSA-87" /** Algorithm identifier for Falcon-512 */ #define OQS_SIG_alg_falcon_512 "Falcon-512" @@ -131,7 +125,7 @@ extern "C" { ///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_START /** Number of algorithm identifiers above. */ -#define OQS_SIG_algs_length 47 +#define OQS_SIG_algs_length 44 ///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_END /** @@ -185,6 +179,9 @@ typedef struct OQS_SIG { /** Whether the signature offers EUF-CMA security (TRUE) or not (FALSE). */ bool euf_cma; + /** Whether the signature supports signing with a context string (TRUE) or not (FALSE). */ + bool sig_with_ctx_support; + /** The length, in bytes, of public keys for this signature scheme. */ size_t length_public_key; /** The length, in bytes, of secret keys for this signature scheme. */ @@ -221,6 +218,24 @@ typedef struct OQS_SIG { */ OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); + /** + * Signature generation algorithm, with custom context string. + * + * Caller is responsible for allocating sufficient memory for `signature`, + * based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature_len The actual length of the signature. May be smaller than `length_signature` for some algorithms since some algorithms have variable length signatures. + * @param[in] message The message to sign represented as a byte string. + * @param[in] message_len The length of the message to sign. + * @param[in] ctx_str The context string used for the signature. This value can be set to NULL if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] ctx_str_len The context string used for the signature. This value can be set to 0 if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*sign_with_ctx_str)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key); + /** * Signature verification algorithm. * @@ -233,6 +248,21 @@ typedef struct OQS_SIG { */ OQS_STATUS (*verify)(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); + /** + * Signature verification algorithm, with custom context string. + * + * @param[in] message The message represented as a byte string. + * @param[in] message_len The length of the message. + * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature_len The length of the signature. + * @param[in] ctx_str The context string for the signature. This value can be set to NULL if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] ctx_str_len The length of the context string. This value can be set to 0 if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*verify_with_ctx_str)(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key); + + } OQS_SIG; /** @@ -277,6 +307,25 @@ OQS_API OQS_STATUS OQS_SIG_keypair(const OQS_SIG *sig, uint8_t *public_key, uint */ OQS_API OQS_STATUS OQS_SIG_sign(const OQS_SIG *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +/** + * Signature generation algorithm, with custom context string. + * + * Caller is responsible for allocating sufficient memory for `signature`, + * based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[in] sig The OQS_SIG object representing the signature scheme. + * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature_len The actual length of the signature. May be smaller than `length_signature` for some algorithms since some algorithms have variable length signatures. + * @param[in] message The message to sign represented as a byte string. + * @param[in] message_len The length of the message to sign. + * @param[in] ctx_str The context string used for the signature. This value can be set to NULL if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] ctx_str_len The context string used for the signature. This value can be set to 0 if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_SIG_sign_with_ctx_str(const OQS_SIG *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key); + /** * Signature verification algorithm. * @@ -290,6 +339,21 @@ OQS_API OQS_STATUS OQS_SIG_sign(const OQS_SIG *sig, uint8_t *signature, size_t * */ OQS_API OQS_STATUS OQS_SIG_verify(const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +/** + * Signature verification algorithm, with custom context string. + * + * @param[in] sig The OQS_SIG object representing the signature scheme. + * @param[in] message The message represented as a byte string. + * @param[in] message_len The length of the message. + * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature_len The length of the signature. + * @param[in] ctx_str The context string used for the signature. This value can be set to NULL if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] ctx_str_len The context string used for the signature. This value can be set to 0 if a context string is not needed (i.e., for algorithms that do not support context strings or if an empty context string is used). + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_SIG_verify_with_ctx_str(const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key); + /** * Frees an OQS_SIG object that was constructed by OQS_SIG_new. * diff --git a/src/sig/sphincs/sig_sphincs.h b/src/sig/sphincs/sig_sphincs.h index a717a636ed..5b3e4f9274 100644 --- a/src/sig/sphincs/sig_sphincs.h +++ b/src/sig/sphincs/sig_sphincs.h @@ -14,6 +14,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_sha2_128s_simple) @@ -25,6 +27,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_sha2_192f_simple) @@ -36,6 +40,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_sha2_192s_simple) @@ -47,6 +53,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_sha2_256f_simple) @@ -58,6 +66,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_sha2_256s_simple) @@ -69,6 +79,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_128f_simple) @@ -80,6 +92,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_128f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_128s_simple) @@ -91,6 +105,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_128s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_192f_simple) @@ -102,6 +118,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_192f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_192s_simple) @@ -113,6 +131,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_192s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_256f_simple) @@ -124,6 +144,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_256f_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #if defined(OQS_ENABLE_SIG_sphincs_shake_256s_simple) @@ -135,6 +157,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_256s_simple_new(void); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx, size_t ctxlen, const uint8_t *public_key); #endif #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c index 1b92d96a8a..cc2f9dc230 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_128f_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_128f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128f_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_128f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_128f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_128f_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_128f_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_128f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_128f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_128f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_128f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_128f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c index fabd013849..6098fd6f90 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_128s_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_128s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128s_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_128s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_128s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_128s_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_128s_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_128s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_128s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_128s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_128s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_128s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_128s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c index 74e280f963..3d74bb4fa6 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_192f_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_192f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192f_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_192f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_192f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_192f_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_192f_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_192f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_192f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_192f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_192f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_192f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c index 6368233999..13b219a276 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_192s_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_192s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192s_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_192s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_192s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_192s_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_192s_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_192s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_192s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_192s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_192s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_192s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_192s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c index 57f569a2ad..25851e4b65 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_256f_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_256f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256f_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_256f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_256f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_256f_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_256f_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_256f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_256f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_256f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_256f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_256f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c index 6088aada72..6f564cd8b2 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_sha2_256s_simple) - OQS_SIG *OQS_SIG_sphincs_sha2_256s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256s_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_256s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_sha2_256s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_sha2_256s_simple_keypair; sig->sign = OQS_SIG_sphincs_sha2_256s_simple_sign; sig->verify = OQS_SIG_sphincs_sha2_256s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_sha2_256s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_sha2_256s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_verify(const uint8_t *messag #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_256s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_sha2_256s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_sha2_256s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_128f_simple.c b/src/sig/sphincs/sig_sphincs_shake_128f_simple.c index 11fb1091b5..e66ec651b5 100644 --- a/src/sig/sphincs/sig_sphincs_shake_128f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_128f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_128f_simple) - OQS_SIG *OQS_SIG_sphincs_shake_128f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_128f_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_128f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_128f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_128f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_128f_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_128f_simple_sign; sig->verify = OQS_SIG_sphincs_shake_128f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_128f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_128f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_128f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_128f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_128s_simple.c b/src/sig/sphincs/sig_sphincs_shake_128s_simple.c index 8578bd4d30..34ae16c29d 100644 --- a/src/sig/sphincs/sig_sphincs_shake_128s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_128s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_128s_simple) - OQS_SIG *OQS_SIG_sphincs_shake_128s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_128s_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_128s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_128s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_128s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_128s_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_128s_simple_sign; sig->verify = OQS_SIG_sphincs_shake_128s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_128s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_128s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_128s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_128s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_128s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_192f_simple.c b/src/sig/sphincs/sig_sphincs_shake_192f_simple.c index 8e1b152977..d99bc15908 100644 --- a/src/sig/sphincs/sig_sphincs_shake_192f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_192f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_192f_simple) - OQS_SIG *OQS_SIG_sphincs_shake_192f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_192f_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_192f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_192f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_192f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_192f_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_192f_simple_sign; sig->verify = OQS_SIG_sphincs_shake_192f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_192f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_192f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_192f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_192f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_192s_simple.c b/src/sig/sphincs/sig_sphincs_shake_192s_simple.c index 6ccb2bd5f9..3645bc5a9e 100644 --- a/src/sig/sphincs/sig_sphincs_shake_192s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_192s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_192s_simple) - OQS_SIG *OQS_SIG_sphincs_shake_192s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_192s_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_192s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_192s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_192s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_192s_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_192s_simple_sign; sig->verify = OQS_SIG_sphincs_shake_192s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_192s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_192s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_192s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_192s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_192s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_256f_simple.c b/src/sig/sphincs/sig_sphincs_shake_256f_simple.c index 29671454bc..25bc38f436 100644 --- a/src/sig/sphincs/sig_sphincs_shake_256f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_256f_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_256f_simple) - OQS_SIG *OQS_SIG_sphincs_shake_256f_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_256f_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_256f_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_256f_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_256f_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_256f_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_256f_simple_sign; sig->verify = OQS_SIG_sphincs_shake_256f_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_256f_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_256f_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_256f_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256f_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_256f_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/src/sig/sphincs/sig_sphincs_shake_256s_simple.c b/src/sig/sphincs/sig_sphincs_shake_256s_simple.c index 0cbd5476bc..3075ba2285 100644 --- a/src/sig/sphincs/sig_sphincs_shake_256s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_256s_simple.c @@ -5,7 +5,6 @@ #include #if defined(OQS_ENABLE_SIG_sphincs_shake_256s_simple) - OQS_SIG *OQS_SIG_sphincs_shake_256s_simple_new(void) { OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG)); @@ -17,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_256s_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_256s_simple_length_public_key; sig->length_secret_key = OQS_SIG_sphincs_shake_256s_simple_length_secret_key; @@ -25,6 +25,8 @@ OQS_SIG *OQS_SIG_sphincs_shake_256s_simple_new(void) { sig->keypair = OQS_SIG_sphincs_shake_256s_simple_keypair; sig->sign = OQS_SIG_sphincs_shake_256s_simple_sign; sig->verify = OQS_SIG_sphincs_shake_256s_simple_verify; + sig->sign_with_ctx_str = OQS_SIG_sphincs_shake_256s_simple_sign_with_ctx_str; + sig->verify_with_ctx_str = OQS_SIG_sphincs_shake_256s_simple_verify_with_ctx_str; return sig; } @@ -87,4 +89,19 @@ OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_verify(const uint8_t *messa #endif } +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_sign_with_ctx_str(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *secret_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_256s_simple_sign(signature, signature_len, message, message_len, secret_key); + } else { + return OQS_ERROR; + } +} + +OQS_API OQS_STATUS OQS_SIG_sphincs_shake_256s_simple_verify_with_ctx_str(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, size_t ctx_str_len, const uint8_t *public_key) { + if (ctx_str == NULL && ctx_str_len == 0) { + return OQS_SIG_sphincs_shake_256s_simple_verify(message, message_len, signature, signature_len, public_key); + } else { + return OQS_ERROR; + } +} #endif diff --git a/tests/KATs/sig/kats.json b/tests/KATs/sig/kats.json index 20bf93e658..b2f9b1dfd1 100644 --- a/tests/KATs/sig/kats.json +++ b/tests/KATs/sig/kats.json @@ -44,28 +44,16 @@ "single": "f2c1c69045c7d15e714a04119965e8a7007ef54f9293158587560227c97b237d" }, "ML-DSA-44": { - "all": "183bc0c4398ade4fc17b6a7d876b82545a96331139a4f27269c95664b8c483f9", - "single": "e6f3ec4dc0b02dd3bcbbc6b105190e1890ca0bb3f802e2b571f0d70f3993a2e1" - }, - "ML-DSA-44-ipd": { - "all": "183bc0c4398ade4fc17b6a7d876b82545a96331139a4f27269c95664b8c483f9", - "single": "e6f3ec4dc0b02dd3bcbbc6b105190e1890ca0bb3f802e2b571f0d70f3993a2e1" + "all": "54322d25c05b96941aec73eb3ee27a975d38a34bfb53ef4cb9fd4a8e9cab554c", + "single": "9a196e7fb32fbc93757dc2d8dc1924460eab66303c0c08aeb8b798fb8d8f8cf3" }, "ML-DSA-65": { - "all": "3af4bdd2567fca1016583f917067dd5624bba2df2210934f62b2f6127cf88547", - "single": "7225c4531086d88c9b7fa18101b0f78dda2d38df88812c65ddc1ae94fe3c01a7" - }, - "ML-DSA-65-ipd": { - "all": "3af4bdd2567fca1016583f917067dd5624bba2df2210934f62b2f6127cf88547", - "single": "7225c4531086d88c9b7fa18101b0f78dda2d38df88812c65ddc1ae94fe3c01a7" + "all": "47e1ca6d4a45e9853e381954cf97206eca22993deade3cade45bd9d9457c93f9", + "single": "7cb96242eac9907a55b5c84c202f0ebd552419c50b2e986dc2e28f07ecebf072" }, "ML-DSA-87": { - "all": "cfd95d8ff8b92173685805ad8e3380095e4991bb3947b73f4c7e108ab47c5052", - "single": "f5cb5ed44a261a4118f9cfd5d55b4210939cb5b8531968a10c37060551a8927f" - }, - "ML-DSA-87-ipd": { - "all": "cfd95d8ff8b92173685805ad8e3380095e4991bb3947b73f4c7e108ab47c5052", - "single": "f5cb5ed44a261a4118f9cfd5d55b4210939cb5b8531968a10c37060551a8927f" + "all": "12382114979d5b64436aebfe6db02d61c07859429233105e936752cb77cc585a", + "single": "4537905d2aabcf302fab2f242baed293459ecda7c230e6a67063b02c7e2840ed" }, "SPHINCS+-SHA2-128f-simple": { "all": "4437eb44516630184c3cb5d3a4392e8bb955c2bf59ad17ab3c607fb7b7285780", diff --git a/tests/PQC_Intermediate_Values/ML-DSA-44.txt b/tests/PQC_Intermediate_Values/ML-DSA-44.txt deleted file mode 100644 index b9e6612aa6..0000000000 --- a/tests/PQC_Intermediate_Values/ML-DSA-44.txt +++ /dev/null @@ -1,11 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -seed: 6CAE2E9C2CF64D2686C31C2118E0F24A47DD46DB85590910AAC9DF4C1B854E44 -sig_message: DA5FBC7F78116BC8537E8E522DFBB6F68710FC36AE5AF0ACE5CFA3BA4FEBF6C86D966A44C2CF53CCC4FF5B9CC4E6403CFF3C23B4F292AAC01E35A21AB11F0707726E88048DD05887448B870741FDCDFB4451E1216FA2F89D90D872B67B4BA546C8CBF504A46FC02036FB5B287BC82DB9E2D835802DDE3075C7B703ADF4FAE4F98840670964A1ABC61105C3B99C78609605E7F17CD262BE67F7E7A2C6ECC519ECDE8D5B76C21FE5C15859FC94382608A15C7E656AD8E0042CA649EB8EEB59B8E266C244591B265B672D4654C5FF28296707815C647DD11AB3148AEDE24E96D7ABD6C479C0C367B00E464804184140152063153EC3982987618F7D9BD9812DF3B95DDBC47D1F96C752C01B742255946461509EF7A7A67DA0123D670845BE07725D9C1E9F419B4B9133EBA36BC90DE45666C40EA664D93A16948F848CDB9688E116B00B0A4F03B26BB836DFBA93EA6247550FD983371E360F04C9F2793EB769A00BF4049E94F225EE035676E983FC9CB01D15EEB621CC0D4B840EE777ECE351EC66C4B28A36FAF02C42B24804E8126E3852735C2A6F6E201662DC18E125210C78197372B4787A8163ACF4B758921AB23ECC4AB8F3C1DB3549050E26F9C35594DCC1C27AE5999DB695A19681FFD9CD4416E0C79E3457C0B5144F3993E945F6006EA0F541B1C3F473D78F4FED4011E07D46F8DAF7998BBD4A9F5161050D9982DFF28C72E15D158A630B8972E8E2B70611C299BE4BD3405350D2FEB84C93E97FE4DFBDCA5BCC9B6708D7E542D7101BD8D5589BAAEC5649E1C9844C37C5DB0556BBB6B2EB577FB65909B1EBFA7F1590D53D98FC9975BC06F7AC581FE22066BACCA0375AE09DBADC8940E98A38B15FC190523FA6D0CF326D7495B5CC948AC994181EE0DFCAB11722E1B46AD6FD2065442D1FA06ADF21FD9187B55320F554B929BC795F367AFEF11A5CE4128AE32E6C1662D013A91456AD292DFB8B4C161EA7A4D5B43AF63BE7BFC5EEAB9D1E3198F441AD70DF9D6BDEAEAFBD0A293F1A6DF07339A4C34C7375CB6096EB06EC035777C22344912DCCF3D0F8DAED1D0B046118A22886299DA5782DC77487CA5FD0D3CFC724769D658131FA415672996CE8E8BED83E057E3AFE26703012DFED31C732D770FFC7FA55C59BC3FD68C34D00738FC9E3DBECCF4B695B99BBD6A0082752E3A95150AFFE793D8F7FF19BAEFF7744688445E7B561294371E1909035929D654606EED6BD011D2CB0512B1A0987827BB07F14E0E8F0207519DF24BA69AB788EFAB21F1BD69BCB14AB44AED8FEF80F1F63685C6A85100DA1671405F8D6454FCD7D5FB6656959AD68D3E1896C6EB4967615332993D4207DB6B0F5A6E33EF4B2494DCDBA368A052FB8CD48A9E215D30C8C9D37DDAA6B4F3080744E6861B9889E23E9D964F75C5BD5E1DEA98EEEA8E66C60DA73ED1E39115EE0274F2747858D5D644C09B5EFC978D4496A007DAC35F2F68B1F9A3B43A638F38F663E6124740234119D6E8DBAF933ED0FD5A02FEFFF7AE3235C82D90B2F8557DDDC9102FAAF8181E6EE3E9BCEC78E4C61F73FBDA23D4382E5050A0E151E3F51BC22347F9B1A19D74649558ACFF8B21AF69EFFF78BA3E83CEB9EA36D4799272E10F56D3C151209C99105A133B665EA51E4A245D37E7A0F84F5222E3A0401E67BFC1BAB6269CA4A87D3CF062CFFEEE0B5EE5FBFBE1029E93F46FAE68A91CFBCBD5CF8B78F122AF22A11E77095DEAEBC96F1613911E02237F795AE717301499936B440E07B32DDB09008276C9A5A314889E8B9ACDF32D6695AE2931CC29ED1DAFDB61B708B52F9888DA67ECED25217F1A5FC1EE7D482917C7C7E44CA7F0508FD3BC94BEC116A630ADB08DDD882A221DC5D2C60A2E9F2F849B3E8B5DF150EF753C35251850D0B4980164F8C07339E035D5B2EEC4BEEFB885E261E401BDBA408869951075DEEED3C7EE7452AB39856D240E954FC8A4BEB01A0F79187BB72DD2925E63B3DE9E16CDDC041BC3BE47F318DA6DC6A9AD8710B18883367E374DA58D97F00B1E75AC8D4658F04295223C8C4F61B2CF7104492DC7A0C6267F45B5A4A2D258239455A31D265BDBAC9FA6E4A1812043C9112ACD4240625F08B901263EC456D2A5877BC9223A6C483673BE5CAB8C32516AD5B956688A01374AA48789D53AE79E7FB109632969E45684804DAD54FAB1E94A19C2A9B53BB9079F484C64A924C9C940FE5A3ECF29C739E3826311E42B310CF75A47B932BEF104CB27FF35D51E3FED9D724D90A17982F2897E2FD09E555977CD668E67A34216637380B8720A593FFC4175BB27E293C652C2DD8C506F4D1F551542EDBB31EFB3C1BD5DE6315280BB04BFA53CDC2D38C385C04E9BDF389745ED394147063CE3639ABCAA429C68475F9D466321EEBDE9392A2A2A6EAF53FDE20803B76B0903DDC6C81874A81AC147FCFB9FDA970BA5D87E4C346DDB83B60A718882E16F256A0F13969606C43D84AFD193D7BA3CFAB875646401547458F36DD53C2182B36B84DE8F8A50E62921A5B011319C555766E46EFECEB239297DFBFABEF3AE370CF48A08BC073B1E16A8C840F2604F75F39B3F0F4847A445A15F0B946D423210BD32A09A9EDF4CCEAA6E90AD1379E5928B66BD3A02C5E2AEAB56E8987B342EBFD9D3C70EED3465D78F12AF4423319B3106AD8BDBD9AA5736E6CC15C7AEE0DC78A1FAB83015CF880DE6249734153F6058F567D648AECF70D1BAB8397879617FD6FB06DA1AF6713E3CE584B214742587A5D35C6DFD33AFDAAF00AFE00E1CB516C955DDA9E0A5FB78DEF914B532F556D7E72E9717BA49A2D0F9EAFB5F526565C58E0FFC1B55138C8DE7A9D6CC06FC9927F6D04440512163B58A236F57B093E80F3CE0F4CCE282ABDCCE284057C4DB6314E05EE0A32B5F20C481F8BA4ADF943CA1B0277119DA1BBC4EA1D24CF7E3DB4C759E98753EFCABE2FB5B1FA593F2AE2B7ECEA96B8E0E5B3FFEEE97DD6C50CFE8602613FAC2D71174984C2EB59E532A35CF4FB0BFD60B8CF7CA3E7D5C0EEAD822648533D3CDE72C787DAA412FC70674E95CE2F5BF58D3646B4881D4CB6DD96659BB1A937B24795B435A103C03CEB6AC85E8FFE9C495082A87854392BEA530D61A7F60B3431455DB85414E6C365F9721ED2DD4F7C8A37B88131F5B2FFB5FC4A40BDB12EACE61AA956F8724C99DA98DAC18F6D33DB5F4A189454C736 -sig_sk: 5AE5192442A0894AC775D84419BB7EDE9E8143A6E21CD709A47B58545EAEC7F59EAD08050900CBCF4093F9327CAD67B7600D9F8425084B6905BB6550F426F58B27B47C434BC194D466D83C14BF5ABEA249E05287EC80D1B56BD0824E4EB84CE1CD4CCD0DBD1BDE59106AE10516E1150E841B03E759DFDD930F6C7BAC857530451C438E128029E436491980441BA56913074A8A8831E084641A152C40B865C9A22100800C13828C1C080A84C850221688241100D220085302695B1881524812C832881CA970D91445A122221226449106800413504BA86DC126321C312288486280A64463C261C220220A210653C8910919925308200988640A3100CB9868434050C2A06C1830482138640CA80D03339254C44D42B29014B9500400220BB38D8C269010B62DCC481261980522A03050A489DA2225A120859BC80480129252906193985182B470584481D2806448C669C8B65164B6219C964143262D1294641887111414500A166D64364EC282095C980502202683C48113A20559B02D10090DC084519CA6215C8885E1088990200E11126D182129D422421C2811214611582829482830A1400EA4400A428040D0882504C72111B20C8A148123002C53B688943411E0448140044A03A4111B042C6330715204285114864B8004E3B649E4B831D13264D814094B468881424A01430C41388008478A20378A01A8080831228CB285CB880D0A13499C860191848D04A72192A80181248959964D0805202341511A36081012842407300A1820D39881E0164A0AA669A2462044240C54084D1B208C923869588428D1144E63920022C94DC9320800497111A28909B384234591C22452D8C220C810610106669B062959B24C11B38941149083886108C488D1462682B00D14B8685AB65080409119B38DE2A44D1A0161981489A196610181514106019B0804C3C461A1823010A32D21876098103190425252145293A241534692212332A1828D40286ED3288AA38689D1048E1C936910970DD4125184C891D4246A194609E33426D0A485481605618489124126C9B6281C2111A3860543C05158386121828C1835645AB68C04892C03422EA148065280910146852219205B3292E1440404A908C9C884E4928C5342400C181010064A1BC07142887010284D2241602393905A88455A186E618445400884139084D4406964140288006A63380E18362E98160C04A7894B964D04844051B08419450612912411B410E186895A00318C129097956ABE59E75ECDE4E7482F0BB70D6502309163C9467EA51E7B467C114BA884CBDF37291400166F7E2450D27C5A20FC1130192F1B482740712446605F49EA14E3C35515D05EFB062339E69349C7D416830F426282A4C0C0BF875B0F8D98BCA9B55BC1E199C9482A8D5CFEC68166F9545F54F3B0BF14B2117DDC6356966BE0DD3CD42FA47EEC9FE4058A0679F3EF50F7306EDF0DBC58D2020702F3C1F0B23A70C4B9023B43E7EC670EABB06869A3AA3D315E9606F0216BAFE585E0006BB6656E1C146E2396A44D3B545A1D722B6BEDD33B40433B7A9A0B91DB43A0AE280F57DAFF4EC8E534885C436A6745FDF857A093F9067BA95229CF52D0C8DF29C52736EFD4FA98FC4C71F6A94983F8F008F29178BB53CBDD56A045408151FBFDE28941F7D7446D5C2B2CAB3C418E04C851D230A49F288713F3E7221CEE86FEB67B469B076871A7CB576D423B5CE20FDDCDBC6F3BFE841C494E6D6050BE92AED653F7B387CBD662AFB7B01401609D66EE5739BC0E9188EF3F61B23F6402A8C60D6C272EB27E3C36ED15A7D95E1BB15C8DF6774170CCBF50A2628F1E80F3007BE33D0C5D86C61BD927BA3EADCF000C5B4A1BBC0889C42183A1FDFFDA0FDEC7A2CB5148953B3C428F1153E802B0E60F39EC4CF4108DE315B8870E80790E6B67799499A768A60F0E70EE861369F0B0110498B206B01AEC9C56CC335221E675F0DB77B6A2F9BE317407442F152D32E2FA57054C2F05757079D29BF85077E571973C5410743C679AEC39B51163A9B3AF4049647FA008AC5E304F82AF0A0F28E5CE3040C8D9AD6799BD4E70B7CA23F965FE96539EBE04ABAD5DF057FE26437FE44289ECF68807FD2C8900A0D3C5B3910BAAD7AF92BE09B83D0E16CC617607623DD8A2A8ABAE82C48C1B383C13DFFBC62CFC3F45B7A0150E799868D55AB5A9F67EA0D4D35D9D2EB0317768E1F67FFB8DCDC9A6FF9FAF58BC260DE56A0165900F4C54DF209CC148CB93469C59CE5D0576BD2CD40BB0D0A9EB21A41EADEE0039D603FC2917366B7F238E75E431ED7DE076E9E72701DB873D86F73A4A99A82538FDF5611FC42BA4D899BBEE81EC55E997A697A9591AFCC2425A570BD026CF0F3DA4999D0CE7C2238037D8077B3E13290DF420A41771548FF2C2D89416FE776481236B3AE22DD2A21EF8EDFD5E2CA526A796B568AC47B3CD4FFB0743771E647138AFD6ED35AB242B0252DD19862AC4DC3310D905FF68DB2F53038D176D22D350401857794DC2E2C1443696E65D7886759A5ED653F14D9F804FE55E45DB4090C0E166C01F1FA8AA939B8D83CB3B1B65ADF4B31656CB8D04F21452BF2B6B36BC18A8EFA7A0E4AB67479844DE5EF231C8E8168BCC252411E67EB3F6598176F4D6739DA69AB952CA12B7A951B2333A991477CA51E1183D2769CCF90FA87EA2C62DF0145990C787AE739D5802E9362E5EDF969DC71FE7D2542A4DD1EBF12A08240BAB3FB4EC2126DD0C0AC740EBA06CCA2AC6ECA57E4094ED4C818965105037D1EF2E739DC2D58F2554C40AF69ABBD483A896654C5A26668691A6A8C005ADCA4EE51BAA82DB5D7495E29FBDE6DADC67929A60FA95267A1AB764A1A41B3CA0C3FE03FB5A8400130E6ACE93197D3DF50FA789F16BFBE6B292FCC2E9C03C792473A70AFE13935DF76C2E5A2FAB154B5CC5723E5611BB363B621EEF74343CE19AEED62BF771DCAAE501977CD573A412F15FC8D294A512B7B412F462298713889F6F9E7DC35A0541A2A306CFB9AECFB74C0F94817AB81C804A0508718269E5691A24A2CFAEE8D0BAA69BB30FE04C45881485B2D67AD09D5EBB43A3508AA45BA2D54CCE4E7FD7B679E735A4D78E8DB1BB1583F1C91B0330D2AD7A80C7D2BC60DB220287413E9B4DF7F68E8A8541C1F1F85D15BDD51C6902DBA86A67B2E4CD86B92E7BF58724AC5A53219216B78BD1B50CFBE9B468A667FC6C4F35A610E7AECDA8A12DAB0C5A658005879E2608EA6549999DE0C396E2E0E19895E77A68356EA29BD2A1F24BE4552E679DFF66EFF39235183E26DF4D23CDD284BE2D9D706A301CCF33D0C85DAE62ECCBACC1503246B853603F68DB14C2E0B972BE2AAE6856BEEEF83DE2227AA876E5DC62636E2E95BCE79597E01A5A3FEAAFACC205AB09FFF7641BCE3ACEBDC6E6AC2C95276148543F2AA1A4E949DE5F35F4DC1048824389CB90910D47C7ECEF591BAF68D6A456B79278F356A6C34AEBC370EAFB722F0791033708C24A3CCFAEDCA515C6DC1B83B85251A2F665B3777E1805FC8F98F9789944139C60BB8AB0BFA34D3783599707BD44CC99D2E4ED71F31EF7AE6B8FBAAA4A5377DF40F8D6A4C1F720159E57718C78FE40 -rnd: 0000000000000000000000000000000000000000000000000000000000000000 -verif_signature: E98901A3F79293983D935DCF3A4DC9BA8966F70CB2991E6E1E5942643D37A1523FA43A15CC894A81285C4BD0E5063267D317BD1EA3E3A2F0AEA6BFAADF074926F5E522140F00CA40BE0C60D492C7BF420EEA18F2C922A0570FBEFBF07CC3D084793D4D07F9FAADF386C6D1C24AC98F153313FD1C5957D02C884B21CED24B3BC5148F9F837EE94E9FD03371342353D627FB43FEF9472C832A1DCFAD355DABD974AC185C2FF7A7CEED63124BA86696F095D419810E381FA62B66C12D2B75E8CF59B0CB76E9D0546D71D9BF154D0D056603666212ABE8910E60C08DF738EF0EE8BB794B35C6E47E7BFEC734A6451909972093BC17E080518053EDE94905978F397DACABE24A6C4194F0305C0F6839F8D9993A6F6948B9EF3984A90B1C3B2E9991449D1B1BAC5DD54A2134608851662F6F25E8ED9BCC65D199A770F20D2A28C35BC56500E4BBF0823615FCD07452B8A558F8146081861DCA6A6EE9E24C688DC7367BEA1E00181D8F0FCFECD8D46A607C08CCADC32499BB73A9C664CF07817C7D496CBB428AF3A06ABB3C4A140C681CF8A6B7216A64AC4BD3505E4AC5C08C076C9F34F7DF9157BA1141628837B0F3BE1064D3F4908FF0DFBD83426C90ACA12D8FB9C9F9955B5959EF6DAEC31140CE117D9448C813F2A940D54DEBF844E28CEC621CEE34A9F336C0294572CD03AE5EA6A9B7199C6FCD9E20BE47214FC0F7E0125A6D8B8C397CA9D497671BC41CA08CCC153AEE53ED7F52D678E2C1873D70ECA96AB6A43ACF1786BB018057F98A4311751CE6C3D8B0C4601A370AC792B081CAE7581AC836F0C0BD3F11D2A78EBC5E268F8D19355F3B4995B57736C042F1B7B90EA55899011DE84A2CD0F6BD440D51DB2A6BFD93E5ABE620BD0CF9452ED0C5F4EEE9B724B06FE1981A16CD14D554859ED4A1B205E4527B66085587769ADFEFC289D07B09CABECDB95CE52587B7BE95D6D5068C05AAC009CDDC7AB550CD49C66EF55A86EA04765C46E74CC3ECB02650797966A6F125DB780C3C507C2E2B4EEB148B243673FB5FD2865533CEDA9938821221A01A8585EF76086E429A80A99AE31A2A6D4541AA3393FAF0A092B3744D8C742239C18F7AA3FA258FEE01736D446785BB9C0086B6BEB05AE13BFE5E5C462A87C35CC5731218EF2AC902B4505A593457F553F8F4DA1533B2B144DB83963663C3EC991C6F834DD9C75B21E40D0060646E323468C1D44F6071B6135CA41EADD17F4C36FF21C5DEA01775FB519597D4F9DDDAB30CD63DB37E8F5C0620EDCBCF2C84595C8DE1E10EA2D8D7A8A2B7D45BF84C0784392E0C7FC74FC8787C118782E57802DE412A1E99D002C2793AA614DAA5685C5D4253FADF0A630D1150DAA8D8D54F4EE0F6081E59434C6664A933167C61262FE7A16E3CFC18BF9AC42C49C5E0F9928F2DEAE020F5E105BF247E4432F4263E6BE8ACE9D8D8269B215E31782DC83B0805538BD75503C2DB6E90E99741D120951598493176499DFABDE262A16F28EA1FD183485478BD4E906DDA0FA037A7061BB28C7031BA4DE21CE4B1F736B1DCB12ECBB755A1DBD11469A924F417383E0B0AE22739C8888477FBE24336C2551040B3F044B02F28D4D5C3CB4852871DDA6584303882AAD3DEC7D6436E0089F2E2E4F6E2B5FF628DC565CAAD8775C1DB24CE7FEF3FCD524821CD58E43443D1669F3E4DEB508C7A2EAF0AE8742C06C537520EFFC894EE1F58EA2D335E9B8986783CFD4E3687D966A03BE25A8DA8F8565FDCA33EF9F5E8444F0966F73952354A985B61C2A4520F7758721FE9E667EA36A746F999B6E1906747555A361CAB9603A68795B065CEAFE7625F3EC8CCD9589C9E4800AE2ABCA461734BEDF46582E2820F129E4030D6A2E967BE349BA20DDBC5DD04EF8006351EB39AAB145E0E5FF648491C016AB7CA26E5789BB184DA0824F699AF597ED6A252C7AAE5F60B0119F74C439AF414545B2C1299DC546EC0C66589AD70C2DB8EB517E3CE2485C0F13D96E699B0C7C3AE607619637FE5732A31DBDE4565A894478A00DFE78BF559E0E9BB65125B1CB5F1A1A221C9C8BCFA3D294646AA9E21F4EDA1825880FCB7E1A4B7F42522442697A677ED9F3777F8CB8BE61DA12BB182C3148E9FA395E95311C0C374698C462407FE98E188FAB09057099915732CFE16DD35909F912A42E2C5EF0059139DF8AE6D85FAB29B33973E40EA0C592B066859611BDE45C96F2397FC0FB5F07A2E8F2177FC2C8EA2E3F357B5617892B071F6366488D0FA27FDA31D674997BBE9B0234459EEE7E5FB606B405448DF0322782B55D5DD83459B55F6041E62D47E2EA4389A2A29F2C4FC27CCB0AB9907952C9678650C57C0B909EFA205CA27F25C13FCA3E572E484F0F7EC947CD0955C1020FFC6F1612BDA856C8E540E6A41EA9D0A84C7E9DC6255BAF32C3D135A299F00354463C3E1CC0B3EDCC309F8F046BD329A19F9B747828807B958FFBB7D6F05D77B3D354948CFA9215EA79DD62E0EA95BFED33F9BAB1B92623AE9DBD4512B4A4F6B8C08A70CDFFB6A91609309752707C04D183651191B1C3964D6AE450334E0BFF52F7E1B64273955056E944D47041CAEF51385F01F0ECA4973BF2A56FFD8ABD679BA6983161B7EAB18758A5BD62C61693BA3C724395F5FD69D94E242C6F174FB26E7BF0B089BDF92FA03C4C1E663C99F2E22A23ABC3810B0EEB6953B1EAF7F2207616400CF79E530AF203873BCC0DDDA656BCAE9FBED9B20F870877002DCB79FFCD2CA91266FC8F8EABEBDBF71F7032EDEF77C3FDBBA35161A45C22F1248106A4AD3B2FF1132A24891FBD3E79DFD2E0F44F4CD5EFD5D07BAA5ED8E13A406FC9E813460FAAA196E4DFAAAB4A8F686A59ED6753DE8A7DFF287BF24BFD60FD7A84A431F80D84062F4157A4B0712B89A3743C80FC0B5D8BA8D4A6A6D113C029F5579CAF30A9E458BEF1903A989753237CBC69109DC435121FDDD10892547F41EF4DA88F35CACD6F5199E9973682440ED4AAA0F98106CF86B30766B31C55DA18EA8C0FB67B0C937FF4727CD8FE157F6E96E73138F1BF394E7AEA8162CBFDD548F3F4633CBE99CF91A9364D4C93E6ED58167670DAED4358D517D9CD0C9B5F771EB2F9198F91D833CD92ACBE244C6888F9577BC8CB4B514E89C03DF1AF38CD355426A21EDA4EEDB8791B41BB13ACA2A5B6637B9985C1B19AC3D5004B177B8DB3844D3A7D0573CC2F4237A712D2D4F42D3429C13E189913EFD4DC4B382B8E14873C8FB7D3B885F208DAABDF186601DAFE85E02D2B47DA258B5D554C2ACFF9D12C2260AC96D5E150C98A226E212151A49788186899AB4BEC6F707203D48526F75848C9AA0A6ABB2D1E200181D2C5758606873777C85CDD2DBDEE8EDFF09162527435861626AA1A4A7A9BFD5F900000000000000000000000000000000000C1C2F3F -verif_pk: 5B003CBFAF3E5166A85F8A45B9C1A4533FF216FB226CFEB83A81A20EE6E97E540FE2E3C6E44262A8C344330126E881551371383EA34EA2ADEDAD1185908B34905B09FC1E1304BD96225F36056C1B2099C624E770227D1E7CC310EC1D24A8F034FD91CD01FFDE608FAFAE157C6589DBD5F63DC8F57E857844AAA44E0B644E5F6BD684239D145F3D45A8454BE4BB588AEF4245DB3A0BB949322987B9C40A7DBD37A4526363FDE5EC3778C1F72E85230187A9E7B35028C3EE5CF8AEBE8748C45D50E8E22A81E70494C11C276375A8AD230411DB26C8100F07C471D69095575F09A1EEBCEC4C9C0E050B84DF0D4F95E558B921DDFC8F26B2067680998E9C99488EFC128D5BF927ABA361FB5E9CE7CE32C0524EE88FBA0F3BE5A1A7C55AE6C518AD4C7A33C05E2956CFC8DF6EB2A81FD1EDDA40F67AECFD715E4E3DC042AA939ADD3D275AE72CA7EB85F0F0B38884D0D7DE81CFC8487411F8A84247B82B2BC28F76BBA2D80BB7009697A7FE729DC123D11E695E60C024FD31D5F94F5C3CA6B76A13B7537FE6402DDF86EA6D8D77718D03B32505444ABF4BE76C01FD43CC86CDD5736E469DAF3B9A239DE67FD4C4D99319B0BA690C424DA2F3E68831E5CDBA77B49F20D138A3CAED4EAEC8968F33169C3A2A7A28B39B875A6C18F5A3A7F49E6AAD46D475C99FA980BCA322FC69633B576B30E1E98F771412A1267F0C82653562F755BF39DB93090235870598E405BE0F8A58F033F19BBDF126639FB85D6030CCBF4666384943E7F4DF69EA767982D82147D8F52955EBB3D3A8D90664AE9B9610CE8A8F66454B2C518BE42853BA93C434C8D9E072726BBC8EACE2A218F6DA2639737541FEB2016E3478E3443442381A4AF18004C49198D2A87154DC6D8975BBE20C22DBDC1B95DEB7EB74E61E5AFF999833B746221FA13BC442F9F25C6035861B7A5E75615CA6749716E8CEF56CAFEAF04CCF6B824FBE295C55C2D796AAA7992C49C4903D362AB50AFABC4AEAF6644106ED2F749CAE8C970D4D49B79A98ABF6CC3933563E499C07B52B80F963DE9A5C54FDC1EC4898B7713630D0C6F4CBC84DC245EFCF821FE382E0FA855AD32E3B70D38772341C0C3000D2595F749E26C5EA692A0BD42251A5A9C5653B995EB6B83A2FB8635C0EC0E29F9760A4684591D0CEF71D46F529204BC56087EDAD2D37939040F834610B9BD3B616C87E43B49E8B38D21B9E8B936B4DCD90D73C12F3F6F66A111738B16A2EAEEF8DF66C61E78D29AAA2D1378DA0039ECD56CE7231A5ECE7EC2ACAC469A42B9E323AC420D86A100DCFB78B1716A0365DA724EE0EDC9C4E1115E3BE71F4FF0794A10AB766D49E11EC1DB556816627DD54BFCC22CBAFB4F2A2568192638B9789E3020A2802A4B90F9DDAA36F650546D41600B2F33A86B1B10E802EF9B7C4DD1975970A930B0CB383E3916728CE1E2C698DB19AA027CFB620D88840C51DF17657BEFD3240510D95A0B6C480FDC1A1346E00C195CFFA6BA7822625F9A47CA029C29858F07AC0A86F4A1D0792635F82C15D5DFB19CCC415A2B9556AD67B1806E8AF681827B1C465D8646B481A00B7AB68C7CAFC623656D2FDD9431EAE0171B96885140196EB7F1ED76BE72AB001CDE7CBDB220DA5EECFE8D341EACBE12878011CF85681AE8F4BF0A9E8C40087FF51692207C57E0BD3C1F45E90F22B5D139008CCCDF10795EF0858C5DC3F6FD9F78858DFCA5D81510A9682EB45D0E094DEED0454101B0B28EAD2BFB7CF1230994E03BC98CE986F4CE7720577DA9C8406BAEFCB3F2A8B9EAC2D1A5C598A076E52BCAF2951CF1D4339757F5C6C522C3BC4B93C71E47B639A6FB8FFADB117C191B4B9D0D9 -verif_message: DBAEDE95F7793725C9DB980AE6544EB2E2C4FC165C28A12B6EE675764F020C01C048BD0DC8064612E4B6858FB6871F71D104ECC4AA0FB27B9B79D1D95EF34E1072743826CA9E4AC0F1DC608D75695F1D39B5BC2B52758ABC11FE8BFCDAB36DA01B713B1434B9FA141ABA354EF1C50220757425B486682DF64FD3C584DFE147180657C15E6E21A9888219BDAEE8FD883A41177A6F6537F4DBE6809A0334D54582325C80119B6D4B37D45CDFCE93683FEFDD684F180119B88558D4737FCF1815063A06C0D0CC2F653DA98C272883B71BF463AC57A104F02C1944999E3788DB99F3F26D752F8D286049D0FBEFCA4BF5E1E5765FD0E3DDB9B72550A725DD96F2E017CC99937812D037FE476C613541DE88498A2CB72DB2120EA3232629709F551C4134372E58BD6EDF8366FC5F00DB38DF6E281962CB5C68FDA2CC4EBC135D438AE84E908E6DAFF39AA1A7E09785F8375D3E9950041679E86DEDC7398798EE624067A7D31E313A509E16BC25564DBD96F7FA811A6B5128819CB35396FD2BFDE8200EC146192AB727516FAD0FB85613B1C922203B4CC0617E076BDEFEA2A178DA9CFADC2044A89FF9034C23201F11D3C8B3EB98BADCB3E767812D8F71733885B6B6E13BBDE5811CA2DA120D8529FE5EBB21910E25ED49364F8E17EBD49901C0F235049258C97BD24186E5BC3ABE0D1FE6C448739760CC586BE39DBBF9043FAC6DCD5AAD1F5CCEA91994E75125F24DE6CC0495C2017EE37D35263294D1DCA2903A571D3511A1E38E575B0C1469E0B02ADA0EBE331CE290DB49F353C1C7ACFBD25C715D7B8154310B1042D73CC78145752A93B07BE7D1125F8B122A38849CE7AD7B69D0729822333DF209EDE90783CE95039E856002834F09BE1F41C213012B9569AB2F0AB29FFB084BE293B387B823F62E14F0F38DE03E4DE40F5A753C71A00DEC36750855A1771A06FCBD8B8448C67F08806812B72FD7C56EE3FCE1EBE2E2DABAA9196A2FCD9B4D479D553229D7C69B359ED53BD7132A2129130953F5EC0753703C202649F6D218776E6FB023A1188ACE6FDC49FD56BAD40D7936ED945FF0C5403F24377EABB1A3D97ADC8916EB8BF67B7C8DD0A48F8C3E62BF1A12A009FE4A3B3C6D7FDB87F64FA200285C6DE922BEE5C5CD28C0CEA9ECD6740C5966EE76C948195B626830725AE7D048955339A095DEEEF7C9DCDE9EE169B2FF233AD7213959231E74BF2132CC60566AB84806910894A0BD2ADFC562DBB4F64722280FFF3DCDAB54D5F96826DB5AF6BEF32068343A5F22F55FEA30A417C76B620BADA6A44B09228136516CBA30E70ABD4CDAA603A0FB5EC5E1268E47665D5AE9FF70468A3D19283A5276ECA45A847FDE13E3446F1F17CF057E581E071FBA06AC4321880B820C4E01329EED052A67ABA632B73896D0BE7C6DAFB5BC674CA11FAE0F1AF7A69CAE1C43A81733186902192F06ED2C73864D68B0584076353DFD8FA10F0556F8652C04520EF5712EBE2E4B9B4E62E308DB848D58106B1EB82FFA1DD6DF689B1C92C62C237200A38BAD10F5E622C9026329D48C0BEAE51BAE803DB0FCD68FAB0E0C1E00C8F0990D09D44DA36DE0C5B8BFF16D18E1AFCC465EDC575C9381334103B0098D209141F870E51D80813220A6408B4287C12228BC4403846E2A687A0DB1390BA6CBA6F0A16ADCE5E2EA6BF3FCEF7DE0DA0915638916AA437661F278A2652DC20FE96F84C8FB76612FA8B11D6E2FF0EACA6F1B1A4F680B4537471C24CD878EA34D725E6CB37A75F97DB8A4AB052518D798B0A8EC06A7094ECC524251CD06F5FAED9439299B0E988371E0AF0BBE7E97B1B601068BA3950E9F000D50CDADE4018A160A96ED4DB2FE500ADDEF749E1056FE8C6C9CA82E8D0FD9FA7F5EFAE2F196475BA73D4031E5BAECB0A83575D203D8CB9D6F49DB3B6FFFFA0864FEF2847BC36C3DAA3F19987B54784B84BCB8D5982FA6BB7145FA5BB9726813E24647D70C23401FB7FD4E1CA26D7E43E5FBA1E27FADBAC64D1B8004C201C7D29336DA4BAC7A18A850E42FFDA6E7C586B94021E3FC989864E2A40EF0233CFA7DAFCCCFA519FA6D8690D6DFA6948BD88D904BB9E6E9B9949A65F13D8F32F910C40A5410F8D71BCBF7B71716A73271D8355132776E6C56748CEE9ED6226FE340C704D1FBA5F58204AE56673C148B2C6C7D94020BE854D49F0E3FC5CCBA6981CFE3180521469E42FA3B458922F9BE4E23EC93324FD73BBCAB4C43C70E8FEA1D232A92FCCF4D7BEBA195D024C67A66E93F68618FAF32C943DB3622FBD22CF777084F54B638C774D6D3D8C91763C20693A92712456D42DF9D2FEAF0ADB1A6D9B4D500AB899A1AD2213A7008AA21E2FD7D00879FBBF765EBDC7526B8FA2D13BE83FD2717945670B5D73E96445A948AE028165CB3A73D3F2541238CF40C1B6EB26F33FC8F69D22BB899CEBCBB739BFD073EFC6993E221BA2EDEEBF35922FABE93B254C438A12A22E0BCF74D149043BDFECBCBB6EB1A55D928150F601EFC4DF082322B83C8395555135CA1936D690CF3ACFDC19E5164280905E3F3C5F62155184714EB9F61EEEFCCE338BC0217045AB2910F4E9DA330283CF93DB2D0B4EC2D81877266785BBB52AB0F81E0A06A7C5B736C1F58D234094F74DF7EE550C03404E9A192EE63163C079DF3C5ECA1214F20A2BC0683C66F22AF3F1AF532F5FD828EF3F2F9FF1724FC2BDEB2E7F706B2A219A2188D828D57255300CF6E29A7B992BED0D3BC532719B475A08D759CA7A888E0895683027D9A3AD3FDDA5F021E5193844382B1A963945AA49BCE0CF4231133C585807E0CA86D4779564801C05F2E474DF49A9C0AE7000D65B35B0896916CF18D584B24FC41A29AC67103A240025D316BBA272ADF68F06CFB19012F846DF8F5AA45EFC76B89FE08EC9CF0DFC7CDC63A392B83ABDD51DE93728996C99812052E83DA07DD3026A15E4186A19D2A7CA6232C9F54C886423B7ED35F9E8A97B804F401AAE8B3B7DDADF5D6851C4C4DD4FBC15D55520837123C11499A6F6B4C024F457C3D9AF50D7D82E31F433101834930C183DF8427922887CC36D9DFEC570C204E77E8C54119EA5D9210F82100E1C1E846F763397ED5DB39B7C086F3730617D91413CBEDB2AADC91C95B7997D45C8977D8D17E9BF86B97E3E388BBBFCD1264216C3BA773030FF49ACC1E79B2BFDF73C890E68A1EC42A638D2E5F57 -keygen_pkkeygen_sk: C8BEADEDC6DBA5BF3BECA52C67CEAFB4F3EBF84190B2CFA6BCA132883129A28BB149C045A55EADA0C519069A8EE0602FBEDA8D2EDFEA09CAE01D542D47DCBA1E75A821E4FF2B52A3AB3DDD0C77C3A9F96FCC9BE360C2B75C97D7F9DEC97D1BDDE028D36C4FE18093AF6C5794AD19F9FA090C19A76F05A7F3B930B11792A13A7A5CC0014B440814300C2225826042718A40620C25418B381163006402848DC0C07123434C0C80052323101BA54CE08051CB18440009100894291047281290292495652229722017210C2426990466610221002088DA926C4C2664E43822A4148689244809B4494B844D124270E1328024923009228854A849C14842882609941686C0104910B84101222504972911B28CE2202C83148E0BA72058C209D9848CCB129124C444D2320264002DCBB408D4C60121464AD430101904420B444D14B6881A85655C08085B284112080C10B48863A26D82384DD9042221412DA4A29084C62D0A228E42C000123524DB448423C1081997401AC25090B465D19241403012D8922814328499188E8A92851A1590634292E0282A43208C2049881083841A144D22004209096C4C4871618661222104A1C02D42484564488420826D802064043900E2306C138948E0802980160E0830420A1044024888A3122493A28DC8420D04438501207292381014B16089060C603230CC222AA0C0650047420C8040103331C9948191C26148846C020580E4886D8036208CB069D9104C10066258242A4834444430400316125A90649B4691408060A00690CC04089A86256336888C4266028965D2346060B80002341220090D0C100219363152A24093488ED2B601E2C820508249CB440D88882D601809A4986962B461D4C060C4206953408C2004229482095AA04D813645DB106E23824D14454120368010130E1A018109C010A2080CD2820D0B0200090352DB3265D3268DC41642001961188230C1C870A4A46DD9A851E2180462108E62240D9AC805CA026552986D5196205820104AB26D149301D9264C0C4905524071422660D4A40CDB844CCCB6215C36710C208159060C9C9868498080C3264913894D1AC26112C77010C73113108D4A082903B65150B490603262419251C8B088C8388DD8362C4A126C62302598A8088A48899C94900401069238401B1564E2A02DC8949041826024A270932006111005C82248C9988C8004219C98891A914442A21112426A0338699424528A107114A424CC206913932D8C0820D68932E6CAB4257F007558859915D3119DBA40D5E23225C1D606DDB7338ECA33285F893C62979505D91BF0CE00A4AB85E6A56400DFE3C3AC6DF1B46743FF5CB7279FC0FED4FC7DA7546B5E8BB48EF3EBDBCC32B2ED9F3F8E42B67960A10EAF01CD7C84012701895C0B43E5E74065B231167C9B19D7608748F662357FDDA261748EB44AFBC207146174D812E41B69B177DF4EA9E9ADA8C541845751F924342FE5B1209108AD57F90D66AB9197B135B91A64965CDB2AFBBFBF74688CD93032A82852A20CB69C26B0D5E000799B1EB51EDC006A4C73A6C555C1DB95B7F844AD8E3F08B0489B4FF720D35D9B0EA3E782D43016D4908885D749DA0BCCAE012C0E282E807E4AF842C4443A0527D62D769C1D09CB755ACBBEDC9453B08AB58F6AD4999495AA48A32801B5282123AD8097F8E3349A897308C59B32EDD7DC509E55B79AF2D7EF85E2741AD010118B1C242AEECA7E405EC3CCA9F951E44E82254DBA3CE2D8DCA0B1F8485CE1FB73EEA1F23CFD71044CDEF4CC05CF8FD134056B32E6524DD950E8AFE9155F5E309E0D9304166A0EC11E7068EE9C2AB61659709AA9CEECF7C3474E3061B9D580F9883021075A02E5F10ACFB20EE611E045DA345BA6A3DBBAC0456B6A3BBD00AC196E920560125D832514A80A68F0B5D32A5C062FD785ADB47C087A54AF90A25AADE3573F13C20DBD8A7DBC23EDDBA8C82177C7C9E3AE1AFE144343E9EBFF5D0D2F4AFFA2181E75BCE2A20D8055764991CFC45153E8DD19368307EA502F1E9FE9ACAEFF83F541F9D900749259F5F7FB52AC73A901522F200C48AE427BDB9D46A8655F5752FE7C0B3865CF79BD62538AC6D90C02CEF067E3A3F1A37DA28FE7C12CB6AE09037CF6BE78285CC38039738191CFA8264D192ED68D758718B90542A0C420C993AAD236600A787A11176A5328940600DEAED4473FA3E4E246D9AA629A5A96C755027D2DD7B42A10C2C1D8DD9AEE4529AF5F52E2FC3FB6E94E6E6400AC053EBFA0ECDC7D7B51336339AAC992749471629C487043853FF373EF44BF57A122B2C81629C2F530EAAF5FF76B42DE24D4FB51E87EBCCC15847F13E9B6AC5ECB4C44F83AB765D59A8FB9DAA85D13A80D84A2D151DC78739B54D754A89E88EE87331CD2845FC952716A684999081B10CFD3ECABBA346E64EAA328C510EEA170C7FEFF023926DDDD59C52DCDF1D4422CC9D55950371380397FF86260A31806FB8C350B12289FA0D7898CBC09D753CF2FEE8358D364304E9A03CAD19D10CF091B9E782650AA3B0EB6DFBB0D833EFD9DD307254211685880D8D4999A52078F4B5D338494FF450AA761EBDBBA4575581E6DD793CDF79FAB0B50C69ACDA5CA67D212368914F1B68B9A5C3F63C30F7ECCF8E34D5EA40D70F49D6A177F878821B5DB7337164E49424F29138D7DDC67AB91E4AAE157F395474B9502AFBDA2BD72D2F9551B0D3D41D55DF9477F5DF5542800D1681409DA49E30D4C05B38A678EEB5D78C6F602ACFF96C5BCBA08243D6138DBF48EBD4854F0D97AED1E9EEFB381016D873570E3B3BA942F17C2EE97D2BA99D3470DC73904361FAB66FFB9274B3939A15B75E798B81FF5E30866DE7D48276D572B71FD4B241B43FDD98E481C4AC45BF37D3C72F5557040E6E7FAE7736EE8B79DB8CDB3F976D4134669A5C716747D50E60843DD18BB1C540B92524C933BFD8E82DEBEB47AA964CEEF0BB5402F8A6C5DEFA8DCE7D3D59ADC93CF2840316F12124D36F451AC068539E3EC98B9D97CC4AF0330E733297BA72BB6BEA4445F54CF2220B297C87C4036F428850DA5D5097A54F588D9D0A393BDB16234517B2D512A796D95DA11513FFB797FF3000A272B318866693C03CC7EFCB5ED9FC51F2C5462E70F15124F983C5AD9627ECB46CBEFC9B81996E4C5FB0A8C19B71CA1ECFB2694D90746758F0AFF9EC625F0E10120428A20F92FC8FFBE955605D497FE0DF67A8F324C8CE22B3D2B026F632F34B7C2EC3BAE0DD2B30957633F977723FF4F2FF22109692A60C0B03C628A7290E3D6F47CFA73D64F914416C816B9EAB8EBF280627F60628CAD1B607F3B9D05860E48A632FB34AD55601F296D45970399BA2FED0E7EF1DFB031D792A192F685BB448A86791E11EE86DE1A789A84128A553856C69BC7E8CA59A3F8E93E088A9778F2FD59559BEDDD2AE1C258EA8114B0C2C3AA61F821ADEDEC72A36E941AF1ACAB8F1E073727E55F8B15A9BDF578524D7379E369C44D1918FB5C931487C52A1015095BDD5F72928A49F6331561393AD6EE55BC54B501747EEB0B4A0BC7074EED9CEF04E140C86F543A05C7D8D4B9C58DC900C11BCBCECAED16A3816D304A934C492ABFEEEC -sig_signature: 3202542EF1E239D32BE1BCE5AE4AC8052D578899D653E368E11BC11C5480BA06FED24E83A4361E358121DA338108794DDBF93ED0FDE9AD07C50F983BAAF01E985F9A6F380C6B14148AC829B67467CCF9F2A16D2594DB895BBE6774F4DF57DF40239AB2C2FDA9FF98F9B1A2ED58F405631AB0B2D62FE573E82961B1495ABB2A572CCEFF02696899A6778F9127E1249AEBC8593EB8CDE2780C5E503DF4C6D80C449225E7A96FDD199973553EC15D964285943207447F1D6E8575A38522270AC356E200C1260CF4B5AFF21FB5EB8DD724E79029084DB5E26C1BE84D19C5C0DAF7B5D78384B57D3B915E37492604984016721CD3D532ADB65B3E7F2D93196A04E05303D3ECEF7C5FD110BBD61C18AA94C4C1606C4D542C82A55B0FD7E824BCF900DAE8926D6C8C1454BDA5C5C4B3788B96BFFEBC2A771F999FD1A2413FCB5142158CE3A8D06764931E1F465BC5D9F8FA18867650A2074472C361038B5B7BE8ECDBCB65268AC7AF4B53AC3182B1AC7BB651AA40AD4310AFC80631D1DEE6FF01186E4AE1E1B1797B8A6281F8F72EA57B77DE4C17DAAED4EDB6F93714AC56A04B61A411CBAF2C4DCA9A01767FC5644647250ECD8BD20C2168042A61477CE280FDC8BF91FCE5C7C525A7A56555BA9644E6BF90C8DE121C31CAE7178F56B0B2A332661FFFF4457BC6BBE68A092D70065CFA5F1022534B317CAFFE4EE7C19FE1CB374FBB0B8497B0AFEA62023680D9E54B1782079C7E090EE27FC7451C030DE8438C697C9436117A21A68B0615AF126C1DABF41EC1E39A4E488AD8EEEA11ABCE4685B7B50CC9B6666CD831400CA28B443675E8F93107EACEE1B287CF85C6565EF3330D07104A72E69164B2F64185688C91622775AD7E27F563CBF45B6BDFF3D9A2A8619DA4E45098197B0E72F559F3B60D201C81CE35DD3EC4CD7F2970F44D2BFBCF28D77A483E887DEA60E0BC7AFF1F1C0B0E703253DECE61B981FBBC9441935840025DFD196A1E3FBE956BA1756AFFF5958806F76CF5DC33C1D7E9C43DF25FE21B689D4245550D1F84BD226CAD79E48AD242B41CD10B387270628435A398E9CD217ABD388AF6154EA7B584F44A9D00870968880E313A2DF84EECFA6473CA3CD444416E6950F78A8AAB03AF462E07273AEAFC2B18ACDCDF7F0162963261C0EF0184700F4348E81A21404DE8154B5A9FF7B3EFE257556A480A066A13055E4CC01CA4C4F13FA74A33B15DE11511BFA41FB2BD70D6B09BD9D31ED6E3DF746411B35C587EF37487D7B234C4FFC4FF4D4875CE93E9D8C5D68C079A066B6D07D895EB61977BEC207377903D97877A04FA70D900C721AD009E0512CE023ECC6999FAC6BEBA12BBB7DBBC2D2C631E45018477E014E1206D17ECDA5DC7AFA24E9650A6AAC21EDD94816100E411C5DC32811C7628A5D0708309B1E2A6D8400D83E370423E76DB209DA20B8F20188205BE7825A9318E5F75CAAA0CEBA4F3CA801074426968F8BC1935830B7A3DFC07D3AC0F0CAFBAF805127604EDE45AB5E121A798341E0C59CBC681E49194D9B6D24CE563E38F0425D145A31B799AF07FF0F4D1E4E50928E8DE470900A9DF217AD64771F25165987D7524897B1C03C6A2220A93EE2F020BEBD37328C0FBC0A751F9601AEC1878B866E168BE948DA82CE3A80DE14E0E599558CE1634947335F68262B4F8FAA55711AA91192E9AC3DE2BCADD6FE6FC40910E9AA060B23C2FBFD838D760B235BE7902718491832CEA6910FE7A712068AEC8868524FB90E60926B5BF3ED8D4A10726D78DD64F8C83A907F8BE398C990300119A29B4A7756146E77A3D4C352FCFE015EB3C033624C2CDB43A9C1C6FA803ADE04F7790DC15615FE67D176B6826094ECD6F189124E307BA001D7C769F6A2A88B2006F4E300E85FC2AE85362F375A8DB00F23B12E87CD5D4EC5D635A8C8E974D4D2186FDC7CD73A2D7DE4F6D45BD6B9A6C6F6C24E0953FD059DCD455F1F9AD7FE01BCD351BB7A28D36C3A7277A544BCC3CBF2145D1FCE6AA1F278427026B79513010A07DF441F99E6D36AF18DF7255E46A3118B4429028D3C93689C28F95C407346F27AFFDFB4548BF8D90596F5EA3EFF931E37903E8438B16BEB8CF4CADA30EAC62BDE20BA3D905AE77755498510DB493BFBBDEE2EF1AF7C57B517D9E9DCE3DC861E151262561CA0038FB9CB9D44C421B9AFB4C8E260B08B257437998E8E60904777B86B4DE3BB33D5894B66E7F7DD1437F5B18C4D169D910B2AE5EB9F114680C8AA5C9D6A56FFF02DAC97430D2AF8B1AA166374AF5A4BBBCA6BC7A68DCA1BBF09F578E49B646CD23EDFE7C9002320ECEB200E35244DA38408D6C1AB67FBFC8F4D1E7FFA1183778FA3A596E507A42FC99390F4B78FC53313725E8E70111798DE45160B26217AFB38E81C315ED732C63FCAD5ED861D5AE901E3F8E34A011A2066A432F016A5D7FA626A6B09C3CED3E5530380C990F754A038243761145A591AE814C4FEA5F62B8DB21DCFD8E37C13E8FD212893F0DA9F656DEDE606F9665B1DDD250E4C0C3FFD55B91E4D62618DCDB859EF34EC7D99F618DDC754389A0CC397697BBAC7EAEAB94F93B7348CA02BF1C8A039162BF3428D532C464A785FD793875B89BE8C920A11B5BB54A290BE14A725065CDF92F102575BFCFC8325B6595DDE6E81FEE3DC65FACFA6C20D6F96F365D0FC6DB45E4AA9F852CD6F4A2E2A6DE867873E5F5B5B64449318A007EBA3B1976FCEDF4AC097D7F1033D6EF45EF2261C1D8CC696CD0EBABCC31E1646F9E0CABBF65806969913CB4EF213924F27142E8067BC51BD9267F460B3BB2F0B69A97CB47FBC25E4DD56781E2AF1AD93CF4F1D8B9136D8F144D27D6D6DF6B29CE568865E5591668E8D6FFBC4185525D5486DE774615249790526F3F4C29A256EDB6DCD41500C0F37140F2114A9773941B8BB50606666D38E76D6A6CC7300F6A5184C428A4866CDDDF175F98AEF74A8243587C436E9646E284FCF3965DD6CAA444A0AFBA1C04050F47AA539AF3A4E5338797093F4DBE2BF7919C7CFAD9517C15561E679428D1768DB77632738C44BECDB3686D2C793A5B66384CE3C57556B59454BA5BD9E9EAC1E4257735860EB7B6478804F23FC430D411A4A6EEC4AF1EBE026569C68475083058E8574D4B33BE929FDE5FAB363D0DB7C7B256996815AB796E27D0125D41B05D229F8E532DD93089EAE920B20313D286939732E0BEDCAF328FB6ED0D265E33ABC9B7BE7B87BDA7FB94C8CDB1F0726ED51BD7323682F473B3BF68564F1CB7FE7B67F38ED3D5DF369C9171B30040886D5105945CC2E3D117203A425F6263656C858ADCEAF707212E3543465355575F7080838494999FA1A4B1B8C0C8DB2527676C7686A5B6C8CED3E0ECFAFB1D5A6A79909EABB6F60000000000000000000000000000000000000E26353E diff --git a/tests/PQC_Intermediate_Values/ML-DSA-65.txt b/tests/PQC_Intermediate_Values/ML-DSA-65.txt deleted file mode 100644 index 7ba88ad5be..0000000000 --- a/tests/PQC_Intermediate_Values/ML-DSA-65.txt +++ /dev/null @@ -1,11 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -seed: 72C3C5E0CC9F332F49D0FC0FD6399DA75645A3E33DBF56F1E96897662D0A9B37 -sig_messagesig_skrnd: 0000000000000000000000000000000000000000000000000000000000000000 -verif_signature: F7789A45A3587330E7FCF70695F7F69688A2B8D0CE54F090214F109F56484F98C3AD1A53A5441C2CA72A3B3191BC046F46373045B9E540C73DFE91B61F0588D613593FCE1B00EEF1B227034C6FD3B18B3F221110FB345AA78631B8B59FBDFDCCDAE6A24D259D34AABAD218B3AE4E77186653B8563AA6120A0A531A4E913730DC914FE5E008BECE6869B02B07FDC16214540D316C43FA0C211B41AC7E52656729C773E4C4B88ED311886DD4D275417D70196644EED15FA315066003E309F832AF91262C949011FCB0AD2CCE65DD9EFF567EE29CC40A6FE0664E7D9F236568FC94295DBB34288233E8C511D28815EC721032296E1EDECA7F726A6EB0F76CC5828011C0E4013CC7EE4329B81ECC0D52ED1E491DD6D55C5265665ED8AD219B894F31C68C619AFCDB7358E5554C495B8B6E3325688FB8C1A25331D57BD348A27D390929BC46A1496AB35B46BA61B6B9D23CD06315FB72C24776016130ADB1CF2DC72959EA9CAD96AF5DA996126CDD85B134CC927A51FD23F84791A3FCDA077E15991748A0394F334EB8BC48A99AB9DFBB0F2AAD6FBE484961D3A4E8F8B21A6AC092B226D6E119FAD44D8E576FE96C6CDB6840EA614BAFC70786C519E1D5DC0F984443C8B1E54F8EE176D98B2C7027F57D7E3DE9B2A0A36911B8E47121DE0C07EBBA5D7B594EF244C68327EC6C6D1DD501F483FE9B9570597E70DF413E7AF03847F409ED61E2846E6C641E6A7FFA79DE6BFA373A0644B00BF41A034992A794DA17C88885239032C851764E3E4DBDE7F12A16C5A263E964C1E7FDD3CCE576DD6D56B18182848B7563645D4E42FF22742A996785169D7F503B48A7158B3CBD29935ED32049BEA1AD953EF707327B778BFDDDFC60511DA113A34F655712E4E59D6CCE404E94ABA61E8135388FC21C8E41344F324B01AC8C069F92575D34F88BCA22CB307E37070063320256B8BAD6EB7A81AFE9A254016E1C8A125089AAA3EDE84E5B6C2ECFAEFAA52B9F5709602C06AEA4A0384E9B09E5B88164B274EA3265FB5152397DFF5A3A0861E2BC12D2109289729747E83FDF243A1D17B98348379845A9E955E2D6F938DAA5918E2A14F97BA2BE501CCCAFD681910F4A4F06715CE84096F37A91DCCA2A8A4BE8DA7921DBF8D3F4EFB98C6B4F940ECEF832B549D068947C3DFB5809CB7B060A3A0EF3B21C0164501DDEA7C9E5E7897C6B1C46348B2C3E805F6F2287BA158CF925A7BA7F08254989C87D24979AD986AA97C51B01F45D4A1F24752991F04205EB551FD02D415F2DD1EFF142B0D70416C6D815EB91732B268FB20D0867442D71DEC057B286CD93811FF3F646EBD565D51D09A42D3ABAAC0F34CC817B18938ECCBB1FEF05BD3C2B494FA529ED4C634C9325A48173F20FFAC32DC101E6EE03B2FCBEC2468DBC8F76758C3215474F7EF24065F79060ACA3C8D5D74AF70F48301DDB30C05DB3EFA726CF88555901841282AA08F666A65351A6A24EED6BE211773107E185E1B488A2E491B6C141528462A86494B54FDCCECCB6AA21253686693AE798C9CE9E0BDDC6AE53D9B706DC4F4D81B9C73C461ECD7035C5172EFAE5602CAF88C64E79E5324030555DE211F89FD424C338C3883C83CA9405C2B5D1445F7C98C43ED3D2BECBE25F5F3F544CCC5B5AEAE47DDF3FB5649FF5D61EAA02EDEBC75CE478BA00426CAF474FA79E5B089EB1A882F15354592695952BA0A8EE91E649E3F2C382264DAA30F6A6D217F6129C1939B6DCACCDA5B637326E8A8361C3B56FCFFC485036865822B9BB87B43510BCDD55BC350DE7B2AE90A21E9E19978EDA10DF667614A44FE2A84D16BE043EA8773633EA6BADF65710052F341F65CBE928D3962A5A2FE64E46D6BFB8FD0D9978F0423CBD195F72F3CB19D7EFD9EBE33CD2F5709A57807DF944ECE568AACA4336422083B0697B6AA00586E4BF7DD673A3D596B8618AC3B4061750C6BE97CB53753D02395556075A26F140B93F577DAD505E1CF2B551A04C98C7F0901831B3CA61D75DA793AC72A44C7A07F7DBBAD60A55F49CBD79DEE4739FFD36778EBD08EBDB79EC07A16239C5B921599FEBFEA46DDF966AA4A01512E610943F5DC54B4C76B764B380BF2F84EDE32124912F54F7B6E207B7381F670F7AA0F3C3ED1015740384DD61A9765EE4696EACF82EA410691805CB688903535D7046100DCC2BA7D8302ACB0430D506CCC1C0DDEA7111A76F45B454E25CDDFB639B3D664C36D8843513A3FCAF9E6057E9BC068237FE2419A2D2D90B4A1FC2A71A146D2BD04364C79B8EBA8E3E88CE11E916E4A7528421328CF54FAAB2B19F44468781F8AB84B7DD972FF5615071430A4374DAFCAE1E6044AA98E985941BA6B9DB8C02F589603EEB8BE90A70EFC088D795E6DA1F1F2E6ECEDD031D8199E65912D434D09BFBE594406DC1150E99358CEA7FAD2E7C44C38B6E0CEEAB9BDE0DB97BCF5AC99410C9470E266B8BE45F6690831F4145E26379DB807C26DDF91E309D4F4A3E7ECAB7362F15D20EA433B7E70A7DDE7416CEA871498B2CE3F58D29D8628C531840F022DD3BD2F3809B1168D38E63C7F69308A31A2D4D5EEB974239B34A62BC85E4ECF90C336A0C37BD9E0EF4266B835AC8906A83CF0B35138A65E5D9A61FCC9B2D5A337B8ABEF88A7FB3C0945D7CAF35611AE0E44693A5BCE0A6E2FECAE9BDF4E356D6536B581A18F03A59164ED5447C7EC8BD997BE953DED932535B5F438A04319F5E0D8B0FEBC8DE8146658E52B9759C73935B120DC9B854F3C8F94EC9339057D7D7CD91F7E0B98D84EC7B2F92328D736018B03165A8745F8E77EB8029F9782670CBD86B4316C7BE4A880338BACFB015699BF30D3A4B05325435BA5FA3B9D2B2FE0B519C2CB246E53D1A343D661A66143C6F468C5538645CC26D4E2A8703EC9B10FC89BE6F859997708F31194F0DFEE92998B25E93B97070DE14409D5BA43DF88D15C2FBA97BDDE618CC3FC042F7748184BA9EC9CBA1B2006881D0514264198FB691C5C038E04950CF69099377FE66BA64E21952A44581719664F5D92397D22AA7032BF589AF8ACA48DF6D14EB43CEF0A9C8A8F9AD329525EF0AAA4F9E09C3513CF029F3DEFCBB4114FA0F668DB4722FCCD9C207B66F109ED95B454BB6195D59C4A678BA6F5A9B234121AD0516A1D4123D3826D92A61B35DEB295BAA2FE1B5EE25021DAEF857B5DF192E175E3A2A0D3F082F211CB5BDC236274F86C5DC74C39BE97CCF5F5794EB64EC645545210FC667D1E0740E66CBEDC20648CA1FA73414596BA08917A19A463AD3027C81836B8F4F02B99FC5083F06F34BD2309C2342AD88A84FA96E207C0108F6825414944F264ED6C4667C788D61A6BC2C456AF66C2F769E16901706912CC90D4B6C90DCA16CAC8FFED8397020E2975E24FF4C807C8AB731C81D36CA84C9121A8513E0C9D0F41BC68F88EACAA35599FAE3BBA6FCC6528D47E40C0764CF9C8383B3A44515E61D92CDAEC9CB9082B5A0C0379460D9179A7D9DF29E0B4B6A4118285215E87B6F118E9731E466FB3FEBD195E144FD2037D116627579AC55FED5E32585EC6638A0DFBE6ED6C5876CF8114C902AEFA363F4C9B72E7D5C852DCC1AF2B8852A9D0F995938865084CE5213B308A9CB37F681960D84EFE1DF5134A5915AE5878B10DA0FD4D9AC2AEF0C7E01C2E9E7C017E7BA740CEE1A899459BB75033EEAF3190D6779ED9EDD846A74E321528C03084A5D30874839718A53549B2EC6B2B730AA935CA6E1C4FD8BE0357D93F62174EEEDF8DAB7755B46657E59D7AA00B9F2F85E4C0F77FA11A5D69A23B1EF3A09F219D83B1F391F841318EEF35A326367BFA2B15FD714032092B9D02BF613AFF7696FADF1DE2C817077CB7C996776D69EC241A24254DA2D13987691EAC7EBA8CD8DCFB3947B1D99EDF962D215B318BB5F9AA04D1C82626A4173D02D410C586BCA4E51CA4F3E151B54F17A6BC9677609BBAF6C3038A67CADA66B4FDFB51029E07807D705969D96C9ABFB7162E45810A1DC4B56DA1477ED900A89CCAC298E17884269C39E8D7AB966F33DDADBE56A384CA20A7B1899EC18E2AE547000B904E34E46801D8574DB008417BCFDD1A74DC018E507B76B0FA08626235B1CE24BCFC320FAE3551C1C929B94C7C4965341829D8A1347D6A7385803B08BCDA84A27EA5E49CA1E6006EA232A53EE417EC881D3328A156382A6B293894DDF9B369CDE6B2FF59CB6A564E21C9279ECA0311F5D80CE39B98BF90DB327F74D3F762D117DF5F9132084FFB555A5D147221AF863ABF78715B72194529A0E334D4A191D42A99BEA52ADA2C7CC4A9774D5CB28D4ED82B61F94E89F60F0C8EA52DC079D4658BF8C856D6152D92251948B3BA014D8BAF3DCD36BC71F8E5B2CE6F535B7B9AE13DA4A1EAFFC253BE43A9F608EACE733CFCE52EA5CDA8359DB53FF3AF2CEFE8779BCC53C24A4B18D5E0D781BECF75B5477473A2024AD56C54A7F990EF6B1DFAC501088509D3A37F1C8D5C26487E420B7F4358E9269761FF1FA3AFCBECAEB68F5DDDE3AA8FD078CC4224CEA67132D7EBF5D232E43BADD218C0B4DBE1E16529866B9AB935885ACB415FBB1EEE69408A521B462EC59CD0D3C5496D985AEB0CE374F6772A4E6393A4EF007438090A8A9E52D2F55666D70F0000000000000000000000000000000000000000000000004080E121920 -verif_pk: 6C8414380856CB52D79C4B29139FB1839B8606F5948B9D72A956DCF10116DA9E2D79770186FC74D942C0F4A3B595FF6C19804B49901C6AD5FAF71601C2B600315E1F40C2054767B00925DF3AA490E8C76F05FBFB74911075E6518C5F1D91B8A0E5B59830D3DF3994760411EBB911ED4CC2C160E3849A93762DFCA7B9812BC7AEB2DDB2767BEF36505605AE069260BCC8DC4787C428CB3C076EF2A6B93561D8943F45CABE8F0553FF2EA1AC95C1CE21593A175459D7DF12C4070ADB0EEE55B4ABAE59BE69C3FF0DE5A9B027FC7D8E6E057B7152EE6AB480D105D30B0F5051B60C7901C525C4635FE668CC00E9D3097DB99D66323715CE4F0B79B426B4545E09F4DE39323DD14CCB0D17108CD46DEC6138CDFA2872C1C4C8AEAD5C8CE04157E553A37558C2346A06194CB50B4981BF4D090CE4E860126A8254A4D4C084C3E2020BC0753521049B0FD88997E027AC51E75CF1350C3F303A0ECE426487153DAF1FAAD6808B9D9907DA9F35185BD3BE8D9CEBE916CED1FA2928D885A9CBA88149703F5E4772E48523125DDD026E714C49F4FB4E544BBF617A40B00B68DF8F155F5880D411877E25B42B2448B36BEC2F1F8F9A770C545150A0278E9B724500AEAAEA471C11CFF04E30EAB2F473BC048E32CD31AEF21579B699225BF9E1B6700C57E509FCA1F236294A5974DAA15FBCAD62D4BDDC4532B2614144DBE28807368C281A770EA22B1E5A3FA5BA14926DC55A54F84A2A77C5A70841F07BC1DEEF7403B247AB42B84ADF141E030C98468424DAAEB99D2577F950C2373CCA1E2DC2761B8EDD6D08FF79E528880FFB51C36ED420AC5D50F2582AA664E54EA5F4189EA0176DAA6122F6235A70B15CEB4DDD65D3BE6EBF3DC43189EE0A2E3105638F23873695280F1B74274352D60A48E5D3DD02FB7A5ED83FE27A698251421C8E9C98806102396E537390ACFD8C1D0B4F99B702A9EA659878583D92758941B30ECE507C104B2CE487679ECF68B4D8B980698ACF6AA6A57E8ED6AF3FF18D2668950428B57D182F73BB49B9B038CCC82D561278A386D56645EC3FAFFB4125E0E7F36B48B14B452547A0B481AA6B334229249153E42EDF7E49DD6E7636BFC615A23A401EFD4034C81B4DCEF027D344DDCCE0A71618EB5910CEC62228819385033E8D0ABD493D983E4FC087D72B455E4DB63A2F82CEFF65C1E628EAE630596DEC27FB98B84DBFDCDFAB40E472244914AFF179326D542D401A3CBB86E5FF8351EFE53A73C51ABB63FF553E7D7957EF89135E0F5BB1BD0C24F9E45E3236413C60E1396A47567C9439510F00D4A43C149A5CCC04F3D47E67A8E294A461A5F693DB0CAE22CFAC61E853477D339A4E45F7B17C3C116D56F3A068FC5ADFEF38FF85332BD5153C4D8FB8F148F117659C2EA94DB42AA0B0BEBB475A110412F3CD3349FC1AD041B7D5304A8593144EFA3A361D1B0C7613B82C086EA7126E43C616CEE8F1444E9956E87F5CAB95C7C7FB1758EC7D97019E5BA93543EF3BAC1A174299CA48BF7859DBFBDFF243B114F6BF423CE98B4D4D091DA44F3274D573FDC904BD885E35C9152A65354888F11ED4F3D63F26A7BE2F5726EADAF48586592BBDF6CEE246769E0EDA2A80771FED347D67AFEEC68B89463FA0496DBC15C89E8D569983D1D674733F2BF9DF4A980EA8C5E3AF15560A0E28D672B580AB6552ED76AACB5F80260B9703769D33F4138ABC10BF5B0582DCC62DBE58C890F51B4100127734FB7DB7447A720AAE009D00BE8C610792C64F131F2D72115C7E058E48B9DE64F55B4D610C36D112716A31A3DFE26699E9C2ABA05658CEF1B2B0867CF8D5233DB74FA8DC3AD145F5D28574360A85E3B0B10AC0A6467A7B05984628ECA10463F348A3111E00578D3CE5480F5375A1EE23EE82087BAC41233A14AAA724734B1874A4ACE1133706258F5FEA3A0C1609E30C7FD210DA0C4FDE9162DF66FBAF792FA2AEAA512F0FF7837B9CC02EE9BD95539F001BBD60DD8B42D616B2CA95F3835F5E47D43B1434C4563FD81C15BEFA202CF3D9540873F684AFE19AB5C01FA92E95A8CD6F360730856E59C9C6AB770D6575962AF75878572A2A26413D01AB318C100DFC34DC1DEFA5927C4B459925D73E1EB91470E37A58455C22A961FD53F7D99026FF884BF4A2579F706335EFB6FB2250D52AE561898BA1606E51E96D37C9ED3EC6CFCB33BFBE9C3143FD3B6B334D5F61922B369AFBB31C3E6E9B5F3AEBF95CB708346FECF7159CAD94A93D8CD4B8C4894192DFE53EA436FBF3AF4E864E8C3991EA020A811F0AF50B4257436A3FF522BE7367391D0F950BA6452FBFD8FD8728F40BD2FCB894529985B432DFEF6230EB4DEE737A8D10A3BCDFB763E0869B225C1A8D0E1FBF2D161C2C65D6DFB958E982D11777ACBEAD8DFB6B1F5EB21EA942F7C40DC20D2E4EB3E729B4E29F7501DA34234561F6288812D612D41DFA83C5B8D90FF38BA548201B575B5293AD78120D91CEC059CAE2E76A9AB43EF1281E2BEF3E348D28F21947C88848960459489775176F8E40EE06427953687FB63E470F7D59FB60DF569F8A11E28E0937162C46AFC7D2210A885FFA21B3DBF5354B2941F4ED5D50790890840CC3B973D2C3D02602B29BACCB6CE17CEDB97B085A2AB310572BA7371D1F8120FFE37D0B0FCA35AFC5B562AA8499715A299CE059CCE3B0D11CEF0D9238961AD4BE11E9A6D1A4692177C8B0C53F11A8ED2650212E7A2F80EBFF6DCFE4672103658434D0327ADDCD66BCB6 -verif_message: DB8494BA19C4118FB15D0ACF4254FD37483FCF4748FD1844F717CE6F69589E61772CFEFA7F9758653409D4EE5A264B834E60D6BB96499EBEB2B06B0BA874BF31E641394CFAA6A2D30DDB8F045876208D2F51DE15E205E8C91B87ECEB05FF3183271B2649665DD3CC49BFDB998D539DA809305516BBBE9C906021191C5223E525A8FC3616A1765EC3F9C5DB53CC337E039F186ACFEA91148EE2A79CCA3689EDB62AAF28B5D752FDE265EE5280B519726C1CA9803295C674B7EFAFA4D61B306A79E3F6E7A887C2FB535B3B0FB3D9EBC87603EAFEF170C1F1D28E99BB -keygen_pk: 88C93DEB901A24A945FA94AE54DBAF46D81CACA943FBE320421C61B33204849F65E833B5EB94C60E74A60DD2C8EA1DE7FE99609355875FFC400ECD83F12CDDD1B015AC750DF7759D3D0FECE79542F12BE30A473921499A927CDEEDF9C62F0A755835B9FF464040EF409784BA7D5091BC92C7A0C623DEC017E95C3AD43C865B595D04091629A56114A3197B0A2117E9ECC8F3E48E1E9C772BA61E5AE3138189DF4A9E149291A6694ABB1005CFA8ED766DCD8C8CF72AE9C45503BB7165B84140B0CB5CBD33FFC43E6384CD905995B5A787FE484BFE17D2BF30250F78BE5CEA26E201FF1F20574BB677F4D208E7C5B96CABD6416EEC1E21E0816F352C848EEAA47CDD8E02B47158BCB44451D360ACBD9DCF523EB9694FD5E1557DA8F2BEED0A0AEE52E23AEF1BEB449D913276E88AF188151F6876E4A5F570A240A695B06E4D60132DA2B62F4CAB5C881F7277ACD1DA48687368CB8ED49FAE2A4B2E5EF3DE0260A731D659A3F42A19F466C9F0D43A102B129CDAE4A6BF084196D6FEA7EEB38336EF1F256502EEC80A492F0A4F8A182345CC78978C061C563D03E07AC6FC2A1CF5CB8D25C04887E5D11391E0B3CD1DB105C7345CB3C826FF058C30E0228C3A857B7CE2F064A508AE80E33CE2CA82FE36246D61578C52D69A8F8B844F997D8B4A3341C9162FF5320228DD59C0911FE479E72FF6AB43F4A7B9F805A86F984512F973D091370F681F49827296964341ACAED3E311A32BEC5174A77689A4921D029F21F6C40EA55F1E73C1AFF2143ACD3E5037FCD5B311CD825F3326710C3263A0CF6016D9EAE3E50FE2575E0AABEDFCB3495B9E77764E97A263D094806FA124A8C153E5975D35FA42597683C95D838067028EBDA97658E64478580CECAA772EC6CA319F11803A648D6AF0F9484B1582DE0C72AF6C4912EA7915FFEC900A95DE235DEFFC4F754BED724E3612F0696A1AE1FF05E8BE2590029CC0D34EDD8398250BC0D391DEE871A54F15685D9CD67F85EB1BB50F39A8A19415F863527430F4EFC297BC08A03DB9DF86D24C6D0F63D0399D2E86426331574D1C6798FBAF4633CFBE10B17890330965906E5F8B01DB125C0FEBAE1F3A498F45BF243267D9BAD096AE0F9C159A2B4D11BF6ADB35AA7CCC3A17E7CE14B5648281F856DC7D29BE92F560C105DFC2684D2D5D16257E22DBA99C93002BE24FC145440EF8F77B2ADAE7EFD6766200BED5AF94FD9F23ADEB7EF3F3E786E5D5FBC83F09120BD15935DAC68847F507E4561069915E02A65396ACABCBDBA9481227C0261C7FA80392EECE162FAF98E7CC5356FD0ACB3F5F9B7B60EA43664D053CA41865D068854AEEF2AD80A5626DF66AC0032B225197D52C7A55F6DD56D375A44DC234E355E6B7F100CD5DF2E307C20C8EF44C77976ABFC4542A0EBFBDB79AFF5E79B49A3F08EE63C0F78D124B621B7BF4BD3550AD63246FAF748C46E94091E4CC1A981B41464BD27CF6EDA5DED5E92C0A838E59E2EC6FD20C02590EA2807E1BEEBAA91B5A5F0312543F6FC63C0B82241532D2C497ECEE54C0E65E4F93836A8A690942673A6C61113966CA566C2CE9606BD897B900D7661B9A0CB5360C0A8D655F7A5D999136AD8ECDDAE06C11F2144DD64529B62CB1F1294DF222BFA6E5780FEC07FBA3F7ECA86B593C2611A745BC206FE307D4103A3B68D3CA41A77295411D44853B08F52BC74678E6C22C1700764564F3A391F787FF5F97A950C72F271F493CF64E808925231209B8BE77C862C77B7C04C3611C86397AF49DAF0BAA4EDE81714586C0A6C5210E46AB49AA56AD0DC86B0207E5A2F8DE9885B84076C310D09CE324E9CC275687B054A0B4C619760A5F3C4E73A61CDF37C276261DB1E07F5361044EEC1E69CCA9BD48C3ADCF680B9E47D15A2F39235437CD40E7C9541A06C0DAB13A30294338561FB326E8275ED2832F77D95C63915C069FD4F59AFF388458B9B39E4E0E24C9932477DD52FF83DBDD24F2B639FF9A32156673DF051C35B6F4F32F2178B2ECD09E7E9AFD4B62DD5516A0E2BE2C895387284BAF828F886C0CF467405B0A67FAF76E4D1AD93311C8AF07EEF16F1729F60646F3DBB92DB02044F9FE563338DAC30EC1658AFFEAACC7BC4212588C322519B3B90B6655C2EC509C73E99E4B2750BB711BBCD39FBDC5399CA93EFEEF0CE82E51D08AC350BC0B5E503835EBE1B6F84C42E1AB43C9D886D14AFAAB89A0BA4A7C949B9D115C7F837D7495A780103BE8BE9F514A349703FD0E418DBE88F227880CE5B2DD54C0BCE1FF6189C3CA89216CDD230D5987BCD46C3B6C2DE7EE54B7DC96123BAD7A9E2F926AF1952F424F39C890D61A9DA8CFEBE177085D1A8760876F68648A82DDB799951A101B828F57E0CFE0FAC6D9085962CF45113CC5BF6D7FC2ACBCEEB556DF2BC3D2FE67A863312134E73E506DA9DC78B7C94347217EABB73E2498D5F3A5297F1859BD13748CDB3B70E51971CC01F05B04EB080228D5959CC8FE5961A02092EC8D0A4D16806EB5D60864C3ECF801244294022A0823873DBE8DFB6D06B6BAF69CDD107C960AA4B2C3536BB442461374F8FCB04832648B60032864FA6F0AF76F34355B9343DCF3C8F99FEDD88CA3D83CAD67351B4562064EA1325180606362D79A76A1B3C676152BA80E82B843D85D537ECEFFDDCC95B4661CFA4A70B06F924D692D87E1FB8E1CEDD85F7AB9324FF5D0A753D862591BE239ABC963B50A7EF870B05F2721215EB90A60E466955D522CA4216944693546 -keygen_sksig_signaturediff --git a/tests/PQC_Intermediate_Values/ML-DSA-87.txt b/tests/PQC_Intermediate_Values/ML-DSA-87.txt deleted file mode 100644 index 03b881831a..0000000000 --- a/tests/PQC_Intermediate_Values/ML-DSA-87.txt +++ /dev/null @@ -1,11 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -seed: 6DDC6B90E85615F0B14B4404DF3980684561530D0836B13E83E3D0FCB6BAE3A7 -sig_message: 802CFBC8E848587F98DBEC233DBB54909D07F8618BCF2FE7E858FF059742251554A5CD255AA87FF73D8327DD46633397926362B78C66B289E30E7EC19DB39261FC7F6AE86D8CAEAD185A27363A580F75B3D2E9ECA8332FAC06D08F7A7FFE386AF28FF78FB32352071DCB8AABEB29C56FE0DEA9D939BD8E10EEE39C37BBE4580C8C5369591ACA24C1F8AE9DDAAC5696CF05E1D89D71698816923A912498B8869CBDCA80B1F1B1B32FA4BEA289471C2573EAC36CBA4390F7FBA389266EBFEF3934F1BF6BA92536C65DE59D1CAEBEEC5BE972CFB0C7E4FF45B51B805D64B72A7FB9E693C76C2A7279AA0A27FDDF344F6636187418F0C7B857BB0953B67F919C79AE9088A47E2CD97CF2ACD2D665236CAFA82DC16966D98ABF04CB20CCCA0859A90C007957EBA715AA56C682F1EE2026687A024F1A713E688093571F830D60346776733F14B344B5544487C1C74140EEC00301CAED1A4478B235A03FA1919EEE7A6B65502ECAE4037C12B93B8C1CC6C5E4A5FC1BC0592D3116E16E4AA4FD19A2E1AD1901F5D891A279F158B0F3A61D1FBF9F8DBA0F1BB032BA0105B0E21BDF8F0A2A413B4EDAF7DBA61351E1E97A1396EFCE7B0A6B453DD189881ABA27A5A7746A77946E5A075092C9B283BB8800F506C73326B8FD8C58CD143B483225FA630969408FF62EA5DE9E2F1D2CE20E8003F43A99A197EC9AD2E2AD99F443B20D03888D1ABC89ABA4B11CE70B4FD83FD76D16E217E3CA687897270FFEE03CDA625809F31336D6EA0578AACB860CB674052E5B28922AC92B8C89B1CB17572A74D6265A14483280F3446520EAD954BD327DF6D275E59AD9CA389C6390260B0D9E1EDA0DF517122CB77A818F802ABD3B61A37B6B4E03CD732B1DD9274A5FF55C918BF8F582B95C4ECA7C2B441CB1FF501A5831A90F7B8C1E2C2440B4BF286CF806CAC55E1A464763FD0743B32305991770796C5C0D1CDE024CB1708C5FCC49442B5CE1D599E615781B47DBF1695259E03CC2DC0A424627F369748A3F3246D9A1824EDEFCC2919838C1C5845A0921956768B9DFEC8BB320F8BEB2E72B03969F1362DF33F53E920E12B62AAE258679526EC39BCC2608068FD6A4A7F9E406D439EEF46969BBDBEF6AD5AD85CD648F0BE4FFE62990C8589523D64816682BF3C7E0983321D2272C9D76A218C468149092FBAE8757E5D1E152A7CF9396B7714E013A8234B22026299945245D89803F13A94DCE5DFB832FC9CC646E42473177E7B61B585A7D11A195CCEC39ACDFA40016ED9C3E161A61BFFB3739E05A371068B8CADE321A2AC1ACDE72C816F1B6373C68AA457686BE571745BD30EAA42264AD560F69176D58769CF5420A25DF869D4A1F1B3EE800DBB86B5D2AAEFC9A24001105758D02F8885C94502259B9F3072A65394B73F40F1C483AF92E1A69143B1C305B5A555DD5668504645B470487BA105CD91B3687990D2A413A78BD905DB5EF7A09C679A6C8AAE2D7A4A8B2FC9EF49903C748ABC3F1B72A45A88401AF8349EC12C4D8407B3A76F935F2FB09C49CCAF2D7A66808B103D0D5AA05AB431E805113A944451C3FCCD785AF6539F859A27B1B41D49C5E057835CCD21BDDA0C1A4A748C39F8E37ADF41DB811CB2A027FC39DB2ED4E3A98C1A0D9252FBC103426EBCFFBE25752D5674C28AB7FE18E9586F1FA782422784AD31CAFF5EFED0B0D694BA7F98E492B9F9364E603994AF55AED1486931FA4631E38EA7C20798182FBBDBF08287D8EE51B2D4724DF6D625580340A1E40FBF35F344C48924178F615C48BD529EE0302043559952A01F6AEED6DEDE1479C06B638E73F0A3A5538598BC958E46E68D4BADC6A0EF2743B1DCB874082D03346D2EA9FA445D006621B23998BE5213D5E2DB4E3A51039EC1EDC16F5C7098AE20FEC3495C3B35FB9FB4F06B267F01FD79085036D5477D0CBD6C7CA513C4B68195F7D63A81F71083CFA2DE23270D588F8641D443C9A23642833EDDDD4600D5EB138CAC283CDE3964C2C49932ED6019EA56976DEA8E39AFFCA7CBB9524C54A1D010F0BD58F69AE6D77DEFA0B96A7BF532CA9236B514CF12DC859F14B4ECCE46222763743CFD8966B0A77C0585D79CA6178985DAB8B61355DDCF9971F204E1C01460DDBA43BBBA92B1F20E9992DA2734F632DB4CE9FCF279B1ADB3F47381EA6454ED9E04F6EB28D28F7F12B99D0517129FE641356A7F7B3AB15125038C792F94C495A7FE6E52BEE569CF7DDFFEB4A4CDDBFB56B19A195A307FA91238C7F9C781E1FAEE386E60BE80807D98618782DFACD3F5E42B9E6F8C564BBA44DFCF63DF93B4FBAC416C2DE588DCFC079AFD0F0BF37801304A37B280D084A04E2CBD8618B2E61F91304AB8E7AC10263AE11D6532D6D1A82F26C2C7205AAC631E9EC522C1B15EBE6438D854A3E23AF3CDC5BA37F31597F43CA2EE94C25E75C59EBDF2128FA21D279DD891FB7D9103126872F110DAEEDB92DE68DA7859681062C9098186A9F18324E9C35AF960C539224F63C1C6CB412B63ADFF779CB487D02E7CCEAC3B7A90148D7CDECC185F5E6D587E351ABB460DD2E3E4F4BC0A77AC488BBC0C634394F32E926FBAF33B6086DD64302388B492E55F6C08388963C81B5F045202A5BC783F5EDAF7D7EB6351633D4838AD6F797B6CF8C66E12F804AC4179D31BD5D24ADF2DDD1A1DB43C22CF98020853FB34E314527E1249A22B8CC5FC471D2DC13DED0CD1D9740EFD671065723A05C46B33AA8B5DE6BC4DBD4F31432780DD6323C209F977B1412100B95CFAE7EA901160A1EB67A9BA88970517CC1D95D1003322C44DC73873677B63D7F41E2AB9B43F64DC87D70C110510D80198FA4B067A696D99D3A2EAA0B0B37482508C4387CB5ACDAF36C06799A4C184474BD2B100ED665DB48C1789DC5129795DF1A161978889D7B2B0B0858600D94CA1565487BC8317A2FFF9AB4FD649E9ECB24EB4FB7829E04A3E0F2087C518C30596E390D62530ED44CE64A754F57016C1BB3C91FEBD66D4770C8C7406B4A33D58DEB3EA43E70D3D217AE3FB841CC981289575ADCE06027DA7A86CB73E42628D1C33583BD907B1723D025 -sig_sk:  -rnd: 0000000000000000000000000000000000000000000000000000000000000000 -verif_signature:  -verif_pk: 2D1E6BED8452EBF126EDE70CA0A2B50D03342D5B13B2AE210F4562A3BF670CB15CE925FD22F26242BAE310B3AA413B6E78D442D935D1728A3248CC205CCD8D3FD834955520CDFB2C73E90E608B2C3FA8B7D179FDDCC88111C9E84171E9709B535933E492B6819C6A92EDA25AC407771A8FEDB4E711FB89EB7BDFCCEAC53B4EF46B6FBEE132A9D7ADB436E74A6D671183AF311A7A31429B012117527585F7920F348A6911885A0208B66DE30793B13FE1D57BD951F7AAC0349A785D26DBF1F0A91E5C9F4FA7435C44A943F1381145EDEB1C8A05EEFFAB202CF62CEE7742363EE69D8E450FF67C3962D6FF97BC3D02D6DF4A35DA3F89A48833CDF290F0E9372F65A58865FD4044AD090992AA159EEEF72B0DA7CB3A5E0AEDD67D828BBACFE59EE462AB696BBAD0E5A9BB1F5A51E0FA5DD44D8EC0DC4306DF2367B24AA2FB752F82D844E4C0CE159E3FD6B4705F3BD0563E0A7A4B94BFBA012B9C8B9135F2DB4C8C8DD6EEC8658DF30559BE3A17A772105614EFB8C1BE18110BE670F839A5727DF947FBACFD1FC37133584415D37C932E7092FABBF2D09D25C4CF4AB8ECBE5D8B7FA47CABADE71E938392861E8D15A41C5B4225DA3D16D393F28550860A86356B14AB5F22D0CF037CEBB40EAC87A24142A0219300B6476F96D041D1C30E3C52D245AB6AE7A1E5FD73C5829D60628B6D87FC889C3EEFAEAAB61C18EED7511A96C4932505D3833DD83316144488E2AFC4EC591812B999C1C95F31790003F6C95514AA29087824AF1D991236D94AD950EF66FC7FF4BC3BA0F6FDF262CAA59D2B55B833BCA67AA51EE1145F94E2DCF05BBD4307D8B1E0813F845490BF2359923CA598AB7D99D2F0ED8E0BC99FAFB013EDC7DDB86172073DCC3573A0CF0CD97E93DC63B882ECF430CE4392EA5ED8C8A1EC79DCAE64D433EB538CFC4979BF7A28651E8CD521B08ECAADF8969A981000356D589AEF84848672BACD3866969BC283B065C1ABCF638C2DC342B27DF6B8F03D26218FAE4E96F25566BC6FEDE719D38DC0CD55205F10CADA09ED914A4333D382115C2F5DECCD54F96CE4E5F268BCE927B21DCAB5CD04011E92F5F601862B20209BB0F956D933D50AEC1BF4CED2B2C2D43F9A25768E29875264864AA57B5A91726EBE6D730A8D89538233704420BEE0B01B763043A55B8FAB7EB8615F43701B1A716156F913312A643314009872EC328809FB64463D5602D976D3AA900FBDF0F996437B621926226A9391EC0734F52232B36566E06B117F979F1A8946CE8FBDFD2FCC3DBFF283A430E10272F874E6219677E1578AF79EB331AFD8C5D720DCFDCF79060F1FE5843D0B9CB3C7ABB8F1C0D0B5C701E20E3BAF7EAC445A75500A761C13DB25D40D19754C02D9F3DF6DBBCF47A6AEF6D1FBF4B455D3A587A155FBBFCDF6A1645712759A11A3CE427084549312E13A0FFACAF22591F14D8F84B1B535ACE98177344D6F5D149DB9E1F03F3CE7AD48E68C5186F44AB4D098EC3A4EAB582F089E5A9D4530B085DF4AE792C6C8189308CE9A8CE2918D91577B37C880A231100D4EEF5107948EF83C3C2ED50326B8727FB9BCD795C43108EC6FEE11AFC0A2ECD7C80BBE15AEC917BE37E2408365DEB34EB415B35C14F65FA91F70B5239378B947F91D2B1E8DB1257EE5853C169FD0C2678B0DD2724E7430E1AFB866CB53DFC4FBA56D03F2AEEE90FED730AF339809EB75C73EC82FE7225F2F0ABDA42288281935831286EE72B426892FC7116EDD149822E7733EFA4675F940C18422BC7536C782D3AE6E0DBF6FC34B674919F34B12F283FD395644053A246A356912CFE493FE26CCD601A04A84A81D85E6830F3CE66DD2CBB1148CEC10B3634B9CF511E0F9866FA7C03B9D25D754CA404D26BA718E25F5A7E39B25207F2905B6271417672610ADA30603FE82855D01044DE06438385E831E219A3902F8F9698552E5EC6AAC9686A78869B5B57E031DA968CA450FF914D67BCF9C036FD1D96F013DF8F311F3291790E89BED589BF0BCC7BAF460C8AA30B42F228FD3AC18C2B7C47B319E0F7E9DBFD463C28B1B585033536D79BBF80D9133D907E7B081D4B4476193F0FB68BC1B41C2F543307E76F9B1A3D6D426EA7775127AC8309BCF45BE747D8A8BECED11E6A1D1B8F190AD6D6AC654E9DBAD4C9739C8D844A91A37167E68450CBB10F4AE8E2B69FA953EA5C991D3F1A3893F9086931BF1A089C7F22357D48E2FD571CD36F190B3983E19EAC80F129DBF58EDDC6B9A7984FCF04CC3B40DB87A8DAD7540D5D5DEC8CA393E45E4BCF433EA64E15E944291ABBC422AB3D06023CE578EFFADA22B64D994A0800F8E5017081D16CF51D0B928B659EF78CCC996F9CA877AEED9155EDF5DBCC258E604EE17DCB3F990F988329EA1DB1C3856539030692E52002CF30FD5802E025B99BFCD1112645B56C60AE638E74D21E598789DE6CB60B42EE49856CBADE6DD53F4C567A29FA05C7CFB245AA772D0E763F25DBFD8E9F16BB429A628E693D387B6D93C398DEA28C0963DF5C23C29F280218A039D64F8BA81C1DDA2882A842E3CB50395EDAA6EE26F5E993C63EEB84F6632774223362989B0ED5FF25A65663FD28B486865DCE0B0C27273F1A4C6562C5DD8C65C41CE308959A9D64596D08E7B25E013FBFE7CEAF3670DB29A213CCE9975A913CEF4236E64003087709CAD6181710E951926CA55297199A608AE545875CDC38FE383C14562B48DCA6602EA34055D983F38E61CCE531AD93F58EC162845F538CE4843871D3C4ADF05F35E297EA62EFCDD5EF9401BA042A235150A09D9474A3FB03AAA19E7E37A228D5F5B07414C3DA2AD2E5C75ECF04C112B90769E19960E975E8D1917B3BFDA84FDC6D2326FB8A3B00F95D9C52650111572BEC21B12127CA570D8A98AB977EBD8D79A59375EE14F64B5B04FD969FEB03D0AF73489E3BAEFE7C7BC8DC7E85483EE62F02398580F83B96DD84477B9C48F0BB39F5406A37036D6F36E2B1B6B53FE6FF61C327B29D4E05DD2B81174C60B59C79CB1976BC06E7AC34DF3E38F7D2C1C0E3151B7147AB831774770143B927B5FEC5DF776C1D72DB6BC9981D65867713CF297C8B0F1E98D0E16F0CC227A39E47E50BA0116156D5B5467536604BE05CC2EF40ABCE852F15DFA2CACF86A789E5B7B0E5BB4B777CD7CC9F654779B102F78B5AA4B94C3B4FDE55FA7F7BF54AC225E1F26165B65F16D0321669FD9F6E47FCA1DD347096DF5DDA86466A57C5B068D9C67B7320366EA19C8993FF90BD8FB0693FBA370E66D2B203B997011B0D15B94E28BAA2EBF01774F7AE78F84EDBDAD9F65A450427A4774C60CC89A020B37DA21C791DAC8F7A7457E30D08B01375160039C301B6051A965E8A7CCA2AEF93BD52F82C020BECE90A129024EFEA4B2FA21270F8EB5ED6AAAE55929AAC599A577972957660CC47AC4E3CE772BBF10052DE7EDB1B8A44941F884C9F8BE13174669945629F46DE2467444F3106A73FA279CF02A800A047E20BD4D820B389C3BB6A868A5384CF5724C204CEFB1A6A1BEB9723E36DDDDD9C707C8F63E8BC26683CC8B43C7DFDAA408AC4DD2BA9AECBC3B6DDAEDCE094AAB58FF732B196638D8B8EFC428BBA9615793C4DD9F00F90D62C676D127A0E18C14C6EE9C990510B054ADB4B4170AC7127F93175C1EB22512 -verif_message: 14426334940960773BFF65F08D1DE489C4C3ED36 -keygen_pk: A3E61204447E6C0C9438D5D349EEC3919F9C406DE5823B6B0C10102F4BB447B401CA97141E75D5D7E6ED21E0DFCD76121C7CE91B2D2A9E518EBDAC3DA4EB711D158A9849579F2C9ACC8DA603B7A37C2176E263A45D9A31F35BDA4ED1DE5A17F08BB3342E89CDB0997B2FADC53AD8FE46E6D2EB8A804A00D7D72DF8AC76918C4A6A1B224473B69E080E52C818202C60A44C3501794681AC6ED2E767510392512C03D1F2CCEA0A60C46FCD946458B128E16241C12619DC0921F34C53DB45E727FFC9925C13ACAF2BFB19A09347B716D41818B5F8E3EC31B7A4284275FD1DAA4F387FC4CE92E04A7483C11100D11E7CB241767629FE017CFC107964C4B2DBD50905306CF2500757717B874D5E1932A7C224EE1611D1E82BF6EB300F2E328AAF0599DD16727811B0FA79E04EA07DC436C30BE7DC82A7E9C3F2E31937DC2E17841D4FB4C207B88F1840E9B3BA0177A4A2C47013264FF5770B1924A5EF82755B9A99729F15DEEEDB367E24EEB5D25F1A2C889827038D8631DCFD7A05063BE9DB602325D4F9B4BB166F225864931A4DFC664B3201582D97BEF1929902B300AFC1D415B632119740B7EBA2F8B868291FC4C74FD75D42623FCEC02D0ECBF23063DC3046A2D484DC68CC4B3AD775A8A90AD7837961F1D500C6BDD47F7DC6F8A03186717734A81DB143ACAD1224765AC849EFAF752EC9947AB028994A790EC4C938D7698DA826047148489F772183633F24259913EF522192A3C55CB1450486045B47534C0FB4909F53DD466CAA6379FBE37AA023D59F65D0B8CB36C1F3341DD695876C513DD44A40DEDC7F67215AEB25696596371AD621470AFB261B90FEE5AF42BAA2FA78CD3D530C16E80B793F27CBE4ACF94C7EAEA56F962F8A5A659F33E7A2ECD18C19A298694F57ECF611CDBCA668CFF31C1C2BC0133278F229454FAD2D4251E2113ED7DF79320CA80435D5231C12D75045444E2FD108B813FB8FF0422615B74AE7D1859B224906B048EF127637A6D3D16CFC970853F958D494C24C9BA09832E7863AD95CA237830CF04DAD2B41B85A891E8A32B62EB27B921C3B53700FBD23D3BD4C2FB4A39A9D1B695307D249E6214923B03B9B998DDF88DDCF6D1819C7885AAFAACBA3EC60A3B1C3B135183676AAC348DFDF719B122EB80EFED0C68D89C7F225B800F17958D0774C559EB4B4751576C39410CB3EB51607A8404D7C52F0B628B54FB8FDAA05CE6BF0CD3F68C64D2E1953EE461ECEE1A219DCA24CEBEF904BFDF794EDF49DFABD5E8E486314D0C5992662B9F481730C052CEE9F4916D62D79887748FF8252C515D02958B009F9FB1F57D6557465789ADDE9EC6ABC253A08F4DCAFA28BC4282D4E3608A97D741AFC572F7EA866948C3237A07CB7DB75EA7E4EAFB1EAE9CA382C97EDA8DED02A58A089C7B5F5F69CC9EC35CE2BCF6D106BFD4EACB1F3388A6957D64DAB8A7A9FFC23BCE34A8482009B9667C6B86C10D832950D3A071D9AE8517DEFA420EBC60613CFB021B4548FAD32506826B434C25A07B55F841B80C8FBE4A8DF63A0B63073E4EA3E17FF07E4016FA0CD0E8768095006A74048AB9DBF958CB60ECC5B9077770C620B117FBE6DA4612F23327EDD258A0C691B329011ABCF87A86E18216D7FB8876598E9611971093B7F4DD7CA425113165C1827F9F1F4AAC8735BC62777A17ACC9260411028791A25D4DB69A78A12C569AD73EA984B56F96D2FD7D2BBA126ECCF2ADA1AF7B82E9DA007B7A4FFA519DE072CC3000EC22272D718B172B127B21CA01FA129A315D76077DC3E9F67884FBB1AF8C8B71BB48AD1D7937C3ECBAE83C61C93EE71B67AAD525A5463A0E9C70878C3DDE1D966534AF80FF43C427101798EE894C8D4F48148C89D57A5657E50B831B98A7E6699A731F2A0E5C7C30D5C4AC4ED7F9500D1C3A2C1E0E8DA800D8ED77A96D239D59E7977227290DFC5A436191C6D68125F0B1A98906F19E2707809022157BED26D8CA0CB3055601B002134A6263BF6F93BB6C38AAB2AD8855ECACE472F9E48F83B6CFF455E05966FD186A7691FD18A9249908326BE552E9FC508600BF6C9506FEA5A1BA85882240B5D0D8FBDF4348B66E872DD8F3A6518F551CB4D555FDF6F30A01A6438D61553E90DB1ADAD595EA4B12D421B4B6BE1B41A819C3F0F4F780ABADE83EF405D6811F2CD177260B435A0C275013C33622AE7CADAAF4C145CBC7141E3392A3D5D37EDA4B22F465C46EA94AB6DAA9AFCC1FC4789F104E6497C96962A51B5DE28F386641A671BE8A1C3A1529E4F4922F7DC9C1C2443245F1D3EA83ED557692C7CCD4383842C08FA9F899161591BFA60EC08E1028F0CB38743CC9C1953B962071C1F7C60362DF16C48D52948ACE7C2E63E4243044E6872EC64AA580BC21BD9AC77C3E07C526FA04C1BDC2E219D891DE3A87BFC0E7C2FEB000713FB41069D3DD5196AAD53CB5B475783862067B859BF67E3132C0CA0C4539AE6ADEAEEDF6AFD814D7A58BF67B6FB46F938D9B989AA179D68CA7C2038F929BF60760200DFBC247AD11C419686CA7D569743893DE8E1972F1D72704E8EBA17E80E8ECB63A4D6D34C37AF725CD3F948A1C421EB31649EB5BC4F0D96AB872B599128657BC131958189495C8DE9EED7C97816511E34649601AF168C6A55F67425496E433D5CC57801DA38840EA60808F805A3146178D30DF77041FDBB7F6DF01EA8AFFD279A33B876A091D1E0FB9AB50E446B2BF2F045BA9D77C21AB29F6E108CA7B90F2E695F6F1D060289C61523F49183FE69D319604C244D695B8E734D6F100B3A9E521CE39CD0EBC42199FD419E2DA9ED2D187996A183073FD06A6113E96C2A28DA6950700B6F1E45412D98CC2101ADE58D99625A0CCA99430AEC190781E4F96376753920DD4E248324F3BBF8A324DD2E70B3B3DAC583B6052AEA72D7D0D3C449ABB9C33826F9209AC20A2EE9B7926DA3ED239986FE62E07F79DB2095BBFFA001B0592C475CB15E4552204B1DFB00A8F32A5A4CEC6E1B0FB601F518831A306673758D2BD6F9795A28547D0C7CC38D25FAEDAA2E3DF673A0BBFB64848305D43F1A44ACD517EF4A637A465DEB8D6B609E50F49F05932AF8BE0878ED3E5AA9EADFA1E959C9C56D516EC8483FE2F536BC7AC721235D75C6C2AF77653BC353F1ADB048024711FD500A274D74F8FD403406FDAB67CB665AA10B4349F8EEAAC3B7481353F285AB9817FBAE7D93965304E81B18E84DBCBAFA21E63E1EF16BFE132BDACB8E875F6AAF8EC5E0DB549675C40DA184EA75087508EF928BA4F3E2BE35215D32A18CAB85FDA74EF466796D515049661B595E6811D34A646DA2B3859EA8DC5A5BA870497934DA0B88C03807A21D87B8EB9E0D7A61D54046660C4C93467A25B06901B297975884B59D318F1676D52620763077FD2C4ADA01A6949936B0DB6538E2B110C7C0BCAE3B45B05B74AAC263EC2FBA5D1F130B5BC22D50164CE72F3BFEB71EDFC2A8BE6BA3AD280A7A828E7CCFF8D99B95E8CCAD000E91671D05F7948B43FA7EEAFC41AF4BD9B11AE951C746FCE2C6B2CDBC05DD8322424E9AC2C857B5204686FFF33131C05F81645727E6DE9B2229C0E527CB6A05F2679D2B9860042E188D3DC014748070A72AB9F4C369ECC16F2F4FB46722CACF6A12E969269A0743C0417330D612E4D6C5 -keygen_sk:  -sig_signature:  diff --git a/tests/PQC_Intermediate_Values/ML-KEM-1024.txt b/tests/PQC_Intermediate_Values/ML-KEM-1024.txt deleted file mode 100644 index c605073df6..0000000000 --- a/tests/PQC_Intermediate_Values/ML-KEM-1024.txt +++ /dev/null @@ -1,12 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -keygen_z: 7AF65022E0A472ED6388638EA29D82DA68B4CF9FFDF2B67CD708EA5A370C6A7C -keygen_d: 7AF65022E0A472ED6388638EA29D82DA68B4CF9FFDF2B67CD708EA5A370C6A7C -encaps_m: 034FF14A56249C2521D4279EBA3D04931CC892BBC45002B5B33D9F0188ACBAF6 -encaps_ek: 27669A667667B8D5466858602260115B6209BC2C45DF7A4E64932B75C78B9F7083F131BCD4E20EFF8CCF69736BDBC88406F9B69AD3CE356A0F5E676DD0A7C4ABB1A1C9D62021BB384A4014FB04CD2F821890D90427C49F4A628ECEC2731FAC025237360D582CD06647B1109AA6C2AC5D433758C1CAA53555FFF577EBB521FBE32D10F790604C53C2F82C17B08EF3625674214844906DB3FB9520031422A13BD7612D4201C27D15B9D194830CC3669BB8BA34C2523764413971C40D84AEE65675D5215309DA8367F001497546ECE07CBF002D781B830682484080AD6F9558B36B6BF610917130B7419B39F85029621264CF2C8AE4D808387B20CC5AA0B969C39BC80E6CB9CA0351A3F60ACEAF12BD41FA0996E39906A9B61697B747C2031C760288364457425BBBB40F4898AD085876608A77A5EB9D124BC9922651B76395881558CAD06F3C4BCF08E45B67BA516038A364B7740E9740EE2B93C5C65F49020AD42B3C0AEA5BF242A4F1B089B5A3458BE8A371CA1F293C53F2780ECE281293D991E6E579042BABC169724F10681FD1C7D2FB1648B0BF80818A7DD3B709734D38972E3E44875AF0927A9AADE82613FCA05EE5B3210647A5632AA170D09E70B56A2F04337A337EE952383A1A8AEEA6CDB90CCD86A818D1BB39465BA313D266BBB10581FA187D926AC3A8B749F64445FAB56C9927555793FB4ACFB039B1AA543B1B87AE6A49AB562933C4C97BD74C07BF29851A469851A982595596FE7ACAE0DB23533028AA34676F7A9B29263E7AA27900104B1BA1B5674739B2FC4ED8A330BBA5A0B6247C63F1153DA01DC8F616F10483A693A634C1BA6AE1AB2F163400BB5771E70171FCB54155ABFCB2044FCB30BAD67F742183861819EDB1AA6C771FC8E11A92E08B71F40D036C15D2896A204725BA90A03B478D98C49084382F1D223FE12980E947A415E55FE67B85DA40441342445B46C2FC42020D04769A2A1C64641F0C36636BA6C4652B267A4B9219E333A06817B5817B6E6CC485E352614169ABC20E1891B7A000C52AF15A7B904C976C1BFD3A2377EB76B55033C7C4C69E7174AAF27715756316CACCCE63A5A22435C7D1020443AA71693BF062303D13331F795424C20D266C1D90305FC8C2536684A93D506DE6329B6162405999BD5CAA7DDB9613C8238CC6D335A1EB4082E7710D079F87A4BFF6478B5F0C587786AF427192D9A34A4FA33BF0D3CC58FB463B4838CA2C337E65397DA15690C52AC0E5468BDC03DF5A62F7020934E267E0F7CF95599435F952FAB74CFEB4308B173F12E073F7F040DB4C63C1C48A7B7A41F4779A6B57A922C970771180008493D4C76805400B7C664D0B92B22C49551B1247E62C85E1E540C82093371013C4676CEAD77C5F3064A37349C7165EB3AA7DEF8731E9D66A56368F195C045B2A50E59786161A630D280089801298C130E4483150CA9152C2A0F247750C062259B84C28236C3FB54625D5CDBECC68DBA22FB1558055FB9B243501C75851E76ABE4847B9B972A73411A6B4282BF5983A82DA7413E54BA35BAB37A9B3C62884B643C134165C9870C6BB390F6B7A1E5745158FB251D6909433551FEBD30BA575A1E2F10958498D9F147ED9531322A16097F55D811795457912912B1C65F38025429B3E764A2E1ABC4E30C288082742995590981C43DBB365966BCB9720B178C5EB963B82934C02814B7525546DB7C96D65822E4942E4A4AC13C99490E7AB4A702371F21316A57906B19258428801192567C2045BF8775CF58C5DB28BA1B05E042A1859E64286B5B114F39FCACC127BE63DFF590BC184B83B168C30199890374100E40D2FC7752B1430355022F3D58925D1991BF3B98A90395F8579646C8413BAB3C0C0707A238A27D09FA57A32FF85392FD08C2F2286ABDB2B6936B9D3503802C6B51E415B81673CC78054F1B2C4BDFA733E5264C55A7C4DA5B73944402462033D08AE620BD05644B477AB315E936D3F25B5BA7AC19EB559A5C1195F568B313C2675092E6DF58FF399C42CAB6363AA033691CB8CE06699E701F2B92597CB8FC23516E9F40CE75B7BC1E0520A5A3895EB7D8D474009A0CB0ADC2DF476B5164112C3B600B6776DAB49B20381A4014691652A3C3161AAC6616CFAA265638C6C665A8454F36780B789CFA35D2AF49E6D5F482BFA3C864B0EF29E18D2EFFF92DB1876A22076AB1AAC0A7393ED9E5A48 -encaps_K: 46C200F3F6EE8E11D47653801E3482241CB783B9D794EB116A4BDA085AEB6BB7 -decaps_dk: 0FEA26C4A544A514444A971B5C5A825827C09D42469E59344CF2AC06A28D33E9A012CAA3717B2C3B290A0715821109C4CCEAC49F341DADD377D42A37261916AC7BB9E41C096CA8181CF58350573F605684A1BCA53D88257453C535165C4ED72A9FF05645712901F66C10D04F5EB4A2EC3772E9498E9DC44BBDAB71BBDBBCFC85B801363089EA60EFE586E1E2180C38B2E7B4A63ED607490BC5BA7A58AC3B1C0E43967200C7980290EBF411828439EE8C8E6129B258E13D127CB15A00CB7B468D4023B5097B9B2E509B50E890B63B4707487961A29E18656DD2D09E6A3B8843E2843CB4854F18116E717DDB0355A75135B2026A752C8E7FF18E0F4A391CA37F5B2BCC88C999B4E47750C46547EC076AC21530722CFAF9679961C98688C3562B17CC808146A12572C9B5FF151AAB54410901840E26423987C5E0D28EF2EA53EAE5951E62AC7BD518B9830A4DBCCE6A936591EA8EF275078A0973852A4D130495D00B3F21851599901CFDF9368344C810422FFEA08AEDCB1A7FD3625F26B034812FA307AB2C20945465546D31A341A4013D8189B4F50FE860A668DAC7B103441E961FCEB0C5B1F34DF2E598C6D8CF60B864150C703D2BBEAC9B001AA2108147AE6B8AAE2C7791DBE956C1F9B2047A1576094387064C3A801B0D89C996A5CFA3B012C14438B9F3530C0C5FA9389F10FB3EF1E2013338415F7B1DB411ADF91C73B6456B68AB7CFC7BC929E44E58EB34CA10AE31F03B2C3BA6CCA27EB35CB1379A130AAC87E3B875CFE253AF03C4BD783F18C5A2F8492BBF7C56875598B1B63FE6CB0694D0480CA1C8F8867C11B8BF33A32C20B79F9CA486858610B19783BEF784BF6B0F858C1A791130DA6957F212234EC98679814BE839BF110B45C1C883ECDC3DB3F822A4F7C125566ED1663568C8413CD01C22467AD5201A0ADC763435A2CB05CDC47072A94370F5B434F75C078B415993E854DDE17BBF86C0C6C9A3248532D9C2139EF3C75A9BC693781060DCAE2FFA58D9CC548F19C1CE5364880C7FB50CC7BE405312D6CC94037618F388C490AF8F61B9B4044CF75A5CD71A15853B5FD6224C6B9590E58501D2814200C919F283CC2B49AD8BFA5BAAA2977F03823F609EFB2426F936C30287097BD6B7BDC67862858883DB5954080429B9CD02CA96BC1CCBDB5121DFF805B0824AEE999E2BBB2D82353E6D3A300792781058C56EF7098AB3584EA0621E20337D3A975D93CF32586D6A71A2C4BBB202B853FF09C407B43B1C19B1C4CCB821482DDD27378177AA7F6178497C3FBA797153848C5D0B1F40B54E9D5193904A303F725F0CCC66C6CCB158850605346DB42B877DD9CEA5F69C12B221C7EC5100F76587B9834BC0C641538F83E85BB3090DBAFBCB0B7118FF7C97E95263157041F8AC4052D0403500CC4F689455974CEB5B076790A050E0B3F6772A7767541FF6B67B2A1D5407820647688F360A2B01473767712909B227658BE6457848C440757168061888589CB05A999E55496791B11AF2066BB8CA746051C4680A0BC07382412AB8B8A319DBC794DDC694BFDB813F80B58B72218DD64DFCDBA1AB48A94F7A8DCA9266CD15A42D9BA5FB6767A955526C050DE2598B112A2B103AA2D1F0606FE68A55191EF53B302F7C1922C301CEEA989A62134090A86076776FA44627B7316386576A678175B218E6F482B52BC6027BBEB34698B9802FD67634C1A94DD4C5CD49EC6E2D665F727781D1EC10AAF66AD8279B9BF24C99E875EC94352D9605FA30CB3D8B2686B03971A760B3053B34346D0D71B44D8B7D2EA61A5C10A933D38BA48336711174546147D44B2914F85689D9C1BF0037C7F7377CD930CFF60F84B0A2005D3EFE55C7311B1B6132768B5290D836B82BC443C32B4FEC960219DB2132F7990AD684A3729F3D1A2CEA3A1FE4B12675C489EF33198F01A106806EFCE8921DC46E971C0A0A564AF9E56CA727A7641C568C95AA5956910B288429F80EE7226E9DC4067E34944F06926D44B2CF8764F713593B4429F82B8FCC607798916B815B9098330EC334290DB8C04B083DF3CA10CE3575073028E994A25BE72878492FE1B696BA5CB1A773193A3B28A4F440AE582DC7C24FE7451D6676232BB961C5040C9E5201AAF3CD4DE40AD5A9578AF52810B593E9815E23F63F564061A48407213AA1B0908F4B174F86D573FA04386498BE68398E8D720D278111D8B17303602A96E35F56FB25173C4F4A03CA2AC9BF79DCAB764BCE4410401E1013E6528CCC5113358577DA8375E02343108C2924D2551E5CC5A1B04DEF88324D854FC92C4ADF7C2301337E4520BFC365566F66092E367AE60612744653C1EB47F0820951A2A14C425909340D8727188EAA08E48678984876D0008DAE99015B3663FDCB725741530BC3895B11620CE3B417A320E18813B99C235AC06F55600F983882BFF00236107B5042545B6B775868AEFB79B595596902C69B9ECA3D358C61FEE036D218AC43BA3F52C06A8F881A7ED70386142CBAC5CC04FCC31E16277651CE2DCC5014F6BA5A915C1338834EF474B6715913BC7A4E593C688766ADD70698B37E06E53915F385388C25C4265E1CB44FE3D019D121AE4C32434F37B0A4CB69C7CC95707350C3493D0FB11CD4D09F29DC56C07BC8EB0BD0082B41442145663C21AB433467B95EC2478423C18BF2EC703EFBA28CDABD42B7B833150D6DA25EB00A8328902E2D089B55D69AAD9A94D818264C54B04D614D147A30ABFC03D9929D96BA7F81865DA353C454BA7AA7881AB974C1B8F0831E79C4418664E953A54DE93213697281341D37F508E8CBAE3D8185054567DEFC8E3BBCAA4247907C483B8F1B84B324C1A7CA8442DB6B7B128C8313BE1FE25791209B864A3E1A618D56D710D6F3BF559510167C464C6B9B8BC490B8E03925D03D0EEB5D78179428BB80D3FB148840709C41147A686FC9BCBDCDF7C7EA7C30FB640FF05B7539ABAB70892908E93CC9C347F8AC889E56468A135B99754738E15F4E677DF375BF1B43606A2C47380B10A0C14C28583C83311A2854B2A9931FD66086C10749F334577FD70B51B95060075199319B3F7CB5B237302C370A23175E4E013C56281BAFE2BE9F825A3066AB8BBA5793E21E7A48978CF60C091B1F80C0C23814A30F7760601ACEABB1215200940FFA152272096D458D00DD039F236B2727B588C62204E79C451681DFE410EEC42B74945AEC0313A391942AE1B122174DBE59AB1E390CD64941436C75A9323C69A641880870FBB280B3B37B3BD982B82955620B0783B82E8961A4043BC7F66C0EF25A5ED15326F8816E5EA4167EE8BF6666451D315B2C751441172C278300268261C78C6F0C46562779B3A1196F87835F79FCB7E0CBA15336CC83E156C5022887A80986B49C1B576594A23142624ABF524822418C6101905262806572494D3753C06281E7F17E0D796CD7767FDCE901FE1712A00A3D36EB423E29868846932A9431B8CA660FC1975E23A75B4A51DE1069D3A59F6EEB2A5CE72A8916B5E863476E6AC572929F2C29BC5627BA994163CED35AB7031C00490724555ACDE613AEB4C3E99981C62B5DC6A9B35BA79220243689E0594996857C045D67193D9E411B4FF39D0F8C3C0A70ADB72A7021E36D64FB294D932B24E1A2BC0BC41C4AA3B5EC3CF0E672DE140F484733FD82BF082934B540A635C44898E8AB8E0645705AA581718B4132C427927FAE75BF9616A5424C2020EBC5CFC1BC0ED1653AE5005A1754181620B7F06D716313033BB72A40647ADB2E667370F2C74FDB94420DA48DD1379DBA59AA22F857E231C5C083290066C548761BDF385F2F85817B212066D39F03B77F8EF41219E4BFB9C12E4FC98800571D223AA92A32C7A3C2A7CF9C995AE0A7B59391FE9A4F0D633BFB798C34B72BBA6A9F16C4132E88B570758BD551C91BD2ADEB53A72AC6AA03689DD64B035709A8AF468543CB1736DBC9C72B529E70596D18B19CA68E617A147C189D283A77688CAF94DA5A0E9B63181A40BBE7BD4168A24D274319A993BCEA8ABF505FE862129692B5BDE849F36AC92F7171E53859313604EAC10BE2786FF385B9C718154818772FA7B899C04EFD18A8019A79B6F64D5B9A2C55E784CB47CA294856689AA6A70CC27B6C20D4D1C729C409D0B925C40C30C0777815077749488B8DF0390695ABDB048C7CE1853602A54D153CF2A51617847B11E63C4C761966D5AD93350DBADA4A15C124BD808871993FC775B6E410C386590F730A8EC9475EEE915039E91B6FE425B90668C6AC5258B7AF103B9F5E230B719BBB09871DC1621517BA2A839C96AAA6440A875EAC90B298D61BD3F3AC89B405DB394232686A2BE0F3C75F15E64E61F070791EB4BB97B7019825F117C7D73A12FD3DCC22D581B0E41B786374A461EA0D88DAA89B659F0DC82443423515B633B005C958EC26561B6DB818F4B8CB2E28990E748417587FEC38A1284BBB4FF9E478 -decaps_c: 61FF1A8B6117EF118328E88B3227993014DCD075B8A1A7F9801893EEE6405BB960B6B7F6A1A27518A3409139A48B859681CC758F2BCC3EEFB04394A375A5CD71316490938ABFD194B20BCD31B3980261C9ED69BF9B1D7D7659A8040DB1E25D2BA6F703486624B73CACDCA27DB0F7E2408C9448E38873280F5E9950D7CCE252A647580C19904FAD62AEC300BC8E38F05948B63BAD5CE7C90E40C4BC65117761F5F8868F8025D6CEB2C5DF60DE38C3232922087EFCF2CD95DE5E87B6888B88C86CC78315585B2CC688A71B477BFA388DC2334DFA8AA95503D5397E2AE0352903EA6A0AE8B649A914B3525FE58F564BF19CC09F54E105D19BD81054E57001F70BBDD7719449687E9A53B16CA5366A19105A8BA08589AD08DF1300EF4F923BA9E762A82FB09B76E125F2F274D617BF30EAB465ECF24D3707AD300D9AFC1CF1DC40EE7D4EEA6D150E6F0A31DB9F8F92BA8EEEB35D7445589B046BA79EFE231106CF0A75712AB392724C53EFF9F5733BEE0D6A44D0B6F515D0F5E40B1B1E17E67AED3C81D00AC468A28F8453D4B0DA809E57D823F28D61ED0B59A08C622972D99179DA8636C45F1CE8F6252AC86D91B5E92997014E3F5089E68BC52CED5DAE6D5B175FE2D61928465059724C835902D7612CDB69CDAC664FC1C9CB11203A8C7B71486E97B7D1BC6A98F493DCBEC8E629558ED361091293D1B5D2096CEB9FC7AFEE71DB7CCFE482B68A196429FF04D15903E7A75C7BB5F622C36971694559FF07DFAA79E41C362B22643CD39BD9E1D3D6C2A306B5F1102C266EEE67DCDACF36697A836F203838EC110308C90A3D01570CB3668ABA50340E40F54CFA6A9E8862532F5F19848AA11FD34FC86B7FCB1637F4E5A1D03AFCE44124E4E460B84C63496ADED55801DF2517A90AB061C8E63AB6B14BE1694D6F389DD85F5639C5783AFCA0146E6A1EB0C40563C137010DB60BBC3D6374D6F3A892DEBC064701C64BECCB8E2C33B740CC7ED49D108A8C4656818DF5F7D91EAAA446AC6CCDE30C6D3D1BF66E4E3B7B6B81E3CB17227F80DB0096E6BE7D859C09713749FCA21530FE1A716EBE325504319BD0EA2A7D7713607CB679B0A0B2268D493B67C0481872177FFD2593F3ACF691CEE99A36ECA722579EFAA59ACC59EF8CEA9108E620B06056C19D3C1EB91E8634DE4957706DFA8F9D0A9E0CD4094F6B95A83F118A513EBFE5E99AEB88A268E0097FCC3C7AE250B681933BBC2A8F5381F94D156434A87E9EE37E78C27A0CDAEEA9814BCB43DF538DBE628C802C1A94E0CDDCD0CD5A0F8220DA97C2383936A33919FCDC11D70ED4437DD2D7C73CD0C3BB90CA7070228FE8D64A1C9D56E6B34830EF300B5AA6EC6C78A5425AE6F7AD0EFDD527CF0AF8E09B56E495BE66F665C64B0A42C5C4B24680480AD2E5C11D991F7E3DA759AEC802F176DDF11EF71469DC13B3A3E03699519858AC6FC65C27FA4CEFDA09C82E8F958E018DD5255CA2F628E0DA7391ABED6D37705528AB22EC71DC8836D7FD4645944703A51CC74D297092FCE139E8976F8BE9C5F86390B74D401A8C8153112201133D0C517C6CE7A38C086069CE3971F1AD28F3E5D01B56A480B417A016AEA46394CDF764812918D8AB0501D5D18CE13FBD3DE91F504215CCD0E2D17B7E963C867F6F132114E36459FC5AF7CEE99B789673E524131F7DC71360951A997A9CE50DD5FAFC4521144441C06BB41C79E8ED53285D137D54F325A6C2F2EF74E34C0F877A614CE45DC0AEDDF95A0E2E4EDAE29AF411C9CC2AF95C9EA9A94A7961C8246E654FA28F3D568D5FEE93352C2E0D60CCAF5B00090AB6E7A53AA06A8CD3737EBF1B65D625BCF220F74DE22D9871EFC376BF082D4B872A303C32427A0C98BECF58959C9F9E2E887DBC42AAB1656AD15637A6A8F4BF9634095491F8C99242913891437E6C5B50A213DDE80D2196BE12C3937FE3239BF6759ABB8C1C9466F42FBD53894AE52FB533321429FCE4FEC1DB352C49583A7D817EAF62000888ECB0EBFFEF69FF8E590CFA25BEAB21605B635ABC2CA23680789725CF700F553C88352F31616154873D18B6C6EB519FC639B070FD67F86AAB62349DBFFA89F93051A7C7B7BD161FCD73672CEEF59A9BB7F571EABE2570C5BF31ECAA1F9CA7A9C6D31EA5FB7C979CDD2613897E7D1503FB0C19ADDCFB3A63E2185FC4101838DA66CCE2D3D9FFB47746C2003EDD86C2F8C3 -decaps_KPrime: C61F73D2BFB18594E1BA5D3B58B4C934206D3A6F8EC91395AB7779C61FA1DD6F -keygen_ek: 70E13F301517B5A40D70361F6309416067646D2B7136626BCCCC170C66CED490C735344B6277097CA914212A292DD122FBB69FDECA47FAB4532B8C80CEB77F9C543E0BF1536D1C0CAE077E2CA7862B45A410469CC5B706BAE0051CB2961DB7270B75B711698D2B807040D5628129436FBB58F1203F75561465F54257E44D33F512D633431D00A2FB0230C9BB9CDDFC83BD65C97445302186A17223AD21332803B909E5E5671970BBB0F1C4837BB84273BA675AC074C5290B411C2500657059339DE392F9CA308952A2201A588767ADC035BDF33024EA3B9A83C5A0B9C5425D14070C81AADA26BAC3FBB8D4B7CFEE0392375C68427351DFEC63609BBB50B463E04092857009D1E5B81D707D14B833CD4A0B551BAA13EC488A1503B0467EE4023C3FE032C78225063886E2468E00F700072A2EC8DA6AFB206C91904433BBCCB0E76F42468C40EB5F59CB9AE1B035E521510BF216A1ABCB19033B7A658897C65874D5135183149F979E553CCFBFA3900CDA6F01960B75157F5453AA6E73B3ED902F7D7C9305971BDF722E2937169A1BC0FAEB6C92F7150D2330877C5DC5249AAE20302634C5C5B23053521028122542F485A0EAC869223720633651F5B247C662B31A10538CA7491B1437AA74F4282D12974D9C934DF214785B6418468B92E52528C8447A1CA422FA6CC88E28B059F04B23597323F72F3E2336F87C47905CBA655BB73FC32E18D4B78705C782EBCB43E2785C82C5AF24B0E1699CFBC0257475799A539B11A50F4DF2B7FAA20BD8827515CA370F89C0D4C60902F6567CD60B0860A55BC8572C436C246AC276644E7D602AA57C0166201814991C1BD75C7C47C348B67D77613386908144EA83FF721F9A50076C510164D18E05D05D9884C44146A07CCACF890498ED1A19B2A15431729DC1F12B7EA10F9F928062D1454B4B9F68E59990290BE3728B3289569363AB1005131B2381A08CC2BF943E95D5B21BC6AABC2273348BC72BD093B7B5617AE87F602BB989E6AFC44B81512076A3A876E0E25F9762B462081985502F26B287A2936D5B1ACFFCEC4EEE77A9CBA980EB9B5FDE75539F650904677DBE29AB8BB918A3494803ECA59A2C32E5B5C83B0B80B1102CD7D9482B459B6B74491EC30C4BE77C2B524AF7B3AD1F71341DF0A76F255C2903C88208079379930A9513F390126E732A2BB094BFA6BF0A432BCD657DAFCB25C8BB15E0955D099B74FF1A4DE6559CD6797C38C48C1134CA2C979243F3152AF4BBE4D7A6BC09872133920CD23B3EF9848CCC6845D647B5387557736513D58560845192F9265159932E572A88C44E6566760C061C67FCB5BF210095E214DA745357E36996D8C066311BBC761A1FD25273D21EAB50010563CD6468A4EA836B6D64BD2BD76DBE3582D5736A605A5509FC28789B56B884AE9A60415F55674BE601576C7CEE58143BF054806ABCB345A256CBC454E343F3CC7ADE65562FD29EB259737BB3CF9649BDEA283FB07265677C9808D13119C0A2ADF745DE6975F4562CD61557B3965D2B072F000AA7E0A357E1253EAFEA7FDFCC92FA87630DD2276CE42E820B69D1FC2E47D5C498A55B3B29C34E64903D047AB1C04024958F701195F5D13EC6706B8448503A549922A58A24B67C93632756B77D225407316171DEEC56714435CF94CCF4599E00D10E569622BADA820C452F2542ADF08765CA93AE38EB025DE31CFF7974549A7825A831DD054E87B84C5F2547FF47B46F88C99F1548E933A6F4D87F1A4A1B00E39E02D60E51EB603C1C0D807ACDAB08BAA2B99869B75CA2C4B96368B51780BD1EC75B110B9FA66556876C5F48797D090138F754AE30533D36AA44B9B1702A6A8A56626BF0451A37A7AC1A337076E51E0A6B0300C2C790A4437EA28D7EC98C419B37D6AA970417435F91BEDC2B1F4BC8158A51B1F471516FE824287C896B891B49F254DD36359B89C824EB3F6248027FBBAD4CF29118CB50EBB625A37C537A0223F0EB7085B5C7EC607570DB9185D59902BC26C654A2804C0D946793D8A21482AC4F05E9016260331DCC58BC66AF3CA7585440216AA0263B2A725E080F6F9C5B6A9C9DA29355189B4B95B137D1225F252AC797B0646CAC52164B5972A99265D347FC7C3591D15FFE681C06D438CCEB60BB6310B7953289720E2C728730052337ACA7C8521AB44F1E2A049B83E0774C96CD8C876FA675D0923977271B -keygen_dk: 8AD0B5F09A25AA935DD9DA34AB82CA75A12D66E99CF48BCA45B9B2DB441BC2971BDC9922B5F8BC3C0678546759073CB88E26BAD1B1B3A4646A6529C632EAA347734A3BE583D47178094C4A670CBC41EC0689765668542E6F15A7D586C9E26A6A03C71469C2C53F7B141B232D86216A25C7A8F36852858C07A9524EE17BA6340AA2A215C1EA852167B6891CC166C2FA13A0270A22983413E0ACC444BF40E28C45E14E07404F62996369597F10FCC180ECACAD1A6719AB9F1B447AE19A2CB02A7D04206172168C4F0A99BAFA932D6649E894A8F0577B81C66483C5B5CF60AE75A444526A9B3674325FBA38F53296421A785011C1DDB3A6997745DB83CD583C0C4177C797D40A4F699F1F40C5413AC4E42373492B6A2C6A406D437F42570B5E949EF4350DEA790CFEB72D1287517FE3273D3CA65A13CA6E23C57BF07DA04B851CF3AFA18BAF5EF020792857A9E721F01B9FEA7B612E4C6E29079366B0228688BE2A067FBE92842DD280B3C74DFAB761E613A8604C476E15466685C695AC35791A9159942F60170CA214C7C09B1A4B1BCC4F4CC60DF01A101915A9A2BC553119665032DCD9476FBA7BB07157D33C9C8EFA6BD0AC38C1AC265FB51857D01517615326CA0E08650BA6FA40832C7B4C41B644716022B652B1927D55C9B37FE25F1AB67A9A03C7008C84B07C4926B6381E40CFD441041235187416CEC366CA6FB76FA0AB6E328A2641FC47DCD76E91CA9431E19BFF02CE6228C2336382F8A10E9EE2C8F1759390A20024A15B3B090C1390CA0343797284246BD8943507B7A6B71FC33A03B7A88366E4AFED515739E5C69F8A266E4A1F53D73930E9875569312B27037E5C7F852100C2BA3648B1B9C1B149F6250E0A6B065213134F302569755B8C5C4FFC680BF7811845340035F170B068BA67A4C3B0166D03CC8261840190A20F9A3B1EF465C2F2182DA8DA8D3B3C8CB12915F7D93E04D8840C3567255A7BD6D433CF1068D88452CFC11F991B7CE37927D6CAAE8810742F42148B896EC4EBB5340386315B2C1E2B43915C04549CC8C19AB40E3B7C311B426110A9BBB18D3B992A42C0189290BE673A397C4090443B88C5D5C565A10FEA05603D36244A4AA8E9255CF184AE69535A8399C1C6F76CF2342ADFEA6A447BB4501B9A6C44593EB043E7A5502F586CF3407DEB7A0FC32B3F46F1245C5596E0F1BED937207C4509E1D8985BE745FD69BF448092433028BE2595903311479586A34B2D49107410BC4BD2965317FC76352B638DF3B3A315325026809E3BC4608C0B2CB84DF0C95BC052707FC1A377B2B465EB7A5D644AB4278DDCE5B61E2BB3A71052555CB3BAC693EF025FF00353FB76945B8AA3E9950F9273818791CCAD56884658142A2B4DF3C57ECA13AD44B49B6346C63EE89078589E9EB9A9804A03BF7A276F86B9676C58D3E71D2C8770804A61592178B449C7955BBE8CF42F316725E3B16D55B527CFB232681B21B2CB2F30AC76015BB5416A0411C1745892412E683A98D736ED1A4CD980617D0821C2AB0282070A611A11D19701FBD55A2127B324E6901D84986C0464DE7120AF4510AF591DD9BB79479C5FA88714C6A99714F76A1E402C8F384A4EE6BCD41500724CC1793ABFD8D3C2F320397134B00F762DBA85A23AF155E6CC037380C1DD64A973DB35B74470448B24212062764787E5A93A48807171A7715CFC89BCBC9E141886F807A1F9D684C8426F0122887D9C4C27EA69CC151B4D49B51E5A4EAAA5AD06ABA86DF942E986A5D5792080FC480396B3948668FB382CC8FC154748CB30B7641F0270C83438B4FC3D1901265880405177BC7F44788251ABC474273531212A66279E70337A2309FDF49E059BBDAF4973A5377A4D517BA755702C37CC355685404C952FB67E0419C78D1584D0949254D04952F7243BF1402803C9FC737325881378CA77EEF5C415FB037D689A5854A1D24B6527A59B9B16959384358C423C79645CCF3133E21B4B64957B14F63F2AA26357B1C262F2A90F7CCC2A15936999B0A1B498AB3B32433032C9CA23081C55D31CAD36E90C1CE0B5FC247CE8C843F2883524B664FAC1B20BE602A10AAF65738680BB10254426F9CB09A1954DB7655622308FAEF505ACB497554A8FCFA96A85255AD846542013B8415951BDD45C01931EBE583E70E13F301517B5A40D70361F6309416067646D2B7136626BCCCC170C66CED490C735344B6277097CA914212A292DD122FBB69FDECA47FAB4532B8C80CEB77F9C543E0BF1536D1C0CAE077E2CA7862B45A410469CC5B706BAE0051CB2961DB7270B75B711698D2B807040D5628129436FBB58F1203F75561465F54257E44D33F512D633431D00A2FB0230C9BB9CDDFC83BD65C97445302186A17223AD21332803B909E5E5671970BBB0F1C4837BB84273BA675AC074C5290B411C2500657059339DE392F9CA308952A2201A588767ADC035BDF33024EA3B9A83C5A0B9C5425D14070C81AADA26BAC3FBB8D4B7CFEE0392375C68427351DFEC63609BBB50B463E04092857009D1E5B81D707D14B833CD4A0B551BAA13EC488A1503B0467EE4023C3FE032C78225063886E2468E00F700072A2EC8DA6AFB206C91904433BBCCB0E76F42468C40EB5F59CB9AE1B035E521510BF216A1ABCB19033B7A658897C65874D5135183149F979E553CCFBFA3900CDA6F01960B75157F5453AA6E73B3ED902F7D7C9305971BDF722E2937169A1BC0FAEB6C92F7150D2330877C5DC5249AAE20302634C5C5B23053521028122542F485A0EAC869223720633651F5B247C662B31A10538CA7491B1437AA74F4282D12974D9C934DF214785B6418468B92E52528C8447A1CA422FA6CC88E28B059F04B23597323F72F3E2336F87C47905CBA655BB73FC32E18D4B78705C782EBCB43E2785C82C5AF24B0E1699CFBC0257475799A539B11A50F4DF2B7FAA20BD8827515CA370F89C0D4C60902F6567CD60B0860A55BC8572C436C246AC276644E7D602AA57C0166201814991C1BD75C7C47C348B67D77613386908144EA83FF721F9A50076C510164D18E05D05D9884C44146A07CCACF890498ED1A19B2A15431729DC1F12B7EA10F9F928062D1454B4B9F68E59990290BE3728B3289569363AB1005131B2381A08CC2BF943E95D5B21BC6AABC2273348BC72BD093B7B5617AE87F602BB989E6AFC44B81512076A3A876E0E25F9762B462081985502F26B287A2936D5B1ACFFCEC4EEE77A9CBA980EB9B5FDE75539F650904677DBE29AB8BB918A3494803ECA59A2C32E5B5C83B0B80B1102CD7D9482B459B6B74491EC30C4BE77C2B524AF7B3AD1F71341DF0A76F255C2903C88208079379930A9513F390126E732A2BB094BFA6BF0A432BCD657DAFCB25C8BB15E0955D099B74FF1A4DE6559CD6797C38C48C1134CA2C979243F3152AF4BBE4D7A6BC09872133920CD23B3EF9848CCC6845D647B5387557736513D58560845192F9265159932E572A88C44E6566760C061C67FCB5BF210095E214DA745357E36996D8C066311BBC761A1FD25273D21EAB50010563CD6468A4EA836B6D64BD2BD76DBE3582D5736A605A5509FC28789B56B884AE9A60415F55674BE601576C7CEE58143BF054806ABCB345A256CBC454E343F3CC7ADE65562FD29EB259737BB3CF9649BDEA283FB07265677C9808D13119C0A2ADF745DE6975F4562CD61557B3965D2B072F000AA7E0A357E1253EAFEA7FDFCC92FA87630DD2276CE42E820B69D1FC2E47D5C498A55B3B29C34E64903D047AB1C04024958F701195F5D13EC6706B8448503A549922A58A24B67C93632756B77D225407316171DEEC56714435CF94CCF4599E00D10E569622BADA820C452F2542ADF08765CA93AE38EB025DE31CFF7974549A7825A831DD054E87B84C5F2547FF47B46F88C99F1548E933A6F4D87F1A4A1B00E39E02D60E51EB603C1C0D807ACDAB08BAA2B99869B75CA2C4B96368B51780BD1EC75B110B9FA66556876C5F48797D090138F754AE30533D36AA44B9B1702A6A8A56626BF0451A37A7AC1A337076E51E0A6B0300C2C790A4437EA28D7EC98C419B37D6AA970417435F91BEDC2B1F4BC8158A51B1F471516FE824287C896B891B49F254DD36359B89C824EB3F6248027FBBAD4CF29118CB50EBB625A37C537A0223F0EB7085B5C7EC607570DB9185D59902BC26C654A2804C0D946793D8A21482AC4F05E9016260331DCC58BC66AF3CA7585440216AA0263B2A725E080F6F9C5B6A9C9DA29355189B4B95B137D1225F252AC797B0646CAC52164B5972A99265D347FC7C3591D15FFE681C06D438CCEB60BB6310B7953289720E2C728730052337ACA7C8521AB44F1E2A049B83E0774C96CD8C876FA675D0923977271BE6E832F2498CA5A3431F40D3187B1ED965FDD6693B37F6EB408A99977AE496447AF65022E0A472ED6388638EA29D82DA68B4CF9FFDF2B67CD708EA5A370C6A7C -encaps_c: 8D4E2CB39FFDE4311AEEDB2338BF58CE11FADABDC9813A321930F46756DD13A8E7919FAC4F59CC9F8B91C833B3B3F91ADC6F9FBDBDE2F7DAE8841BE5238B9850A5EEBE675DDEF42A9314F690595D51523E8117F22266034F09B77D991EE575802AFE446374EB3D9E1BEB8F25049C6EFA96327366C024CDFBE8DC27EF56492C90409E87139C6088488E17B82D1556C25131ACEE7DAFFE2D437CEC3441BBBBAB80C4BF177E653AE0831C9B4CEB70505727D63C4D474FEDC52019BE411C9A43B87170F5893F06ECD8D782063DF893A1B682246D1C64F8F5A8C6FCDF07927F4D5B7A397FBCBD075045DF2C4A36F5304C95F44AF927AE9166420B39448794F5B3C35227C3C9DF925602A1AC98F851AADB65C93FDD6327AED8AE4129724436A33AA08AA56608855FF80AAA42ACA4562B2D78DBBD2F91AEF251566B8C6F98213784C99DD7D71F495564C908501E35E3BFBB675CCB66635287CB6466E6E38EA8AB11CE7EC60BED8620B3DCD6943D1279A41F93A87FA359E513C81DE918DA88322B1B088140E074BE39BC17E3C51AB719DF6E426D64FF94B8662B9DD26A32A3C3687BF9294C537A2268F9DED380CC8A0F1127EE5A322B4DF24D87FBCE76F560B037C659B6FB15C156071AEDC26EF11140DE88D08D463EA0EAF080A0B2E627D9FF1D56C502335524269727A032DACD16543ADA8342CD6CB40E7228592C3574D982E0B9145EB865DB2EE7810726A916B837CA4F14C2CB9E951BDE76BE16B8B1CDC2EECDC06949B8BEB11786B8F25F4C9AFA5597CEB1D85FC9B9C91DC61966F396091E54C96C97A4300E99FD9F752C0BEF5D88CAFBDCB3993FCF6C7A8C5519FCECB6A79117E9B521680197D8A91AB75F1814DBC58075EF4F07987ABC56A75DA4416EDB9D6F3D771AD340D5CBCFC0E571FA70AAC1C7DBBB5F5C5E1D8B1036F5A6FCFD0625AB5BBDA571839C5835DD6979778F59D348684FA6CFC2A62535B47FAD7F97B5218872D52DCACE9D3C1B11628D352AD821900F44E14B647F6BFA70F646B5C7AF5313177A10954944229153A449FCF89A6263BDBF8556E981E5D6251340F9F43C6692030FB9605BB99F33E96F06D1E4E6ABBE65E14696D530F1B525FFF87D54C1AC2F5E964D46EE37F4045B54E6098F76B28EAF69E998888D25E021A538FD1956A7FC30AE83F8BA9947F864FD59731A6FBB402AF2990E1ED2D56BF62AA6CEAE6F769D2D0C6C313D7AAF974E69DC02CC4318B9457B8CC40656AB7B6134DE3F9801CE019699CE855EBE9C6C02FD08506F004A4EED2CA166C954C7DB8810700CA671EF372A290B00E1BFBB97E3E674D3DCCC57CE59F465B1488FF76F6239008BE3E761EF9C113DF0107B8EEAE3FEBA55B35E4C1DA3B6C87A8D20110E1CD771CCBC30DFF761E603D488E55B853AAE7DAADF2A007B8393DF08AF534F9F53A73757BABE21C86426CF058ECA817EF237BFC58AC298FBF2A1481C4D12DCF1B737FD639769A2531EF931A362A44456EE2CA48598B46259FCC977076C59FA4E2954E9967DA45DA7CBF78633EC59C463FE48A83B801A54DB3FEAB445A357E418B0653F2940B2B71381B2DF9ECF8100848E2912F4BD503AF075AAAF36C136A413C95BE2F25A6D291976CD66A27643537E35E1DF89B1E494B36B08F3D0196CD7E90BA5BB21009F37A843199E08DD95CA4948C533CB263B5D405AF2FA119981A8536EB71C88226C41534C2687BF1EED3475E8488BDE909A93D4DB55B6E834B5E7860AA98FD8BCB13AB077B7BFD75B35FA393E93E3BFB4B9BA1DAA7465FD5B23A5B4CD1716D4BDF7B8D5574B156DB87D8DE1E526C97F8EB287BD97EEEEEF074DBCB2C4DB51A4EFF1FA7FFF328A572D7270017108ACE2ED25093DA535C7A26D3B912AA57FB322E53BB222E94E7CF68CD8A21AD7C06A4AF978ED1DEB10E3F2412AC6543C182068EFFBD87F31765F5AE681EE8B2E9AEB5BC940A94EC0EEF5BEF74874169EABECF1512565C51EA58721DD3AF1690365DB22E1877F2A5C01723F69B7725277AE4E9EFACD3AFA5ADCAF385777E7CE10F956B4642C6FC1C97808993EFD994CA65C75F459AC5872F82488C57FB7AF9AB969D5E369C16D0B2BF7800B938D6784C7F64D0C55CA7794654938949E14217055D34101F9417D370A8ADD72FC0B5766EC1D8ADDD702334A2AC27709C5AC5AE5601DBA952BE258D9336DF3E0F65878A858613258FB5E47941B diff --git a/tests/PQC_Intermediate_Values/ML-KEM-512.txt b/tests/PQC_Intermediate_Values/ML-KEM-512.txt deleted file mode 100644 index 08b8715f0f..0000000000 --- a/tests/PQC_Intermediate_Values/ML-KEM-512.txt +++ /dev/null @@ -1,12 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -keygen_z: CD119AFDC8559442424A87C13EA101E29FCA11881869077E4092E751BEDCA8BC -keygen_d: CD119AFDC8559442424A87C13EA101E29FCA11881869077E4092E751BEDCA8BC -encaps_m: 109A248FE8052F84271FF57BAC156B1BA6A509CDCDBCC96CCDB1CCB85CA49315 -encaps_ek: A5409718CB72F2438A3555A3C8F18F2671A1F81403DF7B5A4659A51F50827BA6577AA70800D78D8BC5AA86B89E08B58F3480A89E104DC6922EDBC12D06F891027C654E994A22F91A2AF63404CA98D7B67EEA25911B24C70DEB8146A0821F34A302551F2D510C0588C8BCA74EB4DC0CFA4603C1C5A3C5537061789068682C4CC3143FBA9BB5542F9778BDF23B3652F2A7524756FA73909DDAC7E532522659218CBA25F33B6B0458CB03DA7935BA59111955312B15CCE2C0F73466A8006283A2AA7CBB61022ABBC2D19F2920BC302472DC97C4A1788C9BD3BBEDC9122B827B279C074C80443141119F4B1629F62F10D4CE2BE3BB343816CAD16A1C87582F2B70E26635B08BB390C13398FCCDA7E9BB3D9B0B7803750C955C57A028A5D26C270316BB2B815C3B972BA6782DAB02F306821E61285BB072BF79781CABC386142A50C7AAAE66A947585BB0D8288DBCAF4B3B85BB7926987BAF7643AAB5FB02210580A0264352E69C6098989CFB87483395960A3A4F31BEFDA80B5F286ECFDAA555D4390AF6B55D313920929093449CD6729D00218E2D86570ADC0C4F6545FFB5632EFB3AAE2625A6982670FACE8D16126FA607E6D0A1FF616A46ECA642CC6AAC554DBBC43DFCF57F364C190CEA5776C1CEB58B7007505FD79C5F005A4BA218CF0693B058B510A4CA204324602F59BB8F2281C4D7B0BC8625E7881650F57C89E32CF4809144775C9073B673E39412A27C914321CCB6A7CF7C37C5BCBE7CA51BE0C928466A458EB778D6466A892A0ACBC09638784A27739C970CA58BC2595AD6BFA4E52EB438AC97C41623802248E110B074838F31A6E7503737704E7AE4AD91299572A8C13603500F3609B625B4E24CAE332B0D7A5BB47A038512A081BC27CDF0F2923CD3479F5307020B77F149584564060E5083CED55312B6A6A465A82B4577D63A4B49C80B07A9367E39778AF76FA8EC2CF528722856CE7813401A8383BDB7151B9B6D2DD6BFF55401D28AC612818C88C9287347B098A966EB9C0A2DB71F0A75555E1757D3AC4E3D802C8DC6A261521255186ABB98C2480301B8C6B31228B54461BC44EA3C2CF94B86C7A5B82C55167A7606CA9DC8253B7604E44A07F3ED55CD5B5E -encaps_K: 4DDD304E274899BD82971856824B587130927952060121858F9ADEB96AB7F571 -decaps_dk: 174313EFA93520E28A7076C888096E02B0BDD86830497B61FDEAB6209C6CF71C625C4680775C3477581C427A6FE1B0356EAB048BCA434F83B542C8B860010696A57299BB262268891FFC72142CA1A866185CA82D05406695BA57D4C930F9C17D6223523CF5A4F2A433A364459AC0ACDE7254481329288B1BE187CC25219F48C2443C532199859355320D04F0B80DE969F169A3D2BA3411B4ADBC01B66271824CD9543C78BA4804AE81F3AF00336C5CC3698354C0E01873A2A17D6A95A312689A99DC89084150A8D52BB31C3FF3D4215FA3C4111B401992866E513E5128A20ED95FDEE61485DC937E099D76F79B92734DC4CBB9A7A413FEA6285BC0C27C961E47D1983644C4BF913D72F4B030D34738427263E87AB4C0B7DF0B72CA8AA0BAA67B079939D587801D60C87A20405E5C52603C072FDB63E2E1C2A95CC26F5ABEF6088333800886D093CA01A76F57005E053569542E0A076B98736D4D39B00FC1653FBC2D12EA32A94B9B92C68BA4B68A4E7B370A23B03FE8221639B01244806C27067A58031DB80D2D03661A017BB46BB3711ACB568A4FABEBAFC5FA06F7CA0E4D962E3170CB11C0A8D18A09CE27A6A9763E123885450224DE07CC17546C17951FDE476E083583EF10BF76A98AFFF9B12DB5401CD3673495392D741291C3AA78420C8A7CB5FFE65012997C4DA4322EA90B5014B5B4D0180100247047341E4C24B96B8D7C0020524B7C1D66C3E08CB299EB4EC6FA0EE8EA05FD430F57605E892B232D2047CA9B4ECAD9BDD09C9951196916525D1EC921B6E3CE0EE692EBA728B4DB10F3381FBF584ABB7B6A9210C7C424CE4A369370CB48D608634ABA0BFF91C5620A1189D0CA97421D423429FB663952DC1231B4362B7162FE3A42111C91D76A964CB4154194209EDBAA1F481BD126C325D15678E39BCCE4C704EA487246648A6C6C2540B5F680A35EE2824246450A7293F21A90CFD14EFAF78FA3D7322251C641A50E95BB5EC5CA0B60E89D7C18B7A44A0FAFB4BCADE9B588D1B7FCF12BA1E1084D56B197EA90A79A3D83927A2307603BC211C0830CB7062C04254824575B226CAD9A27C2A45519AE39546467690485498A320AD56993B15A9D22C6191446CB40AA7547401681DCC7E36596B10C07FA2A20B43C4B0124401F8A0E744878C7296623C7395B6994D18C4787A289DBB05CB1827451D83F072904537594F515CA1017991620A33E096EE0DC091AE4CA960603B101B5B4E23E9A5B65E1F6C2A8CC89341383B706725ED5B3485769181B8F76439C05636A0C3436FFBA8B86A5306FA111F6FC71EB779B25707CFAE0A6DA7B0AD5D94B10F21E4FCA92893B9FFE73210763401377837A10CA9625346C42ADC705BD92DB3426D926CE4B5EC24A5CDF27CB91E5A7E7164D1BDC99D75679FBC93A58F647DAC1086CE931BC089233E9487E0867BC58472B01BF2895C323B64DBE4A17A9E841B053CADB5C76D035724C321BBC13666F0A35DFDA0721E8987623256A994D95FA1C05F57C1E15A30C4A0C8318A0D83C410C362862E817DD6ABBAA4BBE75B736CCCBB4AF2A188402BD4CE597932008862865332562F324C7A424151FB59D0AE1821F2864C7E698127AAD92C33B313988C29A09E260449BCA7BEE360862314E47519EF3918DDDE403E7B92AC9908F93C6369CC5C47B8CB1DC3A3479C762F62A18FE05A9B0645A5311A01828723AEB51FA505E96B29E3D2B6E5B1327DE3A61AB0C50BE0124B64B33314B32D6122510E46445857AA0E2C4B0D256955620A8681D1E555126D00509E35BF59683DDAA40E82C519B855852C366CB54452BF910B001692330345708653F511800B10E009D9F7D10A53B8B30BF13B06F254EC8A6BA539700F6358DE0463A019540C9873F3F4680E2113A7CCC55FF754D85AA67E9E55F887424E0B2625682A5DDA218F03C3C10A246CDB0CC91D19D8F024DB9B1415F50ACD8F65DE2787B9103C575B687765572CFFA59026C2BCEE77423BCAFD3054BF8E2713FB85B0BF6A46E716152F5C9A3011EC90114C76B01516799BD5911415B704544077F188806755EEC4131E55556DB903F4284C1F90086FF431B68F51F629812F320B55F219D72A1928F38C9A1EC823BA198BA9ABBACF62902B3CA0AFC95EA8AC303FB8BDD29BB9D18A03BA44E58B1B0B85A2A1662E6A31DA7545511A478A18177889061EF76631264239ADEBD04A8C52B72E2B1F3A2DFBBD8C054E70CC2A742E7B7D417DFED314422187DE1B2954481195755EC04BB7671C4331446BBE8952514905321A2176E935B5420C0D5EA4465 -decaps_cdecaps_KPrime: 224B9C051213EF46549243796532282973FA7CF97E8913C339C1940AC17E05E0 -keygen_ek: C65A1D9D479777E6905A91A5CB24551C8B1E52A3C77B63313FFC8B5817815259A6ADB59645DC4BB1436D51E62A096834AF43772510C4EDF34CDE0A5B57C145E687CB87162F001C21C9E1934AC11AAFA70FF810732650B32A3018A7C50CD736796222C8AB821A9283BE1CC204C3F1630D3CCCDB0A9A3D17552B9158C0664E5D6A04B0FA36DE45862A46A39EC597AE42C311C4AC224A72D6F253BB5235F7A2B8B0F24D1376AF588746F3BB8E0365078761CAB983A4A6A940A3D997047A8F36A731E8965236C37BF200082F821DCA7716C444A90BEC53074BBA58C132BFB9A2ACE2CEC9AA658EAC1232CCCA3C817A92C1195C05C0E1D6639FD2ADE531607D488B74A747CFF47FCA5C8B2163CA03C545ED103278430C60B2381A09427FD130F859BF5DB776DA095DCA5804FA63B0D7D87FA9415C72FB51872A989F466C984BC74C29B8632019CA040C9CA35E22608DAA70357AE2C3AD83631FAA174E0ACDF5DBBF3CF68A05B6543AB6268E1A51B0932C17B00A1371B2DAB241F92A43FFB456D0A8C8860A8E28A61A21307CC0456DA4242905CB1D3D0BBD81BB8EE274A43C76C310019515FCC140467C33370C86808ECAA58E3BA93A2C1190461C1DFA11302001BBAB4CB1E3642EF8CB26309B60523BC21887B07F898CE562A6CA778EA01505851378CEA8BB7FC09D11961B6C596F93542A9904864EB10CD0A703DBA98921861A87B056525C71A843553E6400777437C95CCC8085CC0C477D665A4479019D4CD442F74A3CD8169F4262B8271B5D5A67C8C1611AAE7B3D0534C0859716FDF0BB68949094C06A1B73C9AA1CBDF331543DE002A8C06F94E8810A5CB373832745D720683B574875A666946D0296893F2B59E907488D8C8489D474D929A05A573ED667490371A46D4556CBB68AAA79CC3EC6653413576C228E379A14CB90B7B7591B19A7BD37A1C4D37859892219442BB0B9B9BA67BA3BC0D095C8803CEBE97AFF0B1C153578A130CD8157CF745946C2F5726D9C11273575505291346528EE0BAC047CC984538B97BBABFCC357DCB8A98FB857C9C52D1B786749CA61892B09759980520091B9B477C70E6C46586B1CCEBE87BCF6DF03C2B27CB09FA03F63160958383BE636 -keygen_dk: 37EC477E217BFB40384C850E51C1837158BDBC23A31832BC25C91B3121444AD4533733BAFF07CA817B64B2CA4299AA26454CBAFB35B6ABE1185CB47C4CD61AF98383C4814B20AB8754FC514F23074114C3E5A810A453B855AA7F1310C74B0B01E5AAB2E871738FAC2786C7A05D6B3B32A050D0FB223956C95CA0C2C1D54154A77BD33737A49A0065D1424A2ABAFD52AA934C9804939208F05CCF8B8B8086316E0943A08710500C918A2B218D37B85AE28022CB0134FB49F5C45D98D3C04B755A60880422668E2B301B18D5194DE991B265BF94697E6A4B8150C8B852033915635E30665BDA2191DAA505D43344FD29C9FCC1C507691D475B617C948FCC84B1B08A1C638C3E13580CE359789A9860E5469CC754B08EE33F0921BDEF15A906969F2DC57A25E80CE4C45F11E04A519AB08B9B927C3A13A081CFFA110FACCC5E8DC29495978B5553104D473A175918AD5B5487BBA69712AE93F615C60A8D387BCE3F651E56880A522B2DB86351CAB65D13B4693DB0B2C80936FAD1CE67925E6BB7C110C43E83247D22608D8C1023431CB69290A4F8A9593BF1241D737C0CD16D75EB50C6842CE0A21DCE494036824CE63252E9325F05B734452B129132B196084A3788BBB1F20A37D2C2B3F90E0DD7A274C9B1A9F02EC7E721F4A43D409A25FBC99A44D4763107C787620941761ED48C932924BA620986CF277A23471C7B13333D936C0DD49E0FF34CA3AB8234C42AEBE459C612052B9716E96B20BEC718126040A9091F6BA9445F45806AEB6E3816710F7CBFED1101461284DD962B7B12047C0A0A906A0589B4A9A426469BDA3946091A375B1952A91C231C0FE6B57F7CC97EFED0BC1001367823BE1886308B3A21452B7E455066719CCCEAF6A726FC22BC8399F54BBFCAF7CA63BA73173C7AA8619A3F485C3E330421006766746F4EF6653E440E5CDC59534018C352C023584CBB374EB7A9B7836832BE53AF272A069755CE2FF29CD8B394C52422B3470E27415F41B397535959F160003B452CF49697B7A53689852BBE6CCFDFB40B48E9328DE11522D0A431B115A5C0C2F4307D9862C0DD1B40C65A1D9D479777E6905A91A5CB24551C8B1E52A3C77B63313FFC8B5817815259A6ADB59645DC4BB1436D51E62A096834AF43772510C4EDF34CDE0A5B57C145E687CB87162F001C21C9E1934AC11AAFA70FF810732650B32A3018A7C50CD736796222C8AB821A9283BE1CC204C3F1630D3CCCDB0A9A3D17552B9158C0664E5D6A04B0FA36DE45862A46A39EC597AE42C311C4AC224A72D6F253BB5235F7A2B8B0F24D1376AF588746F3BB8E0365078761CAB983A4A6A940A3D997047A8F36A731E8965236C37BF200082F821DCA7716C444A90BEC53074BBA58C132BFB9A2ACE2CEC9AA658EAC1232CCCA3C817A92C1195C05C0E1D6639FD2ADE531607D488B74A747CFF47FCA5C8B2163CA03C545ED103278430C60B2381A09427FD130F859BF5DB776DA095DCA5804FA63B0D7D87FA9415C72FB51872A989F466C984BC74C29B8632019CA040C9CA35E22608DAA70357AE2C3AD83631FAA174E0ACDF5DBBF3CF68A05B6543AB6268E1A51B0932C17B00A1371B2DAB241F92A43FFB456D0A8C8860A8E28A61A21307CC0456DA4242905CB1D3D0BBD81BB8EE274A43C76C310019515FCC140467C33370C86808ECAA58E3BA93A2C1190461C1DFA11302001BBAB4CB1E3642EF8CB26309B60523BC21887B07F898CE562A6CA778EA01505851378CEA8BB7FC09D11961B6C596F93542A9904864EB10CD0A703DBA98921861A87B056525C71A843553E6400777437C95CCC8085CC0C477D665A4479019D4CD442F74A3CD8169F4262B8271B5D5A67C8C1611AAE7B3D0534C0859716FDF0BB68949094C06A1B73C9AA1CBDF331543DE002A8C06F94E8810A5CB373832745D720683B574875A666946D0296893F2B59E907488D8C8489D474D929A05A573ED667490371A46D4556CBB68AAA79CC3EC6653413576C228E379A14CB90B7B7591B19A7BD37A1C4D37859892219442BB0B9B9BA67BA3BC0D095C8803CEBE97AFF0B1C153578A130CD8157CF745946C2F5726D9C11273575505291346528EE0BAC047CC984538B97BBABFCC357DCB8A98FB857C9C52D1B786749CA61892B09759980520091B9B477C70E6C46586B1CCEBE87BCF6DF03C2B27CB09FA03F63160958383BE636C0ECC8DDAE8B594A14037868BEC0B22300DEFDFAA1D973AC5CEC84AE4386B8FBCD119AFDC8559442424A87C13EA101E29FCA11881869077E4092E751BEDCA8BC -encaps_c: 597A06DEB88172BA8D7CDE8D82CAA234B8112AF8A72F1AB4CEA1EFCB2D868D53D212E303B70E7E521AB0F4B5DB4F51159248BFB275361BEF883752C78B8D4712275385536A4B0A96E3C23EA6C17EA92B602616E5821E5753A4736C4039C20C923CCECB579805587C0CE72218BB1AB12452F8E154CB8643328142F9B340A641C6F295E5ECF2E048BC7FC79BC5B94277C868D8E536B50425809DCFA024A3905CBA550AD3BB52B459AC38FABC9BC00EBA03EC0906725B4FE4E976F174320047B31D15891365BA482388F0FB973B85224FB00BA865AFAB3C9A1B7D489F7B982D0BD470EF948ECB5B3920AF89035960123B1F8630D763681BFD671567EFBB1E6276AA4FB2DFA9C3948DB7F083F28383B77BC514AF9D68D22E2487C20163C02B0BBF23BBCE0650F84FF8CE02C74E9E11D6F30EC5FA8A012ADC3B89627C7DE855C1FBBEB5DCDE84D05E36C5566E5551B58750A411642639B27864F7E005978FFE256B757D13DA663FC3BB0794A27CF7585D12F22D953B285459FDC9BCDFCDCCB7BF3E4E362D2891D583855F5D9487E6FB217E2E45EE0BD9AFC289F4D564581209A3ACA31795A124BD1BBAEA846755C8EA7810EAA73060E86FB5FDF3FBE72F806BB1BFBFBAC0C7B16BFE74250277ECF5F541571B8A975050917FDF781FEA17B585E3C6DBFE77B1E48A16504C3A38901156100CAFEC2ED939AE9A9EDFC9C0F8C7F55CC93E5DDD0B3DE1C6EDAE2B7EE34C6101F011B5904F693D286356B54C86CE8BCFEA9DBFEC21C1EF0ECC9105005BAA377D829DCA2CBF5EA5F31B71D446B833E00619819D7FC6024052499757A2765F19CD2B36C2488599DC5247494FABE81EEBEFD3BE75C4780E43A50418C5DB2FF359C5A6DE286EF5951E2709486EDC9CC49D0724ECA3F2C0B75F8A36CE862388F00B3C593D1C8C6AC45D73A72FF6B4F805B131ED4EAF5601D7B73B0E3724E75D58DD50F5871C54A37C1481331759F4BE86FB58A2EE003130F66E187C8BA5015BE713296589ACAFBF6596897E03D4920C91F26333B7BF1798AF815C93D4DF55BD47A08249BF113063FBB39503E9B6D43EAC7B0C305A diff --git a/tests/PQC_Intermediate_Values/ML-KEM-768.txt b/tests/PQC_Intermediate_Values/ML-KEM-768.txt deleted file mode 100644 index 09cbbeb55f..0000000000 --- a/tests/PQC_Intermediate_Values/ML-KEM-768.txt +++ /dev/null @@ -1,12 +0,0 @@ -Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -keygen_z: 92AC7D1F83BAFAE6EE86FE00F95D813375772434860F5FF7D54FFC37399BC4CC -keygen_d: 92AC7D1F83BAFAE6EE86FE00F95D813375772434860F5FF7D54FFC37399BC4CC -encaps_m: 40BE9DCAC16E9CA73D49D0C83F9D3D89BB71574A4219A0F393DFECE2988394C4 -encaps_ek: 1456A2EE8C3556054ABC79B4882C3190E5CA726AB402E5B09728C0F4F79C9FC2ADD828ABE432B1501B60F46CCBC86A3378C34895708A13671B20B389479AAA01C69D6B3B7D07D1C3AB54B91C580F5A336B30069A4F134FFD3764CE73A047E2844771742BF4710B972D4F6590A1C53A975368C271B670F1A4036441054A66E8815997512288552FD7149FFB705AAE133F8414060D0092FA8A1627D78AB2ABC6696288BAF5C60EF370827A7EFA72AE5C6741A5DA043D5940F121485372A98F472D60F05F74D95F01A1991E73A3E0A9536467A4738AB4CF385BA772827EB8CC058B3572E40B598444C181C7F6D9B760A7B907092E9C3351EA234E4449BD9B61A134654E2DA191FF0793961569D3594448BBC2586999A6671EFCA957F3A6699A4A1B2F4707ABA0B2DB20114FE68A4E2815AF3AAC4B8C6BE5648C50CC35C27C57288028D361708D302EEBB860BEE691F656A2550CB321E9293D7516C599817B766BA928B108779A1C8712E74C76841AC58B8C515BF4749BF715984445B2B53063384001E55F68867B1AF46CA70CA8EA74172DB80B5218BDE4F00A0E658DB5A18D94E1427AF7AE358CCEB238772FCC83F10828A4A367D42C4CB6933FDD1C1C7B86AD8B009657A96222D7BA92F527AF877970A83247F47A23FC2285118B57717715204674DA9C94B62BC7838CF87200156B26BA4671159931C49322D80671A0F332EAA2BBF893BE408B9EAC6A505483AA9075BD1368B51F99211F480A9C542A75B5BE08E43ADAF301DD729A85954010E64892A2AA4F15C0BD70B3D856494FF9BA0FE4CE12991CA06B5E3D0B2AF1F797B7A2B760910AE9F833D0D4267A58052C2990F161B886E251711C09D085C3D958B144192C9CC3224A460715B6784EB0B26F237187507D85C5110ACC71CE47198F254553356DAB448C38D243A7C02BE40C908C828D05C081DFAB8FC6B5CFE7D56E7317157DC053B2B3489986B081288871818585E09931095E3274A084115BE276438254A796270A7B4306F08B98D9C2AAECF7065E74446B7C696DBAAF8B4625A10B07827B4A8BABAB09B64AE1C375BB785441F319FB9AC2F14C95FFB252ABBB809C6909CD97706E40691CBA61C9252BD38A04311CA5BB2CA79578347505D0888851E082648BD003BE97C0F8F66759EC96A96A081C6822C4510559537042FC15F069A649B74A10961B354A1F625B04E25B293CF65FB4F53A80CC733D7A175775BF8A9ABB9201620E83A7F3E724D1287DBC44BDD5D85FC71545A927BEEDE537A7768735CC1486C7C3F31104DB67343F435D2D45554BAAC9CDB5822E8422AE8321C78ABE9F261FD4810A79E33E94E63B3341872C92253521997C084FBC060B8B125CCC88AC85AC5FE3168ACB059B3F119C4E050A20732F501BB9B3E687C846B5C2653F8886373E1004A2AB8D1BB970A7E571D8A46EE81B782F26942DD394FDD9A5E4C5631D985528604B1CC976275B6AC8A67CEEC10FFACBBA3D3BB141321DFC3C9231FC96E448B9AB847021E2C8D90C6BCAF2B1240783B62C79DEDC072A5763E660AF2C27C3F0C3C09207CAD990BB41A7BFCEC99F51596A0E83778F85C006AC6D1FE981B4C4BA1CB575A7D07AE2D31BA760095F74BC163841CF8FF77F894ABC6D261ED87A4530363B949C4AD24EFB3A56809478DDA2 -encaps_K: 616E0B753A3B7F40FEF9A389F58F16BFBB04622941D2464BDAE767820DFAC38E -decaps_dk: 3456859BF707E672AC712B7E70F5427574597502B81DE8931C92A9C0D22A8E1773CB87472205A31C32206BA4BCF42259533CB3A19C0200860244A6C3F6921845B0A05850187A4310B3D5223AAAA0C79B9BBCFCCB3F751214EB0CFAC1A29ED8848A5A49BA84BA68E6B6F5057D493105FF38A9F44B4E7F6CBE7D216408F7B48605B270B253B001A5401C0C9127CC185B1B0CF92B99FBA0D95A295F873515520C86321B8C966C837AAB34B2BFFAB2A2A4301B356B26CDC4563802901B4762F284281A382E5F762BEF47B519A81A108657EBE962BE120B5FB3B9ED338CCF47B3A03952A16633F6E6B534E6B63D05706EFA0F94C03A2B856AE551422F9011F2589A41B96A2CD213C6999B09E91FF423CB106A1A920B84B811469497154223987F005C72F8AF388B090C639F8C774FC5A294C74A212C91A86C328AEBEA558AB43F8B873534FA2EF9E66CEF3C52CD471AB78375E745B9D0AA65D2278B9275AE5348B16CF62AC8065734E4BD77B80CCF897605EB76F485AF8A0B466557A83C0292CCF903EE7AA57C3B51AD660189B86139E380425B31A92689DF2431BFA7B69EAB1727451B29DA8B8BF851E1BC2D3A63134CA9663C57AEC6985CEBD56DB0447B136B017A974761C3C67D33772F9964E5434D643504332A3027294A078C599CB29163109CE3B56CE698B4D3F59E2956A1F03A4B955593F2D2457FFAAE9624A0711045B3F55292F20CC9D0CD791A21597B0F2CD980F3510F0B0239022000D735586EE6A73F3A3DCBD6BD1A85C86512ABF3C51CE00A0331F65360462C022329597A81C3F92FC17938C9138F4111387979C28F0334F90119221374DAB045929B49E43A9646A243F4464DAF811AB00630C75961BCD4AF5D99115A3749191BA8FD41CE0B3C89A695B4BB85064FD3AF95C9B4AEE09AC7B0CC69ECA36A004B6CD662A6D32795053EF0A03ADA3B98BFE3B46A79723E3A45AB3C31950669AD77072062CC3B504DF1334FD6909EAC7915F1D5AD16639F5FB564416454259134D565882CB381CBA58B76880767B50AC1B85795D7268433B371230ED4C72F99AB1AD1E595A459CF0A2334AA1463ADE4BDC9249605381857BB98095B41132946CA2457DFAA9149582AA19927B63689E2929AA41027BEF4921970BAD4A55490D91ABE251DEF4552CA88034106A02CE4B058F8B59624B67E063BF178B015E4281EB114A2BC2454943A4B4647122C42CBEA4E94154FD3E4B791F6290B782994206853D67000A633F320A8A374CA5D4038F9CA4244DCB02E9A84E1F7C8A821132B32B9A840557B34780665301724BA2606681D945E34D7CF941B8963CAA1001A491B8B2E43570E9AB95C0A57C503F0AB960B4856D0251574710FE5CB474284FC1049AA2A7B03694A1C763E99DAC6AD0BA8038B138A64432E349116A031E8C792781751BA473CBDF55720005ABDAA13D50182F0E633776BB0675C40472BAD1F9672769183D0CCC810BC25A8573220569F6AC4BAC22A1354D8B36C0580D0E5299E629C506CC7655546FF27810C97B51BA056BBF86ED9CB7C0A537F72D0CF9AD2C231E29EBF553F613CBB15B3721A20077E505FD390CB19F6488A107DEE1CAC58AB7034BA690300219595B3695C1234E8B57E33C8D3A048454A616DF3C9B56A6FF2026AF997725FC95579043BAE9399B6790D637B4FA820B0B2D2CAB607BAF6A372734C31EE0026F3C076D14A8E3EE66AAD8BBBCCEB9DC70C7B6BB0BB76C200C231601CA0873EC8710F4B18D57290B033727C601EDB71C2B0F0C21D553E0E7A4F77716839C7C8448ABB9F66A54E8A4B08A79D9A392CA1270031388BAD56217E32AEF55411974906A245C00712B3CBB1170685193FE25ACD7AC13D32073F3879A5D78375F0052CF79175BAB46D22370597BD06789EDD0711CC4243507A02B4FAADBB62250CC997AE0327AEB00DEB529192A64B1096A86B19674D0B0AF05C4AAE178C2C9A6442E94ED0A56033A11EE42632C0B4AA51D42150790F41062B77253C25BA4DE559761F0A90068389728BC977F70CF7BCCFBD883DF13C79F5F2C34312CB1D5A55D78C1B242096A8C0593CFB2753460BD30ABA306C74173995748385D00B3670E61324D87DE8A14450DC493768777FF0CE6810937A711229561A5EF2BB69861074E00BD93266E4B86269E18EEA2CAACB60A1358636CD7A7CA6BB682130241784B101EA5BFD6C3A07158621614736F6996D5A4E14963A12D836E533A0C8912DB7E11685A4A53D8285F08750DFF66DA27C23B97542DEFB99E470ACD5E647C940CB57301B43CC3E68E64E28B06770695EF609265E06C60F22CB875849E62BAB88CC10ECF622C379CB54F13D8B2BAC902B9AB02BB330B45AC8B741C2647AC45B5BF48A6D3FE039986CC940C60A94E66CF644531016A5272450824314B5662A0A909ABFB46FD27BAED3ABA8259361596882B08B2AC7233930FC3786738ED2F81EE638C45C3B9CFD1951DB5BCC1445C2C1625D57D57B53904B6A1AB681580755E89FA79775A657CD62B4426304BC0C711E2807A2C9E852D4B4359EE6B53E4675F523C90782572DC7368FB400C328C70FC846B5E98A4330BBB627BDD784B4DAF0B1F645944942B4C2B6225C8B31E989545522BA6F10396034CB1CA745977844D570894C611A5608A757416D6DE59963C32798C493EFD2264C231910E9A30090CA7B5384F231B89BA68A238190EF1A2A43CB01703470A0F061A70738944BCD9B7004F24797AECB88B1091CFED0590B0415453C39B6EC45B66305FAEA6B55A4B7967505FE3862A267ADBFE05B9181A06501893391650EAAA4A6D16853349276F98E0F44CD726615C61C16713094D8AB093CAC71F2803E7D39109EF5009C9C2CDAF7B7A6B37A33A49881F4BB5D7245A14C5042280C76A84E63F49D0D619D46D723BAA747A3BA90A6FB637A9A1DC02268FD5C043D18CBA1528AC8E225C1F923D1CC84F2E78E25DC3CCE9353C9DAC2AD726A79F64940801DD5701EFBDCB80A98A25993CD7F80591320B63172718647B976A98A771686F0120A053B0C4474604305890FECAF23475DDCC11BC08A9C5F592ABB1A153DB1B883C0507EB68F78E0A14DEBBFEEC621E10A69B6DAAFAA916B539533E508007C4188CE05C862D101D4DB1DF3C4502B8C8AE1457488A36EAD2665BFACB321760281DB9CA72C7614363404A0A8EABC058A23A346875FA96BB18AC2CCF093B8A855673811CED47CBE1EE81D2CF07E43FC4872090853743108865F02C5612AA87166707EE90FFD5B8021F0AA016E5DBCD91F57B3562D3A2BCFA20A4C03010B8AA144E6482804B474FEC1F5E138BE632A3B9C82483DC6890A13B1E8EE6AF714EC5EFAC3B1976B29DADB605B14D3732B5DE118596516858117E2634C4EA0CC -decaps_c: DFA6B9D72A63B420B89DDE50F7E0D56ECF876BFEF991FCE91C8D286FA6EABAC1730FD87741FE4AD717B282A21E235A55C3757D88D4CE62F414EB77EB9D357EE29D00087BF8110E5BBBC7C90419072EAE044BF7E183D43A94B2632AA14649619B70649521BC19370942EF70F36C34C8C23591EE0CA71A12D279E0F52D39ED0F913F8C262621FB242E680DEB307B0749C6B393A8EF66F8B04AAFA877B951AB93F598B4B2FAB04F88AC803984FF37E3FE74F3A616D5314EB3A826F874F8ECD3A5647D04942A57EFC09638470DC0A9DF40B317571D3984A78CF7D11751090722B3059E07591CC4A2ED9BA0DCE99BE9E5EE5DB8D698CDEB5814759BA977C90079CF2AFDE478069C513A60091A3A5D0111E22DE06CB145C14E22A214CB278C8152B0681BCAFF54D552B54A671C0DFEF775E7C54FEFC4853868C955971ABDAC2A76292CCCD4FD1C706B7D3614159673E9D7B29A2D3F63363129E7A21E803A460F2714E3E25922780AF38257CD1495ACD1E01980638DF58A153DAB07EFB5C7E78ADACF631956D69CCDA070459568BD9D11A2934BCF1643BC99468238910B1F742EBB3C03D39FD45CFB85BA309E29DD9B5CD560819EC729FCAC8B9D725E3E8ABEDE4B5298A8658EE3F781B0CE683CBB7335CD57EFE2204A8F197446D7314CDBF4C5D08CCC41F80857CC9571FBFB906060F7E17C8CEF0F274AFF83E393B15F2F9589A13AF4BC78E16CDDE62361D63B8DC903B70C01A43419CD2052150BD28719F61FF31F4A9BEC4DDBCEC1F8FB2EFBF37DFFFA4C7FECA8CE6D626BFDA16EE708D9206814A2EF988525615D4AC9BE608C4B03ABEE95B32A5DB74A96119A7E159AF99CD98E88EAF09F0D780E7C7E814B8E88B4F4E15FA54995D0ECBAD3EF046A4947F3E8B9E744241489B806FE9401E78BAFC8E882E9D6D0700F720C0024E7DA49061C5D18A62074040ABC0003200ED465231797930A2E2AA501F64862DDA13014A99F9D3270AA907EEB3FDBFF291600DF1F6B39684B11E396B70D86F90492E82B09BA25607B0C286FBC070182AC76FA7C859AAFEA87016AED22C3605A2789A1D439FD8D933342DAB745A3E550E7D77C01A6234BDA7D6BB19D495E6560FCE8396FC3C6E088ED60F5F2771416EA3BE5BE472B6404906C91E71D9A8672F390083655AB7D0EC6EDFE86789CE20BE2EA90CA5CC31416FB24CBAF94DA1468FE696BCDF5247CF117CBE9334076CA6896B2F6A016B1F7C73728807898D8B199756C2B0AA2457E1B4F7754C4576CE5645614EA15C1AE28B094EB217C7A7A41239576CBDA380EE68783432730AD5EBE7F51D6BE7FB02AB37BE0C96AAC9F3C790A18D159E6BABA71EC88C110FD84C336DF630F271CF79328B6C879DF7CDE0F70712220B1FBB9ACB48248D91F0E2B6E3BE40C2B221E626E7E330D9D83CC0668F7308591E14C7D72B841A6F05F3FDC139EECC1536765650B55A9CEC6BBF54CCEC5C3AC9A0E39F48F237BD4C660CB1A8D250BB6C8C010FEC34CC3D91599271C7531330F12A3E44FAFD905D2C6 -decaps_KPrime: BD7256B242F404869D662F80BF677A16C0C6FC1568CCA5B64582A01A6A142D71 -keygen_ek: D2E69A05534A7232C5F1B766E93A5EE2EA1B26E860A3441ADEA91EDB782CABC8A5D011A21BC388E7F486F0B7993079AE3F1A7C85D27D0F492184D59062142B76A43734A90D556A95DC483DD82104ED58CA1571C39685827951434CC1001AA4C813261E4F93028E14CD08F768A454310C3B010C83B74D04A57BB977B3D8BCF3AAA78CA12B78F010D95134928A5E5D96A029B442A41888038B29C2F122B0B6B3AF121AEA29A05553BDF1DB607AFB17001860AF1823BCF03DB3B441DA163A28C523A5FB4669A64234A4BCD1217FF2635BD97680FF938DBCF10E9532A9A79A5B073A9E8DB2123D210FAEA200B664838E80071F2BA254AAC890A46E28EC342D92812B01593071657E7A3A4A75CB3D5279CE88405AC5ADACB2051E022EE0AC9BBFE32DEF98667ED347ADCB3930F3CAD031391B709A4E61B8DD4B3FB741B5BD60BF304015EE7546A24B59EADCA137C7125074726B7686EC551B7BC26BBDB20FC3783534E34EE1F1BC6B77AB49A6667846975778C3C536830450A3FA910259722F3F806E6EB4B9346763FEF0922BC4B6EB3826AFF24EADC6CF6E477C2E055CFB7A90A55C06D0B2A2F5116069E64A5B5078C0577BC8E7900EA71C341C02AD854EA5A01AF2A605CB2068D52438CDDC60B03882CC024D13045F2BA6B0F446AAA5958760617945371FD78C28A40677A6E72F513B9E0667A9BAF446C1BA931BA81834234792A2A2B2B3701F31B7CF467C80F1981141BB457793E1307091C48B5914646A60CE1A301543779D7C3342AD179796C2C440D99DF9D41B52E32625A82AA5F579A9920BFFBA964FA70DB259C85E68C813817B1347BF19814DA5E9364A4645E621923D955C211A55D355C816DA04730AA324085E622B51D6109B49F673ADD00E414755C8024AA0164F24556DED963D61143856CB4FF0567E3320730DBCBF12F66E2B70B20054A6DEA42614B50EF72B156F5149FC263DD7E039C55A3EE9827DF92C565D24C55E0A81C6494695344D948748AFBA9F762C0EA90BB724897902000775613949602C48C78A9440678C24086D326D79643BAF7036C66C7E026AAEFDA2807A60BD7FC91363BB0234A590984AA011F11D40268218A1588377B3D7671B8B99789919B86EE82B18EC22D4E80A1F27853D889419D460DEF7567AA4567969C43048C32B8462A9C9386EB3152A6976AA783CDD1A8C57A9B6BBD837A00624B58B4BA3DBB63BB8200E7BC88881BEBDA925BCA028E291AA1C22539CD04F90090D7F74108C32B8022C1591C881E76304E2408190E20F09A54FC23420E2620E9D87A3108A94FEEA72D5AB7FCFB972E6561B1A7B062F1A682E020AA2562812B296547B917824CDB88C582B5A6890177BC70C91ACAC9ABE290AEB2C34A7E2368955CB456A345368ABE3B91B47FC30B0233A09BA79FB11238AC508CCE61095F854C23204A8D36BFC2C6E05A72AF5244B17C12101E01451570EB110567E850E79C000142441FE4160027545F6290E85451B80234A9406C390B0CEA3C8335D4C6F8550B544C9343E61BA1C8489D1B0399739168AF740A481B0F5C3372530CA06B508ECE838AB78BEE1E597A9B14F6AEC7A3BD1AA8D10BAC23B9802902CD529AB6EF54DB3110CFB561E7E6948E65281250416C349C8100B3B4D3D0F62ACAD8D161175B134F7564937CD -keygen_dk: 19D74AD5472A8B2BAAD2A56702C9B3B5510EF3924858061D57F90DD9A1A01FEC2F57C51A888805341B617C515539597750835C3ED7A033B039D72491332C5DF4A69B6DF26171877AD1E50AC50100BE4728786685DA7A739E843FF0D45922D7281E210D5E82B944652F4862CFB3D902DE60AFD0A164471B26144A1D7A38096503095911762EBA7962C4511D05A128F2781ECB3D1F5BB1244237611ABAB924991F8A2732E27032357920F197C7692D60A9444472258CB457C1B71B77995469F3A962F3ABA6699614FCCCEA741E21C600C4357BBFAB452927C3D441BF8ED73152F75C08F540E186ACCA3326F422C84B988D77E61AE61859CF8541F89209E4983040C5617654808852B649B899A399AEC2C8BBA8A542F345ABF2813F65E9A791D32CC2D76026FB8D0C94B657489ABB487DA4A2C0E3868D3CF47F1CBB2FA79C53CFF6264777C09B177C91315484D2B30B0CA21F55ADD23C57E1911C3F086BCAD21798486EB47B7C58577381C09F5252582D1B27A7D5B8E060CE78209CC82BAE4DA606800C8DB1268F7AD2B793A44F34612CCEA31CE7D796A65A2691D61500625F83E7BE57077EE9C1B8C1CAA137CC4B6573308C19668B24B01E966903ABBCB79B67BE0A3E3E058AADA189B9EA80359AC26F4C5C53735FE4FC35247337760CCA3529B8D266BB6C48010654CDBC5A3E9757524675ABC413130CC2701F28933EABB8392B0D6D059CFC3A30326C4FCC810B37A4748C1C53928A4913E48B186697162C33FFFB06DD5161C8639DB195C6CA64829B2B3A2E4C9683B66DF7FB1909904E00020DBA134E02A168D76AC076BB77D4DC8496B4BBE7B4690BA29B62A91ABE72BEF323A44C8903E482B60D99BA61D1BBCF9CB9673534C1D647662374EE2C7C5F0081BAD149F44206717684D9746B2048633AF7A68C6865FB590358D8CF821458369B0C31EB597CF5BE78EB480EA04E35FACC380372C8C0A04DE276B1A72121E596CBB25EF7536AD3804184A87BDFB5A769160BFBB0CA3C360790E5562BB78EFE0069C77483AD35CAC237C61DE78A7DB46FC917124CA17510DB7DA218890F448EF6318613A1C97C928E2B7B6A54617BCCB6CDF278AE542B56AD7BB5ECD8C46A66C4FA0950CE41352CB85711890458F299BF40BA6FF2C0713862268B5F08E49845B09443997AB29A62073C0D9818C020167D4749231C059E6F483F976817C90C20A9C937079C2D4BE30DA974A97E4BC53ED96A55169F4A23A3EA24BD8E01B8FAEB95D4E53FFFECB60802C388A40F4660540B1B1F8176C9811BB26A683CA789564A2940FCEB2CE6A92A1EE45EE4C31857C9B9B8B56A79D95A46CB393A31A2737BAFEA6C81066A672B34C10AA98957C91766B730036A56D940AA4EBCB758B08351E2C4FD19453BF3A6292A993D67C7ECC72F42F782E9EBAA1A8B3B0F567AB39421F6A67A6B8410FD94A721D365F1639E9DDABFD0A6CE1A4605BD2B1C9B977BD1EA32867368D6E639D019AC101853BC153C86F85280FC763BA24FB57A296CB12D32E08AB32C551D5A45A4A28F9ADC28F7A2900E25A40B5190B22AB19DFB246F42B24F97CCA9B09BEAD246E1734F446677B38B7522B780727C117440C9F1A024520C141A69CDD2E69A05534A7232C5F1B766E93A5EE2EA1B26E860A3441ADEA91EDB782CABC8A5D011A21BC388E7F486F0B7993079AE3F1A7C85D27D0F492184D59062142B76A43734A90D556A95DC483DD82104ED58CA1571C39685827951434CC1001AA4C813261E4F93028E14CD08F768A454310C3B010C83B74D04A57BB977B3D8BCF3AAA78CA12B78F010D95134928A5E5D96A029B442A41888038B29C2F122B0B6B3AF121AEA29A05553BDF1DB607AFB17001860AF1823BCF03DB3B441DA163A28C523A5FB4669A64234A4BCD1217FF2635BD97680FF938DBCF10E9532A9A79A5B073A9E8DB2123D210FAEA200B664838E80071F2BA254AAC890A46E28EC342D92812B01593071657E7A3A4A75CB3D5279CE88405AC5ADACB2051E022EE0AC9BBFE32DEF98667ED347ADCB3930F3CAD031391B709A4E61B8DD4B3FB741B5BD60BF304015EE7546A24B59EADCA137C7125074726B7686EC551B7BC26BBDB20FC3783534E34EE1F1BC6B77AB49A6667846975778C3C536830450A3FA910259722F3F806E6EB4B9346763FEF0922BC4B6EB3826AFF24EADC6CF6E477C2E055CFB7A90A55C06D0B2A2F5116069E64A5B5078C0577BC8E7900EA71C341C02AD854EA5A01AF2A605CB2068D52438CDDC60B03882CC024D13045F2BA6B0F446AAA5958760617945371FD78C28A40677A6E72F513B9E0667A9BAF446C1BA931BA81834234792A2A2B2B3701F31B7CF467C80F1981141BB457793E1307091C48B5914646A60CE1A301543779D7C3342AD179796C2C440D99DF9D41B52E32625A82AA5F579A9920BFFBA964FA70DB259C85E68C813817B1347BF19814DA5E9364A4645E621923D955C211A55D355C816DA04730AA324085E622B51D6109B49F673ADD00E414755C8024AA0164F24556DED963D61143856CB4FF0567E3320730DBCBF12F66E2B70B20054A6DEA42614B50EF72B156F5149FC263DD7E039C55A3EE9827DF92C565D24C55E0A81C6494695344D948748AFBA9F762C0EA90BB724897902000775613949602C48C78A9440678C24086D326D79643BAF7036C66C7E026AAEFDA2807A60BD7FC91363BB0234A590984AA011F11D40268218A1588377B3D7671B8B99789919B86EE82B18EC22D4E80A1F27853D889419D460DEF7567AA4567969C43048C32B8462A9C9386EB3152A6976AA783CDD1A8C57A9B6BBD837A00624B58B4BA3DBB63BB8200E7BC88881BEBDA925BCA028E291AA1C22539CD04F90090D7F74108C32B8022C1591C881E76304E2408190E20F09A54FC23420E2620E9D87A3108A94FEEA72D5AB7FCFB972E6561B1A7B062F1A682E020AA2562812B296547B917824CDB88C582B5A6890177BC70C91ACAC9ABE290AEB2C34A7E2368955CB456A345368ABE3B91B47FC30B0233A09BA79FB11238AC508CCE61095F854C23204A8D36BFC2C6E05A72AF5244B17C12101E01451570EB110567E850E79C000142441FE4160027545F6290E85451B80234A9406C390B0CEA3C8335D4C6F8550B544C9343E61BA1C8489D1B0399739168AF740A481B0F5C3372530CA06B508ECE838AB78BEE1E597A9B14F6AEC7A3BD1AA8D10BAC23B9802902CD529AB6EF54DB3110CFB561E7E6948E65281250416C349C8100B3B4D3D0F62ACAD8D161175B134F7564937CDECE9E246AAD11021A67B20EB8F7765AC2823A9D18C93EC282D6DBC53CD6DF57592AC7D1F83BAFAE6EE86FE00F95D813375772434860F5FF7D54FFC37399BC4CC -encaps_c: 778D6B03791ACAF56CAAFCC78CEE5CBCA1DE8737E9C7FF4AE5F384D344E08223C74C824CB5848520517C7F0EA0645EB6F889517AE5216B0CF41DDC3F0D1DF9BC6E4DECB236A5EA8B214F64266D3CDE08E0CB00E5D91F586706B1EE533D20476F4423B78F916B1726EEEA959FFB9AC634D04A94D09923CB0D4E730CCA4144E7C4884921652DA4928C68E644F673CFC57D3E87CF5BE581A89F9CB8F0FCE2782D681E5CE88AF58458C3D63D807572DE5AA8E1FAF2DCD14EDB7349565B7D3271DDBEB0B6CC7AFE08635784311159733C46E5FDC5E0CD36CE5685ACFB1AFE50ABB46F447521E60D9C8F0E4CA28C190ABB40C365F412471E95A8EA396D4BD8070EEB1F02B07C825367AA1EC0F10C3862416BB21AD6CA748A86E9829EFC1A0499093C85176D37F574C75CF5EDFA8D920D3268CB34C6A4BB0002869BC05D7C8FCC0658D4A01EACD74557A37D98A763074752DFDD6429881CAFF577D3A048031BD52C4E9726398590F9519FD59405D6B3C307AFCB168A985785D954A6D1DC1EA92E1EB6F946A4D99DD6CA307ABFD8362FABA98BB264C69C5F555D60883CC56019FEB4E8000C48B7E68CD667F00B5250CEF293A4A9E778726E62F120361E21AB3140464CDC6ABDE9EA05198D8B3BB671B9111A2F317582847CA5015664F22CDB08C143187BDE2129B54F34160295D75FE9A494FD7E67AAA76B57AAFFD89D01A71DF5C8158620298D582BBEFA6D09AC412A99AA3BE9C383504948C43DD5AF4127B1435804F44BAFA142BFC2A95D95FB2EF0641ABE71064DE51D6B9EC50857B8EEF7F48036313D0E936763B8F7BDE69B064DD5761D80EA6F1A8B37565753C579BBB895EFB9FCB3FC5FA3362E3774F0F77140B973CAE587BAD2F3B566A9C25A969347E5C54F87F1105E9C074867D94077CCAE3ABEA54520EDB51D9DAABE7848E78FDF66E07E2E22B30251931E890BAF1F5E177D4D9CEC9E4969481FD7C1335A0ED5879F34EF4BB4F66C28803CEA162BA461506D52EB3AE16951922B06825186C3D4CE1B51F3C92F3C52F2D04D1F13B2B17C9EEB882CCE0EB88B7EA9A1CE4E37415CC84C7BC436A4628386CC77D9AFD207911BD9BFD8A7FA05C275BE0C4C6A8FC0A61BDA1D67AE33B5310BE1290DC71C1418EB5744BF2842C1652173A49A692E71FE43258A205B3CAAB90C0304A51E77D01B404A01FAE2F83AB80C5DBF6CF518C001F46A633FA169B1BDB77A9D0B1E0C007835C09F6ABBA96F3F53564DA508EE8861A483A81749D4A44672B1EF1605F29D168B74B736B4F13501D7AD1213118A7832E666A50BE8010D54322A526CF7A4E543A79D0D98E004FBEC76EA3F7E887BDBAF50DADFDDDF3FFECF6D3F77EA4B9B16DC754F4A68E5EF32F6A137E7C9E3C3E8C2E236C7EBC45D46EC1677A5A8BB2668443B0BE8693DC257F13D8B9A90100B92B4D1761B819673832C32020671BFB3D0220A363E4BED6D649D3F7368CFE081E196A43D4708798E31BB2A2F61824674ABA2FC9DCD05DB84B8627AE11488886F921BC79AE1FD03 diff --git a/tests/PQC_Intermediate_Values/fetch_values.sh b/tests/PQC_Intermediate_Values/fetch_values.sh deleted file mode 100755 index 3e99688601..0000000000 --- a/tests/PQC_Intermediate_Values/fetch_values.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: MIT - -# This script fetches the NIST vectors for the ML-KEM-ipd and ML-DSA-ipd and extracts the values we use for testing - -wget -O PQC_Intermediate_Values.zip https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip -unzip PQC_Intermediate_Values.zip && mv "PQC Intermediate Values" PQC_Intermediate_Values - -file_keygen="PQC_Intermediate_Values/Key Generation -- " -file_signature="PQC_Intermediate_Values/Signature Generation -- " -file_verification="PQC_Intermediate_Values/Signature Verification -- " - -for VARIANT in "ML-DSA-44" "ML-DSA-65" "ML-DSA-87" -do - echo "Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip" >> "$VARIANT.txt" - grep "seed: " "$file_keygen$VARIANT.txt" >> "$VARIANT.txt" - grep "message: " "$file_signature$VARIANT.txt" | sed 's/message: /sig_message: /g' >> "$VARIANT.txt" - grep "sk: " "$file_signature$VARIANT.txt" | sed 's/sk: /sig_sk: /g' >> "$VARIANT.txt" - grep "rnd: " "$file_signature$VARIANT.txt" >> "$VARIANT.txt" - - grep "signature: " "$file_verification$VARIANT.txt" | sed "s/signature: /verif_signature: /g" >> "$VARIANT.txt" - grep "pk: " "$file_verification$VARIANT.txt" | sed "s/pk: /verif_pk: /g" >> "$VARIANT.txt" - grep "message: " "$file_verification$VARIANT.txt" | sed "s/message: /verif_message: /g" >> "$VARIANT.txt" - - grep "pk: " "$file_keygen$VARIANT.txt" | sed "s/pk: /keygen_pk: /g" >> "$VARIANT.txt" - grep "sk: " "$file_keygen$VARIANT.txt" | sed 's/sk: /keygen_sk: /g' >> "$VARIANT.txt" - grep "signature: " "$file_signature$VARIANT.txt" | sed "s/signature: /sig_signature: /g" >> "$VARIANT.txt" -done - -file_keygen="PQC_Intermediate_Values/Key Generation -- " -file_encaps="PQC_Intermediate_Values/Encapsulation -- " -file_decaps="PQC_Intermediate_Values/Decapsulation -- " - -for VARIANT in "ML-KEM-512" "ML-KEM-768" "ML-KEM-1024" -do - echo "Origin of the values: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/example-files/PQC%20Intermediate%20Values.zip" >> "$VARIANT.txt" - grep "z: " "$file_keygen$VARIANT.txt" | sed 's/z: /keygen_z: /g' >> "$VARIANT.txt" - grep "d: " "$file_keygen$VARIANT.txt" | sed 's/d: /keygen_d: /g' >> "$VARIANT.txt" - - grep "m: " "$file_encaps$VARIANT.txt" | sed 's/m: /encaps_m: /g' >> "$VARIANT.txt" - grep "ek: " "$file_encaps$VARIANT.txt" | sed 's/ek: /encaps_ek: /g' >> "$VARIANT.txt" - grep "K: " "$file_encaps$VARIANT.txt" | sed 's/K: /encaps_K: /g' >> "$VARIANT.txt" - - grep "dk: " "$file_decaps$VARIANT.txt" | sed 's/dk: /decaps_dk: /g' >> "$VARIANT.txt" - grep "c: " "$file_decaps$VARIANT.txt" | sed 's/c: /decaps_c: /g' >> "$VARIANT.txt" - grep "KPrime: " "$file_decaps$VARIANT.txt" | sed 's/KPrime: /decaps_KPrime: /g' >> "$VARIANT.txt" - - grep "ek: " "$file_keygen$VARIANT.txt" | sed 's/ek: /keygen_ek: /g' >> "$VARIANT.txt" - grep "dk: " "$file_keygen$VARIANT.txt" | sed 's/dk: /keygen_dk: /g' >> "$VARIANT.txt" - - grep "c: " "$file_encaps$VARIANT.txt" | sed 's/c: /encaps_c: /g' >> "$VARIANT.txt" - -done \ No newline at end of file diff --git a/tests/constant_time/sig/issues.json b/tests/constant_time/sig/issues.json index aa5102178e..4ff0064096 100644 --- a/tests/constant_time/sig/issues.json +++ b/tests/constant_time/sig/issues.json @@ -28,9 +28,6 @@ "MAYO_1": [], "MAYO_2": [], "MAYO_3": [], - "ML-DSA-44-ipd": [], - "ML-DSA-65-ipd": [], - "ML-DSA-87-ipd": [], "ML-DSA-44": [], "ML-DSA-65": [], "ML-DSA-87": [], diff --git a/tests/constant_time/sig/passes.json b/tests/constant_time/sig/passes.json index 65247af661..ed2f1d9dc5 100644 --- a/tests/constant_time/sig/passes.json +++ b/tests/constant_time/sig/passes.json @@ -29,9 +29,6 @@ "MAYO-2": ["mayo"], "MAYO-3": ["mayo"], "MAYO-5": ["mayo"], - "ML-DSA-44-ipd": ["ml_dsa", "ml_dsa-avx2"], - "ML-DSA-65-ipd": ["ml_dsa", "ml_dsa-avx2"], - "ML-DSA-87-ipd": ["ml_dsa", "ml_dsa-avx2"], "ML-DSA-44": ["ml_dsa", "ml_dsa-avx2"], "ML-DSA-65": ["ml_dsa", "ml_dsa-avx2"], "ML-DSA-87": ["ml_dsa", "ml_dsa-avx2"], diff --git a/tests/constant_time/sig/passes/ml_dsa b/tests/constant_time/sig/passes/ml_dsa index f38940135b..ea9ff1f5ba 100644 --- a/tests/constant_time/sig/passes/ml_dsa +++ b/tests/constant_time/sig/passes/ml_dsa @@ -18,53 +18,53 @@ Memcheck:Cond fun:rej_gamma1m1 fun:pqcrystals_ml_dsa*_ref_poly_uniform_gamma1m1 - fun:pqcrystals_ml_dsa*_ref_signature + fun:pqcrystals_ml_dsa*_ref_signature_internal } { Rejection sampling for challenge Memcheck:Cond fun:pqcrystals_ml_dsa*_ref_poly_challenge - fun:pqcrystals_ml_dsa*_ref_signature + fun:pqcrystals_ml_dsa*_ref_signature_internal } { Rejection sampling for challenge Memcheck:Value8 fun:pqcrystals_ml_dsa*_ref_poly_challenge - fun:pqcrystals_ml_dsa*_ref_signature + fun:pqcrystals_ml_dsa*_ref_signature_internal } { Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:154 # Call to polyvecl_chknorm + src:sign.c:161 # Call to polyvecl_chknorm # fun:pqcrystals_ml_dsa*_ref_signature } { Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:163 # Call to polyveck_chknorm + src:sign.c:170 # Call to polyveck_chknorm # fun:pqcrystals_ml_dsa*_ref_signature } { Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:170 # Call to polyveck_chknorm + src:sign.c:177 # Call to polyveck_chknorm # fun:pqcrystals_ml_dsa*_ref_signature } { Hint does not need to be computed in constant time Memcheck:Cond ... - src:sign.c:174 # Call to polyveck_make_hint + src:sign.c:181 # Call to polyveck_make_hint # fun:pqcrystals_ml_dsa*_ref_signature } { Rejection sampling for hint Memcheck:Cond ... - src:sign.c:175 # Checking number of 1 bits in hint + src:sign.c:182 # Checking number of 1 bits in hint # fun:pqcrystals_ml_dsa*_ref_signature } { @@ -76,5 +76,5 @@ { Verification is not done in constant time Memcheck:Cond - fun:pqcrystals_ml_dsa*_ref_verify + fun:pqcrystals_ml_dsa*_ref_verify_internal } diff --git a/tests/constant_time/sig/passes/ml_dsa-avx2 b/tests/constant_time/sig/passes/ml_dsa-avx2 index a9ad9fb3d1..3cb70dba2f 100644 --- a/tests/constant_time/sig/passes/ml_dsa-avx2 +++ b/tests/constant_time/sig/passes/ml_dsa-avx2 @@ -34,14 +34,14 @@ Memcheck:Cond ... fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_4x - fun:pqcrystals_ml_dsa*_avx2_signature + fun:pqcrystals_ml_dsa*_avx2_signature_internal } { Rejection sampling for y Memcheck:Value8 ... fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_4x - fun:pqcrystals_ml_dsa*_avx2_signature + fun:pqcrystals_ml_dsa*_avx2_signature_internal } { Rejection sampling for s1 and s2 @@ -65,7 +65,7 @@ ... fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_preinit fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1 - fun:pqcrystals_ml_dsa*_avx2_signature + fun:pqcrystals_ml_dsa*_avx2_signature_internal } { Rejection sampling for y @@ -73,7 +73,7 @@ ... fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1_preinit fun:pqcrystals_ml_dsa*_avx2_poly_uniform_gamma1m1 - fun:pqcrystals_ml_dsa*_avx2_signature + fun:pqcrystals_ml_dsa*_avx2_signature_internal } { Rejection sampling for challenge @@ -89,21 +89,21 @@ Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:240 # Call to poly_chknorm + src:sign.c:248 # Call to poly_chknorm # fun:pqcrystals_ml_dsa*_avx2_signature } { Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:255 # Call to poly_chknorm + src:sign.c:263 # Call to poly_chknorm # fun:pqcrystals_ml_dsa*_avx2_signature } { Rejection sampling for signature distribution Memcheck:Cond ... - src:sign.c:262 # Call to poly_chknorm + src:sign.c:270 # Call to poly_chknorm # fun:pqcrystals_ml_dsa*_avx2_signature } { @@ -111,34 +111,34 @@ Memcheck:Cond ... fun:pqcrystals_ml_dsa*_avx2_poly_make_hint - src:sign.c:266 # fun:pqcrystals_ml_dsa*_ref_signature + src:sign.c:274 # fun:pqcrystals_ml_dsa*_avx2_signature } { Hint does not need to be computed in constant time Memcheck:Value8 ... fun:pqcrystals_ml_dsa*_avx2_poly_make_hint - src:sign.c:266 # fun:pqcrystals_ml_dsa*_ref_signature + src:sign.c:274 # fun:pqcrystals_ml_dsa*_avx2_signature } { Rejection sampling for hint Memcheck:Cond ... - src:sign.c:267 # Checking number of 1 bits in hint + src:sign.c:275 # Checking number of 1 bits in hint # fun:pqcrystals_ml_dsa*_avx2_signature } { Hint positions are not secret Memcheck:Cond ... - src:sign.c:271 # memcpy + src:sign.c:279 # memcpy # fun:pqcrystals_ml_dsa*_avx2_signature } { Hint positions are not secret Memcheck:Value8 ... - src:sign.c:271 # memcpy + src:sign.c:279 # memcpy # fun:pqcrystals_ml_dsa*_avx2_signature } { @@ -150,6 +150,6 @@ { Verification is not done in constant time Memcheck:Cond - fun:pqcrystals_ml_dsa*_avx2_verify + fun:pqcrystals_ml_dsa*_avx2_verify_internal } diff --git a/tests/kat_sig.c b/tests/kat_sig.c index 5326d3c335..c57646fa70 100644 --- a/tests/kat_sig.c +++ b/tests/kat_sig.c @@ -62,7 +62,7 @@ OQS_STATUS combine_message_signature(uint8_t **signed_msg, size_t *signed_msg_le memcpy(*signed_msg, signature, signature_len); memcpy(*signed_msg + signature_len, msg, msg_len); return OQS_SUCCESS; - } else if (0 == strcmp(sig->method_name, "ML-DSA-44-ipd") || 0 == strcmp(sig->method_name, "ML-DSA-44")) { + } else if (0 == strcmp(sig->method_name, "ML-DSA-44")) { // signed_msg = signature || msg *signed_msg_len = signature_len + msg_len; *signed_msg = OQS_MEM_malloc(*signed_msg_len); @@ -72,7 +72,7 @@ OQS_STATUS combine_message_signature(uint8_t **signed_msg, size_t *signed_msg_le memcpy(*signed_msg, signature, signature_len); memcpy(*signed_msg + signature_len, msg, msg_len); return OQS_SUCCESS; - } else if (0 == strcmp(sig->method_name, "ML-DSA-65-ipd") || 0 == strcmp(sig->method_name, "ML-DSA-65")) { + } else if (0 == strcmp(sig->method_name, "ML-DSA-65")) { // signed_msg = signature || msg *signed_msg_len = signature_len + msg_len; *signed_msg = OQS_MEM_malloc(*signed_msg_len); @@ -82,7 +82,7 @@ OQS_STATUS combine_message_signature(uint8_t **signed_msg, size_t *signed_msg_le memcpy(*signed_msg, signature, signature_len); memcpy(*signed_msg + signature_len, msg, msg_len); return OQS_SUCCESS; - } else if (0 == strcmp(sig->method_name, "ML-DSA-87-ipd") || 0 == strcmp(sig->method_name, "ML-DSA-87")) { + } else if (0 == strcmp(sig->method_name, "ML-DSA-87")) { // signed_msg = signature || msg *signed_msg_len = signature_len + msg_len; *signed_msg = OQS_MEM_malloc(*signed_msg_len); diff --git a/tests/test_acvp_vectors.py b/tests/test_acvp_vectors.py index a0504cabcc..ee45f8c120 100644 --- a/tests/test_acvp_vectors.py +++ b/tests/test_acvp_vectors.py @@ -101,16 +101,110 @@ def test_acvp_vec_kem_encdec_val(kem_name): assert(variantFound == True) +@helpers.filtered_test +@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not needed on Windows") +@pytest.mark.parametrize('sig_name', helpers.available_sigs_by_name()) +def test_acvp_vec_sig_keygen(sig_name): + + if not(helpers.is_sig_enabled_by_name(sig_name)): pytest.skip('Not enabled') + if not(sig_name in fips_sig): pytest.skip("Not supported") + + with open(os.path.join('tests', ml_dsa_kg), 'r') as fp: + ml_sig_kg_acvp = json.load(fp) + + variantFound = False + for variant in ml_sig_kg_acvp["testGroups"]: + if variant["parameterSet"] == sig_name: + variantFound = True + for testCase in variant["tests"]: + seed = testCase["seed"] + pk = testCase["pk"] + sk = testCase["sk"] + + helpers.run_subprocess( + ['build/tests/vectors_sig', sig_name, "keyGen", seed, pk, sk] + ) + + assert(variantFound == True) + +@helpers.filtered_test +@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not needed on Windows") +@pytest.mark.parametrize('sig_name', helpers.available_sigs_by_name()) +def test_acvp_vec_sig_gen_deterministic(sig_name): + + if not(helpers.is_sig_enabled_by_name(sig_name)): pytest.skip('Not enabled') + if not(sig_name in fips_sig): pytest.skip("Not supported") + + with open(os.path.join('tests', ml_dsa_sig), 'r') as fp: + ml_sig_sig_acvp = json.load(fp) + + variantFound = False + for variant in ml_sig_sig_acvp["testGroups"]: + if variant["parameterSet"] == sig_name and variant["deterministic"] == True: + variantFound = True + for testCase in variant["tests"]: + sk = testCase["sk"] + message = testCase["message"] + signature = testCase["signature"] + helpers.run_subprocess( + ['build/tests/vectors_sig', sig_name, "sigGen_det", sk, message, signature] + ) + + assert(variantFound == True) + +@helpers.filtered_test +@pytest.mark.skipif(sys.platform.startswith("win"), reason="Not needed on Windows") +@pytest.mark.parametrize('sig_name', helpers.available_sigs_by_name()) +def test_acvp_vec_sig_gen_randomized(sig_name): + + if not(helpers.is_sig_enabled_by_name(sig_name)): pytest.skip('Not enabled') + if not(sig_name in fips_sig): pytest.skip("Not supported") + + with open(os.path.join('tests', ml_dsa_sig), 'r') as fp: + ml_sig_sig_acvp = json.load(fp) + + variantFound = False + for variant in ml_sig_sig_acvp["testGroups"]: + if variant["parameterSet"] == sig_name and variant["deterministic"] == False: + variantFound = True + for testCase in variant["tests"]: + sk = testCase["sk"] + message = testCase["message"] + signature = testCase["signature"] + rnd = testCase["rnd"] + + helpers.run_subprocess( + ['build/tests/vectors_sig', sig_name, "sigGen_rnd", sk, message, signature, rnd] + ) + + assert(variantFound == True) @helpers.filtered_test @pytest.mark.skipif(sys.platform.startswith("win"), reason="Not needed on Windows") @pytest.mark.parametrize('sig_name', helpers.available_sigs_by_name()) -def test_vectors_sig(sig_name): +def test_acvp_vec_sig_ver(sig_name): + if not(helpers.is_sig_enabled_by_name(sig_name)): pytest.skip('Not enabled') - result = helpers.run_subprocess( - ['tests/test_vectors.sh', sig_name], - ) - if sig_name + " not supported" in result: pytest.skip("Not supported") + if not(sig_name in fips_sig): pytest.skip("Not supported") + + with open(os.path.join('tests', ml_dsa_ver), 'r') as fp: + ml_sig_sig_acvp = json.load(fp) + + variantFound = False + for variant in ml_sig_sig_acvp["testGroups"]: + if variant["parameterSet"] == sig_name: + variantFound = True + pk = variant["pk"] + for testCase in variant["tests"]: + message = testCase["message"] + signature = testCase["signature"] + testPassed = "1" if testCase["testPassed"] else "0" + + helpers.run_subprocess( + ['build/tests/vectors_sig', sig_name, "sigVer", pk, message, signature, testPassed] + ) + + assert(variantFound == True) if __name__ == "__main__": import sys diff --git a/tests/test_alg_info.py b/tests/test_alg_info.py index fc7032e699..2148772b48 100644 --- a/tests/test_alg_info.py +++ b/tests/test_alg_info.py @@ -58,13 +58,18 @@ def test_alg_info_sig(sig_name): with open(datasheet_filename, 'r', encoding='utf8') as datasheet_fh: datasheet = yaml.safe_load(datasheet_fh.read()) # find the parameter set in the datasheet + foundit = False for parameter_set in datasheet['parameter-sets']: if parameter_set['name'] == sig_name or ('alias' in parameter_set and parameter_set['alias'] == sig_name): foundit = True + # SUF-CMA implies EUF-CMA + claimed_security = [parameter_set['claimed-security']] + if parameter_set['claimed-security'] == 'SUF-CMA': + claimed_security.append("EUF-CMA") # check that the values match assert(alg_info['claimed-nist-level'] == parameter_set['claimed-nist-level']) - assert(alg_info['claimed-security'] == parameter_set['claimed-security']) + assert(alg_info['claimed-security'] in claimed_security) assert(alg_info['length-public-key'] == parameter_set['length-public-key']) assert(alg_info['length-secret-key'] == parameter_set['length-secret-key']) assert(alg_info['length-signature'] == parameter_set['length-signature']) diff --git a/tests/test_sig.c b/tests/test_sig.c index 9dd8cca865..9d010b773e 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -36,6 +36,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { uint8_t *secret_key = NULL; uint8_t *message = NULL; size_t message_len = 100; + uint8_t ctx[257] = { 0 }; uint8_t *signature = NULL; size_t signature_len; OQS_STATUS rc, ret = OQS_ERROR; @@ -118,6 +119,76 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } + /* testing signing with context, if supported */ + OQS_randombytes(ctx, 257); + if (sig->sig_with_ctx_support) { + for (size_t i = 0; i < 256; ++i) { + rc = OQS_SIG_sign_with_ctx_str(sig, signature, &signature_len, message, message_len, ctx, i, secret_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_SIG_sign_with_ctx_str failed\n"); + goto err; + } + + OQS_TEST_CT_DECLASSIFY(public_key, sig->length_public_key); + OQS_TEST_CT_DECLASSIFY(signature, signature_len); + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str failed\n"); + goto err; + } + + /* modify the signature to invalidate it */ + OQS_randombytes(signature, signature_len); + OQS_TEST_CT_DECLASSIFY(signature, signature_len); + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); + goto err; + } + } + + rc = OQS_SIG_sign_with_ctx_str(sig, signature, &signature_len, message, message_len, ctx, 257, secret_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_sign_with_ctx_str should only support up to 256 byte contexts\n"); + goto err; + } + } else { + rc = OQS_SIG_sign_with_ctx_str(sig, signature, &signature_len, message, message_len, ctx, 1, secret_key); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_sign_with_ctx_str should fail without support for context strings\n"); + goto err; + } + } + + rc = OQS_SIG_sign_with_ctx_str(sig, signature, &signature_len, message, message_len, NULL, 0, secret_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_SIG_sign_with_ctx_str should always succeed when providing a NULL context string\n"); + goto err; + } + OQS_TEST_CT_DECLASSIFY(public_key, sig->length_public_key); + OQS_TEST_CT_DECLASSIFY(signature, signature_len); + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_SUCCESS) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str failed\n"); + goto err; + } + + /* modify the signature to invalidate it */ + OQS_randombytes(signature, signature_len); + OQS_TEST_CT_DECLASSIFY(signature, signature_len); + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); + goto err; + } + #ifndef OQS_ENABLE_TEST_CONSTANT_TIME /* check magic values */ int rv = memcmp(public_key + sig->length_public_key, magic.val, sizeof(magic_t)); diff --git a/tests/vectors_kem.c b/tests/vectors_kem.c index 1037be726b..a7a1dc6a7b 100644 --- a/tests/vectors_kem.c +++ b/tests/vectors_kem.c @@ -58,7 +58,7 @@ static void hexStringToByteArray(const char *hexString, uint8_t *byteArray) { } } -/* HQC-specific functions */ +/* ML_KEM-specific functions */ static inline bool is_ml_kem(const char *method_name) { return (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_512)) || (0 == strcmp(method_name, OQS_KEM_alg_ml_kem_768)) diff --git a/tests/vectors_sig.c b/tests/vectors_sig.c index bfccfb23c2..301573bd1d 100644 --- a/tests/vectors_sig.c +++ b/tests/vectors_sig.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT -// This tests the test vectors published by NIST CAVP +// This tests the test vectors published by NIST ACVP + #include #include @@ -14,6 +15,65 @@ #include "system_info.c" +#define RNDBYTES 32 + +#ifdef OQS_ENABLE_SIG_ml_dsa_44 +extern int pqcrystals_ml_dsa_44_ref_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +extern int pqcrystals_ml_dsa_44_ref_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); +#endif + +#ifdef OQS_ENABLE_SIG_ml_dsa_65 +extern int pqcrystals_ml_dsa_65_ref_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +extern int pqcrystals_ml_dsa_65_ref_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); +#endif + +#ifdef OQS_ENABLE_SIG_ml_dsa_87 +extern int pqcrystals_ml_dsa_87_ref_signature_internal(uint8_t *sig, + size_t *siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t rnd[RNDBYTES], + const uint8_t *sk); + +extern int pqcrystals_ml_dsa_87_ref_verify_internal(const uint8_t *sig, + size_t siglen, + const uint8_t *m, + size_t mlen, + const uint8_t *pre, + size_t prelen, + const uint8_t *pk); +#endif + struct { const uint8_t *pos; } prng_state = { @@ -58,12 +118,9 @@ static void hexStringToByteArray(const char *hexString, uint8_t *byteArray) { } } -/* HQC-specific functions */ +/* ML_DSA-specific functions */ static inline bool is_ml_dsa(const char *method_name) { - return (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_44_ipd)) - || (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_65_ipd)) - || (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_87_ipd)) - || (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_44)) + return (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_44)) || (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_65)) || (0 == strcmp(method_name, OQS_SIG_alg_ml_dsa_87)); } @@ -82,21 +139,15 @@ static void MLDSA_randombytes_free(void) { prng_state.pos = 0; } -OQS_STATUS sig_vector(const char *method_name, - uint8_t *prng_output_stream, - const uint8_t *sig_msg, size_t sig_msg_len, const uint8_t *sig_sk, - const uint8_t *verif_sig, const uint8_t *verif_pk, const uint8_t *verif_msg, size_t verif_msg_len) { - +static OQS_STATUS sig_kg_vector(const char *method_name, + uint8_t *prng_output_stream, + const uint8_t *kg_pk, const uint8_t *kg_sk) { uint8_t *entropy_input; FILE *fh = NULL; OQS_SIG *sig = NULL; - uint8_t *msg = NULL; uint8_t *public_key = NULL; uint8_t *secret_key = NULL; uint8_t *signature = NULL; - uint8_t *signed_msg = NULL; - size_t signature_len = 0; - size_t signed_msg_len = 0; OQS_STATUS rc, ret = OQS_ERROR; void (*randombytes_init)(const uint8_t *, const uint8_t *) = NULL; @@ -104,7 +155,7 @@ OQS_STATUS sig_vector(const char *method_name, sig = OQS_SIG_new(method_name); if (sig == NULL) { - printf("[sig_kat] %s was not enabled at compile-time.\n", method_name); + printf("[vectors_sig] %s was not enabled at compile-time.\n", method_name); goto algo_not_enabled; } @@ -114,7 +165,7 @@ OQS_STATUS sig_vector(const char *method_name, randombytes_free = &MLDSA_randombytes_free; entropy_input = (uint8_t *) prng_output_stream; } else { - // Only ML-DSA-ipd supported + // Only ML-DSA supported goto err; } @@ -130,29 +181,25 @@ OQS_STATUS sig_vector(const char *method_name, goto err; } + if ((prng_output_stream == NULL) || (kg_pk == NULL) || (kg_sk == NULL)) { + fprintf(stderr, "[vectors_sig] %s ERROR: inputs NULL!\n", method_name); + goto err; + } + rc = OQS_SIG_keypair(sig, public_key, secret_key); - if (rc != OQS_SUCCESS) { + if (rc) { fprintf(stderr, "[vectors_sig] %s ERROR: OQS_SIG_keypair failed!\n", method_name); goto err; } fprintBstr(fh, "pk: ", public_key, sig->length_public_key); fprintBstr(fh, "sk: ", secret_key, sig->length_secret_key); - rc = OQS_SIG_sign(sig, signature, &signature_len, sig_msg, sig_msg_len, sig_sk); - if (rc != OQS_SUCCESS) { - fprintf(stderr, "[vectors_sig] %s ERROR: OQS_SIG_sign failed!\n", method_name); - goto err; - } - - fprintBstr(fh, "signature: ", signature, signature_len); - - rc = OQS_SIG_verify(sig, verif_msg, verif_msg_len, verif_sig, signature_len, verif_pk); - if (rc != OQS_SUCCESS) { - fprintf(stderr, "[vectors_sig] %s ERROR: OQS_SIG_verify failed!\n", method_name); - goto err; + if (!memcmp(public_key, kg_pk, sig->length_public_key) && !memcmp(secret_key, kg_sk, sig->length_secret_key)) { + ret = OQS_SUCCESS; + } else { + ret = OQS_ERROR; + fprintf(stderr, "[vectors_sig] %s ERROR: public key or private key doesn't match!\n", method_name); } - - ret = OQS_SUCCESS; goto cleanup; err: @@ -165,109 +212,361 @@ OQS_STATUS sig_vector(const char *method_name, cleanup: if (sig != NULL) { OQS_MEM_secure_free(secret_key, sig->length_secret_key); - OQS_MEM_secure_free(signed_msg, signed_msg_len); } if (randombytes_free != NULL) { randombytes_free(); } OQS_MEM_insecure_free(public_key); OQS_MEM_insecure_free(signature); - OQS_MEM_insecure_free(msg); OQS_SIG_free(sig); return ret; } -int main(int argc, char **argv) { - OQS_STATUS rc; +#if defined(OQS_ENABLE_SIG_ml_dsa_44) || defined(OQS_ENABLE_SIG_ml_dsa_65) || defined(OQS_ENABLE_SIG_ml_dsa_87) +static int sig_ver_vector(const char *method_name, + const uint8_t *sigVer_pk_bytes, + const uint8_t *sigVer_msg_bytes, + size_t msgLen, + const uint8_t *sigVer_sig_bytes, int testPassed) { - OQS_init(); + FILE *fh = NULL; + OQS_SIG *sig = NULL; + int rc = -1, ret = -1; - if (argc != 8) { - fprintf(stderr, "Usage: vectors_sig algname prng_output_stream sig_msg sig_sk verif_sig verif_pk verif_msg\n"); - fprintf(stderr, " algname: "); - for (size_t i = 0; i < OQS_SIG_algs_length; i++) { - if (i > 0) { - fprintf(stderr, ", "); - } - fprintf(stderr, "%s", OQS_SIG_alg_identifier(i)); - } - fprintf(stderr, "\n"); - printf("\n"); - print_system_info(); - OQS_destroy(); - return EXIT_FAILURE; + sig = OQS_SIG_new(method_name); + if (sig == NULL) { + printf("[vectors_sig] %s was not enabled at compile-time.\n", method_name); + goto algo_not_enabled; } - char *alg_name = argv[1]; - char *prng_output_stream = argv[2]; - char *sig_msg = argv[3]; - size_t sig_msg_len = strlen(sig_msg) / 2; - char *sig_sk = argv[4]; - char *verif_sig = argv[5]; - char *verif_pk = argv[6]; - char *verif_msg = argv[7]; - size_t verif_msg_len = strlen(verif_msg) / 2; + fh = stdout; + + if ((sigVer_pk_bytes == NULL) || (sigVer_msg_bytes == NULL) || (sigVer_sig_bytes == NULL)) { + fprintf(stderr, "[vectors_sig] %s ERROR: inputs NULL!\n", method_name); + goto err; + } + + if (!strcmp(method_name, "ML-DSA-44")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + rc = pqcrystals_ml_dsa_44_ref_verify_internal(sigVer_sig_bytes, sig->length_signature, sigVer_msg_bytes, msgLen, NULL, 0, sigVer_pk_bytes); +#endif + } else if (!strcmp(method_name, "ML-DSA-65")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + rc = pqcrystals_ml_dsa_65_ref_verify_internal(sigVer_sig_bytes, sig->length_signature, sigVer_msg_bytes, msgLen, NULL, 0, sigVer_pk_bytes); +#endif + } else if (!strcmp(method_name, "ML-DSA-87")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + rc = pqcrystals_ml_dsa_87_ref_verify_internal(sigVer_sig_bytes, sig->length_signature, sigVer_msg_bytes, msgLen, NULL, 0, sigVer_pk_bytes); +#endif + } else { + goto err; + } + if ((!rc) != testPassed) { + fprintf(stderr, "[vectors_sig] %s ERROR: ml_dsa_verify_internal failed!\n", method_name); + goto err; + } else { + ret = EXIT_SUCCESS; + } - uint8_t *prng_output_stream_bytes = NULL; - uint8_t *sig_msg_bytes = NULL; - uint8_t *sig_sk_bytes = NULL; - uint8_t *verif_sig_bytes = NULL; - uint8_t *verif_pk_bytes = NULL; - uint8_t *verif_msg_bytes = NULL; - OQS_SIG *sig = OQS_SIG_new(alg_name); + fprintBstr(fh, "testPassed: ", (const uint8_t *)&testPassed, 1); + + goto cleanup; + +err: + ret = EXIT_FAILURE; + goto cleanup; + +algo_not_enabled: + ret = EXIT_SUCCESS; + +cleanup: + OQS_SIG_free(sig); + return ret; + +} + +static int sig_gen_vector(const char *method_name, + uint8_t *prng_output_stream, + const uint8_t *sigGen_sk, const uint8_t *sigGen_msg, size_t sigGen_msgLen, const uint8_t *sigGen_sig, int randomized) { + + FILE *fh = NULL; + uint8_t *signature = NULL; + OQS_SIG *sig = NULL; + int rc = -1, ret = -1; + size_t sigLen; + + sig = OQS_SIG_new(method_name); if (sig == NULL) { - printf("[vectors_sig] %s was not enabled at compile-time.\n", alg_name); - rc = OQS_ERROR; + printf("[vectors_sig] %s was not enabled at compile-time.\n", method_name); + goto algo_not_enabled; + } + + sigLen = sig->length_signature; + + fh = stdout; + + signature = OQS_MEM_malloc(sigLen); + + if (signature == NULL) { + fprintf(stderr, "[vectors_sig] %s ERROR: OQS_MEM_malloc failed!\n", method_name); goto err; } - if (strlen(prng_output_stream) % 2 != 0 || - strlen(sig_msg) % 2 != 0 || // variable length - strlen(sig_sk) != 2 * sig->length_secret_key || - strlen(verif_sig) != 2 * sig->length_signature || - strlen(verif_pk) != 2 * sig->length_public_key || - strlen(verif_msg) % 2 != 0) { // variable length - rc = OQS_ERROR; + if ((randomized && prng_output_stream == NULL) || (sigGen_sk == NULL) || (sigGen_msg == NULL) || (sigGen_sig == NULL)) { + fprintf(stderr, "[vectors_sig] %s ERROR: inputs NULL!\n", method_name); goto err; } - prng_output_stream_bytes = OQS_MEM_malloc(strlen(prng_output_stream) / 2); - sig_msg_bytes = OQS_MEM_malloc(strlen(sig_msg) / 2); - sig_sk_bytes = OQS_MEM_malloc(sig->length_secret_key); - verif_sig_bytes = OQS_MEM_malloc(sig->length_signature); - verif_pk_bytes = OQS_MEM_malloc(sig->length_public_key); - verif_msg_bytes = OQS_MEM_malloc(strlen(verif_msg) / 2); + if (!strcmp(method_name, "ML-DSA-44")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + rc = pqcrystals_ml_dsa_44_ref_signature_internal(signature, &sigLen, sigGen_msg, sigGen_msgLen, NULL, 0, prng_output_stream, sigGen_sk); +#endif + } else if (!strcmp(method_name, "ML-DSA-65")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + rc = pqcrystals_ml_dsa_65_ref_signature_internal(signature, &sigLen, sigGen_msg, sigGen_msgLen, NULL, 0, prng_output_stream, sigGen_sk); +#endif + } else if (!strcmp(method_name, "ML-DSA-87")) { +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + rc = pqcrystals_ml_dsa_87_ref_signature_internal(signature, &sigLen, sigGen_msg, sigGen_msgLen, NULL, 0, prng_output_stream, sigGen_sk); +#endif + } else { + goto err; + } - if ((prng_output_stream_bytes == NULL) || (sig_msg_bytes == NULL) || (sig_sk_bytes == NULL) || (verif_sig_bytes == NULL) || (verif_pk_bytes == NULL) || (verif_msg_bytes == NULL)) { - fprintf(stderr, "[vectors_sig] ERROR: OQS_MEM_malloc failed!\n"); - rc = OQS_ERROR; + if (rc) { + fprintf(stderr, "[vectors_sig] %s ERROR: ml_dsa_sign_internal failed!\n", method_name); goto err; } + fprintBstr(fh, "signature: ", signature, sig->length_public_key); + if (!memcmp(signature, sigGen_sig, sigLen)) { + ret = EXIT_SUCCESS; + } else { + ret = EXIT_FAILURE; + fprintf(stderr, "[vectors_sig] %s ERROR: public key or private key doesn't match!\n", method_name); + } + goto cleanup; - hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); - hexStringToByteArray(sig_msg, sig_msg_bytes); - hexStringToByteArray(sig_sk, sig_sk_bytes); - hexStringToByteArray(verif_sig, verif_sig_bytes); - hexStringToByteArray(verif_pk, verif_pk_bytes); - hexStringToByteArray(verif_msg, verif_msg_bytes); +err: + ret = EXIT_FAILURE; + goto cleanup; - rc = sig_vector(alg_name, prng_output_stream_bytes, sig_msg_bytes, sig_msg_len, sig_sk_bytes, verif_sig_bytes, verif_pk_bytes, verif_msg_bytes, verif_msg_len); +algo_not_enabled: + ret = EXIT_SUCCESS; + +cleanup: + OQS_MEM_insecure_free(signature); + OQS_SIG_free(sig); + return ret; +} +#endif + + + +int main(int argc, char **argv) { + OQS_STATUS rc = OQS_SUCCESS; + bool valid_args = true; + + OQS_init(); + + size_t msgLen; + + char *prng_output_stream = NULL; + char *kg_pk; + char *kg_sk; + + char *sigGen_sk; + char *sigGen_msg; + char *sigGen_sig; + + char *sigVer_pk; + char *sigVer_msg; + char *sigVer_sig; + + uint8_t *prng_output_stream_bytes = NULL; + uint8_t *kg_pk_bytes = NULL; + uint8_t *kg_sk_bytes = NULL; + + uint8_t *sigGen_sk_bytes = NULL; + uint8_t *sigGen_msg_bytes = NULL; + uint8_t *sigGen_sig_bytes = NULL; + + + uint8_t *sigVer_pk_bytes = NULL; + uint8_t *sigVer_msg_bytes = NULL; + uint8_t *sigVer_sig_bytes = NULL; + + OQS_SIG *sig = NULL; + + if (argc < 3) { + valid_args = false; + goto err; + } + + char *alg_name = argv[1]; + char *test_name = argv[2]; + + sig = OQS_SIG_new(alg_name); + + if (sig == NULL) { + printf("[vectors_sig] %s was not enabled at compile-time.\n", alg_name); + goto err; + } + + if (!strcmp(test_name, "keyGen")) { + if (argc != 6) { + valid_args = false; + goto err; + } + prng_output_stream = argv[3]; // d || z + kg_pk = argv[4]; + kg_sk = argv[5]; + + if (strlen(prng_output_stream) % 2 != 0 || + strlen(kg_pk) != 2 * sig->length_public_key || + strlen(kg_sk) != 2 * sig->length_secret_key) { + printf("lengths bad\n"); + goto err; + } + + prng_output_stream_bytes = OQS_MEM_malloc(strlen(prng_output_stream) / 2); + kg_pk_bytes = OQS_MEM_malloc(sig->length_public_key); + kg_sk_bytes = OQS_MEM_malloc(sig->length_secret_key); + + if ((prng_output_stream_bytes == NULL) || (kg_pk_bytes == NULL) || (kg_sk_bytes == NULL)) { + fprintf(stderr, "[vectors_sig] ERROR: OQS_MEM_malloc failed!\n"); + goto err; + } + + hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); + hexStringToByteArray(kg_pk, kg_pk_bytes); + hexStringToByteArray(kg_sk, kg_sk_bytes); + + + rc = sig_kg_vector(alg_name, prng_output_stream_bytes, kg_pk_bytes, kg_sk_bytes); + + } else if (!strcmp(test_name, "sigGen_det") || !strcmp(test_name, "sigGen_rnd")) { + int randomized = !strcmp(test_name, "sigGen_rnd"); + if (argc != 6 + randomized) { + valid_args = false; + goto err; + } + sigGen_sk = argv[3]; + sigGen_msg = argv[4]; + sigGen_sig = argv[5]; + + if (randomized) { + prng_output_stream = argv[6]; + if (strlen(prng_output_stream) % 2 != 0) { + goto err; + } + prng_output_stream_bytes = OQS_MEM_malloc(strlen(prng_output_stream) / 2); + if (prng_output_stream_bytes == NULL) { + fprintf(stderr, "[vectors_sig] ERROR: OQS_MEM_malloc failed!\n"); + goto err; + } + } + + if ( strlen(sigGen_msg) % 2 != 0 || + strlen(sigGen_sig) != 2 * sig->length_signature) { + goto err; + } + + msgLen = strlen(sigGen_msg) / 2; + + sigGen_sk_bytes = OQS_MEM_malloc(sig->length_secret_key); + sigGen_msg_bytes = OQS_MEM_malloc(msgLen); + sigGen_sig_bytes = OQS_MEM_malloc(sig->length_signature); + + if ((sigGen_msg_bytes == NULL) || (sigGen_sig_bytes == NULL)) { + fprintf(stderr, "[vectors_sig] ERROR: OQS_MEM_malloc failed!\n"); + goto err; + } + + if (randomized) { + hexStringToByteArray(prng_output_stream, prng_output_stream_bytes); + } else { + prng_output_stream_bytes = OQS_MEM_malloc(32); + memset(prng_output_stream_bytes, 0, 32); + } + + + hexStringToByteArray(sigGen_sk, sigGen_sk_bytes); + hexStringToByteArray(sigGen_msg, sigGen_msg_bytes); + hexStringToByteArray(sigGen_sig, sigGen_sig_bytes); + +#if defined(OQS_ENABLE_SIG_ml_dsa_44) || defined(OQS_ENABLE_SIG_ml_dsa_65) || defined(OQS_ENABLE_SIG_ml_dsa_87) + rc = sig_gen_vector(alg_name, prng_output_stream_bytes, sigGen_sk_bytes, sigGen_msg_bytes, msgLen, sigGen_sig_bytes, randomized); +#else + rc = EXIT_SUCCESS; + goto cleanup; +#endif + + } else if (!strcmp(test_name, "sigVer")) { + if (argc != 7) { + valid_args = false; + goto err; + } + sigVer_pk = argv[3]; + sigVer_msg = argv[4]; + sigVer_sig = argv[5]; + + int sigVerPassed = atoi(argv[6]); + + if ( strlen(sigVer_msg) % 2 != 0 || + strlen(sigVer_sig) != 2 * sig->length_signature || + strlen(sigVer_pk) != 2 * sig->length_public_key || + (sigVerPassed != 0 && sigVerPassed != 1)) { + goto err; + } + + msgLen = strlen(sigVer_msg) / 2; + + sigVer_pk_bytes = OQS_MEM_malloc(sig->length_public_key); + sigVer_msg_bytes = OQS_MEM_malloc(msgLen); + sigVer_sig_bytes = OQS_MEM_malloc(sig->length_signature); + + hexStringToByteArray(sigVer_pk, sigVer_pk_bytes); + hexStringToByteArray(sigVer_msg, sigVer_msg_bytes); + hexStringToByteArray(sigVer_sig, sigVer_sig_bytes); + +#if defined(OQS_ENABLE_SIG_ml_dsa_44) || defined(OQS_ENABLE_SIG_ml_dsa_65) || defined(OQS_ENABLE_SIG_ml_dsa_87) + rc = sig_ver_vector(alg_name, sigVer_pk_bytes, sigVer_msg_bytes, msgLen, sigVer_sig_bytes, sigVerPassed); +#else + rc = EXIT_SUCCESS; + goto cleanup; +#endif + + } else { + printf("[vectors_sig] %s only keyGen/sigGen/sigVer supported!\n", alg_name); + goto err; + } + goto cleanup; err: - OQS_MEM_insecure_free(prng_output_stream_bytes); - OQS_MEM_insecure_free(sig_msg_bytes); - OQS_MEM_insecure_free(sig_sk_bytes); - OQS_MEM_insecure_free(verif_sig_bytes); - OQS_MEM_insecure_free(verif_pk_bytes); - OQS_MEM_insecure_free(verif_msg_bytes); + rc = EXIT_FAILURE; + if (!valid_args) { + fprintf(stderr, "Usage: vectors_sig algname testname [testargs]\n"); + fprintf(stderr, "\n"); + printf("\n"); + print_system_info(); + } +cleanup: + OQS_MEM_insecure_free(prng_output_stream_bytes); + OQS_MEM_insecure_free(kg_pk_bytes); + OQS_MEM_insecure_free(kg_sk_bytes); + OQS_MEM_insecure_free(sigVer_pk_bytes); + OQS_MEM_insecure_free(sigVer_msg_bytes); + OQS_MEM_insecure_free(sigVer_sig_bytes); + OQS_MEM_insecure_free(sigGen_sk_bytes); + OQS_MEM_insecure_free(sigGen_msg_bytes); + OQS_MEM_insecure_free(sigGen_sig_bytes); OQS_SIG_free(sig); - OQS_destroy(); - if (rc != OQS_SUCCESS) { + if (rc != EXIT_SUCCESS) { return EXIT_FAILURE; } else { return EXIT_SUCCESS; diff --git a/zephyr/Kconfig b/zephyr/Kconfig index 9ad402f4db..48d76fd4a8 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -42,7 +42,7 @@ config LIBOQS_ENABLE_KEM_KYBER depends on LIBOQS config LIBOQS_ENABLE_KEM_ML_KEM - bool "Enable the ML-KEM algorithm (ML-KEM-ipd)" + bool "Enable the ML-KEM algorithm (ML-KEM)" default y depends on LIBOQS @@ -52,7 +52,7 @@ config LIBOQS_ENABLE_SIG_DILITHIUM depends on LIBOQS config LIBOQS_ENABLE_SIG_ML_DSA - bool "Enable the ML-DSA signature algorithm (ML-DSA-ipd)" + bool "Enable the ML-DSA signature algorithm (ML-DSA)" default y depends on LIBOQS