From 75946803f37c8ce21981812951416092137e5f88 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 22 Oct 2024 19:32:51 +0800 Subject: [PATCH] Port https://github.com/mupq/pqm4/pull/363/commits/8a9c7cc9486fa123c256630835512b852f97f692 --- crypto_sign/ml-dsa-44/m4f/poly.c | 11 ------ crypto_sign/ml-dsa-44/m4f/poly.h | 2 - crypto_sign/ml-dsa-44/m4f/sign.c | 2 +- crypto_sign/ml-dsa-44/m4f/vector.h | 2 - crypto_sign/ml-dsa-44/m4f/vector.s | 54 -------------------------- crypto_sign/ml-dsa-44/m4fstack/sign.c | 18 ++++----- crypto_sign/ml-dsa-44/m4fstack/stack.c | 20 ---------- crypto_sign/ml-dsa-44/m4fstack/stack.h | 5 --- 8 files changed, 8 insertions(+), 106 deletions(-) diff --git a/crypto_sign/ml-dsa-44/m4f/poly.c b/crypto_sign/ml-dsa-44/m4f/poly.c index 5e11c02..511afd4 100644 --- a/crypto_sign/ml-dsa-44/m4f/poly.c +++ b/crypto_sign/ml-dsa-44/m4f/poly.c @@ -45,17 +45,6 @@ void poly_caddq(poly *a) { asm_caddq(a->coeffs); } -/************************************************* -* Name: poly_csubq -* -* Description: For all coefficients of input polynomial subtract Q if -* coefficient is bigger than Q; add Q if coefficient is negative. -* -* Arguments: - poly *a: pointer to input/output polynomial -**************************************************/ -void poly_csubq(poly *a) { - asm_caddq(a->coeffs); -} #if 0 /************************************************* diff --git a/crypto_sign/ml-dsa-44/m4f/poly.h b/crypto_sign/ml-dsa-44/m4f/poly.h index 5114ef9..31123a9 100644 --- a/crypto_sign/ml-dsa-44/m4f/poly.h +++ b/crypto_sign/ml-dsa-44/m4f/poly.h @@ -12,8 +12,6 @@ typedef struct { void poly_reduce(poly *a); #define poly_caddq DILITHIUM_NAMESPACE(poly_caddq) void poly_caddq(poly *a); -#define poly_csubq DILITHIUM_NAMESPACE(poly_csubq) -void poly_csubq(poly *a); #define poly_freeze DILITHIUM_NAMESPACE(poly_freeze) void poly_freeze(poly *a); diff --git a/crypto_sign/ml-dsa-44/m4f/sign.c b/crypto_sign/ml-dsa-44/m4f/sign.c index aa3f66a..b43f34f 100644 --- a/crypto_sign/ml-dsa-44/m4f/sign.c +++ b/crypto_sign/ml-dsa-44/m4f/sign.c @@ -349,7 +349,7 @@ int crypto_sign_verify_ctx(const uint8_t *sig, poly_invntt_tomont(&w1_elem); // Reconstruct w1 - poly_csubq(&w1_elem); + poly_caddq(&w1_elem); if (unpack_sig_h(&tmp_elem, k_idx, sig) != 0) { return -1; } diff --git a/crypto_sign/ml-dsa-44/m4f/vector.h b/crypto_sign/ml-dsa-44/m4f/vector.h index 183ddc8..e5c5dda 100644 --- a/crypto_sign/ml-dsa-44/m4f/vector.h +++ b/crypto_sign/ml-dsa-44/m4f/vector.h @@ -10,8 +10,6 @@ void asm_reduce32(int32_t a[N]); void small_asm_reduce32_central(int32_t a[N]); #define asm_caddq DILITHIUM_NAMESPACE(asm_caddq) void asm_caddq(int32_t a[N]); -#define asm_csubq DILITHIUM_NAMESPACE(asm_csubq) -void asm_csubq(int32_t a[N]); #define asm_freeze DILITHIUM_NAMESPACE(asm_freeze) void asm_freeze(int32_t a[N]); #define asm_rej_uniform DILITHIUM_NAMESPACE(asm_rej_uniform) diff --git a/crypto_sign/ml-dsa-44/m4f/vector.s b/crypto_sign/ml-dsa-44/m4f/vector.s index a393c91..376a1fb 100644 --- a/crypto_sign/ml-dsa-44/m4f/vector.s +++ b/crypto_sign/ml-dsa-44/m4f/vector.s @@ -169,60 +169,6 @@ pqcrystals_dilithium_asm_caddq: bx lr .size pqcrystals_dilithium_asm_caddq, .-pqcrystals_dilithium_asm_caddq -.macro csubq a, tmp, q - cmp.n \a, \q - it ge - subge.w \a, \a, \q - cmp \a, #0 - it mi - addmi.w \a, \a, \q -.endm - -// void asm_csubq(int32_t a[N]); -.global pqcrystals_dilithium_asm_csubq -.type pqcrystals_dilithium_asm_csubq, %function -.align 2 -pqcrystals_dilithium_asm_csubq: - push {r4-r10} - - movw r12,#:lower16:8380417 - movt r12,#:upper16:8380417 - - movw r10, #32 - 1: - ldr.w r1, [r0] - ldr.w r2, [r0, #1*4] - ldr.w r3, [r0, #2*4] - ldr.w r4, [r0, #3*4] - ldr.w r5, [r0, #4*4] - ldr.w r6, [r0, #5*4] - ldr.w r7, [r0, #6*4] - ldr.w r8, [r0, #7*4] - - csubq r1, r9, r12 - csubq r2, r9, r12 - csubq r3, r9, r12 - csubq r4, r9, r12 - csubq r5, r9, r12 - csubq r6, r9, r12 - csubq r7, r9, r12 - csubq r8, r9, r12 - - str.w r2, [r0, #1*4] - str.w r3, [r0, #2*4] - str.w r4, [r0, #3*4] - str.w r5, [r0, #4*4] - str.w r6, [r0, #5*4] - str.w r7, [r0, #6*4] - str.w r8, [r0, #7*4] - str r1, [r0], #8*4 - subs r10, #1 - bne.w 1b - - pop {r4-r10} - bx lr -.size pqcrystals_dilithium_asm_csubq, .-pqcrystals_dilithium_asm_csubq - // asm_rej_uniform(int32_t *a,unsigned int len,const unsigned char *buf, unsigned int buflen); .global pqcrystals_dilithium_asm_rej_uniform .type pqcrystals_dilithium_asm_rej_uniform, %function diff --git a/crypto_sign/ml-dsa-44/m4fstack/sign.c b/crypto_sign/ml-dsa-44/m4fstack/sign.c index 7489190..a08d6d6 100644 --- a/crypto_sign/ml-dsa-44/m4fstack/sign.c +++ b/crypto_sign/ml-dsa-44/m4fstack/sign.c @@ -37,7 +37,7 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) { } data; shake256incctx *s256 = &data.s256; - uint8_t *tr = &data.tr; + uint8_t *tr = &data.tr[0]; poly *tC = &data.tC; /* Get randomness for rho, rhoprime and key */ @@ -135,7 +135,6 @@ int crypto_sign_signature_ctx(uint8_t *sig, uint8_t *mu, *rhoprime, *rnd; const uint8_t *rho, *tr, *key; uint16_t nonce = 0; - unsigned int n; uint8_t wcomp[K][768]; uint8_t ccomp[68]; @@ -168,9 +167,6 @@ int crypto_sign_signature_ctx(uint8_t *sig, return -1; } - - unpack_sk_stack(rho, tr, key, sk); - /* Compute mu = CRH(tr, 0, ctxlen, ctx, msg) */ mu[0] = 0; mu[1] = (uint8_t)ctxlen; @@ -363,15 +359,15 @@ int crypto_sign_verify_ctx(const uint8_t *sig, uint8_t w1_packed[POLYW1_PACKEDBYTES]; uint8_t wcomp[768]; } w1_packed_comp; - uint8_t *w1_packed = &w1_packed_comp.w1_packed; - uint8_t *wcomp = &w1_packed_comp.wcomp; + uint8_t *w1_packed = &w1_packed_comp.w1_packed[0]; + uint8_t *wcomp = &w1_packed_comp.wcomp[0]; union { uint8_t ccomp[68]; uint8_t mu[CRHBYTES]; } ccomp_mu; - uint8_t *ccomp = &ccomp_mu.ccomp; - uint8_t *mu = &ccomp_mu.mu; + uint8_t *ccomp = &ccomp_mu.ccomp[0]; + uint8_t *mu = &ccomp_mu.mu[0]; shake256incctx s256; @@ -381,9 +377,9 @@ int crypto_sign_verify_ctx(const uint8_t *sig, uint8_t c2[CTILDEBYTES]; } shake_hint; - uint8_t *hint_ones = &shake_hint.hint_ones; + uint8_t *hint_ones = &shake_hint.hint_ones[0]; shake128incctx *s128 = &shake_hint.s128; - uint8_t *c2 = &shake_hint.c2; + uint8_t *c2 = &shake_hint.c2[0]; if (ctxlen > 255 || siglen != CRYPTO_BYTES) { return -1; diff --git a/crypto_sign/ml-dsa-44/m4fstack/stack.c b/crypto_sign/ml-dsa-44/m4fstack/stack.c index c8804bc..a00183f 100644 --- a/crypto_sign/ml-dsa-44/m4fstack/stack.c +++ b/crypto_sign/ml-dsa-44/m4fstack/stack.c @@ -438,26 +438,6 @@ size_t poly_make_hint_stack(poly *a, poly *t, uint8_t w[768]){ return hints_n; } -void unpack_sk_stack(uint8_t rho[SEEDBYTES], - uint8_t tr[TRBYTES], - uint8_t key[SEEDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) -{ - unsigned int i; - - for(i = 0; i < SEEDBYTES; ++i) - rho[i] = sk[i]; - sk += SEEDBYTES; - - for(i = 0; i < SEEDBYTES; ++i) - key[i] = sk[i]; - sk += SEEDBYTES; - - for(i = 0; i < TRBYTES; ++i) - tr[i] = sk[i]; - sk += TRBYTES; -} - /************************************************* * Name: unpack_sig_h_indices * diff --git a/crypto_sign/ml-dsa-44/m4fstack/stack.h b/crypto_sign/ml-dsa-44/m4fstack/stack.h index 859ea96..e802306 100644 --- a/crypto_sign/ml-dsa-44/m4fstack/stack.h +++ b/crypto_sign/ml-dsa-44/m4fstack/stack.h @@ -34,11 +34,6 @@ size_t poly_make_hint_stack(poly *a, poly *t, uint8_t w[768]); int unpack_sig_h_indices(uint8_t h_i[OMEGA], unsigned int * number_of_hints, unsigned int idx, const unsigned char sig[CRYPTO_BYTES]); void poly_use_hint_stack(poly *b, const poly *a, uint8_t h_i[OMEGA], unsigned int number_of_hints); -void unpack_sk_stack(uint8_t rho[SEEDBYTES], - uint8_t tr[TRBYTES], - uint8_t key[SEEDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]); - void pack_pk_rho(unsigned char pk[CRYPTO_PUBLICKEYBYTES], const unsigned char rho[SEEDBYTES]);