WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8467 from SparkiDev/kyber_improv_2 

ML-KEM/Kyber: improvements
pull/8476/head
David Garske 2025-02-19 16:42:42 -08:00 committed by GitHub
parent 539056e749 82b50f19c6
commit 93000e5f14
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 6323 additions and 4693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/pq-all.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=all,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'

3
.wolfssl_known_macro_extras
View File

@ -665,6 +665,7 @@ WOLFSSL_KEIL
WOLFSSL_KEIL_NET
WOLFSSL_KYBER_INVNTT_UNROLL
WOLFSSL_KYBER_NO_LARGE_CODE
WOLFSSL_KYBER_NO_MALLOC
WOLFSSL_KYBER_NTT_UNROLL
WOLFSSL_LIB
WOLFSSL_LMS_CACHE_BITS
@ -800,6 +801,8 @@ WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
WOLFSSL_TLS13_MIDDLEBOX_COMPAT
WOLFSSL_TLS13_SHA512
WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
WOLFSSL_TRACK_MEMORY_FULL
WOLFSSL_TRAP_MALLOC_SZ
WOLFSSL_UNALIGNED_64BIT_ACCESS

1
CMakeLists.txt
View File

@ -2510,6 +2510,7 @@ if(WOLFSSL_EXAMPLES)
tests/api/test_ripemd.c
tests/api/test_hash.c
tests/api/test_ascon.c
tests/api/test_mlkem.c
tests/api/test_ocsp.c
tests/hash.c
tests/srp.c

31
configure.ac
View File

@ -1405,13 +1405,19 @@ AC_ARG_ENABLE([kyber],
ENABLED_WC_KYBER=no
ENABLED_ML_KEM=unset
ENABLED_KYBER_MAKE_KEY=no
ENABLED_KYBER_ENCAPSULATE=no
ENABLED_KYBER_DECAPSULATE=no
for v in `echo $ENABLED_KYBER | tr "," " "`
do
case $v in
yes | all)
yes)
ENABLED_KYBER512=yes
ENABLED_KYBER768=yes
ENABLED_KYBER1024=yes
ENABLED_KYBER_MAKE_KEY=yes
ENABLED_KYBER_ENCAPSULATE=yes
ENABLED_KYBER_DECAPSULATE=yes
;;
no)
;;
@ -1430,6 +1436,20 @@ do
1024)
ENABLED_KYBER1024=yes
;;
make)
ENABLED_KYBER_MAKE_KEY=yes
;;
encapsulate|enc)
ENABLED_KYBER_ENCAPSULATE=yes
;;
decapsulate|dec)
ENABLED_KYBER_DECAPSULATE=yes
;;
all)
ENABLED_KYBER_MAKE_KEY=yes
ENABLED_KYBER_ENCAPSULATE=yes
ENABLED_KYBER_DECAPSULATE=yes
;;
original)
ENABLED_ORIGINAL=yes
;;
@ -1483,6 +1503,15 @@ then
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
fi
if test "$ENABLED_KYBER_MAKE_KEY" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_MAKE_KEY"
fi
if test "$ENABLED_KYBER_ENCAPSULATE" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_ENCAPSULATE"
fi
if test "$ENABLED_KYBER_DECAPSULATE" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_NO_DECAPSULATE"
fi
if test "$ENABLED_WC_KYBER" = "yes"
then

108
src/tls.c
View File

@ -8192,6 +8192,19 @@ static void findEccPqc(int *ecc, int *pqc, int group)
}
}
#if defined(WOLFSSL_MLKEM_CACHE_A) && \
!defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY)
/* Store KyberKey object rather than private key bytes in key share entry.
* Improves performance at cost of more dynamic memory being used. */
#define WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
#endif
#if defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) && \
defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)
#error "Choose WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY or "
"WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"
#endif
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
/* Create a key share entry using liboqs parameters group.
* Generates a key pair.
*
@ -8203,13 +8216,17 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
{
int ret = 0;
int type = 0;
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
KyberKey kem[1];
byte* pubKey = NULL;
byte* privKey = NULL;
word32 privSz = 0;
#else
KyberKey* kem;
#endif
byte* pubKey = NULL;
KeyShareEntry *ecc_kse = NULL;
int oqs_group = 0;
int ecc_group = 0;
word32 privSz = 0;
word32 pubSz = 0;
/* This gets called twice. Once during parsing of the key share and once
@ -8226,6 +8243,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
ret = BAD_FUNC_ARG;
}
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
if (ret == 0) {
ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
if (ret != 0) {
@ -8233,6 +8251,40 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
}
}
if (ret == 0) {
ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
}
if (ret == 0) {
ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
}
if (ret == 0) {
privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (privKey == NULL) {
WOLFSSL_MSG("privkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
#else
if (ret == 0) {
kem = (KyberKey*)XMALLOC(sizeof(KyberKey), ssl->heap,
DYNAMIC_TYPE_PRIVATE_KEY);
if (kem == NULL) {
WOLFSSL_MSG("KEM memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Failed to initialize Kyber Key.");
}
}
if (ret == 0) {
ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
}
#endif
if (ret == 0) {
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
DYNAMIC_TYPE_TLSX);
@ -8244,11 +8296,6 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
if (ret == 0) {
XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
}
if (ret == 0) {
ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
}
if (ret == 0 && ecc_group != 0) {
@ -8266,14 +8313,6 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
}
}
if (ret == 0) {
privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (privKey == NULL) {
WOLFSSL_MSG("privkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
ret = wc_KyberKey_MakeKey(kem, ssl->rng);
if (ret != 0) {
@ -8284,9 +8323,11 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
ret = wc_KyberKey_EncodePublicKey(kem, pubKey + ecc_kse->pubKeyLen,
pubSz);
}
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
if (ret == 0) {
ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz);
}
#endif
if (ret == 0) {
if (ecc_kse->pubKeyLen > 0)
XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
@ -8298,9 +8339,15 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
* separately. That's because the ECC private key is not simply a
* buffer. Its is an ecc_key struct. Typically do not need the private
* key size, but will need to zero it out upon freeing. */
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
kse->privKey = privKey;
privKey = NULL;
kse->privKeyLen = privSz;
#else
kse->privKey = (byte*)kem;
kem = NULL;
kse->privKeyLen = sizeof(KyberKey);
#endif
kse->key = ecc_kse->key;
ecc_kse->key = NULL;
@ -8314,10 +8361,15 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
wc_KyberKey_Free(kem);
TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
#else
XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
#endif
return ret;
}
#endif
#endif /* WOLFSSL_HAVE_KYBER */
/* Generate a secret/key using the key share entry.
@ -8335,7 +8387,7 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
else if (kse->group == WOLFSSL_ECC_X448)
ret = TLSX_KeyShare_GenX448Key(ssl, kse);
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_MAKE_KEY)
else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group))
ret = TLSX_KeyShare_GenPqcKey(ssl, kse);
#endif
@ -8382,6 +8434,9 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
current->pubKey = NULL;
if (current->privKey != NULL) {
ForceZero(current->privKey, current->privKeyLen);
#ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
wc_KyberKey_Free((KyberKey*)current->privKey);
#endif
XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
current->privKey = NULL;
}
@ -8920,7 +8975,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
return ret;
}
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
/* Process the Kyber key share extension on the client side.
*
* ssl The SSL/TLS object.
@ -8931,14 +8986,18 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
{
int ret = 0;
int type;
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
KyberKey kem[1];
word32 privSz = 0;
#else
KyberKey* kem;
#endif
byte* sharedSecret = NULL;
word32 sharedSecretLen = 0;
int oqs_group = 0;
int ecc_group = 0;
ecc_key eccpubkey;
word32 outlen = 0;
word32 privSz = 0;
word32 ctSz = 0;
word32 ssSz = 0;
@ -8981,12 +9040,17 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
return BAD_FUNC_ARG;
}
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
if (ret != 0) {
wc_ecc_free(&eccpubkey);
WOLFSSL_MSG("Error creating Kyber KEM");
return MEMORY_E;
}
#else
kem = (KyberKey*)keyShareEntry->privKey;
keyShareEntry->privKey = NULL;
#endif
if (ret == 0) {
ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
@ -9021,12 +9085,14 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
if (ret == 0) {
ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
}
#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
if (ret == 0) {
ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
}
if (ret == 0) {
ret = wc_KyberKey_DecodePrivateKey(kem, keyShareEntry->privKey, privSz);
}
#endif
if (ret == 0) {
ret = wc_KyberKey_Decapsulate(kem, sharedSecret + outlen,
keyShareEntry->ke + keyShareEntry->keLen - ctSz, ctSz);
@ -9113,7 +9179,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
else if (keyShareEntry->group == WOLFSSL_ECC_X448)
ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_DECAPSULATE)
else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group))
ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry);
#endif
@ -9437,7 +9503,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
return 0;
}
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry, byte* data, word16 len)
{
@ -9643,7 +9709,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
}
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_KYBER_NO_ENCAPSULATE)
if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
ssl->options.side == WOLFSSL_SERVER_END) {
ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data,

3887
tests/api.c
View File

File diff suppressed because it is too large Load Diff

2
tests/api/include.am
View File

@ -13,6 +13,7 @@ tests_unit_test_SOURCES += tests/api/test_sm3.c
tests_unit_test_SOURCES += tests/api/test_ripemd.c
tests_unit_test_SOURCES += tests/api/test_hash.c
tests_unit_test_SOURCES += tests/api/test_ascon.c
tests_unit_test_SOURCES += tests/api/test_mlkem.c
tests_unit_test_SOURCES += tests/api/test_dtls.c
tests_unit_test_SOURCES += tests/api/test_ocsp.c
endif
@ -29,6 +30,7 @@ EXTRA_DIST += tests/api/test_hash.h
EXTRA_DIST += tests/api/test_ascon.h
EXTRA_DIST += tests/api/test_ascon.h
EXTRA_DIST += tests/api/test_ascon_kats.h
EXTRA_DIST += tests/api/test_mlkem.h
EXTRA_DIST += tests/api/test_dtls.h
EXTRA_DIST += tests/api/test_ocsp.h
EXTRA_DIST += tests/api/test_ocsp_test_blobs.h

3882
tests/api/test_mlkem.c 100644
View File

File diff suppressed because it is too large Load Diff

29
tests/api/test_mlkem.h 100644
View File

@ -0,0 +1,29 @@
/* test_mlkem.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFCRYPT_TEST_MLKEM_H
#define WOLFCRYPT_TEST_MLKEM_H
int test_wc_mlkem_make_key_kats(void);
int test_wc_mlkem_encapsulate_kats(void);
int test_wc_mlkem_decapsulate_kats(void);
#endif /* WOLFCRYPT_TEST_MLKEM_H */

9
tests/suites.c
View File

@ -168,7 +168,7 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
return valid;
}
#ifdef WOLFSSL_HAVE_KYBER
#if defined(WOLFSSL_HAVE_KYBER)
static int IsKyberLevelAvailable(const char* line)
{
int available = 0;
@ -222,7 +222,14 @@ static int IsKyberLevelAvailable(const char* line)
#endif
}
#if defined(WOLFSSL_KYBER_NO_MAKE_KEY) || \
defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
defined(WOLFSSL_KYBER_NO_DECAPSULATE)
(void)available;
return begin == NULL;
#else
return (begin == NULL) || available;
#endif
}
#endif

9
tests/unit.c
View File

@ -192,13 +192,20 @@ int unit_test(int argc, char** argv)
else if (XSTRCMP(argv[1], "--no-api") == 0) {
apiTesting = 0;
}
else if (argv[1][1] >= '0' && argv[1][1] <= '9') {
else if (argv[1][0] == '-' && argv[1][1] >= '0' && argv[1][1] <= '9') {
ret = ApiTest_RunIdx(atoi(argv[1] + 1));
if (ret != 0) {
goto exit;
}
allTesting = 0;
}
else if (argv[1][0] == '-' && argv[1][1] == '~') {
ret = ApiTest_RunPartName(argv[1] + 2);
if (ret != 0) {
goto exit;
}
allTesting = 0;
}
else {
ret = ApiTest_RunName(argv[1] + 1);
if (ret != 0) {

1
tests/unit.h
View File

@ -414,6 +414,7 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
void ApiTest_PrintTestCases(void);
int ApiTest_RunIdx(int idx);
int ApiTest_RunPartName(char* name);
int ApiTest_RunName(char* name);
int ApiTest(void);

25
wolfcrypt/benchmark/benchmark.c
View File

@ -3693,17 +3693,17 @@ static void* benchmarks_do(void* args)
#ifdef WOLFSSL_HAVE_KYBER
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) {
#ifndef WOLFSSL_NO_ML_KEM
#ifdef WOLFSSL_KYBER512
#ifdef WOLFSSL_WC_ML_KEM_512
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
bench_kyber(WC_ML_KEM_512);
}
#endif
#ifdef WOLFSSL_KYBER768
#ifdef WOLFSSL_WC_ML_KEM_768
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
bench_kyber(WC_ML_KEM_768);
}
#endif
#ifdef WOLFSSL_KYBER1024
#ifdef WOLFSSL_WC_ML_KEM_1024
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
bench_kyber(WC_ML_KEM_1024);
}
@ -9656,6 +9656,7 @@ exit:
static void bench_kyber_keygen(int type, const char* name, int keySize,
KyberKey* key)
{
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
int ret = 0, times, count, pending = 0;
double start;
const char**desc = bench_desc_words[lng_index];
@ -9693,8 +9694,16 @@ exit:
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
#endif
#else
(void)type;
(void)name;
(void)keySize;
(void)key;
#endif /* !WOLFSSL_KYBER_NO_MAKE_KEY */
}
#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
!defined(WOLFSSL_KYBER_NO_DECAPSULATE)
static void bench_kyber_encap(int type, const char* name, int keySize,
KyberKey* key1, KyberKey* key2)
{
@ -9730,6 +9739,7 @@ static void bench_kyber_encap(int type, const char* name, int keySize,
return;
}
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
/* KYBER Encapsulate */
bench_stats_start(&count, &start);
do {
@ -9758,7 +9768,9 @@ exit_encap:
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
#endif
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
RESET_MULTI_VALUE_STATS_VARS();
/* KYBER Decapsulate */
@ -9783,7 +9795,9 @@ exit_decap:
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
#endif
#endif
}
#endif
void bench_kyber(int type)
{
@ -9808,7 +9822,7 @@ void bench_kyber(int type)
#endif
#ifdef WOLFSSL_WC_ML_KEM_1024
case WC_ML_KEM_1024:
name = "ML-KEM 1024 ";
name = "ML-KEM 1024";
keySize = 256;
break;
#endif
@ -9836,7 +9850,10 @@ void bench_kyber(int type)
}
bench_kyber_keygen(type, name, keySize, &key1);
#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) || \
!defined(WOLFSSL_KYBER_NO_DECAPSULATE)
bench_kyber_encap(type, name, keySize, &key1, &key2);
#endif
wc_KyberKey_Free(&key2);
wc_KyberKey_Free(&key1);

32
wolfcrypt/src/misc.c
View File

@ -254,6 +254,36 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
#ifdef WOLFSSL_X86_64_BUILD
WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
{
return ((word64*)in)[0];
}
WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
{
return ((word64*)out)[0] = in;
}
WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
size_t count)
{
const word64 *in_word64 = (const word64 *)in;
while (count-- > 0)
*out++ = *in_word64++;
}
WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
size_t count)
{
word64 *out_word64 = (word64 *)out;
while (count-- > 0)
*out_word64++ = *in++;
}
#else
WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
{
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
@ -301,6 +331,8 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
}
}
#endif
WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
{
return (x << y) | (x >> (sizeof(y) * 8 - y));

659
wolfcrypt/src/wc_kyber.c
View File

File diff suppressed because it is too large Load Diff

480
wolfcrypt/src/wc_kyber_asm.S
View File

@ -6086,6 +6086,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6107,14 +6115,6 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6136,6 +6136,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6209,6 +6217,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6230,14 +6246,6 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6259,6 +6267,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6375,6 +6391,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6396,14 +6420,6 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6425,6 +6441,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -6498,6 +6522,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6519,14 +6551,6 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6548,6 +6572,14 @@ L_pointwise_acc_mont_end_encap_bp:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -6652,18 +6684,26 @@ L_pointwise_acc_mont_end_encap_bp:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0
@ -6724,18 +6764,26 @@ L_pointwise_acc_mont_end_encap_bp:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0
@ -8116,6 +8164,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8137,14 +8193,6 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8166,6 +8214,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8239,6 +8295,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8260,14 +8324,6 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8289,6 +8345,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8405,6 +8469,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8426,14 +8498,6 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8455,6 +8519,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -8528,6 +8600,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8549,14 +8629,6 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8578,6 +8650,14 @@ L_pointwise_acc_mont_end_encap_v:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -8682,18 +8762,26 @@ L_pointwise_acc_mont_end_encap_v:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0
@ -8754,18 +8842,26 @@ L_pointwise_acc_mont_end_encap_v:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0
@ -10891,6 +10987,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -10912,14 +11016,6 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -10941,6 +11037,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -11014,6 +11118,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11035,14 +11147,6 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11064,6 +11168,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11180,6 +11292,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -11201,14 +11321,6 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -11230,6 +11342,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm3, %ymm2, %ymm9
vpsubw %ymm1, %ymm0, %ymm1
vpsubw %ymm3, %ymm2, %ymm3
vpmulhw %ymm15, %ymm8, %ymm0
vpmulhw %ymm15, %ymm9, %ymm2
vpsraw $10, %ymm0, %ymm0
vpsraw $10, %ymm2, %ymm2
vpmullw %ymm14, %ymm0, %ymm0
vpmullw %ymm14, %ymm2, %ymm2
vpsubw %ymm0, %ymm8, %ymm8
vpsubw %ymm2, %ymm9, %ymm9
vpmullw %ymm12, %ymm1, %ymm0
vpmullw %ymm13, %ymm3, %ymm2
vpmulhw %ymm10, %ymm1, %ymm1
@ -11303,6 +11423,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11324,14 +11452,6 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11353,6 +11473,14 @@ L_pointwise_acc_mont_end_decap:
vpaddw %ymm7, %ymm6, %ymm9
vpsubw %ymm5, %ymm4, %ymm5
vpsubw %ymm7, %ymm6, %ymm7
vpmulhw %ymm15, %ymm8, %ymm4
vpmulhw %ymm15, %ymm9, %ymm6
vpsraw $10, %ymm4, %ymm4
vpsraw $10, %ymm6, %ymm6
vpmullw %ymm14, %ymm4, %ymm4
vpmullw %ymm14, %ymm6, %ymm6
vpsubw %ymm4, %ymm8, %ymm8
vpsubw %ymm6, %ymm9, %ymm9
vpmullw %ymm12, %ymm5, %ymm4
vpmullw %ymm13, %ymm7, %ymm6
vpmulhw %ymm10, %ymm5, %ymm5
@ -11457,18 +11585,26 @@ L_pointwise_acc_mont_end_decap:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0
@ -11529,18 +11665,26 @@ L_pointwise_acc_mont_end_decap:
vpmulhw %ymm14, %ymm5, %ymm5
vpsubw %ymm4, %ymm8, %ymm4
vpsubw %ymm5, %ymm9, %ymm5
vpsubw %ymm6, %ymm2, %ymm8
vpsubw %ymm7, %ymm3, %ymm9
vpaddw %ymm6, %ymm2, %ymm2
vpaddw %ymm7, %ymm3, %ymm3
vpmullw %ymm12, %ymm8, %ymm6
vpmullw %ymm12, %ymm9, %ymm7
vpmulhw %ymm10, %ymm8, %ymm8
vpmulhw %ymm10, %ymm9, %ymm9
vpmulhw %ymm14, %ymm6, %ymm6
vpmulhw %ymm14, %ymm7, %ymm7
vpsubw %ymm6, %ymm8, %ymm6
vpsubw %ymm7, %ymm9, %ymm7
vpaddw %ymm6, %ymm2, %ymm8
vpaddw %ymm7, %ymm3, %ymm9
vpsubw %ymm6, %ymm2, %ymm6
vpsubw %ymm7, %ymm3, %ymm7
vpmulhw %ymm15, %ymm8, %ymm2
vpmulhw %ymm15, %ymm9, %ymm3
vpsraw $10, %ymm2, %ymm2
vpsraw $10, %ymm3, %ymm3
vpmullw %ymm14, %ymm2, %ymm2
vpmullw %ymm14, %ymm3, %ymm3
vpsubw %ymm2, %ymm8, %ymm2
vpsubw %ymm3, %ymm9, %ymm3
vpmullw %ymm12, %ymm6, %ymm8
vpmullw %ymm12, %ymm7, %ymm9
vpmulhw %ymm10, %ymm6, %ymm6
vpmulhw %ymm10, %ymm7, %ymm7
vpmulhw %ymm14, %ymm8, %ymm8
vpmulhw %ymm14, %ymm9, %ymm9
vpsubw %ymm8, %ymm6, %ymm6
vpsubw %ymm9, %ymm7, %ymm7
vpmullw %ymm13, %ymm0, %ymm8
vpmullw %ymm13, %ymm1, %ymm9
vpmulhw %ymm11, %ymm0, %ymm0

1420
wolfcrypt/src/wc_kyber_poly.c
View File

File diff suppressed because it is too large Load Diff

273
wolfcrypt/test/test.c
View File

@ -38639,18 +38639,30 @@ static wc_test_ret_t kyber512_kat(void)
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
KyberKey *key = NULL;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
KyberKey key[1];
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte priv[KYBER512_PRIVATE_KEY_SIZE];
byte pub[KYBER512_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte ct[KYBER512_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
@ -39513,20 +39525,31 @@ static wc_test_ret_t kyber512_kat(void)
#ifdef WOLFSSL_SMALL_STACK
key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL || priv == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (! (key && priv && pub && ct && ss && ss_dec))
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_KYBER_ORIGINAL
ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
@ -39535,6 +39558,7 @@ static wc_test_ret_t kyber512_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
sizeof(kyber512_rand));
if (ret != 0)
@ -39553,7 +39577,16 @@ static wc_test_ret_t kyber512_kat(void)
if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_rand;
(void)kyber512_pk;
ret = wc_KyberKey_DecodePrivateKey(key, kyber512_sk,
KYBER512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
sizeof(kyber512enc_rand));
if (ret != 0)
@ -39564,13 +39597,22 @@ static wc_test_ret_t kyber512_kat(void)
if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber512_ct,
sizeof(kyber512_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_ct;
(void)kyber512_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID);
@ -39579,6 +39621,7 @@ static wc_test_ret_t kyber512_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
sizeof(kyber512_rand));
if (ret != 0)
@ -39598,7 +39641,16 @@ static wc_test_ret_t kyber512_kat(void)
if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_rand;
(void)ml_kem_512_pk;
ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_512_sk,
WC_ML_KEM_512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
sizeof(kyber512enc_rand));
if (ret != 0)
@ -39609,13 +39661,22 @@ static wc_test_ret_t kyber512_kat(void)
if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_512_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
sizeof(ml_kem_512_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)ml_kem_512_ct;
(void)ml_kem_512_ss;
#endif
#endif
out:
@ -39625,11 +39686,17 @@ out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
@ -39642,18 +39709,30 @@ static wc_test_ret_t kyber768_kat(void)
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
KyberKey *key = NULL;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
KyberKey key[1];
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte priv[KYBER768_PRIVATE_KEY_SIZE];
byte pub[KYBER768_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte ct[KYBER768_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
@ -40885,20 +40964,31 @@ static wc_test_ret_t kyber768_kat(void)
#ifdef WOLFSSL_SMALL_STACK
key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL || pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (! (key && priv && pub && ct && ss && ss_dec))
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_KYBER_ORIGINAL
ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
@ -40907,6 +40997,7 @@ static wc_test_ret_t kyber768_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
sizeof(kyber768_rand));
if (ret != 0)
@ -40925,7 +41016,16 @@ static wc_test_ret_t kyber768_kat(void)
if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_rand;
(void)kyber768_pk;
ret = wc_KyberKey_DecodePrivateKey(key, kyber768_sk,
KYBER768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
sizeof(kyber768enc_rand));
if (ret != 0)
@ -40936,13 +41036,22 @@ static wc_test_ret_t kyber768_kat(void)
if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber768_ct,
sizeof(kyber768_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_ct;
(void)kyber768_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID);
@ -40951,6 +41060,7 @@ static wc_test_ret_t kyber768_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
sizeof(kyber768_rand));
if (ret != 0)
@ -40970,7 +41080,16 @@ static wc_test_ret_t kyber768_kat(void)
if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_rand;
(void)ml_kem_768_pk;
ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_768_sk,
WC_ML_KEM_768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
sizeof(kyber768enc_rand));
if (ret != 0)
@ -40981,13 +41100,22 @@ static wc_test_ret_t kyber768_kat(void)
if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_768_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_768_ct,
sizeof(ml_kem_768_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)ml_kem_768_ct;
(void)ml_kem_768_ss;
#endif
#endif
out:
@ -40997,11 +41125,17 @@ out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
@ -41014,18 +41148,30 @@ static wc_test_ret_t kyber1024_kat(void)
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
KyberKey *key = NULL;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
KyberKey key[1];
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte priv[KYBER1024_PRIVATE_KEY_SIZE];
byte pub[KYBER1024_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte ct[KYBER1024_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
@ -42664,20 +42810,31 @@ static wc_test_ret_t kyber1024_kat(void)
#ifdef WOLFSSL_SMALL_STACK
key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL || pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (! (key && priv && pub && ct && ss && ss_dec))
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_KYBER_ORIGINAL
ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
@ -42686,6 +42843,7 @@ static wc_test_ret_t kyber1024_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
sizeof(kyber1024_rand));
if (ret != 0)
@ -42704,7 +42862,16 @@ static wc_test_ret_t kyber1024_kat(void)
if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_rand;
(void)kyber1024_pk;
ret = wc_KyberKey_DecodePrivateKey(key, kyber1024_sk,
KYBER1024_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
sizeof(kyber1024enc_rand));
if (ret != 0)
@ -42715,13 +42882,22 @@ static wc_test_ret_t kyber1024_kat(void)
if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber1024_ct,
sizeof(kyber1024_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_ct;
(void)kyber1024_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID);
@ -42730,6 +42906,7 @@ static wc_test_ret_t kyber1024_kat(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
sizeof(kyber1024_rand));
if (ret != 0)
@ -42749,7 +42926,16 @@ static wc_test_ret_t kyber1024_kat(void)
if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_rand;
(void)ml_kem_1024_pk;
ret = wc_KyberKey_DecodePrivateKey(key, ml_kem_1024_sk,
WC_ML_KEM_1024_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
sizeof(kyber1024enc_rand));
if (ret != 0)
@ -42760,13 +42946,22 @@ static wc_test_ret_t kyber1024_kat(void)
if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024enc_rand;
#endif
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_1024_ct));
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ret = wc_KyberKey_Decapsulate(key, ss_dec, ml_kem_1024_ct,
sizeof(ml_kem_1024_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)ml_kem_1024_ct;
(void)ml_kem_1024_ss;
#endif
#endif
out:
@ -42776,11 +42971,17 @@ out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
@ -42795,22 +42996,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
int i;
#ifdef WOLFSSL_SMALL_STACK
KyberKey *key = NULL;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
byte *priv2 = NULL;
byte *pub2 = NULL;
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#endif
#endif
#else
KyberKey key[1];
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
#endif
#endif
int key_inited = 0;
static const int testData[][4] = {
@ -42848,24 +43061,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
#ifdef WOLFSSL_SMALL_STACK
key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec))
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#endif
#endif
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
@ -42882,6 +43114,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
else
key_inited = 1;
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
ret = wc_KyberKey_MakeKey(key, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
@ -42902,9 +43135,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
if (ret != 0)
@ -42921,12 +43156,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#if !defined(WOLFSSL_KYBER_NO_ENCAPSULATE) && \
!defined(WOLFSSL_KYBER_NO_DECAPSULATE)
ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
if (ret != 0)
@ -42934,6 +43172,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
}
wc_FreeRng(&rng);
@ -42963,13 +43202,19 @@ out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_KYBER_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#endif
#endif
return ret;

151
wolfssl/wolfcrypt/kyber.h
View File

@ -33,14 +33,21 @@
/* Define algorithm type when not excluded. */
#ifndef WOLFSSL_NO_KYBER512
#define WOLFSSL_KYBER512
#endif
#ifndef WOLFSSL_NO_KYBER768
#define WOLFSSL_KYBER768
#endif
#ifndef WOLFSSL_NO_KYBER1024
#define WOLFSSL_KYBER1024
#ifdef WOLFSSL_KYBER_ORIGINAL
#ifndef WOLFSSL_NO_KYBER512
#define WOLFSSL_KYBER512
#endif
#ifndef WOLFSSL_NO_KYBER768
#define WOLFSSL_KYBER768
#endif
#ifndef WOLFSSL_NO_KYBER1024
#define WOLFSSL_KYBER1024
#endif
#if !defined(WOLFSSL_KYBER512) && !defined(WOLFSSL_KYBER768) && \
!defined(WOLFSSL_KYBER1024)
#error "No Kyber key size chosen."
#endif
#endif
@ -58,7 +65,6 @@
/* Kyber-512 parameters */
#ifdef WOLFSSL_KYBER512
/* Number of polynomials in a vector and vectors in a matrix. */
#define KYBER512_K 2
@ -80,10 +86,8 @@
/* Cipher text size. */
#define KYBER512_CIPHER_TEXT_SIZE \
(KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ)
#endif /* WOLFSSL_KYBER512 */
/* Kyber-768 parameters */
#ifdef WOLFSSL_KYBER768
/* Number of polynomials in a vector and vectors in a matrix. */
#define KYBER768_K 3
@ -105,10 +109,8 @@
/* Cipher text size. */
#define KYBER768_CIPHER_TEXT_SIZE \
(KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ)
#endif /* WOLFSSL_KYBER768 */
/* Kyber-1024 parameters */
#ifdef WOLFSSL_KYBER1024
/* Number of polynomials in a vector and vectors in a matrix. */
#define KYBER1024_K 4
@ -130,7 +132,6 @@
/* Cipher text size. */
#define KYBER1024_CIPHER_TEXT_SIZE \
(KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ)
#endif /* WOLFSSL_KYBER1024 */
/* Maximum dimensions and sizes of supported key types. */
@ -144,7 +145,7 @@
#define KYBER_MAX_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE
#define KYBER_MAX_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE
#define KYBER_MAX_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE
#else
#elif defined(WOLFSSL_KYBER512)
#define KYBER_MAX_K KYBER512_K
#define KYBER_MAX_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE
#define KYBER_MAX_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE
@ -220,43 +221,113 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM)
#define WOLFSSL_WC_ML_KEM_512
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM)
#define WOLFSSL_WC_ML_KEM_768
#endif
#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM)
#define WOLFSSL_WC_ML_KEM_1024
#ifndef WOLFSSL_NO_ML_KEM
#if !defined(WOLFSSL_NO_ML_KEM_512)
#define WOLFSSL_WC_ML_KEM_512
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768)
#define WOLFSSL_WC_ML_KEM_768
#endif
#if !defined(WOLFSSL_NO_ML_KEM_1024)
#define WOLFSSL_WC_ML_KEM_1024
#endif
#if !defined(WOLFSSL_WC_ML_KEM_512) && !defined(WOLFSSL_WC_ML_KEM_768) && \
!defined(WOLFSSL_WC_ML_KEM_1024)
#error "No ML-KEM key size chosen."
#endif
#endif
#ifdef WOLFSSL_WC_ML_KEM_512
#define WC_ML_KEM_512_K KYBER512_K
#define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE
#define WC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE
#define WC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE
#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \
KYBER512_POLY_VEC_COMPRESSED_SZ
#define WC_ML_KEM_512_K 2
/* Size of a polynomial vector. */
#define WC_ML_KEM_512_POLY_VEC_SZ KYBER_POLY_VEC_SZ(WC_ML_KEM_512_K)
/* Size of a compressed polynomial based on bits per coefficient. */
#define WC_ML_KEM_512_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(4)
/* Size of a compressed vector polynomial based on dimensions and bits per
* coefficient. */
#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \
KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_512_K, 10)
/* Public key size. */
#define WC_ML_KEM_512_PUBLIC_KEY_SIZE \
(WC_ML_KEM_512_POLY_VEC_SZ + KYBER_SYM_SZ)
/* Private key size. */
#define WC_ML_KEM_512_PRIVATE_KEY_SIZE \
(WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_512_PUBLIC_KEY_SIZE + \
2 * KYBER_SYM_SZ)
/* Cipher text size. */
#define WC_ML_KEM_512_CIPHER_TEXT_SIZE \
(WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_512_POLY_COMPRESSED_SZ)
#endif
#ifdef WOLFSSL_WC_ML_KEM_768
#define WC_ML_KEM_768_K KYBER768_K
#define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE
#define WC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE
#define WC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE
#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \
KYBER768_POLY_VEC_COMPRESSED_SZ
#define WC_ML_KEM_768_K 3
/* Size of a polynomial vector. */
#define WC_ML_KEM_768_POLY_VEC_SZ KYBER_POLY_VEC_SZ(WC_ML_KEM_768_K)
/* Size of a compressed polynomial based on bits per coefficient. */
#define WC_ML_KEM_768_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(4)
/* Size of a compressed vector polynomial based on dimensions and bits per
* coefficient. */
#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \
KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_768_K, 10)
/* Public key size. */
#define WC_ML_KEM_768_PUBLIC_KEY_SIZE \
(WC_ML_KEM_768_POLY_VEC_SZ + KYBER_SYM_SZ)
/* Private key size. */
#define WC_ML_KEM_768_PRIVATE_KEY_SIZE \
(WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_768_PUBLIC_KEY_SIZE + \
2 * KYBER_SYM_SZ)
/* Cipher text size. */
#define WC_ML_KEM_768_CIPHER_TEXT_SIZE \
(WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_768_POLY_COMPRESSED_SZ)
#endif
#ifdef WOLFSSL_WC_ML_KEM_1024
#define WC_ML_KEM_1024_K KYBER1024_K
#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE
#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE
#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE
#define WC_ML_KEM_1024_K 4
/* Size of a polynomial vector. */
#define WC_ML_KEM_1024_POLY_VEC_SZ KYBER_POLY_VEC_SZ(WC_ML_KEM_1024_K)
/* Size of a compressed polynomial based on bits per coefficient. */
#define WC_ML_KEM_1024_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(5)
/* Size of a compressed vector polynomial based on dimensions and bits per
* coefficient. */
#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \
KYBER1024_POLY_VEC_COMPRESSED_SZ
KYBER_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_1024_K, 11)
/* Public key size. */
#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE \
(WC_ML_KEM_1024_POLY_VEC_SZ + KYBER_SYM_SZ)
/* Private key size. */
#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE \
(WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_1024_PUBLIC_KEY_SIZE + \
2 * KYBER_SYM_SZ)
/* Cipher text size. */
#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE \
(WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_1024_POLY_COMPRESSED_SZ)
#endif
#ifndef KYBER_MAX_K
#ifdef WOLFSSL_WC_ML_KEM_1024
#define KYBER_MAX_K WC_ML_KEM_1024_K
#define KYBER_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_1024_PRIVATE_KEY_SIZE
#define KYBER_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_1024_PUBLIC_KEY_SIZE
#define KYBER_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_1024_CIPHER_TEXT_SIZE
#elif defined(WOLFSSL_WC_ML_KEM_768)
#define KYBER_MAX_K WC_ML_KEM_768_K
#define KYBER_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_768_PRIVATE_KEY_SIZE
#define KYBER_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_768_PUBLIC_KEY_SIZE
#define KYBER_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_768_CIPHER_TEXT_SIZE
#elif defined(WOLFSSL_WC_ML_KEM_512)
#define KYBER_MAX_K WC_ML_KEM_512_K
#define KYBER_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_512_PRIVATE_KEY_SIZE
#define KYBER_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_512_PUBLIC_KEY_SIZE
#define KYBER_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_512_CIPHER_TEXT_SIZE
#endif
#endif /* KYBER_MAX_K */
#define WC_ML_KEM_MAX_K KYBER_MAX_K
#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE
#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE

12
wolfssl/wolfcrypt/wc_kyber.h
View File

@ -44,18 +44,6 @@
#define KYBER_NOINLINE
#endif
/* Define algorithm type when not excluded. */
#ifndef WOLFSSL_NO_KYBER512
#define WOLFSSL_KYBER512
#endif
#ifndef WOLFSSL_NO_KYBER768
#define WOLFSSL_KYBER768
#endif
#ifndef WOLFSSL_NO_KYBER1024
#define WOLFSSL_KYBER1024
#endif
enum {
/* Flags of Kyber keys. */
KYBER_FLAG_PRIV_SET = 0x0001,