RubyGems - pq_crypto - Versions diffs - 0.4.2 → 0.5.0 - Mend

pq_crypto 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (408) hide show

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/indcpa.h DELETED Viewed

@@ -1,22 +0,0 @@
-#ifndef PQCLEAN_MLKEM768_CLEAN_INDCPA_H
-#define PQCLEAN_MLKEM768_CLEAN_INDCPA_H
-#include "params.h"
-#include "polyvec.h"
-#include <stdint.h>
-void PQCLEAN_MLKEM768_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
-void PQCLEAN_MLKEM768_CLEAN_indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES],
-        const uint8_t coins[KYBER_SYMBYTES]);
-void PQCLEAN_MLKEM768_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
-                                       const uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                       const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-                                       const uint8_t coins[KYBER_SYMBYTES]);
-void PQCLEAN_MLKEM768_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                       const uint8_t c[KYBER_INDCPA_BYTES],
-                                       const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/kem.c DELETED Viewed

@@ -1,164 +0,0 @@
-#include "indcpa.h"
-#include "kem.h"
-#include "params.h"
-#include "randombytes.h"
-#include "symmetric.h"
-#include "verify.h"
-#include <stddef.h>
-#include <stdint.h>
-#include <string.h>
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand
-*
-* Description: Generates public and private key
-*              for CCA-secure Kyber key encapsulation mechanism
-*
-* Arguments:   - uint8_t *pk: pointer to output public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - uint8_t *sk: pointer to output private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*              - uint8_t *coins: pointer to input randomness
-*                (an already allocated array filled with 2*KYBER_SYMBYTES random bytes)
-**
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(uint8_t *pk,
-        uint8_t *sk,
-        const uint8_t *coins) {
-    PQCLEAN_MLKEM768_CLEAN_indcpa_keypair_derand(pk, sk, coins);
-    memcpy(sk + KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_PUBLICKEYBYTES);
-    hash_h(sk + KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
-    /* Value z for pseudo-random output on reject */
-    memcpy(sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, coins + KYBER_SYMBYTES, KYBER_SYMBYTES);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair
-*
-* Description: Generates public and private key
-*              for CCA-secure Kyber key encapsulation mechanism
-*
-* Arguments:   - uint8_t *pk: pointer to output public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - uint8_t *sk: pointer to output private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(uint8_t *pk,
-        uint8_t *sk) {
-    uint8_t coins[2 * KYBER_SYMBYTES];
-    randombytes(coins, 2 * KYBER_SYMBYTES);
-    PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(pk, sk, coins);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand
-*
-* Description: Generates cipher text and shared
-*              secret for given public key
-*
-* Arguments:   - uint8_t *ct: pointer to output cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *pk: pointer to input public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - const uint8_t *coins: pointer to input randomness
-*                (an already allocated array filled with KYBER_SYMBYTES random bytes)
-**
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand(uint8_t *ct,
-        uint8_t *ss,
-        const uint8_t *pk,
-        const uint8_t *coins) {
-    uint8_t buf[2 * KYBER_SYMBYTES];
-    /* Will contain key, coins */
-    uint8_t kr[2 * KYBER_SYMBYTES];
-    memcpy(buf, coins, KYBER_SYMBYTES);
-    /* Multitarget countermeasure for coins + contributory KEM */
-    hash_h(buf + KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
-    hash_g(kr, buf, 2 * KYBER_SYMBYTES);
-    /* coins are in kr+KYBER_SYMBYTES */
-    PQCLEAN_MLKEM768_CLEAN_indcpa_enc(ct, buf, pk, kr + KYBER_SYMBYTES);
-    memcpy(ss, kr, KYBER_SYMBYTES);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc
-*
-* Description: Generates cipher text and shared
-*              secret for given public key
-*
-* Arguments:   - uint8_t *ct: pointer to output cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *pk: pointer to input public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc(uint8_t *ct,
-        uint8_t *ss,
-        const uint8_t *pk) {
-    uint8_t coins[KYBER_SYMBYTES];
-    randombytes(coins, KYBER_SYMBYTES);
-    PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand(ct, ss, pk, coins);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec
-*
-* Description: Generates shared secret for given
-*              cipher text and private key
-*
-* Arguments:   - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *ct: pointer to input cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - const uint8_t *sk: pointer to input private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*
-* Returns 0.
-*
-* On failure, ss will contain a pseudo-random value.
-**************************************************/
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(uint8_t *ss,
-        const uint8_t *ct,
-        const uint8_t *sk) {
-    int fail;
-    uint8_t buf[2 * KYBER_SYMBYTES];
-    /* Will contain key, coins */
-    uint8_t kr[2 * KYBER_SYMBYTES];
-    uint8_t cmp[KYBER_CIPHERTEXTBYTES + KYBER_SYMBYTES];
-    const uint8_t *pk = sk + KYBER_INDCPA_SECRETKEYBYTES;
-    PQCLEAN_MLKEM768_CLEAN_indcpa_dec(buf, ct, sk);
-    /* Multitarget countermeasure for coins + contributory KEM */
-    memcpy(buf + KYBER_SYMBYTES, sk + KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES, KYBER_SYMBYTES);
-    hash_g(kr, buf, 2 * KYBER_SYMBYTES);
-    /* coins are in kr+KYBER_SYMBYTES */
-    PQCLEAN_MLKEM768_CLEAN_indcpa_enc(cmp, buf, pk, kr + KYBER_SYMBYTES);
-    fail = PQCLEAN_MLKEM768_CLEAN_verify(ct, cmp, KYBER_CIPHERTEXTBYTES);
-    /* Compute rejection key */
-    rkprf(ss, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, ct);
-    /* Copy true key to return buffer if fail is false */
-    PQCLEAN_MLKEM768_CLEAN_cmov(ss, kr, KYBER_SYMBYTES, (uint8_t) (1 - fail));
-    return 0;
-}

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/kem.h DELETED Viewed

@@ -1,23 +0,0 @@
-#ifndef PQCLEAN_MLKEM768_CLEAN_KEM_H
-#define PQCLEAN_MLKEM768_CLEAN_KEM_H
-#include "params.h"
-#include <stdint.h>
-#define PQCLEAN_MLKEM768_CLEAN_CRYPTO_SECRETKEYBYTES  KYBER_SECRETKEYBYTES
-#define PQCLEAN_MLKEM768_CLEAN_CRYPTO_PUBLICKEYBYTES  KYBER_PUBLICKEYBYTES
-#define PQCLEAN_MLKEM768_CLEAN_CRYPTO_CIPHERTEXTBYTES KYBER_CIPHERTEXTBYTES
-#define PQCLEAN_MLKEM768_CLEAN_CRYPTO_BYTES           KYBER_SSBYTES
-#define PQCLEAN_MLKEM768_CLEAN_CRYPTO_ALGNAME "ML-KEM-768"
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins);
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins);
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-int PQCLEAN_MLKEM768_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/ntt.c DELETED Viewed

@@ -1,146 +0,0 @@
-#include "ntt.h"
-#include "params.h"
-#include "reduce.h"
-#include <stdint.h>
-/* Code to generate PQCLEAN_MLKEM768_CLEAN_zetas and zetas_inv used in the number-theoretic transform:
-#define KYBER_ROOT_OF_UNITY 17
-static const uint8_t tree[128] = {
-  0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120,
-  4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124,
-  2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122,
-  6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126,
-  1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121,
-  5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125,
-  3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123,
-  7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127
-};
-void init_ntt() {
-  unsigned int i;
-  int16_t tmp[128];
-  tmp[0] = MONT;
-  for(i=1;i<128;i++)
-    tmp[i] = fqmul(tmp[i-1],MONT*KYBER_ROOT_OF_UNITY % KYBER_Q);
-  for(i=0;i<128;i++) {
-    PQCLEAN_MLKEM768_CLEAN_zetas[i] = tmp[tree[i]];
-    if(PQCLEAN_MLKEM768_CLEAN_zetas[i] > KYBER_Q/2)
-      PQCLEAN_MLKEM768_CLEAN_zetas[i] -= KYBER_Q;
-    if(PQCLEAN_MLKEM768_CLEAN_zetas[i] < -KYBER_Q/2)
-      PQCLEAN_MLKEM768_CLEAN_zetas[i] += KYBER_Q;
-  }
-}
-*/
-const int16_t PQCLEAN_MLKEM768_CLEAN_zetas[128] = {
-    -1044,  -758,  -359, -1517,  1493,  1422,   287,   202,
-    -171,   622,  1577,   182,   962, -1202, -1474,  1468,
-    573, -1325,   264,   383,  -829,  1458, -1602,  -130,
-    -681,  1017,   732,   608, -1542,   411,  -205, -1571,
-    1223,   652,  -552,  1015, -1293,  1491,  -282, -1544,
-    516,    -8,  -320,  -666, -1618, -1162,   126,  1469,
-    -853,   -90,  -271,   830,   107, -1421,  -247,  -951,
-    -398,   961, -1508,  -725,   448, -1065,   677, -1275,
-    -1103,   430,   555,   843, -1251,   871,  1550,   105,
-    422,   587,   177,  -235,  -291,  -460,  1574,  1653,
-    -246,   778,  1159,  -147,  -777,  1483,  -602,  1119,
-    -1590,   644,  -872,   349,   418,   329,  -156,   -75,
-    817,  1097,   603,   610,  1322, -1285, -1465,   384,
-    -1215,  -136,  1218, -1335,  -874,   220, -1187, -1659,
-    -1185, -1530, -1278,   794, -1510,  -854,  -870,   478,
-    -108,  -308,   996,   991,   958, -1460,  1522,  1628
-};
-/*************************************************
-* Name:        fqmul
-*
-* Description: Multiplication followed by Montgomery reduction
-*
-* Arguments:   - int16_t a: first factor
-*              - int16_t b: second factor
-*
-* Returns 16-bit integer congruent to a*b*R^{-1} mod q
-**************************************************/
-static int16_t fqmul(int16_t a, int16_t b) {
-    return PQCLEAN_MLKEM768_CLEAN_montgomery_reduce((int32_t)a * b);
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_ntt
-*
-* Description: Inplace number-theoretic transform (NTT) in Rq.
-*              input is in standard order, output is in bitreversed order
-*
-* Arguments:   - int16_t r[256]: pointer to input/output vector of elements of Zq
-**************************************************/
-void PQCLEAN_MLKEM768_CLEAN_ntt(int16_t r[256]) {
-    unsigned int len, start, j, k;
-    int16_t t, zeta;
-    k = 1;
-    for (len = 128; len >= 2; len >>= 1) {
-        for (start = 0; start < 256; start = j + len) {
-            zeta = PQCLEAN_MLKEM768_CLEAN_zetas[k++];
-            for (j = start; j < start + len; j++) {
-                t = fqmul(zeta, r[j + len]);
-                r[j + len] = r[j] - t;
-                r[j] = r[j] + t;
-            }
-        }
-    }
-}
-/*************************************************
-* Name:        invntt_tomont
-*
-* Description: Inplace inverse number-theoretic transform in Rq and
-*              multiplication by Montgomery factor 2^16.
-*              Input is in bitreversed order, output is in standard order
-*
-* Arguments:   - int16_t r[256]: pointer to input/output vector of elements of Zq
-**************************************************/
-void PQCLEAN_MLKEM768_CLEAN_invntt(int16_t r[256]) {
-    unsigned int start, len, j, k;
-    int16_t t, zeta;
-    const int16_t f = 1441; // mont^2/128
-    k = 127;
-    for (len = 2; len <= 128; len <<= 1) {
-        for (start = 0; start < 256; start = j + len) {
-            zeta = PQCLEAN_MLKEM768_CLEAN_zetas[k--];
-            for (j = start; j < start + len; j++) {
-                t = r[j];
-                r[j] = PQCLEAN_MLKEM768_CLEAN_barrett_reduce(t + r[j + len]);
-                r[j + len] = r[j + len] - t;
-                r[j + len] = fqmul(zeta, r[j + len]);
-            }
-        }
-    }
-    for (j = 0; j < 256; j++) {
-        r[j] = fqmul(r[j], f);
-    }
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM768_CLEAN_basemul
-*
-* Description: Multiplication of polynomials in Zq[X]/(X^2-zeta)
-*              used for multiplication of elements in Rq in NTT domain
-*
-* Arguments:   - int16_t r[2]: pointer to the output polynomial
-*              - const int16_t a[2]: pointer to the first factor
-*              - const int16_t b[2]: pointer to the second factor
-*              - int16_t zeta: integer defining the reduction polynomial
-**************************************************/
-void PQCLEAN_MLKEM768_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
-    r[0]  = fqmul(a[1], b[1]);
-    r[0]  = fqmul(r[0], zeta);
-    r[0] += fqmul(a[0], b[0]);
-    r[1]  = fqmul(a[0], b[1]);
-    r[1] += fqmul(a[1], b[0]);
-}

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/ntt.h DELETED Viewed

@@ -1,14 +0,0 @@
-#ifndef PQCLEAN_MLKEM768_CLEAN_NTT_H
-#define PQCLEAN_MLKEM768_CLEAN_NTT_H
-#include "params.h"
-#include <stdint.h>
-extern const int16_t PQCLEAN_MLKEM768_CLEAN_zetas[128];
-void PQCLEAN_MLKEM768_CLEAN_ntt(int16_t r[256]);
-void PQCLEAN_MLKEM768_CLEAN_invntt(int16_t r[256]);
-void PQCLEAN_MLKEM768_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
-#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-768/clean/params.h DELETED Viewed

@@ -1,36 +0,0 @@
-#ifndef PQCLEAN_MLKEM768_CLEAN_PARAMS_H
-#define PQCLEAN_MLKEM768_CLEAN_PARAMS_H
-/* Don't change parameters below this line */
-#define KYBER_N 256
-#define KYBER_Q 3329
-#define KYBER_SYMBYTES 32   /* size in bytes of hashes, and seeds */
-#define KYBER_SSBYTES  32   /* size in bytes of shared key */
-#define KYBER_POLYBYTES     384
-#define KYBER_POLYVECBYTES  (KYBER_K * KYBER_POLYBYTES)
-#define KYBER_K 3
-#define KYBER_ETA1 2
-#define KYBER_POLYCOMPRESSEDBYTES    128
-#define KYBER_POLYVECCOMPRESSEDBYTES (KYBER_K * 320)
-#define KYBER_ETA2 2
-#define KYBER_INDCPA_MSGBYTES       (KYBER_SYMBYTES)
-#define KYBER_INDCPA_PUBLICKEYBYTES (KYBER_POLYVECBYTES + KYBER_SYMBYTES)
-#define KYBER_INDCPA_SECRETKEYBYTES (KYBER_POLYVECBYTES)
-#define KYBER_INDCPA_BYTES          (KYBER_POLYVECCOMPRESSEDBYTES + KYBER_POLYCOMPRESSEDBYTES)
-#define KYBER_PUBLICKEYBYTES  (KYBER_INDCPA_PUBLICKEYBYTES)
-/* 32 bytes of additional space to save H(pk) */
-#define KYBER_SECRETKEYBYTES  (KYBER_INDCPA_SECRETKEYBYTES + KYBER_INDCPA_PUBLICKEYBYTES + 2*KYBER_SYMBYTES)
-#define KYBER_CIPHERTEXTBYTES (KYBER_INDCPA_BYTES)
-#endif