pq_crypto 0.6.1 → 0.6.3

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/src/keccakf1600_round_constants.c

@@ -1,9 +1,14 @@
 /*
- * Copyright (c) The mlkem-native project authors
  * Copyright (c) The mldsa-native project authors
  * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
  */
 
+/*
+ * WARNING: This file is auto-generated from scripts/autogen
+ *          in the mldsa-native repository.
+ *          Do not modify it directly.
+ */
+
 #include "../../../../common.h"
 
 #if (defined(MLD_FIPS202_AARCH64_NEED_X1_SCALAR) ||                  \
@@ -15,15 +20,16 @@
 
 #include "fips202_native_aarch64.h"
 
-MLD_ALIGN const uint64_t mld_keccakf1600_round_constants[] = {
-    0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
-    0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
-    0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
-    0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
-    0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
-    0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
-    0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
-    0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
+MLD_ALIGN MLD_INTERNAL_DATA_DEFINITION const uint64_t
+    mld_keccakf1600_round_constants[24] = {
+        0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
+        0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
+        0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
+        0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
+        0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
+        0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
+        0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
+        0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
 };
 
 #else /* (MLD_FIPS202_AARCH64_NEED_X1_SCALAR ||                               \

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x1_scalar.h

@@ -18,7 +18,8 @@
 MLD_MUST_CHECK_RETURN_VALUE
 static MLD_INLINE int mld_keccak_f1600_x1_native(uint64_t *state)
 {
-  mld_keccak_f1600_x1_scalar_asm(state, mld_keccakf1600_round_constants);
+  mld_keccak_f1600_x1_scalar_aarch64_asm(state,
+                                         mld_keccakf1600_round_constants);
   return MLD_NATIVE_FUNC_SUCCESS;
 }
 #endif /* !__ASSEMBLER__ */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x1_v84a.h

@@ -27,7 +27,7 @@ static MLD_INLINE int mld_keccak_f1600_x1_native(uint64_t *state)
     return MLD_NATIVE_FUNC_FALLBACK;
   }
 
-  mld_keccak_f1600_x1_v84a_asm(state, mld_keccakf1600_round_constants);
+  mld_keccak_f1600_x1_v84a_aarch64_asm(state, mld_keccakf1600_round_constants);
   return MLD_NATIVE_FUNC_SUCCESS;
 }
 #endif /* !__ASSEMBLER__ */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x2_v84a.h

@@ -28,8 +28,10 @@ static MLD_INLINE int mld_keccak_f1600_x4_native(uint64_t *state)
     return MLD_NATIVE_FUNC_FALLBACK;
   }
 
-  mld_keccak_f1600_x2_v84a_asm(state + 0 * 25, mld_keccakf1600_round_constants);
-  mld_keccak_f1600_x2_v84a_asm(state + 2 * 25, mld_keccakf1600_round_constants);
+  mld_keccak_f1600_x2_v84a_aarch64_asm(state + 0 * 25,
+                                       mld_keccakf1600_round_constants);
+  mld_keccak_f1600_x2_v84a_aarch64_asm(state + 2 * 25,
+                                       mld_keccakf1600_round_constants);
   return MLD_NATIVE_FUNC_SUCCESS;
 }
 #endif /* !__ASSEMBLER__ */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x4_v8a_scalar.h

@@ -18,8 +18,8 @@
 MLD_MUST_CHECK_RETURN_VALUE
 static MLD_INLINE int mld_keccak_f1600_x4_native(uint64_t *state)
 {
-  mld_keccak_f1600_x4_v8a_scalar_hybrid_asm(state,
-                                            mld_keccakf1600_round_constants);
+  mld_keccak_f1600_x4_v8a_scalar_hybrid_aarch64_asm(
+      state, mld_keccakf1600_round_constants);
   return MLD_NATIVE_FUNC_SUCCESS;
 }
 #endif /* !__ASSEMBLER__ */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/aarch64/x4_v8a_v84a_scalar.h

@@ -27,7 +27,7 @@ static MLD_INLINE int mld_keccak_f1600_x4_native(uint64_t *state)
     return MLD_NATIVE_FUNC_FALLBACK;
   }
 
-  mld_keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm(
+  mld_keccak_f1600_x4_v8a_v84a_scalar_hybrid_aarch64_asm(
       state, mld_keccakf1600_round_constants);
   return MLD_NATIVE_FUNC_SUCCESS;
 }

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/api.h

@@ -66,4 +66,64 @@ __contract__(
 );
 #endif /* MLD_USE_FIPS202_X4_NATIVE */
 
+/*
+ * Native x4 XOR bytes and extract bytes interface.
+ *
+ * These functions allow backends to provide optimized implementations for
+ * XORing input data into the state and extracting output data from the state.
+ * This is particularly useful for backends that use a different internal state
+ * representation (e.g., bit-interleaved), as conversion can happen during
+ * XOR/extract rather than before/after each permutation.
+ *
+ * NOTE: We assume that the custom representation of the zero state is the
+ * all-zero state.
+ *
+ * MLD_USE_FIPS202_X4_XOR_BYTES_NATIVE: Backend provides native XOR bytes
+ * MLD_USE_FIPS202_X4_EXTRACT_BYTES_NATIVE: Backend provides native extract
+ * bytes
+ */
+
+#if defined(MLD_USE_FIPS202_X4_XOR_BYTES_NATIVE)
+MLD_MUST_CHECK_RETURN_VALUE
+static MLD_INLINE int mld_keccakf1600_xor_bytes_x4_native(
+    uint64_t *state, const unsigned char *data0, const unsigned char *data1,
+    const unsigned char *data2, const unsigned char *data3, unsigned offset,
+    unsigned length)
+__contract__(
+  requires(0 <= offset && offset <= 25 * sizeof(uint64_t) &&
+           0 <= length && length <= 25 * sizeof(uint64_t) - offset)
+  requires(memory_no_alias(state, sizeof(uint64_t) * 25 * 4))
+  requires(memory_no_alias(data0, length))
+  requires((data0 == data1 &&
+            data0 == data2 &&
+            data0 == data3) ||
+           (memory_no_alias(data1, length) &&
+            memory_no_alias(data2, length) &&
+            memory_no_alias(data3, length)))
+  assigns(memory_slice(state, sizeof(uint64_t) * 25 * 4))
+  ensures(return_value == MLD_NATIVE_FUNC_FALLBACK || return_value == MLD_NATIVE_FUNC_SUCCESS)
+  ensures((return_value == MLD_NATIVE_FUNC_FALLBACK) ==> array_unchanged_u64(state, 25 * 4)));
+#endif /* MLD_USE_FIPS202_X4_XOR_BYTES_NATIVE */
+
+#if defined(MLD_USE_FIPS202_X4_EXTRACT_BYTES_NATIVE)
+MLD_MUST_CHECK_RETURN_VALUE
+static MLD_INLINE int mld_keccakf1600_extract_bytes_x4_native(
+    uint64_t *state, unsigned char *data0, unsigned char *data1,
+    unsigned char *data2, unsigned char *data3, unsigned offset,
+    unsigned length)
+__contract__(
+  requires(0 <= offset && offset <= 25 * sizeof(uint64_t) &&
+           0 <= length && length <= 25 * sizeof(uint64_t) - offset)
+  requires(memory_no_alias(state, sizeof(uint64_t) * 25 * 4))
+  requires(memory_no_alias(data0, length))
+  requires(memory_no_alias(data1, length))
+  requires(memory_no_alias(data2, length))
+  requires(memory_no_alias(data3, length))
+  assigns(memory_slice(data0, length))
+  assigns(memory_slice(data1, length))
+  assigns(memory_slice(data2, length))
+  assigns(memory_slice(data3, length))
+  ensures(return_value == MLD_NATIVE_FUNC_FALLBACK || return_value == MLD_NATIVE_FUNC_SUCCESS));
+#endif /* MLD_USE_FIPS202_X4_EXTRACT_BYTES_NATIVE */
+
 #endif /* !MLD_FIPS202_NATIVE_API_H */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/mve.h

@@ -11,12 +11,18 @@
 
 /* Part of backend API */
 #define MLD_USE_FIPS202_X4_NATIVE
+#define MLD_USE_FIPS202_X4_XOR_BYTES_NATIVE
+#define MLD_USE_FIPS202_X4_EXTRACT_BYTES_NATIVE
 /* Guard for assembly file */
 #define MLD_FIPS202_ARMV81M_NEED_X4
 
 #if !defined(__ASSEMBLER__)
 #include "../api.h"
 
+/*
+ * Native x4 permutation
+ * State is kept in bit-interleaved format.
+ */
 #define mld_keccak_f1600_x4_native_impl \
   MLD_NAMESPACE(keccak_f1600_x4_native_impl)
 int mld_keccak_f1600_x4_native_impl(uint64_t *state);
@@ -27,6 +33,48 @@ static MLD_INLINE int mld_keccak_f1600_x4_native(uint64_t *state)
   return mld_keccak_f1600_x4_native_impl(state);
 }
 
+/*
+ * Native x4 XOR bytes (with on-the-fly bit interleaving)
+ */
+#define mld_keccak_f1600_x4_state_xor_bytes \
+  MLD_NAMESPACE(keccak_f1600_x4_state_xor_bytes_asm)
+void mld_keccak_f1600_x4_state_xor_bytes(void *state, const uint8_t *data0,
+                                         const uint8_t *data1,
+                                         const uint8_t *data2,
+                                         const uint8_t *data3, unsigned offset,
+                                         unsigned length);
+
+MLD_MUST_CHECK_RETURN_VALUE
+static MLD_INLINE int mld_keccakf1600_xor_bytes_x4_native(
+    uint64_t *state, const uint8_t *data0, const uint8_t *data1,
+    const uint8_t *data2, const uint8_t *data3, unsigned offset,
+    unsigned length)
+{
+  mld_keccak_f1600_x4_state_xor_bytes(state, data0, data1, data2, data3, offset,
+                                      length);
+  return MLD_NATIVE_FUNC_SUCCESS;
+}
+
+/*
+ * Native x4 extract bytes (with on-the-fly bit de-interleaving)
+ */
+#define mld_keccak_f1600_x4_state_extract_bytes \
+  MLD_NAMESPACE(keccak_f1600_x4_state_extract_bytes_asm)
+void mld_keccak_f1600_x4_state_extract_bytes(void *state, uint8_t *data0,
+                                             uint8_t *data1, uint8_t *data2,
+                                             uint8_t *data3, unsigned offset,
+                                             unsigned length);
+
+MLD_MUST_CHECK_RETURN_VALUE
+static MLD_INLINE int mld_keccakf1600_extract_bytes_x4_native(
+    uint64_t *state, uint8_t *data0, uint8_t *data1, uint8_t *data2,
+    uint8_t *data3, unsigned offset, unsigned length)
+{
+  mld_keccak_f1600_x4_state_extract_bytes(state, data0, data1, data2, data3,
+                                          offset, length);
+  return MLD_NATIVE_FUNC_SUCCESS;
+}
+
 #endif /* !__ASSEMBLER__ */
 
 #endif /* !MLD_FIPS202_NATIVE_ARMV81M_MVE_H */

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/fips202/native/armv81m/src/fips202_native_armv81m.h

@@ -11,10 +11,27 @@
 /* Keccak round constants in bit-interleaved form */
 #define mld_keccakf1600_round_constants \
   MLD_NAMESPACE(keccakf1600_round_constants)
-extern const uint32_t mld_keccakf1600_round_constants[48];
+MLD_INTERNAL_DATA_DECLARATION const uint32_t
+    mld_keccakf1600_round_constants[48];
 
 #define mld_keccak_f1600_x4_mve_asm MLD_NAMESPACE(keccak_f1600_x4_mve_asm)
 void mld_keccak_f1600_x4_mve_asm(uint64_t state[100], uint64_t tmpstate[100],
                                  const uint32_t rc[48]);
 
+#define mld_keccak_f1600_x4_state_xor_bytes_asm \
+  MLD_NAMESPACE(keccak_f1600_x4_state_xor_bytes_asm)
+void mld_keccak_f1600_x4_state_xor_bytes_asm(void *state, const uint8_t *d0,
+                                             const uint8_t *d1,
+                                             const uint8_t *d2,
+                                             const uint8_t *d3, unsigned offset,
+                                             unsigned length);
+
+#define mld_keccak_f1600_x4_state_extract_bytes_asm \
+  MLD_NAMESPACE(keccak_f1600_x4_state_extract_bytes_asm)
+void mld_keccak_f1600_x4_state_extract_bytes_asm(void *state, uint8_t *data0,
+                                                 uint8_t *data1, uint8_t *data2,
+                                                 uint8_t *data3,
+                                                 unsigned offset,
+                                                 unsigned length);
+
 #endif /* !MLD_FIPS202_NATIVE_ARMV81M_SRC_FIPS202_NATIVE_ARMV81M_H */