@pinkparrot/qsafe-mayo-wasm 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitmodules +3 -0
- package/.vscode/launch.json +12 -0
- package/LICENSE +201 -0
- package/bridge/mayo1_bridge.c +26 -0
- package/bridge/mayo2_bridge.c +26 -0
- package/bridge/randombytes_inject.c +44 -0
- package/build_mayo1.ps1 +36 -0
- package/build_mayo2.ps1 +36 -0
- package/dist/mayo.browser.min.js +216 -0
- package/dist/mayo1.js +0 -0
- package/dist/mayo2.js +0 -0
- package/dist/mayo_api.js +139 -0
- package/dist/package.json +1 -0
- package/gitignore +2 -0
- package/index.mjs +1 -0
- package/mayo-c/.astylerc +16 -0
- package/mayo-c/.cmake/flags.cmake +45 -0
- package/mayo-c/.cmake/sanitizers.cmake +81 -0
- package/mayo-c/.cmake/target.cmake +71 -0
- package/mayo-c/.github/workflows/ci_clang.yml +61 -0
- package/mayo-c/.github/workflows/ci_gcc.yml +60 -0
- package/mayo-c/.github/workflows/cmake.yml +160 -0
- package/mayo-c/.github/workflows/macos_m1.yml +68 -0
- package/mayo-c/CMakeLists.txt +35 -0
- package/mayo-c/KAT/PQCsignKAT_24_MAYO_1.req +900 -0
- package/mayo-c/KAT/PQCsignKAT_24_MAYO_1.rsp +902 -0
- package/mayo-c/KAT/PQCsignKAT_24_MAYO_2.req +900 -0
- package/mayo-c/KAT/PQCsignKAT_24_MAYO_2.rsp +902 -0
- package/mayo-c/KAT/PQCsignKAT_32_MAYO_3.req +900 -0
- package/mayo-c/KAT/PQCsignKAT_32_MAYO_3.rsp +902 -0
- package/mayo-c/KAT/PQCsignKAT_40_MAYO_5.req +900 -0
- package/mayo-c/KAT/PQCsignKAT_40_MAYO_5.rsp +902 -0
- package/mayo-c/LICENSE +202 -0
- package/mayo-c/META/MAYO-1_META.yml +52 -0
- package/mayo-c/META/MAYO-2_META.yml +52 -0
- package/mayo-c/META/MAYO-3_META.yml +52 -0
- package/mayo-c/META/MAYO-5_META.yml +52 -0
- package/mayo-c/NOTICE +13 -0
- package/mayo-c/README.md +183 -0
- package/mayo-c/apps/CMakeLists.txt +31 -0
- package/mayo-c/apps/PQCgenKAT_sign.c +281 -0
- package/mayo-c/apps/example.c +151 -0
- package/mayo-c/apps/example_nistapi.c +124 -0
- package/mayo-c/include/mayo.h +442 -0
- package/mayo-c/include/mem.h +25 -0
- package/mayo-c/include/randombytes.h +31 -0
- package/mayo-c/scripts/contstants.py +141 -0
- package/mayo-c/scripts/find_irred_poly.sage +39 -0
- package/mayo-c/src/AVX2/arithmetic_common.h +159 -0
- package/mayo-c/src/AVX2/echelon_form.h +91 -0
- package/mayo-c/src/AVX2/echelon_form_loop.h +58 -0
- package/mayo-c/src/AVX2/shuffle_arithmetic.h +442 -0
- package/mayo-c/src/CMakeLists.txt +98 -0
- package/mayo-c/src/arithmetic.c +128 -0
- package/mayo-c/src/arithmetic.h +124 -0
- package/mayo-c/src/common/aes128ctr.c +293 -0
- package/mayo-c/src/common/aes_c.c +741 -0
- package/mayo-c/src/common/aes_ctr.h +32 -0
- package/mayo-c/src/common/aes_neon.c +201 -0
- package/mayo-c/src/common/debug_bench_tools.h +69 -0
- package/mayo-c/src/common/fips202.c +1093 -0
- package/mayo-c/src/common/fips202.h +12 -0
- package/mayo-c/src/common/mem.c +19 -0
- package/mayo-c/src/common/randombytes_ctrdrbg.c +141 -0
- package/mayo-c/src/common/randombytes_system.c +399 -0
- package/mayo-c/src/generic/arithmetic_dynamic.h +68 -0
- package/mayo-c/src/generic/arithmetic_fixed.h +84 -0
- package/mayo-c/src/generic/echelon_form.h +152 -0
- package/mayo-c/src/generic/ef_inner_loop.h +56 -0
- package/mayo-c/src/generic/generic_arithmetic.h +294 -0
- package/mayo-c/src/mayo.c +675 -0
- package/mayo-c/src/mayo_1/api.c +46 -0
- package/mayo-c/src/mayo_1/api.h +43 -0
- package/mayo-c/src/mayo_2/api.c +46 -0
- package/mayo-c/src/mayo_2/api.h +43 -0
- package/mayo-c/src/mayo_3/api.c +46 -0
- package/mayo-c/src/mayo_3/api.h +43 -0
- package/mayo-c/src/mayo_5/api.c +46 -0
- package/mayo-c/src/mayo_5/api.h +43 -0
- package/mayo-c/src/neon/arithmetic_common.h +132 -0
- package/mayo-c/src/neon/echelon_form.h +55 -0
- package/mayo-c/src/neon/echelon_form_loop.h +58 -0
- package/mayo-c/src/neon/shuffle_arithmetic.h +462 -0
- package/mayo-c/src/params.c +42 -0
- package/mayo-c/src/simple_arithmetic.h +138 -0
- package/mayo-c/test/CMakeLists.txt +51 -0
- package/mayo-c/test/bench.c +166 -0
- package/mayo-c/test/m1cycles.c +155 -0
- package/mayo-c/test/m1cycles.h +13 -0
- package/mayo-c/test/test_kat.c +271 -0
- package/mayo-c/test/test_mayo.c +139 -0
- package/mayo-c/test/test_sample_solution.c +75 -0
- package/mayo-c/test/test_various.c +680 -0
- package/package.json +39 -0
- package/publish.bat +22 -0
- package/readme.md +80 -0
- package/test/test.mjs +42 -0
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#include <api.h>
|
|
4
|
+
#include <mayo.h>
|
|
5
|
+
|
|
6
|
+
#ifdef ENABLE_PARAMS_DYNAMIC
|
|
7
|
+
#define MAYO_PARAMS &MAYO_1
|
|
8
|
+
#else
|
|
9
|
+
#define MAYO_PARAMS 0
|
|
10
|
+
#endif
|
|
11
|
+
|
|
12
|
+
int
|
|
13
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
|
|
14
|
+
return mayo_keypair(MAYO_PARAMS, pk, sk);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
int
|
|
18
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
19
|
+
const unsigned char *m, size_t mlen,
|
|
20
|
+
const unsigned char *sk) {
|
|
21
|
+
return mayo_sign(MAYO_PARAMS, sm, smlen, m, mlen, sk);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
int
|
|
25
|
+
crypto_sign_signature(unsigned char *sig,
|
|
26
|
+
size_t *siglen, const unsigned char *m,
|
|
27
|
+
size_t mlen, const unsigned char *sk) {
|
|
28
|
+
return mayo_sign_signature(MAYO_PARAMS, sig, siglen, m, mlen, sk);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk) {
|
|
35
|
+
return mayo_open(MAYO_PARAMS, m, mlen, sm, smlen, pk);
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
int
|
|
39
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
40
|
+
const unsigned char *m, size_t mlen,
|
|
41
|
+
const unsigned char *pk) {
|
|
42
|
+
if (siglen != CRYPTO_BYTES)
|
|
43
|
+
return -1;
|
|
44
|
+
return mayo_verify(MAYO_PARAMS, m, mlen, sig, pk);
|
|
45
|
+
}
|
|
46
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#ifndef api_h
|
|
4
|
+
#define api_h
|
|
5
|
+
|
|
6
|
+
#include <mayo.h>
|
|
7
|
+
|
|
8
|
+
#define CRYPTO_SECRETKEYBYTES 24
|
|
9
|
+
#define CRYPTO_PUBLICKEYBYTES 1420
|
|
10
|
+
#define CRYPTO_BYTES 454
|
|
11
|
+
|
|
12
|
+
#define CRYPTO_ALGNAME "MAYO-1"
|
|
13
|
+
|
|
14
|
+
#define crypto_sign_keypair MAYO_NAMESPACE(crypto_sign_keypair)
|
|
15
|
+
int
|
|
16
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
|
|
17
|
+
|
|
18
|
+
#define crypto_sign MAYO_NAMESPACE(crypto_sign)
|
|
19
|
+
int
|
|
20
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
21
|
+
const unsigned char *m, size_t mlen,
|
|
22
|
+
const unsigned char *sk);
|
|
23
|
+
|
|
24
|
+
#define crypto_sign_signature MAYO_NAMESPACE(crypto_sign_signature)
|
|
25
|
+
int
|
|
26
|
+
crypto_sign_signature(unsigned char *sig,
|
|
27
|
+
size_t *siglen, const unsigned char *m,
|
|
28
|
+
size_t mlen, const unsigned char *sk);
|
|
29
|
+
|
|
30
|
+
#define crypto_sign_open MAYO_NAMESPACE(crypto_sign_open)
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk);
|
|
35
|
+
|
|
36
|
+
#define crypto_sign_verify MAYO_NAMESPACE(crypto_sign_verify)
|
|
37
|
+
int
|
|
38
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
39
|
+
const unsigned char *m, size_t mlen,
|
|
40
|
+
const unsigned char *pk);
|
|
41
|
+
|
|
42
|
+
#endif /* api_h */
|
|
43
|
+
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#include <api.h>
|
|
4
|
+
#include <mayo.h>
|
|
5
|
+
|
|
6
|
+
#ifdef ENABLE_PARAMS_DYNAMIC
|
|
7
|
+
#define MAYO_PARAMS &MAYO_2
|
|
8
|
+
#else
|
|
9
|
+
#define MAYO_PARAMS 0
|
|
10
|
+
#endif
|
|
11
|
+
|
|
12
|
+
int
|
|
13
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
|
|
14
|
+
return mayo_keypair(MAYO_PARAMS, pk, sk);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
int
|
|
18
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
19
|
+
const unsigned char *m, size_t mlen,
|
|
20
|
+
const unsigned char *sk) {
|
|
21
|
+
return mayo_sign(MAYO_PARAMS, sm, smlen, m, mlen, sk);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
int
|
|
25
|
+
crypto_sign_signature(unsigned char *sig,
|
|
26
|
+
size_t *siglen, const unsigned char *m,
|
|
27
|
+
size_t mlen, const unsigned char *sk) {
|
|
28
|
+
return mayo_sign_signature(MAYO_PARAMS, sig, siglen, m, mlen, sk);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk) {
|
|
35
|
+
return mayo_open(MAYO_PARAMS, m, mlen, sm, smlen, pk);
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
int
|
|
39
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
40
|
+
const unsigned char *m, size_t mlen,
|
|
41
|
+
const unsigned char *pk) {
|
|
42
|
+
if (siglen != CRYPTO_BYTES)
|
|
43
|
+
return -1;
|
|
44
|
+
return mayo_verify(MAYO_PARAMS, m, mlen, sig, pk);
|
|
45
|
+
}
|
|
46
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#ifndef api_h
|
|
4
|
+
#define api_h
|
|
5
|
+
|
|
6
|
+
#include <mayo.h>
|
|
7
|
+
|
|
8
|
+
#define CRYPTO_SECRETKEYBYTES 24
|
|
9
|
+
#define CRYPTO_PUBLICKEYBYTES 4912
|
|
10
|
+
#define CRYPTO_BYTES 186
|
|
11
|
+
|
|
12
|
+
#define CRYPTO_ALGNAME "MAYO-2"
|
|
13
|
+
|
|
14
|
+
#define crypto_sign_keypair MAYO_NAMESPACE(crypto_sign_keypair)
|
|
15
|
+
int
|
|
16
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
|
|
17
|
+
|
|
18
|
+
#define crypto_sign MAYO_NAMESPACE(crypto_sign)
|
|
19
|
+
int
|
|
20
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
21
|
+
const unsigned char *m, size_t mlen,
|
|
22
|
+
const unsigned char *sk);
|
|
23
|
+
|
|
24
|
+
#define crypto_sign_signature MAYO_NAMESPACE(crypto_sign_signature)
|
|
25
|
+
int
|
|
26
|
+
crypto_sign_signature(unsigned char *sig,
|
|
27
|
+
size_t *siglen, const unsigned char *m,
|
|
28
|
+
size_t mlen, const unsigned char *sk);
|
|
29
|
+
|
|
30
|
+
#define crypto_sign_open MAYO_NAMESPACE(crypto_sign_open)
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk);
|
|
35
|
+
|
|
36
|
+
#define crypto_sign_verify MAYO_NAMESPACE(crypto_sign_verify)
|
|
37
|
+
int
|
|
38
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
39
|
+
const unsigned char *m, size_t mlen,
|
|
40
|
+
const unsigned char *pk);
|
|
41
|
+
|
|
42
|
+
#endif /* api_h */
|
|
43
|
+
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#include <api.h>
|
|
4
|
+
#include <mayo.h>
|
|
5
|
+
|
|
6
|
+
#ifdef ENABLE_PARAMS_DYNAMIC
|
|
7
|
+
#define MAYO_PARAMS &MAYO_3
|
|
8
|
+
#else
|
|
9
|
+
#define MAYO_PARAMS 0
|
|
10
|
+
#endif
|
|
11
|
+
|
|
12
|
+
int
|
|
13
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
|
|
14
|
+
return mayo_keypair(MAYO_PARAMS, pk, sk);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
int
|
|
18
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
19
|
+
const unsigned char *m, size_t mlen,
|
|
20
|
+
const unsigned char *sk) {
|
|
21
|
+
return mayo_sign(MAYO_PARAMS, sm, smlen, m, mlen, sk);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
int
|
|
25
|
+
crypto_sign_signature(unsigned char *sig,
|
|
26
|
+
size_t *siglen, const unsigned char *m,
|
|
27
|
+
size_t mlen, const unsigned char *sk) {
|
|
28
|
+
return mayo_sign_signature(MAYO_PARAMS, sig, siglen, m, mlen, sk);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk) {
|
|
35
|
+
return mayo_open(MAYO_PARAMS, m, mlen, sm, smlen, pk);
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
int
|
|
39
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
40
|
+
const unsigned char *m, size_t mlen,
|
|
41
|
+
const unsigned char *pk) {
|
|
42
|
+
if (siglen != CRYPTO_BYTES)
|
|
43
|
+
return -1;
|
|
44
|
+
return mayo_verify(MAYO_PARAMS, m, mlen, sig, pk);
|
|
45
|
+
}
|
|
46
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#ifndef api_h
|
|
4
|
+
#define api_h
|
|
5
|
+
|
|
6
|
+
#include <mayo.h>
|
|
7
|
+
|
|
8
|
+
#define CRYPTO_SECRETKEYBYTES 32
|
|
9
|
+
#define CRYPTO_PUBLICKEYBYTES 2986
|
|
10
|
+
#define CRYPTO_BYTES 681
|
|
11
|
+
|
|
12
|
+
#define CRYPTO_ALGNAME "MAYO-3"
|
|
13
|
+
|
|
14
|
+
#define crypto_sign_keypair MAYO_NAMESPACE(crypto_sign_keypair)
|
|
15
|
+
int
|
|
16
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
|
|
17
|
+
|
|
18
|
+
#define crypto_sign MAYO_NAMESPACE(crypto_sign)
|
|
19
|
+
int
|
|
20
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
21
|
+
const unsigned char *m, size_t mlen,
|
|
22
|
+
const unsigned char *sk);
|
|
23
|
+
|
|
24
|
+
#define crypto_sign_signature MAYO_NAMESPACE(crypto_sign_signature)
|
|
25
|
+
int
|
|
26
|
+
crypto_sign_signature(unsigned char *sig,
|
|
27
|
+
size_t *siglen, const unsigned char *m,
|
|
28
|
+
size_t mlen, const unsigned char *sk);
|
|
29
|
+
|
|
30
|
+
#define crypto_sign_open MAYO_NAMESPACE(crypto_sign_open)
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk);
|
|
35
|
+
|
|
36
|
+
#define crypto_sign_verify MAYO_NAMESPACE(crypto_sign_verify)
|
|
37
|
+
int
|
|
38
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
39
|
+
const unsigned char *m, size_t mlen,
|
|
40
|
+
const unsigned char *pk);
|
|
41
|
+
|
|
42
|
+
#endif /* api_h */
|
|
43
|
+
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#include <api.h>
|
|
4
|
+
#include <mayo.h>
|
|
5
|
+
|
|
6
|
+
#ifdef ENABLE_PARAMS_DYNAMIC
|
|
7
|
+
#define MAYO_PARAMS &MAYO_5
|
|
8
|
+
#else
|
|
9
|
+
#define MAYO_PARAMS 0
|
|
10
|
+
#endif
|
|
11
|
+
|
|
12
|
+
int
|
|
13
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
|
|
14
|
+
return mayo_keypair(MAYO_PARAMS, pk, sk);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
int
|
|
18
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
19
|
+
const unsigned char *m, size_t mlen,
|
|
20
|
+
const unsigned char *sk) {
|
|
21
|
+
return mayo_sign(MAYO_PARAMS, sm, smlen, m, mlen, sk);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
int
|
|
25
|
+
crypto_sign_signature(unsigned char *sig,
|
|
26
|
+
size_t *siglen, const unsigned char *m,
|
|
27
|
+
size_t mlen, const unsigned char *sk) {
|
|
28
|
+
return mayo_sign_signature(MAYO_PARAMS, sig, siglen, m, mlen, sk);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk) {
|
|
35
|
+
return mayo_open(MAYO_PARAMS, m, mlen, sm, smlen, pk);
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
int
|
|
39
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
40
|
+
const unsigned char *m, size_t mlen,
|
|
41
|
+
const unsigned char *pk) {
|
|
42
|
+
if (siglen != CRYPTO_BYTES)
|
|
43
|
+
return -1;
|
|
44
|
+
return mayo_verify(MAYO_PARAMS, m, mlen, sig, pk);
|
|
45
|
+
}
|
|
46
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#ifndef api_h
|
|
4
|
+
#define api_h
|
|
5
|
+
|
|
6
|
+
#include <mayo.h>
|
|
7
|
+
|
|
8
|
+
#define CRYPTO_SECRETKEYBYTES 40
|
|
9
|
+
#define CRYPTO_PUBLICKEYBYTES 5554
|
|
10
|
+
#define CRYPTO_BYTES 964
|
|
11
|
+
|
|
12
|
+
#define CRYPTO_ALGNAME "MAYO-5"
|
|
13
|
+
|
|
14
|
+
#define crypto_sign_keypair MAYO_NAMESPACE(crypto_sign_keypair)
|
|
15
|
+
int
|
|
16
|
+
crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
|
|
17
|
+
|
|
18
|
+
#define crypto_sign MAYO_NAMESPACE(crypto_sign)
|
|
19
|
+
int
|
|
20
|
+
crypto_sign(unsigned char *sm, size_t *smlen,
|
|
21
|
+
const unsigned char *m, size_t mlen,
|
|
22
|
+
const unsigned char *sk);
|
|
23
|
+
|
|
24
|
+
#define crypto_sign_signature MAYO_NAMESPACE(crypto_sign_signature)
|
|
25
|
+
int
|
|
26
|
+
crypto_sign_signature(unsigned char *sig,
|
|
27
|
+
size_t *siglen, const unsigned char *m,
|
|
28
|
+
size_t mlen, const unsigned char *sk);
|
|
29
|
+
|
|
30
|
+
#define crypto_sign_open MAYO_NAMESPACE(crypto_sign_open)
|
|
31
|
+
int
|
|
32
|
+
crypto_sign_open(unsigned char *m, size_t *mlen,
|
|
33
|
+
const unsigned char *sm, size_t smlen,
|
|
34
|
+
const unsigned char *pk);
|
|
35
|
+
|
|
36
|
+
#define crypto_sign_verify MAYO_NAMESPACE(crypto_sign_verify)
|
|
37
|
+
int
|
|
38
|
+
crypto_sign_verify(const unsigned char *sig, size_t siglen,
|
|
39
|
+
const unsigned char *m, size_t mlen,
|
|
40
|
+
const unsigned char *pk);
|
|
41
|
+
|
|
42
|
+
#endif /* api_h */
|
|
43
|
+
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#ifndef ARITHMETIC_COMMON_H
|
|
4
|
+
#define ARITHMETIC_COMMON_H
|
|
5
|
+
|
|
6
|
+
#include <mayo.h>
|
|
7
|
+
#include <stdalign.h>
|
|
8
|
+
#include <stdint.h>
|
|
9
|
+
|
|
10
|
+
#include <arm_neon.h>
|
|
11
|
+
|
|
12
|
+
#define K_OVER_2 ((K_MAX+1)/2)
|
|
13
|
+
|
|
14
|
+
static const unsigned char __0_f[16] __attribute__((aligned(16))) = {
|
|
15
|
+
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
|
|
16
|
+
};
|
|
17
|
+
|
|
18
|
+
static const unsigned char __gf16_reduce[16] __attribute__((aligned(16))) = {
|
|
19
|
+
0x00,0x13,0x26,0x35,0x4c,0x5f,0x6a,0x79, 0x8b,0x98,0xad,0xbe,0xc7,0xd4,0xe1,0xf2
|
|
20
|
+
};
|
|
21
|
+
|
|
22
|
+
static inline
|
|
23
|
+
uint8x16_t _gf16v_mul_unpack( uint8x16_t a0 , uint8x16_t b0 , uint8x16_t tab_reduce )
|
|
24
|
+
{
|
|
25
|
+
uint8x16_t ab = vreinterpretq_u8_p8(vmulq_p8(vreinterpretq_p8_u8(a0) , vreinterpretq_p8_u8(b0)));
|
|
26
|
+
return ab^vqtbl1q_u8( tab_reduce , vshrq_n_u8(ab,4) );
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
static inline
|
|
30
|
+
uint8x16_t _gf16v_get_multab( uint8x16_t b , uint8x16_t tab_reduce , uint8x16_t tab_0_f ) { return _gf16v_mul_unpack(b,tab_0_f,tab_reduce); }
|
|
31
|
+
|
|
32
|
+
static inline
|
|
33
|
+
uint8x16_t gf16v_get_multab( uint8_t b )
|
|
34
|
+
{
|
|
35
|
+
uint8x16_t tab_reduce = vld1q_u8(__gf16_reduce);
|
|
36
|
+
uint8x16_t tab_0_f = vld1q_u8(__0_f);
|
|
37
|
+
|
|
38
|
+
uint8x16_t bb = vdupq_n_u8(b);
|
|
39
|
+
return _gf16v_get_multab(bb,tab_reduce,tab_0_f);
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
#define O_NEON_ROUND_UP_ ((O_MAX + 1)/2*2)
|
|
43
|
+
|
|
44
|
+
static
|
|
45
|
+
inline void mayo_O_multabs(const unsigned char *O, uint8x16_t *O_multabs){
|
|
46
|
+
// build multiplication tables
|
|
47
|
+
for (size_t r = 0; r < V_MAX; r++)
|
|
48
|
+
{
|
|
49
|
+
size_t c = 0;
|
|
50
|
+
for (; c + 1 < O_MAX; c+=2)
|
|
51
|
+
{
|
|
52
|
+
O_multabs[O_NEON_ROUND_UP_/2*r + c/2] = gf16v_get_multab(O[O_MAX*r + c]) ^ (gf16v_get_multab(O[O_MAX*r + c + 1]) << 4);
|
|
53
|
+
}
|
|
54
|
+
#if O_MAX % 2 == 1
|
|
55
|
+
{
|
|
56
|
+
O_multabs[O_NEON_ROUND_UP_/2*r + c/2] = gf16v_get_multab(O[O_MAX*r + c]);
|
|
57
|
+
}
|
|
58
|
+
#endif
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
static
|
|
63
|
+
inline void mayo_V_multabs(const unsigned char *V, uint8x16_t *V_multabs){
|
|
64
|
+
// build multiplication tables
|
|
65
|
+
size_t r;
|
|
66
|
+
for (size_t c = 0; c < V_MAX; c++)
|
|
67
|
+
{
|
|
68
|
+
for (r = 0; r+1 < K_MAX; r+= 2)
|
|
69
|
+
{
|
|
70
|
+
V_multabs[K_OVER_2*c + r/2] = gf16v_get_multab(V[V_MAX*r + c]) ^ (gf16v_get_multab(V[V_MAX*(r+1) + c]) << 4);
|
|
71
|
+
}
|
|
72
|
+
#if K_MAX % 2 == 1
|
|
73
|
+
V_multabs[K_OVER_2*c + r/2] = gf16v_get_multab(V[V_MAX*r + c]);
|
|
74
|
+
#endif
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
static const unsigned char mayo_gf16_mul[256] __attribute__((aligned(32))) = {
|
|
80
|
+
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
81
|
+
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
|
|
82
|
+
0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e, 0x03,0x01,0x07,0x05,0x0b,0x09,0x0f,0x0d,
|
|
83
|
+
0x00,0x03,0x06,0x05,0x0c,0x0f,0x0a,0x09, 0x0b,0x08,0x0d,0x0e,0x07,0x04,0x01,0x02,
|
|
84
|
+
0x00,0x04,0x08,0x0c,0x03,0x07,0x0b,0x0f, 0x06,0x02,0x0e,0x0a,0x05,0x01,0x0d,0x09,
|
|
85
|
+
0x00,0x05,0x0a,0x0f,0x07,0x02,0x0d,0x08, 0x0e,0x0b,0x04,0x01,0x09,0x0c,0x03,0x06,
|
|
86
|
+
0x00,0x06,0x0c,0x0a,0x0b,0x0d,0x07,0x01, 0x05,0x03,0x09,0x0f,0x0e,0x08,0x02,0x04,
|
|
87
|
+
0x00,0x07,0x0e,0x09,0x0f,0x08,0x01,0x06, 0x0d,0x0a,0x03,0x04,0x02,0x05,0x0c,0x0b,
|
|
88
|
+
0x00,0x08,0x03,0x0b,0x06,0x0e,0x05,0x0d, 0x0c,0x04,0x0f,0x07,0x0a,0x02,0x09,0x01,
|
|
89
|
+
0x00,0x09,0x01,0x08,0x02,0x0b,0x03,0x0a, 0x04,0x0d,0x05,0x0c,0x06,0x0f,0x07,0x0e,
|
|
90
|
+
0x00,0x0a,0x07,0x0d,0x0e,0x04,0x09,0x03, 0x0f,0x05,0x08,0x02,0x01,0x0b,0x06,0x0c,
|
|
91
|
+
0x00,0x0b,0x05,0x0e,0x0a,0x01,0x0f,0x04, 0x07,0x0c,0x02,0x09,0x0d,0x06,0x08,0x03,
|
|
92
|
+
0x00,0x0c,0x0b,0x07,0x05,0x09,0x0e,0x02, 0x0a,0x06,0x01,0x0d,0x0f,0x03,0x04,0x08,
|
|
93
|
+
0x00,0x0d,0x09,0x04,0x01,0x0c,0x08,0x05, 0x02,0x0f,0x0b,0x06,0x03,0x0e,0x0a,0x07,
|
|
94
|
+
0x00,0x0e,0x0f,0x01,0x0d,0x03,0x02,0x0c, 0x09,0x07,0x06,0x08,0x04,0x0a,0x0b,0x05,
|
|
95
|
+
0x00,0x0f,0x0d,0x02,0x09,0x06,0x04,0x0b, 0x01,0x0e,0x0c,0x03,0x08,0x07,0x05,0x0a
|
|
96
|
+
};
|
|
97
|
+
|
|
98
|
+
static
|
|
99
|
+
inline void mayo_S1_multabs(const unsigned char *S1, uint8x16_t *S1_multabs) {
|
|
100
|
+
size_t r;
|
|
101
|
+
for (size_t c = 0; c < V_MAX; c++)
|
|
102
|
+
{
|
|
103
|
+
for (r = 0; r+1 < K_MAX; r+= 2)
|
|
104
|
+
{
|
|
105
|
+
S1_multabs[K_OVER_2*c + r/2] = *((uint8x16_t *)(mayo_gf16_mul + 16*S1[V_MAX*r + c]))
|
|
106
|
+
^ (*((uint8x16_t *)(mayo_gf16_mul + 16*S1[V_MAX*(r+1) + c])) << 4);
|
|
107
|
+
}
|
|
108
|
+
#if K_MAX % 2 == 1
|
|
109
|
+
S1_multabs[K_OVER_2*c + r/2] = *((uint8x16_t *)(mayo_gf16_mul + 16*S1[V_MAX*r + c]));
|
|
110
|
+
#endif
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
static
|
|
115
|
+
inline void mayo_S2_multabs(const unsigned char *S2, uint8x16_t *S2_multabs) {
|
|
116
|
+
// build multiplication tables
|
|
117
|
+
size_t r;
|
|
118
|
+
for (size_t c = 0; c < O_MAX; c++)
|
|
119
|
+
{
|
|
120
|
+
for (r = 0; r+1 < K_MAX; r+= 2)
|
|
121
|
+
{
|
|
122
|
+
S2_multabs[K_OVER_2*c + r/2] = *((uint8x16_t *)(mayo_gf16_mul + 16*S2[O_MAX*r + c]))
|
|
123
|
+
^ (*((uint8x16_t *)(mayo_gf16_mul + 16*S2[O_MAX*(r+1) + c])) << 4);
|
|
124
|
+
}
|
|
125
|
+
#if K_MAX % 2 == 1
|
|
126
|
+
S2_multabs[K_OVER_2*c + r/2] = *((uint8x16_t *)(mayo_gf16_mul + 16*S2[O_MAX*r + c])) ;
|
|
127
|
+
#endif
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
#endif
|
|
132
|
+
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
#include <arithmetic_common.h>
|
|
4
|
+
#include <mem.h>
|
|
5
|
+
#include <arm_neon.h>
|
|
6
|
+
#include <stdint.h>
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
#define MAYO_MAX(x, y) (((x) > (y)) ? (x) : (y))
|
|
10
|
+
#define MAYO_MIN(x, y) (((x) < (y)) ? (x) : (y))
|
|
11
|
+
|
|
12
|
+
/* put matrix in row echelon form with ones on first nonzero entries in constant time*/
|
|
13
|
+
static inline void EF(unsigned char *A, int _nrows, int _ncols) {
|
|
14
|
+
|
|
15
|
+
(void) _nrows;
|
|
16
|
+
(void) _ncols;
|
|
17
|
+
|
|
18
|
+
#define nrows M_MAX
|
|
19
|
+
#define ncols (K_MAX * O_MAX + 1)
|
|
20
|
+
|
|
21
|
+
#define NEON_REGS_PER_ROW ((K_MAX * O_MAX + 1 + 15) / 16)
|
|
22
|
+
#define MAX_COLS (NEON_REGS_PER_ROW * 16)
|
|
23
|
+
|
|
24
|
+
uint8x16_t _pivot_row[NEON_REGS_PER_ROW];
|
|
25
|
+
uint8x16_t A_neon[NEON_REGS_PER_ROW* M_MAX];
|
|
26
|
+
|
|
27
|
+
unsigned char* pivot_row_bytes = (unsigned char*) _pivot_row;
|
|
28
|
+
unsigned char* A_bytes = (unsigned char*) A_neon;
|
|
29
|
+
|
|
30
|
+
// load A in the tail of NEON registers
|
|
31
|
+
for (int i = 0; i < nrows; i++) {
|
|
32
|
+
for (int j = 0; j < ncols; j++)
|
|
33
|
+
{
|
|
34
|
+
A_bytes[i*MAX_COLS + (MAX_COLS - ncols) + j] = A[ i*ncols + j ];
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
// pivot row is secret, pivot col is not
|
|
39
|
+
unsigned char inverse;
|
|
40
|
+
int pivot_row = 0;
|
|
41
|
+
int pivot_col = MAYO_MAX(MAX_COLS - ncols,0);
|
|
42
|
+
for (; pivot_col < MAX_COLS; pivot_col++) {
|
|
43
|
+
#include "echelon_form_loop.h"
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
// write the matrix A back
|
|
47
|
+
for (int i = 0; i < nrows; i++) {
|
|
48
|
+
for (int j = 0; j < ncols; j++) {
|
|
49
|
+
A[i * ncols + j] = A_bytes[i*NEON_REGS_PER_ROW*16 + (MAX_COLS - ncols) + j];
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
mayo_secure_clear(_pivot_row, NEON_REGS_PER_ROW * 16);
|
|
53
|
+
mayo_secure_clear(A_neon, NEON_REGS_PER_ROW * 16 * nrows);
|
|
54
|
+
}
|
|
55
|
+
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
|
|
3
|
+
int pivot_col_rounded = pivot_col/16;
|
|
4
|
+
|
|
5
|
+
int pivot_row_lower_bound = MAYO_MAX(0, pivot_col + nrows - MAX_COLS);
|
|
6
|
+
int pivot_row_upper_bound = MAYO_MIN(nrows - 1, pivot_col - MAX_COLS + ncols);
|
|
7
|
+
/* the pivot row is guaranteed to be between these lower and upper bounds if A has full rank*/
|
|
8
|
+
|
|
9
|
+
/* zero out pivot row */
|
|
10
|
+
for (int i = pivot_col_rounded; i < NEON_REGS_PER_ROW; i++) {
|
|
11
|
+
_pivot_row[i] = vmovq_n_u8(0);
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
/* try to get a pivot row in constant time */
|
|
15
|
+
unsigned char pivot = 0;
|
|
16
|
+
uint32_t pivot_is_zero = -1;
|
|
17
|
+
for (int row = pivot_row_lower_bound;
|
|
18
|
+
row <= MAYO_MIN(nrows - 1, pivot_row_upper_bound + 32); row++) {
|
|
19
|
+
uint32_t is_pivot_row = ~ct_compare_32(row, pivot_row);
|
|
20
|
+
uint32_t below_pivot_row = ct_is_greater_than(row, pivot_row);
|
|
21
|
+
uint8x16_t mask = vmovq_n_u8( is_pivot_row | (below_pivot_row & pivot_is_zero) );
|
|
22
|
+
for (int j = pivot_col_rounded; j < NEON_REGS_PER_ROW; j++) {
|
|
23
|
+
_pivot_row[j] ^= mask & A_neon[row * NEON_REGS_PER_ROW + j];
|
|
24
|
+
}
|
|
25
|
+
pivot = pivot_row_bytes[pivot_col];
|
|
26
|
+
pivot_is_zero = ~ct_compare_32((int) pivot, 0);
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
/* multiply pivot row by inverse of pivot */
|
|
30
|
+
inverse = inverse_f(pivot);
|
|
31
|
+
uint8x16_t inverse_multab = gf16v_get_multab(inverse);
|
|
32
|
+
|
|
33
|
+
for (int j = pivot_col_rounded; j < NEON_REGS_PER_ROW; j++) {
|
|
34
|
+
_pivot_row[j] = vqtbl1q_u8(inverse_multab, _pivot_row[j]);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
/* conditionally write pivot row to the correct row, if there is a nonzero pivot */
|
|
38
|
+
/* eliminate entries below pivot */
|
|
39
|
+
for (int row = pivot_row_lower_bound; row < nrows; row++) {
|
|
40
|
+
unsigned char below_pivot = (unsigned char) (ct_is_greater_than(row, pivot_row));
|
|
41
|
+
unsigned char elt_to_elim = A_bytes[row*NEON_REGS_PER_ROW*16 + pivot_col];
|
|
42
|
+
|
|
43
|
+
uint8x16_t multab = gf16v_get_multab(below_pivot & elt_to_elim);
|
|
44
|
+
if (row <= pivot_row_upper_bound) {
|
|
45
|
+
uint8x16_t mask = vmovq_n_u8(~ct_compare_32(row, pivot_row) & ~pivot_is_zero);
|
|
46
|
+
for (int col = pivot_col_rounded; col < NEON_REGS_PER_ROW; col++) {
|
|
47
|
+
A_neon[row*NEON_REGS_PER_ROW + col] = vbslq_u8(mask, _pivot_row[col], A_neon[row*NEON_REGS_PER_ROW + col]) ^
|
|
48
|
+
vqtbl1q_u8(multab, _pivot_row[col]);
|
|
49
|
+
}
|
|
50
|
+
} else {
|
|
51
|
+
for (int j = pivot_col_rounded; j < NEON_REGS_PER_ROW; j++) {
|
|
52
|
+
A_neon[row*NEON_REGS_PER_ROW + j] ^= vqtbl1q_u8(multab, _pivot_row[j]);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
pivot_row += (-(int32_t)(~pivot_is_zero));
|
|
58
|
+
|