├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── configurable ├── Doxyfile.sty ├── Makefile └── src │ ├── a_fixed.c │ ├── a_fixed.h │ ├── a_random.c │ ├── a_random.h │ ├── chooseparameters.h │ ├── common │ ├── aesctr │ │ ├── aesdrbg.c │ │ └── aesdrbg.h │ ├── drbg │ │ └── drbg.h │ ├── fips202 │ │ ├── 1x │ │ │ ├── keccakf1600.c │ │ │ └── keccakf1600.h │ │ ├── 4x │ │ │ ├── KeccakP-1600-times4-SIMD256.c │ │ │ ├── KeccakP-1600-times4-SnP.h │ │ │ ├── KeccakP-1600-unrolling.macros │ │ │ ├── SIMD256-config.h │ │ │ └── align.h │ │ ├── f202sp800185.c │ │ └── f202sp800185.h │ ├── hash │ │ ├── r5_hash.c │ │ └── r5_hash.h │ └── rng │ │ ├── nist_rng.c │ │ ├── rng.h │ │ └── true_rng.c │ ├── createAfixed │ └── createAfixed.c │ ├── examples │ ├── sample_kem.c │ └── sample_pke.c │ ├── fuzzer │ └── fuzz_target.c │ ├── kem.c │ ├── kem.h │ ├── little_endian.c │ ├── little_endian.h │ ├── misc.c │ ├── misc.h │ ├── pack.c │ ├── pack.h │ ├── parameters.c │ ├── parameters.h │ ├── pke.c │ ├── pke.h │ ├── r5_cca_kem.c │ ├── r5_cca_kem.h │ ├── r5_cca_pke.c │ ├── r5_cca_pke.h │ ├── r5_core.c │ ├── r5_core.h │ ├── r5_cpa_kem.c │ ├── r5_cpa_kem.h │ ├── r5_cpa_pke.c │ ├── r5_cpa_pke.h │ ├── r5_dem.c │ ├── r5_dem.h │ ├── r5_memory.c │ ├── r5_memory.h │ ├── r5_parameter_sets.c │ ├── r5_parameter_sets.h │ ├── xe2_c16.c │ ├── xe4_c64.c │ ├── xe5_c64.c │ ├── xef.h │ └── xef_ref.c ├── optimized ├── Makefile └── src │ ├── a_fixed.c │ ├── a_fixed.h │ ├── a_random.c │ ├── a_random.h │ ├── checkPublicParameter.c │ ├── checkPublicParameter.h │ ├── chooseparameters.h │ ├── common │ ├── aesctr │ │ ├── aesdrbg.c │ │ └── aesdrbg.h │ ├── drbg │ │ └── drbg.h │ ├── fips202 │ │ ├── 1x │ │ │ ├── keccakf1600.c │ │ │ └── keccakf1600.h │ │ ├── 4x │ │ │ ├── KeccakP-1600-times4-SIMD256.c │ │ │ ├── KeccakP-1600-times4-SnP.h │ │ │ ├── KeccakP-1600-unrolling.macros │ │ │ ├── SIMD256-config.h │ │ │ └── align.h │ │ ├── f202sp800185.c │ │ └── f202sp800185.h │ ├── hash │ │ ├── r5_hash.c │ │ └── r5_hash.h │ └── rng │ │ ├── nist_rng.c │ │ ├── rng.h │ │ └── true_rng.c │ ├── createAfixed │ └── createAfixed.c │ ├── examples │ ├── .DS_Store │ ├── PQCgenKAT_encrypt.c │ ├── PQCgenKAT_kem.c │ ├── sample_kem.c │ └── sample_pke.c │ ├── fuzzer │ └── fuzz_target.c │ ├── kem.c │ ├── kem.h │ ├── little_endian.c │ ├── little_endian.h │ ├── matmul.h │ ├── matmul_avx2.c │ ├── matmul_cacheless.c │ ├── matmul_ct.c │ ├── misc.c │ ├── misc.h │ ├── pack.c │ ├── pack.h │ ├── pke.c │ ├── pke.h │ ├── r5_cca_kem.c │ ├── r5_cca_kem.h │ ├── r5_cca_pke.c │ ├── r5_cca_pke.h │ ├── r5_cpa_kem.c │ ├── r5_cpa_kem.h │ ├── r5_cpa_pke.h │ ├── r5_cpa_pke_n1.c │ ├── r5_cpa_pke_nd.c │ ├── r5_dem.c │ ├── r5_dem.h │ ├── r5_memory.c │ ├── r5_memory.h │ ├── r5_parameter_sets.h │ ├── r5_secretkeygen.c │ ├── r5_secretkeygen.h │ ├── ringmul.h │ ├── ringmul_avx2.c │ ├── ringmul_cacheless.c │ ├── ringmul_cm.c │ ├── ringmul_ct.c │ ├── xe2_c16.c │ ├── xe4_c64.c │ ├── xe5_c64.c │ ├── xef.h │ └── xef_ref.c ├── reference ├── Doxyfile ├── Doxyfile.sty ├── Makefile └── src │ ├── a_fixed.c │ ├── a_fixed.h │ ├── a_random.c │ ├── a_random.h │ ├── chooseparameters.h │ ├── common │ ├── aesctr │ │ ├── aesdrbg.c │ │ └── aesdrbg.h │ ├── drbg │ │ └── drbg.h │ ├── fips202 │ │ ├── 1x │ │ │ ├── keccakf1600.c │ │ │ └── keccakf1600.h │ │ ├── 4x │ │ │ ├── KeccakP-1600-times4-SIMD256.c │ │ │ ├── KeccakP-1600-times4-SnP.h │ │ │ ├── KeccakP-1600-unrolling.macros │ │ │ ├── SIMD256-config.h │ │ │ └── align.h │ │ ├── f202sp800185.c │ │ └── f202sp800185.h │ ├── hash │ │ ├── r5_hash.c │ │ └── r5_hash.h │ └── rng │ │ ├── nist_rng.c │ │ ├── rng.h │ │ └── true_rng.c │ ├── createAfixed │ └── createAfixed.c │ ├── examples │ ├── common │ │ ├── drbg │ │ │ ├── aesctr │ │ │ │ ├── aesdrbg.c │ │ │ │ └── aesdrbg.h │ │ │ ├── drbg.h │ │ │ └── fips202 │ │ │ │ ├── KeccakP-1600-times4-SIMD256.c │ │ │ │ ├── KeccakP-1600-times4-SnP.h │ │ │ │ ├── KeccakP-1600-unrolling.macros │ │ │ │ ├── SIMD256-config.h │ │ │ │ ├── align.h │ │ │ │ ├── brg_endian.h │ │ │ │ ├── keccak4x │ │ │ │ ├── KeccakP-1600-times4-SIMD256.c │ │ │ │ ├── KeccakP-1600-times4-SnP.h │ │ │ │ ├── KeccakP-1600-unrolling.macros │ │ │ │ ├── SIMD256-config.h │ │ │ │ ├── align.h │ │ │ │ └── brg_endian.h │ │ │ │ ├── keccakf1600.c │ │ │ │ ├── keccakf1600.h │ │ │ │ ├── shaking.c │ │ │ │ └── shaking.h │ │ ├── hash │ │ │ ├── r5_hash.c │ │ │ └── r5_hash.h │ │ └── rng │ │ │ ├── nist_rng.c │ │ │ ├── shake_rng.c │ │ │ └── true_rng.c │ ├── sample_kem.c │ └── sample_pke.c │ ├── fuzzer │ └── fuzz_target.c │ ├── kem.c │ ├── kem.h │ ├── little_endian.c │ ├── little_endian.h │ ├── misc.c │ ├── misc.h │ ├── pack.c │ ├── pack.h │ ├── parameters.c │ ├── parameters.h │ ├── pke.c │ ├── pke.h │ ├── r5_cca_kem.c │ ├── r5_cca_kem.h │ ├── r5_cca_pke.c │ ├── r5_cca_pke.h │ ├── r5_core.c │ ├── r5_core.h │ ├── r5_cpa_kem.c │ ├── r5_cpa_kem.h │ ├── r5_cpa_pke.c │ ├── r5_cpa_pke.h │ ├── r5_dem.c │ ├── r5_dem.h │ ├── r5_memory.c │ ├── r5_memory.h │ ├── r5_parameter_sets.c │ ├── r5_parameter_sets.h │ ├── xef.h │ └── xef_ref.c ├── scripts_kats ├── .KATSHASUM │ ├── NIST │ │ ├── KEM │ │ │ ├── shasum_R5N1_1CCA_0d.sha │ │ │ ├── shasum_R5N1_1CPA_0d.sha │ │ │ ├── shasum_R5N1_3CCA_0d.sha │ │ │ ├── shasum_R5N1_3CCA_0smallCT.sha │ │ │ ├── shasum_R5N1_3CPA_0d.sha │ │ │ ├── shasum_R5N1_5CCA_0d.sha │ │ │ ├── shasum_R5N1_5CPA_0d.sha │ │ │ ├── shasum_R5ND_0CPA_2iot.sha │ │ │ ├── shasum_R5ND_1CCA_0d.sha │ │ │ ├── shasum_R5ND_1CCA_5d.sha │ │ │ ├── shasum_R5ND_1CPA_0d.sha │ │ │ ├── shasum_R5ND_1CPA_4longkey.sha │ │ │ ├── shasum_R5ND_1CPA_5d.sha │ │ │ ├── shasum_R5ND_3CCA_0d.sha │ │ │ ├── shasum_R5ND_3CCA_5d.sha │ │ │ ├── shasum_R5ND_3CPA_0d.sha │ │ │ ├── shasum_R5ND_3CPA_5d.sha │ │ │ ├── shasum_R5ND_5CCA_0d.sha │ │ │ ├── shasum_R5ND_5CCA_5d.sha │ │ │ ├── shasum_R5ND_5CPA_0d.sha │ │ │ └── shasum_R5ND_5CPA_5d.sha │ │ └── PKE │ │ │ ├── shasum_R5N1_1CCA_0d.sha │ │ │ ├── shasum_R5N1_3CCA_0d.sha │ │ │ ├── shasum_R5N1_3CCA_0smallCT.sha │ │ │ ├── shasum_R5N1_5CCA_0d.sha │ │ │ ├── shasum_R5ND_1CCA_0d.sha │ │ │ ├── shasum_R5ND_1CCA_5d.sha │ │ │ ├── shasum_R5ND_3CCA_0d.sha │ │ │ ├── shasum_R5ND_3CCA_5d.sha │ │ │ ├── shasum_R5ND_5CCA_0d.sha │ │ │ └── shasum_R5ND_5CCA_5d.sha │ ├── shasum_R5N1_1CCA_0d0.sha │ ├── shasum_R5N1_1CCA_0d1.sha │ ├── shasum_R5N1_1CCA_0d2.sha │ ├── shasum_R5N1_1CPA_0d0.sha │ ├── shasum_R5N1_1CPA_0d1.sha │ ├── shasum_R5N1_1CPA_0d2.sha │ ├── shasum_R5N1_3CCA_0d0.sha │ ├── shasum_R5N1_3CCA_0d1.sha │ ├── shasum_R5N1_3CCA_0d2.sha │ ├── shasum_R5N1_3CCA_0smallCT0.sha │ ├── shasum_R5N1_3CCA_0smallCT1.sha │ ├── shasum_R5N1_3CCA_0smallCT2.sha │ ├── shasum_R5N1_3CPA_0d0.sha │ ├── shasum_R5N1_3CPA_0d1.sha │ ├── shasum_R5N1_3CPA_0d2.sha │ ├── shasum_R5N1_5CCA_0d0.sha │ ├── shasum_R5N1_5CCA_0d1.sha │ ├── shasum_R5N1_5CCA_0d2.sha │ ├── shasum_R5N1_5CPA_0d0.sha │ ├── shasum_R5N1_5CPA_0d1.sha │ ├── shasum_R5N1_5CPA_0d2.sha │ ├── shasum_R5ND_0CPA_2iot0.sha │ ├── shasum_R5ND_0CPA_2iot1.sha │ ├── shasum_R5ND_0CPA_2iot2.sha │ ├── shasum_R5ND_1CCA_0d0.sha │ ├── shasum_R5ND_1CCA_0d1.sha │ ├── shasum_R5ND_1CCA_0d2.sha │ ├── shasum_R5ND_1CCA_5d0.sha │ ├── shasum_R5ND_1CCA_5d1.sha │ ├── shasum_R5ND_1CCA_5d2.sha │ ├── shasum_R5ND_1CPA_0d0.sha │ ├── shasum_R5ND_1CPA_0d1.sha │ ├── shasum_R5ND_1CPA_0d2.sha │ ├── shasum_R5ND_1CPA_4longkey0.sha │ ├── shasum_R5ND_1CPA_4longkey1.sha │ ├── shasum_R5ND_1CPA_4longkey2.sha │ ├── shasum_R5ND_1CPA_5d0.sha │ ├── shasum_R5ND_1CPA_5d1.sha │ ├── shasum_R5ND_1CPA_5d2.sha │ ├── shasum_R5ND_3CCA_0d0.sha │ ├── shasum_R5ND_3CCA_0d1.sha │ ├── shasum_R5ND_3CCA_0d2.sha │ ├── shasum_R5ND_3CCA_5d0.sha │ ├── shasum_R5ND_3CCA_5d1.sha │ ├── shasum_R5ND_3CCA_5d2.sha │ ├── shasum_R5ND_3CPA_0d0.sha │ ├── shasum_R5ND_3CPA_0d1.sha │ ├── shasum_R5ND_3CPA_0d2.sha │ ├── shasum_R5ND_3CPA_5d0.sha │ ├── shasum_R5ND_3CPA_5d1.sha │ ├── shasum_R5ND_3CPA_5d2.sha │ ├── shasum_R5ND_5CCA_0d0.sha │ ├── shasum_R5ND_5CCA_0d1.sha │ ├── shasum_R5ND_5CCA_0d2.sha │ ├── shasum_R5ND_5CCA_5d0.sha │ ├── shasum_R5ND_5CCA_5d1.sha │ ├── shasum_R5ND_5CCA_5d2.sha │ ├── shasum_R5ND_5CPA_0d0.sha │ ├── shasum_R5ND_5CPA_0d1.sha │ ├── shasum_R5ND_5CPA_0d2.sha │ ├── shasum_R5ND_5CPA_5d0.sha │ ├── shasum_R5ND_5CPA_5d1.sha │ └── shasum_R5ND_5CPA_5d2.sha ├── .apifilesrefcon │ ├── PQCgenKAT_kem.c │ ├── api_KEM_R5N1_1CCA_0d.h │ ├── api_KEM_R5N1_1CPA_0d.h │ ├── api_KEM_R5N1_3CCA_0d.h │ ├── api_KEM_R5N1_3CCA_0smallCT.h │ ├── api_KEM_R5N1_3CPA_0d.h │ ├── api_KEM_R5N1_5CCA_0d.h │ ├── api_KEM_R5N1_5CPA_0d.h │ ├── api_KEM_R5ND_0CPA_2iot.h │ ├── api_KEM_R5ND_1CCA_0d.h │ ├── api_KEM_R5ND_1CCA_5d.h │ ├── api_KEM_R5ND_1CPA_0d.h │ ├── api_KEM_R5ND_1CPA_4longkey.h │ ├── api_KEM_R5ND_1CPA_5d.h │ ├── api_KEM_R5ND_3CCA_0d.h │ ├── api_KEM_R5ND_3CCA_5d.h │ ├── api_KEM_R5ND_3CPA_0d.h │ ├── api_KEM_R5ND_3CPA_5d.h │ ├── api_KEM_R5ND_5CCA_0d.h │ ├── api_KEM_R5ND_5CCA_5d.h │ ├── api_KEM_R5ND_5CPA_0d.h │ ├── api_KEM_R5ND_5CPA_5d.h │ ├── api_PKE_R5N1_1CCA_0d.h │ ├── api_PKE_R5N1_3CCA_0d.h │ ├── api_PKE_R5N1_3CCA_0smallCT.h │ ├── api_PKE_R5N1_5CCA_0d.h │ ├── api_PKE_R5ND_1CCA_0d.h │ ├── api_PKE_R5ND_1CCA_5d.h │ ├── api_PKE_R5ND_3CCA_0d.h │ ├── api_PKE_R5ND_3CCA_5d.h │ ├── api_PKE_R5ND_5CCA_0d.h │ ├── api_PKE_R5ND_5CCA_5d.h │ ├── kem.c │ ├── kem.h │ ├── kem_cca.c │ ├── kem_cca.h │ ├── pke.c │ ├── pke.h │ ├── pke_cca.c │ └── pke_cca.h ├── README.md ├── check_kat_simple.sh ├── check_kats.sh ├── create_kats.sh └── create_simple_kats.sh └── scripts_timing ├── README.md ├── timing.sh └── timing_table.py /.gitignore: -------------------------------------------------------------------------------- 1 | **/.DS_Store 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. and PQShield 3 | * 4 | * All rights reserved. A copyright license for redistribution and use in 5 | * source and binary forms, with or without modification, is hereby granted for 6 | * non-commercial, experimental, research, public review and evaluation 7 | * purposes, provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * 12 | * * Redistributions in binary form must reproduce the above copyright notice, 13 | * this list of conditions and the following disclaimer in the documentation 14 | * and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 | * POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for the ROUND5 project software 2 | # 3 | # See README.md for information on the various make targets. 4 | # 5 | # NOTE: It is assumed that openssl and libkeccak are available and part of the 6 | # CPATH/LIBRARY_PATH! 7 | 8 | # Setup directories 9 | implementations = reference configurable optimized 10 | clean_implementations = $(addprefix clean-,$(implementations)) 11 | doc_implementations = $(addprefix doc-,$(implementations)) 12 | aflfuzzer_implementations = $(addprefix aflfuzzer-,$(implementations)) 13 | libfuzzer_implementations = $(addprefix libfuzzer-,$(implementations)) 14 | 15 | build: $(implementations) 16 | 17 | all: build doc 18 | 19 | speedtest: 20 | @./runSpeedTests 21 | 22 | doc: $(doc_implementations) 23 | 24 | aflfuzzer: $(aflfuzzer_implementations) 25 | 26 | libfuzzer: $(libfuzzer_implementations) 27 | 28 | clean: $(clean_implementations) 29 | 30 | $(implementations): 31 | @$(MAKE) -C $@ 32 | 33 | $(doc_implementations): 34 | @$(MAKE) -C $(patsubst doc-%,%,$@) doc 35 | 36 | $(aflfuzzer_implementations): 37 | @$(MAKE) -C $(patsubst aflfuzzer-%,%,$@) aflfuzzer 38 | 39 | $(libfuzzer_implementations): 40 | @$(MAKE) -C $(patsubst libfuzzer-%,%,$@) libfuzzer 41 | 42 | $(clean_implementations): 43 | @$(MAKE) -C $(patsubst clean-%,%,$@) clean 44 | 45 | .PHONY: build all $(implementations) speedtest doc $(doc_implementations) aflfuzzer $(aflfuzzer_implementations) libfuzzer $(libfuzzer_implementations) clean $(clean_implementations) 46 | -------------------------------------------------------------------------------- /configurable/Doxyfile.sty: -------------------------------------------------------------------------------- 1 | ../reference/Doxyfile.sty -------------------------------------------------------------------------------- /configurable/Makefile: -------------------------------------------------------------------------------- 1 | ../reference/Makefile -------------------------------------------------------------------------------- /configurable/src/a_fixed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the fixed A matrix generation function. 8 | */ 9 | 10 | #include "a_fixed.h" 11 | #include "a_random.h" 12 | #include "r5_memory.h" 13 | 14 | #include 15 | #include 16 | 17 | #define NBLOCKS 8 18 | 19 | size_t A_fixed_len = 0; 20 | uint16_t *A_fixed = NULL; 21 | 22 | int create_A_fixed(const unsigned char *seed, const parameters *params) { 23 | A_fixed_len = (size_t) (2 * params->d * NBLOCKS * ((params->k+NBLOCKS-1)/NBLOCKS)); 24 | 25 | /* (Re)allocate space for A_fixed */ 26 | A_fixed = checked_realloc(A_fixed, A_fixed_len * sizeof (*A_fixed)); 27 | 28 | /* Create A_fixed randomly */ 29 | if (create_A_random(A_fixed, seed, params)) { 30 | return 1; 31 | } 32 | 33 | /* Duplicate rows */ 34 | for (int i = params->k - 1; i >= 0; --i) { 35 | memcpy(A_fixed + (2 * i + 1) * params->d, A_fixed + i * params->d, params->d * sizeof (*A_fixed)); 36 | if (i != 0) { 37 | memcpy(A_fixed + (2 * i) * params->d, A_fixed + i * params->d, params->d * sizeof (*A_fixed)); 38 | } 39 | } 40 | 41 | return 0; 42 | } 43 | -------------------------------------------------------------------------------- /configurable/src/a_fixed.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/a_fixed.h -------------------------------------------------------------------------------- /configurable/src/a_random.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/a_random.c -------------------------------------------------------------------------------- /configurable/src/a_random.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/a_random.h -------------------------------------------------------------------------------- /configurable/src/chooseparameters.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/chooseparameters.h -------------------------------------------------------------------------------- /configurable/src/common/aesctr/aesdrbg.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/aesctr/aesdrbg.c -------------------------------------------------------------------------------- /configurable/src/common/aesctr/aesdrbg.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/aesctr/aesdrbg.h -------------------------------------------------------------------------------- /configurable/src/common/drbg/drbg.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/drbg/drbg.h -------------------------------------------------------------------------------- /configurable/src/common/fips202/1x/keccakf1600.c: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/1x/keccakf1600.c -------------------------------------------------------------------------------- /configurable/src/common/fips202/1x/keccakf1600.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/1x/keccakf1600.h -------------------------------------------------------------------------------- /configurable/src/common/fips202/4x/KeccakP-1600-times4-SIMD256.c: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-times4-SIMD256.c -------------------------------------------------------------------------------- /configurable/src/common/fips202/4x/KeccakP-1600-times4-SnP.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-times4-SnP.h -------------------------------------------------------------------------------- /configurable/src/common/fips202/4x/KeccakP-1600-unrolling.macros: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-unrolling.macros -------------------------------------------------------------------------------- /configurable/src/common/fips202/4x/SIMD256-config.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/SIMD256-config.h -------------------------------------------------------------------------------- /configurable/src/common/fips202/4x/align.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/align.h -------------------------------------------------------------------------------- /configurable/src/common/fips202/f202sp800185.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/fips202/f202sp800185.c -------------------------------------------------------------------------------- /configurable/src/common/fips202/f202sp800185.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/fips202/f202sp800185.h -------------------------------------------------------------------------------- /configurable/src/common/hash/r5_hash.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/hash/r5_hash.c -------------------------------------------------------------------------------- /configurable/src/common/hash/r5_hash.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/hash/r5_hash.h -------------------------------------------------------------------------------- /configurable/src/common/rng/nist_rng.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/nist_rng.c -------------------------------------------------------------------------------- /configurable/src/common/rng/rng.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/rng.h -------------------------------------------------------------------------------- /configurable/src/common/rng/true_rng.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/true_rng.c -------------------------------------------------------------------------------- /configurable/src/examples/sample_kem.c: -------------------------------------------------------------------------------- 1 | ../../../reference/src/examples/sample_kem.c -------------------------------------------------------------------------------- /configurable/src/examples/sample_pke.c: -------------------------------------------------------------------------------- 1 | ../../../reference/src/examples/sample_pke.c -------------------------------------------------------------------------------- /configurable/src/fuzzer/fuzz_target.c: -------------------------------------------------------------------------------- 1 | ../../../reference/src/fuzzer/fuzz_target.c -------------------------------------------------------------------------------- /configurable/src/kem.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/kem.c -------------------------------------------------------------------------------- /configurable/src/kem.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/kem.h -------------------------------------------------------------------------------- /configurable/src/little_endian.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/little_endian.c -------------------------------------------------------------------------------- /configurable/src/little_endian.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/little_endian.h -------------------------------------------------------------------------------- /configurable/src/misc.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/misc.c -------------------------------------------------------------------------------- /configurable/src/misc.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/misc.h -------------------------------------------------------------------------------- /configurable/src/pack.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/pack.c -------------------------------------------------------------------------------- /configurable/src/pack.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/pack.h -------------------------------------------------------------------------------- /configurable/src/parameters.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/parameters.c -------------------------------------------------------------------------------- /configurable/src/parameters.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/parameters.h -------------------------------------------------------------------------------- /configurable/src/pke.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/pke.c -------------------------------------------------------------------------------- /configurable/src/pke.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/pke.h -------------------------------------------------------------------------------- /configurable/src/r5_cca_kem.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cca_kem.c -------------------------------------------------------------------------------- /configurable/src/r5_cca_kem.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cca_kem.h -------------------------------------------------------------------------------- /configurable/src/r5_cca_pke.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cca_pke.c -------------------------------------------------------------------------------- /configurable/src/r5_cca_pke.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cca_pke.h -------------------------------------------------------------------------------- /configurable/src/r5_cpa_kem.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cpa_kem.c -------------------------------------------------------------------------------- /configurable/src/r5_cpa_kem.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cpa_kem.h -------------------------------------------------------------------------------- /configurable/src/r5_cpa_pke.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_cpa_pke.h -------------------------------------------------------------------------------- /configurable/src/r5_dem.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_dem.c -------------------------------------------------------------------------------- /configurable/src/r5_dem.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_dem.h -------------------------------------------------------------------------------- /configurable/src/r5_memory.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_memory.c -------------------------------------------------------------------------------- /configurable/src/r5_memory.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_memory.h -------------------------------------------------------------------------------- /configurable/src/r5_parameter_sets.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_parameter_sets.c -------------------------------------------------------------------------------- /configurable/src/r5_parameter_sets.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_parameter_sets.h -------------------------------------------------------------------------------- /configurable/src/xe2_c16.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, PQShield 3 | * Markku-Juhani O. Saarinen 4 | */ 5 | 6 | // Optimized XE2-53 for "2iot" parameter set. Runs well even on 16-bit MCUs. 7 | 8 | #include "xef.h" 9 | #include "little_endian.h" 10 | 11 | #define XM16_RTLM(r, n) \ 12 | { r = ((r << (16 % n)) | (r >> (n - (16 % n)))) & ((1 << n) - 1); } 13 | #define XM16_FLDM(r, n) \ 14 | { r = (r ^ ((r >> n))) & ((1 << n) - 1); } 15 | #define XM16_UNFM(r, n) \ 16 | { r &= (uint16_t) ((1 << n) - 1); r |= (uint16_t) (r << n); } 17 | #define XM16_ROTR(r, n) \ 18 | { r = (uint16_t) ((r >> (16 % n)) | (r << (n - (16 % n)))); } 19 | 20 | // == XE5-53 (128-bit payload) == 21 | 22 | void xe2_53_compute(void *block) 23 | { 24 | int i; 25 | uint16_t r11, r13, r14, r15; 26 | uint16_t *p16, x; 27 | 28 | // initialize 29 | p16 = (uint16_t *) block; 30 | r11 = r13 = r14 = r15 = LITTLE_ENDIAN16(p16[7]); 31 | 32 | for (i = 7; i >= 0; i--) { 33 | if (i < 7) { 34 | XM16_RTLM(r11, 11); XM16_RTLM(r13, 13); 35 | XM16_RTLM(r14, 14); XM16_RTLM(r15, 15); 36 | 37 | x = LITTLE_ENDIAN16(p16[i]); 38 | r11 ^= x; r13 ^= x; 39 | r14 ^= x; r15 ^= x; 40 | } 41 | XM16_FLDM(r11, 11); XM16_FLDM(r13, 13); 42 | XM16_FLDM(r14, 14); XM16_FLDM(r15, 15); 43 | } 44 | 45 | // XE2-53: r11 r13 r14 r15 end 46 | // bit offset: 0 11 24 38 53 47 | p16[8] ^= (uint16_t) LITTLE_ENDIAN16(r11 ^ (r13 << 11)); 48 | p16[9] ^= (uint16_t) LITTLE_ENDIAN16((r13 >> 5) ^ (r14 << 8)); 49 | p16[10] ^= (uint16_t) LITTLE_ENDIAN16((r14 >> 8) ^ (r15 << 6)); 50 | *((uint8_t *) &p16[11]) ^= (uint8_t) ((r15 >> 10)); 51 | } 52 | 53 | void xe2_53_fixerr(void *block) 54 | { 55 | int i; 56 | uint16_t r11, r13, r14, r15; 57 | uint16_t *p16, x; 58 | 59 | // decode 60 | p16 = (uint16_t *) block; 61 | x = (uint16_t) LITTLE_ENDIAN16(p16[8]); 62 | r11 = x; r13 = x >> 11; 63 | x = (uint16_t) LITTLE_ENDIAN16(p16[9]); 64 | r13 ^= (uint16_t) (x << 5); r14 = x >> 8; 65 | x = (uint16_t) LITTLE_ENDIAN16(p16[10]); 66 | r14 ^= (uint16_t) (x << 8); r15 = x >> 6; 67 | x = (uint16_t) *((uint8_t *) &p16[11]); 68 | r15 ^= (uint16_t) (x << 10); 69 | 70 | XM16_UNFM(r11, 11); XM16_UNFM(r13, 13); 71 | XM16_UNFM(r14, 14); XM16_UNFM(r15, 15); 72 | 73 | for (i = 0; i < 8; i++) { 74 | if (i > 0) { 75 | // rotate 76 | XM16_ROTR(r11, 11); XM16_ROTR(r13, 13); 77 | XM16_ROTR(r14, 14); XM16_ROTR(r15, 15); 78 | } 79 | x = ((r11 | r13) & r14 & r15) | ((r11 & r13) & (r14 | r15)); 80 | p16[i] ^= LITTLE_ENDIAN16(x); 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /configurable/src/xef.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/xef.h -------------------------------------------------------------------------------- /configurable/src/xef_ref.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/xef_ref.c -------------------------------------------------------------------------------- /optimized/Makefile: -------------------------------------------------------------------------------- 1 | ../reference/Makefile -------------------------------------------------------------------------------- /optimized/src/a_fixed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the fixed A matrix generation function. 8 | */ 9 | 10 | #include "a_fixed.h" 11 | #include "a_random.h" 12 | 13 | #include 14 | #include 15 | 16 | #if PARAMS_TAU == 1 17 | modq_t A_fixed[PARAMS_D * 2 * PARAMS_K]; 18 | #endif 19 | 20 | int create_A_fixed(const unsigned char *seed) { 21 | #if PARAMS_TAU == 1 22 | /* Create A_fixed randomly */ 23 | create_A_random(A_fixed, seed); 24 | 25 | /* Duplicate rows */ 26 | for (int i = PARAMS_K - 1; i >= 0; --i) { 27 | memcpy(A_fixed + (2 * i + 1) * PARAMS_D, A_fixed + i*PARAMS_D, PARAMS_D * sizeof (modq_t)); 28 | if (i != 0) { 29 | memcpy(A_fixed + (2 * i) * PARAMS_D, A_fixed + i*PARAMS_D, PARAMS_D * sizeof (modq_t)); 30 | } 31 | } 32 | return 0; 33 | #else 34 | (void) seed; 35 | DEBUG_ERROR("Can not call create_A_fixed with PARAMS_TAU=%d\n", PARAMS_TAU); 36 | abort(); 37 | #endif 38 | } 39 | -------------------------------------------------------------------------------- /optimized/src/a_fixed.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the fixed A matrix as well as the function to generate it. 8 | */ 9 | 10 | #ifndef A_FIXED_H 11 | #define A_FIXED_H 12 | 13 | #include "r5_parameter_sets.h" 14 | 15 | #if PARAMS_TAU == 1 16 | /** 17 | * The fixed A matrix for use inside with the non-ring algorithm when τ=1. 18 | * This matrix is generated by `create_A_fixed()`. 19 | */ 20 | extern modq_t A_fixed[PARAMS_D * 2 * PARAMS_K]; 21 | #endif 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | /** 28 | * Function to generate a fixed A matrix from the given seed and algorithm parameters. 29 | * 30 | * @param[in] seed the seed to use to generate the fixed A matrix (KAPPA_BYTES bytes) 31 | * @return __0__ in case of success 32 | */ 33 | int create_A_fixed(const unsigned char *seed); 34 | 35 | #ifdef __cplusplus 36 | } 37 | #endif 38 | 39 | #endif /* A_FIXED_H */ 40 | -------------------------------------------------------------------------------- /optimized/src/a_random.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the random A matrix creation function. 8 | */ 9 | 10 | #ifndef A_RANDOM_H 11 | #define A_RANDOM_H 12 | 13 | #include "r5_parameter_sets.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * Creates A random for the given seed and algorithm parameters. 21 | * 22 | * @param[out] A_random the random A to create 23 | * @param[in] seed the seed (PARAMS_KAPPA_BYTES bytes) 24 | */ 25 | void create_A_random(modq_t *A_random, const unsigned char *seed); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif /* A_RANDOM_H */ 32 | -------------------------------------------------------------------------------- /optimized/src/checkPublicParameter.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #include "checkPublicParameter.h" 6 | 7 | #ifdef CM_MALFORMED 8 | 9 | #include "r5_parameter_sets.h" 10 | 11 | #define MAXNBINS 64 12 | 13 | int chi2_single_check(modp_t *public_param, uint16_t offset, uint8_t nbins, uint8_t nbinsbits){ 14 | 15 | uint16_t i, idx; 16 | uint16_t hist[MAXNBINS] = {0}; 17 | 18 | for (i=0; i< PARAMS_D; i++){ 19 | idx = ((public_param[i] + offset) >> (PARAMS_P_BITS - nbinsbits)) & (nbins-1); 20 | hist[idx] += 1; 21 | } 22 | 23 | // chi2 test 24 | // values scaled-up nbinsbits to make more accurate operations (by Scott) 25 | uint64_t cv = 0; 26 | uint64_t aux = 0; 27 | 28 | for (i=0 ; i < nbins ; i++){ 29 | aux = (hist[i] << nbinsbits) - PARAMS_D; 30 | cv += aux*aux; 31 | } 32 | cv /= (PARAMS_D << nbinsbits); 33 | 34 | if (cv > PARAMS_MAL_C2_TH) { 35 | return -1; 36 | } 37 | 38 | return 0; 39 | } 40 | 41 | int chi2_check(modp_t *public_param, uint16_t offset, uint8_t nbins, uint8_t nbinsbits){ 42 | 43 | int ret=0; 44 | ret = chi2_single_check(public_param, 0, nbins, nbinsbits); 45 | if (ret < 0){ 46 | return -1; 47 | } 48 | ret = chi2_single_check(public_param, PARAMS_P/(2*nbins), nbins, nbinsbits); 49 | if (ret < 0){ 50 | return -1; 51 | } 52 | 53 | return 0; 54 | } 55 | 56 | 57 | int bin_check(modp_t *public_param){ 58 | 59 | uint16_t i; 60 | uint16_t hist[PARAMS_P] = {0}; 61 | 62 | for (i=0; i< PARAMS_D; i++){ 63 | hist[public_param[i]] += 1; 64 | } 65 | 66 | // binomial test 67 | for (i=0; i< PARAMS_P; i++){ 68 | if (hist[i] > PARAMS_MAL_BIN_TH) { 69 | return -1; 70 | } 71 | } 72 | 73 | return 0; 74 | } 75 | 76 | 77 | int checkPublicParameter(modp_t *public_param, uint16_t num_vectors){ 78 | 79 | uint16_t j; 80 | 81 | int ret; 82 | 83 | uint8_t nbins = 64; 84 | uint8_t nbinsbits = 6; 85 | if (PARAMS_D < 640){nbins = 32; nbinsbits = 5;} 86 | 87 | // binomial test 88 | for (j=0; j < num_vectors; j++){ 89 | ret = bin_check(&public_param[j*PARAMS_D]); 90 | if (ret < 0){ 91 | return -1; 92 | } 93 | } 94 | 95 | //chi2 test 96 | for (j=0; j < num_vectors; j++){ 97 | ret = chi2_check(&public_param[j*PARAMS_D], 0, nbins, nbinsbits); 98 | if (ret < 0){ 99 | return -1; 100 | } 101 | } 102 | 103 | return 0; 104 | } 105 | 106 | #endif 107 | 108 | -------------------------------------------------------------------------------- /optimized/src/checkPublicParameter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | 6 | //#ifndef checkPublicParameter_h 7 | //#define checkPublicParameter_h 8 | 9 | #include "r5_parameter_sets.h" 10 | 11 | #ifdef CM_MALFORMED 12 | int checkPublicParameter(modp_t *public_param, uint16_t num_vectors); 13 | #endif 14 | 15 | 16 | //#endif /* checkPublicParameter_h */ 17 | -------------------------------------------------------------------------------- /optimized/src/chooseparameters.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #define PARAMETERCONSTANT 6 | 7 | #define SHAKE128_RATE 168 8 | // 168 bytes as a bytesequence = 1344 bits as a bitsequence 9 | 10 | #define SHAKE256_RATE 136 11 | // 136 bytes as a bytesequence = 1088 bits as a bitsequence 12 | 13 | #ifdef PARAMETERCONSTANT 14 | 15 | #include "r5_parameter_sets.h" 16 | 17 | #define Parameters 18 | #define Params 19 | #define useParams 20 | 21 | #if (PARAMS_KAPPA_BYTES > 16) 22 | #define RATE SHAKE256_RATE 23 | #else 24 | #define RATE SHAKE128_RATE 25 | #endif 26 | 27 | #define DeclareParameters 28 | 29 | #else 30 | 31 | #include "parameters.h" 32 | 33 | #define Parameters , const parameters * params 34 | #define Params , params 35 | #define useParams params = params ; 36 | 37 | #define DeclareParameters\ 38 | parameters * params; \ 39 | if ((params = set_parameters_from_api()) == NULL) \ 40 | exit(EXIT_FAILURE) 41 | 42 | 43 | #define RATE (params->kappa_bytes > 16 ? SHAKE256_RATE : SHAKE128_RATE ) 44 | #define PARAMS_B_BITS (params->b_bits) 45 | #define PARAMS_T_BITS (params->t_bits) 46 | #define PARAMS_P_BITS (params->p_bits) 47 | #define PARAMS_Q_BITS (params->q_bits) 48 | #define PARAMS_CT_SIZE (params->ct_size) 49 | #define PARAMS_PK_SIZE (params->pk_size) 50 | #define PARAMS_D (params->d) 51 | #define PARAMS_Q (params->q) 52 | #define PARAMS_H (params->h) 53 | #define PARAMS_H1 (params->h1) 54 | #define PARAMS_H2 (params->h2) 55 | #define PARAMS_H3 (params->h3) 56 | #define PARAMS_F (params->f) 57 | #define PARAMS_K (params->k) 58 | #define PARAMS_N (params->n) 59 | #define PARAMS_N_BAR (params->n_bar) 60 | #define PARAMS_M (params->m) 61 | #define PARAMS_MU (params->mu) 62 | #define PARAMS_M_BAR (params->m_bar) 63 | #define PARAMS_P (params->p) 64 | #define PARAMS_TAU (params->tau) 65 | #define PARAMS_TAU2_LEN (params->tau2_len) 66 | #define PARAMS_KAPPA (params->kappa) 67 | #define PARAMS_KAPPA_BYTES (params->kappa_bytes) 68 | #define PARAMS_CT_SIZE (params->ct_size) 69 | #define PARAMS_XE (params->xe) 70 | 71 | #endif 72 | 73 | -------------------------------------------------------------------------------- /optimized/src/common/aesctr/aesdrbg.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/aesctr/aesdrbg.c -------------------------------------------------------------------------------- /optimized/src/common/aesctr/aesdrbg.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/aesctr/aesdrbg.h -------------------------------------------------------------------------------- /optimized/src/common/drbg/drbg.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/drbg/drbg.h -------------------------------------------------------------------------------- /optimized/src/common/fips202/1x/keccakf1600.c: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/1x/keccakf1600.c -------------------------------------------------------------------------------- /optimized/src/common/fips202/1x/keccakf1600.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/1x/keccakf1600.h -------------------------------------------------------------------------------- /optimized/src/common/fips202/4x/KeccakP-1600-times4-SIMD256.c: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-times4-SIMD256.c -------------------------------------------------------------------------------- /optimized/src/common/fips202/4x/KeccakP-1600-times4-SnP.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-times4-SnP.h -------------------------------------------------------------------------------- /optimized/src/common/fips202/4x/KeccakP-1600-unrolling.macros: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/KeccakP-1600-unrolling.macros -------------------------------------------------------------------------------- /optimized/src/common/fips202/4x/SIMD256-config.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/SIMD256-config.h -------------------------------------------------------------------------------- /optimized/src/common/fips202/4x/align.h: -------------------------------------------------------------------------------- 1 | ../../../../../reference/src/common/fips202/4x/align.h -------------------------------------------------------------------------------- /optimized/src/common/fips202/f202sp800185.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/fips202/f202sp800185.c -------------------------------------------------------------------------------- /optimized/src/common/fips202/f202sp800185.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/fips202/f202sp800185.h -------------------------------------------------------------------------------- /optimized/src/common/hash/r5_hash.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/hash/r5_hash.c -------------------------------------------------------------------------------- /optimized/src/common/hash/r5_hash.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/hash/r5_hash.h -------------------------------------------------------------------------------- /optimized/src/common/rng/nist_rng.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/nist_rng.c -------------------------------------------------------------------------------- /optimized/src/common/rng/rng.h: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/rng.h -------------------------------------------------------------------------------- /optimized/src/common/rng/true_rng.c: -------------------------------------------------------------------------------- 1 | ../../../../reference/src/common/rng/true_rng.c -------------------------------------------------------------------------------- /optimized/src/createAfixed/createAfixed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Application to generate an A_fixed matrix using the parameters as set. 8 | * The output of the application can be used to set up the fixed A matrix in 9 | * the file `a_fixed.h`. 10 | */ 11 | 12 | #include "r5_parameter_sets.h" 13 | #include "rng.h" 14 | #include "drbg.h" 15 | #include "misc.h" 16 | #include "a_fixed.h" 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | /** 24 | * Outputs the definition of a fixed A matrix based on the API parameter as set. 25 | * 26 | * @return __0__ in case of success 27 | */ 28 | int main(void) { 29 | /* Initialize random bytes RNG */ 30 | unsigned char entropy_input[48]; 31 | int i; 32 | for (i = 0; i < 48; i++) { 33 | entropy_input[i] = (unsigned char) i; 34 | } 35 | randombytes_init(entropy_input, NULL, 256); 36 | 37 | unsigned char seed[PARAMS_KAPPA_BYTES]; 38 | randombytes(seed, PARAMS_KAPPA_BYTES); 39 | create_A_fixed(seed); 40 | 41 | printf("/* A_fixed for %s */\n\n", CRYPTO_ALGNAME); 42 | printf("/* Seed used for the generation of A_fixed: "); 43 | print_hex(NULL, seed, PARAMS_KAPPA_BYTES, 1); 44 | printf(" */\n"); 45 | printf("modq_t A_fixed[PARAMS_D * 2 * PARAMS_K] = {\n"); 46 | for (int i = 0; i < 2 * PARAMS_K; ++i) { 47 | if (i > 0) { 48 | printf(",\n"); 49 | } 50 | printf(" "); 51 | for (int j = 0; j < PARAMS_D; ++j) { 52 | if (j > 0) { 53 | if (j % 16 == 0) { 54 | printf(",\n "); 55 | } else { 56 | printf(", "); 57 | } 58 | } 59 | printf("%u", A_fixed[i * PARAMS_D + j] & (PARAMS_Q - 1)); 60 | } 61 | } 62 | printf("\n};\n"); 63 | 64 | return 0; 65 | } 66 | -------------------------------------------------------------------------------- /optimized/src/examples/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/round5/code/35e97f07c313ecd651ac66fb55127218f7933dba/optimized/src/examples/.DS_Store -------------------------------------------------------------------------------- /optimized/src/kem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | /** 7 | * @file 8 | * Implementation of the CPA KEM functions (NIST api). 9 | */ 10 | 11 | #include "kem.h" 12 | 13 | #if CRYPTO_CIPHERTEXTBYTES != 0 14 | 15 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 16 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 17 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /optimized/src/little_endian.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/little_endian.c -------------------------------------------------------------------------------- /optimized/src/little_endian.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/little_endian.h -------------------------------------------------------------------------------- /optimized/src/matmul.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #ifndef _MATMUL_H_ 6 | #define _MATMUL_H_ 7 | 8 | #include "r5_parameter_sets.h" 9 | 10 | #if PARAMS_K != 1 11 | 12 | //#if !defined(CM_CT) || !defined(CM_CACHE) 13 | //void create_secret_matrix_s_t(tern_secret_s secret_vector, const uint8_t *seed); 14 | //void create_secret_matrix_r_t(tern_secret_r secret_vector, const uint8_t *seed); 15 | //#endif 16 | 17 | #if PARAMS_TAU == 0 18 | void matmul_as_q(modq_t d[PARAMS_D][PARAMS_N_BAR], modq_t a[PARAMS_D][PARAMS_D], tern_secret_s secret_vector); 19 | void matmul_rta_q(modq_t d[PARAMS_M_BAR][PARAMS_D], modq_t a[PARAMS_D][PARAMS_D], tern_secret_r secret_vector); 20 | #elif PARAMS_TAU == 1 21 | void matmul_as_q(modq_t d[PARAMS_D][PARAMS_N_BAR], modq_t a[2 * PARAMS_D * PARAMS_D], uint32_t a_permutation[PARAMS_D], tern_secret_s secret_vector); 22 | void matmul_rta_q(modq_t d[PARAMS_M_BAR][PARAMS_D], modq_t a[2 * PARAMS_D * PARAMS_D], uint32_t a_permutation[PARAMS_D], tern_secret_r secret_vector); 23 | #else 24 | void matmul_as_q(modq_t d[PARAMS_D][PARAMS_N_BAR], modq_t a[PARAMS_TAU2_LEN + PARAMS_D], uint16_t a_permutation[PARAMS_D], tern_secret_s secret_vector); 25 | void matmul_rta_q(modq_t d[PARAMS_M_BAR][PARAMS_D], modq_t a[PARAMS_TAU2_LEN + PARAMS_D], uint16_t a_permutation[PARAMS_D], tern_secret_r secret_vector); 26 | #endif 27 | 28 | void matmul_stu_p(modp_t d[PARAMS_MU], modp_t u_t[PARAMS_M_BAR][PARAMS_D], tern_secret_s secret_vector); 29 | 30 | void matmul_btr_p(modp_t d[PARAMS_MU], modp_t b[PARAMS_D][PARAMS_N_BAR], tern_secret_r secret_vector); 31 | 32 | #endif /* PARAMS_K != 1 */ 33 | 34 | #endif /* _MATMUL_H_ */ 35 | -------------------------------------------------------------------------------- /optimized/src/misc.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/misc.c -------------------------------------------------------------------------------- /optimized/src/misc.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/misc.h -------------------------------------------------------------------------------- /optimized/src/pack.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * Copyright (c) 2020, Koninklijke Philips N.V. 4 | */ 5 | 6 | #include "pack.h" 7 | #include "r5_parameter_sets.h" 8 | 9 | #include 10 | #include 11 | 12 | void pack_qp(uint8_t *pv, const modq_t *vq, const modq_t rounding_constant, size_t num_coeff, size_t size) { 13 | #if (PARAMS_P_BITS == 8) 14 | size_t i; 15 | 16 | for (i = 0; i < num_coeff; i++) { 17 | pv[i] = (uint8_t) (((vq[i] + rounding_constant) >> (PARAMS_Q_BITS - PARAMS_P_BITS)) & (PARAMS_P - 1)); 18 | } 19 | #else 20 | size_t i, j; 21 | modp_t t; 22 | 23 | memset(pv, 0, size); 24 | j = 0; 25 | for (i = 0; i < num_coeff; i++) { 26 | t = ((vq[i] + rounding_constant) >> (PARAMS_Q_BITS - PARAMS_P_BITS)) & (PARAMS_P - 1); 27 | pv[j >> 3] = (uint8_t) (pv[j >> 3] | (t << (j & 7))); // pack p bits 28 | if ((j & 7) + PARAMS_P_BITS > 8) { 29 | pv[(j >> 3) + 1] |= (uint8_t) (t >> (8 - (j & 7))); 30 | if ((j & 7) + PARAMS_P_BITS > 16) { 31 | pv[(j >> 3) + 2] |= (uint8_t) (t >> (16 - (j & 7))); 32 | } 33 | 34 | } 35 | j += PARAMS_P_BITS; 36 | } 37 | #endif 38 | } 39 | 40 | void unpack_p(modp_t *vp, const uint8_t *pv, size_t num_coeff) { 41 | 42 | // memcpy(vp, pv, PARAMS_N) can be used if PARAMS_P_BITS == 8 43 | size_t i, j; 44 | modp_t t; 45 | 46 | j = 0; 47 | for (i = 0; i < num_coeff; i++) { 48 | t = (modp_t) (pv[j >> 3] >> (j & 7)); // unpack p bits 49 | if ((j & 7) + PARAMS_P_BITS > 8) { 50 | t |= ((modp_t) pv[(j >> 3) + 1]) << (8 - (j & 7)); 51 | if ((j & 7) + PARAMS_P_BITS > 16) { 52 | t |= (modp_t)(pv[(j >> 3) + 2] << (16 - (j & 7))); 53 | } 54 | 55 | } 56 | vp[i] = t & (PARAMS_P - 1); 57 | j += PARAMS_P_BITS; 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /optimized/src/pack.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #include 6 | #include "r5_parameter_sets.h" 7 | 8 | void pack_qp(uint8_t *pv, const modq_t *vq, const modq_t rounding_constant, size_t num_coeff, size_t size); 9 | void unpack_p(modp_t *vp, const uint8_t *pv, size_t num_coeff); 10 | 11 | 12 | -------------------------------------------------------------------------------- /optimized/src/pke.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #include "pke.h" 12 | 13 | //#if CRYPTO_CIPHERTEXTBYTES == 0 14 | #ifdef ROUND5_CCA_PKE 15 | 16 | extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 17 | extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 18 | extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /optimized/src/pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #ifndef _CCA_ENCRYPT_H_ 12 | #define _CCA_ENCRYPT_H_ 13 | 14 | #include "r5_parameter_sets.h" 15 | 16 | /* 17 | * Conditionally provide the PKE NIST API functions. 18 | */ 19 | 20 | #ifdef ROUND5_CCA_PKE 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | #include "r5_cca_pke.h" 27 | 28 | #define CRYPTO_SECRETKEYBYTES (PARAMS_KAPPA_BYTES + PARAMS_KAPPA_BYTES + PARAMS_PK_SIZE) 29 | #define CRYPTO_PUBLICKEYBYTES PARAMS_PK_SIZE 30 | #define CRYPTO_BYTES (PARAMS_CT_SIZE + PARAMS_KAPPA_BYTES + 16) 31 | #define CRYPTO_CIPHERTEXTBYTES 0 32 | 33 | /** 34 | * Generates an ENCRYPT key pair. 35 | * 36 | * @param[out] pk public key 37 | * @param[out] sk secret key 38 | * @return __0__ in case of success 39 | */ 40 | inline int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) { 41 | return r5_cca_pke_keygen(pk, sk); 42 | } 43 | 44 | /** 45 | * Encrypts a message. 46 | * 47 | * @param[out] ct the encrypted message 48 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 49 | * @param[in] m the message to encrypt 50 | * @param[in] m_len the length of the message to encrypt 51 | * @param[in] pk the public key to use for the encryption 52 | * @return __0__ in case of success 53 | */ 54 | inline int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 55 | return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk); 56 | } 57 | 58 | /** 59 | * Decrypts a message. 60 | * 61 | * @param[out] m the decrypted message 62 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 63 | * @param[in] ct the message to decrypt 64 | * @param[in] ct_len the length of the message to decrypt 65 | * @param[in] sk the secret key to use for the decryption 66 | * @return __0__ in case of success 67 | */ 68 | inline int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk) { 69 | return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk); 70 | } 71 | 72 | #endif 73 | 74 | #ifdef __cplusplus 75 | } 76 | #endif 77 | 78 | #endif /* _CCA_ENCRYPT_H_ */ 79 | -------------------------------------------------------------------------------- /optimized/src/r5_cca_kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | #ifndef R5_CCA_KEM_H 7 | #define R5_CCA_KEM_H 8 | 9 | #ifdef __cplusplus 10 | extern "C" { 11 | #endif 12 | 13 | /** 14 | * Generates a CCA KEM key pair. Uses the parameters as specified. 15 | * 16 | * @param[out] pk public key 17 | * @param[out] sk secret key 18 | * @return __0__ in case of success 19 | */ 20 | int r5_cca_kem_keygen(unsigned char *pk, unsigned char *sk); 21 | 22 | /** 23 | * CCA KEM encapsulate. Uses the parameters as specified. 24 | * 25 | * @param[out] ct key encapsulation message (important: the size of `ct` is `ct_size` + `kappa_bytes`!) 26 | * @param[out] k shared secret 27 | * @param[in] pk public key with which the message is encapsulated 28 | * @return __0__ in case of success 29 | */ 30 | int r5_cca_kem_encapsulate(unsigned char *ct, unsigned char *k, const unsigned char *pk); 31 | 32 | /** 33 | * CCA KEM de-capsulate. Uses the parameters as specified. 34 | * 35 | * @param[out] k shared secret 36 | * @param[in] ct key encapsulation message (important: the size of `ct` is `ct_size` + `kappa_bytes`!) 37 | * @param[in] sk secret key with which the message is to be de-capsulated (important: the size of `sk` is `sk_size` + `kappa_bytes` + `pk_size`!) 38 | * @return __0__ in case of success 39 | */ 40 | int r5_cca_kem_decapsulate(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | #endif /* R5_CCA_KEM_H */ 47 | -------------------------------------------------------------------------------- /optimized/src/r5_cca_pke.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the encrypt and decrypt functions based on the CCA KEM. 8 | * algorithm. 9 | */ 10 | 11 | #include "r5_cca_pke.h" 12 | #include "r5_parameter_sets.h" 13 | #include "r5_cca_kem.h" 14 | #include "r5_dem.h" 15 | #include "r5_hash.h" 16 | #include "misc.h" 17 | #include "rng.h" 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | /******************************************************************************* 24 | * Public functions 25 | ******************************************************************************/ 26 | 27 | int r5_cca_pke_keygen(unsigned char *pk, unsigned char *sk) { 28 | return r5_cca_kem_keygen(pk, sk); 29 | } 30 | 31 | int r5_cca_pke_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 32 | int ret = 0; 33 | const unsigned long long c1_len = PARAMS_CT_SIZE + PARAMS_KAPPA_BYTES; 34 | unsigned char c1[PARAMS_CT_SIZE + PARAMS_KAPPA_BYTES]; 35 | unsigned long long c2_len; 36 | unsigned char k[PARAMS_KAPPA_BYTES]; 37 | 38 | /* Determine c1 and k */ 39 | ret = r5_cca_kem_encapsulate(c1, k, pk); 40 | if (ret < 0){ 41 | return ret; 42 | } 43 | 44 | /* Copy c1 into first part of ct */ 45 | memcpy(ct, c1, c1_len); 46 | *ct_len = c1_len; 47 | 48 | /* Apply DEM to get second part of ct */ 49 | if (round5_dem(ct + c1_len, &c2_len, k, m, m_len)) { 50 | DEBUG_ERROR("Failed to apply DEM\n"); 51 | return -1; 52 | } 53 | 54 | *ct_len += c2_len; 55 | 56 | return ret; 57 | } 58 | 59 | int r5_cca_pke_decrypt(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, unsigned long long ct_len, const unsigned char *sk) { 60 | int ret = 0; 61 | unsigned char k[PARAMS_KAPPA_BYTES]; 62 | const unsigned char * const c1 = ct; 63 | const unsigned long long c1_len = PARAMS_CT_SIZE + PARAMS_KAPPA_BYTES; 64 | const unsigned char * const c2 = ct + c1_len; 65 | const unsigned long c2_len = ct_len - c1_len; 66 | 67 | /* Check length, should be at least c1_len + 16 (for the DEM tag) */ 68 | if (ct_len < (c1_len + 16U)) { 69 | DEBUG_ERROR("Invalid ciphertext message: %llu < %llu\n", ct_len, c1_len + 16U); 70 | return -1; 71 | } 72 | 73 | /* Determine k */ 74 | ret = r5_cca_kem_decapsulate(k, c1, sk); 75 | if (ret < 0){ 76 | return ret; 77 | } 78 | 79 | /* Apply DEM-inverse to get m */ 80 | if (round5_dem_inverse(m, m_len, k, c2, c2_len)) { 81 | DEBUG_ERROR("Failed to apply DEM-inverse\n"); 82 | return -1; 83 | } 84 | 85 | return ret; 86 | } 87 | -------------------------------------------------------------------------------- /optimized/src/r5_cca_pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm. 9 | */ 10 | 11 | #ifndef _R5_CCA_PKE_H_ 12 | #define _R5_CCA_PKE_H_ 13 | 14 | #ifdef __cplusplus 15 | extern "C" { 16 | #endif 17 | 18 | /** 19 | * Generates an ENCRYPT key pair. Uses the parameters as specified. 20 | * 21 | * @param[out] pk public key 22 | * @param[out] sk secret key (important: the size of `sk` is `sk_size` + `kappa_bytes` + `pk_size`!) 23 | * @return __0__ in case of success 24 | */ 25 | int r5_cca_pke_keygen(unsigned char *pk, unsigned char *sk); 26 | 27 | /** 28 | * Encrypts a message. Uses the parameters as specified. 29 | * 30 | * @param[out] ct the encrypted message 31 | * @param[out] ct_len the length of the encrypted message (`mlen` + `ct_size` + `kappa_bytes` + 16) 32 | * @param[in] m the message to encrypt 33 | * @param[in] m_len the length of the message to encrypt 34 | * @param[in] pk the public key to use for the encryption 35 | * @return __0__ in case of success 36 | */ 37 | int r5_cca_pke_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 38 | 39 | /** 40 | * Decrypts a message. Uses the parameters as specified. 41 | * 42 | * @param[out] m the decrypted message 43 | * @param[out] m_len the length of the decrypted message (`ct_len` - `ct_size` - `kappa_bytes` - 16) 44 | * @param[in] ct the message to decrypt 45 | * @param[in] ct_len the length of the message to decrypt 46 | * @param[in] sk the secret key to use for the decryption 47 | * @return __0__ in case of success 48 | */ 49 | int r5_cca_pke_decrypt(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif /* _R5_CCA_PKE_H_ */ 56 | -------------------------------------------------------------------------------- /optimized/src/r5_cpa_kem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | // CPA Versions of KEM functionality 7 | 8 | #include "r5_cpa_kem.h" 9 | #include "r5_parameter_sets.h" 10 | #include "r5_cpa_pke.h" 11 | #include "r5_hash.h" 12 | #include "drbg.h" 13 | #include "rng.h" 14 | #include "misc.h" 15 | 16 | #include 17 | #include 18 | 19 | // CPA-KEM KeyGen() 20 | 21 | int r5_cpa_kem_keygen(uint8_t *pk, uint8_t *sk) { 22 | r5_cpa_pke_keygen(pk, sk); 23 | 24 | return 0; 25 | } 26 | 27 | // CPA-KEM Encaps() 28 | 29 | int r5_cpa_kem_encapsulate(uint8_t *ct, uint8_t *k, const uint8_t *pk) { 30 | 31 | uint8_t m[PARAMS_KAPPA_BYTES]; 32 | uint8_t rho[PARAMS_KAPPA_BYTES]; 33 | 34 | int ret = 0; 35 | 36 | /* Generate a random m and rho */ 37 | randombytes(m, PARAMS_KAPPA_BYTES); 38 | randombytes(rho, PARAMS_KAPPA_BYTES); 39 | 40 | ret = r5_cpa_pke_encrypt(ct, pk, m, rho); 41 | if (ret < 0){ 42 | return ret; 43 | } 44 | 45 | HCPAKEM(k, PARAMS_KAPPA_BYTES, m, PARAMS_KAPPA_BYTES, ct, PARAMS_CT_SIZE); 46 | 47 | return ret; 48 | } 49 | 50 | // CPA-KEM Decaps() 51 | 52 | int r5_cpa_kem_decapsulate(uint8_t *k, const uint8_t *ct, const uint8_t *sk) { 53 | 54 | uint8_t m[PARAMS_KAPPA_BYTES]; 55 | 56 | int ret = 0; 57 | 58 | /* Decrypt m */ 59 | ret = r5_cpa_pke_decrypt(m, sk, ct); 60 | if (ret < 0){ 61 | return ret; 62 | } 63 | 64 | HCPAKEM(k, PARAMS_KAPPA_BYTES, m, PARAMS_KAPPA_BYTES, ct, PARAMS_CT_SIZE); 65 | 66 | return ret; 67 | } 68 | -------------------------------------------------------------------------------- /optimized/src/r5_cpa_kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CPA KEM functions. 8 | */ 9 | 10 | #ifndef R5_CPA_KEM_H 11 | #define R5_CPA_KEM_H 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | /** 18 | * Generates a CPA KEM key pair. Uses the parameters as specified. 19 | * 20 | * @param[out] pk public key 21 | * @param[out] sk secret key 22 | * @return __0__ in case of success 23 | */ 24 | int r5_cpa_kem_keygen(unsigned char *pk, unsigned char *sk); 25 | 26 | /** 27 | * CPA KEM encapsulate. Uses the parameters as specified. 28 | * 29 | * @param[out] ct key encapsulation message 30 | * @param[out] k shared secret 31 | * @return __0__ in case of success 32 | */ 33 | int r5_cpa_kem_encapsulate(unsigned char *ct, unsigned char *k, const unsigned char *pk); 34 | 35 | /** 36 | * CPA KEM de-capsulate. Uses the parameters as specified. 37 | * 38 | * @param[out] k shared secret 39 | * @param[in] ct key encapsulation message 40 | * @param[in] sk secret key with which the message is to be de-capsulated 41 | * @return __0__ in case of success 42 | */ 43 | int r5_cpa_kem_decapsulate(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 44 | 45 | #ifdef __cplusplus 46 | } 47 | #endif 48 | 49 | #endif /* R5_CPA_KEM_H */ 50 | -------------------------------------------------------------------------------- /optimized/src/r5_cpa_pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | #ifndef _R5_CPA_PKE_H_ 7 | #define _R5_CPA_PKE_H_ 8 | 9 | #include 10 | 11 | int r5_cpa_pke_keygen(uint8_t *pk, uint8_t *sk); 12 | 13 | int r5_cpa_pke_encrypt(uint8_t *ct, const uint8_t *pk, const uint8_t *m, const uint8_t *rho); 14 | 15 | int r5_cpa_pke_decrypt(uint8_t *m, const uint8_t *sk, const uint8_t *ct); 16 | 17 | #endif /* _R5_CPA_PKE_H_ */ 18 | -------------------------------------------------------------------------------- /optimized/src/r5_dem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the DEM functions used by the Round5 CCA KEM-based encrypt algorithm. 8 | */ 9 | 10 | #ifndef PST_DEM_H 11 | #define PST_DEM_H 12 | 13 | #include 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * Applies a DEM to the given message using the specified key. 21 | * 22 | * @param[out] c2 the encapsulated message 23 | * @param[out] c2_len the length of the encapsulated message (`m_len` + 16 bytes) 24 | * @param[in] key the key to use for the encapsulation 25 | * @param[in] m the message to encapsulate 26 | * @param[in] m_len the length of the message 27 | * @return __0__ in case of success 28 | */ 29 | int round5_dem(unsigned char *c2, unsigned long long *c2_len, const unsigned char *key, const unsigned char *m, const unsigned long long m_len); 30 | 31 | /** 32 | * Inverses the application of a DEM to a message. 33 | * 34 | * @param[out] m the original message 35 | * @param[out] m_len the length of the decapsulated message (`c2_len` - 16) 36 | * @param[in] key the key to use for the encapsulation 37 | * @param[in] c2 the encapsulated message 38 | * @param[in] c2_len the length of the encapsulated message 39 | * @return __0__ in case of success 40 | */ 41 | int round5_dem_inverse(unsigned char *m, unsigned long long *m_len, const unsigned char *key, const unsigned char *c2, const unsigned long long c2_len); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif /* PST_DEM_H */ 48 | -------------------------------------------------------------------------------- /optimized/src/r5_memory.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_memory.c -------------------------------------------------------------------------------- /optimized/src/r5_memory.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/r5_memory.h -------------------------------------------------------------------------------- /optimized/src/r5_secretkeygen.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | #ifndef secretkeygen_h 7 | #define secretkeygen_h 8 | 9 | #include "r5_parameter_sets.h" 10 | 11 | void create_secret_vector_s(tern_secret secret_vector, const uint8_t *seed); 12 | void create_secret_vector_r(tern_secret secret_vector, const uint8_t *seed); 13 | void create_secret_matrix_s_t(tern_secret_s secret_vector, const uint8_t *seed); 14 | void create_secret_matrix_r_t(tern_secret_r secret_vector, const uint8_t *seed); 15 | 16 | #endif /* secretkeygen_h */ 17 | 18 | -------------------------------------------------------------------------------- /optimized/src/ringmul.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | #ifndef _RINGMUL_H_ 7 | #define _RINGMUL_H_ 8 | 9 | #include "r5_parameter_sets.h" 10 | 11 | #if PARAMS_K == 1 12 | 13 | // multiplication mod q, result length n 14 | void ringmul_q(modq_t d[PARAMS_N], modq_t a[PARAMS_N], tern_secret idx); 15 | 16 | // multiplication mod p, result length mu 17 | void ringmul_p(modp_t d[PARAMS_MU], modp_t a[PARAMS_N], tern_secret idx); 18 | 19 | #endif 20 | 21 | #endif /* _RINGMUL_H_ */ 22 | -------------------------------------------------------------------------------- /optimized/src/xe2_c16.c: -------------------------------------------------------------------------------- 1 | ../../configurable/src/xe2_c16.c -------------------------------------------------------------------------------- /optimized/src/xe4_c64.c: -------------------------------------------------------------------------------- 1 | ../../configurable/src/xe4_c64.c -------------------------------------------------------------------------------- /optimized/src/xe5_c64.c: -------------------------------------------------------------------------------- 1 | ../../configurable/src/xe5_c64.c -------------------------------------------------------------------------------- /optimized/src/xef.h: -------------------------------------------------------------------------------- 1 | ../../reference/src/xef.h -------------------------------------------------------------------------------- /optimized/src/xef_ref.c: -------------------------------------------------------------------------------- 1 | ../../reference/src/xef_ref.c -------------------------------------------------------------------------------- /reference/Doxyfile.sty: -------------------------------------------------------------------------------- 1 | % Define text representations for unicode characters in source code 2 | \usepackage[utf8]{inputenc} 3 | \DeclareUnicodeCharacter{3A8}{$\Psi$} 4 | \DeclareUnicodeCharacter{22C5}{$\cdot$} 5 | \DeclareUnicodeCharacter{305}{\={ }} 6 | \DeclareUnicodeCharacter{3C4}{$\tau$} 7 | -------------------------------------------------------------------------------- /reference/src/a_fixed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the fixed A matrix generation function. 8 | */ 9 | 10 | #include "a_fixed.h" 11 | #include "a_random.h" 12 | #include "r5_memory.h" 13 | 14 | #include 15 | 16 | #define NBLOCKS 8 17 | 18 | size_t A_fixed_len = 0; 19 | uint16_t *A_fixed = NULL; 20 | 21 | int create_A_fixed(const unsigned char *seed Parameters) { 22 | A_fixed_len = (size_t) (PARAMS_D * NBLOCKS *((PARAMS_K+NBLOCKS-1)/NBLOCKS)); 23 | 24 | /* (Re)allocate space for A_fixed */ 25 | A_fixed = checked_realloc(A_fixed, A_fixed_len * sizeof (*A_fixed)); 26 | 27 | /* Create A_fixed randomly */ 28 | if (create_A_random(A_fixed, seed Params)) { 29 | return 1; 30 | } 31 | 32 | /* Make all elements mod q */ 33 | for (size_t i = 0; i < A_fixed_len; ++i) { 34 | A_fixed[i] = (uint16_t) (A_fixed[i] & (PARAMS_Q - 1)); 35 | } 36 | 37 | return 0; 38 | } 39 | -------------------------------------------------------------------------------- /reference/src/a_fixed.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the fixed A matrix as well as the function to generate it. 8 | */ 9 | 10 | #ifndef A_FIXED_H 11 | #define A_FIXED_H 12 | 13 | #include "chooseparameters.h" 14 | #include 15 | 16 | /** 17 | * The fixed A matrix for use inside with the non-ring algorithm when τ=1. 18 | * This matrix is generated by `create_A_fixed()`. 19 | */ 20 | extern uint16_t *A_fixed; 21 | 22 | /** 23 | * The size (number of elements) of the fixed A matrix, set with `create_A_fixed()`. 24 | */ 25 | extern size_t A_fixed_len; 26 | 27 | #ifdef __cplusplus 28 | extern "C" { 29 | #endif 30 | 31 | /** 32 | * Function to generate a fixed A matrix from the given seed. 33 | * 34 | * @param[in] seed the seed to use to generate the fixed A matrix (kappa_bytes bytes) 35 | * @param[in] params the algorithm parameters for which the fixed A matrix should be generated 36 | * @return __0__ in case of success 37 | */ 38 | int create_A_fixed(const unsigned char *seed Parameters); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif /* A_FIXED_H */ 45 | -------------------------------------------------------------------------------- /reference/src/a_random.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the random A matrix creation function. 8 | */ 9 | 10 | #ifndef A_RANDOM_H 11 | #define A_RANDOM_H 12 | 13 | #include "chooseparameters.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * Creates A random for the given seed and algorithm parameters. 21 | * 22 | * @param[out] A_random the random A to create 23 | * @param[in] seed the seed (kappa_bytes bytes) 24 | * @param[in] params the algorithm parameters in use 25 | * @return __0__ on success 26 | */ 27 | int create_A_random(uint16_t *A_random, const unsigned char *seed Parameters); 28 | 29 | #ifdef __cplusplus 30 | } 31 | #endif 32 | 33 | #endif /* A_RANDOM_H */ 34 | -------------------------------------------------------------------------------- /reference/src/chooseparameters.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #undef PARAMETERCONSTANT 6 | 7 | #define SHAKE128_RATE 168 8 | // 168 bytes as a bytesequence = 1344 bits as a bitsequence 9 | 10 | #define SHAKE256_RATE 136 11 | // 136 bytes as a bytesequence = 1088 bits as a bitsequence 12 | 13 | #ifdef PARAMETERCONSTANT 14 | 15 | #include "../../optimized/src/r5_parameter_sets.h" 16 | 17 | #define Parameters 18 | #define Params 19 | #define useParams 20 | 21 | 22 | #if (PARAMS_KAPPA_BYTES > 16) 23 | #define RATE SHAKE256_RATE 24 | #else 25 | #define RATE SHAKE128_RATE 26 | #endif 27 | 28 | #define DeclareParameters 29 | 30 | #else 31 | 32 | #include "r5_parameter_sets.h" 33 | #include "parameters.h" 34 | 35 | #define Parameters , const parameters * params 36 | #define Params , params 37 | #define useParams params = params ; 38 | 39 | #define DeclareParameters\ 40 | parameters * params; \ 41 | if ((params = set_parameters_from_api()) == NULL) \ 42 | exit(EXIT_FAILURE) 43 | 44 | 45 | #define RATE (params->kappa_bytes > 16 ? SHAKE256_RATE : SHAKE128_RATE ) 46 | #define PARAMS_B_BITS (params->b_bits) 47 | #define PARAMS_T_BITS (params->t_bits) 48 | #define PARAMS_P_BITS (params->p_bits) 49 | #define PARAMS_Q_BITS (params->q_bits) 50 | #define PARAMS_CT_SIZE (params->ct_size) 51 | #define PARAMS_PK_SIZE (params->pk_size) 52 | #define PARAMS_D (params->d) 53 | #define PARAMS_Q (params->q) 54 | #define PARAMS_H (params->h) 55 | #define PARAMS_H1 (params->h1) 56 | #define PARAMS_H2 (params->h2) 57 | #define PARAMS_H3 (params->h3) 58 | #define PARAMS_F (params->f) 59 | #define PARAMS_K (params->k) 60 | #define PARAMS_N (params->n) 61 | #define PARAMS_N_BAR (params->n_bar) 62 | #define PARAMS_M (params->m) 63 | #define PARAMS_MU (params->mu) 64 | #define PARAMS_M_BAR (params->m_bar) 65 | #define PARAMS_P (params->p) 66 | #define PARAMS_TAU (params->tau) 67 | #define PARAMS_TAU2_LEN (params->tau2_len) 68 | #define PARAMS_KAPPA (params->kappa) 69 | #define PARAMS_KAPPA_BYTES (params->kappa_bytes) 70 | #define PARAMS_CT_SIZE (params->ct_size) 71 | #define PARAMS_XE (params->xe) 72 | 73 | #endif 74 | 75 | -------------------------------------------------------------------------------- /reference/src/common/aesctr/aesdrbg.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | #include "aesdrbg.h" 6 | 7 | static void AESinCtrModeConfig 8 | ( AESContext context, const uint8_t *key Parameters) 9 | { 10 | context->aes_ctx = EVP_CIPHER_CTX_new(); 11 | if ( !context->aes_ctx ) { 12 | DEBUG_ERROR("Error: failed to create encryption context of the DRBG.\n"); 13 | abort(); 14 | } 15 | 16 | const EVP_CIPHER *EVP_aes_ctr = 17 | ( ( PARAMS_KAPPA_BYTES <= 16 ) 18 | ? EVP_aes_128_ctr() 19 | : ( ( PARAMS_KAPPA_BYTES == 24 ) 20 | ? EVP_aes_192_ctr() 21 | : EVP_aes_256_ctr() 22 | ) ) ; 23 | 24 | if (EVP_EncryptInit_ex(context->aes_ctx, EVP_aes_ctr, NULL, key, NULL) != 1) { 25 | DEBUG_ERROR("Error: failed to initialize encryption context for the DRBG.\n"); 26 | abort(); 27 | } 28 | context-> index = &context->remaining[16]; 29 | } 30 | 31 | #if __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ 32 | #define address d=-d 33 | #else 34 | #define address 0 35 | #endif 36 | 37 | void AESCTRGen16 38 | ( AESContext context 39 | , uint16_t *out, size_t outputLength ) 40 | { 41 | uint8_t *buffer = context->index; 42 | size_t no = (size_t) ((&context->remaining[16]) - buffer); 43 | uint8_t *output = ((uint8_t *) (out)); 44 | outputLength *= 2; 45 | 46 | #if __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ 47 | int d = -1; 48 | #endif 49 | 50 | while( outputLength >= no ) { 51 | while( buffer < &context->remaining[16] ) { 52 | output[address] = *buffer++; 53 | output++; 54 | } 55 | outputLength -= no; 56 | 57 | int len; 58 | if ( EVP_EncryptUpdate(context->aes_ctx, context->remaining, &len, context->state, 16) != 1) { 59 | DEBUG_ERROR("Error: failed to generate deterministic random data.\n"); 60 | abort(); 61 | } 62 | no = 16; 63 | buffer = context->remaining; 64 | } 65 | for ( size_t i = 0; i < outputLength; i++ ) { 66 | output[address] = *buffer++; 67 | output++; 68 | } 69 | context->index = buffer; 70 | } 71 | 72 | void AESCTRInit 73 | ( AESContext context, 74 | const uint8_t *domain, uint8_t domainLen, 75 | const uint8_t *first, uint16_t firstLen, 76 | const uint8_t *second, uint32_t secondLen 77 | Parameters) 78 | { 79 | uint8_t key[PARAMS_KAPPA_BYTES] = {0}; 80 | r5_tuple_hash(key, PARAMS_KAPPA_BYTES, domain, domainLen, first, PARAMS_KAPPA_BYTES, second, secondLen, 3 Params); 81 | AESinCtrModeConfig(context, key Params); 82 | } 83 | 84 | 85 | void aesctr16 86 | (uint16_t *output, size_t outputLength, 87 | const uint8_t *domain, uint8_t domainLen, 88 | const uint8_t *first, uint16_t firstLen, 89 | const uint8_t *second, uint32_t secondLen 90 | Parameters) 91 | { 92 | AESContextInstance context = {0} ; 93 | AESCTRInit(&context, domain, domainLen, first, firstLen, second, secondLen Params); 94 | AESCTRGen16(&context, output, outputLength); 95 | EVP_CIPHER_CTX_free((context).aes_ctx); 96 | } 97 | 98 | 99 | -------------------------------------------------------------------------------- /reference/src/common/aesctr/aesdrbg.h: -------------------------------------------------------------------------------- 1 | #ifndef _AES_DRBG_H_ 2 | #define _AES_DRBG_H_ 3 | 4 | /* 5 | * Copyright (c) 2020, Koninklijke Philips N.V. 6 | */ 7 | 8 | #include 9 | #include 10 | #include "chooseparameters.h" 11 | #include "f202sp800185.h" 12 | #include "r5_hash.h" 13 | #include "misc.h" 14 | 15 | typedef struct contextAESInstance *AESContext; 16 | typedef struct contextAESInstance 17 | { 18 | EVP_CIPHER_CTX *aes_ctx; // The AES cipher context 19 | uint8_t state[16]; // Initial state, always 0 20 | 21 | uint8_t *index; // Index to remaining 22 | uint8_t remaining[16]; // Remaining bytes 23 | } AESContextInstance; 24 | 25 | extern void aesctr16(uint16_t *output, size_t outputLength, 26 | const uint8_t *domain, uint8_t domainLen, 27 | const uint8_t *first, uint16_t firstLen, 28 | const uint8_t *second, uint32_t secondLen 29 | Parameters); 30 | 31 | #endif /* _EAS_DRBG_H_ */ 32 | 33 | 34 | -------------------------------------------------------------------------------- /reference/src/common/drbg/drbg.h: -------------------------------------------------------------------------------- 1 | #ifndef _DRBG_H_ 2 | #define _DRBG_H_ 3 | 4 | /* 5 | * Copyright (c) 2020, Koninklijke Philips N.V. 6 | */ 7 | 8 | /** 9 | * @file 10 | * Implementation of functions used to obtain a deterministic sequence of pseudorandom data given a seed of true random data. 11 | */ 12 | 13 | /** 14 | * The default implementation uses TupleHash(XOF) using the XKCP library. 15 | * See https://github.com/XKCP/XKCP. 16 | * Alternatively, it is possible to use an standalone implementation of TupleHash(XOF) by defining `STANDALONE`. 17 | * Finally, by doing `make AES=1z, the generation of A uses AES in counter mode. 18 | */ 19 | 20 | #endif 21 | 22 | #include "f202sp800185.h" 23 | 24 | 25 | /************ Secret key generation Generation ***********************/ 26 | 27 | #define SKGenerationInit(d, i1, i2) \ 28 | ttupleHash_Instance thcontext = {0}; \ 29 | uint32_t i2len = 1; \ 30 | r5_tuple_hash_input(&thcontext, d, 4, i1, PARAMS_KAPPA_BYTES, i2, i2len, 3, 0 Params) 31 | 32 | #define SKGenerationGen(o, olen) \ 33 | r5_tuple_hash_xof_squeeze16(o, olen, &thcontext Params) 34 | 35 | #define SKGenerationInit_4x(d, i1, i20, i21, i22, i23) \ 36 | ttupleHash_Instance thcontext = {0}; \ 37 | uint32_t i2len = 1; \ 38 | r5_tuple_hash_input_4x(&thcontext, d, d, d, d, 4, i1, i1, i1, i1, PARAMS_KAPPA_BYTES, i20, i21, i22, i23, i2len, 3, 0 Params) 39 | 40 | #define SKGenerationGen_4x(o0, o1, o2, o3, olen) \ 41 | r5_tuple_hash_xof_squeeze16_4x(o0, o1, o2, o3, olen, &thcontext Params) 42 | 43 | 44 | /************ Permutation Generation ***********************/ 45 | 46 | #define APermutationInit(i1, olen) \ 47 | ttupleHash_Instance thcontext = {0}; \ 48 | const uint8_t d[12] = "APermutation"; \ 49 | r5_tuple_hash_input(&thcontext, d, 12, i1, PARAMS_KAPPA_BYTES, NULL, 0, 2, 0 Params) 50 | 51 | #define APermutationGen(o, olen) \ 52 | r5_tuple_hash_xof_squeeze16(o, olen, &thcontext Params) 53 | 54 | /************ A Generation ***********************/ 55 | 56 | #if (defined(AVX2)) && (defined(STANDALONE)) 57 | 58 | #define AGeneration4x(o0, o1, o2, o3, olen, d, i1, i20, i21, i22, i23) \ 59 | r5_tuple_hash16_4x(o0, o1, o2, o3, olen, d, d, d, d, 4, i1, i1, i1, i1, PARAMS_KAPPA_BYTES, i20, i21, i22, i23, 1, 3 Params) 60 | 61 | #else 62 | 63 | #if (!defined(USE_AES_DRBG)) 64 | 65 | #define AGeneration(o, olen, d, i1, i2) \ 66 | r5_tuple_hash16(o, olen, d, 4, i1, PARAMS_KAPPA_BYTES, i2, 1, 3 Params) 67 | 68 | #else // AGeneration using AES in counter mode 69 | 70 | #include "aesdrbg.h" 71 | #define AGeneration(o, olen, d, i1, i2) \ 72 | aesctr16(o, olen, d, 4, i1, PARAMS_KAPPA_BYTES, i2, 1 Params) 73 | 74 | #endif 75 | #endif 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /reference/src/common/fips202/1x/keccakf1600.h: -------------------------------------------------------------------------------- 1 | #ifndef _KECCAKF1600_H_ 2 | #define _KECCAKF1600_H_ 3 | 4 | // Importing, build upon: 5 | #include 6 | #include 7 | 8 | #ifdef AVX2 9 | #include 10 | #endif 11 | 12 | #include "chooseparameters.h" 13 | 14 | // Reduction of public domain sources. 15 | 16 | void KeccakF1600_StateExtractBytes ( uint64_t *state, uint8_t *data Parameters ); 17 | 18 | void KeccakF1600_StateXORBytes ( uint64_t *state, const uint8_t *data Parameters ); 19 | 20 | void KeccakF1600_StatePermute( uint64_t *state ); 21 | 22 | #ifdef AVX2 23 | void KeccakF1600_StateExtractBytes_4x(__m256i *state, 24 | uint8_t *data0, 25 | uint8_t *data1, 26 | uint8_t *data2, 27 | uint8_t *data3 28 | Parameters ); 29 | 30 | void KeccakF1600_StateXORBytes_4x (__m256i *state, 31 | const uint8_t *data0, 32 | const uint8_t *data1, 33 | const uint8_t *data2, 34 | const uint8_t *data3 35 | Parameters ); 36 | #endif 37 | 38 | #endif /* _KECCAKF1600_H_ */ 39 | 40 | 41 | -------------------------------------------------------------------------------- /reference/src/common/fips202/4x/SIMD256-config.h: -------------------------------------------------------------------------------- 1 | #define KeccakP1600times4_implementation_config "AVX2, all rounds unrolled" 2 | #define KeccakP1600times4_fullUnrolling 3 | #define KeccakP1600times4_useAVX2 4 | -------------------------------------------------------------------------------- /reference/src/common/fips202/4x/align.h: -------------------------------------------------------------------------------- 1 | /* 2 | Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, 3 | Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby 4 | denoted as "the implementer". 5 | 6 | For more information, feedback or questions, please refer to our websites: 7 | http://keccak.noekeon.org/ 8 | http://keyak.noekeon.org/ 9 | http://ketje.noekeon.org/ 10 | 11 | To the extent possible under law, the implementer has waived all copyright 12 | and related or neighboring rights to the source code in this file. 13 | http://creativecommons.org/publicdomain/zero/1.0/ 14 | */ 15 | 16 | #ifndef _align_h_ 17 | #define _align_h_ 18 | 19 | /* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */ 20 | #ifdef ALIGN 21 | #undef ALIGN 22 | #endif 23 | 24 | #if defined(__GNUC__) 25 | #define ALIGN(x) __attribute__ ((aligned(x))) 26 | #elif defined(_MSC_VER) 27 | #define ALIGN(x) __declspec(align(x)) 28 | #elif defined(__ARMCC_VERSION) 29 | #define ALIGN(x) __align(x) 30 | #else 31 | #define ALIGN(x) 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /reference/src/common/hash/r5_hash.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Definition of the hash functions as used within Round5. 8 | */ 9 | 10 | #include "r5_hash.h" 11 | #include "f202sp800185.h" 12 | 13 | inline void HCPAKEM 14 | (uint8_t *output, uint32_t outputLength, 15 | const uint8_t *firstInput, uint16_t firstInputLength, 16 | const uint8_t *secondInput, uint32_t secondInputLength 17 | Parameters ) 18 | { const uint8_t d[7] = "HCPAKEM"; 19 | r5_tuple_hash(output, outputLength, d, 7, firstInput, firstInputLength, secondInput, secondInputLength, 3 Params); 20 | } 21 | 22 | inline void HCCAKEM 23 | ( uint8_t *output, uint32_t outputLength, 24 | const uint8_t *firstInput, uint16_t firstInputLength, 25 | const uint8_t *secondInput, uint32_t secondInputLength 26 | Parameters ) 27 | { 28 | const uint8_t d[7] = "HCCAKEM"; 29 | r5_tuple_hash(output, outputLength, d, 7, firstInput, firstInputLength, secondInput, secondInputLength, 3 Params); 30 | } 31 | 32 | inline void GCCAKEM 33 | (uint8_t *output, uint32_t outputLength, 34 | const uint8_t *firstInput, uint16_t firstInputLength, 35 | const uint8_t *secondInput, uint32_t secondInputLength 36 | Parameters ) 37 | { 38 | const uint8_t d[7] = "GCCAKEM"; 39 | r5_tuple_hash(output, outputLength, d, 7, firstInput, firstInputLength, secondInput, secondInputLength, 3 Params); 40 | } 41 | 42 | inline void HashR5DEM 43 | (uint8_t *output, uint32_t outputLength, 44 | const uint8_t *firstInput, uint16_t firstInputLength 45 | Parameters ) 46 | { 47 | const uint8_t d[6] = "HR5DEM"; 48 | r5_tuple_hash(output, outputLength, d, 6, firstInput, firstInputLength, NULL, 0, 2 Params); 49 | } 50 | -------------------------------------------------------------------------------- /reference/src/common/hash/r5_hash.h: -------------------------------------------------------------------------------- 1 | #ifndef _R5_HASH_H_ 2 | #define _R5_HASH_H_ 3 | 4 | /* 5 | * Copyright (c) 2020, Koninklijke Philips N.V. 6 | */ 7 | 8 | /** 9 | * @file 10 | * Definition of the hash function as used within Round5. 11 | */ 12 | 13 | #include "f202sp800185.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | extern void HCPAKEM 20 | ( uint8_t *output, uint32_t outputLength, 21 | const uint8_t *firstInput, uint16_t firstInputLength, 22 | const uint8_t *secondInput, uint32_t secondInputLength 23 | Parameters ); 24 | 25 | extern void HCCAKEM 26 | ( uint8_t *output, uint32_t outputLength, 27 | const uint8_t *firstInput, uint16_t firstInputLength, 28 | const uint8_t *secondInput, uint32_t secondInputLength 29 | Parameters ); 30 | 31 | extern void GCCAKEM 32 | ( uint8_t *output, uint32_t outputLength, 33 | const uint8_t *firstInput, uint16_t firstInputLength, 34 | const uint8_t *secondInput, uint32_t secondInputLength 35 | Parameters ); 36 | 37 | extern void HashR5DEM 38 | ( uint8_t *output, uint32_t outputLength, 39 | const uint8_t *firstInput, uint16_t firstInputLength 40 | Parameters ); 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | #endif /* _R5_HASH_H_ */ 47 | -------------------------------------------------------------------------------- /reference/src/common/rng/rng.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the random bytes functions. 8 | */ 9 | 10 | #ifndef RNG_H 11 | #define RNG_H 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | // /** 18 | // * Initializes the random number generator used for generating the random 19 | // * bytes. 20 | // * 21 | // * @param[in] entropy_input the bytes to use as input entropy (48 bytes) 22 | // * @param[in] personalization_string an optional personalization string (48 bytes) 23 | // * @param[in] security_strength parameter to specify the security strength of the random bytes 24 | // */ 25 | void randombytes_init(unsigned char *entropy_input, unsigned char *personalization_string, int security_strength); 26 | 27 | /** 28 | * Generates a sequence of random bytes. 29 | * 30 | * @param[out] x destination of the random bytes 31 | * @param[in] xlen the number of random bytes 32 | * @return _0_ in case of success, non-zero otherwise 33 | */ 34 | int randombytes(unsigned char *x, unsigned long long xlen); 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | #endif /* RNG_H */ 41 | -------------------------------------------------------------------------------- /reference/src/common/rng/true_rng.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of a “true” random bytes function. 8 | * 9 | * Uses /dev/urandom for generating the random bytes. 10 | * 11 | */ 12 | 13 | #include "rng.h" 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | /** Read the random bytes from /dev/urandom in blocks of 1MB (max). */ 20 | #define MAX_URANDOM_BLOCK_SIZE 1048576 21 | 22 | /** The file descriptor of /dev/urandom, -1 means uninitialised */ 23 | /** Can be adapted to avoid usage of global variable */ 24 | static int urandom_r5_file_descriptor = -1; 25 | 26 | void randombytes_init(unsigned char *entropy_input, unsigned char *personalization_string, int security_strength) { 27 | // to fit NIST rng 28 | (void) entropy_input; 29 | (void) personalization_string; 30 | (void) security_strength; 31 | 32 | // Open /dev/urandom (if not already done) 33 | while (urandom_r5_file_descriptor == -1) { 34 | urandom_r5_file_descriptor = open("/dev/urandom", O_RDONLY); 35 | if (urandom_r5_file_descriptor == -1) sleep(1); 36 | } 37 | } 38 | 39 | int randombytes(unsigned char *r, unsigned long long n) { 40 | if (urandom_r5_file_descriptor == -1) { 41 | randombytes_init(NULL, NULL, 0); 42 | } 43 | 44 | /* Get the random bytes in chunks */ 45 | ssize_t s; 46 | while (n > 0) { 47 | s = read(urandom_r5_file_descriptor, r, (size_t) (n < MAX_URANDOM_BLOCK_SIZE ? n : MAX_URANDOM_BLOCK_SIZE)); 48 | if (s < 1) { 49 | sleep(1); /* Wait a bit before retrying */ 50 | } else { 51 | /* Move to next chunk */ 52 | r += s; 53 | n -= (unsigned long long) s; 54 | } 55 | } 56 | 57 | return 0; 58 | } 59 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/aesctr/aesdrbg.h: -------------------------------------------------------------------------------- 1 | #ifndef _AES_DRBG_H_ 2 | #define _AES_DRBG_H_ 3 | 4 | /* 5 | * Copyright (c) 2020, Koninklijke Philips N.V. 6 | */ 7 | 8 | #include 9 | #include 10 | #include "chooseparameters.h" 11 | #include "shaking.h" 12 | #include "r5_hash.h" 13 | #include "misc.h" 14 | 15 | 16 | // Types: 17 | 18 | typedef struct contextAESInstance *AESContext; 19 | typedef struct contextAESInstance 20 | { 21 | EVP_CIPHER_CTX *aes_ctx; // The AES cipher context 22 | uint8_t state[16]; // Initial state, always 0 23 | 24 | uint8_t *index; // Index to remaining 25 | uint8_t remaining[16]; // Remaining bytes 26 | } AESContextInstance; 27 | 28 | // Public Interface: 29 | 30 | #define initAESdrbg(context) \ 31 | AESContextInstance context = {0} 32 | 33 | extern void produce 34 | ( AESContext context 35 | , uint8_t *output, size_t outputLength ); 36 | 37 | extern void produce16 38 | ( AESContext context 39 | , uint16_t *output, size_t outputLength ); 40 | 41 | extern void consume 42 | ( AESContext context, const uint8_t *seed Parameters); 43 | 44 | extern void generate 45 | ( uint8_t *output, size_t outputLength 46 | , const uint8_t *seed Parameters); 47 | 48 | extern void generate16 49 | ( uint16_t *output, size_t outputLength 50 | , const uint8_t *seed Parameters); 51 | 52 | extern void cconsume 53 | ( AESContext context, const uint8_t *seed 54 | , const uint8_t *customization, size_t customizationLength Parameters); 55 | 56 | extern void cgenerate 57 | ( uint8_t *output, size_t outputLength 58 | , const uint8_t *seed 59 | , const uint8_t *customization, size_t customizationLength Parameters); 60 | 61 | extern void cgenerate16 62 | ( uint16_t *output, size_t outputLength 63 | , const uint8_t *seed 64 | , const uint8_t *customization, size_t customizationLength Parameters); 65 | 66 | #define freeAESContext(X) EVP_CIPHER_CTX_free((X).aes_ctx); 67 | 68 | #endif /* _EAS_DRBG_H_ */ 69 | 70 | 71 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/fips202/SIMD256-config.h: -------------------------------------------------------------------------------- 1 | #define KeccakP1600times4_implementation_config "AVX2, all rounds unrolled" 2 | #define KeccakP1600times4_fullUnrolling 3 | #define KeccakP1600times4_useAVX2 4 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/fips202/align.h: -------------------------------------------------------------------------------- 1 | /* 2 | Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, 3 | Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby 4 | denoted as "the implementer". 5 | 6 | For more information, feedback or questions, please refer to our websites: 7 | http://keccak.noekeon.org/ 8 | http://keyak.noekeon.org/ 9 | http://ketje.noekeon.org/ 10 | 11 | To the extent possible under law, the implementer has waived all copyright 12 | and related or neighboring rights to the source code in this file. 13 | http://creativecommons.org/publicdomain/zero/1.0/ 14 | */ 15 | 16 | #ifndef _align_h_ 17 | #define _align_h_ 18 | 19 | /* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */ 20 | #ifdef ALIGN 21 | #undef ALIGN 22 | #endif 23 | 24 | #if defined(__GNUC__) 25 | #define ALIGN(x) __attribute__ ((aligned(x))) 26 | #elif defined(_MSC_VER) 27 | #define ALIGN(x) __declspec(align(x)) 28 | #elif defined(__ARMCC_VERSION) 29 | #define ALIGN(x) __align(x) 30 | #else 31 | #define ALIGN(x) 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/fips202/keccak4x/SIMD256-config.h: -------------------------------------------------------------------------------- 1 | #define KeccakP1600times4_implementation_config "AVX2, all rounds unrolled" 2 | #define KeccakP1600times4_fullUnrolling 3 | #define KeccakP1600times4_useAVX2 4 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/fips202/keccak4x/align.h: -------------------------------------------------------------------------------- 1 | /* 2 | Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, 3 | Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer, hereby 4 | denoted as "the implementer". 5 | 6 | For more information, feedback or questions, please refer to our websites: 7 | http://keccak.noekeon.org/ 8 | http://keyak.noekeon.org/ 9 | http://ketje.noekeon.org/ 10 | 11 | To the extent possible under law, the implementer has waived all copyright 12 | and related or neighboring rights to the source code in this file. 13 | http://creativecommons.org/publicdomain/zero/1.0/ 14 | */ 15 | 16 | #ifndef _align_h_ 17 | #define _align_h_ 18 | 19 | /* on Mac OS-X and possibly others, ALIGN(x) is defined in param.h, and -Werror chokes on the redef. */ 20 | #ifdef ALIGN 21 | #undef ALIGN 22 | #endif 23 | 24 | #if defined(__GNUC__) 25 | #define ALIGN(x) __attribute__ ((aligned(x))) 26 | #elif defined(_MSC_VER) 27 | #define ALIGN(x) __declspec(align(x)) 28 | #elif defined(__ARMCC_VERSION) 29 | #define ALIGN(x) __align(x) 30 | #else 31 | #define ALIGN(x) 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /reference/src/examples/common/drbg/fips202/keccakf1600.h: -------------------------------------------------------------------------------- 1 | #ifndef _KECCAKF1600_H_ 2 | #define _KECCAKF1600_H_ 3 | 4 | // Importing, build upon: 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | 11 | #include "chooseparameters.h" 12 | 13 | // Reduction of public domain sources. 14 | 15 | void KeccakF1600_StateExtractBytes ( uint64_t *state, uint8_t *data Parameters ); 16 | 17 | void KeccakF1600_StateXORBytes ( uint64_t *state, const uint8_t *data Parameters ); 18 | 19 | void KeccakF1600_StatePermute( uint64_t *state ); 20 | 21 | void KeccakF1600_StateExtractBytes_4x(__m256i *state, 22 | uint8_t *data0, 23 | uint8_t *data1, 24 | uint8_t *data2, 25 | uint8_t *data3 26 | Parameters ); 27 | 28 | void KeccakF1600_StateXORBytes_4x (__m256i *state, 29 | const uint8_t *data0, 30 | const uint8_t *data1, 31 | const uint8_t *data2, 32 | const uint8_t *data3 33 | Parameters ); 34 | 35 | #endif /* _KECCAKF1600_H_ */ 36 | 37 | 38 | -------------------------------------------------------------------------------- /reference/src/examples/common/hash/r5_hash.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Definition of the hash function as used within Round5. 8 | */ 9 | 10 | #include "r5_hash.h" 11 | 12 | extern void hash 13 | ( uint8_t *output, size_t outputLength 14 | , const uint8_t *input, size_t inputLength Parameters ); 15 | 16 | extern void hash_customization 17 | ( uint8_t *output, size_t outputLength 18 | , const uint8_t *input, size_t inputLength 19 | , const uint8_t *customization, size_t customizationLength Parameters ); 20 | 21 | -------------------------------------------------------------------------------- /reference/src/examples/common/hash/r5_hash.h: -------------------------------------------------------------------------------- 1 | #ifndef _R5_HASH_H_ 2 | #define _R5_HASH_H_ 3 | 4 | /* 5 | * Copyright (c) 2020, Koninklijke Philips N.V. 6 | */ 7 | 8 | /** 9 | * @file 10 | * Definition of the hash function as used within Round5. 11 | */ 12 | 13 | #include "shaking.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * The hash function as used within Round5. 21 | * 22 | * @param[out] output buffer for the output of the hash 23 | * @param[in] output_len the number of hash bytes to produce 24 | * @param[in] input the input to produce the hash for 25 | * @param[in] input_len the number of input bytes 26 | * @param[in] customization the customization string to use 27 | * @param[in] customization_len the length of the customization string 28 | * @param Parameters the number of bytes of kappa (used to 29 | * determine the the implementation of the 30 | */ 31 | 32 | inline void hash 33 | ( uint8_t *output, size_t outputLength 34 | , const uint8_t *input, size_t inputLength Parameters ) 35 | { r5_xof(output, outputLength, input, inputLength Params); } 36 | 37 | /** 38 | * The hash function as used within Round5. 39 | * 40 | * @param[out] output buffer for the output of the hash 41 | * @param[in] output_len the number of hash bytes to produce 42 | * @param[in] input the input to produce the hash for 43 | * @param[in] input_len the number of input bytes 44 | * @param[in] Parameters bytes of kappa (used to determine 45 | * the implementation of the hash function) 46 | */ 47 | 48 | inline void hash_customization 49 | ( uint8_t *output, size_t outputLength 50 | , const uint8_t *input, size_t inputLength 51 | , const uint8_t *customization, size_t customizationLength Parameters ) 52 | { r5_xof_s(output, outputLength, input, inputLength, customization, customizationLength Params); } 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _R5_HASH_H_ */ 59 | -------------------------------------------------------------------------------- /reference/src/examples/common/rng/shake_rng.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Alternative implementation of the random bytes functions. 8 | * 9 | * Similar to the NIST rng implementation but uses shake256 to generate the 10 | * random bytes since that is faster. 11 | */ 12 | 13 | #include "rng.h" 14 | 15 | #include 16 | #include "shake.h" 17 | 18 | /******************************************************************************* 19 | * Private data 20 | ******************************************************************************/ 21 | 22 | /** 23 | * The RNG context data structure. 24 | */ 25 | typedef struct { 26 | shake_ctx shake_ctx; /**< The shake context */ 27 | uint8_t buffer[SHAKE256_RATE]; /**< Buffer for output. */ 28 | size_t index; /**< Current index in buffer. */ 29 | } rng_ctx; 30 | 31 | /** 32 | * The context for the RNG. 33 | */ 34 | static rng_ctx ctx; 35 | 36 | /******************************************************************************* 37 | * Public functions 38 | ******************************************************************************/ 39 | 40 | void randombytes_init(unsigned char *entropy_input, unsigned char *personalization_string, int security_strength) { 41 | unsigned char seed_material[48]; 42 | (void) security_strength; 43 | 44 | memcpy(seed_material, entropy_input, 48); 45 | if (personalization_string) { 46 | for (int i = 0; i < 48; i++) { 47 | seed_material[i] ^= personalization_string[i]; 48 | } 49 | } 50 | shake256_init(&ctx.shake_ctx); 51 | shake256_absorb(&ctx.shake_ctx, seed_material, 48); 52 | ctx.index = SHAKE256_RATE; 53 | } 54 | 55 | int randombytes(unsigned char *x, unsigned long long xlen) { 56 | size_t i, j; 57 | 58 | i = ctx.index; 59 | for (j = 0; j < xlen; j++) { 60 | if (i >= SHAKE256_RATE) { 61 | shake256_squeezeblocks(&ctx.shake_ctx, ctx.buffer, 1); 62 | i = 0; 63 | } 64 | x[j] = ctx.buffer[i++]; 65 | } 66 | ctx.index = i; 67 | return 0; 68 | } 69 | -------------------------------------------------------------------------------- /reference/src/examples/common/rng/true_rng.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of a “true” random bytes function. 8 | * 9 | * Uses /dev/urandom fro generating the random bytes. 10 | */ 11 | 12 | #include "rng.h" 13 | 14 | #include 15 | #include 16 | #include 17 | 18 | /** Read the random bytes from /dev/urandom in blocks of 1MB (max). */ 19 | #define MAX_URANDOM_BLOCK_SIZE 1048576 20 | 21 | /** The file descriptor of /dev/urandom, -1 means uninitialised */ 22 | static int fd = -1; 23 | 24 | void randombytes_init(unsigned char *entropy_input, unsigned char *personalization_string, int security_strength) { 25 | (void) entropy_input; 26 | (void) personalization_string; 27 | (void) security_strength; 28 | 29 | /* Open /dev/urandom (if not already done) */ 30 | while (fd == -1) { 31 | fd = open("/dev/urandom", O_RDONLY); 32 | if (fd == -1) sleep(1); /* Wait a bit before retrying */ 33 | } 34 | } 35 | 36 | int randombytes(unsigned char *r, unsigned long long n) { 37 | if (fd == -1) { 38 | randombytes_init(NULL, NULL, 0); 39 | } 40 | 41 | /* Get the random bytes in chunks */ 42 | ssize_t s; 43 | while (n > 0) { 44 | s = read(fd, r, (size_t) (n < MAX_URANDOM_BLOCK_SIZE ? n : MAX_URANDOM_BLOCK_SIZE)); 45 | if (s < 1) { 46 | sleep(1); /* Wait a bit before retrying */ 47 | } else { 48 | /* Move to next chunk */ 49 | r += s; 50 | n -= (unsigned long long) s; 51 | } 52 | } 53 | 54 | return 0; 55 | } 56 | -------------------------------------------------------------------------------- /reference/src/kem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | /** 7 | * @file 8 | * Implementation of the KEM functions (NIST api). 9 | */ 10 | 11 | #include "kem.h" 12 | 13 | #include 14 | 15 | 16 | #ifndef ROUND5_CCA_PKE 17 | 18 | #include "r5_cpa_kem.h" 19 | 20 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 21 | DeclareParameters; 22 | return r5_cpa_kem_keygen(pk, sk Params); 23 | } 24 | 25 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 26 | DeclareParameters; 27 | return r5_cpa_kem_encapsulate(ct, k, pk Params); 28 | } 29 | 30 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 31 | DeclareParameters; 32 | return r5_cpa_kem_decapsulate(k, ct, sk Params); 33 | } 34 | 35 | #else 36 | 37 | #include "r5_cca_kem.h" 38 | 39 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 40 | DeclareParameters; 41 | return r5_cca_kem_keygen(pk, sk Params); 42 | } 43 | 44 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 45 | DeclareParameters; 46 | return r5_cca_kem_encapsulate(ct, k, pk Params); 47 | } 48 | 49 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 50 | DeclareParameters; 51 | return r5_cca_kem_decapsulate(k, ct, sk Params); 52 | } 53 | 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /reference/src/kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CPA KEM functions (NIST api). 8 | */ 9 | 10 | //#ifndef _CPA_KEM_H_ 11 | //#define _CPA_KEM_H_ 12 | 13 | #include "chooseparameters.h" 14 | 15 | /* 16 | * Conditionally provide the KEM NIST API functions. 17 | */ 18 | 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | //#define ROUND5_CCA_PKE 25 | 26 | #ifndef ROUND5_CCA_PKE 27 | 28 | 29 | /** 30 | * Generates a CPA KEM key pair. 31 | * 32 | * @param[out] pk public key 33 | * @param[out] sk secret key 34 | * @return __0__ in case of success 35 | */ 36 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 37 | 38 | /** 39 | * CPA KEM encapsulate. 40 | * 41 | * @param[out] ct key encapsulation message (ciphertext) 42 | * @param[out] k shared secret 43 | * @param[in] pk public key with which the message is encapsulated 44 | * @return __0__ in case of success 45 | */ 46 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 47 | 48 | /** 49 | * CPA KEM de-capsulate. 50 | * 51 | * @param[out] k shared secret 52 | * @param[in] ct key encapsulation message (ciphertext) 53 | * @param[in] sk secret key with which the message is to be de-capsulated 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 57 | 58 | #else /*CCA KEM*/ 59 | 60 | 61 | /** 62 | * Generates a CCA KEM key pair. 63 | * 64 | * @param[out] pk public key 65 | * @param[out] sk secret key 66 | * @return __0__ in case of success 67 | */ 68 | inline int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 69 | 70 | /** 71 | * CCA KEM encapsulate. 72 | * 73 | * @param[out] ct key encapsulation message (ciphertext) 74 | * @param[out] k shared secret 75 | * @param[in] pk public key with which the message is encapsulated 76 | * @return __0__ in case of success 77 | */ 78 | inline int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 79 | 80 | /** 81 | * CCA KEM de-capsulate. 82 | * 83 | * @param[out] k shared secret 84 | * @param[in] ct key encapsulation message (ciphertext) 85 | * @param[in] sk secret key with which the message is to be de-capsulated 86 | * @return __0__ in case of success 87 | */ 88 | inline int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 89 | 90 | #endif 91 | 92 | #ifdef __cplusplus 93 | } 94 | #endif 95 | 96 | -------------------------------------------------------------------------------- /reference/src/little_endian.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of little-endian byte array conversion functions. 8 | */ 9 | 10 | #include "little_endian.h" 11 | 12 | /* Force symbols to be emitted when no compiler optimization is applied. */ 13 | extern inline uint8_t u8_from_le(const unsigned char *x); 14 | extern inline void u8_to_le(unsigned char *x, const uint8_t u); 15 | extern inline uint16_t u16_from_le(const unsigned char *x); 16 | extern inline void u16_to_le(unsigned char *x, const uint16_t u); 17 | extern inline uint32_t u32_from_le(const unsigned char *x); 18 | extern inline void u32_to_le(unsigned char *x, const uint32_t u); 19 | extern inline uint64_t u64_from_le(const unsigned char *x); 20 | extern inline void u64_to_le(unsigned char *x, const uint64_t u); 21 | -------------------------------------------------------------------------------- /reference/src/pke.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #include "pke.h" 12 | #include 13 | 14 | #ifdef ROUND5_CCA_PKE 15 | //#if CRYPTO_CIPHERTEXTBYTES == 0 16 | 17 | #include "r5_cca_pke.h" 18 | 19 | //extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 20 | //extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 21 | //extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 22 | 23 | extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) { 24 | DeclareParameters; 25 | return r5_cca_pke_keygen(pk, sk Params); 26 | } 27 | 28 | extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 29 | DeclareParameters; 30 | return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk Params); 31 | } 32 | 33 | extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, unsigned long long ct_len, const unsigned char *sk) { 34 | DeclareParameters; 35 | return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk Params); 36 | } 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /reference/src/pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #ifndef _CCA_ENCRYPT_H_ 12 | #define _CCA_ENCRYPT_H_ 13 | 14 | #include "chooseparameters.h" 15 | 16 | 17 | /* 18 | * Conditionally provide the PKE NIST API functions. 19 | */ 20 | 21 | #ifdef ROUND5_CCA_PKE 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | 28 | /** 29 | * Generates an ENCRYPT key pair. 30 | * 31 | * @param[out] pk public key 32 | * @param[out] sk secret key 33 | * @return __0__ in case of success 34 | */ 35 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk);// { 36 | // return r5_cca_pke_keygen(pk, sk); 37 | // } 38 | 39 | /** 40 | * Encrypts a message. 41 | * 42 | * @param[out] ct the encrypted message 43 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 44 | * @param[in] m the message to encrypt 45 | * @param[in] m_len the length of the message to encrypt 46 | * @param[in] pk the public key to use for the encryption 47 | * @return __0__ in case of success 48 | */ 49 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk);// { 50 | // return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk); 51 | // } 52 | 53 | /** 54 | * Decrypts a message. 55 | * 56 | * @param[out] m the decrypted message 57 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 58 | * @param[in] ct the message to decrypt 59 | * @param[in] ct_len the length of the message to decrypt 60 | * @param[in] sk the secret key to use for the decryption 61 | * @return __0__ in case of success 62 | */ 63 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); //{ 64 | // return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk); 65 | // } 66 | 67 | #endif 68 | 69 | #ifdef __cplusplus 70 | } 71 | #endif 72 | 73 | #endif /* _CCA_ENCRYPT_H_ */ 74 | -------------------------------------------------------------------------------- /reference/src/r5_cca_kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CCA KEM functions. 8 | */ 9 | #ifndef R5_CCA_KEM_H 10 | #define R5_CCA_KEM_H 11 | 12 | #include "chooseparameters.h" 13 | 14 | #ifdef __cplusplus 15 | extern "C" { 16 | #endif 17 | 18 | /******************************************************************************* 19 | * Public functions 20 | ******************************************************************************/ 21 | 22 | /** 23 | * Generates a CCA KEM key pair. Uses the parameters as specified. 24 | * 25 | * @param[out] pk public key 26 | * @param[out] sk secret key 27 | * @param[in] params the algorithm parameters to use 28 | * @return __0__ in case of success 29 | */ 30 | int r5_cca_kem_keygen(unsigned char *pk, unsigned char *sk Parameters); 31 | 32 | /** 33 | * CCA KEM encapsulate. Uses the parameters as specified. 34 | * 35 | * @param[out] ct key encapsulation message (important: the size of `ct` is `ct_size` + `kappa_bytes`!) 36 | * @param[out] k shared secret 37 | * @param[in] pk public key with which the message is encapsulated 38 | * @param[in] params the algorithm parameters to use 39 | * @return __0__ in case of success 40 | */ 41 | int r5_cca_kem_encapsulate(unsigned char *ct, unsigned char *k, const unsigned char *pk Parameters); 42 | 43 | /** 44 | * CCA KEM de-capsulate. Uses the parameters as specified. 45 | * 46 | * @param[out] k shared secret 47 | * @param[in] ct key encapsulation message (important: the size of `ct` is `ct_size` + `kappa_bytes`!) 48 | * @param[in] sk secret key with which the message is to be de-capsulated (important: the size of `sk` is `sk_size` + `kappa_bytes` + `pk_size`!) 49 | * @param[in] params the algorithm parameters to use 50 | * @return __0__ in case of success 51 | */ 52 | int r5_cca_kem_decapsulate(unsigned char *k, const unsigned char *ct, const unsigned char *sk Parameters); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* R5_CCA_KEM_H */ 59 | -------------------------------------------------------------------------------- /reference/src/r5_cca_pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm. 9 | */ 10 | 11 | #ifndef R5_CCA_PKE_H 12 | #define R5_CCA_PKE_H 13 | 14 | #include "chooseparameters.h" 15 | 16 | #ifdef __cplusplus 17 | extern "C" { 18 | #endif 19 | 20 | /** 21 | * Generates an ENCRYPT key pair. Uses the parameters as specified. 22 | * 23 | * @param[out] pk public key 24 | * @param[out] sk secret key (important: the size of `sk` is `sk_size` + `kappa_bytes` + `pk_size`!) 25 | * @param[in] params the algorithm parameters to use 26 | * @return __0__ in case of success 27 | */ 28 | int r5_cca_pke_keygen(unsigned char *pk, unsigned char *sk Parameters); 29 | 30 | /** 31 | * Encrypts a message. Uses the parameters as specified. 32 | * 33 | * @param[out] ct the encrypted message 34 | * @param[out] ct_len the length of the encrypted message (`m_len` + `ct_size` + `kappa_bytes` + 16) 35 | * @param[in] m the message to encrypt 36 | * @param[in] m_len the length of the message to encrypt 37 | * @param[in] pk the public key to use for the encryption 38 | * @param[in] params the algorithm parameters to use 39 | * @return __0__ in case of success 40 | */ 41 | int r5_cca_pke_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk Parameters); 42 | 43 | /** 44 | * Decrypts a message. Uses the parameters as specified. 45 | * 46 | * @param[out] m the decrypted message 47 | * @param[out] m_len the length of the decrypted message (`ct_len` - `ct_size` - `kappa_bytes` - 16) 48 | * @param[in] ct the message to decrypt 49 | * @param[in] ct_len the length of the message to decrypt 50 | * @param[in] sk the secret key to use for the decryption 51 | * @param[in] params the algorithm parameters to use 52 | * @return __0__ in case of success 53 | */ 54 | int r5_cca_pke_decrypt(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk Parameters); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif /* R5_CCA_PKE_H */ 61 | -------------------------------------------------------------------------------- /reference/src/r5_cpa_kem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the CPA KEM functions. 8 | */ 9 | 10 | #include "r5_cpa_kem.h" 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #include "r5_core.h" 17 | #include "r5_cpa_pke.h" 18 | #include "pack.h" 19 | #include "r5_hash.h" 20 | #include "misc.h" 21 | #include "r5_memory.h" 22 | #include "rng.h" 23 | #include "drbg.h" 24 | 25 | /******************************************************************************* 26 | * Public functions 27 | ******************************************************************************/ 28 | 29 | int r5_cpa_kem_keygen(unsigned char *pk, unsigned char *sk Parameters) { 30 | return r5_cpa_pke_keygen(pk, sk Params); 31 | } 32 | 33 | int r5_cpa_kem_encapsulate(unsigned char *ct, unsigned char *k, const unsigned char *pk Parameters) { 34 | unsigned char *rho; 35 | unsigned char *m; 36 | 37 | /* Generate a random m */ 38 | m = checked_malloc(PARAMS_KAPPA_BYTES); 39 | randombytes(m, PARAMS_KAPPA_BYTES); 40 | 41 | /* Randomly generate rho */ 42 | rho = checked_malloc(PARAMS_KAPPA_BYTES); 43 | randombytes(rho, PARAMS_KAPPA_BYTES); 44 | 45 | /* Encrypt m */ 46 | r5_cpa_pke_encrypt(ct, pk, m, rho Params); 47 | 48 | HCPAKEM(k, PARAMS_KAPPA_BYTES, m, PARAMS_KAPPA_BYTES, ct, PARAMS_CT_SIZE Params); 49 | 50 | free(rho); 51 | free(m); 52 | 53 | return 0; 54 | } 55 | 56 | int r5_cpa_kem_decapsulate(unsigned char *k, const unsigned char *ct, const unsigned char *sk Parameters) { 57 | 58 | unsigned char *m; 59 | 60 | /* Allocate space */ 61 | m = checked_malloc(PARAMS_KAPPA_BYTES); 62 | 63 | /* Decrypt m */ 64 | r5_cpa_pke_decrypt(m, sk, ct Params); 65 | 66 | HCPAKEM(k, PARAMS_KAPPA_BYTES, m, PARAMS_KAPPA_BYTES, ct, PARAMS_CT_SIZE Params); 67 | 68 | free(m); 69 | 70 | return 0; 71 | } 72 | -------------------------------------------------------------------------------- /reference/src/r5_cpa_kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CPA KEM functions. 8 | */ 9 | 10 | #ifndef R5_CPA_KEM_H 11 | #define R5_CPA_KEM_H 12 | 13 | #include "chooseparameters.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * Generates a CPA KEM key pair. Uses the parameters as specified. 21 | * 22 | * @param[out] pk public key 23 | * @param[out] sk secret key 24 | * @param[in] params the algorithm parameters to use 25 | * @return __0__ in case of success 26 | */ 27 | int r5_cpa_kem_keygen(unsigned char *pk, unsigned char *sk Parameters); 28 | 29 | /** 30 | * CPA KEM encapsulate. Uses the parameters as specified. 31 | * 32 | * @param[out] ct key encapsulation message 33 | * @param[out] k shared secret 34 | * @param[in] pk public key with which the message is encapsulated 35 | * @param[in] params the algorithm parameters to use 36 | * @return __0__ in case of success 37 | */ 38 | int r5_cpa_kem_encapsulate(unsigned char *ct, unsigned char *k, const unsigned char *pk Parameters); 39 | 40 | /** 41 | * CPA KEM de-capsulate. Uses the parameters as specified. 42 | * 43 | * @param[out] k shared secret 44 | * @param[in] ct key encapsulation message 45 | * @param[in] sk secret key with which the message is to be de-capsulated 46 | * @param[in] params the algorithm parameters to use 47 | * @return __0__ in case of success 48 | */ 49 | int r5_cpa_kem_decapsulate(unsigned char *k, const unsigned char *ct, const unsigned char *sk Parameters); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif /* R5_CPA_KEM_H */ 56 | -------------------------------------------------------------------------------- /reference/src/r5_cpa_pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encryption functions used within the implementation. 8 | */ 9 | 10 | #ifndef PST_ENCRYPT_H 11 | #define PST_ENCRYPT_H 12 | 13 | #include "chooseparameters.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | /** 20 | * Generates a key pair. Uses the parameters as specified. 21 | * 22 | * @param[out] pk public key 23 | * @param[out] sk secret key 24 | * @param[in] params the algorithm parameters to use 25 | * @return __0__ in case of success 26 | */ 27 | int r5_cpa_pke_keygen(unsigned char *pk, unsigned char *sk Parameters); 28 | 29 | /** 30 | * Encrypts a plaintext using the provided seed for R. 31 | * 32 | * @param[out] ct ciphertext 33 | * @param[in] pk public key with which the message is encrypted 34 | * @param[in] m plaintext 35 | * @param[in] rho seed of R 36 | * @param[in] params the algorithm parameters to use 37 | * @return __0__ in case of success 38 | */ 39 | int r5_cpa_pke_encrypt(unsigned char *ct, const unsigned char *pk, const unsigned char *m, const unsigned char *rho Parameters); 40 | 41 | /** 42 | * Decrypts a ciphertext. 43 | * 44 | * @param[out] m plaintext 45 | * @param[in] ct ciphertext 46 | * @param[in] sk secret key with which the message is decrypted 47 | * @param[in] params the algorithm parameters to use 48 | * @return __0__ in case of success 49 | */ 50 | int r5_cpa_pke_decrypt(unsigned char *m, const unsigned char *sk, const unsigned char *ct Parameters); 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | #endif /* PST_ENCRYPT_H */ 57 | -------------------------------------------------------------------------------- /reference/src/r5_dem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the DEM functions used by the Round5 CCA KEM-based encrypt algorithm. 8 | */ 9 | 10 | #ifndef PST_DEM_H 11 | #define PST_DEM_H 12 | 13 | #include 14 | #include "chooseparameters.h" 15 | 16 | #ifdef __cplusplus 17 | extern "C" { 18 | #endif 19 | 20 | /** 21 | * Applies a DEM to the given message using the specified key. 22 | * 23 | * @param[out] c2 the encapsulated message 24 | * @param[out] c2_len the length of the encapsulated message (`m_len` + 16 bytes) 25 | * @param[in] key the key to use for the encapsulation 26 | * @param[in] key_len the length of the key 27 | * @param[in] m the message to encapsulate 28 | * @param[in] m_len the length of the message 29 | * @return __0__ in case of success 30 | */ 31 | int round5_dem(unsigned char *c2, unsigned long long *c2_len, const unsigned char *key, const uint8_t key_len, const unsigned char *m, const unsigned long long m_len Parameters); 32 | 33 | /** 34 | * Inverses the application of a DEM to a message. 35 | * 36 | * @param[out] m the original message 37 | * @param[out] m_len the length of the decapsulated message (`c2_len` - 16) 38 | * @param[in] key the key to use for the encapsulation 39 | * @param[in] key_len the length of the key 40 | * @param[in] c2 the encapsulated message 41 | * @param[in] c2_len the length of the encapsulated message 42 | * @return __0__ in case of success 43 | */ 44 | int round5_dem_inverse(unsigned char *m, unsigned long long *m_len, const unsigned char *key, const uint8_t key_len, const unsigned char *c2, const unsigned long long c2_len Parameters); 45 | 46 | #ifdef __cplusplus 47 | } 48 | #endif 49 | 50 | #endif /* PST_DEM_H */ 51 | -------------------------------------------------------------------------------- /reference/src/r5_memory.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the memory handling functions. 8 | */ 9 | 10 | #include "r5_memory.h" 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #undef checked_malloc 17 | #undef checked_calloc 18 | #undef checked_realloc 19 | 20 | extern void *checked_malloc(size_t size, const char *file, int line); 21 | extern void *checked_calloc(size_t count, size_t size, const char *file, const int line); 22 | extern void *checked_realloc(void *ptr, size_t size, const char *file, const int line); 23 | 24 | int constant_time_memcmp(const void *s1, const void *s2, size_t n) { 25 | const uint8_t * a = s1; 26 | const uint8_t * b = s2; 27 | int ret = 0; 28 | size_t i; 29 | 30 | for (i = 0; i < n; ++i) { 31 | ret |= *a++ ^ *b++; 32 | } 33 | 34 | return ret; 35 | } 36 | 37 | void conditional_constant_time_memcpy(void * restrict dst, const void * restrict src, size_t n, uint8_t flag) { 38 | uint8_t * d = dst; 39 | const uint8_t * s = src; 40 | flag = (unsigned char) (-(flag | -flag) >> 7); // Force flag into 0x00 or 0xff 41 | size_t i; 42 | 43 | for (i = 0; i < n; ++i) { 44 | d[i] = (uint8_t) (d[i] ^ (flag & (d[i] ^ s[i]))); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /reference/src/xef.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield 3 | * Markku-Juhani O. Saarinen 4 | */ 5 | 6 | // Generic prototypes for error correction code 7 | 8 | #ifndef _XEF_H_ 9 | #define _XEF_H_ 10 | 11 | #include 12 | #include 13 | 14 | // Parametrized versions. f = 0..5, number of errors fixed 15 | 16 | // Computes the parity code, XORs it at the end of payload 17 | // len = payload (bytes). Returns (payload | xef) length in *bits*. 18 | size_t xef_compute(void *block, size_t len, unsigned f); 19 | 20 | // Fixes errors based on parity code. Call xef_compute() first to get delta. 21 | // len = payload (bytes). Returns (payload | xef) length in *bits*. 22 | size_t xef_fixerr(void *block, size_t len, unsigned f); 23 | 24 | 25 | // specific code from optimized implementations 26 | 27 | void xe2_53_compute(void *block); // xe2_c16.c 28 | void xe2_53_fixerr(void *block); 29 | 30 | void xe4_163_compute(void *block); // xe4_c64.c 31 | void xe4_163_fixerr(void *block); 32 | 33 | void xe5_190_compute(void *block); // xe5_c64.c 34 | void xe5_190_fixerr(void *block); 35 | void xe5_218_compute(void *block); 36 | void xe5_218_fixerr(void *block); 37 | void xe5_234_compute(void *block); 38 | void xe5_234_fixerr(void *block); 39 | 40 | #endif /* _XEF_H_ */ 41 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_1CCA_0d.sha: -------------------------------------------------------------------------------- 1 | a6a23600475e80c2de46bf18c7a65f7f7203a455 PQCkemKAT_5772.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_1CPA_0d.sha: -------------------------------------------------------------------------------- 1 | a871d977c97c97887abc2eafe8f0d6c6fbdefee3 PQCkemKAT_16.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_3CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 61bc38335fbabf79630187158c69dd462c87dba1 PQCkemKAT_9708.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_3CCA_0smallCT.sha: -------------------------------------------------------------------------------- 1 | d72d5667d95fea61e1156c34b170e7d1c3af11a8 PQCkemKAT_163584.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_3CPA_0d.sha: -------------------------------------------------------------------------------- 1 | 67c314080c5f1f5a41f871bd791864152c7b91db PQCkemKAT_24.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_5CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 410b0bc6284ecbd92644d3b8c735342951a23b65 PQCkemKAT_14700.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5N1_5CPA_0d.sha: -------------------------------------------------------------------------------- 1 | f15aebc4992f1a5fa68ca39e8fc6ad289f0cfea4 PQCkemKAT_32.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_0CPA_2iot.sha: -------------------------------------------------------------------------------- 1 | a8fc01d6352de4c7a9ef7c0fe5640f1d6e10e217 PQCkemKAT_16.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_1CCA_0d.sha: -------------------------------------------------------------------------------- 1 | b2f06a4d44aaee40c8b14130d5500df593748151 PQCkemKAT_708.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_1CCA_5d.sha: -------------------------------------------------------------------------------- 1 | 1bb5c4c09fd9aca5b47bfe439c46b183e83b5aa2 PQCkemKAT_493.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_1CPA_0d.sha: -------------------------------------------------------------------------------- 1 | 567c0f9056639ec5d84e258b4ba329bca38b9492 PQCkemKAT_16.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_1CPA_4longkey.sha: -------------------------------------------------------------------------------- 1 | 70cdad1576f0b02b72a672ec999811dd8836f9b7 PQCkemKAT_24.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_1CPA_5d.sha: -------------------------------------------------------------------------------- 1 | b60fe7208796c2a9315cc826a2a6b6c176e6e085 PQCkemKAT_16.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_3CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 3985224ccc281c3957f15d699f45e5f14d1b0dd3 PQCkemKAT_1031.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_3CCA_5d.sha: -------------------------------------------------------------------------------- 1 | c4a5d8f23208523ec6975a3bb80a11a04c9c7adc PQCkemKAT_828.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_3CPA_0d.sha: -------------------------------------------------------------------------------- 1 | 672750e4f27d9e7c615b3366cf410e3bc9468d57 PQCkemKAT_24.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_3CPA_5d.sha: -------------------------------------------------------------------------------- 1 | 919857f7181f90550abbec5893d1137ebcbfc761 PQCkemKAT_24.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_5CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 43ebbf874a02e8e0530f38d44ee898fcd87f5bd9 PQCkemKAT_1413.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_5CCA_5d.sha: -------------------------------------------------------------------------------- 1 | 0958b6e37e1b72e44c04782ffac6b0171a385f9b PQCkemKAT_1042.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_5CPA_0d.sha: -------------------------------------------------------------------------------- 1 | 1585d24b5d85b8a8e05c7b5ef28822f3e48a6294 PQCkemKAT_32.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/KEM/shasum_R5ND_5CPA_5d.sha: -------------------------------------------------------------------------------- 1 | 5fc91e2206e7b3c7f8818344c3559e82da6f8ea8 PQCkemKAT_32.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5N1_1CCA_0d.sha: -------------------------------------------------------------------------------- 1 | e6076a1cba1ff630c986d4457fbe2bb1070e6901 PQCencryptKAT_5772.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5N1_3CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 430c44e22262b2319fec2fa2a4a72fc5d06260da PQCencryptKAT_9708.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5N1_3CCA_0smallCT.sha: -------------------------------------------------------------------------------- 1 | 87c185493198d1b042ebb901b6b4463fe9fb1d44 PQCencryptKAT_163584.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5N1_5CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 6229cad96d837e6acb54e0c2510bb8a1cca2a95a PQCencryptKAT_14700.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_1CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 7c6be48323cf4f77b6d3a72782354485053ed795 PQCencryptKAT_708.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_1CCA_5d.sha: -------------------------------------------------------------------------------- 1 | e811680e3446177690ee2bacfece006574a21d12 PQCencryptKAT_493.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_3CCA_0d.sha: -------------------------------------------------------------------------------- 1 | 300759c6ac1dccfa9eff938eb7f41b3daae18910 PQCencryptKAT_1031.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_3CCA_5d.sha: -------------------------------------------------------------------------------- 1 | d595d00eb1caa82a466612f1525f7897d5d9daaa PQCencryptKAT_828.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_5CCA_0d.sha: -------------------------------------------------------------------------------- 1 | da8e210ee75d3bd4c76542ed443800e5b18bd306 PQCencryptKAT_1413.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/NIST/PKE/shasum_R5ND_5CCA_5d.sha: -------------------------------------------------------------------------------- 1 | 5d60b027300c03768fb9ceff7a771e14684c97fd PQCencryptKAT_1042.rsp 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | 471dc4b186689675138167f970547b854f0099d4 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | 5acd7e4ce19eba8228c3cac11524600804e5d0c7 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | 14dbdb920288152b9816ad713545d53acd4049d1 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 884dd33b5aa44342e9a69bd4290e0b7f1ab9956c - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 574c4f012daf87a4aeb9e3bd05728adf03095c72 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_1CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | 4f4285c6db6e63f1e87401785678671bd721a7d2 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | 7c474652e7ec7d66663062c4a10528523aa5a1ec - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | e6039535cc975796b5fc1cddf3ee09ca2a90372a - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | f6c38cc16142980d4c83b3423b37d9e9c7298bfb - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0smallCT0.sha: -------------------------------------------------------------------------------- 1 | 6e2667997cb96959b841e4fbbfedd9a0d47d1362 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0smallCT1.sha: -------------------------------------------------------------------------------- 1 | bcd34de842ba38e169027771c3b45959e07c2ef4 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CCA_0smallCT2.sha: -------------------------------------------------------------------------------- 1 | 1b1000b31d448d78100ddc204fd58126aabe8b24 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 6a3c6054312ae4f1a95e6dc3a7c00ec3799b9127 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 30f4bc4adb2ae1d3e09c4d3675004ae3acdd40de - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_3CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | 25f3eac16bff9a8cbb8accb02dced405c4af4855 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | c8e95e99c8ae1638f0ecf083fd1589e868fe3475 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | 85b22770d888fd95d0fabd136943588998315c34 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | 94e36b99a0bf835b61820155ce43f6f15e53e5b3 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 5a506aa14971e0c8ee2bc868c95a8116b97fc14c - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 26da5fa9b0fa3df8f89f853b0b169142b1ce7d5a - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5N1_5CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | dcd74459e1bba81ecdbc8640a1a6e573487c3b62 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_0CPA_2iot0.sha: -------------------------------------------------------------------------------- 1 | ee1b37fd3a88591ef9eeb9cec0533212cf4086a5 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_0CPA_2iot1.sha: -------------------------------------------------------------------------------- 1 | ee1b37fd3a88591ef9eeb9cec0533212cf4086a5 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_0CPA_2iot2.sha: -------------------------------------------------------------------------------- 1 | ee1b37fd3a88591ef9eeb9cec0533212cf4086a5 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | f38dd9e155d7658333afd29bfdc2d619e198d0e9 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | f38dd9e155d7658333afd29bfdc2d619e198d0e9 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | f38dd9e155d7658333afd29bfdc2d619e198d0e9 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_5d0.sha: -------------------------------------------------------------------------------- 1 | 3aefee11f9544a76c6556c695917cf489fb2f24a - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_5d1.sha: -------------------------------------------------------------------------------- 1 | 3aefee11f9544a76c6556c695917cf489fb2f24a - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CCA_5d2.sha: -------------------------------------------------------------------------------- 1 | 3aefee11f9544a76c6556c695917cf489fb2f24a - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 3f8c69c8b53773ee1a4fec69a3d92dd3ff18708d - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 3f8c69c8b53773ee1a4fec69a3d92dd3ff18708d - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | 3f8c69c8b53773ee1a4fec69a3d92dd3ff18708d - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_4longkey0.sha: -------------------------------------------------------------------------------- 1 | 07be8e7d3d25365e64a1f296eca4a45d3105d46e - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_4longkey1.sha: -------------------------------------------------------------------------------- 1 | 07be8e7d3d25365e64a1f296eca4a45d3105d46e - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_4longkey2.sha: -------------------------------------------------------------------------------- 1 | 07be8e7d3d25365e64a1f296eca4a45d3105d46e - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_5d0.sha: -------------------------------------------------------------------------------- 1 | 74f80527904617ec3b44161df3991ab293dc5f35 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_5d1.sha: -------------------------------------------------------------------------------- 1 | 74f80527904617ec3b44161df3991ab293dc5f35 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_1CPA_5d2.sha: -------------------------------------------------------------------------------- 1 | 74f80527904617ec3b44161df3991ab293dc5f35 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | 82e847499171fdf0d5145ea60191ff40b216cd7c - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | 82e847499171fdf0d5145ea60191ff40b216cd7c - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | 82e847499171fdf0d5145ea60191ff40b216cd7c - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_5d0.sha: -------------------------------------------------------------------------------- 1 | dc06327514dd12f8d2956f5a70e6a73990d182df - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_5d1.sha: -------------------------------------------------------------------------------- 1 | dc06327514dd12f8d2956f5a70e6a73990d182df - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CCA_5d2.sha: -------------------------------------------------------------------------------- 1 | dc06327514dd12f8d2956f5a70e6a73990d182df - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 7f304ee426af164b82a4987468f24b969503d8aa - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 7f304ee426af164b82a4987468f24b969503d8aa - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | 7f304ee426af164b82a4987468f24b969503d8aa - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_5d0.sha: -------------------------------------------------------------------------------- 1 | ac4819884896e252936cf5f054f8570df4126b57 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_5d1.sha: -------------------------------------------------------------------------------- 1 | ac4819884896e252936cf5f054f8570df4126b57 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_3CPA_5d2.sha: -------------------------------------------------------------------------------- 1 | ac4819884896e252936cf5f054f8570df4126b57 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_0d0.sha: -------------------------------------------------------------------------------- 1 | d4a875d9bad1dc1de2e7672f8455c2a415219693 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_0d1.sha: -------------------------------------------------------------------------------- 1 | d4a875d9bad1dc1de2e7672f8455c2a415219693 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_0d2.sha: -------------------------------------------------------------------------------- 1 | d4a875d9bad1dc1de2e7672f8455c2a415219693 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_5d0.sha: -------------------------------------------------------------------------------- 1 | cbf340cd890d95b915b132655afc4c73b62a7d84 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_5d1.sha: -------------------------------------------------------------------------------- 1 | cbf340cd890d95b915b132655afc4c73b62a7d84 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CCA_5d2.sha: -------------------------------------------------------------------------------- 1 | cbf340cd890d95b915b132655afc4c73b62a7d84 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_0d0.sha: -------------------------------------------------------------------------------- 1 | 8660b0548d51fe366c4f2324e394fa735a080af2 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_0d1.sha: -------------------------------------------------------------------------------- 1 | 8660b0548d51fe366c4f2324e394fa735a080af2 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_0d2.sha: -------------------------------------------------------------------------------- 1 | 8660b0548d51fe366c4f2324e394fa735a080af2 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_5d0.sha: -------------------------------------------------------------------------------- 1 | 0378f338f068915a967f14e9f4cea5289160ea25 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_5d1.sha: -------------------------------------------------------------------------------- 1 | 0378f338f068915a967f14e9f4cea5289160ea25 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.KATSHASUM/shasum_R5ND_5CPA_5d2.sha: -------------------------------------------------------------------------------- 1 | 0378f338f068915a967f14e9f4cea5289160ea25 - 2 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_1CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 5772 16 | #define CRYPTO_PUBLICKEYBYTES 5740 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 5788 19 | #define CRYPTO_ALGNAME "R5N1_1CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_1CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 16 16 | #define CRYPTO_PUBLICKEYBYTES 5214 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 5236 19 | #define CRYPTO_ALGNAME "R5N1_1CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_3CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 9708 16 | #define CRYPTO_PUBLICKEYBYTES 9660 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 9716 19 | #define CRYPTO_ALGNAME "R5N1_3CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_3CCA_0smallCT.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 163584 16 | #define CRYPTO_PUBLICKEYBYTES 163536 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 972 19 | #define CRYPTO_ALGNAME "R5N1_3CCA_0smallCT" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_3CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 24 16 | #define CRYPTO_PUBLICKEYBYTES 8834 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 8866 19 | #define CRYPTO_ALGNAME "R5N1_3CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_5CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 14700 16 | #define CRYPTO_PUBLICKEYBYTES 14636 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 14708 19 | #define CRYPTO_ALGNAME "R5N1_5CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5N1_5CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 32 16 | #define CRYPTO_PUBLICKEYBYTES 14264 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 14288 19 | #define CRYPTO_ALGNAME "R5N1_5CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_0CPA_2iot.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 16 16 | #define CRYPTO_PUBLICKEYBYTES 342 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 394 19 | #define CRYPTO_ALGNAME "R5ND_0CPA_2iot" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_1CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 708 16 | #define CRYPTO_PUBLICKEYBYTES 676 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 740 19 | #define CRYPTO_ALGNAME "R5ND_1CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_1CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 493 16 | #define CRYPTO_PUBLICKEYBYTES 461 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 620 19 | #define CRYPTO_ALGNAME "R5ND_1CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_1CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 16 16 | #define CRYPTO_PUBLICKEYBYTES 634 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 682 19 | #define CRYPTO_ALGNAME "R5ND_1CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_1CPA_4longkey.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 24 16 | #define CRYPTO_PUBLICKEYBYTES 453 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 563 19 | #define CRYPTO_ALGNAME "R5ND_1CPA_4longkey" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_1CPA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 16 16 | #define CRYPTO_PUBLICKEYBYTES 445 17 | #define CRYPTO_BYTES 16 18 | #define CRYPTO_CIPHERTEXTBYTES 549 19 | #define CRYPTO_ALGNAME "R5ND_1CPA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_3CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1031 16 | #define CRYPTO_PUBLICKEYBYTES 983 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 1103 19 | #define CRYPTO_ALGNAME "R5ND_3CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_3CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 828 16 | #define CRYPTO_PUBLICKEYBYTES 780 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 934 19 | #define CRYPTO_ALGNAME "R5ND_3CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_3CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 24 16 | #define CRYPTO_PUBLICKEYBYTES 909 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 981 19 | #define CRYPTO_ALGNAME "R5ND_3CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_3CPA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 24 16 | #define CRYPTO_PUBLICKEYBYTES 780 17 | #define CRYPTO_BYTES 24 18 | #define CRYPTO_CIPHERTEXTBYTES 859 19 | #define CRYPTO_ALGNAME "R5ND_3CPA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_5CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1413 16 | #define CRYPTO_PUBLICKEYBYTES 1349 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 1509 19 | #define CRYPTO_ALGNAME "R5ND_5CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_5CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1042 16 | #define CRYPTO_PUBLICKEYBYTES 978 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 1285 19 | #define CRYPTO_ALGNAME "R5ND_5CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_5CPA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 32 16 | #define CRYPTO_PUBLICKEYBYTES 1178 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 1274 19 | #define CRYPTO_ALGNAME "R5ND_5CPA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_KEM_R5ND_5CPA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 32 16 | #define CRYPTO_PUBLICKEYBYTES 972 17 | #define CRYPTO_BYTES 32 18 | #define CRYPTO_CIPHERTEXTBYTES 1063 19 | #define CRYPTO_ALGNAME "R5ND_5CPA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates a CPA KEM key pair. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * CPA KEM encapsulate. 36 | * 37 | * @param[out] ct key encapsulation message (ciphertext) 38 | * @param[out] k shared secret 39 | * @param[in] pk public key with which the message is encapsulated 40 | * @return __0__ in case of success 41 | */ 42 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 43 | 44 | /** 45 | * CPA KEM de-capsulate. 46 | * 47 | * @param[out] k shared secret 48 | * @param[in] ct key encapsulation message (ciphertext) 49 | * @param[in] sk secret key with which the message is to be de-capsulated 50 | * @return __0__ in case of success 51 | */ 52 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* _API_H_ */ 59 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5N1_1CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 5772 16 | #define CRYPTO_PUBLICKEYBYTES 5740 17 | #define CRYPTO_BYTES 5804 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5N1_1CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5N1_3CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 9708 16 | #define CRYPTO_PUBLICKEYBYTES 9660 17 | #define CRYPTO_BYTES 9732 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5N1_3CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5N1_3CCA_0smallCT.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 163584 16 | #define CRYPTO_PUBLICKEYBYTES 163536 17 | #define CRYPTO_BYTES 988 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5N1_3CCA_0smallCT" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5N1_5CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 14700 16 | #define CRYPTO_PUBLICKEYBYTES 14636 17 | #define CRYPTO_BYTES 14724 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5N1_5CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_1CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 708 16 | #define CRYPTO_PUBLICKEYBYTES 676 17 | #define CRYPTO_BYTES 756 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_1CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_1CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 493 16 | #define CRYPTO_PUBLICKEYBYTES 461 17 | #define CRYPTO_BYTES 636 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_1CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_3CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1031 16 | #define CRYPTO_PUBLICKEYBYTES 983 17 | #define CRYPTO_BYTES 1119 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_3CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_3CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 828 16 | #define CRYPTO_PUBLICKEYBYTES 780 17 | #define CRYPTO_BYTES 950 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_3CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_5CCA_0d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1413 16 | #define CRYPTO_PUBLICKEYBYTES 1349 17 | #define CRYPTO_BYTES 1525 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_5CCA_0d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/api_PKE_R5ND_5CCA_5d.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the NIST API functions and setting of the NIST API 8 | * algorithm parameters: `CRYPTO_SECRETKEYBYTES`, `CRYPTO_PUBLICKEYBYTES`, 9 | * `CRYPTO_BYTES`, and `CRYPTO_CIPHERBYTES`. 10 | */ 11 | 12 | #ifndef _API_H_ 13 | #define _API_H_ 14 | 15 | #define CRYPTO_SECRETKEYBYTES 1042 16 | #define CRYPTO_PUBLICKEYBYTES 978 17 | #define CRYPTO_BYTES 1301 18 | #define CRYPTO_CIPHERTEXTBYTES 0 19 | #define CRYPTO_ALGNAME "R5ND_5CCA_5d" 20 | 21 | #ifdef __cplusplus 22 | extern "C" { 23 | #endif 24 | 25 | /** 26 | * Generates an ENCRYPT key pair. Uses the fixed parameter configuration. 27 | * 28 | * @param[out] pk public key 29 | * @param[out] sk secret key 30 | * @return __0__ in case of success 31 | */ 32 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 33 | 34 | /** 35 | * Encrypts a message. 36 | * 37 | * @param[out] ct the encrypted message 38 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 39 | * @param[in] m the message to encrypt 40 | * @param[in] m_len the length of the message to encrypt 41 | * @param[in] pk the public key to use for the encryption 42 | * @return __0__ in case of success 43 | */ 44 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 45 | 46 | /** 47 | * Decrypts a message. 48 | * 49 | * @param[out] m the decrypted message 50 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 51 | * @param[in] ct the message to decrypt 52 | * @param[in] ct_len the length of the message to decrypt 53 | * @param[in] sk the secret key to use for the decryption 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif /* _API_H_ */ 63 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/kem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | /** 7 | * @file 8 | * Implementation of the KEM functions (NIST api). 9 | */ 10 | 11 | #include "kem.h" 12 | 13 | #include 14 | 15 | 16 | #ifndef ROUND5_CCA_PKE 17 | 18 | #include "r5_cpa_kem.h" 19 | 20 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 21 | DeclareParameters; 22 | return r5_cpa_kem_keygen(pk, sk Params); 23 | } 24 | 25 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 26 | DeclareParameters; 27 | return r5_cpa_kem_encapsulate(ct, k, pk Params); 28 | } 29 | 30 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 31 | DeclareParameters; 32 | return r5_cpa_kem_decapsulate(k, ct, sk Params); 33 | } 34 | 35 | #else 36 | 37 | #include "r5_cca_kem.h" 38 | 39 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 40 | DeclareParameters; 41 | return r5_cca_kem_keygen(pk, sk Params); 42 | } 43 | 44 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 45 | DeclareParameters; 46 | return r5_cca_kem_encapsulate(ct, k, pk Params); 47 | } 48 | 49 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 50 | DeclareParameters; 51 | return r5_cca_kem_decapsulate(k, ct, sk Params); 52 | } 53 | 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/kem.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CPA KEM functions (NIST api). 8 | */ 9 | 10 | //#ifndef _CPA_KEM_H_ 11 | //#define _CPA_KEM_H_ 12 | 13 | #include "chooseparameters.h" 14 | 15 | /* 16 | * Conditionally provide the KEM NIST API functions. 17 | */ 18 | 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | //#define ROUND5_CCA_PKE 25 | 26 | #ifndef ROUND5_CCA_PKE 27 | 28 | 29 | /** 30 | * Generates a CPA KEM key pair. 31 | * 32 | * @param[out] pk public key 33 | * @param[out] sk secret key 34 | * @return __0__ in case of success 35 | */ 36 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 37 | 38 | /** 39 | * CPA KEM encapsulate. 40 | * 41 | * @param[out] ct key encapsulation message (ciphertext) 42 | * @param[out] k shared secret 43 | * @param[in] pk public key with which the message is encapsulated 44 | * @return __0__ in case of success 45 | */ 46 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 47 | 48 | /** 49 | * CPA KEM de-capsulate. 50 | * 51 | * @param[out] k shared secret 52 | * @param[in] ct key encapsulation message (ciphertext) 53 | * @param[in] sk secret key with which the message is to be de-capsulated 54 | * @return __0__ in case of success 55 | */ 56 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 57 | 58 | #else /*CCA KEM*/ 59 | 60 | 61 | /** 62 | * Generates a CCA KEM key pair. 63 | * 64 | * @param[out] pk public key 65 | * @param[out] sk secret key 66 | * @return __0__ in case of success 67 | */ 68 | inline int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 69 | 70 | /** 71 | * CCA KEM encapsulate. 72 | * 73 | * @param[out] ct key encapsulation message (ciphertext) 74 | * @param[out] k shared secret 75 | * @param[in] pk public key with which the message is encapsulated 76 | * @return __0__ in case of success 77 | */ 78 | inline int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 79 | 80 | /** 81 | * CCA KEM de-capsulate. 82 | * 83 | * @param[out] k shared secret 84 | * @param[in] ct key encapsulation message (ciphertext) 85 | * @param[in] sk secret key with which the message is to be de-capsulated 86 | * @return __0__ in case of success 87 | */ 88 | inline int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 89 | 90 | #endif 91 | 92 | #ifdef __cplusplus 93 | } 94 | #endif 95 | 96 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/kem_cca.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, PQShield and Koninklijke Philips N.V. 3 | * Markku-Juhani O. Saarinen, Koninklijke Philips N.V. 4 | */ 5 | 6 | /** 7 | * @file 8 | * Implementation of the KEM functions (NIST api). 9 | */ 10 | 11 | #include "kem.h" 12 | 13 | #include 14 | 15 | #define ROUND5_CCA_PKE 16 | 17 | #ifndef ROUND5_CCA_PKE 18 | 19 | #include "r5_cpa_kem.h" 20 | 21 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 22 | DeclareParameters; 23 | return r5_cpa_kem_keygen(pk, sk Params); 24 | } 25 | 26 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 27 | DeclareParameters; 28 | return r5_cpa_kem_encapsulate(ct, k, pk Params); 29 | } 30 | 31 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 32 | DeclareParameters; 33 | return r5_cpa_kem_decapsulate(k, ct, sk Params); 34 | } 35 | 36 | #else 37 | 38 | #include "r5_cca_kem.h" 39 | 40 | extern int crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { 41 | DeclareParameters; 42 | return r5_cca_kem_keygen(pk, sk Params); 43 | } 44 | 45 | extern int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk) { 46 | DeclareParameters; 47 | return r5_cca_kem_encapsulate(ct, k, pk Params); 48 | } 49 | 50 | extern int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk) { 51 | DeclareParameters; 52 | return r5_cca_kem_decapsulate(k, ct, sk Params); 53 | } 54 | 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/kem_cca.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the CPA KEM functions (NIST api). 8 | */ 9 | 10 | //#ifndef _CPA_KEM_H_ 11 | //#define _CPA_KEM_H_ 12 | 13 | #include "chooseparameters.h" 14 | 15 | #define ROUND5_CCA_PKE 16 | 17 | /* 18 | * Conditionally provide the KEM NIST API functions. 19 | */ 20 | 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | //#define ROUND5_CCA_PKE 27 | 28 | #ifndef ROUND5_CCA_PKE 29 | 30 | 31 | /** 32 | * Generates a CPA KEM key pair. 33 | * 34 | * @param[out] pk public key 35 | * @param[out] sk secret key 36 | * @return __0__ in case of success 37 | */ 38 | int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 39 | 40 | /** 41 | * CPA KEM encapsulate. 42 | * 43 | * @param[out] ct key encapsulation message (ciphertext) 44 | * @param[out] k shared secret 45 | * @param[in] pk public key with which the message is encapsulated 46 | * @return __0__ in case of success 47 | */ 48 | int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 49 | 50 | /** 51 | * CPA KEM de-capsulate. 52 | * 53 | * @param[out] k shared secret 54 | * @param[in] ct key encapsulation message (ciphertext) 55 | * @param[in] sk secret key with which the message is to be de-capsulated 56 | * @return __0__ in case of success 57 | */ 58 | int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 59 | 60 | #else /*CCA KEM*/ 61 | 62 | 63 | /** 64 | * Generates a CCA KEM key pair. 65 | * 66 | * @param[out] pk public key 67 | * @param[out] sk secret key 68 | * @return __0__ in case of success 69 | */ 70 | inline int crypto_kem_keypair(unsigned char *pk, unsigned char *sk); 71 | 72 | /** 73 | * CCA KEM encapsulate. 74 | * 75 | * @param[out] ct key encapsulation message (ciphertext) 76 | * @param[out] k shared secret 77 | * @param[in] pk public key with which the message is encapsulated 78 | * @return __0__ in case of success 79 | */ 80 | inline int crypto_kem_enc(unsigned char *ct, unsigned char *k, const unsigned char *pk); 81 | 82 | /** 83 | * CCA KEM de-capsulate. 84 | * 85 | * @param[out] k shared secret 86 | * @param[in] ct key encapsulation message (ciphertext) 87 | * @param[in] sk secret key with which the message is to be de-capsulated 88 | * @return __0__ in case of success 89 | */ 90 | inline int crypto_kem_dec(unsigned char *k, const unsigned char *ct, const unsigned char *sk); 91 | 92 | #endif 93 | 94 | #ifdef __cplusplus 95 | } 96 | #endif 97 | 98 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/pke.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #include "pke.h" 12 | #include 13 | 14 | #ifdef ROUND5_CCA_PKE 15 | //#if CRYPTO_CIPHERTEXTBYTES == 0 16 | 17 | #include "r5_cca_pke.h" 18 | 19 | //extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 20 | //extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 21 | //extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 22 | 23 | extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) { 24 | DeclareParameters; 25 | return r5_cca_pke_keygen(pk, sk Params); 26 | } 27 | 28 | extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 29 | DeclareParameters; 30 | return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk Params); 31 | } 32 | 33 | extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, unsigned long long ct_len, const unsigned char *sk) { 34 | DeclareParameters; 35 | return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk Params); 36 | } 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/pke.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #ifndef _CCA_ENCRYPT_H_ 12 | #define _CCA_ENCRYPT_H_ 13 | 14 | #include "chooseparameters.h" 15 | 16 | 17 | /* 18 | * Conditionally provide the PKE NIST API functions. 19 | */ 20 | 21 | #ifdef ROUND5_CCA_PKE 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | 28 | /** 29 | * Generates an ENCRYPT key pair. 30 | * 31 | * @param[out] pk public key 32 | * @param[out] sk secret key 33 | * @return __0__ in case of success 34 | */ 35 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) { 36 | return r5_cca_pke_keygen(pk, sk); 37 | } 38 | 39 | /** 40 | * Encrypts a message. 41 | * 42 | * @param[out] ct the encrypted message 43 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 44 | * @param[in] m the message to encrypt 45 | * @param[in] m_len the length of the message to encrypt 46 | * @param[in] pk the public key to use for the encryption 47 | * @return __0__ in case of success 48 | */ 49 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 50 | return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk); 51 | } 52 | 53 | /** 54 | * Decrypts a message. 55 | * 56 | * @param[out] m the decrypted message 57 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 58 | * @param[in] ct the message to decrypt 59 | * @param[in] ct_len the length of the message to decrypt 60 | * @param[in] sk the secret key to use for the decryption 61 | * @return __0__ in case of success 62 | */ 63 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk) { 64 | return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk); 65 | } 66 | 67 | #endif 68 | 69 | #ifdef __cplusplus 70 | } 71 | #endif 72 | 73 | #endif /* _CCA_ENCRYPT_H_ */ 74 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/pke_cca.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Implementation of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #include "pke.h" 12 | #include 13 | 14 | #define ROUND5_CCA_PKE 15 | 16 | #ifdef ROUND5_CCA_PKE 17 | //#if CRYPTO_CIPHERTEXTBYTES == 0 18 | 19 | #include "r5_cca_pke.h" 20 | 21 | //extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 22 | //extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 23 | //extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 24 | 25 | extern int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) { 26 | DeclareParameters; 27 | return r5_cca_pke_keygen(pk, sk Params); 28 | } 29 | 30 | extern int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk) { 31 | DeclareParameters; 32 | return r5_cca_pke_encrypt(ct, ct_len, m, m_len, pk Params); 33 | } 34 | 35 | extern int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, unsigned long long ct_len, const unsigned char *sk) { 36 | DeclareParameters; 37 | return r5_cca_pke_decrypt(m, m_len, ct, ct_len, sk Params); 38 | } 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /scripts_kats/.apifilesrefcon/pke_cca.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018, Koninklijke Philips N.V. 3 | */ 4 | 5 | /** 6 | * @file 7 | * Declaration of the encrypt and decrypt functions based on the CCA KEM 8 | * algorithm (NIST api). 9 | */ 10 | 11 | #ifndef _CCA_ENCRYPT_H_ 12 | #define _CCA_ENCRYPT_H_ 13 | 14 | #include "chooseparameters.h" 15 | 16 | 17 | /* 18 | * Conditionally provide the PKE NIST API functions. 19 | */ 20 | 21 | #define ROUND5_CCA_PKE 22 | 23 | #ifdef ROUND5_CCA_PKE 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | 30 | /** 31 | * Generates an ENCRYPT key pair. 32 | * 33 | * @param[out] pk public key 34 | * @param[out] sk secret key 35 | * @return __0__ in case of success 36 | */ 37 | int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk); 38 | 39 | /** 40 | * Encrypts a message. 41 | * 42 | * @param[out] ct the encrypted message 43 | * @param[out] ct_len the length of the encrypted message (`CRYPTO_CIPHERTEXTBYTES` + `m_len`) 44 | * @param[in] m the message to encrypt 45 | * @param[in] m_len the length of the message to encrypt 46 | * @param[in] pk the public key to use for the encryption 47 | * @return __0__ in case of success 48 | */ 49 | int crypto_encrypt(unsigned char *ct, unsigned long long *ct_len, const unsigned char *m, const unsigned long long m_len, const unsigned char *pk); 50 | 51 | /** 52 | * Decrypts a message. 53 | * 54 | * @param[out] m the decrypted message 55 | * @param[out] m_len the length of the decrypted message (`ct_len` - `CRYPTO_CIPHERTEXTBYTES`) 56 | * @param[in] ct the message to decrypt 57 | * @param[in] ct_len the length of the message to decrypt 58 | * @param[in] sk the secret key to use for the decryption 59 | * @return __0__ in case of success 60 | */ 61 | int crypto_encrypt_open(unsigned char *m, unsigned long long *m_len, const unsigned char *ct, const unsigned long long ct_len, const unsigned char *sk); 62 | 63 | #endif 64 | 65 | #ifdef __cplusplus 66 | } 67 | #endif 68 | 69 | #endif /* _CCA_ENCRYPT_H_ */ 70 | -------------------------------------------------------------------------------- /scripts_kats/README.md: -------------------------------------------------------------------------------- 1 | This folder contains several scripts to create and verify the outputs of the different implementations: 2 | 3 | * File `create_simple_kats.sh` creates simple checks for all configurations. 4 | * File `create_kats.sh` creates NIST KATs for all configurations. 5 | * File `check_kat_simple.sh` checks the simple kats. 6 | * File `check_kats.sh` checks NIST KATs. 7 | 8 | Furthermore: 9 | 10 | * Folder `.KATSHASUM` contains the fingerprints of the KATs. Rerunning the `create...` scripts overwrites the data. 11 | * Folder `.apifilesrefcon` contains api files required for the `reference` and `configurable` implementations. 12 | -------------------------------------------------------------------------------- /scripts_kats/create_kats.sh: -------------------------------------------------------------------------------- 1 | 2 | CPASCHEMES="R5ND_1CPA_0d R5ND_3CPA_0d R5ND_5CPA_0d R5ND_1CPA_5d R5ND_3CPA_5d R5ND_5CPA_5d R5N1_1CPA_0d R5N1_3CPA_0d R5N1_5CPA_0d R5ND_0CPA_2iot R5ND_1CPA_4longkey" 3 | CCASCHEMES="R5ND_1CCA_0d R5ND_3CCA_0d R5ND_5CCA_0d R5ND_1CCA_5d R5ND_3CCA_5d R5ND_5CCA_5d R5N1_1CCA_0d R5N1_3CCA_0d R5N1_5CCA_0d R5N1_3CCA_0smallCT" 4 | SCHEMES="$CPASCHEMES $CCASCHEMES" 5 | 6 | 7 | KATDIRKEM=.KATSHASUM/NIST/KEM 8 | KATDIRPKE=.KATSHASUM/NIST/PKE 9 | 10 | mkdir .KATSHASUM/NIST 11 | mkdir $KATDIRKEM 12 | mkdir $KATDIRPKE 13 | 14 | 15 | # move to parent dir 16 | currentdir=$(pwd) 17 | parentdir="$(dirname "$(pwd)")" 18 | cd $parentdir 19 | 20 | for scheme in $SCHEMES 21 | do 22 | make clean 23 | make NIST_KAT_GENERATION=1 ALG=$scheme 24 | ./optimized/build/PQCgenKAT_kem 25 | sleep 2 26 | shasum PQCkemKAT_*.rsp > shasum_$scheme.sha 27 | mv shasum_$scheme.sha $currentdir/$KATDIRKEM/shasum_$scheme.sha 28 | mkdir $currentdir/$KATDIRKEM/$scheme 29 | mv PQCkemKAT_* $currentdir/$KATDIRKEM/$scheme/ 30 | done 31 | 32 | for scheme in $CCASCHEMES 33 | do 34 | make clean 35 | make NIST_KAT_GENERATION=1 ALG=$scheme 36 | ./optimized/build/PQCgenKAT_encrypt 37 | shasum PQCencryptKAT_*.rsp > shasum_$scheme.sha 38 | mv shasum_$scheme.sha $currentdir/$KATDIRPKE/shasum_$scheme.sha 39 | mkdir $currentdir/$KATDIRPKE/$scheme 40 | mv PQCencryptKAT_* $currentdir/$KATDIRPKE/$scheme/ 41 | done 42 | -------------------------------------------------------------------------------- /scripts_kats/create_simple_kats.sh: -------------------------------------------------------------------------------- 1 | 2 | 3 | #SCHEMES="R5ND_1CCA_0d R5ND_1CCA_5d" 4 | CPASCHEMES="R5ND_1CPA_0d R5ND_3CPA_0d R5ND_5CPA_0d R5ND_1CPA_5d R5ND_3CPA_5d R5ND_5CPA_5d R5N1_1CPA_0d R5N1_3CPA_0d R5N1_5CPA_0d R5ND_0CPA_2iot R5ND_1CPA_4longkey" 5 | CCASCHEMES="R5ND_1CCA_0d R5ND_3CCA_0d R5ND_5CCA_0d R5ND_1CCA_5d R5ND_3CCA_5d R5ND_5CCA_5d R5N1_1CCA_0d R5N1_3CCA_0d R5N1_5CCA_0d R5N1_3CCA_0smallCT" 6 | SCHEMES="$CPASCHEMES $CCASCHEMES" 7 | 8 | TAUS="0 1 2" 9 | 10 | KATDIR=.KATSHASUM 11 | 12 | # move to parent dir 13 | currentdir=$(pwd) 14 | parentdir="$(dirname "$(pwd)")" 15 | cd $parentdir 16 | 17 | make clean 18 | make NIST_KAT_GENERATION=1 19 | for scheme in $SCHEMES 20 | do 21 | for tauconf in $TAUS 22 | do 23 | ./reference/build/sample_kem -a $scheme -t $tauconf | tail -n 2 | shasum > shasum_$scheme$tauconf.sha 24 | mv shasum_$scheme$tauconf.sha $currentdir/$KATDIR/shasum_$scheme$tauconf.sha 25 | done 26 | done 27 | 28 | 29 | -------------------------------------------------------------------------------- /scripts_timing/README.md: -------------------------------------------------------------------------------- 1 | To obtain timing results do the following: 2 | 3 | 1. Run `./timing.sh`. This will run the optimized code through all configurations and place the results in the file `timing_results.txt`. 4 | 2. Run `python timing_table.py` to obtain the table containing performance results as included in the Round5 specification. 5 | 6 | Note that it is possible to obtain timing results of a specific Round5 configurations by running `make` with the compiler flag `TIMING=1`. 7 | --------------------------------------------------------------------------------