Merge pull request #104 from JoaoDiogoDuarte/main

Implemented X-Wing (ref and avx2) in libjade
formosa-crypto · Apr 16, 2024 · d144719 · d144719
2 parents bc15608 e636ec9
commit d144719
Show file tree

Hide file tree

Showing 19 changed files with 849 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -1,3 1,4 @@
 .ci
 *.tar.gz
 libjade-*
 .vscode
diff --git a/proof/crypto_kem/xwing/amd64/.gitkeep b/proof/crypto_kem/xwing/amd64/.gitkeep
diff --git a/src/common/keccak/common/fips202_DIRTY.jinc b/src/common/keccak/common/fips202_DIRTY.jinc
@@ -84,6 84,63 @@ fn _sha3_256_32(reg ptr u8[32] out, reg ptr u8[KYBER_SYMBYTES] in) -> reg ptr u8
  return out;
 }
 
 #[returnaddress="stack"]
 fn _sha3_256_134(reg ptr u8[32] out, reg ptr u8[134] in) -> reg ptr u8[32]
 {
  reg u256[7] state;
  stack u64[28] s_state;
  stack u64[25] a_jagged_p;
  reg u64 t l;
  reg u8 c;
  inline int i;
 
  a_jagged_p = KECCAK_A_JAGGED;
  s_state = __init_s_state_avx2();
 
  state[0] = #VPBROADCAST_4u64(in[u64 0]);
 
  for i=1 to 16
  {
  t = in[u64 i];
  l = a_jagged_p[i];
  s_state[(int) l] = t;
  }
 
  c = in[u8 128];
  l = a_jagged_p[(int) 16];
  l <<= 3;
  s_state[u8 (int)l] = c;
 
  for i = 129 to 134{
  c = in[i];
  l = 1;
  s_state[u8 (int)l] = c;
  }
 
  l = 1;
  s_state[u8 (int)l] = 0x06;
 
  l = a_jagged_p[(SHA3_256_RATE-1)/8];
  l <<= 3;
  t = SHA3_256_RATE - 1; t &= 0x7;
  l = t;
  s_state[u8 (int)l] ^= 0x80;
 
  for i=1 to 7 { state[i] = s_state[u256 i]; }
 
  state = __keccakf1600_avx2(state);
 
  for i=0 to 7 { s_state[u256 i] = state[i]; }
 
  for i=0 to 4
  {
  l = a_jagged_p[i];
  t = s_state[(int)l];
  out[u64 i] = t;
  }
 
  return out;
 }
 
 #[returnaddress="stack"]
 fn _shake256_64(reg u64 out outlen, reg const ptr u8[64] in)

diff --git a/src/common/keccak/common/fips202_ref_DIRTY.jinc b/src/common/keccak/common/fips202_ref_DIRTY.jinc
@@ -235,6 235,40 @@ fn _sha3_256_32(reg ptr u8[32] out, reg ptr u8[KYBER_SYMBYTES] in) -> reg ptr u8
  return out;
 }
 
 
 #[returnaddress="stack"]
 fn _sha3_256_134(reg ptr u8[32] out, reg ptr u8[134] in) -> reg ptr u8[32]
 {
  stack u64[25] state;
  stack ptr u8[32] s_out;
  reg u64 t64;
  inline int i;
 
  s_out = out;
 
  state = __keccak_init_ref1(state);
 
  for i=0 to 134
  {
  state[u8 i] = in[i];
  }
 
  state[u8 134] ^= 0x06;
  state[u8 SHA3_256_RATE - 1] = 0x80;
 
  state = __keccakf1600_ref1(state);
 
  out = s_out;
 
  for i=0 to 4
  {
  t64 = state[i];
  out[u64 i] = t64;
  }
 
  return out;
 }
 
 #[returnaddress="stack"]
 fn _sha3_512_64(reg ptr u8[64] out, reg const ptr u8[64] in) -> stack u8[64]
 {

diff --git a/src/common/tofromstack.jinc b/src/common/tofromstack.jinc
@@ -13,6 13,21 @@ fn __tostack64u8(reg ptr u8[64] out, reg u64 inp) -> reg ptr u8[64]
  return out;
 }
 
 inline 
 fn __tostack96u8(reg ptr u8[96] out, reg u64 inp) -> reg ptr u8[96] 
 {
  reg u8 t;
  inline int i;
 
  for i=0 to 96 
  {
  t = (u8)[inp i];
  out[i] = t;
  }
  return out;
 }
 
 
 inline 
 fn __tostack32u8(reg ptr u8[32] out, reg u64 inp) -> reg ptr u8[32] 
 {
@@ -40,3 55,29 @@ fn __fromstack32u8(reg u64 outp, reg ptr u8[32] in)
  (u8)[outp i] = t;
  }
 }
 
 inline 
 fn __fromstack134u8(reg u64 outp, reg ptr u8[134] in)
 {
  reg u8 t;
  inline int i;
 
  for i=0 to 134
  {
  t = in[i];
  (u8)[outp i] = t;
  }
 }
 
 inline 
 fn __fromstack64u8(reg u64 outp, reg ptr u8[64] in)
 {
  reg u8 t;
  inline int i;
 
  for i=0 to 64
  {
  t = in[i];
  (u8)[outp i] = t;
  }
 }
diff --git a/src/crypto_kem/xwing/META.yml b/src/crypto_kem/xwing/META.yml
@@ -0,0 1,26 @@
 name: X-Wing
 type: kem
 checksumsmall: 844bca7a113f642135f10d7ab047f8fbc137a6d0c7bbe64dbde0b48c46681872
 checksumbig: 05451934bd516a3b885896e7e448d9739ed1ccc67339f438db230bd479f026bb
 claimed-nist-level: 3
 claimed-security: IND-CCA2
 length-public-key: 1216
 length-ciphertext: 1120
 length-secret-key: 2464
 length-shared-secret: 32
 principal-submitters:
  - TODO
 auxiliary-submitters:
  - TODO
 implementations:
  - name: amd64/ref
  version: TODO
  supported_platforms:
  - architecture: x86_64
  operating_systems:
  - Linux
  - Darwin
  required_flags: # FIXME
  - avx2
  - bmi2
  - popcnt
diff --git a/src/crypto_kem/xwing/amd64/avx2/Makefile b/src/crypto_kem/xwing/amd64/avx2/Makefile
@@ -0,0 1,3 @@
 SAFETY_FLAGS := -nocheckalignment
 SRCS := kem.jazz
 include ../../../../Makefile.common
diff --git a/src/crypto_kem/xwing/amd64/avx2/include/api.h b/src/crypto_kem/xwing/amd64/avx2/include/api.h
@@ -0,0 1,47 @@
 #ifndef JADE_KEM_xwing_amd64_avx2_API_H
 #define JADE_KEM_xwing_amd64_avx2_API_H
 
 #include <stdint.h>
 
 #define JADE_KEM_xwing_amd64_avx2_PUBLICKEYBYTES 1216
 #define JADE_KEM_xwing_amd64_avx2_SECRETKEYBYTES 2464
 #define JADE_KEM_xwing_amd64_avx2_CIPHERTEXTBYTES 1120
 #define JADE_KEM_xwing_amd64_avx2_KEYPAIRCOINBYTES 96
 #define JADE_KEM_xwing_amd64_avx2_ENCCOINBYTES 64
 #define JADE_KEM_xwing_amd64_avx2_BYTES 32
 
 #define JADE_KEM_xwing_amd64_avx2_ALGNAME "X-Wing"
 #define JADE_KEM_xwing_amd64_avx2_ARCH "amd64"
 #define JADE_KEM_xwing_amd64_avx2_IMPL "ref"
 
 int jade_kem_xwing_amd64_avx2_keypair_derand(
  uint8_t *public_key,
  uint8_t *secret_key,
  const uint8_t *coins
 );
 
 int jade_kem_xwing_amd64_avx2_keypair(
  uint8_t *public_key,
  uint8_t *secret_key
 );
 
 int jade_kem_xwing_amd64_avx2_enc_derand(
  uint8_t *ciphertext,
  uint8_t *shared_secret,
  const uint8_t *public_key,
  const uint8_t *coins
 );
 
 int jade_kem_xwing_amd64_avx2_enc(
  uint8_t *ciphertext,
  uint8_t *shared_secret,
  const uint8_t *public_key
 );
 
 int jade_kem_xwing_amd64_avx2_dec(
  uint8_t *shared_secret,
  const uint8_t *ciphertext,
  const uint8_t *secret_key
 );
 
 #endif
diff --git a/src/crypto_kem/xwing/amd64/avx2/kem.jazz b/src/crypto_kem/xwing/amd64/avx2/kem.jazz
@@ -0,0 1,70 @@
 require "params.jinc"
 require "kem.jinc"
 from Jade require "common/tofromstack.jinc"
 
 export fn jade_kem_xwing_amd64_avx2_keypair_derand(reg u64 public_key secret_key coins) -> reg u64
 {
  reg u64 r;
  stack u8[96] stack_coins;
 
  public_key = public_key;
  secret_key = secret_key;
 
  stack_coins = __tostack96u8(stack_coins, coins);
 
  _crypto_xkem_keypair_derand_jazz(public_key, secret_key, stack_coins);
 
  ?{}, r = #set0();
  return r;
 }
 
 
 export fn jade_kem_xwing_amd64_avx2_keypair(reg u64 public_key secret_key) -> reg u64
 {
  reg u64 r;
  stack u8[96] stack_coins;
 
  public_key = public_key;
  secret_key = secret_key;
  stack_coins = #randombytes(stack_coins);
  _crypto_xkem_keypair_derand_jazz(public_key, secret_key, stack_coins);
  ?{}, r = #set0();
  return r;
 }
 
 export fn jade_kem_xwing_amd64_avx2_enc_derand(reg u64 ciphertext shared_secret public_key coins) -> reg u64
 {
  reg u64 r;
  stack u8[64] stack_coins;
 
  ciphertext = ciphertext;
  shared_secret = shared_secret;
  public_key = public_key;
  stack_coins = __tostack64u8(stack_coins, coins);
  _crypto_xkem_enc_derand_jazz(ciphertext, shared_secret, public_key, stack_coins);
  ?{}, r = #set0();
  return r;
 }
 
 export fn jade_kem_xwing_amd64_avx2_enc(reg u64 ciphertext shared_secret public_key) -> reg u64
 {
  reg u64 r;
  stack u8[64] stack_coins;
 
  ciphertext = ciphertext;
  shared_secret = shared_secret;
  public_key = public_key;
  stack_coins = #randombytes(stack_coins);
  _crypto_xkem_enc_derand_jazz(ciphertext, shared_secret, public_key, stack_coins);
  ?{}, r = #set0();
  return r;
 }
 
 export fn jade_kem_xwing_amd64_avx2_dec(reg u64 shared_secret ciphertext secret_key) -> reg u64
 {
  reg u64 r;
  __crypto_xkem_dec_jazz(shared_secret, ciphertext, secret_key);
  ?{}, r = #set0();
  return r;
 }