Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xwing #116

Merged
merged 39 commits into from
Apr 17, 2024
Merged

xwing #116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
a1a6175
Basic file layout for xwing
JoaoDiogoDuarte Jan 17, 2024
b75edac
More boilerplate (may be incorrect at this stage)
JoaoDiogoDuarte Jan 17, 2024
b5f8f07
More boilerplate
JoaoDiogoDuarte Jan 17, 2024
cdfb876
Even more boilerplate and params
JoaoDiogoDuarte Jan 17, 2024
4b1629a
Added fromstack64u8
JoaoDiogoDuarte Jan 17, 2024
40090b9
Beginnings of xwing keygen
JoaoDiogoDuarte Jan 17, 2024
e142b0c
Merge branch 'formosa-crypto:main' into main
JoaoDiogoDuarte Jan 24, 2024
f03dc79
keygen and enc work without label
JoaoDiogoDuarte Feb 1, 2024
79593bc
Seems to work with label
JoaoDiogoDuarte Feb 1, 2024
2e5770f
XWing works (untested, but compiles)
JoaoDiogoDuarte Feb 1, 2024
7c2e6aa
X-Wing implemented but either enc or dec does not work properly
JoaoDiogoDuarte Feb 1, 2024
7b108a8
Buggy but almost done version of xwing
JoaoDiogoDuarte Feb 4, 2024
b142c88
Why does this not work I am crying pls
JoaoDiogoDuarte Feb 7, 2024
f475346
fix
ruipedro16 Feb 9, 2024
9dd7105
enc compiling (not tested)
JoaoDiogoDuarte Feb 11, 2024
e374602
Rewriten enc to use spills and unspills
JoaoDiogoDuarte Feb 11, 2024
d5307ad
dec compiles (untested)
JoaoDiogoDuarte Feb 11, 2024
dea5e0c
Rewrote dec with spills
JoaoDiogoDuarte Feb 11, 2024
d8cd375
readded return address
JoaoDiogoDuarte Feb 11, 2024
5e88eb3
Removed commented code from functest
JoaoDiogoDuarte Feb 11, 2024
17be507
Added gitkeep to xwing proof folder
JoaoDiogoDuarte Feb 11, 2024
fdaf05d
Added .vscode to gitignore and removed .vscode from cache
JoaoDiogoDuarte Feb 11, 2024
c8c59f5
Renamed variables to be in line with rest of libjade
JoaoDiogoDuarte Feb 11, 2024
4a0e8de
Removed useless spill
JoaoDiogoDuarte Feb 12, 2024
a5c25af
SHA3-256_134 implemented
JoaoDiogoDuarte Feb 12, 2024
56cf808
Forgot to load result of sha to shared key
JoaoDiogoDuarte Feb 13, 2024
8bd006a
AVX2 with faulty sha avx2 function
JoaoDiogoDuarte Feb 13, 2024
57b8754
removed unused r variable
JoaoDiogoDuarte Feb 20, 2024
6333226
Removed another unused var
JoaoDiogoDuarte Feb 20, 2024
202f10a
Potentially fixed memory issue
JoaoDiogoDuarte Feb 20, 2024
242496f
Added checksums, fixed bad param and cleaned up code
JoaoDiogoDuarte Feb 20, 2024
b87f78e
SHA3 accepting blocks of reg ptr of size 34 implemented
JoaoDiogoDuarte Feb 20, 2024
131c586
update the jasmin compiler from gitlab
tfaoliveira Feb 21, 2024
c9fc954
Merge branch 'formosa-crypto:main' into main
JoaoDiogoDuarte Feb 23, 2024
e636ec9
libjade
JoaoDiogoDuarte Feb 28, 2024
d144719
Merge pull request #104 from JoaoDiogoDuarte/main
tfaoliveira Apr 16, 2024
3a10ee9
Merge branch 'main' into feature/xwing
tfaoliveira-sb Apr 16, 2024
7540ffa
xwing integration: add new functions to x25519 to facilitate xwing in…
tfaoliveira-sb Apr 16, 2024
600212c
xwing: review + sct.
tfaoliveira-sb Apr 16, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.ci
*.tar.gz
libjade-*
.vscode
Empty file.
57 changes: 57 additions & 0 deletions src/common/keccak/common/fips202_DIRTY.jinc
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,63 @@ fn _sha3_256_32(reg ptr u8[32] out, reg ptr u8[KYBER_SYMBYTES] in) -> reg ptr u8
return out;
}

#[returnaddress="stack"]
fn _sha3_256_134(reg ptr u8[32] out, reg ptr u8[134] in) -> reg ptr u8[32]
{
reg u256[7] state;
stack u64[28] s_state;
stack u64[25] a_jagged_p;
reg u64 t l;
reg u8 c;
inline int i;

a_jagged_p = KECCAK_A_JAGGED;
s_state = __init_s_state_avx2();

state[0] = #VPBROADCAST_4u64(in[u64 0]);

for i=1 to 16
{
t = in[u64 i];
l = a_jagged_p[i];
s_state[(int) l] = t;
}

c = in[u8 128];
l = a_jagged_p[(int) 16];
l <<= 3;
s_state[u8 (int)l] = c;

for i = 129 to 134{
c = in[i];
l += 1;
s_state[u8 (int)l] = c;
}

l += 1;
s_state[u8 (int)l] = 0x06;

l = a_jagged_p[(SHA3_256_RATE-1)/8];
l <<= 3;
t = SHA3_256_RATE - 1; t &= 0x7;
l += t;
s_state[u8 (int)l] ^= 0x80;

for i=1 to 7 { state[i] = s_state[u256 i]; }

state = __keccakf1600_avx2(state);

for i=0 to 7 { s_state[u256 i] = state[i]; }

for i=0 to 4
{
l = a_jagged_p[i];
t = s_state[(int)l];
out[u64 i] = t;
}

return out;
}

#[returnaddress="stack"]
fn _shake256_64(reg u64 out outlen, reg const ptr u8[64] in)
Expand Down
34 changes: 34 additions & 0 deletions src/common/keccak/common/fips202_ref_DIRTY.jinc
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,40 @@ fn _sha3_256_32(reg ptr u8[32] out, reg ptr u8[KYBER_SYMBYTES] in) -> reg ptr u8
return out;
}


#[returnaddress="stack"]
fn _sha3_256_134(reg ptr u8[32] out, reg ptr u8[134] in) -> reg ptr u8[32]
{
stack u64[25] state;
stack ptr u8[32] s_out;
reg u64 t64;
inline int i;

s_out = out;

state = __keccak_init_ref1(state);

for i=0 to 134
{
state[u8 i] = in[i];
}

state[u8 134] ^= 0x06;
state[u8 SHA3_256_RATE - 1] = 0x80;

state = __keccakf1600_ref1(state);

out = s_out;

for i=0 to 4
{
t64 = state[i];
out[u64 i] = t64;
}

return out;
}

#[returnaddress="stack"]
fn _sha3_512_64(reg ptr u8[64] out, reg const ptr u8[64] in) -> stack u8[64]
{
Expand Down
41 changes: 41 additions & 0 deletions src/common/tofromstack.jinc
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,21 @@ fn __tostack64u8(reg ptr u8[64] out, reg u64 inp) -> reg ptr u8[64]
return out;
}

inline
fn __tostack96u8(reg ptr u8[96] out, reg u64 inp) -> reg ptr u8[96]
{
reg u8 t;
inline int i;

for i=0 to 96
{
t = (u8)[inp + i];
out[i] = t;
}
return out;
}


inline
fn __tostack32u8(reg ptr u8[32] out, reg u64 inp) -> reg ptr u8[32]
{
Expand Down Expand Up @@ -40,3 +55,29 @@ fn __fromstack32u8(reg u64 outp, reg ptr u8[32] in)
(u8)[outp + i] = t;
}
}

inline
fn __fromstack134u8(reg u64 outp, reg ptr u8[134] in)
{
reg u8 t;
inline int i;

for i=0 to 134
{
t = in[i];
(u8)[outp + i] = t;
}
}

inline
fn __fromstack64u8(reg u64 outp, reg ptr u8[64] in)
{
reg u8 t;
inline int i;

for i=0 to 64
{
t = in[i];
(u8)[outp + i] = t;
}
}
7 changes: 7 additions & 0 deletions src/crypto_kem/mlkem/mlkem768/amd64/ref/params.jinc
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,10 @@ param int MLKEM_CT_LEN = MLKEM_POLYVECCOMPRESSEDBYTES + MLKEM_POLYCOMPRESSEDBYTE
param int MLKEM_INDCPA_PUBLICKEYBYTES = MLKEM_POLYVECBYTES + MLKEM_SYMBYTES;
param int MLKEM_PUBLICKEYBYTES = MLKEM_INDCPA_PUBLICKEYBYTES;
param int MLKEM_SSBYTES = 32;

// the following is a patch to handle inconsistencies between ref/params.jinc and avx2/params.jinc (motivated by xwing);
// this needs to be fixed upstream, in formosa-mlkem
param int MLKEM_INDCPA_CIPHERTEXTBYTES = MLKEM_POLYVECCOMPRESSEDBYTES + MLKEM_POLYCOMPRESSEDBYTES;
param int MLKEM_INDCPA_SECRETKEYBYTES = MLKEM_POLYVECBYTES;
param int MLKEM_SECRETKEYBYTES = MLKEM_INDCPA_SECRETKEYBYTES + MLKEM_INDCPA_PUBLICKEYBYTES + 2*MLKEM_SYMBYTES;
param int MLKEM_CIPHERTEXTBYTES = MLKEM_INDCPA_CIPHERTEXTBYTES;
26 changes: 26 additions & 0 deletions src/crypto_kem/xwing/META.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: X-Wing
type: kem
checksumsmall: d80f0bfdf6d38a189cfffe48c048973521c02456bde1934475c38e0819c4afae
checksumbig: 607234d1da70d4441c64c8bb3deff3f22728a38942500457c92dbcdaf393d0c0
claimed-nist-level: 3
claimed-security: IND-CCA2
length-public-key: 1216
length-ciphertext: 1120
length-secret-key: 2464
length-shared-secret: 32
principal-submitters:
- TODO
auxiliary-submitters:
- TODO
implementations:
- name: amd64/ref
version: TODO
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
required_flags: # FIXME
- avx2
- bmi2
- popcnt
3 changes: 3 additions & 0 deletions src/crypto_kem/xwing/amd64/avx2/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
SAFETY_FLAGS := -nocheckalignment
SRCS := kem.jazz
include ../../../../Makefile.common
47 changes: 47 additions & 0 deletions src/crypto_kem/xwing/amd64/avx2/include/api.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#ifndef JADE_KEM_xwing_amd64_avx2_API_H
#define JADE_KEM_xwing_amd64_avx2_API_H

#include <stdint.h>

#define JADE_KEM_xwing_amd64_avx2_PUBLICKEYBYTES 1216
#define JADE_KEM_xwing_amd64_avx2_SECRETKEYBYTES 2464
#define JADE_KEM_xwing_amd64_avx2_CIPHERTEXTBYTES 1120
#define JADE_KEM_xwing_amd64_avx2_KEYPAIRCOINBYTES 96
#define JADE_KEM_xwing_amd64_avx2_ENCCOINBYTES 64
#define JADE_KEM_xwing_amd64_avx2_BYTES 32

#define JADE_KEM_xwing_amd64_avx2_ALGNAME "X-Wing"
#define JADE_KEM_xwing_amd64_avx2_ARCH "amd64"
#define JADE_KEM_xwing_amd64_avx2_IMPL "ref"

int jade_kem_xwing_amd64_avx2_keypair_derand(
uint8_t *public_key,
uint8_t *secret_key,
const uint8_t *coins
);

int jade_kem_xwing_amd64_avx2_keypair(
uint8_t *public_key,
uint8_t *secret_key
);

int jade_kem_xwing_amd64_avx2_enc_derand(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key,
const uint8_t *coins
);

int jade_kem_xwing_amd64_avx2_enc(
uint8_t *ciphertext,
uint8_t *shared_secret,
const uint8_t *public_key
);

int jade_kem_xwing_amd64_avx2_dec(
uint8_t *shared_secret,
const uint8_t *ciphertext,
const uint8_t *secret_key
);

#endif
92 changes: 92 additions & 0 deletions src/crypto_kem/xwing/amd64/avx2/kem.jazz
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
from Jade require "common/tofromstack.jinc"

from Jade require "crypto_kem/mlkem/mlkem768/amd64/avx2/kem.jinc"
from Jade require "crypto_kem/xwing/amd64/ref/kem.jinc"
from Jade require "crypto_kem/xwing/amd64/ref/params.jinc"

export fn jade_kem_xwing_amd64_avx2_keypair_derand(reg u64 public_key secret_key coins) -> reg u64
{
reg u64 r;
stack u8[XWING_KEYPAIRCOINBYTES] stack_coins;

_ = #init_msf();

public_key = public_key;
secret_key = secret_key;
stack_coins = __tostack96u8(stack_coins, coins);

_crypto_xkem_keypair_derand_jazz(public_key, secret_key, stack_coins);

?{}, r = #set0();
return r;
}

export fn jade_kem_xwing_amd64_avx2_keypair(reg u64 public_key secret_key) -> reg u64
{
reg u64 r;
stack u8[XWING_KEYPAIRCOINBYTES] stack_coins;

_ = #init_msf();

public_key = public_key;
secret_key = secret_key;
stack_coins = #randombytes(stack_coins);

_crypto_xkem_keypair_derand_jazz(public_key, secret_key, stack_coins);

?{}, r = #set0();
return r;
}

export fn jade_kem_xwing_amd64_avx2_enc_derand(reg u64 ciphertext shared_secret public_key coins) -> reg u64
{
reg u64 r;
stack u8[XWING_ENCCOINBYTES] stack_coins;

_ = #init_msf();

ciphertext = ciphertext;
shared_secret = shared_secret;
public_key = public_key;
stack_coins = __tostack64u8(stack_coins, coins);

_crypto_xkem_enc_derand_jazz(ciphertext, shared_secret, public_key, stack_coins);

?{}, r = #set0();
return r;
}

export fn jade_kem_xwing_amd64_avx2_enc(reg u64 ciphertext shared_secret public_key) -> reg u64
{
reg u64 r;
stack u8[XWING_ENCCOINBYTES] stack_coins;

_ = #init_msf();

ciphertext = ciphertext;
shared_secret = shared_secret;
public_key = public_key;
stack_coins = #randombytes(stack_coins);

_crypto_xkem_enc_derand_jazz(ciphertext, shared_secret, public_key, stack_coins);

?{}, r = #set0();
return r;
}

export fn jade_kem_xwing_amd64_avx2_dec(reg u64 shared_secret ciphertext secret_key) -> reg u64
{
reg u64 r;

_ = #init_msf();

shared_secret = shared_secret;
ciphertext = ciphertext;
secret_key = secret_key;

_crypto_xkem_dec_jazz(shared_secret, ciphertext, secret_key);

?{}, r = #set0();
return r;
}

3 changes: 3 additions & 0 deletions src/crypto_kem/xwing/amd64/ref/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
SAFETY_FLAGS := -nocheckalignment
SRCS := kem.jazz
include ../../../../Makefile.common
Loading